rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rouven.seifert:657ae1385e7151d1fccebf87befb86a30471b8ee
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:f0647c2356e254320089e8f59c5bcdff74c3020f
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

No commits in common. "657ae1385e7151d1fccebf87befb86a30471b8ee" and "f0647c2356e254320089e8f59c5bcdff74c3020f" have entirely different histories.
657ae1385e ... f0647c2356

11 changed files with 98 additions and 69 deletions
Show stats Expand all files Collapse all files

6
hosts/falkenstein/modules/dns/default.nix
View file

@ -35,10 +35,8 @@ let
subdomains = subdomains =
let let
getVirtualHosts = hostname: map (name: builtins.substring 0 (builtins.stringLength name - (builtins.stringLength domain + 1)) name) (builtins.attrNames self.nixosConfigurations."${hostname}".config.services.caddy.virtualHosts); getVirtualHosts = hostname: map (name: builtins.substring 0 (builtins.stringLength name - (builtins.stringLength domain + 1)) name) (builtins.attrNames self.nixosConfigurations."${hostname}".config.services.nginx.virtualHosts);
getVirtualHostsNginx = hostname: map (name: builtins.substring 0 (builtins.stringLength name - (builtins.stringLength domain + 1)) name) (builtins.attrNames self.nixosConfigurations."${hostname}".config.services.nginx.virtualHosts);
genCNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (label: { CNAME = [ "${hostname}.${domain}." ]; }); genCNAMEs = hostname: lib.attrsets.genAttrs (getVirtualHosts hostname) (label: { CNAME = [ "${hostname}.${domain}." ]; });
genCNAMEsNginx = hostname: lib.attrsets.genAttrs (getVirtualHostsNginx hostname) (label: { CNAME = [ "${hostname}.${domain}." ]; });
in in
lib.attrsets.mergeAttrsList [ lib.attrsets.mergeAttrsList [
rec { rec {
@ -56,9 +54,7 @@ let
} }
(genCNAMEs "nuc") (genCNAMEs "nuc")
(genCNAMEsNginx "nuc")
(builtins.removeAttrs (genCNAMEs "falkenstein") [ "mail" ]) (builtins.removeAttrs (genCNAMEs "falkenstein") [ "mail" ])
(builtins.removeAttrs (genCNAMEsNginx "falkenstein") [ "mail" ])
]; ];
}); });
in in

4
hosts/nuc/default.nix
View file

@ -8,6 +8,7 @@
./modules/networks ./modules/networks
./modules/adguard ./modules/adguard
./modules/backup ./modules/backup
# ./modules/keycloak
./modules/jellyfin ./modules/jellyfin
./modules/cache ./modules/cache
./modules/matrix ./modules/matrix
@ -15,8 +16,7 @@
./modules/seafile ./modules/seafile
./modules/torrent ./modules/torrent
./modules/vaultwarden ./modules/vaultwarden
# ./modules/nginx ./modules/nginx
./modules/caddy
./modules/indexing ./modules/indexing
]; ];

13
hosts/nuc/modules/authentik/default.nix
View file

@ -9,13 +9,10 @@ in
services.authentik = { services.authentik = {
enable = true; enable = true;
environmentFile = config.age.secrets.authentik.path; environmentFile = config.age.secrets.authentik.path;
# nginx = { nginx = {
# enable = true; enable = true;
# enableACME = true; enableACME = true;
# host = domain; host = domain;
# }; };
}; };
services.caddy.virtualHosts."${domain}".extraConfig = ''
reverse_proxy localhost:9000
'';
} }

8
hosts/nuc/modules/cache/default.nix vendored
View file

@ -10,7 +10,9 @@ in
enable = true; enable = true;
secretKeyFile = config.age.secrets.cache.path; secretKeyFile = config.age.secrets.cache.path;
}; };
services.caddy.virtualHosts."${domain}".extraConfig = '' services.nginx.virtualHosts."${domain}" = {
reverse_proxy 127.0.0.1:${toString config.services.nix-serve.port} locations."/" = {
''; proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
};
};
} }

10
hosts/nuc/modules/caddy/default.nix
View file

@ -1,10 +0,0 @@
{ config, ... }:
{
services.caddy = {
enable = true;
email = "ca@${config.networking.domain}";
logFormat = "format console";
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
}

43
hosts/nuc/modules/keycloak/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, ... }:
let
domain = "auth.${config.networking.domain}";
in
{
age.secrets.keycloak = {
file = ../../../../secrets/nuc/keycloak/db.age;
};
services.keycloak = {
enable = true;
settings = {
http-port = 8084;
https-port = 19000;
hostname = domain;
# proxy-headers = "forwarded";
proxy = "edge";
};
database = {
# host = "/var/run/postgresql/.s.PGSQL.5432";
# useSSL = false;
# createLocally = false;
passwordFile = config.age.secrets.keycloak.path;
};
initialAdminPassword = "plschangeme";
};
# services.postgresql = {
# enable = true;
# ensureUsers = [
# {
# name = "keycloak";
# ensureDBOwnership = true;
# }
# ];
# ensureDatabases = [ "keycloak" ];
# };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}";
};
};
}

45
hosts/nuc/modules/matrix/default.nix
View file

@ -32,7 +32,6 @@ in
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
configureRedisLocally = true; configureRedisLocally = true;
enableRegistrationScript = false;
extraConfigFiles = [ config.age.secrets."matrix/shared".path ]; extraConfigFiles = [ config.age.secrets."matrix/shared".path ];
log = { log = {
root.level = "WARNING"; root.level = "WARNING";
@ -42,9 +41,10 @@ in
server_name = config.networking.domain; server_name = config.networking.domain;
listeners = [{ listeners = [{
path = "/run/matrix-synapse/server.sock"; port = 8008;
mode = "666"; bind_addresses = [ "::1" ];
type = "http"; type = "http";
tls = false;
x_forwarded = true; x_forwarded = true;
resources = [{ resources = [{
names = [ "client" "federation" ]; names = [ "client" "federation" ];
@ -57,24 +57,29 @@ in
enable = true; enable = true;
settings = { settings = {
SYNCV3_SERVER = "https://${domain}"; SYNCV3_SERVER = "https://${domain}";
SYNCV3_BINDADDR = "/run/matrix-sliding-sync/server.sock";
}; };
environmentFile = config.age.secrets."matrix/sync".path; environmentFile = config.age.secrets."matrix/sync".path;
}; };
caddy = { nginx = {
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
# synapse # synapse
"${domain}".extraConfig = '' "${domain}" = {
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock # locations."/".extraConfig = "return 404;";
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
reverse_proxy unix//run/matrix-synapse/server.sock # # proxy to synapse
''; # locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/".proxyPass = "http://[::1]:8008";
locations."~ ^/(client/|_matrix/client/unstable/org.matrix.msc3575/sync)".proxyPass = "http://localhost:8009";
# locations."/_synapse/client".proxyPass = "http://[::1]:8008";
};
# element # element
"${domainClient}".extraConfig = '' "${domainClient}" = {
root '${pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = {
inherit (clientConfig) "m.homeserver"; inherit (clientConfig) "m.homeserver";
@ -82,23 +87,13 @@ in
}; };
disable_3pid_login = true; disable_3pid_login = true;
}; };
}}' };
''; };
}; };
}; };
}; };
systemd.services.matrix-synapse = { systemd.services.matrix-synapse.after = [ "matrix-synapse-pgsetup.service" ];
after = [ "matrix-synapse-pgsetup.service" ];
serviceConfig = {
RuntimeDirectory = "matrix-synapse";
};
};
systemd.services.matrix-sliding-sync = {
serviceConfig = {
RuntimeDirectory = "matrix-sliding-sync";
};
};
systemd.services.matrix-synapse-pgsetup = { systemd.services.matrix-synapse-pgsetup = {
description = "Prepare Synapse postgres database"; description = "Prepare Synapse postgres database";

27
hosts/nuc/modules/seafile/default.nix
View file

@ -31,16 +31,21 @@ in
} }
''; '';
}; };
services.caddy.virtualHosts."${domain}".extraConfig = '' services.nginx.virtualHosts."${domain}" = {
redir /accounts/login /oauth/login locations."/" = {
reverse_proxy unix//run/seahub/gunicorn.sock proxyPass = "http://unix:/run/seahub/gunicorn.sock";
route /media/* { };
root '${pkgs.seahub}' locations."/seafhttp" = {
} proxyPass = "http://127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}";
extraConfig = ''
route /seafhttp/* { rewrite ^/seafhttp(.*)$ $1 break;
uri strip_prefix /seafhttp
reverse_proxy 127.0.0.1:${toString config.services.seafile.seafileSettings.fileserver.port}
}
''; '';
};
locations."/media" = {
root = pkgs.seahub;
};
locations."/accounts/login" = {
return = "301 /oauth/login";
};
};
} }

8
hosts/nuc/modules/vaultwarden/default.nix
View file

@ -29,7 +29,9 @@ in
]; ];
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
}; };
services.caddy.virtualHosts."${domain}".extraConfig = '' services.nginx.virtualHosts."${domain}" = {
reverse_proxy 127.0.0.1:${toString config.services.vaultwarden.config.rocketPort} locations."/" = {
''; proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
};
};
} }

BIN
secrets/thinkpad/wireless.age
View file

Binary file not shown.

1
shared/zsh.nix
View file

@ -9,7 +9,6 @@
trash-cli trash-cli
nix-output-monitor nix-output-monitor
iperf iperf
jq
]; ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
programs.fzf = { programs.fzf = {