aboutsummaryrefslogtreecommitdiff
path: root/nixos
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2023-01-18 14:33:05 +0100
committerKarel Kočí <cynerd@email.cz>2023-01-18 14:33:05 +0100
commit961a5c06c2a07870e846238be5365ad1c44dcaba (patch)
tree6e3294fda7b8d190c5237797f1f150eeeb770015 /nixos
parent33bcefc45b4a8881310f77a2bbda466a8b0f466a (diff)
downloadnixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.tar.gz
nixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.tar.bz2
nixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.zip
nixos/lipwig: extend functionality
Diffstat (limited to 'nixos')
-rw-r--r--nixos/machine/lipwig.nix110
-rw-r--r--nixos/modules/syncthing.nix4
2 files changed, 103 insertions, 11 deletions
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 0ebf894..b109065 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -8,10 +8,10 @@ with lib; {
config = {
cynerd = {
syncthing = {
- #enable = true;
+ enable = false;
baseDir = "/nas";
};
- openvpn.personal = true;
+ openvpn.oldpersonal = true;
};
fileSystems."/nas" = {
@@ -19,9 +19,51 @@ with lib; {
fsType = "nfs";
};
+ # Web ######################################################################
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "cynerd.cz" = {
+ forceSSL = true;
+ enableACME = true;
+ serverAliases = [
+ "grafana.cynerd.cz"
+ ];
+ locations."/" = {
+ root = ../../web;
+ };
+ };
+ "git.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/".extraConfig = ''
+ fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/;
+ fastcgi_param SCRIPT_NAME cgit;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ '';
+ };
+ "grafana.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+ proxyWebsockets = true;
+ };
+ };
+ };
+ };
+ services.fcgiwrap = {
+ enable = true;
+ group = config.services.nginx.group;
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ };
+
# Git ######################################################################
services.gitolite = {
- enable = false;
+ enable = true;
user = "git";
group = "git";
dataDir = "/var/lib/git";
@@ -33,16 +75,56 @@ with lib; {
group = "gitdaemon";
basePath = "/var/lib/git/repositories";
};
+ environment.etc."cgitrc".text = ''
+ root-title=Cynerd's git repository
+ root-desc=All my projects (at least those released to public)
+ logo=${../../web/wolf.svg}
+ virtual-root=/
+
+ # Allow download of tar.gz, tar.bz2 and zip-files
+ snapshots=tar.gz tar.bz2 zip
+ ## List of common mimetypes
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+ readme=:README.md
+ readme=:README.adoc
+
+ enable-index-owner=0
+ enable-index-links=1
+ enable-http-clone=1
+ clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+ enable-commit-graph=1
+ branch-sort=age
+
+ remove-suffix=1
+ enable-git-config=1
+ project-list=/var/lib/git/projects.list
+ scan-path=/var/lib/git/repositories/
+ '';
# CalDAV and CardDAV #######################################################
services.radicale = {
enable = true;
+ rights.cynerd = {
+ user = "cynerd";
+ collection = ".*";
+ permission = "rw";
+ };
settings = {
server = {
hosts = ["0.0.0.0:5232" "[::]:5232"];
ssl = true;
- certificate = "/run/secrets/radicale/radicale.crt";
- key = "/run/secrets/radicale/radicale.key";
+ certificate = "/run/secrets/radicale.crt";
+ key = "/run/secrets/radicale.key";
};
encoding = {
request = "utf-8";
@@ -50,17 +132,27 @@ with lib; {
};
auth = {
type = "htpasswd";
- htpasswd_filename = "/run/secrets/radicale/users";
+ htpasswd_filename = "${config.personal-secrets}/unencrypted/radicale.users";
htpasswd_encryption = "bcrypt";
delay = 1;
};
storage = {
filesystem_folder = "/var/lib/radicale/";
};
- web = {
- type = "none";
- };
+ web.type = "none";
};
};
+
+ # Old Syncthing ############################################################
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
+
+ overrideDevices = false;
+ overrideFolders = false;
+
+ dataDir = "/nas";
+ configDir = "/nas/.syncthing";
+ };
};
}
diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix
index db8b6a8..716e5a3 100644
--- a/nixos/modules/syncthing.nix
+++ b/nixos/modules/syncthing.nix
@@ -51,8 +51,8 @@ in {
services.syncthing = {
enable = any (n: n == hostName) allDevices;
user = mkDefault "cynerd";
- key = "/run/secrets/syncthing/key.pem";
- cert = "/run/secrets/syncthing/cert.pem";
+ key = "/run/secrets/syncthing.key.pem";
+ cert = "/run/secrets/syncthing.cert.pem";
openDefaultPorts = true;