fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: fi:main
Branches Tags
fi:main
fi:ikiwiki
fi:mas
..
compare: fi:ikiwiki
Branches Tags
fi:main
fi:ikiwiki
fi:mas

1 commit
main ... ikiwiki

Author SHA1 Message Date
fi b54be988cc Setup ikiwiki host 2024-11-21 05:19:26 +01:00
14 changed files with 107 additions and 83 deletions
Show stats Expand all files Collapse all files

2
config/hosts/forgejo/forgejo.nix
View file

@ -3,6 +3,7 @@
services.forgejo = { services.forgejo = {
enable = true; enable = true;
database.type = "postgres"; database.type = "postgres";
mailerPasswordFile = "/secrets/forgejo-mailer-password.secret";
settings = { settings = {
DEFAULT = { DEFAULT = {
@ -59,6 +60,5 @@
HOST = "redis+socket:///run/redis-forgejo/redis.sock"; HOST = "redis+socket:///run/redis-forgejo/redis.sock";
}; };
}; };
secrets.mailer.PASSWD = "/secrets/forgejo-mailer-password.secret";
}; };
} }

22
config/hosts/ikiwiki/ikiwiki.nix
View file

@ -133,4 +133,26 @@ in
"multi-user.target" "multi-user.target"
]; ];
}; };
systemd.services.ikiwiki-auth-setup = {
description = "Setup auth subdirectory for ikiwiki.cgi";
script = ''
mkdir -p ${ikiwikiSettings.destdir}/auth
if [ ! -f ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi ]; then
ln -s ${ikiwikiSettings.cgi_wrapper} ${ikiwikiSettings.destdir}/auth/ikiwiki.cgi
fi
'';
serviceConfig = {
Type = "simple";
User = config.users.users.ikiwiki.name;
Group = config.users.users.ikiwiki.group;
Requires = [ "ikiwiki-settings-setup.service" ];
};
wantedBy = [
"multi-user.target"
];
};
} }

8
config/hosts/keycloak/keycloak.nix
View file

@ -3,10 +3,10 @@
services.keycloak = { services.keycloak = {
enable = true; enable = true;
settings = { settings = {
hostname = "https://id.nekover.se"; hostname = "id.nekover.se";
hostname-admin = "https://keycloak-admin.nekover.se"; hostname-admin = "keycloak-admin.nekover.se";
proxy-headers = "forwarded"; hostname-strict-backchannel = true;
http-enabled = true; proxy = "edge";
http-host = "127.0.0.1"; http-host = "127.0.0.1";
http-port = 8080; http-port = 8080;
}; };

36
config/hosts/mail-1/configuration.nix
View file

@ -15,20 +15,28 @@
]; ];
routes = [ routes = [
{ {
Gateway = "10.202.41.1"; routeConfig = {
Destination = "10.201.0.0/16"; Gateway = "10.202.41.1";
Destination = "10.201.0.0/16";
};
} }
{ {
Gateway = "10.202.41.1"; routeConfig = {
Destination = "10.202.0.0/16"; Gateway = "10.202.41.1";
Destination = "10.202.0.0/16";
};
} }
{ {
Gateway = "10.202.41.1"; routeConfig = {
Destination = "172.21.87.0/24"; Gateway = "10.202.41.1";
Destination = "172.21.87.0/24";
};
} }
{ {
Gateway = "10.202.41.1"; routeConfig = {
Destination = "212.53.203.19/32"; Gateway = "10.202.41.1";
Destination = "212.53.203.19/32";
};
} }
]; ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
@ -54,11 +62,13 @@
PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret"; PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret";
}; };
wireguardPeers = [{ wireguardPeers = [{
PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; wireguardPeerConfig = {
PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ=";
Endpoint = "212.53.203.19:51822"; PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret";
AllowedIPs = [ "0.0.0.0/0" ]; Endpoint = "212.53.203.19:51822";
PersistentKeepalive = 25; AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}]; }];
}; };
}; };

36
config/hosts/mail-2/configuration.nix
View file

@ -15,20 +15,28 @@
]; ];
routes = [ routes = [
{ {
Gateway = "10.201.41.1"; routeConfig = {
Destination = "10.201.0.0/16"; Gateway = "10.201.41.1";
Destination = "10.201.0.0/16";
};
} }
{ {
Gateway = "10.201.41.1"; routeConfig = {
Destination = "10.202.0.0/16"; Gateway = "10.201.41.1";
Destination = "10.202.0.0/16";
};
} }
{ {
Gateway = "10.201.41.1"; routeConfig = {
Destination = "172.21.87.0/24"; Gateway = "10.201.41.1";
Destination = "172.21.87.0/24";
};
} }
{ {
Gateway = "10.201.41.1"; routeConfig = {
Destination = "217.160.117.160/32"; Gateway = "10.201.41.1";
Destination = "217.160.117.160/32";
};
} }
]; ];
linkConfig.RequiredForOnline = "routable"; linkConfig.RequiredForOnline = "routable";
@ -54,11 +62,13 @@
PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret"; PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
}; };
wireguardPeers = [{ wireguardPeers = [{
PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4="; wireguardPeerConfig = {
PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret"; PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
Endpoint = "217.160.117.160:51820"; PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
AllowedIPs = [ "0.0.0.0/0" ]; Endpoint = "217.160.117.160:51820";
PersistentKeepalive = 25; AllowedIPs = [ "0.0.0.0/0" ];
PersistentKeepalive = 25;
};
}]; }];
}; };
}; };

15
config/hosts/mastodon/mastodon.nix
View file

@ -5,37 +5,28 @@ let
rev = "v2.2"; rev = "v2.2";
hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ="; hash = "sha256-KyXDnpZh1DrY59jvdU42UicgBVvEGtvAGeU1mNxJauQ=";
}; };
mastodonModern = pkgs.fetchgit {
url = "https://git.gay/freeplay/Mastodon-Modern.git";
rev = "e9e53496789234d5782b5b3d97ed66a130b1678a";
hash = "sha256-lUq57Gbr1UCMVGoO4xTT3wYPNwohdepxSPCX+WP6AS8=";
};
mastodonNekoversePatches = pkgs.fetchgit { mastodonNekoversePatches = pkgs.fetchgit {
url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git"; url = "https://github.com/yuri-qq/nekoverse-mastodon-patches.git";
hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU="; hash = "sha256-3jWbKll5RGB1vfEmONVivzGYcoONEkBEHh/rOt9LXlU=";
}; };
mastodonNekoverseOverlay = final: prev: { mastodonNekoverseOverlay = final: prev: {
mastodon = (prev.mastodon.override rec { mastodon = (prev.mastodon.override rec {
version = "4.3.2"; version = "4.3.1";
srcOverride = final.applyPatches { srcOverride = final.applyPatches {
src = pkgs.stdenv.mkDerivation { src = pkgs.stdenv.mkDerivation {
name = "mastodonWithThemes"; name = "mastodonWithThemes";
src = pkgs.fetchgit { src = pkgs.fetchgit {
url = "https://github.com/mastodon/mastodon.git"; url = "https://github.com/mastodon/mastodon.git";
rev = "v${version}"; rev = "v${version}";
sha256 = "sha256-A1sSUBtlztKFsZ3TY/c9CXFV8LhttRW2JmSU0QSVOIg="; sha256 = "sha256-JlpQGyVPTLcB3RcWMBrmYc1AAUT1JLfS4IDas9ZoWh4=";
}; };
installPhase = '' installPhase = ''
cp -r ./ $out/ cp -r ./ $out/
cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/ cp -r ${tangerineUI}/mastodon/app/javascript/styles/* $out/app/javascript/styles/
echo "@import 'mastodon/variables';
@import 'application';" >> $out/app/javascript/styles/modern-dark.scss
cat ${mastodonModern}/modern.css >> $out/app/javascript/styles/modern-dark.scss
echo "tangerineui: styles/tangerineui.scss echo "tangerineui: styles/tangerineui.scss
tangerineui-purple: styles/tangerineui-purple.scss tangerineui-purple: styles/tangerineui-purple.scss
tangerineui-cherry: styles/tangerineui-cherry.scss tangerineui-cherry: styles/tangerineui-cherry.scss
tangerineui-lagoon: styles/tangerineui-lagoon.scss tangerineui-lagoon: styles/tangerineui-lagoon.scss" >> $out/config/themes.yml
modern-dark: styles/modern-dark.scss" >> $out/config/themes.yml
''; '';
}; };
patches = [ patches = [

2
config/hosts/nextcloud/nextcloud.nix
View file

@ -2,7 +2,7 @@
{ {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud29;
hostName = "cloud.nekover.se"; hostName = "cloud.nekover.se";
https = true; https = true;
config = { config = {

2
config/hosts/torrent/configuration.nix
View file

@ -25,5 +25,5 @@
}; };
}; };
system.stateVersion = "24.11"; system.stateVersion = "23.11";
} }

6
config/hosts/torrent/jackett.nix
View file

@ -1,8 +1,8 @@
{ nixpkgs-master, ... }: { nixpkgs-unstable, ... }:
{ {
services.jackett = { services.jackett = {
enable = true; enable = true;
# use package from master to work around faulty test in older jackett version # use package from unstable to work around faulty test in older jackett version
package = nixpkgs-master.legacyPackages."x86_64-linux".jackett; package = nixpkgs-unstable.legacyPackages."x86_64-linux".jackett;
}; };
} }

12
config/hosts/torrent/sonarr.nix
View file

@ -1,17 +1,5 @@
{ ... }: { ... }:
{ {
# The sonarr package is dependend on .NET 6 which is marked as insecure.
# It doesn't seem to build with the later .NET versions.
# In the meantime allow the installation of these insecure packages since sonarr is only reachable locally.
nixpkgs.config = {
permittedInsecurePackages = [
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
};
services.sonarr = { services.sonarr = {
enable = true; enable = true;
user = "torrent"; user = "torrent";

2
config/nixos-generators/default.nix
View file

@ -10,5 +10,5 @@
firewall.enable = true; firewall.enable = true;
}; };
system.stateVersion = "24.11"; system.stateVersion = "23.05";
} }

38
flake.lock
View file

@ -34,11 +34,11 @@
}, },
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1734829460, "lastModified": 1731805462,
"narHash": "sha256-dPhc+f2wkmhMqMIfq+hColJdysgVxKP9ilZ5bR0NRZI=", "narHash": "sha256-yhEMW4MBi+IAyEJyiKbnFvY1uARyMKJpLUhkczI49wk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "0a31e8d833173ae63e43fd9dbff1ccf09c4f778c", "rev": "b9f04e3cf71c23bea21d2768051e6b3068d44734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -55,11 +55,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734915500, "lastModified": 1732151224,
"narHash": "sha256-A7CTIQ8SW0hfbhKlwK+vSsu4pD+Oaelw3v6goX6go+U=", "narHash": "sha256-5IgpueM8SGLOadzUJK6Gk37zEBXGd56BkNOtoWmnZos=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "051d1b2dda3b2e81b38d82e2b691e5c2f4d335f4", "rev": "3280fdde8c8f0276c9f5286ad5c0f433dfa5d56c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -70,16 +70,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1736167739, "lastModified": 1731842749,
"narHash": "sha256-vL6dGj+0w+l1cK4duEokolgmx4Hu3O1TPjpD6Dfd7oY=", "narHash": "sha256-aNc8irVBH7sM5cGDvqdOueg8S+fGakf0rEMRGfGwWZw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bd27be8c9381a66288504d5266db495de571d7bf", "rev": "bf6132dc791dbdff8b6894c3a85eb27ad8255682",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11-small", "ref": "nixos-24.05-small",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -101,11 +101,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1736204625, "lastModified": 1732154639,
"narHash": "sha256-y1OxajWQrxP7naHYPoUCrf4AAhEqOGwpNbj+qBXSn5s=", "narHash": "sha256-GeEhJmh0/KEQmoe4Lmsv9VC0SrQn4K9V27KbHJ0Zs/g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6199c32fe66a688ce7c3483de2b05b358ab7a0a6", "rev": "516819d9b5b97ee1f461aecb4caed7aa6b769d5d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -117,11 +117,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1736165148, "lastModified": 1732136765,
"narHash": "sha256-AdKOlljgcTLOrJb3HFpaaoHWJhFrkVeT9HbRm0JvcwE=", "narHash": "sha256-622zKMMp0mw2a+fJJoVQdNmxwRGDkWsDTn5OSPK8DLk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f46f57b78d2ef865cd8c58eff8d430bb62a471a", "rev": "e35b0f3f9787cfe51f406f7dd5a4446a858bfdb2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,11 +164,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1734885828, "lastModified": 1718084203,
"narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=", "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55", "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {

4
flake.nix
View file

@ -1,6 +1,6 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixos-generators = { nixos-generators = {
@ -31,7 +31,7 @@
inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver; inherit nixpkgs-unstable nixpkgs-master hosts simple-nixos-mailserver;
# Provide environment for secret key command # Provide environment for secret key command
keyCommandEnv = [ "env" "GNUPGHOME=/home/fi/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/fi/pass/infra" ]; keyCommandEnv = [ "env" "GNUPGHOME=/home/yuri/.passinfra_gnupg" "PASSWORD_STORE_DIR=/home/yuri/pass/infra" ];
}; };
}; };
} // builtins.mapAttrs (helper.generateColmenaHost) hosts; } // builtins.mapAttrs (helper.generateColmenaHost) hosts;

5
hosts.nix
View file

@ -82,6 +82,10 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
nitter = {
site = "vs";
environment = "proxmox";
};
coturn = { coturn = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
@ -92,7 +96,6 @@ in
environment = "proxmox"; environment = "proxmox";
}; };
torrent = { torrent = {
hostNixpkgs = nixpkgs-unstable;
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };