fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update/fix keycloak, matrix, nextcloud, wireguard-nat-nftables

Browse source
This commit is contained in:
yuri 2024-07-04 17:21:02 +02:00
commit cf76804cec
No known key found for this signature in database
6 changed files with 18 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/hosts/keycloak/keycloak.nix
View file

@ -1,8 +1,7 @@
{ nixpkgs-master-keycloak-23_0_7, ... }: { ... }:
{ {
services.keycloak = { services.keycloak = {
enable = true; enable = true;
package = nixpkgs-master-keycloak-23_0_7.legacyPackages."x86_64-linux".keycloak;
settings = { settings = {
hostname = "id.nekover.se"; hostname = "id.nekover.se";
hostname-admin = "keycloak-admin.nekover.se"; hostname-admin = "keycloak-admin.nekover.se";

15
config/hosts/matrix/matrix-synapse.nix
View file

@ -47,13 +47,6 @@
turn_user_lifetime = 86400000; turn_user_lifetime = 86400000;
turn_allow_guests = true; turn_allow_guests = true;
}; };
sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
};
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
};
extras = [ "oidc" ]; extras = [ "oidc" ];
extraConfigFiles = [ extraConfigFiles = [
"/secrets/matrix-registration-shared-secret.secret" "/secrets/matrix-registration-shared-secret.secret"
@ -62,4 +55,12 @@
"/secrets/matrix-keycloak-client-secret.secret" "/secrets/matrix-keycloak-client-secret.secret"
]; ];
}; };
services.matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
};
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
};
} }

6
config/hosts/nextcloud/nextcloud.nix
View file

@ -2,13 +2,12 @@
{ {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud28; package = pkgs.nextcloud29;
hostName = "cloud.nekover.se"; hostName = "cloud.nekover.se";
https = true; https = true;
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
adminpassFile = "/secrets/nextcloud-adminpass.secret"; adminpassFile = "/secrets/nextcloud-adminpass.secret";
defaultPhoneRegion = "DE";
}; };
database.createLocally = true; database.createLocally = true;
configureRedis = true; configureRedis = true;
@ -17,7 +16,7 @@
inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc; inherit bookmarks contacts calendar tasks twofactor_webauthn user_oidc;
}; };
maxUploadSize = "16G"; maxUploadSize = "16G";
extraOptions = { settings = {
mail_smtpmode = "smtp"; mail_smtpmode = "smtp";
mail_sendmailmode = "smtp"; mail_sendmailmode = "smtp";
mail_smtpsecure = "ssl"; mail_smtpsecure = "ssl";
@ -28,6 +27,7 @@
mail_smtphost = "mail-1.grzb.de"; mail_smtphost = "mail-1.grzb.de";
mail_smtpport = 465; mail_smtpport = 465;
mail_smtpname = "cloud@nekover.se"; mail_smtpname = "cloud@nekover.se";
default_phone_region = "DE";
}; };
# Only contains mail_smtppassword # Only contains mail_smtppassword
secretFile = "/secrets/nextcloud-secretfile.secret"; secretFile = "/secrets/nextcloud-secretfile.secret";

17
flake.lock generated
View file

@ -115,22 +115,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-master-keycloak-23_0_7": {
"locked": {
"lastModified": 1708610845,
"narHash": "sha256-2ta+qGOkQJOeDx00bzxmjP0XO38xkJjZDDA+hq/04SM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "edc6a7a312c4f914f9bded421efa6f0b1b715693",
"type": "github"
}
},
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719824438, "lastModified": 1719824438,
@ -167,7 +151,6 @@
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-master-keycloak-23_0_7": "nixpkgs-master-keycloak-23_0_7",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver" "simple-nixos-mailserver": "simple-nixos-mailserver"
} }

7
flake.nix
View file

@ -3,7 +3,6 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs-master-keycloak-23_0_7.url = "github:NixOS/nixpkgs/edc6a7a312c4f914f9bded421efa6f0b1b715693";
nixos-generators = { nixos-generators = {
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -11,7 +10,7 @@
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixpkgs-master-keycloak-23_0_7, nixos-generators, simple-nixos-mailserver, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs:
let let
hosts = import ./hosts.nix inputs; hosts = import ./hosts.nix inputs;
helper = import ./helper.nix inputs; helper = import ./helper.nix inputs;
@ -29,7 +28,7 @@
nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts; nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
specialArgs = { specialArgs = {
inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
# Provide environment for secret key command # Provide environment for secret key command
keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ]; keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
@ -39,7 +38,7 @@
hydraJobs = { hydraJobs = {
nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host { nixConfigurations = builtins.mapAttrs (host: helper.generateNixConfiguration host {
inherit nixpkgs-unstable nixpkgs-master nixpkgs-master-keycloak-23_0_7 hosts simple-nixos-mailserver; inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
}) hosts; }) hosts;
}; };

12
pkgs/wireguard-nat-nftables/default.nix
View file

@ -1,17 +1,11 @@
{ pkgs, ... }: { pkgs, ... }:
let pkgs.python3Packages.buildPythonApplication {
nftablesWithPythonOverlay = final: prev: {
nftables = (prev.nftables.override { withPython = true; });
};
pkgs-overlay = pkgs.extend nftablesWithPythonOverlay;
in
pkgs-overlay.python310Packages.buildPythonApplication {
pname = "wireguard-nat-nftables"; pname = "wireguard-nat-nftables";
version = "0.0.1"; version = "0.0.1";
propagatedBuildInputs = with pkgs-overlay; [ propagatedBuildInputs = with pkgs; [
wireguard-tools wireguard-tools
python310Packages.nftables python3Packages.nftables
]; ];
src = ./src; src = ./src;