Compare commits
No commits in common. "main" and "mas" have entirely different histories.
17
.sops.yaml
Normal file
17
.sops.yaml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
keys:
|
||||||
|
- &admin_gpg_fi_cherry 3664299DF7043167375A444792C901ED05ED21F8
|
||||||
|
- &admin_gpg_fi_violet 46BAEDB6A776F5E245C766F943399230C7523D82
|
||||||
|
- &admin_gpg_fi_kiara 0DE8BF7F4727049D4D9D78FC25936DC2A622FE56
|
||||||
|
- &host_age_matrix age1g60l5mu08xrwfw7uptwcwde8kp9dacs4ltqv2ndjskpy8z5sqakqssxxq5
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: config/hosts/matrix/.*
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *admin_gpg_fi_cherry
|
||||||
|
- *admin_gpg_fi_violet
|
||||||
|
- *admin_gpg_fi_kiara
|
||||||
|
age:
|
||||||
|
- *host_age_matrix
|
||||||
|
stores:
|
||||||
|
yaml:
|
||||||
|
indent: 2
|
|
@ -3,6 +3,7 @@
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
database.type = "postgres";
|
database.type = "postgres";
|
||||||
|
mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
|
@ -59,6 +60,5 @@
|
||||||
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
HOST = "redis+socket:///run/redis-forgejo/redis.sock";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
26
config/hosts/gameserver-node-1/configuration.nix
Normal file
26
config/hosts/gameserver-node-1/configuration.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ pterodactyl, ... }:
|
||||||
|
{
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
device = "/dev/vda";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "gameserver-node-1";
|
||||||
|
};
|
||||||
|
|
||||||
|
#environment.systemPackages = [
|
||||||
|
# pterodactyl.packages."x86_64-linux".pterodactyl-wings
|
||||||
|
#];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
pterodactyl.nixosModules.pterodactyl-wings
|
||||||
|
];
|
||||||
|
|
||||||
|
services.wings = {
|
||||||
|
enable = false;
|
||||||
|
configuration = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
}
|
|
@ -2,7 +2,5 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./ikiwiki.nix
|
|
||||||
./nginx.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
|
@ -24,7 +24,6 @@
|
||||||
users.users.builder = {
|
users.users.builder = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK/plZfxF/RtB+pJsUYx9HUgRcB56EoO0uj+j3AGzZta root@cherry"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeIiHkHA5c6/jZx+BB28c5wchdzlFI7R1gbvNmPyoOg root@kiara"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKeIiHkHA5c6/jZx+BB28c5wchdzlFI7R1gbvNmPyoOg root@kiara"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
boot.loader.grub = {
|
|
||||||
enable = true;
|
|
||||||
device = "/dev/vda";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "ikiwiki";
|
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [ 80 8443 ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems = {
|
|
||||||
# partition data disk with `sudo mkfs.ext4 /dev/vdx`
|
|
||||||
# label data disk with `e2label /dev/vdx "data"`
|
|
||||||
"/mnt/data" = {
|
|
||||||
device = "/dev/disk/by-label/data";
|
|
||||||
fsType = "ext4";
|
|
||||||
autoResize = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
}
|
|
|
@ -1,136 +0,0 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
let
|
|
||||||
ikiwikiBootstrapTheme = pkgs.fetchgit {
|
|
||||||
url = "https://github.com/dequis/ikiwiki-bootstrap-theme.git";
|
|
||||||
rev = "afaedf8460d03664be6f590cf632b8be05de77dc";
|
|
||||||
hash = "sha256-iX/onqrsvzJdDrJ7WoQMnlAQtOA+rmi+esv25/IOsq8=";
|
|
||||||
}; # TODO: fork and set link color to #6d2bff or something
|
|
||||||
ikiwikiDataPath = "/mnt/data/ikiwiki";
|
|
||||||
ikiwikiSettingsHeader = pkgs.writeText "ikiwiki-settings-header" ''
|
|
||||||
# IkiWiki::Setup::Yaml - YAML formatted setup file
|
|
||||||
'';
|
|
||||||
ikiwikiSettings = {
|
|
||||||
wikiname = "fi-zone";
|
|
||||||
adminemail = "fiona@grzb.de";
|
|
||||||
adminuser = [
|
|
||||||
"fi"
|
|
||||||
];
|
|
||||||
banned_users = [];
|
|
||||||
srcdir = "${ikiwikiDataPath}/fi-zone";
|
|
||||||
destdir = "${ikiwikiDataPath}/public_html/fi-zone";
|
|
||||||
url = "https://fi.nekover.se/";
|
|
||||||
cgiurl = "https://fi.nekover.se/ikiwiki.cgi";
|
|
||||||
reverse_proxy = 0;
|
|
||||||
cgi_wrapper = "${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi";
|
|
||||||
cgiauthurl = "https://fi.nekover.se/auth/ikiwiki.cgi";
|
|
||||||
cgi_wrappermode = "06755";
|
|
||||||
cgi_overload_delay = "";
|
|
||||||
cgi_overload_message = "";
|
|
||||||
only_committed_changes = 0;
|
|
||||||
rcs = "";
|
|
||||||
add_plugins = [
|
|
||||||
"goodstuff"
|
|
||||||
"websetup"
|
|
||||||
"httpauth"
|
|
||||||
];
|
|
||||||
disable_plugins = [];
|
|
||||||
templatedir = "${ikiwikiBootstrapTheme}";
|
|
||||||
underlaydir = "${pkgs.ikiwiki-full}/share/ikiwiki/basewiki";
|
|
||||||
usedirs = 1;
|
|
||||||
prefix_directives = 1;
|
|
||||||
indexpages = 0;
|
|
||||||
discussion = 0;
|
|
||||||
html5 = 1;
|
|
||||||
sslcookie = 1;
|
|
||||||
default_pageext = "mdwn";
|
|
||||||
htmlext = "html";
|
|
||||||
timeformat = "%c";
|
|
||||||
userdir = "";
|
|
||||||
numbacklinks = 10;
|
|
||||||
hardlink = 0;
|
|
||||||
libdirs = [];
|
|
||||||
libdir = "${ikiwikiDataPath}/.ikiwiki";
|
|
||||||
ENV = {};
|
|
||||||
timezone = ":/etc/localtime";
|
|
||||||
wiki_file_chars = "-[:alnum:]+/.:_";
|
|
||||||
allow_symlinks_before_srcdir = 0;
|
|
||||||
cookiejar = {
|
|
||||||
file = "${ikiwikiDataPath}/.ikiwiki/cookies";
|
|
||||||
};
|
|
||||||
useragent = "ikiwiki/${pkgs.ikiwiki-full.version}";
|
|
||||||
responsive_layout = 1;
|
|
||||||
deterministic = 0;
|
|
||||||
rss = 1;
|
|
||||||
atom = 1;
|
|
||||||
blogspam_pagespec = "postcomment(*)";
|
|
||||||
locked_pages = "* and !postcomment(*)";
|
|
||||||
comments_pagespec = "posts/* and !*/Discussion";
|
|
||||||
archive_pagespec = "page(posts/*) and !*/Discussion";
|
|
||||||
global_sidebars = 0;
|
|
||||||
tagbase = "tags";
|
|
||||||
};
|
|
||||||
ikiwikiSettingsFile = pkgs.concatText "fi-zone.setup" [
|
|
||||||
ikiwikiSettingsHeader
|
|
||||||
((pkgs.formats.yaml { }).generate "fi-zone-settings" ikiwikiSettings)
|
|
||||||
];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
ikiwiki-full
|
|
||||||
];
|
|
||||||
|
|
||||||
users = {
|
|
||||||
users.ikiwiki = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "ikiwiki";
|
|
||||||
};
|
|
||||||
groups.ikiwiki = {};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.fcgiwrap.instances."ikiwiki" = {
|
|
||||||
socket = {
|
|
||||||
user = config.services.nginx.user;
|
|
||||||
group = config.services.nginx.group;
|
|
||||||
};
|
|
||||||
process = {
|
|
||||||
user = config.services.nginx.user;
|
|
||||||
group = config.services.nginx.group;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.ikiwiki-directory-setup = {
|
|
||||||
description = "Setup ikiwiki directory structure.";
|
|
||||||
|
|
||||||
script = ''
|
|
||||||
mkdir -p ${ikiwikiDataPath}
|
|
||||||
mkdir -p ${ikiwikiDataPath}/fi-zone/.ikiwiki
|
|
||||||
touch ${ikiwikiDataPath}/fi-zone/.ikiwiki/lockfile
|
|
||||||
chown -R ${config.users.users.ikiwiki.name}:${config.users.users.ikiwiki.group} ${ikiwikiDataPath}
|
|
||||||
'';
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
User = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
wantedBy = [
|
|
||||||
"multi-user.target"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.ikiwiki-settings-setup = {
|
|
||||||
description = "Setup ikiwiki with configuration managed by NixOS.";
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
ExecStart = "${pkgs.ikiwiki-full}/bin/ikiwiki --setup ${ikiwikiSettingsFile}";
|
|
||||||
User = config.users.users.ikiwiki.name;
|
|
||||||
Group = config.users.users.ikiwiki.group;
|
|
||||||
Requires = [ "ikiwiki-directory-setup.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
wantedBy = [
|
|
||||||
"multi-user.target"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,47 +0,0 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
let
|
|
||||||
ikiwikiDataPath = "/mnt/data/ikiwiki";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts."fi.nekover.se" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 80;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
port = 8443;
|
|
||||||
ssl = true;
|
|
||||||
extraParameters = [ "proxy_protocol" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
root = "${ikiwikiDataPath}/public_html/fi-zone";
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
tryFiles = "$uri $uri/ =404";
|
|
||||||
};
|
|
||||||
"~ .cgi" = {
|
|
||||||
basicAuthFile = "/secrets/ikiwiki-auth-file.secret";
|
|
||||||
extraConfig = ''
|
|
||||||
gzip off;
|
|
||||||
fastcgi_pass unix:${config.services.fcgiwrap.instances."ikiwiki".socket.address};
|
|
||||||
fastcgi_index ikiwiki.cgi;
|
|
||||||
fastcgi_param SCRIPT_FILENAME ${ikiwikiDataPath}/public_html/fi-zone/ikiwiki.cgi;
|
|
||||||
fastcgi_param DOCUMENT_ROOT ${ikiwikiDataPath}/public_html/fi-zone;
|
|
||||||
fastcgi_param REMOTE_USER $remote_user if_not_empty;
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
extraConfig = ''
|
|
||||||
set_real_ip_from 10.202.41.100;
|
|
||||||
real_ip_header proxy_protocol;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,11 +0,0 @@
|
||||||
{ keyCommandEnv, ... }:
|
|
||||||
{
|
|
||||||
deployment.keys."ikiwiki-auth-file.secret" = {
|
|
||||||
keyCommand = keyCommandEnv ++ [ "pass" "ikiwiki/auth-file" ];
|
|
||||||
destDir = "/secrets";
|
|
||||||
user = "nginx";
|
|
||||||
group = "nginx";
|
|
||||||
permissions = "0640";
|
|
||||||
uploadAt = "pre-activation";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,10 +3,10 @@
|
||||||
services.keycloak = {
|
services.keycloak = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
hostname = "https://id.nekover.se";
|
hostname = "id.nekover.se";
|
||||||
hostname-admin = "https://keycloak-admin.nekover.se";
|
hostname-admin = "keycloak-admin.nekover.se";
|
||||||
proxy-headers = "forwarded";
|
hostname-strict-backchannel = true;
|
||||||
http-enabled = true;
|
proxy = "edge";
|
||||||
http-host = "127.0.0.1";
|
http-host = "127.0.0.1";
|
||||||
http-port = 8080;
|
http-port = 8080;
|
||||||
};
|
};
|
||||||
|
|
|
@ -15,20 +15,28 @@
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.202.41.1";
|
Gateway = "10.202.41.1";
|
||||||
Destination = "10.201.0.0/16";
|
Destination = "10.201.0.0/16";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.202.41.1";
|
Gateway = "10.202.41.1";
|
||||||
Destination = "10.202.0.0/16";
|
Destination = "10.202.0.0/16";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.202.41.1";
|
Gateway = "10.202.41.1";
|
||||||
Destination = "172.21.87.0/24";
|
Destination = "172.21.87.0/24";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.202.41.1";
|
Gateway = "10.202.41.1";
|
||||||
Destination = "212.53.203.19/32";
|
Destination = "212.53.203.19/32";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
linkConfig.RequiredForOnline = "routable";
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
@ -54,11 +62,13 @@
|
||||||
PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
|
PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
|
||||||
};
|
};
|
||||||
wireguardPeers = [{
|
wireguardPeers = [{
|
||||||
|
wireguardPeerConfig = {
|
||||||
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
|
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
|
||||||
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
|
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
|
||||||
Endpoint = "212.53.203.19:51822";
|
Endpoint = "212.53.203.19:51822";
|
||||||
AllowedIPs = [ "0.0.0.0/0" ];
|
AllowedIPs = [ "0.0.0.0/0" ];
|
||||||
PersistentKeepalive = 25;
|
PersistentKeepalive = 25;
|
||||||
|
};
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -15,20 +15,28 @@
|
||||||
];
|
];
|
||||||
routes = [
|
routes = [
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.201.41.1";
|
Gateway = "10.201.41.1";
|
||||||
Destination = "10.201.0.0/16";
|
Destination = "10.201.0.0/16";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.201.41.1";
|
Gateway = "10.201.41.1";
|
||||||
Destination = "10.202.0.0/16";
|
Destination = "10.202.0.0/16";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.201.41.1";
|
Gateway = "10.201.41.1";
|
||||||
Destination = "172.21.87.0/24";
|
Destination = "172.21.87.0/24";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
routeConfig = {
|
||||||
Gateway = "10.201.41.1";
|
Gateway = "10.201.41.1";
|
||||||
Destination = "217.160.117.160/32";
|
Destination = "217.160.117.160/32";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
linkConfig.RequiredForOnline = "routable";
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
@ -54,11 +62,13 @@
|
||||||
PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
|
PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
|
||||||
};
|
};
|
||||||
wireguardPeers = [{
|
wireguardPeers = [{
|
||||||
|
wireguardPeerConfig = {
|
||||||
PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
|
PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
|
||||||
PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
|
PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
|
||||||
Endpoint = "217.160.117.160:51820";
|
Endpoint = "217.160.117.160:51820";
|
||||||
AllowedIPs = [ "0.0.0.0/0" ];
|
AllowedIPs = [ "0.0.0.0/0" ];
|
||||||
PersistentKeepalive = 25;
|
PersistentKeepalive = 25;
|
||||||
|
};
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,37 +5,28 @@ let
|
||||||
rev = "v2.2";
|
rev = "v2.2";
|
||||||
hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ=";
|
hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ=";
|
||||||
};
|
};
|
||||||
mastodonModern = pkgs.fetchgit {
|
|
||||||
url = "https://git.gay/freeplay/Mastodon-Modern.git";
|
|
||||||
rev = "e9e53496789234d5782b5b3d97ed66a130b1678a";
|
|
||||||
hash = "sha256-lUq57Gbr1UCMVGoO4xTT3wYPNwohdepxSPCX+WP6AS8=";
|
|
||||||
};
|
|
||||||
mastodonNekoversePatches = pkgs.fetchgit {
|
mastodonNekoversePatches = pkgs.fetchgit {
|
||||||
url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
|
url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
|
||||||
hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
|
hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
|
||||||
};
|
};
|
||||||
mastodonNekoverseOverlay = final: prev: {
|
mastodonNekoverseOverlay = final: prev: {
|
||||||
mastodon = (prev.mastodon.override rec {
|
mastodon = (prev.mastodon.override rec {
|
||||||
version = "4.3.2";
|
version = "4.3.1";
|
||||||
srcOverride = final.applyPatches {
|
srcOverride = final.applyPatches {
|
||||||
src = pkgs.stdenv.mkDerivation {
|
src = pkgs.stdenv.mkDerivation {
|
||||||
name = "mastodonWithThemes";
|
name = "mastodonWithThemes";
|
||||||
src = pkgs.fetchgit {
|
src = pkgs.fetchgit {
|
||||||
url = "https://github.com/mastodon/mastodon.git";
|
url = "https://github.com/mastodon/mastodon.git";
|
||||||
rev = "v${version}";
|
rev = "v${version}";
|
||||||
sha256 = "sha256-A1sSUBtlztKFsZ3TY/c9CXFV8LhttRW2JmSU0QSVOIg=";
|
sha256 = "sha256-JlpQGyVPTLcB3RcWMBrmYc1AAUT1JLfS4IDas9ZoWh4=";
|
||||||
};
|
};
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
cp -r ./ $out/
|
cp -r ./ $out/
|
||||||
cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/
|
cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/
|
||||||
echo "@import 'mastodon/variables';
|
|
||||||
@import 'application';" >> $out/app/javascript/styles/modern-dark.scss
|
|
||||||
cat ${mastodonModern}/modern.css >> $out/app/javascript/styles/modern-dark.scss
|
|
||||||
echo "tangerineui: styles/tangerineui.scss
|
echo "tangerineui: styles/tangerineui.scss
|
||||||
tangerineui-purple: styles/tangerineui-purple.scss
|
tangerineui-purple: styles/tangerineui-purple.scss
|
||||||
tangerineui-cherry: styles/tangerineui-cherry.scss
|
tangerineui-cherry: styles/tangerineui-cherry.scss
|
||||||
tangerineui-lagoon: styles/tangerineui-lagoon.scss
|
tangerineui-lagoon: styles/tangerineui-lagoon.scss" >> $out/config/themes.yml
|
||||||
modern-dark: styles/modern-dark.scss" >> $out/config/themes.yml
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
patches = [
|
patches = [
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./mas.nix
|
||||||
./postgresql.nix
|
./postgresql.nix
|
||||||
./matrix-synapse.nix
|
./matrix-synapse.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
|
|
131
config/hosts/matrix/mas.nix
Normal file
131
config/hosts/matrix/mas.nix
Normal file
|
@ -0,0 +1,131 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
masConfig = (pkgs.formats.yaml { }).generate "matrix-authentication-service-config.yaml" {
|
||||||
|
http = {
|
||||||
|
public_base = "https://matrix-auth.nekover.se";
|
||||||
|
listeners = [
|
||||||
|
{
|
||||||
|
name = "web";
|
||||||
|
resources = [
|
||||||
|
{ name = "discovery"; }
|
||||||
|
{ name = "human"; }
|
||||||
|
{ name = "oauth"; }
|
||||||
|
{ name = "compat"; }
|
||||||
|
{ name = "graphql"; }
|
||||||
|
{ name = "assets"; }
|
||||||
|
];
|
||||||
|
binds = [{ socket = "/var/run/mas.sock"; }];
|
||||||
|
proxy_protocol = false;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "internal";
|
||||||
|
resources = [
|
||||||
|
{ name = "health"; }
|
||||||
|
];
|
||||||
|
binds = [
|
||||||
|
{
|
||||||
|
host = "localhost";
|
||||||
|
port = 8081;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
proxy_protocol = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
trusted_proxies = [
|
||||||
|
"192.168.0.0/16"
|
||||||
|
"172.16.0.0/12"
|
||||||
|
"10.0.0.0/10"
|
||||||
|
"127.0.0.1/8"
|
||||||
|
"fd00::/8"
|
||||||
|
"::1/128"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
database = {
|
||||||
|
uri = "postgresql://mas_user:mas@localhost/mas";
|
||||||
|
max_connections = 10;
|
||||||
|
min_connections = 0;
|
||||||
|
connect_timeout = 30;
|
||||||
|
idle_timeout = 600;
|
||||||
|
max_lifetime = 1800;
|
||||||
|
};
|
||||||
|
email = {
|
||||||
|
from = "\"Matrix Authentication Service\" <nyareply@nekover.se>";
|
||||||
|
reply_to = "\"No reply\" <nyareply@nekover.se>";
|
||||||
|
transport = "smtp";
|
||||||
|
mode = "tls";
|
||||||
|
hostname = "mail-1.grzb.de";
|
||||||
|
port = 465;
|
||||||
|
username = "matrix@nekover.se";
|
||||||
|
# password = "";
|
||||||
|
};
|
||||||
|
passwords = {
|
||||||
|
enabled = true;
|
||||||
|
schemes = [
|
||||||
|
{
|
||||||
|
version = 1;
|
||||||
|
algorithm = "argon2id";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
# See https://github.com/dropbox/zxcvbn#usage
|
||||||
|
minimum_complexity = 3;
|
||||||
|
};
|
||||||
|
matrix = {
|
||||||
|
homeserver = "nekover.se";
|
||||||
|
# secret =
|
||||||
|
endpoint = "http://localhost:8008";
|
||||||
|
};
|
||||||
|
upstream_oauth2 = {
|
||||||
|
providers = [{
|
||||||
|
id = "01H8PKNWKKRPCBW4YGH1RWV279";
|
||||||
|
issuer = "https://id.nekover.se/realms/nekoverse";
|
||||||
|
human_name = "Nekoverse ID";
|
||||||
|
token_endpoint_auth_method = "client_secret_basic";
|
||||||
|
client_id = "matrix-authentication-service";
|
||||||
|
#client_secret = "";
|
||||||
|
scope = "openid profile email";
|
||||||
|
claims_imports = {
|
||||||
|
localpart = {
|
||||||
|
action = "require";
|
||||||
|
template = "\"{% if user.matrix_username is defined %}{{ user.matrix_username }}{% else %}{{ user.preferred_username }}{% endif %}\"";
|
||||||
|
};
|
||||||
|
displayname = {
|
||||||
|
action = "suggest";
|
||||||
|
template = "\"{% if user.matrix_username is defined %}{{ user.matrix_username }}{% else %}{{ user.preferred_username }}{% endif %}\"";
|
||||||
|
};
|
||||||
|
email = {
|
||||||
|
action = "suggest";
|
||||||
|
template = "\"{{ user.email }}\"";
|
||||||
|
set_email_verification = "import";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
# secrets = { }
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
matrix-authentication-service
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services.matrix-authentication-service = {
|
||||||
|
description = "Matrix Authentication Service";
|
||||||
|
after = [ "network-online.target" "postgresql.service" ];
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
wants = [ "network-online.target" ];
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "simple";
|
||||||
|
ExecReload = "${pkgs.util-linux}/bin/kill -HUP $MAINPID";
|
||||||
|
Restart = "on-abort";
|
||||||
|
DynamicUser = "yes";
|
||||||
|
User = "mas";
|
||||||
|
Group = "nogroup";
|
||||||
|
WorkingDirectory = pkgs.matrix-authentication-service;
|
||||||
|
ExecStart = "${pkgs.matrix-authentication-service}/bin/mas-cli server --config=${masConfig} --config=/secrets/";
|
||||||
|
SyslogIdentifier = "matrix-authentication-service";
|
||||||
|
};
|
||||||
|
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -46,6 +46,20 @@
|
||||||
];
|
];
|
||||||
turn_user_lifetime = 86400000;
|
turn_user_lifetime = 86400000;
|
||||||
turn_allow_guests = true;
|
turn_allow_guests = true;
|
||||||
|
experimental_features = {
|
||||||
|
msc3861 = {
|
||||||
|
enabled = true;
|
||||||
|
# Synapse will call `{issuer}/.well-known/openid-configuration` to get the OIDC configuration
|
||||||
|
issuer = "https://nekover.se";
|
||||||
|
client_id = "0000000000000000000SYNAPSE";
|
||||||
|
client_auth_method = "client_secret_basic";
|
||||||
|
# Matches the `client_secret` in the auth service config
|
||||||
|
client_secret = "SomeRandomSecret";
|
||||||
|
# Matches the `matrix.secret` in the auth service config
|
||||||
|
admin_token = "AnotherRandomSecret";
|
||||||
|
account_management_url = "https://id.nekover.se/realms/nekoverse/account/";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
extras = [ "oidc" ];
|
extras = [ "oidc" ];
|
||||||
extraConfigFiles = [
|
extraConfigFiles = [
|
||||||
|
|
|
@ -2,7 +2,8 @@
|
||||||
{
|
{
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."matrix.nekover.se" = {
|
virtualHosts = {
|
||||||
|
"matrix.nekover.se" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
listen = [
|
listen = [
|
||||||
|
@ -37,5 +38,40 @@
|
||||||
real_ip_header proxy_protocol;
|
real_ip_header proxy_protocol;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"matrix-auth.nekover.se" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 80;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 443;
|
||||||
|
ssl = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
proxy_pass = "http://unix:/var/run/mas.sock";
|
||||||
|
};
|
||||||
|
"~ ^(/_matrix|/_synapse/client)" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8008";
|
||||||
|
extraConfig = ''
|
||||||
|
# Nginx by default only allows file uploads up to 1M in size
|
||||||
|
# Increase client_max_body_size to match max_upload_size defined in homeserver.yaml
|
||||||
|
client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
listen 0.0.0.0:9443 http2 ssl proxy_protocol;
|
||||||
|
|
||||||
|
set_real_ip_from 10.202.41.100;
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,6 +8,11 @@
|
||||||
TEMPLATE template0
|
TEMPLATE template0
|
||||||
LC_COLLATE = "C"
|
LC_COLLATE = "C"
|
||||||
LC_CTYPE = "C";
|
LC_CTYPE = "C";
|
||||||
|
CREATE ROLE "mas_user" WITH LOGIN PASSWORD 'mas';
|
||||||
|
CREATE DATABASE "mas" WITH OWNER "mas_user"
|
||||||
|
TEMPLATE template0
|
||||||
|
LC_COLLATE = "C"
|
||||||
|
LC_CTYPE = "C";
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
{
|
{
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nextcloud30;
|
package = pkgs.nextcloud29;
|
||||||
hostName = "cloud.nekover.se";
|
hostName = "cloud.nekover.se";
|
||||||
https = true;
|
https = true;
|
||||||
config = {
|
config = {
|
||||||
|
|
|
@ -13,5 +13,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "24.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,5 +25,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{ nixpkgs-master, ... }:
|
{ nixpkgs-unstable, ... }:
|
||||||
{
|
{
|
||||||
services.jackett = {
|
services.jackett = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# use package from master to work around faulty test in older jackett version
|
# use package from unstable to work around faulty test in older jackett version
|
||||||
package = nixpkgs-master.legacyPackages."x86_64-linux".jackett;
|
package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
|
# - https://github.com/NixOS/nixpkgs/issues/236736#issuecomment-1704670598
|
||||||
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
|
# - https://nixos.org/manual/nixos/stable/#sect-nixos-systemd-nixos
|
||||||
|
|
||||||
{ nixpkgs-unstable, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
systemd.packages = [ nixpkgs-unstable.legacyPackages."x86_64-linux".qbittorrent-nox ];
|
systemd.packages = [ pkgs.qbittorrent-nox ];
|
||||||
|
|
||||||
systemd.services."qbittorrent-nox@torrent" = {
|
systemd.services."qbittorrent-nox@torrent" = {
|
||||||
overrideStrategy = "asDropin";
|
overrideStrategy = "asDropin";
|
||||||
|
|
|
@ -1,17 +1,5 @@
|
||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
# The sonarr package is dependend on .NET 6 which is marked as insecure.
|
|
||||||
# It doesn't seem to build with the later .NET versions.
|
|
||||||
# In the meantime allow the installation of these insecure packages since sonarr is only reachable locally.
|
|
||||||
nixpkgs.config = {
|
|
||||||
permittedInsecurePackages = [
|
|
||||||
"aspnetcore-runtime-wrapped-6.0.36"
|
|
||||||
"aspnetcore-runtime-6.0.36"
|
|
||||||
"dotnet-sdk-wrapped-6.0.428"
|
|
||||||
"dotnet-sdk-6.0.428"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.sonarr = {
|
services.sonarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "torrent";
|
user = "torrent";
|
||||||
|
|
|
@ -20,13 +20,13 @@
|
||||||
birdsite.nekover.se 10.202.41.107:8443;
|
birdsite.nekover.se 10.202.41.107:8443;
|
||||||
cloud.nekover.se 10.202.41.122:8443;
|
cloud.nekover.se 10.202.41.122:8443;
|
||||||
element.nekover.se 127.0.0.1:8443;
|
element.nekover.se 127.0.0.1:8443;
|
||||||
fi.nekover.se 10.202.41.125:8443;
|
|
||||||
gameserver.grzb.de 127.0.0.1:8443;
|
gameserver.grzb.de 127.0.0.1:8443;
|
||||||
git.grzb.de 127.0.0.1:8443;
|
git.grzb.de 127.0.0.1:8443;
|
||||||
git.nekover.se 10.202.41.106:8443;
|
git.nekover.se 10.202.41.106:8443;
|
||||||
hydra.nekover.se 10.202.41.121:8443;
|
hydra.nekover.se 10.202.41.121:8443;
|
||||||
id.nekover.se 10.202.41.124:8443;
|
id.nekover.se 10.202.41.124:8443;
|
||||||
matrix.nekover.se 10.202.41.112:8443;
|
matrix.nekover.se 10.202.41.112:8443;
|
||||||
|
matrix-auth.nekover.se 10.202.41.112:9443;
|
||||||
mewtube.nekover.se 127.0.0.1:8443;
|
mewtube.nekover.se 127.0.0.1:8443;
|
||||||
nekover.se 127.0.0.1:8443;
|
nekover.se 127.0.0.1:8443;
|
||||||
nix-cache.nekover.se 10.202.41.121:8443;
|
nix-cache.nekover.se 10.202.41.121:8443;
|
||||||
|
|
|
@ -4,10 +4,10 @@ let
|
||||||
"jellyfin.grzb.de" = "jellyfin.vs.grzb.de";
|
"jellyfin.grzb.de" = "jellyfin.vs.grzb.de";
|
||||||
"mail-1.grzb.de" = "mail-1.vs.grzb.de";
|
"mail-1.grzb.de" = "mail-1.vs.grzb.de";
|
||||||
"matrix.nekover.se" = "matrix.vs.grzb.de";
|
"matrix.nekover.se" = "matrix.vs.grzb.de";
|
||||||
|
"matrix-auth.nekover.se" = "matrix.vs.grzb.de";
|
||||||
"netbox.grzb.de" = "netbox.vs.grzb.de";
|
"netbox.grzb.de" = "netbox.vs.grzb.de";
|
||||||
"git.nekover.se" = "forgejo.vs.grzb.de";
|
"git.nekover.se" = "forgejo.vs.grzb.de";
|
||||||
"grafana.grzb.de" = "metrics.vs.grzb.de";
|
"grafana.grzb.de" = "metrics.vs.grzb.de";
|
||||||
"fi.nekover.se" = "ikiwiki.vs.grzb.de";
|
|
||||||
"jackett.grzb.de" = "torrent.vs.grzb.de";
|
"jackett.grzb.de" = "torrent.vs.grzb.de";
|
||||||
"jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";
|
"jellyseerr.grzb.de" = "jellyseerr.vs.grzb.de";
|
||||||
"keycloak-admin.nekover.se" = "keycloak.vs.grzb.de";
|
"keycloak-admin.nekover.se" = "keycloak.vs.grzb.de";
|
||||||
|
|
|
@ -16,7 +16,22 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
locations."/.well-known/matrix/client" = {
|
locations."/.well-known/matrix/client" = {
|
||||||
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.nekover.se\"}, \"m.identity_server\": {\"base_url\": \"https://vector.im\"}, \"org.matrix.msc3575.proxy\": {\"url\": \"https://matrix.nekover.se\"}, \"org.matrix.msc2965.authentication\": {\"issuer\": \"https://id.nekover.se/realms/nekoverse\", \"account\": \"https://id.nekover.se/realms/nekoverse/account/\"}}'";
|
return = "200 '
|
||||||
|
{
|
||||||
|
\"m.homeserver\": {
|
||||||
|
\"base_url\": \"https://matrix.nekover.se\"
|
||||||
|
},
|
||||||
|
\"m.identity_server\": {
|
||||||
|
\"base_url\": \"https://vector.im\"
|
||||||
|
},
|
||||||
|
\"org.matrix.msc3575.proxy\": {
|
||||||
|
\"url\": \"https://matrix.nekover.se\"
|
||||||
|
},
|
||||||
|
\"org.matrix.msc2965.authentication\": {
|
||||||
|
\"issuer\": \"https://nekover.se/\",
|
||||||
|
\"account\": \"https://matrix-auth.nekover.se/account\"
|
||||||
|
}
|
||||||
|
}'";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
default_type application/json;
|
default_type application/json;
|
||||||
add_header Access-Control-Allow-Origin *;
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
|
|
@ -10,5 +10,5 @@
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
75
flake.lock
75
flake.lock
|
@ -34,11 +34,11 @@
|
||||||
},
|
},
|
||||||
"nixlib": {
|
"nixlib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734829460,
|
"lastModified": 1729386149,
|
||||||
"narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=",
|
"narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c",
|
"rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -55,11 +55,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734915500,
|
"lastModified": 1729472750,
|
||||||
"narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=",
|
"narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4",
|
"rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -70,16 +70,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736167739,
|
"lastModified": 1730963269,
|
||||||
"narHash": "sha256-vL6dGj+0w+l1cK4duEokolgmx4Hu3O1TPjpD6Dfd7oY=",
|
"narHash": "sha256-rz30HrFYCHiWEBCKHMffHbMdWJ35hEkcRVU0h7ms3x0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "bd27be8c9381a66288504d5266db495de571d7bf",
|
"rev": "83fb6c028368e465cd19bb127b86f971a5e41ebc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-24.11-small",
|
"ref": "nixos-24.05-small",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -101,11 +101,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-master": {
|
"nixpkgs-master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736204625,
|
"lastModified": 1731015792,
|
||||||
"narHash": "sha256-y1OxajWQrxP7naHYPoUCrf4AAhEqOGwpNbj+qBXSn5s=",
|
"narHash": "sha256-u8U89hPPbGu627UNtd3H9/CPifDOrmsNGm2y83C9A0A=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6199c32fe66a688ce7c3483de2b05b358ab7a0a6",
|
"rev": "f7516232a6bf821825c2bd114abcaec1bcd1e54d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -117,11 +117,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1736165148,
|
"lastModified": 1730989260,
|
||||||
"narHash": "sha256-AdKOlljgcTLOrJb3HFpaaoHWJhFrkVeT9HbRm0JvcwE=",
|
"narHash": "sha256-5R9m921OhgOUNHVIxTS8+jZJokkZRsH7UOecxlchqZ8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9f46f57b78d2ef865cd8c58eff8d430bb62a471a",
|
"rev": "3aea494127aae5d08c4c501ea4ba27e6c185b822",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -132,6 +132,22 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729265718,
|
||||||
|
"narHash": "sha256-4HQI+6LsO3kpWTYuVGIzhJs1cetFcwT7quWCk/6rqeo=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "ccc0c2126893dd20963580b6478d1a10a4512185",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717602782,
|
"lastModified": 1717602782,
|
||||||
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
|
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
|
||||||
|
@ -146,12 +162,31 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"pterodactyl": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730915158,
|
||||||
|
"narHash": "sha256-qQvhHUbC5yKD6x/G0P2tvHoRf92Nd/QWB76CRnV5oyI=",
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "1eff87119f6e48b6b1d1afef468ee4ff1aebe333",
|
||||||
|
"revCount": 3,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.nekover.se/fi/pterodactyl.git"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.nekover.se/fi/pterodactyl.git"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-master": "nixpkgs-master",
|
"nixpkgs-master": "nixpkgs-master",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"pterodactyl": "pterodactyl",
|
||||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -159,16 +194,16 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"nixpkgs": "nixpkgs_2",
|
"nixpkgs": "nixpkgs_3",
|
||||||
"nixpkgs-24_05": "nixpkgs-24_05",
|
"nixpkgs-24_05": "nixpkgs-24_05",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1734885828,
|
"lastModified": 1718084203,
|
||||||
"narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=",
|
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
|
||||||
"owner": "simple-nixos-mailserver",
|
"owner": "simple-nixos-mailserver",
|
||||||
"repo": "nixos-mailserver",
|
"repo": "nixos-mailserver",
|
||||||
"rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55",
|
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
12
flake.nix
12
flake.nix
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||||
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
|
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
|
||||||
nixos-generators = {
|
nixos-generators = {
|
||||||
|
@ -8,9 +8,13 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||||
|
pterodactyl = {
|
||||||
|
url = "git+https://git.nekover.se/fi/pterodactyl.git";
|
||||||
|
};
|
||||||
|
inputs.sops-nix.url = "github:Mic92/sops-nix";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, ... }@inputs:
|
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-master, nixos-generators, simple-nixos-mailserver, pterodactyl, sops-nix, ... }@inputs:
|
||||||
let
|
let
|
||||||
hosts = import ./hosts.nix inputs;
|
hosts = import ./hosts.nix inputs;
|
||||||
helper = import ./helper.nix inputs;
|
helper = import ./helper.nix inputs;
|
||||||
|
@ -28,10 +32,10 @@
|
||||||
nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
|
nodeNixpkgs = builtins.mapAttrs (name: host: host.pkgs) hosts;
|
||||||
|
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
|
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver pterodactyl;
|
||||||
|
|
||||||
# Provide environment for secret key command
|
# Provide environment for secret key command
|
||||||
keyCommandEnv = [ "env" "GNUPGHOME=/home/fi/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/fi/pass/infra" ];
|
keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} // builtins.mapAttrs (helper.generateColmenaHost) hosts;
|
} // builtins.mapAttrs (helper.generateColmenaHost) hosts;
|
||||||
|
|
25
hosts.nix
25
hosts.nix
|
@ -1,4 +1,4 @@
|
||||||
{ nixpkgs, nixpkgs-unstable, ... }:
|
{ nixpkgs, nixpkgs-unstable, sops-nix, ... }:
|
||||||
let
|
let
|
||||||
# Set of environment specific modules
|
# Set of environment specific modules
|
||||||
environments = {
|
environments = {
|
||||||
|
@ -22,15 +22,16 @@ let
|
||||||
modules = [
|
modules = [
|
||||||
./config/common
|
./config/common
|
||||||
./config/hosts/${name}
|
./config/hosts/${name}
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
] ++ (if environment != "" then environments.${environment} else []);
|
] ++ (if environment != "" then environments.${environment} else []);
|
||||||
}) hosts;
|
}) hosts;
|
||||||
in
|
in
|
||||||
generateDefaults {
|
generateDefaults {
|
||||||
hydra = {
|
gameserver-node-1 = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
ikiwiki = {
|
hydra = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
|
@ -61,12 +62,17 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
|
mail-2 = {
|
||||||
|
site = "wg";
|
||||||
|
environment = "proxmox";
|
||||||
|
};
|
||||||
mastodon = {
|
mastodon = {
|
||||||
hostNixpkgs = nixpkgs-unstable;
|
hostNixpkgs = nixpkgs-unstable;
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
matrix = {
|
matrix = {
|
||||||
|
hostNixpkgs = nixpkgs-unstable;
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
|
@ -74,6 +80,11 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
|
navidrome = {
|
||||||
|
hostNixpkgs = nixpkgs-unstable;
|
||||||
|
site = "wg";
|
||||||
|
environment = "proxmox";
|
||||||
|
};
|
||||||
netbox = {
|
netbox = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
@ -82,6 +93,10 @@ in
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
};
|
};
|
||||||
|
nitter = {
|
||||||
|
site = "vs";
|
||||||
|
environment = "proxmox";
|
||||||
|
};
|
||||||
coturn = {
|
coturn = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
@ -104,6 +119,10 @@ in
|
||||||
site = "af";
|
site = "af";
|
||||||
environment = "openstack";
|
environment = "openstack";
|
||||||
};
|
};
|
||||||
|
web-public-1 = {
|
||||||
|
site = "wg";
|
||||||
|
environment = "proxmox";
|
||||||
|
};
|
||||||
web-public-2 = {
|
web-public-2 = {
|
||||||
site = "vs";
|
site = "vs";
|
||||||
environment = "proxmox";
|
environment = "proxmox";
|
||||||
|
|
Loading…
Reference in a new issue