diff options
Diffstat (limited to 'nixos/configurations/lipwig.nix')
-rw-r--r-- | nixos/configurations/lipwig.nix | 237 |
1 files changed, 237 insertions, 0 deletions
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix new file mode 100644 index 0000000..c484541 --- /dev/null +++ b/nixos/configurations/lipwig.nix @@ -0,0 +1,237 @@ +{ + config, + pkgs, + inputModules, + ... +}: { + imports = [inputModules.vpsadminos]; + + config = { + nixpkgs.hostPlatform.system = "x86_64-linux"; + + deploy = { + enable = true; + ssh.host = "cynerd.cz"; + }; + + cynerd = { + syncthing = { + enable = false; + baseDir = "/nas"; + }; + openvpn.oldpersonal = true; + }; + + boot.loader.systemd-boot.enable = false; + + fileSystems."/nas" = { + device = "172.16.128.63:/nas/2682"; + fsType = "nfs"; + }; + + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + }; + + # Web ###################################################################### + services.nginx = { + enable = true; + virtualHosts = { + "cynerd.cz" = { + forceSSL = true; + enableACME = true; + locations = { + "/".root = ../../web; + "/radicale/" = { + proxyPass = "http://127.0.0.1:5232/"; + extraConfig = '' + proxy_set_header X-Script-Name /radicale; + proxy_pass_header Authorization; + ''; + }; + }; + }; + "git.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + root = "${pkgs.cgit}/cgit"; + locations."/".tryFiles = "$uri @cgit"; + locations."@cgit".extraConfig = '' + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + }; + "cloud.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + }; + "grafana.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; + extraConfig = "proxy_set_header Host $host;"; + proxyWebsockets = true; + }; + }; + }; + }; + services.fcgiwrap = { + enable = true; + inherit (config.services.nginx) group; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."cynerd.cz".extraDomainNames = [ + "git.cynerd.cz" + "cloud.cynerd.cz" + "grafana.cynerd.cz" + ]; + }; + + # Git ###################################################################### + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + dataDir = "/var/lib/git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; + }; + services.gitDaemon = { + enable = false; + user = "gitdemon"; + group = "gitdaemon"; + basePath = "/var/lib/git/repositories"; + }; + environment.etc."cgitrc".text = '' + root-title=Cynerd's git repository + root-desc=All my projects (at least those released to public) + #logo=cynerd.cz/wolf.svg + virtual-root=/ + + # Allow download of tar.gz, tar.bz2 and zip-files + snapshots=tar.gz tar.bz2 zip + ## List of common mimetypes + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + readme=:README.md + readme=:README.adoc + + enable-index-owner=0 + enable-index-links=1 + enable-http-clone=1 + clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL + enable-commit-graph=1 + branch-sort=age + + remove-suffix=1 + enable-git-config=1 + project-list=/var/lib/git/projects.list + scan-path=/var/lib/git/repositories/ + ''; + + # Nextcloud ################################################################ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud28; + https = true; + hostName = "cloud.cynerd.cz"; + datadir = "/nas/nextcloud"; + config = { + adminuser = "cynerd"; + adminpassFile = "/run/secrets/nextcloud.admin.pass"; + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbtableprefix = "oc_"; + }; + settings = { + #log_type = "systemd"; + default_phone_region = "CZ"; + }; + phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + maxUploadSize = "1G"; + appstoreEnable = false; + extraApps = { + inherit + (config.services.nextcloud.package.packages.apps) + bookmarks + calendar + contacts + cookbook + deck + forms + groupfolders + impersonate + maps + memories + notes + phonetrack + previewgenerator + spreed + tasks + twofactor_nextcloud_notification + twofactor_webauthn + ; + # Additional modules can be fetched with: + # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" + passwords = pkgs.fetchNextcloudApp { + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; + sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; + license = "agpl3"; + }; + integration_github = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; + sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; + license = "agpl3"; + }; + integration_gitlab = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; + sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; + license = "agpl3"; + }; + }; + }; + environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; + + # Postgresql ############################################################### + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = ["nextcloud"]; + }; + + # Old Syncthing ############################################################ + services.syncthing = { + enable = true; + openDefaultPorts = true; + + overrideDevices = false; + overrideFolders = false; + + dataDir = "/nas/sync"; + configDir = "/nas/sync/.syncthing"; + }; + }; +} |