diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index 6852af6..38a76ad 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -13,11 +13,15 @@ boot.kernelParams = [ "console=tty" ]; boot.initrd.kernelModules = [ "virtio_gpu" ]; - users.users.april = { - isNormalUser = true; - packages = with pkgs; [ podman ]; - createHome = true; - }; + #users.users.april = { + #isNormalUser = true; + #packages = with pkgs; [ git ]; + #createHome = true; + #extraGroups = [ "docker" ]; + #openssh.authorizedKeys.keys = [ + #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 waterdev@galaxycrow.de" + #]; + #}; services.openssh = { enable = true; diff --git a/modules/containers/calckey.nix b/modules/containers/calckey.nix new file mode 100644 index 0000000..c5b6853 --- /dev/null +++ b/modules/containers/calckey.nix @@ -0,0 +1,50 @@ +{ pkgs, inputs, ... }: +{ + imports = [ inputs.arion.nixosModules.arion ]; + virtualisation.docker.enable = true; + virtualisation.arion = { + backend = "docker"; + projects.calckey.settings = { + networks.calcnet.name = "calcnet"; + services = { + "web".service = { + image = "docker.io/waterdev/calckey_arm"; + container_name = "calckey_web"; + restart = "unless-stopped"; + depends_on = [ "db" "redis" ]; + ports = [ "3000:3000" ]; + networks = [ "calcnet" ]; + environment = { + "NODE_ENV" = "production"; + }; + volumes = [ + "/calckey/files:/calckey/files" + "/calckey/config:/calckey/.config:ro" + ]; + }; + "redis".service = { + image = "docker.io/redis:7.0-alpine"; + container_name = "calckey_redis"; + restart = "unless-stopped"; + networks = [ "calcnet" ]; + volumes = [ "/calckey/redis:/data" ]; + }; + "db".service = { + image = "docker.io/postgres:12.2-alpine"; + container_name = "calckey_db"; + restart = "unless-stopped"; + networks = [ "calcnet" ]; + environment = { + POSTGRES_PASSWORD = "calckey"; + POSTGRES_USER = "calckey"; + POSTGRES_DB = "calckey"; + }; + volumes = [ + "/calckey/db:/var/lib/postgresql/data" + ]; + }; + }; + }; + }; +} + diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 211976a..95df9a5 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,6 +2,7 @@ { imports = [ ./phtanumb-wiki.nix + ./calckey.nix ./penpot.nix ]; } diff --git a/modules/forgejo.nix b/modules/forgejo.nix index 285716a..7c20803 100644 --- a/modules/forgejo.nix +++ b/modules/forgejo.nix @@ -27,6 +27,9 @@ REGISTER_MANUAL_CONFIRM = true; SHOW_REGISTRATION_BUTTON = false; }; + actions = { + ENABLED = true; + }; }; }; deployment.keys = { diff --git a/modules/proxy.nix b/modules/proxy.nix index bae9454..d703124 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -27,6 +27,10 @@ group = "nginx"; keyType = "rsa4096"; }; + "ck.katzen.cafe" = { + group = "nginx"; + keyType = "rsa4096"; + }; }; }; services.nginx = { @@ -38,11 +42,19 @@ recommendedProxySettings = true; virtualHosts = { - "wiki.phtanum-b.katzen.cafe" = { + "ck.katzen.cafe" = { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://127.0.0.2:8081"; + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; + extraConfig = '' + client_max_body_size 8M; + + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + ''; }; }; "forge.katzen.cafe" = { @@ -75,10 +87,17 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:9001"; + proxyPass = "http://127.0.0.1:9001"; proxyWebsockets = true; }; }; + "wiki.phtanum-b.katzen.cafe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.2:8081"; + }; + }; }; }; }