too many things at once please help

This commit is contained in:
Schrottkatze 2024-07-29 18:44:41 +02:00
parent 61e38e6fed
commit 88223ad893
No known key found for this signature in database
9 changed files with 64 additions and 47 deletions

View file

@ -1,12 +1,12 @@
{ {
inputs = { inputs = {
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; #nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
arion.url = "github:hercules-ci/arion"; arion.url = "github:hercules-ci/arion";
mms.url = "github:mkaito/nixos-modded-minecraft-servers"; mms.url = "github:mkaito/nixos-modded-minecraft-servers";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
conduit = { conduit = {
url = "gitlab:famedly/conduit"; url = "gitlab:famedly/conduit";
}; };

View file

@ -1,9 +1,6 @@
deploy: deploy:
colmena apply colmena apply
build:
colmena build
update: update:
nix flake update --commit-lock-file nix flake update --commit-lock-file
just deploy just deploy

View file

@ -65,6 +65,7 @@
}; };
programs.mosh.enable = true; programs.mosh.enable = true;
users.defaultUserShell = pkgs.nushell;
services.openssh = { services.openssh = {
enable = true; enable = true;
@ -72,7 +73,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim helix
wget wget
neofetch neofetch
btop btop
@ -93,4 +94,11 @@
device = "/dev/sda2"; device = "/dev/sda2";
} }
]; ];
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
virtualisation.docker.autoPrune.enable = true;
} }

View file

@ -2,7 +2,7 @@
imports = [ imports = [
./katzencafe-wiki.nix ./katzencafe-wiki.nix
./phtanumb-wiki.nix ./phtanumb-wiki.nix
./calckey.nix # ./calckey.nix
./penpot.nix ./penpot.nix
./nextcloud.nix ./nextcloud.nix
]; ];

View file

@ -1,5 +1,4 @@
{ pkgsOld, ... }: {pkgsOld, ...}: {
{
containers."katzenwiki" = { containers."katzenwiki" = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
@ -17,8 +16,12 @@
# localAddress = "10.0.2.2"; # localAddress = "10.0.2.2";
# }; # };
# }; # };
config = { config, pkgs, ... }: { config = {
environment.systemPackages = with pkgs; [btop ]; config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [btop];
networking.firewall.enable = false; networking.firewall.enable = false;
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@ -48,7 +51,7 @@
# Disable anonymous editing # Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
$wgGroupPermissions['oidc_admin']['userrights'] = true; $wgGroupPermissions['oidc_admin']['userrights'] = true;
@ -86,12 +89,12 @@
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work. # NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
# i should figure out why to make this work when setting up new instances... # i should figure out why to make this work when setting up new instances...
"katzenwikiPwFile" = { "katzenwikiPwFile" = {
keyCommand = [ "pass" "wikis/katzenwiki/password" ]; keyCommand = ["pass" "wikis/katzenwiki/password"];
destDir = "/katzenwiki"; destDir = "/katzenwiki";
name = "passwordFile"; name = "passwordFile";
}; };
"katzenwikiKeycloakClientSecret" = { "katzenwikiKeycloakClientSecret" = {
keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ]; keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"];
destDir = "/katzenwiki"; destDir = "/katzenwiki";
name = "keycloakClientSecret"; name = "keycloakClientSecret";
permissions = "0604"; permissions = "0604";

View file

@ -35,13 +35,13 @@
trustedProxies = ["10.0.3.1"]; trustedProxies = ["10.0.3.1"];
}; };
hostName = "wolke.katzen.cafe"; hostName = "wolke.katzen.cafe";
package = pkgs.nextcloud27; package = pkgs.nextcloud29;
extraApps = with config.services.nextcloud.package.packages.apps; { extraApps = with config.services.nextcloud.package.packages.apps; {
inherit bookmarks calendar contacts; inherit bookmarks calendar contacts;
user_oidc = pkgs.fetchNextcloudApp rec { user_oidc = pkgs.fetchNextcloudApp rec {
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz"; url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz";
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w"; sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE=";
license = "agpl3"; license = "gpl3";
}; };
}; };
}; };
@ -51,7 +51,8 @@
ensureUsers = [ ensureUsers = [
{ {
name = "nextcloud"; name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; # ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
ensureDBOwnership = true;
} }
]; ];
}; };

View file

@ -1,11 +1,14 @@
{ pkgsOld, ... }:
{ {
pkgs,
pkgsOld,
...
}: {
containers."phtanumb-wiki" = { containers."phtanumb-wiki" = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress = "10.0.1.1"; hostAddress = "10.0.1.1";
localAddress = "10.0.1.2"; localAddress = "10.0.1.2";
nixpkgs = pkgsOld.path; nixpkgs = pkgs.path;
bindMounts = { bindMounts = {
"/var/mediawiki" = { "/var/mediawiki" = {
hostPath = "/phtanum-b/wiki"; hostPath = "/phtanum-b/wiki";
@ -18,8 +21,12 @@
# localAddress = "10.0.1.2"; # localAddress = "10.0.1.2";
# }; # };
# }; # };
config = { config, pkgs, ... }: { config = {
environment.systemPackages = with pkgs; [ luajit ]; config,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [luajit];
networking.firewall.enable = false; networking.firewall.enable = false;
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ]; # networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
environment.etc."resolv.conf".text = "nameserver 9.9.9.9"; environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
@ -58,7 +65,7 @@
$wgScribuntoUseGeSHi = true; $wgScribuntoUseGeSHi = true;
$wgScribuntoUseCodeEditor = true; $wgScribuntoUseCodeEditor = true;
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin']; $wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop']; $wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
$wgGroupPermissions['oidc_admin']['userrights'] = true; $wgGroupPermissions['oidc_admin']['userrights'] = true;
@ -110,11 +117,11 @@
}; };
deployment.keys = { deployment.keys = {
"passwordFile" = { "passwordFile" = {
keyCommand = [ "pass" "wikis/phtanumb/password" ]; keyCommand = ["pass" "wikis/phtanumb/password"];
destDir = "/phtanum-b/wiki"; destDir = "/phtanum-b/wiki";
}; };
"keycloakClientSecret" = { "keycloakClientSecret" = {
keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ]; keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"];
destDir = "/phtanum-b/wiki"; destDir = "/phtanum-b/wiki";
permissions = "0604"; permissions = "0604";
}; };

View file

@ -1,15 +1,16 @@
{ inputs, ... }: {inputs, ...}: {
{ imports = [inputs.simple-nixos-mailserver.nixosModule];
imports = [ inputs.simple-nixos-mailserver.nixosModule ]; # hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
services.dovecot2.sieve.extensions = ["fileinto"];
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.katzen.cafe"; fqdn = "mail.katzen.cafe";
sendingFqdn = "katzen.cafe"; sendingFqdn = "katzen.cafe";
domains = [ "katzen.cafe" ]; domains = ["katzen.cafe"];
loginAccounts = { loginAccounts = {
"admin@katzen.cafe" = { "admin@katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw"; hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ]; aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"];
}; };
"noreply@katzen.cafe" = { "noreply@katzen.cafe" = {
hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw"; hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
@ -19,11 +20,11 @@
}; };
deployment.keys = { deployment.keys = {
"admin-mail-pw" = { "admin-mail-pw" = {
keyCommand = [ "pass" "mailpws/hashes/admin" ]; keyCommand = ["pass" "mailpws/hashes/admin"];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
"noreply-mail-pw" = { "noreply-mail-pw" = {
keyCommand = [ "pass" "mailpws/hashes/noreply" ]; keyCommand = ["pass" "mailpws/hashes/noreply"];
destDir = "/var/lib/secrets"; destDir = "/var/lib/secrets";
}; };
}; };

View file

@ -1,13 +1,13 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services.postgresql = { services.postgresql = {
enable = true; enable = true;
ensureUsers = [ ensureUsers = [
{ {
name = "forgejo"; name = "forgejo";
ensurePermissions = { # ensurePermissions = {
"DATABASE \"forgejo\"" = "ALL PRIVILEGES"; # "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
}; # };
ensureDBOwnership = true;
} }
]; ];
ensureDatabases = [ ensureDatabases = [