mirror of
https://forge.katzen.cafe/katzen-cafe/katzen-cafe.git
synced 2024-11-23 22:38:44 +01:00
too many things at once please help
This commit is contained in:
parent
61e38e6fed
commit
88223ad893
|
@ -1,12 +1,12 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgsOld.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
#nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||
arion.url = "github:hercules-ci/arion";
|
||||
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05";
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||
conduit = {
|
||||
url = "gitlab:famedly/conduit";
|
||||
};
|
||||
|
|
3
justfile
3
justfile
|
@ -1,9 +1,6 @@
|
|||
deploy:
|
||||
colmena apply
|
||||
|
||||
build:
|
||||
colmena build
|
||||
|
||||
update:
|
||||
nix flake update --commit-lock-file
|
||||
just deploy
|
||||
|
|
|
@ -65,6 +65,7 @@
|
|||
};
|
||||
|
||||
programs.mosh.enable = true;
|
||||
users.defaultUserShell = pkgs.nushell;
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
|
@ -72,7 +73,7 @@
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
helix
|
||||
wget
|
||||
neofetch
|
||||
btop
|
||||
|
@ -93,4 +94,11 @@
|
|||
device = "/dev/sda2";
|
||||
}
|
||||
];
|
||||
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
virtualisation.docker.autoPrune.enable = true;
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
imports = [
|
||||
./katzencafe-wiki.nix
|
||||
./phtanumb-wiki.nix
|
||||
./calckey.nix
|
||||
# ./calckey.nix
|
||||
./penpot.nix
|
||||
./nextcloud.nix
|
||||
];
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgsOld, ... }:
|
||||
{
|
||||
{pkgsOld, ...}: {
|
||||
containers."katzenwiki" = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
|
@ -17,8 +16,12 @@
|
|||
# localAddress = "10.0.2.2";
|
||||
# };
|
||||
# };
|
||||
config = { config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [btop ];
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [btop];
|
||||
networking.firewall.enable = false;
|
||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||
|
@ -48,7 +51,7 @@
|
|||
|
||||
# Disable anonymous editing
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
|
||||
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||
|
||||
|
@ -86,12 +89,12 @@
|
|||
# NOTE: for some reason, i ahd to manually chown +r the password file for mediawiki to work.
|
||||
# i should figure out why to make this work when setting up new instances...
|
||||
"katzenwikiPwFile" = {
|
||||
keyCommand = [ "pass" "wikis/katzenwiki/password" ];
|
||||
keyCommand = ["pass" "wikis/katzenwiki/password"];
|
||||
destDir = "/katzenwiki";
|
||||
name = "passwordFile";
|
||||
};
|
||||
"katzenwikiKeycloakClientSecret" = {
|
||||
keyCommand = [ "pass" "wikis/katzenwiki/keycloak-secret" ];
|
||||
keyCommand = ["pass" "wikis/katzenwiki/keycloak-secret"];
|
||||
destDir = "/katzenwiki";
|
||||
name = "keycloakClientSecret";
|
||||
permissions = "0604";
|
||||
|
|
|
@ -35,13 +35,13 @@
|
|||
trustedProxies = ["10.0.3.1"];
|
||||
};
|
||||
hostName = "wolke.katzen.cafe";
|
||||
package = pkgs.nextcloud27;
|
||||
package = pkgs.nextcloud29;
|
||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||
inherit bookmarks calendar contacts;
|
||||
user_oidc = pkgs.fetchNextcloudApp rec {
|
||||
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v1.3.3/user_oidc-v1.3.3.tar.gz";
|
||||
sha256 = "sha256-s8xr25a40/ot7KDv3Vn7WBm4Pb13LzzK62ZNYufXQ2w";
|
||||
license = "agpl3";
|
||||
url = "https://github.com/nextcloud-releases/user_oidc/releases/download/v5.0.3/user_oidc-v5.0.3.tar.gz";
|
||||
sha256 = "sha256-oaN4nYIKzP7r9pB/6szZnkR+liSMARd3Nb8aM3m9WeE=";
|
||||
license = "gpl3";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -51,7 +51,8 @@
|
|||
ensureUsers = [
|
||||
{
|
||||
name = "nextcloud";
|
||||
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||
# ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
{ pkgsOld, ... }:
|
||||
{
|
||||
pkgs,
|
||||
pkgsOld,
|
||||
...
|
||||
}: {
|
||||
containers."phtanumb-wiki" = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.0.1.1";
|
||||
localAddress = "10.0.1.2";
|
||||
nixpkgs = pkgsOld.path;
|
||||
nixpkgs = pkgs.path;
|
||||
bindMounts = {
|
||||
"/var/mediawiki" = {
|
||||
hostPath = "/phtanum-b/wiki";
|
||||
|
@ -18,8 +21,12 @@
|
|||
# localAddress = "10.0.1.2";
|
||||
# };
|
||||
# };
|
||||
config = { config, pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [ luajit ];
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
environment.systemPackages = with pkgs; [luajit];
|
||||
networking.firewall.enable = false;
|
||||
# networking.nameservers = [ "9.9.9.9" "149.112.112.112" ];
|
||||
environment.etc."resolv.conf".text = "nameserver 9.9.9.9";
|
||||
|
@ -58,7 +65,7 @@
|
|||
$wgScribuntoUseGeSHi = true;
|
||||
$wgScribuntoUseCodeEditor = true;
|
||||
|
||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface_admin'];
|
||||
$wgGroupPermissions['oidc_interface_admin'] = $wgGroupPermissions['interface-admin'];
|
||||
$wgGroupPermissions['oidc_admin'] = $wgGroupPermissions['sysop'];
|
||||
$wgGroupPermissions['oidc_admin']['userrights'] = true;
|
||||
|
||||
|
@ -110,11 +117,11 @@
|
|||
};
|
||||
deployment.keys = {
|
||||
"passwordFile" = {
|
||||
keyCommand = [ "pass" "wikis/phtanumb/password" ];
|
||||
keyCommand = ["pass" "wikis/phtanumb/password"];
|
||||
destDir = "/phtanum-b/wiki";
|
||||
};
|
||||
"keycloakClientSecret" = {
|
||||
keyCommand = [ "pass" "wikis/phtanumb/keycloak-secret" ];
|
||||
keyCommand = ["pass" "wikis/phtanumb/keycloak-secret"];
|
||||
destDir = "/phtanum-b/wiki";
|
||||
permissions = "0604";
|
||||
};
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
imports = [ inputs.simple-nixos-mailserver.nixosModule ];
|
||||
{inputs, ...}: {
|
||||
imports = [inputs.simple-nixos-mailserver.nixosModule];
|
||||
# hack to fix https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/issues/275
|
||||
services.dovecot2.sieve.extensions = ["fileinto"];
|
||||
mailserver = {
|
||||
enable = true;
|
||||
fqdn = "mail.katzen.cafe";
|
||||
sendingFqdn = "katzen.cafe";
|
||||
domains = [ "katzen.cafe" ];
|
||||
domains = ["katzen.cafe"];
|
||||
loginAccounts = {
|
||||
"admin@katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/admin-mail-pw";
|
||||
aliases = [ "postmaster@katzen.cafe" "abuse@katzen.cafe" ];
|
||||
aliases = ["postmaster@katzen.cafe" "abuse@katzen.cafe"];
|
||||
};
|
||||
"noreply@katzen.cafe" = {
|
||||
hashedPasswordFile = "/var/lib/secrets/noreply-mail-pw";
|
||||
|
@ -19,11 +20,11 @@
|
|||
};
|
||||
deployment.keys = {
|
||||
"admin-mail-pw" = {
|
||||
keyCommand = [ "pass" "mailpws/hashes/admin" ];
|
||||
keyCommand = ["pass" "mailpws/hashes/admin"];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
"noreply-mail-pw" = {
|
||||
keyCommand = [ "pass" "mailpws/hashes/noreply" ];
|
||||
keyCommand = ["pass" "mailpws/hashes/noreply"];
|
||||
destDir = "/var/lib/secrets";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{pkgs, ...}: {
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "forgejo";
|
||||
ensurePermissions = {
|
||||
"DATABASE \"forgejo\"" = "ALL PRIVILEGES";
|
||||
};
|
||||
# ensurePermissions = {
|
||||
# "DATABASE \"forgejo\"" = "ALL PRIVILEGES";
|
||||
# };
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
ensureDatabases = [
|
||||
|
|
Loading…
Reference in a new issue