fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: fi:c4fca0087e15d8f26081e3866a0f23142d818fc9
Branches Tags
fi:main
fi:ikiwiki
fi:mas
...
compare: fi:b2f80aa59898640ae0c2f6efb762019b6ad82aa7
Branches Tags
fi:main
fi:ikiwiki
fi:mas

No commits in common. "c4fca0087e15d8f26081e3866a0f23142d818fc9" and "b2f80aa59898640ae0c2f6efb762019b6ad82aa7" have entirely different histories.
c4fca0087e ... b2f80aa598

7 changed files with 84 additions and 64 deletions
Show stats Expand all files Collapse all files

73
config/hosts/ikiwiki/ikiwiki.nix
View file

@ -11,7 +11,7 @@ let
'';
ikiwikiSettings = {
wikiname = "fi-zone";
adminemail = "fiona@grzb.de";
adminemail = "fi@ikiwiki.vs.grzb.de";
adminuser = [
"fi"
];
@ -22,7 +22,6 @@ let
cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
reverse_proxy = 0;
cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi";
cgi_wrappermode = "06755";
cgi_overload_delay = "";
cgi_overload_message = "";
@ -31,7 +30,6 @@ let
add_plugins = [
"goodstuff"
"websetup"
"httpauth"
];
disable_plugins = [];
templatedir = "${ikiwikiBootstrapTheme}";
@ -73,20 +71,33 @@ let
ikiwikiSettingsHeader
((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
];
ikiwikiSetupAutomator = pkgs.writeScript "fi-zone.initial.setup" ''
#!${pkgs.perl}/bin/perl
require IkiWiki::Setup::Automator;
IkiWiki::Setup::Automator->import(
wikiname => '${ikiwikiSettings.wikiname}',
adminuser => ['fi'],
srcdir => '${ikiwikiSettings.srcdir}',
destdir => '${ikiwikiSettings.destdir}',
dumpsetup => '${ikiwikiSettings.wikiname}.setup',
url => '${ikiwikiSettings.url}',
cgiurl => '${ikiwikiSettings.cgiurl}',
cgi_wrapper => '${ikiwikiSettings.cgi_wrapper}',
adminemail => '${ikiwikiSettings.adminemail}',
add_plugins => [qw{goodstuff websetup}],
disable_plugins => [qw{}],
libdir => '${ikiwikiSettings.libdir}',
rss => 1,
atom => 1,
syslog => 1,
)
'';
in
{
environment.systemPackages = with pkgs; [
ikiwiki-full
];
users = {
users.ikiwiki = {
isSystemUser = true;
group = "ikiwiki";
};
groups.ikiwiki = {};
};
services.fcgiwrap.instances."ikiwiki" = {
socket = {
user = config.services.nginx.user;
@ -98,19 +109,21 @@ in
};
};
systemd.services.ikiwiki-directory-setup = {
description = "Setup ikiwiki directory structure.";
systemd.services.ikiwiki-initial-setup = {
description = "Run the initial setup of ikiwiki and set permissions.";
script = ''
mkdir -p ${ikiwikiDataPath}
mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki
touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile
chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath}
chown ${config.services.nginx.user}:${config.services.nginx.group} ${ikiwikiDataPath}
if [ ! -d "${ikiwikiSettings.srcdir}" ]; then
${pkgs.sudo}/bin/sudo -u ${config.services.nginx.user} ${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSetupAutomator}
fi
'';
serviceConfig = {
Type = "simple";
User = "root";
Group = "root";
};
wantedBy = [
@ -124,31 +137,9 @@ in
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
User = config.users.users.ikiwiki.name;
Group = config.users.users.ikiwiki.group;
Requires = [ "ikiwiki-directory-setup.service" ];
};
wantedBy = [
"multi-user.target"
];
};
systemd.services.ikiwiki-auth-setup = {
description = "Setup auth subdirectory for ikiwiki.cgi";
script = ''
mkdir -p ${ikiwikiSettings.destdir}/auth
if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then
ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi
fi
'';
serviceConfig = {
Type = "simple";
User = config.users.users.ikiwiki.name;
Group = config.users.users.ikiwiki.group;
Requires = [ "ikiwiki-settings-setup.service" ];
User = config.services.nginx.user;
Group = config.services.nginx.group;
Requires = [ "ikiwiki-initial-setup.service" ];
};
wantedBy = [

4
config/hosts/ikiwiki/nginx.nix
View file

@ -26,16 +26,12 @@ in
tryFiles = "$uri $uri/ =404";
};
"~ .cgi" = {
basicAuth = {
fi = "test";
};
extraConfig = ''
gzip off;
fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
fastcgi_index ikiwiki.cgi;
fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
fastcgi_param REMOTE_USER $remote_user if_not_empty;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};

10
config/hosts/matrix/matrix-synapse.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ config, ... }:
{
services.matrix-synapse = {
enable = true;
@ -55,4 +55,12 @@
"/secrets/matrix-keycloak-client-secret.secret"
];
};
services.matrix-sliding-sync = {
enable = true;
settings = {
SYNCV3_SERVER = config.services.matrix-synapse.settings.public_baseurl;
};
environmentFile = "/secrets/matrix-SYNCV3_SECRET.secret";
};
}

8
config/hosts/matrix/secrets.nix
View file

@ -33,6 +33,14 @@
permissions = "0640";
uploadAt = "pre-activation";
};
"matrix-SYNCV3_SECRET.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/SYNCV3_SECRET" ];
destDir = "/secrets";
user = "matrix-synapse";
group = "matrix-synapse";
permissions = "0640";
uploadAt = "pre-activation";
};
"matrix-keycloak-client-secret.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "matrix/keycloak-client-secret" ];
destDir = "/secrets";

4
config/hosts/torrent/qbittorrent-nox/services.nix
View file

@ -2,9 +2,9 @@
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
{ nixpkgs-unstable, ... }:
{ pkgs, ... }:
{
systemd.packages = [ nixpkgs-unstable.legacyPackages."x86_64-linux".qbittorrent-nox ];
systemd.packages = [ pkgs.qbittorrent-nox ];
systemd.services."qbittorrent-nox@torrent" = {
overrideStrategy = "asDropin";

30
flake.lock
View file

@ -34,11 +34,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1731805462,
"narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
"lastModified": 1729386149,
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
"type": "github"
},
"original": {
@ -55,11 +55,11 @@
]
},
"locked": {
"lastModified": 1732151224,
"narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=",
"lastModified": 1729472750,
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c",
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
"type": "github"
},
"original": {
@ -70,11 +70,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1731842749,
"narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
"lastModified": 1730963269,
"narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
"rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc",
"type": "github"
},
"original": {
@ -101,11 +101,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1732154639,
"narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=",
"lastModified": 1730992357,
"narHash": "sha256-YsODAqOF2xAHyK4+pKiS9nmGu+vQW+9kc5P7uRCirIM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d",
"rev": "b651050919c85b9131fa0d2640115ffd9266daad",
"type": "github"
},
"original": {
@ -117,11 +117,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1732136765,
"narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=",
"lastModified": 1730945957,
"narHash": "sha256-fhkxOv9RGEoPZNyl7VOpHf0Xoqc+bu0J/uW3BSg7tOs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2",
"rev": "0093b93ec307d42f51ced7ce90dda6c37516e98a",
"type": "github"
},
"original": {

17
hosts.nix
View file

@ -61,6 +61,10 @@ in
site = "vs";
environment = "proxmox";
};
mail-2 = {
site = "wg";
environment = "proxmox";
};
mastodon = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
@ -74,6 +78,11 @@ in
site = "vs";
environment = "proxmox";
};
navidrome = {
hostNixpkgs = nixpkgs-unstable;
site = "wg";
environment = "proxmox";
};
netbox = {
site = "vs";
environment = "proxmox";
@ -86,6 +95,10 @@ in
site = "vs";
environment = "proxmox";
};
paperless = {
site = "wg";
environment = "proxmox";
};
coturn = {
site = "vs";
environment = "proxmox";
@ -107,6 +120,10 @@ in
site = "af";
environment = "openstack";
};
web-public-1 = {
site = "wg";
environment = "proxmox";
};
web-public-2 = {
site = "vs";
environment = "proxmox";