mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-21 21:44:41 +01:00
too many things at once please help
This commit is contained in:
parent
61e38e6fed
commit
88223ad893
|
@ -1,12 +1,12 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
|
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||||
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
arion.url = "github:hercules-ci/arion";
|
arion.url = "github:hercules-ci/arion";
|
||||||
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
||||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||||
conduit = {
|
conduit = {
|
||||||
url = "gitlab:famedly/conduit";
|
url = "gitlab:famedly/conduit";
|
||||||
};
|
};
|
||||||
|
|
3
justfile
3
justfile
|
@ -1,9 +1,6 @@
|
||||||
deploy:
|
deploy:
|
||||||
colmena apply
|
colmena apply
|
||||||
|
|
||||||
build:
|
|
||||||
colmena build
|
|
||||||
|
|
||||||
update:
|
update:
|
||||||
nix flake update --commit-lock-file
|
nix flake update --commit-lock-file
|
||||||
just deploy
|
just deploy
|
||||||
|
|
|
@ -65,6 +65,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.mosh.enable = true;
|
programs.mosh.enable = true;
|
||||||
|
users.defaultUserShell = pkgs.nushell;
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -72,7 +73,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
vim
|
helix
|
||||||
wget
|
wget
|
||||||
neofetch
|
neofetch
|
||||||
btop
|
btop
|
||||||
|
@ -93,4 +94,11 @@
|
||||||
device = "/dev/sda2";
|
device = "/dev/sda2";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
nix.gc = {
|
||||||
|
automatic = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 14d";
|
||||||
|
};
|
||||||
|
virtualisation.docker.autoPrune.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./katzencafe-wiki.nix
|
./katzencafe-wiki.nix
|
||||||
./phtanumb-wiki.nix
|
./phtanumb-wiki.nix
|
||||||
./calckey.nix
|
# ./calckey.nix
|
||||||
./penpot.nix
|
./penpot.nix
|
||||||
./nextcloud.nix
|
./nextcloud.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgsOld, ... }:
|
{pkgsOld, ...}: {
|
||||||
{
|
|
||||||
containers."katzenwiki" = {
|
containers."katzenwiki" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
|
@ -17,8 +16,12 @@
|
||||||
# localAddress = "10.0.2.2";
|
# localAddress = "10.0.2.2";
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
config = { config, pkgs, ... }: {
|
config = {
|
||||||
environment.systemPackages = with pkgs; [btop ];
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
environment.systemPackages = with pkgs; [btop];
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||||
|
@ -48,7 +51,7 @@
|
||||||
|
|
||||||
# Disable anonymous editing
|
# Disable anonymous editing
|
||||||
$wgGroupPermissions['*']['edit'] = false;
|
$wgGroupPermissions['*']['edit'] = false;
|
||||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
|
||||||
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||||
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||||
|
|
||||||
|
@ -86,12 +89,12 @@
|
||||||
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
|
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
|
||||||
# i should figure out why to make this work when setting up new instances...
|
# i should figure out why to make this work when setting up new instances...
|
||||||
"katzenwikiPwFile" = {
|
"katzenwikiPwFile" = {
|
||||||
keyCommand = [ "pass" "wikis/katzenwiki/password" ];
|
keyCommand = ["pass" "wikis/katzenwiki/password"];
|
||||||
destDir = "/katzenwiki";
|
destDir = "/katzenwiki";
|
||||||
name = "passwordFile";
|
name = "passwordFile";
|
||||||
};
|
};
|
||||||
"katzenwikiKeycloakClientSecret" = {
|
"katzenwikiKeycloakClientSecret" = {
|
||||||
keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
|
keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"];
|
||||||
destDir = "/katzenwiki";
|
destDir = "/katzenwiki";
|
||||||
name = "keycloakClientSecret";
|
name = "keycloakClientSecret";
|
||||||
permissions = "0604";
|
permissions = "0604";
|
||||||
|
|
|
@ -35,13 +35,13 @@
|
||||||
trustedProxies = ["10.0.3.1"];
|
trustedProxies = ["10.0.3.1"];
|
||||||
};
|
};
|
||||||
hostName = "wolke.katzen.cafe";
|
hostName = "wolke.katzen.cafe";
|
||||||
package = pkgs.nextcloud27;
|
package = pkgs.nextcloud29;
|
||||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
inherit bookmarks calendar contacts;
|
inherit bookmarks calendar contacts;
|
||||||
user_oidc = pkgs.fetchNextcloudApp rec {
|
user_oidc = pkgs.fetchNextcloudApp rec {
|
||||||
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
|
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz";
|
||||||
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
|
sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE=";
|
||||||
license = "agpl3";
|
license = "gpl3";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -51,7 +51,8 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "nextcloud";
|
name = "nextcloud";
|
||||||
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
# ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||||
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,11 +1,14 @@
|
||||||
{ pkgsOld, ... }:
|
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
|
pkgsOld,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
containers."phtanumb-wiki" = {
|
containers."phtanumb-wiki" = {
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostAddress = "10.0.1.1";
|
hostAddress = "10.0.1.1";
|
||||||
localAddress = "10.0.1.2";
|
localAddress = "10.0.1.2";
|
||||||
nixpkgs = pkgsOld.path;
|
nixpkgs = pkgs.path;
|
||||||
bindMounts = {
|
bindMounts = {
|
||||||
"/var/mediawiki" = {
|
"/var/mediawiki" = {
|
||||||
hostPath = "/phtanum-b/wiki";
|
hostPath = "/phtanum-b/wiki";
|
||||||
|
@ -18,8 +21,12 @@
|
||||||
# localAddress = "10.0.1.2";
|
# localAddress = "10.0.1.2";
|
||||||
# };
|
# };
|
||||||
# };
|
# };
|
||||||
config = { config, pkgs, ... }: {
|
config = {
|
||||||
environment.systemPackages = with pkgs; [ luajit ];
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
environment.systemPackages = with pkgs; [luajit];
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||||
|
@ -58,7 +65,7 @@
|
||||||
$wgScribuntoUseGeSHi = true;
|
$wgScribuntoUseGeSHi = true;
|
||||||
$wgScribuntoUseCodeEditor = true;
|
$wgScribuntoUseCodeEditor = true;
|
||||||
|
|
||||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
|
||||||
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||||
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||||
|
|
||||||
|
@ -110,11 +117,11 @@
|
||||||
};
|
};
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
"passwordFile" = {
|
"passwordFile" = {
|
||||||
keyCommand = [ "pass" "wikis/phtanumb/password" ];
|
keyCommand = ["pass" "wikis/phtanumb/password"];
|
||||||
destDir = "/phtanum-b/wiki";
|
destDir = "/phtanum-b/wiki";
|
||||||
};
|
};
|
||||||
"keycloakClientSecret" = {
|
"keycloakClientSecret" = {
|
||||||
keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
|
keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"];
|
||||||
destDir = "/phtanum-b/wiki";
|
destDir = "/phtanum-b/wiki";
|
||||||
permissions = "0604";
|
permissions = "0604";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,15 +1,16 @@
|
||||||
{ inputs, ... }:
|
{inputs, ...}: {
|
||||||
{
|
imports = [inputs.simple-nixos-mailserver.nixosModule];
|
||||||
imports = [ inputs.simple-nixos-mailserver.nixosModule ];
|
# hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
|
||||||
|
services.dovecot2.sieve.extensions = ["fileinto"];
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.katzen.cafe";
|
fqdn = "mail.katzen.cafe";
|
||||||
sendingFqdn = "katzen.cafe";
|
sendingFqdn = "katzen.cafe";
|
||||||
domains = [ "katzen.cafe" ];
|
domains = ["katzen.cafe"];
|
||||||
loginAccounts = {
|
loginAccounts = {
|
||||||
"admin@katzen.cafe" = {
|
"admin@katzen.cafe" = {
|
||||||
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
|
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
|
||||||
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
|
aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"];
|
||||||
};
|
};
|
||||||
"noreply@katzen.cafe" = {
|
"noreply@katzen.cafe" = {
|
||||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
|
hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
|
||||||
|
@ -19,11 +20,11 @@
|
||||||
};
|
};
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
"admin-mail-pw" = {
|
"admin-mail-pw" = {
|
||||||
keyCommand = [ "pass" "mailpws/hashes/admin" ];
|
keyCommand = ["pass" "mailpws/hashes/admin"];
|
||||||
destDir = "/var/lib/secrets";
|
destDir = "/var/lib/secrets";
|
||||||
};
|
};
|
||||||
"noreply-mail-pw" = {
|
"noreply-mail-pw" = {
|
||||||
keyCommand = [ "pass" "mailpws/hashes/noreply" ];
|
keyCommand = ["pass" "mailpws/hashes/noreply"];
|
||||||
destDir = "/var/lib/secrets";
|
destDir = "/var/lib/secrets";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
{ pkgs, ... }:
|
{pkgs, ...}: {
|
||||||
{
|
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "forgejo";
|
name = "forgejo";
|
||||||
ensurePermissions = {
|
# ensurePermissions = {
|
||||||
"DATABASE \"forgejo\"" = "ALL PRIVILEGES";
|
# "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
|
||||||
};
|
# };
|
||||||
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [
|
ensureDatabases = [
|
||||||
|
|
Loading…
Reference in a new issue