do too many things lmao

This commit is contained in:
Jade 2023-07-30 16:24:46 +02:00
parent c3695556c2
commit 3b666eee63
15 changed files with 555 additions and 87 deletions

View file

@ -7,11 +7,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1682181677,
"narHash": "sha256-El8WQ2ccxWwkSrjuwKNR0gD/O7vS/KLBY4Q2/nF8m1c=",
"lastModified": 1689948211,
"narHash": "sha256-XVDDrerEzYucD6cL7nNW7dNfGhDnhfpB+rbuDvlaWrc=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "6a1f03329c400327b3b2e0ed5e1efff11037ba67",
"rev": "9ba47f9fbb8650158d9983e19b53206586be4382",
"type": "github"
},
"original": {
@ -36,7 +36,93 @@
"type": "gitlab"
}
},
"conduit": {
"inputs": {
"crane": "crane",
"fenix": "fenix",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1690660551,
"narHash": "sha256-4F5dkDy52pLeP8Pnxz/rFzFx6ckL7bZkY0VazaEcr7U=",
"owner": "famedly",
"repo": "conduit",
"rev": "afd8112e25a86918c7f9ac657523698b2e0315f4",
"type": "gitlab"
},
"original": {
"owner": "famedly",
"repo": "conduit",
"type": "gitlab"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"conduit",
"flake-utils"
],
"nixpkgs": [
"conduit",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1688772518,
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"conduit",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1689488573,
"narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=",
"owner": "nix-community",
"repo": "fenix",
"rev": "39096fe3f379036ff4a5fa198950b8e79defe939",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -52,7 +138,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -90,6 +176,24 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -138,10 +242,10 @@
},
"mms": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nix": "nix",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1669478601,
@ -160,7 +264,7 @@
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -241,11 +345,11 @@
},
"nixpkgsOld": {
"locked": {
"lastModified": 1687666471,
"narHash": "sha256-88VoE8jLzjRhH38mUUrom+zJ7GVMjuW4M321Iri5C/w=",
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6610eb320efb234025e477e51ae7625ccd65a2e8",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
@ -257,11 +361,11 @@
},
"nixpkgsUnstable": {
"locked": {
"lastModified": 1687898314,
"narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=",
"lastModified": 1690031011,
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e18dc963075ed115afb3e312b64643bf8fd4b474",
"rev": "12303c652b881435065a98729eb7278313041e49",
"type": "github"
},
"original": {
@ -272,6 +376,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1689444953,
"narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8acef304efe70152463a6399f73e636bcc363813",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -287,7 +407,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1669378442,
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
@ -303,13 +423,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1687829761,
"narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=",
"lastModified": 1690148897,
"narHash": "sha256-l/j/AX1d2K79EWslwgWR2+htkzCbtjKZsS5NbWXnhz4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206",
"rev": "ac1acba43b2f9db073943ff5ed883ce7e8a40a2c",
"type": "github"
},
"original": {
@ -319,7 +439,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
@ -337,18 +457,63 @@
"root": {
"inputs": {
"arion": "arion",
"conduit": "conduit",
"mms": "mms",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgsOld": "nixpkgsOld",
"nixpkgsUnstable": "nixpkgsUnstable",
"simple-nixos-mailserver": "simple-nixos-mailserver"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1689441253,
"narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"conduit",
"crane",
"flake-utils"
],
"nixpkgs": [
"conduit",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688351637,
"narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f9b92316727af9e6c7fee4a761242f7f46880329",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_5",
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_6",
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils"
@ -368,6 +533,21 @@
"type": "gitlab"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,

View file

@ -1,16 +1,18 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
arion.url = "github:hercules-ci/arion";
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
# conduit = {
# url = "gitlab:famedly/conduit";
# };
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
conduit = {
url = "gitlab:famedly/conduit";
};
};
outputs = { self, nixpkgs, nixpkgsUnstable, ... }@inputs:
outputs = { self, nixpkgsOld, nixpkgs, nixpkgsUnstable, ... }@inputs:
let
hostPkgs = import nixpkgs { system = "x86_64-linux"; };
in {
@ -30,6 +32,10 @@
system = "aarch64-linux";
overlays = [];
};
pkgsOld = import nixpkgsOld {
system = "aarch64-linux";
overlays = [];
};
};
};
@ -43,7 +49,7 @@
./modules/base-stuff.nix
./modules/proxy.nix
./modules/postgres.nix
#./modules/jitsi.nix
# ./modules/jitsi.nix
./modules/containers
./modules/conduit.nix
./modules/keycloak.nix
@ -52,6 +58,8 @@
./modules/modded-mc.nix
#./modules/prosody.nix
./modules/vault.nix
./modules/monitoring.nix
./modules/mailserver.nix
];
system.stateVersion = "22.11";

View file

@ -16,8 +16,19 @@
networking = {
nameservers = [ "9.9.9.9" "149.112.112.112" ];
hostName = "katzen-cafe";
networkmanager.enable = true;
networkmanager = {
enable = true;
unmanaged = [ "interface-name:ve-phtanumb+" "interface-name:ve-katzenwiki" ];
};
firewall.allowedTCPPorts = [ 22 80 443 ];
# firewall.allowedUDPPorts = [ 25568 25569 ];
nat = {
enable = true;
internalInterfaces = [ "ve-phtanumb+" "ve-katzenwiki" ];
externalInterface = "enp1s0";
};
interfaces."enp1s0" = {
ipv6.addresses = [{
@ -55,19 +66,24 @@
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
#users.users.april = {
#isNormalUser = true;
#packages = with pkgs; [ git ];
#createHome = true;
#extraGroups = [ "docker" ];
#openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
#];
#};
users.users.april = {
isNormalUser = true;
packages = with pkgs; [ git ];
createHome = true;
extraGroups = [ "docker" ];
openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
];
};
services.cron.systemCronJobs = [
"0 0 * * * april cd /home/april && ./build.sh"
];
services.cron.enable = true;
services.openssh = {
enable = true;
permitRootLogin = "prohibit-password";
settings.PermitRootLogin = "prohibit-password";
};
environment.systemPackages = with pkgs; [

View file

@ -1,5 +1,6 @@
{ config
, pkgsUnstable
, inputs
, ...
}:
@ -46,7 +47,8 @@ in
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgsUnstable.
package = pkgsUnstable.matrix-conduit;
# package = pkgsUnstable.matrix-conduit;
package = inputs.conduit.packages.${pkgsUnstable.system}.default;
settings.global = {
inherit server_name;
@ -60,13 +62,18 @@ in
defaults = {
email = admin_email;
};
certs = {
"katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"matrix.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
};
};
# ACME data must be readable by the NGINX user
users.users.nginx.extraGroups = [
"acme"
];
# Configure NGINX as a reverse proxy
services.nginx = {
enable = true;
@ -84,10 +91,19 @@ in
ssl = true;
}
{
addr = "[::]";
port = 443;
ssl = true;
} {
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::]";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {

View file

@ -8,7 +8,7 @@
networks.calcnet.name = "calcnet";
services = {
"web".service = {
image = "docker.io/waterdev/calckey_arm";
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
container_name = "calckey_web";
restart = "unless-stopped";
depends_on = [ "db" "redis" ];
@ -18,8 +18,8 @@
"NODE_ENV" = "production";
};
volumes = [
"/calckey/files:/calckey/files"
"/calckey/config:/calckey/.config:ro"
"/calckey/files:/iceshrimp/files"
"/calckey/config:/iceshrimp/.config:ro"
];
};
"redis".service = {

View file

@ -1,6 +1,7 @@
{ pkgs, ... }:
{
imports = [
./katzencafe-wiki.nix
./phtanumb-wiki.nix
./calckey.nix
./penpot.nix

View file

@ -0,0 +1,100 @@
{ pkgsOld, ... }:
{
containers."katzenwiki" = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.2.1";
localAddress = "10.0.2.2";
bindMounts = {
"/var/lib/mediawiki" = {
hostPath = "/katzenwiki";
isReadOnly = false;
};
};
# extraVeths = {
# "katzenwiki" = {
# hostAddress = "10.0.2.1";
# localAddress = "10.0.2.2";
# };
# };
config = { config, pkgs, ... }: {
environment.systemPackages = with pkgs; [btop ];
networking.firewall.enable = false;
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
services.mediawiki = {
enable = true;
name = "katzenwiki";
database = {
type = "mysql";
};
virtualHost = {
hostName = "wiki.katzen.cafe";
adminAddr = "admin@katzen.cafe";
listen = [
{
ip = "10.0.2.2";
port = 80;
ssl = false;
}
];
};
passwordFile = "/var/lib/mediawiki/passwordFile";
extraConfig = ''
# $wgShowExceptionDetails = true;
# $wgDebugToolbar = true;
# $wgShowDebug = true;
# $wgDevelopmentWarnings = true;
# Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
$wgGroupPermissions['oidc_admin']['userrights'] = true;
$oidcClientSecret = file_get_contents('/var/lib/mediawiki/keycloakClientSecret', false, null, 0, 32);
$wgPluggableAuth_Config[] = [
'plugin' => 'OpenIDConnect',
'data' => [
'providerURL' => 'https://auth.katzen.cafe/realms/katzen.cafe',
'clientID' => 'katzenwiki',
# hack to try dynamically get the secret
'clientsecret' => $oidcClientSecret,
'global_roles' => ['property' => ['realm_access', 'roles']],
'wiki_roles' => ['property' => ['resource_access', 'katzenwiki', 'roles']]
]
];
'';
extensions = {
PluggableAuth = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-068be5d.tar.gz";
sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q=";
};
OpenIDConnect = pkgs.fetchzip {
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_39-42e4d75.tar.gz";
sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU=";
};
WikiEditor = null;
CodeEditor = null;
};
};
system.stateVersion = "23.05";
};
};
deployment.keys = {
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
# i should figure out why to make this work when setting up new instances...
"katzenwikiPwFile" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-passwordFile" ];
destDir = "/katzenwiki";
name = "passwordFile";
};
"katzenwikiKeycloakClientSecret" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-keycloak-secret" ];
destDir = "/katzenwiki";
name = "keycloakClientSecret";
permissions = "0604";
};
};
}

View file

@ -9,6 +9,8 @@
services = {
"penpot-backend".service = {
image = "penpotapp/backend:latest";
# NOTE: you have to change the owner of the assets folder to 1001:1001
# command: # chown -R 1001:1001 /penpot/assets
volumes = [ "/penpot/assets:/opt/data/assets" ];
depends_on = [ "penpot-postgres" "penpot-redis" ];
networks = [ "penpot" ];

View file

@ -1,40 +1,42 @@
{ pkgs, ... }:
{ pkgsOld, ... }:
{
containers."phtanumb-wiki" = {
autoStart = true;
hostAddress = "127.0.0.1";
privateNetwork = true;
hostAddress = "10.0.1.1";
localAddress = "10.0.1.2";
nixpkgs = pkgsOld.path;
bindMounts = {
"/var/mediawiki" = {
hostPath = "/phtanum-b/wiki";
isReadOnly = false;
};
};
forwardPorts = [
{
protocol = "tcp";
hostPort = 5432;
containerPort = 5432;
}
{
protocol = "tcp";
hostPort = 8081;
containerPort = 8081;
}
];
# extraVeths = {
# "phtanumb" = {
# hostAddress = "10.0.1.1";
# localAddress = "10.0.1.2";
# };
# };
config = { config, pkgs, ... }: {
environment.systemPackages = with pkgs; [ luajit ];
networking.firewall.enable = false;
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
services.mediawiki = {
enable = true;
name = "phtanum-b";
virtualHost.listen = [
{
ip = "127.0.0.2";
port = 8081;
ssl = false;
}
];
virtualHost.hostName = "wiki.phtanum-b.katzen.cafe";
virtualHost.adminAddr = "admin@katzen.cafe";
virtualHost = {
hostName = "wiki.phtanum-b.katzen.cafe";
adminAddr = "admin@katzen.cafe";
listen = [
{
ip = "10.0.1.2";
port = 80;
ssl = false;
}
];
};
passwordFile = "/var/mediawiki/passwordFile";
extraConfig = ''
# $wgShowExceptionDetails = true;

View file

@ -5,24 +5,21 @@
package = pkgsUnstable.forgejo;
repositoryRoot = "/forgejo/repos";
appName = "Katzenschmiede";
rootUrl = "https://forge.katzen.cafe/";
httpPort = 8082;
domain = "forge.katzen.cafe";
database = {
type = "postgres";
};
settings = {
openid = {
ENABLE_OPENID_SIGNIN = true;
#ENABLE_OPENID_SIGNUP = true;
};
federation = {
ENABLED = true;
};
#server = {
#ROOT_URL = "https://forge.katzen.cafe/";
#HTTP_PORT = 8082;
#};
server = {
ROOT_URL = "https://forge.katzen.cafe/";
HTTP_PORT = 8082;
DOMAIN = "forge.katzen.cafe";
};
service = {
REGISTER_MANUAL_CONFIRM = true;
SHOW_REGISTRATION_BUTTON = false;
@ -30,7 +27,17 @@
actions = {
ENABLED = true;
};
mailer = {
ENABLED = true;
FROM = "forge@noreply.katzen.cafe";
MAILER_TYPE = "smtp";
SMTP_ADDR = "mail.katzen.cafe";
SMTP_PORT = 465;
IS_TLS_ENABLED = true;
USER = "forge@noreply.katzen.cafe";
};
};
mailerPasswordFile = "/forgejo/secret/mailerPassword";
};
deployment.keys = {
"forgejoDbPw" = {
@ -38,5 +45,10 @@
destDir = "/forgejo/secret/";
permissions = "0604";
};
"mailerPassword" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mailer-pw-forgejo" ];
destDir = "/forgejo/secret/";
permissions = "0604";
};
};
}

View file

@ -5,14 +5,16 @@
settings = {
http-port = 8080;
http-host = "127.0.0.1";
http-enabled = true;
https-port = 8443;
proxy = "edge";
hostname = "auth.katzen.cafe";
hostname-port = "-1";
hostname-admin-url = "https://auth.katzen.cafe";
hostname-strict-backchannel = true;
# hostname-strict-backchannel = true;
};
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";

51
modules/mailserver.nix Normal file
View file

@ -0,0 +1,51 @@
{ inputs, ... }:
{
imports = [ inputs.simple-nixos-mailserver.nixosModule ];
mailserver = {
enable = true;
fqdn = "mail.katzen.cafe";
sendingFqdn = "katzen.cafe";
domains = [ "katzen.cafe" "noreply.katzen.cafe" ];
loginAccounts = {
"admin@katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
};
"ck@noreply.katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/noreply-mail-ck";
};
"forge@noreply.katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/noreply-mail-forgejo";
};
"keycloak@noreply.katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/noreply-mail-keycloak";
};
"penpot@noreply.katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/noreply-mail-penpot";
};
};
certificateScheme = "acme-nginx";
};
deployment.keys = {
"admin-mail-pw" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/admin-mail-pw" ];
destDir = "/var/lib/secrets";
};
"noreply-mail-ck" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-ck" ];
destDir = "/var/lib/secrets";
};
"noreply-mail-forgejo" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-forgejo" ];
destDir = "/var/lib/secrets";
};
"noreply-mail-keycloak" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-keycloak" ];
destDir = "/var/lib/secrets";
};
"noreply-mail-penpot" = {
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-penpot" ];
destDir = "/var/lib/secrets";
};
};
}

View file

@ -12,7 +12,7 @@
# and the user `mc-e2es`.
instances = {
"catpile-v1" = {
enable = true;
enable = false;
jvmPackage = pkgs.temurin-jre-bin;
@ -33,6 +33,28 @@
allow-flight = true;
};
};
# "tleg" = {
# enable = true;
# jvmPackage = pkgs.jre8;
# # Keys that can access the state of this instance (read/write!) over an rsync module
# # Leave empty to disable
# rsyncSSHKeys = [
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDu9lhNUjovmaeUczUv18GVoSp8Xo8Izi+HSxC7Go3YOTkaijMB4fCWIIQ/MZkKd7BG0OLPwbNSFrP7XrLxyXbMfNNoOBHTtQv85HwRP7XcvsYomHrdtcU3Nf49/MSXA4z42FqzUF114+D0czJz+Nxer+MbEHqAKZRjNuHOizKv8Rqq2hkwTL/Oi3fQxNaj/rHKth0/8BqcUixxofY/e48E+3SAEUJhb/h4m8nyvecKtyfAdxvPg3ZVi+vWZTeY8aoMRliw6kho59tBzumiXsRve0FyFbGx/t/T3zR2dxBZ63LSePhiTO3XdE3spSq/gzsZRNkxxoSWHiW6xrXQAgoyBGPp0ISw3ljtDgTgaJ5JS9JYRKpkfHDlsBKuLpeoD4i6Ts2Z+0dyFnVyBs64bwY7PyqRtS9l/EM/f2VxfsndWMoCuGFCZSS2WbONirqp6e7czxCQ2iqShYKzfupbTf8eYV1i4+VTJE1Qs0oFbmcwZDJbHqaUZn2aeS7fW9pYrA0= jade@monosodium-glutamate-g"
# ];
# serverConfig = {
# # Port must be unique
# server-port = 25568;
# motd = "Be excellent to eachother";
# white-list = true;
# spawn-protection = 0;
# max-tick-time = 5 * 60 * 1000;
# allow-flight = true;
# };
# };
};
};
}

31
modules/monitoring.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, ... }:
{
services.prometheus = {
enable = true;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
};
};
scrapeConfigs = [
{
job_name = "katzencafe";
static_configs = [{
targets = [ "127.0.0.1:9100" ];
}];
}
];
};
services.grafana = {
enable = true;
settings = {
server = {
domain = "grafana.katzen.cafe";
http_port = 2343;
http_addr = "127.0.0.1";
};
};
};
}

View file

@ -19,6 +19,10 @@
group = "nginx";
keyType = "rsa4096";
};
"wiki.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"auth.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
@ -31,11 +35,15 @@
group = "nginx";
keyType = "rsa4096";
};
"mumble.katzen.cafe" = {
group = "murmur";
# "mumble.katzen.cafe" = {
# group = "murmur";
# keyType = "rsa4096";
# };
"hc-vault.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"hc-vault.katzen.cafe" = {
"grafana.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
@ -57,7 +65,17 @@
recommendedTlsSettings = true;
recommendedProxySettings = true;
statusPage = true;
virtualHosts = {
"grafana.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:2343";
proxyWebsockets = true;
};
};
"ck.katzen.cafe" = {
forceSSL = true;
enableACME = true;
@ -85,11 +103,11 @@
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
# proxy_set_header Host $host;
extraConfig = ''
proxy_buffers 4 256k;
proxy_buffer_size 128k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_set_header X-Real-IP $remote_addr;
@ -107,11 +125,18 @@
proxyWebsockets = true;
};
};
"wiki.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://10.0.2.2";
};
};
"wiki.phtanum-b.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.2:8081";
proxyPass = "http://10.0.1.2";
};
};
"hc-vault.katzen.cafe" = {