to be perfectly honest this is a mess and I lost overview.

This commit is contained in:
Schrottkatze 2023-11-21 08:09:07 +01:00
parent a16094f61a
commit 433f4b76ef
9 changed files with 84 additions and 15 deletions

View file

@ -41,7 +41,6 @@
katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: { katzencafe = { name, nodes, pkgs, pkgsUnstable, inputs, ... }: {
deployment = { deployment = {
targetHost = "katzen.cafe"; targetHost = "katzen.cafe";
#targetHost = "2a01:4f8:c17:c51f::";
buildOnTarget = true; buildOnTarget = true;
}; };
imports = [ imports = [
@ -55,9 +54,9 @@
./modules/forgejo.nix ./modules/forgejo.nix
./modules/mumble.nix ./modules/mumble.nix
./modules/modded-mc.nix ./modules/modded-mc.nix
#./modules/prosody.nix
./modules/monitoring.nix ./modules/monitoring.nix
./modules/mailserver.nix ./modules/mailserver.nix
./modules/vaultwarden.nix
]; ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";

8
justfile Normal file
View file

@ -0,0 +1,8 @@
deploy:
colmena apply
build:
colmena build
update:
nix flake update --commit-lock-file

View file

@ -69,16 +69,16 @@
#networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ]; #networking.interfaces.enp1s0.ipv6.addresses = [ { address = "2a01:4f8:c17:c51f::1/64"; prefixLength = 64; } ];
#networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; }; #networking.defaultGateway6 = { address = "fe80::1"; interface = "enp1s0"; };
users.users.april = { # users.users.april = {
isNormalUser = true; # isNormalUser = true;
packages = with pkgs; [ git ]; # packages = with pkgs; [ git ];
createHome = true; # createHome = true;
extraGroups = [ "docker" ]; # extraGroups = [ "docker" ];
openssh.authorizedKeys.keys = [ # openssh.authorizedKeys.keys = [
#"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de" # #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost" # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK4N06uWyGFbWDf0JdQ1mB2PkyQSxYLLbNOihmXGRf2ce8Do4LvlMqHreDNvEfixYK+pRQSdK8oeNqOiRjFXgyEhoo5v/Tg832iHq4r3wEHoqFR/w9XxmAp8Rv66h9uY1wY8+xFVlpgw8GqHN37JJt1P5i3oDkKnBXunzm7+vw1Qo/+LvD4nS9kQlso6ocNGSOAEf7N/IKJpGQp4FrsW1Qg4ZSWVCruUBm5iw02IampgjrzvbHQBO7TIG3jr0TxXBx2MFXydDTXdONwLtlJiwk210ppQIhgIjcqlUZBKZcYJy23ZesPbO2fSyT0iPWFAnvcIRHhsacp8HQ9paKR76J7ghBmAQm9KXyH0TjZM84+lHEvOAGNeDuh+VFr147uyTcun5aWy9zM8v8rW96pUIkId5HQNP8HPGymTFWXomwDvpdFJO/TA2F9YsNfVoTJGy4PbieWFDU5esI3CD6k696mB+vgLcF35qfc76uVFWOUWYHIX3KVwqXh7MQ8+CBWrE= u0_a269@localhost"
]; # ];
}; # };
services.cron.systemCronJobs = [ services.cron.systemCronJobs = [
"0 0 * * * april cd /home/april && ./build.sh" "0 0 * * * april cd /home/april && ./build.sh"
]; ];
@ -90,7 +90,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim wget neofetch btop vim wget neofetch btop arion
]; ];
fileSystems."/" = { fileSystems."/" = {

View file

@ -152,7 +152,7 @@ in
upstreams = { upstreams = {
"backend_conduit" = { "backend_conduit" = {
servers = { servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { }; "[::1]:${toString config.services.matrix-conduit.settings.global.port}" = { };
}; };
}; };
}; };

View file

@ -8,7 +8,7 @@
networks.calcnet.name = "calcnet"; networks.calcnet.name = "calcnet";
services = { services = {
"web".service = { "web".service = {
image = "iceshrimp.dev/iceshrimp/iceshrimp:latest-arm"; image = "iceshrimp.dev/iceshrimp/iceshrimp:latest";
container_name = "calckey_web"; container_name = "calckey_web";
restart = "unless-stopped"; restart = "unless-stopped";
depends_on = [ "db" "redis" ]; depends_on = [ "db" "redis" ];

View file

@ -33,6 +33,7 @@
{ {
ip = "10.0.1.2"; ip = "10.0.1.2";
port = 80; port = 80;
# TODO for when not in train: set this true and deploy
ssl = false; ssl = false;
} }
]; ];

13
modules/hedgedoc.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
services.hedgedoc = {
enable = true;
domain = "pad.katzen.cafe";
settings = {
oauth2 = {
userProfileURL = "";
};
};
};
}

View file

@ -11,6 +11,10 @@
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
}; };
"vw.katzen.cafe" = {
group = "nginx";
keyType = "rsa4096";
};
"miau.katzen.cafe" = { "miau.katzen.cafe" = {
group = "nginx"; group = "nginx";
keyType = "rsa4096"; keyType = "rsa4096";
@ -104,6 +108,22 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"vw.katzen.cafe" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://localhost:3012";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
};
};
"ck.katzen.cafe" = { "ck.katzen.cafe" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

28
modules/vaultwarden.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
services.vaultwarden = {
enable = true;
environmentFile = "/var/lib/secrets/vaultwarden.env";
config = {
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "127.0.0.1";
WEBSOCKET_PORT = 3012;
SMTP_HOST = "mail.katzen.cafe";
SMTP_FROM = "noreply@katzen.cafe";
SMTP_FROM_NAME = "Katzen.cafe Vaultwarden";
SMTP_PORT = "465";
SMTP_USERNAME = "noreply@katzen.cafe";
SMTP_SECURITY = "force_tls";
DOMAIN = "https://vw.katzen.cafe";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = 8812;
};
};
deployment.keys = {
"vaultwarden.env" = {
keyCommand = [ "pass" "vaultwarden/envfile" ];
destDir = "/var/lib/secrets";
user = "vaultwarden";
};
};
}