to be perfectly honest this is a mess and I lost overview.

This commit is contained in:
Schrottkatze 2023-11-21 08:09:07 +01:00
parent a16094f61a
commit 433f4b76ef
9 changed files with 84 additions and 15 deletions

View file

@ -41,7 +41,6 @@
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
deployment = {
targetHost = "katzen.cafe";
#targetHost = "2a01:4f8:c17:c51f::";
buildOnTarget = true;
};
imports = [
@ -55,9 +54,9 @@
./modules/forgejo.nix
./modules/mumble.nix
./modules/modded-mc.nix
#./modules/prosody.nix
./modules/monitoring.nix
./modules/mailserver.nix
./modules/vaultwarden.nix
];
system.stateVersion = "22.11";

8
justfile Normal file
View file

@ -0,0 +1,8 @@
deploy:
colmena apply
build:
colmena build
update:
nix flake update --commit-lock-file

View file

@ -69,16 +69,16 @@
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
users.users.april = {
isNormalUser = true;
packages = with pkgs; [ git ];
createHome = true;
extraGroups = [ "docker" ];
openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
];
};
# users.users.april = {
# isNormalUser = true;
# packages = with pkgs; [ git ];
# createHome = true;
# extraGroups = [ "docker" ];
# openssh.authorizedKeys.keys = [
# #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
# ];
# };
services.cron.systemCronJobs = [
"0 0 * * * april cd /home/april && ./build.sh"
];
@ -90,7 +90,7 @@
};
environment.systemPackages = with pkgs; [
vim wget neofetch btop
vim wget neofetch btop arion
];
fileSystems."/" = {

View file

@ -152,7 +152,7 @@ in
upstreams = {
"backend_conduit" = {
servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
"[::1]:${toString config.services.matrix-conduit.settings.global.port}" = { };
};
};
};

View file

@ -8,7 +8,7 @@
networks.calcnet.name = "calcnet";
services = {
"web".service = {
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest";
container_name = "calckey_web";
restart = "unless-stopped";
depends_on = [ "db" "redis" ];

View file

@ -33,6 +33,7 @@
{
ip = "10.0.1.2";
port = 80;
# TODO for when not in train: set this true and deploy
ssl = false;
}
];

13
modules/hedgedoc.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.hedgedoc = {
enable = true;
domain = "pad.katzen.cafe";
settings = {
oauth2 = {
userProfileURL = "";
};
};
};
}

View file

@ -11,6 +11,10 @@
group = "nginx";
keyType = "rsa4096";
};
"vw.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"miau.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
@ -104,6 +108,22 @@
proxyWebsockets = true;
};
};
"vw.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:3012";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
};
"ck.katzen.cafe" = {
forceSSL = true;
enableACME = true;

28
modules/vaultwarden.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
services.vaultwarden = {
enable = true;
environmentFile = "/var/lib/secrets/vaultwarden.env";
config = {
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "127.0.0.1";
WEBSOCKET_PORT = 3012;
SMTP_HOST = "mail.katzen.cafe";
SMTP_FROM = "noreply@katzen.cafe";
SMTP_FROM_NAME = "Katzen.cafe Vaultwarden";
SMTP_PORT = "465";
SMTP_USERNAME = "noreply@katzen.cafe";
SMTP_SECURITY = "force_tls";
DOMAIN = "https://vw.katzen.cafe";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8812;
};
};
deployment.keys = {
"vaultwarden.env" = {
keyCommand = [ "pass" "vaultwarden/envfile" ];
destDir = "/var/lib/secrets";
user = "vaultwarden";
};
};
}