mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-24 14:58:43 +01:00
do too many things lmao
This commit is contained in:
parent
c3695556c2
commit
3b666eee63
226
flake.lock
226
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682181677,
|
"lastModified": 1689948211,
|
||||||
"narHash": "sha256-El8WQ2ccxWwkSrjuwKNR0gD/O7vS/KLBY4Q2/nF8m1c=",
|
"narHash": "sha256-XVDDrerEzYucD6cL7nNW7dNfGhDnhfpB+rbuDvlaWrc=",
|
||||||
"owner": "hercules-ci",
|
"owner": "hercules-ci",
|
||||||
"repo": "arion",
|
"repo": "arion",
|
||||||
"rev": "6a1f03329c400327b3b2e0ed5e1efff11037ba67",
|
"rev": "9ba47f9fbb8650158d9983e19b53206586be4382",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -36,7 +36,93 @@
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"conduit": {
|
||||||
|
"inputs": {
|
||||||
|
"crane": "crane",
|
||||||
|
"fenix": "fenix",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": "nixpkgs_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1690660551,
|
||||||
|
"narHash": "sha256-4F5dkDy52pLeP8Pnxz/rFzFx6ckL7bZkY0VazaEcr7U=",
|
||||||
|
"owner": "famedly",
|
||||||
|
"repo": "conduit",
|
||||||
|
"rev": "afd8112e25a86918c7f9ac657523698b2e0315f4",
|
||||||
|
"type": "gitlab"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "famedly",
|
||||||
|
"repo": "conduit",
|
||||||
|
"type": "gitlab"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"crane": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": [
|
||||||
|
"conduit",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"conduit",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"rust-overlay": "rust-overlay"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688772518,
|
||||||
|
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fenix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"conduit",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"rust-analyzer-src": "rust-analyzer-src"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689488573,
|
||||||
|
"narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "fenix",
|
||||||
|
"rev": "39096fe3f379036ff4a5fa198950b8e79defe939",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "fenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-compat": {
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673956053,
|
||||||
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668681692,
|
"lastModified": 1668681692,
|
||||||
|
@ -52,7 +138,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_2": {
|
"flake-compat_3": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1668681692,
|
"lastModified": 1668681692,
|
||||||
|
@ -90,6 +176,24 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689068808,
|
||||||
|
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1667395993,
|
"lastModified": 1667395993,
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||||
|
@ -138,10 +242,10 @@
|
||||||
},
|
},
|
||||||
"mms": {
|
"mms": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat_2",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils_2",
|
||||||
"nix": "nix",
|
"nix": "nix",
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1669478601,
|
"lastModified": 1669478601,
|
||||||
|
@ -160,7 +264,7 @@
|
||||||
"nix": {
|
"nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"lowdown-src": "lowdown-src",
|
"lowdown-src": "lowdown-src",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_3",
|
||||||
"nixpkgs-regression": "nixpkgs-regression"
|
"nixpkgs-regression": "nixpkgs-regression"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -241,11 +345,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgsOld": {
|
"nixpkgsOld": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687666471,
|
"lastModified": 1688392541,
|
||||||
"narHash": "sha256-88VoE8jLzjRhH38mUUrom+zJ7GVMjuW4M321Iri5C/w=",
|
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6610eb320efb234025e477e51ae7625ccd65a2e8",
|
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -257,11 +361,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgsUnstable": {
|
"nixpkgsUnstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687898314,
|
"lastModified": 1690031011,
|
||||||
"narHash": "sha256-B4BHon3uMXQw8ZdbwxRK1BmxVOGBV4viipKpGaIlGwk=",
|
"narHash": "sha256-kzK0P4Smt7CL53YCdZCBbt9uBFFhE0iNvCki20etAf4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e18dc963075ed115afb3e312b64643bf8fd4b474",
|
"rev": "12303c652b881435065a98729eb7278313041e49",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -272,6 +376,22 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689444953,
|
||||||
|
"narHash": "sha256-0o56bfb2LC38wrinPdCGLDScd77LVcr7CrH1zK7qvDg=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "8acef304efe70152463a6399f73e636bcc363813",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1657693803,
|
"lastModified": 1657693803,
|
||||||
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
|
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
|
||||||
|
@ -287,7 +407,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1669378442,
|
"lastModified": 1669378442,
|
||||||
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
|
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
|
||||||
|
@ -303,13 +423,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687829761,
|
"lastModified": 1690148897,
|
||||||
"narHash": "sha256-QRe1Y8SS3M4GeC58F/6ajz6V0ZLUVWX3ZAMgov2N3/g=",
|
"narHash": "sha256-l/j/AX1d2K79EWslwgWR2+htkzCbtjKZsS5NbWXnhz4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9790f3242da2152d5aa1976e3e4b8b414f4dd206",
|
"rev": "ac1acba43b2f9db073943ff5ed883ce7e8a40a2c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -319,7 +439,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_6": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1670751203,
|
"lastModified": 1670751203,
|
||||||
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
|
||||||
|
@ -337,18 +457,63 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"arion": "arion",
|
"arion": "arion",
|
||||||
|
"conduit": "conduit",
|
||||||
"mms": "mms",
|
"mms": "mms",
|
||||||
"nixpkgs": "nixpkgs_4",
|
"nixpkgs": "nixpkgs_5",
|
||||||
"nixpkgsOld": "nixpkgsOld",
|
"nixpkgsOld": "nixpkgsOld",
|
||||||
"nixpkgsUnstable": "nixpkgsUnstable",
|
"nixpkgsUnstable": "nixpkgsUnstable",
|
||||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"rust-analyzer-src": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689441253,
|
||||||
|
"narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=",
|
||||||
|
"owner": "rust-lang",
|
||||||
|
"repo": "rust-analyzer",
|
||||||
|
"rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "rust-lang",
|
||||||
|
"ref": "nightly",
|
||||||
|
"repo": "rust-analyzer",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"rust-overlay": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": [
|
||||||
|
"conduit",
|
||||||
|
"crane",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"conduit",
|
||||||
|
"crane",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688351637,
|
||||||
|
"narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "f9b92316727af9e6c7fee4a761242f7f46880329",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"simple-nixos-mailserver": {
|
"simple-nixos-mailserver": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_3",
|
||||||
"nixpkgs": "nixpkgs_5",
|
"nixpkgs": "nixpkgs_6",
|
||||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
"nixpkgs-22_11": "nixpkgs-22_11",
|
||||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
|
@ -368,6 +533,21 @@
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1605370193,
|
"lastModified": 1605370193,
|
||||||
|
|
20
flake.nix
20
flake.nix
|
@ -1,16 +1,18 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
|
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-22.11";
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
|
||||||
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
arion.url = "github:hercules-ci/arion";
|
arion.url = "github:hercules-ci/arion";
|
||||||
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
||||||
# conduit = {
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
||||||
# url = "gitlab:famedly/conduit";
|
conduit = {
|
||||||
# };
|
url = "gitlab:famedly/conduit";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixpkgsUnstable, ... }@inputs:
|
outputs = { self, nixpkgsOld, nixpkgs, nixpkgsUnstable, ... }@inputs:
|
||||||
let
|
let
|
||||||
hostPkgs = import nixpkgs { system = "x86_64-linux"; };
|
hostPkgs = import nixpkgs { system = "x86_64-linux"; };
|
||||||
in {
|
in {
|
||||||
|
@ -30,6 +32,10 @@
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
overlays = [];
|
overlays = [];
|
||||||
};
|
};
|
||||||
|
pkgsOld = import nixpkgsOld {
|
||||||
|
system = "aarch64-linux";
|
||||||
|
overlays = [];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -43,7 +49,7 @@
|
||||||
./modules/base-stuff.nix
|
./modules/base-stuff.nix
|
||||||
./modules/proxy.nix
|
./modules/proxy.nix
|
||||||
./modules/postgres.nix
|
./modules/postgres.nix
|
||||||
#./modules/jitsi.nix
|
# ./modules/jitsi.nix
|
||||||
./modules/containers
|
./modules/containers
|
||||||
./modules/conduit.nix
|
./modules/conduit.nix
|
||||||
./modules/keycloak.nix
|
./modules/keycloak.nix
|
||||||
|
@ -52,6 +58,8 @@
|
||||||
./modules/modded-mc.nix
|
./modules/modded-mc.nix
|
||||||
#./modules/prosody.nix
|
#./modules/prosody.nix
|
||||||
./modules/vault.nix
|
./modules/vault.nix
|
||||||
|
./modules/monitoring.nix
|
||||||
|
./modules/mailserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
|
@ -16,8 +16,19 @@
|
||||||
networking = {
|
networking = {
|
||||||
nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
hostName = "katzen-cafe";
|
hostName = "katzen-cafe";
|
||||||
networkmanager.enable = true;
|
networkmanager = {
|
||||||
|
enable = true;
|
||||||
|
unmanaged = [ "interface-name:ve-phtanumb+" "interface-name:ve-katzenwiki" ];
|
||||||
|
};
|
||||||
|
|
||||||
firewall.allowedTCPPorts = [ 22 80 443 ];
|
firewall.allowedTCPPorts = [ 22 80 443 ];
|
||||||
|
# firewall.allowedUDPPorts = [ 25568 25569 ];
|
||||||
|
|
||||||
|
nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = [ "ve-phtanumb+" "ve-katzenwiki" ];
|
||||||
|
externalInterface = "enp1s0";
|
||||||
|
};
|
||||||
|
|
||||||
interfaces."enp1s0" = {
|
interfaces."enp1s0" = {
|
||||||
ipv6.addresses = [{
|
ipv6.addresses = [{
|
||||||
|
@ -55,19 +66,24 @@
|
||||||
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||||
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||||
|
|
||||||
#users.users.april = {
|
users.users.april = {
|
||||||
#isNormalUser = true;
|
isNormalUser = true;
|
||||||
#packages = with pkgs; [ git ];
|
packages = with pkgs; [ git ];
|
||||||
#createHome = true;
|
createHome = true;
|
||||||
#extraGroups = [ "docker" ];
|
extraGroups = [ "docker" ];
|
||||||
#openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||||
#];
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
||||||
#};
|
];
|
||||||
|
};
|
||||||
|
services.cron.systemCronJobs = [
|
||||||
|
"0 0 * * * april cd /home/april && ./build.sh"
|
||||||
|
];
|
||||||
|
services.cron.enable = true;
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "prohibit-password";
|
settings.PermitRootLogin = "prohibit-password";
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ config
|
{ config
|
||||||
, pkgsUnstable
|
, pkgsUnstable
|
||||||
|
, inputs
|
||||||
, ...
|
, ...
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
@ -46,7 +47,8 @@ in
|
||||||
|
|
||||||
# This causes NixOS to use the flake defined in this repository instead of
|
# This causes NixOS to use the flake defined in this repository instead of
|
||||||
# the build of Conduit built into nixpkgsUnstable.
|
# the build of Conduit built into nixpkgsUnstable.
|
||||||
package = pkgsUnstable.matrix-conduit;
|
# package = pkgsUnstable.matrix-conduit;
|
||||||
|
package = inputs.conduit.packages.${pkgsUnstable.system}.default;
|
||||||
|
|
||||||
settings.global = {
|
settings.global = {
|
||||||
inherit server_name;
|
inherit server_name;
|
||||||
|
@ -60,13 +62,18 @@ in
|
||||||
defaults = {
|
defaults = {
|
||||||
email = admin_email;
|
email = admin_email;
|
||||||
};
|
};
|
||||||
|
certs = {
|
||||||
|
"katzen.cafe" = {
|
||||||
|
group = "nginx";
|
||||||
|
keyType = "rsa4096";
|
||||||
|
};
|
||||||
|
"matrix.katzen.cafe" = {
|
||||||
|
group = "nginx";
|
||||||
|
keyType = "rsa4096";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ACME data must be readable by the NGINX user
|
|
||||||
users.users.nginx.extraGroups = [
|
|
||||||
"acme"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Configure NGINX as a reverse proxy
|
# Configure NGINX as a reverse proxy
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -84,10 +91,19 @@ in
|
||||||
ssl = true;
|
ssl = true;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
} {
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
port = 8448;
|
port = 8448;
|
||||||
ssl = true;
|
ssl = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
addr = "[::]";
|
||||||
|
port = 8448;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
locations."/_matrix/" = {
|
locations."/_matrix/" = {
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
networks.calcnet.name = "calcnet";
|
networks.calcnet.name = "calcnet";
|
||||||
services = {
|
services = {
|
||||||
"web".service = {
|
"web".service = {
|
||||||
image = "docker.io/waterdev/calckey_arm";
|
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
|
||||||
container_name = "calckey_web";
|
container_name = "calckey_web";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
depends_on = [ "db" "redis" ];
|
depends_on = [ "db" "redis" ];
|
||||||
|
@ -18,8 +18,8 @@
|
||||||
"NODE_ENV" = "production";
|
"NODE_ENV" = "production";
|
||||||
};
|
};
|
||||||
volumes = [
|
volumes = [
|
||||||
"/calckey/files:/calckey/files"
|
"/calckey/files:/iceshrimp/files"
|
||||||
"/calckey/config:/calckey/.config:ro"
|
"/calckey/config:/iceshrimp/.config:ro"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"redis".service = {
|
"redis".service = {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./katzencafe-wiki.nix
|
||||||
./phtanumb-wiki.nix
|
./phtanumb-wiki.nix
|
||||||
./calckey.nix
|
./calckey.nix
|
||||||
./penpot.nix
|
./penpot.nix
|
||||||
|
|
100
modules/containers/katzencafe-wiki.nix
Normal file
100
modules/containers/katzencafe-wiki.nix
Normal file
|
@ -0,0 +1,100 @@
|
||||||
|
{ pkgsOld, ... }:
|
||||||
|
{
|
||||||
|
containers."katzenwiki" = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.0.2.1";
|
||||||
|
localAddress = "10.0.2.2";
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/mediawiki" = {
|
||||||
|
hostPath = "/katzenwiki";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# extraVeths = {
|
||||||
|
# "katzenwiki" = {
|
||||||
|
# hostAddress = "10.0.2.1";
|
||||||
|
# localAddress = "10.0.2.2";
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
environment.systemPackages = with pkgs; [btop ];
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
|
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||||
|
services.mediawiki = {
|
||||||
|
enable = true;
|
||||||
|
name = "katzenwiki";
|
||||||
|
database = {
|
||||||
|
type = "mysql";
|
||||||
|
};
|
||||||
|
virtualHost = {
|
||||||
|
hostName = "wiki.katzen.cafe";
|
||||||
|
adminAddr = "admin@katzen.cafe";
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
ip = "10.0.2.2";
|
||||||
|
port = 80;
|
||||||
|
ssl = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
passwordFile = "/var/lib/mediawiki/passwordFile";
|
||||||
|
extraConfig = ''
|
||||||
|
# $wgShowExceptionDetails = true;
|
||||||
|
# $wgDebugToolbar = true;
|
||||||
|
# $wgShowDebug = true;
|
||||||
|
# $wgDevelopmentWarnings = true;
|
||||||
|
|
||||||
|
# Disable anonymous editing
|
||||||
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
|
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
||||||
|
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||||
|
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||||
|
|
||||||
|
$oidcClientSecret = file_get_contents('/var/lib/mediawiki/keycloakClientSecret', false, null, 0, 32);
|
||||||
|
$wgPluggableAuth_Config[] = [
|
||||||
|
'plugin' => 'OpenIDConnect',
|
||||||
|
'data' => [
|
||||||
|
'providerURL' => 'https://auth.katzen.cafe/realms/katzen.cafe',
|
||||||
|
'clientID' => 'katzenwiki',
|
||||||
|
# hack to try dynamically get the secret
|
||||||
|
'clientsecret' => $oidcClientSecret,
|
||||||
|
'global_roles' => ['property' => ['realm_access', 'roles']],
|
||||||
|
'wiki_roles' => ['property' => ['resource_access', 'katzenwiki', 'roles']]
|
||||||
|
]
|
||||||
|
];
|
||||||
|
'';
|
||||||
|
extensions = {
|
||||||
|
PluggableAuth = pkgs.fetchzip {
|
||||||
|
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_39-068be5d.tar.gz";
|
||||||
|
sha256 = "sha256-OWfr3oq2XzyJ5tynP5bRRPm34ymqz2oIBe2vBPHK+/Q=";
|
||||||
|
};
|
||||||
|
OpenIDConnect = pkgs.fetchzip {
|
||||||
|
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_39-42e4d75.tar.gz";
|
||||||
|
sha256 = "sha256-g+PGNzt0o2FebI3xyVamz5RA95E86MD2yqD4v8N6zKU=";
|
||||||
|
};
|
||||||
|
WikiEditor = null;
|
||||||
|
CodeEditor = null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
deployment.keys = {
|
||||||
|
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
|
||||||
|
# i should figure out why to make this work when setting up new instances...
|
||||||
|
"katzenwikiPwFile" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-passwordFile" ];
|
||||||
|
destDir = "/katzenwiki";
|
||||||
|
name = "passwordFile";
|
||||||
|
};
|
||||||
|
"katzenwikiKeycloakClientSecret" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/katzenwiki-keycloak-secret" ];
|
||||||
|
destDir = "/katzenwiki";
|
||||||
|
name = "keycloakClientSecret";
|
||||||
|
permissions = "0604";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,6 +9,8 @@
|
||||||
services = {
|
services = {
|
||||||
"penpot-backend".service = {
|
"penpot-backend".service = {
|
||||||
image = "penpotapp/backend:latest";
|
image = "penpotapp/backend:latest";
|
||||||
|
# NOTE: you have to change the owner of the assets folder to 1001:1001
|
||||||
|
# command: # chown -R 1001:1001 /penpot/assets
|
||||||
volumes = [ "/penpot/assets:/opt/data/assets" ];
|
volumes = [ "/penpot/assets:/opt/data/assets" ];
|
||||||
depends_on = [ "penpot-postgres" "penpot-redis" ];
|
depends_on = [ "penpot-postgres" "penpot-redis" ];
|
||||||
networks = [ "penpot" ];
|
networks = [ "penpot" ];
|
||||||
|
|
|
@ -1,40 +1,42 @@
|
||||||
{ pkgs, ... }:
|
{ pkgsOld, ... }:
|
||||||
{
|
{
|
||||||
containers."phtanumb-wiki" = {
|
containers."phtanumb-wiki" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
hostAddress = "127.0.0.1";
|
privateNetwork = true;
|
||||||
|
hostAddress = "10.0.1.1";
|
||||||
|
localAddress = "10.0.1.2";
|
||||||
|
nixpkgs = pkgsOld.path;
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/mediawiki" = {
|
"/var/mediawiki" = {
|
||||||
hostPath = "/phtanum-b/wiki";
|
hostPath = "/phtanum-b/wiki";
|
||||||
isReadOnly = false;
|
isReadOnly = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
forwardPorts = [
|
# extraVeths = {
|
||||||
{
|
# "phtanumb" = {
|
||||||
protocol = "tcp";
|
# hostAddress = "10.0.1.1";
|
||||||
hostPort = 5432;
|
# localAddress = "10.0.1.2";
|
||||||
containerPort = 5432;
|
# };
|
||||||
}
|
# };
|
||||||
{
|
|
||||||
protocol = "tcp";
|
|
||||||
hostPort = 8081;
|
|
||||||
containerPort = 8081;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
config = { config, pkgs, ... }: {
|
config = { config, pkgs, ... }: {
|
||||||
environment.systemPackages = with pkgs; [ luajit ];
|
environment.systemPackages = with pkgs; [ luajit ];
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
|
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||||
services.mediawiki = {
|
services.mediawiki = {
|
||||||
enable = true;
|
enable = true;
|
||||||
name = "phtanum-b";
|
name = "phtanum-b";
|
||||||
virtualHost.listen = [
|
virtualHost = {
|
||||||
{
|
hostName = "wiki.phtanum-b.katzen.cafe";
|
||||||
ip = "127.0.0.2";
|
adminAddr = "admin@katzen.cafe";
|
||||||
port = 8081;
|
listen = [
|
||||||
ssl = false;
|
{
|
||||||
}
|
ip = "10.0.1.2";
|
||||||
];
|
port = 80;
|
||||||
virtualHost.hostName = "wiki.phtanum-b.katzen.cafe";
|
ssl = false;
|
||||||
virtualHost.adminAddr = "admin@katzen.cafe";
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
passwordFile = "/var/mediawiki/passwordFile";
|
passwordFile = "/var/mediawiki/passwordFile";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# $wgShowExceptionDetails = true;
|
# $wgShowExceptionDetails = true;
|
||||||
|
|
|
@ -5,24 +5,21 @@
|
||||||
package = pkgsUnstable.forgejo;
|
package = pkgsUnstable.forgejo;
|
||||||
repositoryRoot = "/forgejo/repos";
|
repositoryRoot = "/forgejo/repos";
|
||||||
appName = "Katzenschmiede";
|
appName = "Katzenschmiede";
|
||||||
rootUrl = "https://forge.katzen.cafe/";
|
|
||||||
httpPort = 8082;
|
|
||||||
domain = "forge.katzen.cafe";
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
openid = {
|
openid = {
|
||||||
ENABLE_OPENID_SIGNIN = true;
|
ENABLE_OPENID_SIGNIN = true;
|
||||||
#ENABLE_OPENID_SIGNUP = true;
|
|
||||||
};
|
};
|
||||||
federation = {
|
federation = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
#server = {
|
server = {
|
||||||
#ROOT_URL = "https://forge.katzen.cafe/";
|
ROOT_URL = "https://forge.katzen.cafe/";
|
||||||
#HTTP_PORT = 8082;
|
HTTP_PORT = 8082;
|
||||||
#};
|
DOMAIN = "forge.katzen.cafe";
|
||||||
|
};
|
||||||
service = {
|
service = {
|
||||||
REGISTER_MANUAL_CONFIRM = true;
|
REGISTER_MANUAL_CONFIRM = true;
|
||||||
SHOW_REGISTRATION_BUTTON = false;
|
SHOW_REGISTRATION_BUTTON = false;
|
||||||
|
@ -30,7 +27,17 @@
|
||||||
actions = {
|
actions = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
|
mailer = {
|
||||||
|
ENABLED = true;
|
||||||
|
FROM = "forge@noreply.katzen.cafe";
|
||||||
|
MAILER_TYPE = "smtp";
|
||||||
|
SMTP_ADDR = "mail.katzen.cafe";
|
||||||
|
SMTP_PORT = 465;
|
||||||
|
IS_TLS_ENABLED = true;
|
||||||
|
USER = "forge@noreply.katzen.cafe";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
mailerPasswordFile = "/forgejo/secret/mailerPassword";
|
||||||
};
|
};
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
"forgejoDbPw" = {
|
"forgejoDbPw" = {
|
||||||
|
@ -38,5 +45,10 @@
|
||||||
destDir = "/forgejo/secret/";
|
destDir = "/forgejo/secret/";
|
||||||
permissions = "0604";
|
permissions = "0604";
|
||||||
};
|
};
|
||||||
|
"mailerPassword" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mailer-pw-forgejo" ];
|
||||||
|
destDir = "/forgejo/secret/";
|
||||||
|
permissions = "0604";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,14 +5,16 @@
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
http-port = 8080;
|
http-port = 8080;
|
||||||
|
http-host = "127.0.0.1";
|
||||||
http-enabled = true;
|
http-enabled = true;
|
||||||
|
https-port = 8443;
|
||||||
|
|
||||||
proxy = "edge";
|
proxy = "edge";
|
||||||
|
|
||||||
hostname = "auth.katzen.cafe";
|
hostname = "auth.katzen.cafe";
|
||||||
hostname-port = "-1";
|
hostname-port = "-1";
|
||||||
hostname-admin-url = "https://auth.katzen.cafe";
|
hostname-admin-url = "https://auth.katzen.cafe";
|
||||||
hostname-strict-backchannel = true;
|
# hostname-strict-backchannel = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
|
#sslCertificateKey = "/var/lib/acme/auth.katzen.cafe/key.pem";
|
||||||
|
|
51
modules/mailserver.nix
Normal file
51
modules/mailserver.nix
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{ inputs, ... }:
|
||||||
|
{
|
||||||
|
imports = [ inputs.simple-nixos-mailserver.nixosModule ];
|
||||||
|
mailserver = {
|
||||||
|
enable = true;
|
||||||
|
fqdn = "mail.katzen.cafe";
|
||||||
|
sendingFqdn = "katzen.cafe";
|
||||||
|
domains = [ "katzen.cafe" "noreply.katzen.cafe" ];
|
||||||
|
loginAccounts = {
|
||||||
|
"admin@katzen.cafe" = {
|
||||||
|
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
|
||||||
|
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
|
||||||
|
};
|
||||||
|
"ck@noreply.katzen.cafe" = {
|
||||||
|
hashedPasswordFile = "/var/lib/secrets/noreply-mail-ck";
|
||||||
|
};
|
||||||
|
"forge@noreply.katzen.cafe" = {
|
||||||
|
hashedPasswordFile = "/var/lib/secrets/noreply-mail-forgejo";
|
||||||
|
};
|
||||||
|
"keycloak@noreply.katzen.cafe" = {
|
||||||
|
hashedPasswordFile = "/var/lib/secrets/noreply-mail-keycloak";
|
||||||
|
};
|
||||||
|
"penpot@noreply.katzen.cafe" = {
|
||||||
|
hashedPasswordFile = "/var/lib/secrets/noreply-mail-penpot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
certificateScheme = "acme-nginx";
|
||||||
|
};
|
||||||
|
deployment.keys = {
|
||||||
|
"admin-mail-pw" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/admin-mail-pw" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
};
|
||||||
|
"noreply-mail-ck" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-ck" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
};
|
||||||
|
"noreply-mail-forgejo" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-forgejo" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
};
|
||||||
|
"noreply-mail-keycloak" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-keycloak" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
};
|
||||||
|
"noreply-mail-penpot" = {
|
||||||
|
keyCommand = [ "cat" "/home/jade/keys-tmp/noreply-mail-penpot" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -12,7 +12,7 @@
|
||||||
# and the user `mc-e2es`.
|
# and the user `mc-e2es`.
|
||||||
instances = {
|
instances = {
|
||||||
"catpile-v1" = {
|
"catpile-v1" = {
|
||||||
enable = true;
|
enable = false;
|
||||||
|
|
||||||
jvmPackage = pkgs.temurin-jre-bin;
|
jvmPackage = pkgs.temurin-jre-bin;
|
||||||
|
|
||||||
|
@ -33,6 +33,28 @@
|
||||||
allow-flight = true;
|
allow-flight = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# "tleg" = {
|
||||||
|
# enable = true;
|
||||||
|
|
||||||
|
# jvmPackage = pkgs.jre8;
|
||||||
|
|
||||||
|
# # Keys that can access the state of this instance (read/write!) over an rsync module
|
||||||
|
# # Leave empty to disable
|
||||||
|
# rsyncSSHKeys = [
|
||||||
|
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDu9lhNUjovmaeUczUv18GVoSp8Xo8Izi+HSxC7Go3YOTkaijMB4fCWIIQ/MZkKd7BG0OLPwbNSFrP7XrLxyXbMfNNoOBHTtQv85HwRP7XcvsYomHrdtcU3Nf49/MSXA4z42FqzUF114+D0czJz+Nxer+MbEHqAKZRjNuHOizKv8Rqq2hkwTL/Oi3fQxNaj/rHKth0/8BqcUixxofY/e48E+3SAEUJhb/h4m8nyvecKtyfAdxvPg3ZVi+vWZTeY8aoMRliw6kho59tBzumiXsRve0FyFbGx/t/T3zR2dxBZ63LSePhiTO3XdE3spSq/gzsZRNkxxoSWHiW6xrXQAgoyBGPp0ISw3ljtDgTgaJ5JS9JYRKpkfHDlsBKuLpeoD4i6Ts2Z+0dyFnVyBs64bwY7PyqRtS9l/EM/f2VxfsndWMoCuGFCZSS2WbONirqp6e7czxCQ2iqShYKzfupbTf8eYV1i4+VTJE1Qs0oFbmcwZDJbHqaUZn2aeS7fW9pYrA0= jade@monosodium-glutamate-g"
|
||||||
|
# ];
|
||||||
|
|
||||||
|
# serverConfig = {
|
||||||
|
# # Port must be unique
|
||||||
|
# server-port = 25568;
|
||||||
|
# motd = "Be excellent to eachother";
|
||||||
|
|
||||||
|
# white-list = true;
|
||||||
|
# spawn-protection = 0;
|
||||||
|
# max-tick-time = 5 * 60 * 1000;
|
||||||
|
# allow-flight = true;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
31
modules/monitoring.nix
Normal file
31
modules/monitoring.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
|
exporters = {
|
||||||
|
node = {
|
||||||
|
enable = true;
|
||||||
|
enabledCollectors = [ "systemd" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
scrapeConfigs = [
|
||||||
|
{
|
||||||
|
job_name = "katzencafe";
|
||||||
|
static_configs = [{
|
||||||
|
targets = [ "127.0.0.1:9100" ];
|
||||||
|
}];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
services.grafana = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
domain = "grafana.katzen.cafe";
|
||||||
|
http_port = 2343;
|
||||||
|
http_addr = "127.0.0.1";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -19,6 +19,10 @@
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
|
"wiki.katzen.cafe" = {
|
||||||
|
group = "nginx";
|
||||||
|
keyType = "rsa4096";
|
||||||
|
};
|
||||||
"auth.katzen.cafe" = {
|
"auth.katzen.cafe" = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
|
@ -31,11 +35,15 @@
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
"mumble.katzen.cafe" = {
|
# "mumble.katzen.cafe" = {
|
||||||
group = "murmur";
|
# group = "murmur";
|
||||||
|
# keyType = "rsa4096";
|
||||||
|
# };
|
||||||
|
"hc-vault.katzen.cafe" = {
|
||||||
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
"hc-vault.katzen.cafe" = {
|
"grafana.katzen.cafe" = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
|
@ -57,7 +65,17 @@
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
||||||
|
statusPage = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
"grafana.katzen.cafe" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:2343";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
"ck.katzen.cafe" = {
|
"ck.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -85,11 +103,11 @@
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:8080";
|
proxyPass = "http://127.0.0.1:8080";
|
||||||
|
# proxy_set_header Host $host;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
proxy_buffers 4 256k;
|
proxy_buffers 4 256k;
|
||||||
proxy_buffer_size 128k;
|
proxy_buffer_size 128k;
|
||||||
proxy_busy_buffers_size 256k;
|
proxy_busy_buffers_size 256k;
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
@ -107,11 +125,18 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"wiki.katzen.cafe" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://10.0.2.2";
|
||||||
|
};
|
||||||
|
};
|
||||||
"wiki.phtanum-b.katzen.cafe" = {
|
"wiki.phtanum-b.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.2:8081";
|
proxyPass = "http://10.0.1.2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"hc-vault.katzen.cafe" = {
|
"hc-vault.katzen.cafe" = {
|
||||||
|
|
Loading…
Reference in a new issue