mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-25 07:08:45 +01:00
to be perfectly honest this is a mess and I lost overview.
This commit is contained in:
parent
a16094f61a
commit
433f4b76ef
|
@ -41,7 +41,6 @@
|
||||||
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
|
||||||
deployment = {
|
deployment = {
|
||||||
targetHost = "katzen.cafe";
|
targetHost = "katzen.cafe";
|
||||||
#targetHost = "2a01:4f8:c17:c51f::";
|
|
||||||
buildOnTarget = true;
|
buildOnTarget = true;
|
||||||
};
|
};
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -55,9 +54,9 @@
|
||||||
./modules/forgejo.nix
|
./modules/forgejo.nix
|
||||||
./modules/mumble.nix
|
./modules/mumble.nix
|
||||||
./modules/modded-mc.nix
|
./modules/modded-mc.nix
|
||||||
#./modules/prosody.nix
|
|
||||||
./modules/monitoring.nix
|
./modules/monitoring.nix
|
||||||
./modules/mailserver.nix
|
./modules/mailserver.nix
|
||||||
|
./modules/vaultwarden.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
8
justfile
Normal file
8
justfile
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
deploy:
|
||||||
|
colmena apply
|
||||||
|
|
||||||
|
build:
|
||||||
|
colmena build
|
||||||
|
|
||||||
|
update:
|
||||||
|
nix flake update --commit-lock-file
|
|
@ -69,16 +69,16 @@
|
||||||
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
|
||||||
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
|
||||||
|
|
||||||
users.users.april = {
|
# users.users.april = {
|
||||||
isNormalUser = true;
|
# isNormalUser = true;
|
||||||
packages = with pkgs; [ git ];
|
# packages = with pkgs; [ git ];
|
||||||
createHome = true;
|
# createHome = true;
|
||||||
extraGroups = [ "docker" ];
|
# extraGroups = [ "docker" ];
|
||||||
openssh.authorizedKeys.keys = [
|
# openssh.authorizedKeys.keys = [
|
||||||
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
# #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
# "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
|
||||||
];
|
# ];
|
||||||
};
|
# };
|
||||||
services.cron.systemCronJobs = [
|
services.cron.systemCronJobs = [
|
||||||
"0 0 * * * april cd /home/april && ./build.sh"
|
"0 0 * * * april cd /home/april && ./build.sh"
|
||||||
];
|
];
|
||||||
|
@ -90,7 +90,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
vim wget neofetch btop
|
vim wget neofetch btop arion
|
||||||
];
|
];
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
|
|
|
@ -152,7 +152,7 @@ in
|
||||||
upstreams = {
|
upstreams = {
|
||||||
"backend_conduit" = {
|
"backend_conduit" = {
|
||||||
servers = {
|
servers = {
|
||||||
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
|
"[::1]:${toString config.services.matrix-conduit.settings.global.port}" = { };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
networks.calcnet.name = "calcnet";
|
networks.calcnet.name = "calcnet";
|
||||||
services = {
|
services = {
|
||||||
"web".service = {
|
"web".service = {
|
||||||
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm";
|
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest";
|
||||||
container_name = "calckey_web";
|
container_name = "calckey_web";
|
||||||
restart = "unless-stopped";
|
restart = "unless-stopped";
|
||||||
depends_on = [ "db" "redis" ];
|
depends_on = [ "db" "redis" ];
|
||||||
|
|
|
@ -33,6 +33,7 @@
|
||||||
{
|
{
|
||||||
ip = "10.0.1.2";
|
ip = "10.0.1.2";
|
||||||
port = 80;
|
port = 80;
|
||||||
|
# TODO for when not in train: set this true and deploy
|
||||||
ssl = false;
|
ssl = false;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
13
modules/hedgedoc.nix
Normal file
13
modules/hedgedoc.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.hedgedoc = {
|
||||||
|
enable = true;
|
||||||
|
domain = "pad.katzen.cafe";
|
||||||
|
settings = {
|
||||||
|
oauth2 = {
|
||||||
|
userProfileURL = "";
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -11,6 +11,10 @@
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
};
|
};
|
||||||
|
"vw.katzen.cafe" = {
|
||||||
|
group = "nginx";
|
||||||
|
keyType = "rsa4096";
|
||||||
|
};
|
||||||
"miau.katzen.cafe" = {
|
"miau.katzen.cafe" = {
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
keyType = "rsa4096";
|
keyType = "rsa4096";
|
||||||
|
@ -104,6 +108,22 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"vw.katzen.cafe" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:8812";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub" = {
|
||||||
|
proxyPass = "http://localhost:3012";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/notifications/hub/negotiate" = {
|
||||||
|
proxyPass = "http://localhost:8812";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
"ck.katzen.cafe" = {
|
"ck.katzen.cafe" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
28
modules/vaultwarden.nix
Normal file
28
modules/vaultwarden.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = "/var/lib/secrets/vaultwarden.env";
|
||||||
|
config = {
|
||||||
|
WEBSOCKET_ENABLED = true;
|
||||||
|
WEBSOCKET_ADDRESS = "127.0.0.1";
|
||||||
|
WEBSOCKET_PORT = 3012;
|
||||||
|
SMTP_HOST = "mail.katzen.cafe";
|
||||||
|
SMTP_FROM = "noreply@katzen.cafe";
|
||||||
|
SMTP_FROM_NAME = "Katzen.cafe Vaultwarden";
|
||||||
|
SMTP_PORT = "465";
|
||||||
|
SMTP_USERNAME = "noreply@katzen.cafe";
|
||||||
|
SMTP_SECURITY = "force_tls";
|
||||||
|
DOMAIN = "https://vw.katzen.cafe";
|
||||||
|
SIGNUPS_ALLOWED = false;
|
||||||
|
ROCKET_PORT = 8812;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
deployment.keys = {
|
||||||
|
"vaultwarden.env" = {
|
||||||
|
keyCommand = [ "pass" "vaultwarden/envfile" ];
|
||||||
|
destDir = "/var/lib/secrets";
|
||||||
|
user = "vaultwarden";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue