Merge branch 'main' into matrix

2022-12-17 21:02:56 +01:00 · 2022-12-17 21:02:56 +01:00 · 509cfd4121
commit 509cfd4121
parent 565bcae081 472ab6a7d5
11 changed files with 172 additions and 34 deletions
--- a/modules/hedgedoc.nix
+++ b/modules/hedgedoc.nix
@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "pad.quitte.tassilo-tanneberger.de";
+  domain = "pad.${config.fsr.domain}";
 in
 {
  services = {
--- a/modules/ldap.nix
+++ b/modules/ldap.nix
@ -0,0 +1,67 @@
+{ config, ... }:
+let
+  domain = "auth.${config.fsr.domain}";
+
+  portunusUser = "portunus";
+  portunusGroup = "portunus";
+
+  ldapUser = "openldap";
+  ldapGroup = "openldap";
+in
+{
+  users.users."${portunusUser}" = {
+    isSystemUser = true;
+    group = "${portunusGroup}";
+  };
+
+  users.groups."${portunusGroup}" = {
+    name = "${portunusGroup}";
+    members = [ "${portunusUser}" ];
+  };
+
+  users.users."${ldapUser}" = {
+    isSystemUser = true;
+    group = "${ldapGroup}";
+  };
+
+  users.groups."${ldapGroup}" = {
+    name = "${ldapGroup}";
+    members = [ "${ldapUser}" ];
+  };
+
+  sops.secrets."portunus_admin" = {
+    owner = "${portunusUser}";
+    group = "${portunusGroup}";
+  };
+
+  services.portunus = {
+    enable = true;
+    user = "${portunusUser}";
+    group = "${portunusGroup}";
+    domain = "${domain}";
+    ldap = {
+      user = "${ldapUser}";
+      group = "${ldapGroup}";
+      suffix = "dc=ifsr,dc=de";
+      tls = true;
+    };
+
+    seedPath = ../config/portunus_seeds.json;
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts."${config.services.portunus.domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations = {
+        "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80 # http
+    443 # https
+  ];
+}
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }:
 let
-  domain = "nc.quitte.fugi.dev";
+  domain = "nc.${config.fsr.domain}";
 in
 {
  sops.secrets = {
--- a/modules/options.nix
+++ b/modules/options.nix
@ -1,7 +1,14 @@
 { config, lib, ... }: with lib; {
-  options.fsr.enable_office_bloat = mkOption {
-    type = types.bool;
-    default = false;
-    description = "install heavy office bloat like texlive, okular, ...";
+  options.fsr = {
+    enable_office_bloat = mkOption {
+      type = types.bool;
+      default = false;
+      description = "install heavy office bloat like texlive, okular, ...";
+    };
+    domain = mkOption {
+      type = types.str;
+      default = "ifsr.de";
+      description = "under which top level domain the services should run";
+    };
  };
 }
--- a/modules/stream.nix
+++ b/modules/stream.nix
@ -10,7 +10,7 @@ in
  services = {
    nginx = {
      virtualHosts = {
-        "stream.ifsr.de" = {
+        "stream.${config.fsr.domain}" = {
          enableACME = true;
          forceSSL = true;
          locations."/" =
--- a/modules/wiki.nix
+++ b/modules/wiki.nix
@ -116,10 +116,6 @@
                $wgPluggableAuth_EnableLocalLogin = true;
      '';
      extensions = {
-        #Cite = pkgs.fetchzip {
-        #  url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
-        #  sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
-        #};
        CiteThisPage = pkgs.fetchzip {
          url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
          sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
@ -128,10 +124,6 @@
          url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
          sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
        };
-        #DynamicPageList = pkgs.fetchzip {
-        #  url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
-        #  sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
-        #};
        Lockdown = pkgs.fetchzip {
          url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
          sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
@ -188,7 +180,7 @@
    nginx = {
      recommendedProxySettings = true;
      virtualHosts = {
-        "wiki.quitte.tassilo-tanneberger.de" = {
+        "wiki.${config.fsr.domain}" = {
          enableACME = true;
          forceSSL = true;
          locations."/" = {