aboutsummaryrefslogtreecommitdiff
path: root/nixos/machine/lipwig.nix
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-03-14 09:35:13 +0100
committerKarel Kočí <cynerd@email.cz>2024-03-14 09:35:13 +0100
commitb2ec9599373c7e0f5428694c5712c8fc0be06264 (patch)
tree331d4c70ad7664fb9fdbe9ce1050de02e231e6a2 /nixos/machine/lipwig.nix
parent927fab5c6ec204ce2d7ddac3901519c023331c89 (diff)
downloadnixos-personal-b2ec9599373c7e0f5428694c5712c8fc0be06264.tar.gz
nixos-personal-b2ec9599373c7e0f5428694c5712c8fc0be06264.tar.bz2
nixos-personal-b2ec9599373c7e0f5428694c5712c8fc0be06264.zip
Load of updates and module simplification
Diffstat (limited to 'nixos/machine/lipwig.nix')
-rw-r--r--nixos/machine/lipwig.nix392
1 files changed, 196 insertions, 196 deletions
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 7b4b7f6..ac868f5 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -1,228 +1,228 @@
{
config,
- lib,
pkgs,
...
}: {
- config = {
- deploy = {
- enable = true;
- ssh.host = "cynerd.cz";
- };
+ deploy = {
+ enable = true;
+ ssh.host = "cynerd.cz";
+ };
- cynerd = {
- syncthing = {
- enable = false;
- baseDir = "/nas";
- };
- openvpn.oldpersonal = true;
+ cynerd = {
+ syncthing = {
+ enable = false;
+ baseDir = "/nas";
};
+ openvpn.oldpersonal = true;
+ };
- fileSystems."/nas" = {
- device = "172.16.128.63:/nas/2682";
- fsType = "nfs";
- };
+ fileSystems."/nas" = {
+ device = "172.16.128.63:/nas/2682";
+ fsType = "nfs";
+ };
- networking.firewall = {
- allowedTCPPorts = [80 443];
- allowedUDPPorts = [1194];
- };
+ networking.firewall = {
+ allowedTCPPorts = [80 443];
+ allowedUDPPorts = [1194];
+ };
- # Web ######################################################################
- services.nginx = {
- enable = true;
- virtualHosts = {
- "cynerd.cz" = {
- forceSSL = true;
- enableACME = true;
- locations = {
- "/".root = ../../web;
- "/radicale/" = {
- proxyPass = "http://127.0.0.1:5232/";
- extraConfig = ''
- proxy_set_header X-Script-Name /radicale;
- proxy_pass_header Authorization;
- '';
- };
+ # Web ######################################################################
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "cynerd.cz" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/".root = ../../web;
+ "/radicale/" = {
+ proxyPass = "http://127.0.0.1:5232/";
+ extraConfig = ''
+ proxy_set_header X-Script-Name /radicale;
+ proxy_pass_header Authorization;
+ '';
};
};
- "git.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- root = "${pkgs.cgit}/cgit";
- locations."/".tryFiles = "$uri @cgit";
- locations."@cgit".extraConfig = ''
- fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
- fastcgi_param PATH_INFO $uri;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- '';
- };
- "cloud.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- };
- "grafana.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- locations."/" = {
- proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
- extraConfig = "proxy_set_header Host $host;";
- proxyWebsockets = true;
- };
+ };
+ "git.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ root = "${pkgs.cgit}/cgit";
+ locations."/".tryFiles = "$uri @cgit";
+ locations."@cgit".extraConfig = ''
+ fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ '';
+ };
+ "cloud.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ };
+ "grafana.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+ extraConfig = "proxy_set_header Host $host;";
+ proxyWebsockets = true;
};
};
};
- services.fcgiwrap = {
- enable = true;
- inherit (config.services.nginx) group;
- };
- security.acme = {
- acceptTerms = true;
- defaults.email = "cynerd+acme@email.cz";
- certs."cynerd.cz".extraDomainNames = [
- "git.cynerd.cz"
- "cloud.cynerd.cz"
- "grafana.cynerd.cz"
- ];
- };
+ };
+ services.fcgiwrap = {
+ enable = true;
+ inherit (config.services.nginx) group;
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ certs."cynerd.cz".extraDomainNames = [
+ "git.cynerd.cz"
+ "cloud.cynerd.cz"
+ "grafana.cynerd.cz"
+ ];
+ };
- # Git ######################################################################
- services.gitolite = {
- enable = true;
- user = "git";
- group = "git";
- dataDir = "/var/lib/git";
- adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
- };
- services.gitDaemon = {
- enable = false;
- user = "gitdemon";
- group = "gitdaemon";
- basePath = "/var/lib/git/repositories";
- };
- environment.etc."cgitrc".text = ''
- root-title=Cynerd's git repository
- root-desc=All my projects (at least those released to public)
- #logo=cynerd.cz/wolf.svg
- virtual-root=/
+ # Git ######################################################################
+ services.gitolite = {
+ enable = true;
+ user = "git";
+ group = "git";
+ dataDir = "/var/lib/git";
+ adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
+ };
+ services.gitDaemon = {
+ enable = false;
+ user = "gitdemon";
+ group = "gitdaemon";
+ basePath = "/var/lib/git/repositories";
+ };
+ environment.etc."cgitrc".text = ''
+ root-title=Cynerd's git repository
+ root-desc=All my projects (at least those released to public)
+ #logo=cynerd.cz/wolf.svg
+ virtual-root=/
- # Allow download of tar.gz, tar.bz2 and zip-files
- snapshots=tar.gz tar.bz2 zip
- ## List of common mimetypes
- mimetype.gif=image/gif
- mimetype.html=text/html
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
+ # Allow download of tar.gz, tar.bz2 and zip-files
+ snapshots=tar.gz tar.bz2 zip
+ ## List of common mimetypes
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- readme=:README.md
- readme=:README.adoc
+ readme=:README.md
+ readme=:README.adoc
- enable-index-owner=0
- enable-index-links=1
- enable-http-clone=1
- clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
- enable-commit-graph=1
- branch-sort=age
+ enable-index-owner=0
+ enable-index-links=1
+ enable-http-clone=1
+ clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+ enable-commit-graph=1
+ branch-sort=age
- remove-suffix=1
- enable-git-config=1
- project-list=/var/lib/git/projects.list
- scan-path=/var/lib/git/repositories/
- '';
+ remove-suffix=1
+ enable-git-config=1
+ project-list=/var/lib/git/projects.list
+ scan-path=/var/lib/git/repositories/
+ '';
- # Nextcloud ################################################################
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud28;
- https = true;
- hostName = "cloud.cynerd.cz";
- datadir = "/nas/nextcloud";
- config = {
- adminuser = "cynerd";
- adminpassFile = "/run/secrets/nextcloud.admin.pass";
- dbtype = "pgsql";
- dbhost = "/run/postgresql";
- dbtableprefix = "oc_";
- };
- settings = {
- #log_type = "systemd";
- default_phone_region = "CZ";
+ # Nextcloud ################################################################
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud28;
+ https = true;
+ hostName = "cloud.cynerd.cz";
+ datadir = "/nas/nextcloud";
+ config = {
+ adminuser = "cynerd";
+ adminpassFile = "/run/secrets/nextcloud.admin.pass";
+ dbtype = "pgsql";
+ dbhost = "/run/postgresql";
+ dbtableprefix = "oc_";
+ };
+ settings = {
+ #log_type = "systemd";
+ default_phone_region = "CZ";
+ };
+ phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
+ phpOptions = {
+ "opcache.interned_strings_buffer" = "16";
+ };
+ maxUploadSize = "1G";
+ appstoreEnable = false;
+ extraApps = {
+ inherit
+ (config.services.nextcloud.package.packages.apps)
+ bookmarks
+ calendar
+ contacts
+ cookbook
+ deck
+ forms
+ groupfolders
+ impersonate
+ maps
+ memories
+ notes
+ phonetrack
+ previewgenerator
+ spreed
+ tasks
+ twofactor_nextcloud_notification
+ twofactor_webauthn
+ ;
+ # Additional modules can be fetched with:
+ # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
+ passwords = pkgs.fetchNextcloudApp {
+ url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
+ sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
+ license = "agpl3";
};
- phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
- phpOptions = {
- "opcache.interned_strings_buffer" = "16";
+ integration_github = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
+ sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
+ license = "agpl3";
};
- maxUploadSize = "1G";
- appstoreEnable = false;
- extraApps = {
- inherit
- (config.services.nextcloud.package.packages.apps)
- bookmarks
- calendar
- contacts
- cookbook
- deck
- groupfolders
- maps
- memories
- notes
- phonetrack
- previewgenerator
- tasks
- twofactor_nextcloud_notification
- twofactor_webauthn
- ;
- # Additional modules can be fetched with:
- # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
- passwords = pkgs.fetchNextcloudApp {
- url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2023.12.2/passwords.tar.gz";
- sha256 = "17qkkkmc3gai6pryl3lb4y074pzbjk26swnpgvy6qfvkp64n8bw1";
- license = "agpl3";
- };
- integration_github = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
- sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
- license = "agpl3";
- };
- integration_gitlab = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
- sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
- license = "agpl3";
- };
+ integration_gitlab = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
+ sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
+ license = "agpl3";
};
};
- environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
+ };
+ environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
- # Postgresql ###############################################################
- services.postgresql = {
- enable = true;
- ensureUsers = [
- {
- name = "nextcloud";
- ensureDBOwnership = true;
- }
- ];
- ensureDatabases = ["nextcloud"];
- };
+ # Postgresql ###############################################################
+ services.postgresql = {
+ enable = true;
+ ensureUsers = [
+ {
+ name = "nextcloud";
+ ensureDBOwnership = true;
+ }
+ ];
+ ensureDatabases = ["nextcloud"];
+ };
- # Old Syncthing ############################################################
- services.syncthing = {
- enable = true;
- openDefaultPorts = true;
+ # Old Syncthing ############################################################
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
- overrideDevices = false;
- overrideFolders = false;
+ overrideDevices = false;
+ overrideFolders = false;
- dataDir = "/nas/sync";
- configDir = "/nas/sync/.syncthing";
- };
+ dataDir = "/nas/sync";
+ configDir = "/nas/sync/.syncthing";
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 04:55:32 +0000