mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-12-22 10:15:51 +01:00
to be perfectly honest this is a mess and I lost overview.
This commit is contained in:
parent
a16094f61a
commit
433f4b76ef
9 changed files with 84 additions and 15 deletions
|
@ -41,7 +41,6 @@
|
|||
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
||||
deployment = {
|
||||
targetHost = "katzen.cafe";
|
||||
#targetHost = "2a01:4f8:c17:c51f::";
|
||||
buildOnTarget = true;
|
||||
};
|
||||
imports = [
|
||||
|
@ -55,9 +54,9 @@
|
|||
./modules/forgejo.nix
|
||||
./modules/mumble.nix
|
||||
./modules/modded-mc.nix
|
||||
#./modules/prosody.nix
|
||||
./modules/monitoring.nix
|
||||
./modules/mailserver.nix
|
||||
./modules/vaultwarden.nix
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
|
8
justfile
Normal file
8
justfile
Normal file
|
@ -0,0 +1,8 @@
|
|||
deploy:
|
||||
colmena apply
|
||||
|
||||
build:
|
||||
colmena build
|
||||
|
||||
update:
|
||||
nix flake update --commit-lock-file
|
|
@ -69,16 +69,16 @@
|
|||
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||
|
||||
users.users.april = {
|
||||
isNormalUser = true;
|
||||
packages = with pkgs; [ git ];
|
||||
createHome = true;
|
||||
extraGroups = [ "docker" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
||||
];
|
||||
};
|
||||
# users.users.april = {
|
||||
# isNormalUser = true;
|
||||
# packages = with pkgs; [ git ];
|
||||
# createHome = true;
|
||||
# extraGroups = [ "docker" ];
|
||||
# openssh.authorizedKeys.keys = [
|
||||
# #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
||||
# ];
|
||||
# };
|
||||
services.cron.systemCronJobs = [
|
||||
"0 0 * * * april cd /home/april && ./build.sh"
|
||||
];
|
||||
|
@ -90,7 +90,7 @@
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim wget neofetch btop
|
||||
vim wget neofetch btop arion
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
|
|
|
@ -152,7 +152,7 @@ in
|
|||
upstreams = {
|
||||
"backend_conduit" = {
|
||||
servers = {
|
||||
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
|
||||
"[::1]:${toString config.services.matrix-conduit.settings.global.port}" = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
networks.calcnet.name = "calcnet";
|
||||
services = {
|
||||
"web".service = {
|
||||
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
|
||||
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest";
|
||||
container_name = "calckey_web";
|
||||
restart = "unless-stopped";
|
||||
depends_on = [ "db" "redis" ];
|
||||
|
|
|
@ -33,6 +33,7 @@
|
|||
{
|
||||
ip = "10.0.1.2";
|
||||
port = 80;
|
||||
# TODO for when not in train: set this true and deploy
|
||||
ssl = false;
|
||||
}
|
||||
];
|
||||
|
|
13
modules/hedgedoc.nix
Normal file
13
modules/hedgedoc.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
domain = "pad.katzen.cafe";
|
||||
settings = {
|
||||
oauth2 = {
|
||||
userProfileURL = "";
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -11,6 +11,10 @@
|
|||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"vw.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
};
|
||||
"miau.katzen.cafe" = {
|
||||
group = "nginx";
|
||||
keyType = "rsa4096";
|
||||
|
@ -104,6 +108,22 @@
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"vw.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8812";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://localhost:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://localhost:8812";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"ck.katzen.cafe" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
|
28
modules/vaultwarden.nix
Normal file
28
modules/vaultwarden.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = "/var/lib/secrets/vaultwarden.env";
|
||||
config = {
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "127.0.0.1";
|
||||
WEBSOCKET_PORT = 3012;
|
||||
SMTP_HOST = "mail.katzen.cafe";
|
||||
SMTP_FROM = "noreply@katzen.cafe";
|
||||
SMTP_FROM_NAME = "Katzen.cafe Vaultwarden";
|
||||
SMTP_PORT = "465";
|
||||
SMTP_USERNAME = "noreply@katzen.cafe";
|
||||
SMTP_SECURITY = "force_tls";
|
||||
DOMAIN = "https://vw.katzen.cafe";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_PORT = 8812;
|
||||
};
|
||||
};
|
||||
deployment.keys = {
|
||||
"vaultwarden.env" = {
|
||||
keyCommand = [ "pass" "vaultwarden/envfile" ];
|
||||
destDir = "/var/lib/secrets";
|
||||
user = "vaultwarden";
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue