mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-12-22 10:15:51 +01:00
do too many things lmao
This commit is contained in:
parent
c3695556c2
commit
3b666eee63
15 changed files with 555 additions and 87 deletions
226
flake.lock
226
flake.lock
|
@ -7,11 +7,11 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682181677,
|
||||
"narHash": "sha256-El8WQ2ccxWwkSrjuwKNR0gD/O7vS/KLBY4Q2/nF8m1c=",
|
||||
"lastModified": 1689948211,
|
||||
"narHash": "sha256-XVDDrerEzYucD6cL7nNW7dNfGhDnhfpB+rbuDvlaWrc=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "arion",
|
||||
"rev": "6a1f03329c400327b3b2e0ed5e1efff11037ba67",
|
||||
"rev": "9ba47f9fbb8650158d9983e19b53206586be4382",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -36,7 +36,93 @@
|
|||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"conduit": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"fenix": "fenix",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690660551,
|
||||
"narHash": "sha256-4F5dkDy52pLeP8Pnxz/rFzFx6ckL7bZkY0VazaEcr7U=",
|
||||
"owner": "famedly",
|
||||
"repo": "conduit",
|
||||
"rev": "afd8112e25a86918c7f9ac657523698b2e0315f4",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "famedly",
|
||||
"repo": "conduit",
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": [
|
||||
"conduit",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"conduit",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688772518,
|
||||
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"conduit",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689488573,
|
||||
"narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "39096fe3f379036ff4a5fa198950b8e79defe939",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
|
@ -52,7 +138,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1668681692,
|
||||
|
@ -90,6 +176,24 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
|
@ -138,10 +242,10 @@
|
|||
},
|
||||
"mms": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nix": "nix",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669478601,
|
||||
|
@ -160,7 +264,7 @@
|
|||
"nix": {
|
||||
"inputs": {
|
||||
"lowdown-src": "lowdown-src",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-regression": "nixpkgs-regression"
|
||||
},
|
||||
"locked": {
|
||||
|
@ -241,11 +345,11 @@
|
|||
},
|
||||
"nixpkgsOld": {
|
||||
"locked": {
|
||||
"lastModified": 1687666471,
|
||||
"narHash": "sha256-88VoE8jLzjRhH38mUUrom+zJ7GVMjuW4M321Iri5C/w=",
|
||||
"lastModified": 1688392541,
|
||||
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6610eb320efb234025e477e51ae7625ccd65a2e8",
|
||||
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -257,11 +361,11 @@
|
|||
},
|
||||
"nixpkgsUnstable": {
|
||||
"locked": {
|
||||
"lastModified": 1687898314,
|
||||
"narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=",
|
||||
"lastModified": 1690031011,
|
||||
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e18dc963075ed115afb3e312b64643bf8fd4b474",
|
||||
"rev": "12303c652b881435065a98729eb7278313041e49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -272,6 +376,22 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1689444953,
|
||||
"narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8acef304efe70152463a6399f73e636bcc363813",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1657693803,
|
||||
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
|
||||
|
@ -287,7 +407,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1669378442,
|
||||
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
|
||||
|
@ -303,13 +423,13 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1687829761,
|
||||
"narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=",
|
||||
"lastModified": 1690148897,
|
||||
"narHash": "sha256-l/j/AX1d2K79EWslwgWR2+htkzCbtjKZsS5NbWXnhz4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206",
|
||||
"rev": "ac1acba43b2f9db073943ff5ed883ce7e8a40a2c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -319,7 +439,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1670751203,
|
||||
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
||||
|
@ -337,18 +457,63 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"arion": "arion",
|
||||
"conduit": "conduit",
|
||||
"mms": "mms",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgsOld": "nixpkgsOld",
|
||||
"nixpkgsUnstable": "nixpkgsUnstable",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||
}
|
||||
},
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1689441253,
|
||||
"narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rust-lang",
|
||||
"ref": "nightly",
|
||||
"repo": "rust-analyzer",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"conduit",
|
||||
"crane",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"conduit",
|
||||
"crane",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688351637,
|
||||
"narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "f9b92316727af9e6c7fee4a761242f7f46880329",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"utils": "utils"
|
||||
|
@ -368,6 +533,21 @@
|
|||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
|
|
20
flake.nix
20
flake.nix
|
@ -1,16 +1,18 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
|
||||
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-22.11";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
arion.url = "github:hercules-ci/arion";
|
||||
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
||||
# conduit = {
|
||||
# url = "gitlab:famedly/conduit";
|
||||
# };
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
||||
conduit = {
|
||||
url = "gitlab:famedly/conduit";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgsUnstable, ... }@inputs:
|
||||
outputs = { self, nixpkgsOld, nixpkgs, nixpkgsUnstable, ... }@inputs:
|
||||
let
|
||||
hostPkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||
in {
|
||||
|
@ -30,6 +32,10 @@
|
|||
system = "aarch64-linux";
|
||||
overlays = [];
|
||||
};
|
||||
pkgsOld = import nixpkgsOld {
|
||||
system = "aarch64-linux";
|
||||
overlays = [];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -43,7 +49,7 @@
|
|||
./modules/base-stuff.nix
|
||||
./modules/proxy.nix
|
||||
./modules/postgres.nix
|
||||
#./modules/jitsi.nix
|
||||
# ./modules/jitsi.nix
|
||||
./modules/containers
|
||||
./modules/conduit.nix
|
||||
./modules/keycloak.nix
|
||||
|
@ -52,6 +58,8 @@
|
|||
./modules/modded-mc.nix
|
||||
#./modules/prosody.nix
|
||||
./modules/vault.nix
|
||||
./modules/monitoring.nix
|
||||
./modules/mailserver.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
|
|
@ -16,8 +16,19 @@
|
|||
networking = {
|
||||
nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
hostName = "katzen-cafe";
|
||||
networkmanager.enable = true;
|
||||
networkmanager = {
|
||||
enable = true;
|
||||
unmanaged = [ "interface-name:ve-phtanumb+" "interface-name:ve-katzenwiki" ];
|
||||
};
|
||||
|
||||
firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||
# firewall.allowedUDPPorts = [ 25568 25569 ];
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-phtanumb+" "ve-katzenwiki" ];
|
||||
externalInterface = "enp1s0";
|
||||
};
|
||||
|
||||
interfaces."enp1s0" = {
|
||||
ipv6.addresses = [{
|
||||
|
@ -55,19 +66,24 @@
|
|||
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||
|
||||
#users.users.april = {
|
||||
#isNormalUser = true;
|
||||
#packages = with pkgs; [ git ];
|
||||
#createHome = true;
|
||||
#extraGroups = [ "docker" ];
|
||||
#openssh.authorizedKeys.keys = [
|
||||
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||
#];
|
||||
#};
|
||||
users.users.april = {
|
||||
isNormalUser = true;
|
||||
packages = with pkgs; [ git ];
|
||||
createHome = true;
|
||||
extraGroups = [ "docker" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
||||
];
|
||||
};
|
||||
services.cron.systemCronJobs = [
|
||||
"0 0 * * * april cd /home/april && ./build.sh"
|
||||
];
|
||||
services.cron.enable = true;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "prohibit-password";
|
||||
settings.PermitRootLogin = "prohibit-password";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ config
|
||||
, pkgsUnstable
|
||||
, inputs
|
||||
, ...
|
||||
}:
|
||||
|
||||
|
@ -46,7 +47,8 @@ in
|
|||
|
||||
# This causes NixOS to use the flake defined in this repository instead of
|
||||
# the build of Conduit built into nixpkgsUnstable.
|
||||
package = pkgsUnstable.matrix-conduit;
|
||||
# package = pkgsUnstable.matrix-conduit;
|
||||
package = inputs.conduit.packages.${pkgsUnstable.system}.default;
|
||||
|
||||
settings.global = {
|
||||
inherit server_name;
|
||||
|
@ -60,13 +62,18 @@ in
|
|||
defaults = {
|
||||
email = admin_email;
|
||||
};
|
||||
certs = {
|
||||
"katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"matrix.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# ACME data must be readable by the NGINX user
|
||||
users.users.nginx.extraGroups = [
|
||||
"acme"
|
||||
];
|
||||
|
||||
# Configure NGINX as a reverse proxy
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
@ -84,10 +91,19 @@ in
|
|||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
} {
|
||||
addr = "0.0.0.0";
|
||||
port = 8448;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::]";
|
||||
port = 8448;
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
|
||||
locations."/_matrix/" = {
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
networks.calcnet.name = "calcnet";
|
||||
services = {
|
||||
"web".service = {
|
||||
image = "docker.io/waterdev/calckey_arm";
|
||||
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
|
||||
container_name = "calckey_web";
|
||||
restart = "unless-stopped";
|
||||
depends_on = [ "db" "redis" ];
|
||||
|
@ -18,8 +18,8 @@
|
|||
"NODE_ENV" = "production";
|
||||
};
|
||||
volumes = [
|
||||
"/calckey/files:/calckey/files"
|
||||
"/calckey/config:/calckey/.config:ro"
|
||||
"/calckey/files:/iceshrimp/files"
|
||||
"/calckey/config:/iceshrimp/.config:ro"
|
||||
];
|
||||
};
|
||||
"redis".service = {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./katzencafe-wiki.nix
|
||||
./phtanumb-wiki.nix
|
||||
./calckey.nix
|
||||
./penpot.nix
|
||||
|
|
100
modules/containers/katzencafe-wiki.nix
Normal file
100
modules/containers/katzencafe-wiki.nix
Normal file
|
@ -0,0 +1,100 @@
|
|||
{ pkgsOld, ... }:
|
||||
{
|
||||
containers."katzenwiki" = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.0.2.1";
|
||||
localAddress = "10.0.2.2";
|
||||
bindMounts = {
|
||||
"/var/lib/mediawiki" = {
|
||||
hostPath = "/katzenwiki";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
# extraVeths = {
|
||||
# "katzenwiki" = {
|
||||
# hostAddress = "10.0.2.1";
|
||||
# localAddress = "10.0.2.2";
|
||||
# };
|
||||
# };
|
||||
config = { config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [btop ];
|
||||
networking.firewall.enable = false;
|
||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
name = "katzenwiki";
|
||||
database = {
|
||||
type = "mysql";
|
||||
};
|
||||
virtualHost = {
|
||||
hostName = "wiki.katzen.cafe";
|
||||
adminAddr = "admin@katzen.cafe";
|
||||
listen = [
|
||||
{
|
||||
ip = "10.0.2.2";
|
||||
port = 80;
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
passwordFile = "/var/lib/mediawiki/passwordFile";
|
||||
extraConfig = ''
|
||||
# $wgShowExceptionDetails = true;
|
||||
# $wgDebugToolbar = true;
|
||||
# $wgShowDebug = true;
|
||||
# $wgDevelopmentWarnings = true;
|
||||
|
||||
# Disable anonymous editing
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
||||
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||
|
||||
$oidcClientSecret = file_get_contents('/var/lib/mediawiki/keycloakClientSecret', false, null, 0, 32);
|
||||
$wgPluggableAuth_Config[] = [
|
||||
'plugin' => 'OpenIDConnect',
|
||||
'data' => [
|
||||
'providerURL' => 'https://auth.katzen.cafe/realms/katzen.cafe',
|
||||
'clientID' => 'katzenwiki',
|
||||
# hack to try dynamically get the secret
|
||||
'clientsecret' => $oidcClientSecret,
|
||||
'global_roles' => ['property' => ['realm_access', 'roles']],
|
||||
'wiki_roles' => ['property' => ['resource_access', 'katzenwiki', 'roles']]
|
||||
]
|
||||
];
|
||||
'';
|
||||
extensions = {
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-068be5d.tar.gz";
|
||||
sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q=";
|
||||
};
|
||||
OpenIDConnect = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_39-42e4d75.tar.gz";
|
||||
sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU=";
|
||||
};
|
||||
WikiEditor = null;
|
||||
CodeEditor = null;
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
};
|
||||
};
|
||||
deployment.keys = {
|
||||
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
|
||||
# i should figure out why to make this work when setting up new instances...
|
||||
"katzenwikiPwFile" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-passwordFile" ];
|
||||
destDir = "/katzenwiki";
|
||||
name = "passwordFile";
|
||||
};
|
||||
"katzenwikiKeycloakClientSecret" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-keycloak-secret" ];
|
||||
destDir = "/katzenwiki";
|
||||
name = "keycloakClientSecret";
|
||||
permissions = "0604";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,6 +9,8 @@
|
|||
services = {
|
||||
"penpot-backend".service = {
|
||||
image = "penpotapp/backend:latest";
|
||||
# NOTE: you have to change the owner of the assets folder to 1001:1001
|
||||
# command: # chown -R 1001:1001 /penpot/assets
|
||||
volumes = [ "/penpot/assets:/opt/data/assets" ];
|
||||
depends_on = [ "penpot-postgres" "penpot-redis" ];
|
||||
networks = [ "penpot" ];
|
||||
|
|
|
@ -1,40 +1,42 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgsOld, ... }:
|
||||
{
|
||||
containers."phtanumb-wiki" = {
|
||||
autoStart = true;
|
||||
hostAddress = "127.0.0.1";
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.0.1.1";
|
||||
localAddress = "10.0.1.2";
|
||||
nixpkgs = pkgsOld.path;
|
||||
bindMounts = {
|
||||
"/var/mediawiki" = {
|
||||
hostPath = "/phtanum-b/wiki";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
forwardPorts = [
|
||||
{
|
||||
protocol = "tcp";
|
||||
hostPort = 5432;
|
||||
containerPort = 5432;
|
||||
}
|
||||
{
|
||||
protocol = "tcp";
|
||||
hostPort = 8081;
|
||||
containerPort = 8081;
|
||||
}
|
||||
];
|
||||
# extraVeths = {
|
||||
# "phtanumb" = {
|
||||
# hostAddress = "10.0.1.1";
|
||||
# localAddress = "10.0.1.2";
|
||||
# };
|
||||
# };
|
||||
config = { config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ luajit ];
|
||||
networking.firewall.enable = false;
|
||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||
services.mediawiki = {
|
||||
enable = true;
|
||||
name = "phtanum-b";
|
||||
virtualHost.listen = [
|
||||
{
|
||||
ip = "127.0.0.2";
|
||||
port = 8081;
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
virtualHost.hostName = "wiki.phtanum-b.katzen.cafe";
|
||||
virtualHost.adminAddr = "admin@katzen.cafe";
|
||||
virtualHost = {
|
||||
hostName = "wiki.phtanum-b.katzen.cafe";
|
||||
adminAddr = "admin@katzen.cafe";
|
||||
listen = [
|
||||
{
|
||||
ip = "10.0.1.2";
|
||||
port = 80;
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
};
|
||||
passwordFile = "/var/mediawiki/passwordFile";
|
||||
extraConfig = ''
|
||||
# $wgShowExceptionDetails = true;
|
||||
|
|
|
@ -5,24 +5,21 @@
|
|||
package = pkgsUnstable.forgejo;
|
||||
repositoryRoot = "/forgejo/repos";
|
||||
appName = "Katzenschmiede";
|
||||
rootUrl = "https://forge.katzen.cafe/";
|
||||
httpPort = 8082;
|
||||
domain = "forge.katzen.cafe";
|
||||
database = {
|
||||
type = "postgres";
|
||||
};
|
||||
settings = {
|
||||
openid = {
|
||||
ENABLE_OPENID_SIGNIN = true;
|
||||
#ENABLE_OPENID_SIGNUP = true;
|
||||
};
|
||||
federation = {
|
||||
ENABLED = true;
|
||||
};
|
||||
#server = {
|
||||
#ROOT_URL = "https://forge.katzen.cafe/";
|
||||
#HTTP_PORT = 8082;
|
||||
#};
|
||||
server = {
|
||||
ROOT_URL = "https://forge.katzen.cafe/";
|
||||
HTTP_PORT = 8082;
|
||||
DOMAIN = "forge.katzen.cafe";
|
||||
};
|
||||
service = {
|
||||
REGISTER_MANUAL_CONFIRM = true;
|
||||
SHOW_REGISTRATION_BUTTON = false;
|
||||
|
@ -30,7 +27,17 @@
|
|||
actions = {
|
||||
ENABLED = true;
|
||||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
FROM = "forge@noreply.katzen.cafe";
|
||||
MAILER_TYPE = "smtp";
|
||||
SMTP_ADDR = "mail.katzen.cafe";
|
||||
SMTP_PORT = 465;
|
||||
IS_TLS_ENABLED = true;
|
||||
USER = "forge@noreply.katzen.cafe";
|
||||
};
|
||||
};
|
||||
mailerPasswordFile = "/forgejo/secret/mailerPassword";
|
||||
};
|
||||
deployment.keys = {
|
||||
"forgejoDbPw" = {
|
||||
|
@ -38,5 +45,10 @@
|
|||
destDir = "/forgejo/secret/";
|
||||
permissions = "0604";
|
||||
};
|
||||
"mailerPassword" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mailer-pw-forgejo" ];
|
||||
destDir = "/forgejo/secret/";
|
||||
permissions = "0604";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,14 +5,16 @@
|
|||
|
||||
settings = {
|
||||
http-port = 8080;
|
||||
http-host = "127.0.0.1";
|
||||
http-enabled = true;
|
||||
https-port = 8443;
|
||||
|
||||
proxy = "edge";
|
||||
|
||||
hostname = "auth.katzen.cafe";
|
||||
hostname-port = "-1";
|
||||
hostname-admin-url = "https://auth.katzen.cafe";
|
||||
hostname-strict-backchannel = true;
|
||||
# hostname-strict-backchannel = true;
|
||||
};
|
||||
|
||||
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
|
||||
|
|
51
modules/mailserver.nix
Normal file
51
modules/mailserver.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
imports = [ inputs.simple-nixos-mailserver.nixosModule ];
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.katzen.cafe";
|
||||
sendingFqdn = "katzen.cafe";
|
||||
domains = [ "katzen.cafe" "noreply.katzen.cafe" ];
|
||||
loginAccounts = {
|
||||
"admin@katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
|
||||
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
|
||||
};
|
||||
"ck@noreply.katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-ck";
|
||||
};
|
||||
"forge@noreply.katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-forgejo";
|
||||
};
|
||||
"keycloak@noreply.katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-keycloak";
|
||||
};
|
||||
"penpot@noreply.katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-penpot";
|
||||
};
|
||||
};
|
||||
certificateScheme = "acme-nginx";
|
||||
};
|
||||
deployment.keys = {
|
||||
"admin-mail-pw" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/admin-mail-pw" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
"noreply-mail-ck" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-ck" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
"noreply-mail-forgejo" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-forgejo" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
"noreply-mail-keycloak" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-keycloak" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
"noreply-mail-penpot" = {
|
||||
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-penpot" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -12,7 +12,7 @@
|
|||
# and the user `mc-e2es`.
|
||||
instances = {
|
||||
"catpile-v1" = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
|
||||
jvmPackage = pkgs.temurin-jre-bin;
|
||||
|
||||
|
@ -33,6 +33,28 @@
|
|||
allow-flight = true;
|
||||
};
|
||||
};
|
||||
# "tleg" = {
|
||||
# enable = true;
|
||||
|
||||
# jvmPackage = pkgs.jre8;
|
||||
|
||||
# # Keys that can access the state of this instance (read/write!) over an rsync module
|
||||
# # Leave empty to disable
|
||||
# rsyncSSHKeys = [
|
||||
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDu9lhNUjovmaeUczUv18GVoSp8Xo8Izi+HSxC7Go3YOTkaijMB4fCWIIQ/MZkKd7BG0OLPwbNSFrP7XrLxyXbMfNNoOBHTtQv85HwRP7XcvsYomHrdtcU3Nf49/MSXA4z42FqzUF114+D0czJz+Nxer+MbEHqAKZRjNuHOizKv8Rqq2hkwTL/Oi3fQxNaj/rHKth0/8BqcUixxofY/e48E+3SAEUJhb/h4m8nyvecKtyfAdxvPg3ZVi+vWZTeY8aoMRliw6kho59tBzumiXsRve0FyFbGx/t/T3zR2dxBZ63LSePhiTO3XdE3spSq/gzsZRNkxxoSWHiW6xrXQAgoyBGPp0ISw3ljtDgTgaJ5JS9JYRKpkfHDlsBKuLpeoD4i6Ts2Z+0dyFnVyBs64bwY7PyqRtS9l/EM/f2VxfsndWMoCuGFCZSS2WbONirqp6e7czxCQ2iqShYKzfupbTf8eYV1i4+VTJE1Qs0oFbmcwZDJbHqaUZn2aeS7fW9pYrA0= jade@monosodium-glutamate-g"
|
||||
# ];
|
||||
|
||||
# serverConfig = {
|
||||
# # Port must be unique
|
||||
# server-port = 25568;
|
||||
# motd = "Be excellent to eachother";
|
||||
|
||||
# white-list = true;
|
||||
# spawn-protection = 0;
|
||||
# max-tick-time = 5 * 60 * 1000;
|
||||
# allow-flight = true;
|
||||
# };
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
31
modules/monitoring.nix
Normal file
31
modules/monitoring.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
};
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "katzencafe";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:9100" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
domain = "grafana.katzen.cafe";
|
||||
http_port = 2343;
|
||||
http_addr = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -19,6 +19,10 @@
|
|||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"wiki.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"auth.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
|
@ -31,11 +35,15 @@
|
|||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"mumble.katzen.cafe" = {
|
||||
group = "murmur";
|
||||
# "mumble.katzen.cafe" = {
|
||||
# group = "murmur";
|
||||
# keyType = "rsa4096";
|
||||
# };
|
||||
"hc-vault.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"hc-vault.katzen.cafe" = {
|
||||
"grafana.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
|
@ -57,7 +65,17 @@
|
|||
recommendedTlsSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
statusPage = true;
|
||||
|
||||
virtualHosts = {
|
||||
"grafana.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:2343";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"ck.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -85,11 +103,11 @@
|
|||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
# proxy_set_header Host $host;
|
||||
extraConfig = ''
|
||||
proxy_buffers 4 256k;
|
||||
proxy_buffer_size 128k;
|
||||
proxy_busy_buffers_size 256k;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
@ -107,11 +125,18 @@
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"wiki.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://10.0.2.2";
|
||||
};
|
||||
};
|
||||
"wiki.phtanum-b.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.2:8081";
|
||||
proxyPass = "http://10.0.1.2";
|
||||
};
|
||||
};
|
||||
"hc-vault.katzen.cafe" = {
|
||||
|
|
Loading…
Reference in a new issue