Update/fix keycloak, matrix, nextcloud, wireguard-nat-nftables
This commit is contained in:
parent
714bc199e1
commit
3b6acd6c43
|
|
@ -1,8 +1,7 @@
|
|||
{ nixpkgs-master-keycloak-23_0_7, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
services.keycloak = {
|
||||
enable = true;
|
||||
package = nixpkgs-master-keycloak-23_0_7.legacyPackages."x86_64-linux".keycloak;
|
||||
settings = {
|
||||
hostname = "id.nekover.se";
|
||||
hostname-admin = "keycloak-admin.nekover.se";
|
||||
|
|
|
|||
|
|
@ -47,13 +47,6 @@
|
|||
turn_user_lifetime = 86400000;
|
||||
turn_allow_guests = true;
|
||||
};
|
||||
sliding-sync = {
|
||||
enable = true;
|
||||
settings = {
|
||||
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
|
||||
};
|
||||
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
|
||||
};
|
||||
extras = [ "oidc" ];
|
||||
extraConfigFiles = [
|
||||
"/secrets/matrix-registration-shared-secret.secret"
|
||||
|
|
@ -62,4 +55,12 @@
|
|||
"/secrets/matrix-keycloak-client-secret.secret"
|
||||
];
|
||||
};
|
||||
|
||||
services.matrix-sliding-sync = {
|
||||
enable = true;
|
||||
settings = {
|
||||
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
|
||||
};
|
||||
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,13 +2,12 @@
|
|||
{
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud28;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = "cloud.nekover.se";
|
||||
https = true;
|
||||
config = {
|
||||
dbtype = "pgsql";
|
||||
adminpassFile = "/secrets/nextcloud-adminpass.secret";
|
||||
defaultPhoneRegion = "DE";
|
||||
};
|
||||
database.createLocally = true;
|
||||
configureRedis = true;
|
||||
|
|
@ -17,7 +16,7 @@
|
|||
inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc;
|
||||
};
|
||||
maxUploadSize = "16G";
|
||||
extraOptions = {
|
||||
settings = {
|
||||
mail_smtpmode = "smtp";
|
||||
mail_sendmailmode = "smtp";
|
||||
mail_smtpsecure = "ssl";
|
||||
|
|
@ -28,6 +27,7 @@
|
|||
mail_smtphost = "mail-1.grzb.de";
|
||||
mail_smtpport = 465;
|
||||
mail_smtpname = "cloud@nekover.se";
|
||||
default_phone_region = "DE";
|
||||
};
|
||||
# Only contains mail_smtppassword
|
||||
secretFile = "/secrets/nextcloud-secretfile.secret";
|
||||
|
|
|
|||
17
flake.lock
17
flake.lock
|
|
@ -115,22 +115,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-master-keycloak-23_0_7": {
|
||||
"locked": {
|
||||
"lastModified": 1708610845,
|
||||
"narHash": "sha256-2ta+qGOkQJOeDx00bzxmjP0XO38xkJjZDDA+hq/04SM=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1719824438,
|
||||
|
|
@ -167,7 +151,6 @@
|
|||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-master": "nixpkgs-master",
|
||||
"nixpkgs-master-keycloak-23_0_7": "nixpkgs-master-keycloak-23_0_7",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
|
||||
nixpkgs-master-keycloak-23_0_7.url = "github:NixOS/nixpkgs/edc6a7a312c4f914f9bded421efa6f0b1b715693";
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
|
@ -11,7 +10,7 @@
|
|||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixos-generators, simple-nixos-mailserver, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs:
|
||||
let
|
||||
hosts = import ./hosts.nix inputs;
|
||||
helper = import ./helper.nix inputs;
|
||||
|
|
@ -29,7 +28,7 @@
|
|||
nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
|
||||
|
||||
specialArgs = {
|
||||
inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver;
|
||||
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
|
||||
|
||||
# Provide environment for secret key command
|
||||
keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
|
||||
|
|
@ -39,7 +38,7 @@
|
|||
|
||||
hydraJobs = {
|
||||
nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
|
||||
inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver;
|
||||
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
|
||||
}) hosts;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,17 +1,11 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
nftablesWithPythonOverlay = final: prev: {
|
||||
nftables = (prev.nftables.override { withPython = true; });
|
||||
};
|
||||
pkgs-overlay = pkgs.extend nftablesWithPythonOverlay;
|
||||
in
|
||||
pkgs-overlay.python310Packages.buildPythonApplication {
|
||||
pkgs.python3Packages.buildPythonApplication {
|
||||
pname = "wireguard-nat-nftables";
|
||||
version = "0.0.1";
|
||||
|
||||
propagatedBuildInputs = with pkgs-overlay; [
|
||||
propagatedBuildInputs = with pkgs; [
|
||||
wireguard-tools
|
||||
python310Packages.nftables
|
||||
python3Packages.nftables
|
||||
];
|
||||
|
||||
src = ./src;
|
||||
|
|
|
|||
Loading…
Reference in a new issue