aboutsummaryrefslogtreecommitdiff
path: root/nixos/machine
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/machine')
-rw-r--r--nixos/machine/lipwig.nix110
1 files changed, 101 insertions, 9 deletions
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 0ebf894..b109065 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -8,10 +8,10 @@ with lib; {
config = {
cynerd = {
syncthing = {
- #enable = true;
+ enable = false;
baseDir = "/nas";
};
- openvpn.personal = true;
+ openvpn.oldpersonal = true;
};
fileSystems."/nas" = {
@@ -19,9 +19,51 @@ with lib; {
fsType = "nfs";
};
+ # Web ######################################################################
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "cynerd.cz" = {
+ forceSSL = true;
+ enableACME = true;
+ serverAliases = [
+ "grafana.cynerd.cz"
+ ];
+ locations."/" = {
+ root = ../../web;
+ };
+ };
+ "git.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/".extraConfig = ''
+ fastcgi_param DOCUMENT_ROOT ${pkgs.cgit}/cgit/;
+ fastcgi_param SCRIPT_NAME cgit;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ '';
+ };
+ "grafana.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+ proxyWebsockets = true;
+ };
+ };
+ };
+ };
+ services.fcgiwrap = {
+ enable = true;
+ group = config.services.nginx.group;
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ };
+
# Git ######################################################################
services.gitolite = {
- enable = false;
+ enable = true;
user = "git";
group = "git";
dataDir = "/var/lib/git";
@@ -33,16 +75,56 @@ with lib; {
group = "gitdaemon";
basePath = "/var/lib/git/repositories";
};
+ environment.etc."cgitrc".text = ''
+ root-title=Cynerd's git repository
+ root-desc=All my projects (at least those released to public)
+ logo=${../../web/wolf.svg}
+ virtual-root=/
+
+ # Allow download of tar.gz, tar.bz2 and zip-files
+ snapshots=tar.gz tar.bz2 zip
+ ## List of common mimetypes
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+ readme=:README.md
+ readme=:README.adoc
+
+ enable-index-owner=0
+ enable-index-links=1
+ enable-http-clone=1
+ clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+ enable-commit-graph=1
+ branch-sort=age
+
+ remove-suffix=1
+ enable-git-config=1
+ project-list=/var/lib/git/projects.list
+ scan-path=/var/lib/git/repositories/
+ '';
# CalDAV and CardDAV #######################################################
services.radicale = {
enable = true;
+ rights.cynerd = {
+ user = "cynerd";
+ collection = ".*";
+ permission = "rw";
+ };
settings = {
server = {
hosts = ["0.0.0.0:5232" "[::]:5232"];
ssl = true;
- certificate = "/run/secrets/radicale/radicale.crt";
- key = "/run/secrets/radicale/radicale.key";
+ certificate = "/run/secrets/radicale.crt";
+ key = "/run/secrets/radicale.key";
};
encoding = {
request = "utf-8";
@@ -50,17 +132,27 @@ with lib; {
};
auth = {
type = "htpasswd";
- htpasswd_filename = "/run/secrets/radicale/users";
+ htpasswd_filename = "${config.personal-secrets}/unencrypted/radicale.users";
htpasswd_encryption = "bcrypt";
delay = 1;
};
storage = {
filesystem_folder = "/var/lib/radicale/";
};
- web = {
- type = "none";
- };
+ web.type = "none";
};
};
+
+ # Old Syncthing ############################################################
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
+
+ overrideDevices = false;
+ overrideFolders = false;
+
+ dataDir = "/nas";
+ configDir = "/nas/.syncthing";
+ };
};
}