diff options
author | Karel Kočí <cynerd@email.cz> | 2023-01-18 14:33:05 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2023-01-18 14:33:05 +0100 |
commit | 961a5c06c2a07870e846238be5365ad1c44dcaba (patch) | |
tree | 6e3294fda7b8d190c5237797f1f150eeeb770015 /nixos | |
parent | 33bcefc45b4a8881310f77a2bbda466a8b0f466a (diff) | |
download | nixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.tar.gz nixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.tar.bz2 nixos-personal-961a5c06c2a07870e846238be5365ad1c44dcaba.zip |
nixos/lipwig: extend functionality
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/machine/lipwig.nix | 110 | ||||
-rw-r--r-- | nixos/modules/syncthing.nix | 4 |
2 files changed, 103 insertions, 11 deletions
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix index 0ebf894..b109065 100644 --- a/nixos/machine/lipwig.nix +++ b/nixos/machine/lipwig.nix @@ -8,10 +8,10 @@ with lib; { config = { cynerd = { syncthing = { - #enable = true; + enable = false; baseDir = "/nas"; }; - openvpn.personal = true; + openvpn.oldpersonal = true; }; fileSystems."/nas" = { @@ -19,9 +19,51 @@ with lib; { fsType = "nfs"; }; + # Web ###################################################################### + services.nginx = { + enable = true; + virtualHosts = { + "cynerd.cz" = { + forceSSL = true; + enableACME = true; + serverAliases = [ + "grafana.cynerd.cz" + ]; + locations."/" = { + root = ../../web; + }; + }; + "git.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/".extraConfig = '' + fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/; + fastcgi_param SCRIPT_NAME cgit; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + ''; + }; + "grafana.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; + proxyWebsockets = true; + }; + }; + }; + }; + services.fcgiwrap = { + enable = true; + group = config.services.nginx.group; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + }; + # Git ###################################################################### services.gitolite = { - enable = false; + enable = true; user = "git"; group = "git"; dataDir = "/var/lib/git"; @@ -33,16 +75,56 @@ with lib; { group = "gitdaemon"; basePath = "/var/lib/git/repositories"; }; + environment.etc."cgitrc".text = '' + root-title=Cynerd's git repository + root-desc=All my projects (at least those released to public) + logo=${../../web/wolf.svg} + virtual-root=/ + + # Allow download of tar.gz, tar.bz2 and zip-files + snapshots=tar.gz tar.bz2 zip + ## List of common mimetypes + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + readme=:README.md + readme=:README.adoc + + enable-index-owner=0 + enable-index-links=1 + enable-http-clone=1 + clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL + enable-commit-graph=1 + branch-sort=age + + remove-suffix=1 + enable-git-config=1 + project-list=/var/lib/git/projects.list + scan-path=/var/lib/git/repositories/ + ''; # CalDAV and CardDAV ####################################################### services.radicale = { enable = true; + rights.cynerd = { + user = "cynerd"; + collection = ".*"; + permission = "rw"; + }; settings = { server = { hosts = ["0.0.0.0:5232" "[::]:5232"]; ssl = true; - certificate = "/run/secrets/radicale/radicale.crt"; - key = "/run/secrets/radicale/radicale.key"; + certificate = "/run/secrets/radicale.crt"; + key = "/run/secrets/radicale.key"; }; encoding = { request = "utf-8"; @@ -50,17 +132,27 @@ with lib; { }; auth = { type = "htpasswd"; - htpasswd_filename = "/run/secrets/radicale/users"; + htpasswd_filename = "${config.personal-secrets}/unencrypted/radicale.users"; htpasswd_encryption = "bcrypt"; delay = 1; }; storage = { filesystem_folder = "/var/lib/radicale/"; }; - web = { - type = "none"; - }; + web.type = "none"; }; }; + + # Old Syncthing ############################################################ + services.syncthing = { + enable = true; + openDefaultPorts = true; + + overrideDevices = false; + overrideFolders = false; + + dataDir = "/nas"; + configDir = "/nas/.syncthing"; + }; }; } diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix index db8b6a8..716e5a3 100644 --- a/nixos/modules/syncthing.nix +++ b/nixos/modules/syncthing.nix @@ -51,8 +51,8 @@ in { services.syncthing = { enable = any (n: n == hostName) allDevices; user = mkDefault "cynerd"; - key = "/run/secrets/syncthing/key.pem"; - cert = "/run/secrets/syncthing/cert.pem"; + key = "/run/secrets/syncthing.key.pem"; + cert = "/run/secrets/syncthing.cert.pem"; openDefaultPorts = true; |