From 911fa95dd12840bd735dcdba9313fe3892749eca Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 12:38:24 +0100 Subject: [PATCH 1/7] falkenstein: disable zram and add own dns config --- README.md | 1 - hosts/falkenstein/default.nix | 2 +- hosts/falkenstein/modules/dns/default.nix | 70 +++++++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 hosts/falkenstein/modules/dns/default.nix diff --git a/README.md b/README.md index 0ddc915..f3ff301 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,6 @@ sda ├─sda1 / ├─sda14 # BIOS boot └─sda15 /boot/efi # EFI stuff -zram0 [SWAP] ``` ### vm diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index b84a17a..60cacca 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -5,6 +5,7 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ./modules/backup + ./modules/dns ./modules/fail2ban ./modules/mail ./modules/networks @@ -27,7 +28,6 @@ initrd.systemd.enable = true; kernelPackages = pkgs.linuxPackages_latest; }; - zramSwap.enable = true; time.timeZone = "Europe/Berlin"; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix new file mode 100644 index 0000000..e50a718 --- /dev/null +++ b/hosts/falkenstein/modules/dns/default.nix @@ -0,0 +1,70 @@ +{ pkgs, ... }: +{ + services.bind = { + enable = true; + zones = { + "rfive.de" = { + master = true; + slaves = [ + "192.174.68.104" + "176.97.158.104" + "185.181.104.96" + ]; + extraConfig = '' + also-notify {185.181.104.96;}; + ''; + file = pkgs.writeText "rfive.de_zone.txt" '' + $TTL 3600 + + rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030827 10800 3600 604800 3600 + @ 3600 IN NS ns.rfive.de. + @ 3600 IN NS ns.inwx.de. + @ 3600 IN NS ns2.inwx.de. + + ns.rfive.de. 3600 IN A 23.88.121.184 + ns.rfive.de. 3600 IN AAAA 2a01:4f8:c012:49de::1 + + @ IN A 23.88.121.184 + @ IN AAAA 2a01:4f8:c012:49de::1 + @ IN CAA 0 iodef "mailto:ca@rfive.de" + @ IN CAA 0 issue "letsencrypt.org" + @ IN CAA 0 issuewild ";" + + nuc 3600 IN A 141.30.227.6 + + falkenstein IN A 23.88.121.184 + falkenstein IN AAAA 2a01:4f8:c012:49de::1 + falkenstein IN SSHFP 1 1 DE42CA418093CF94EABC124E101AE4D8DE02C69F + falkenstein IN SSHFP 1 2 149100F5C3CA333E20E7B03EB463B0FB23D34FFE1FC65EFAADDDBE51 8EC35990 + falkenstein IN SSHFP 4 1 70A38677DEE50C5B67AA11400A6BCD4984355C2A + falkenstein IN SSHFP 4 2 B25AD18A23C885AE965875C4C9EDA4E4EDFD3503334B10F0BFE7527B EB178CB2 + + @ IN MX 1 mail.rfive.de. + mail IN A 23.88.121.184 + mail IN AAAA 2a01:4f8:c012:49de::1 + + @ IN TXT "v=spf1 mx ~all" + rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" + _dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" + + auth IN CNAME nuc.rfive.de. + test IN CNAME nuc.rfive.de. + cache IN CNAME nuc.rfive.de. + chat IN CNAME nuc.rfive.de. + images.trucksimulatorbot IN CNAME falkenstein.rfive.de. + matrix IN CNAME nuc.rfive.de. + purge IN CNAME falkenstein.rfive.de. + rspamd IN CNAME falkenstein.rfive.de. + seafile IN CNAME nuc.rfive.de. + trucksimulatorbot IN CNAME falkenstein.rfive.de. + uptime IN CNAME nuc.rfive.de. + vault IN CNAME nuc.rfive.de. + + _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c" + ''; + }; + }; + }; + networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 ]; +} From 525b92a65d5849eea98ceb620f3c8e0ff25784aa Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 12:39:16 +0100 Subject: [PATCH 2/7] nuc: add keycloak --- hosts/nuc/default.nix | 5 ++- hosts/nuc/modules/keycloak/default.nix | 43 +++++++++++++++++++++++++ secrets.nix | 1 + secrets/nuc/keycloak/db.age | Bin 0 -> 339 bytes 4 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 hosts/nuc/modules/keycloak/default.nix create mode 100644 secrets/nuc/keycloak/db.age diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 670f0ea..14f4e11 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -8,7 +8,8 @@ ./modules/backup ./modules/cache # ./modules/grafana - ./modules/hydra + # ./modules/hydra + ./modules/keycloak # ./modules/prometheus ./modules/matrix ./modules/mautrix-telegram @@ -69,8 +70,6 @@ programs.mosh.enable = true; - # firmware updates - services.fwupd.enable = true; users.users.root.initialHashedPassword = "$y$j9T$hYM7FT2hn3O7OWBn9uz8e0$XquxONcPSke6YjdRGwOzGxC0/92hgP7PIB0y0K.Qdr/"; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../keys/ssh/rouven-thinkpad diff --git a/hosts/nuc/modules/keycloak/default.nix b/hosts/nuc/modules/keycloak/default.nix new file mode 100644 index 0000000..0ace24b --- /dev/null +++ b/hosts/nuc/modules/keycloak/default.nix @@ -0,0 +1,43 @@ +{ config, ... }: +let + domain = "auth.${config.networking.domain}"; +in +{ + age.secrets.keycloak = { + file = ../../../../secrets/nuc/keycloak/db.age; + }; + services.keycloak = { + enable = true; + settings = { + http-port = 8084; + https-port = 19000; + hostname = domain; + # proxy-headers = "forwarded"; + proxy = "edge"; + }; + database = { + # host = "/var/run/postgresql/.s.PGSQL.5432"; + # useSSL = false; + # createLocally = false; + passwordFile = config.age.secrets.keycloak.path; + }; + initialAdminPassword = "plschangeme"; + }; + # services.postgresql = { + # enable = true; + # ensureUsers = [ + # { + # name = "keycloak"; + # ensureDBOwnership = true; + # } + # ]; + # ensureDatabases = [ "keycloak" ]; + # }; + services.nginx.virtualHosts."${domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index afcde6c..f73f67b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -20,6 +20,7 @@ in "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/keycloak/db.age b/secrets/nuc/keycloak/db.age new file mode 100644 index 0000000000000000000000000000000000000000..1093a5bf5f6ea03cbdbdb1d3b8ec99964fadf213 GIT binary patch literal 339 zcmZ9_yH0~p002-o6E+j$%;Z9_P@tvJnB4YKD1BIGnZw2pHeg-229H%gYEPsuF1ppn}Y1hzvKrVSL0%nd(L zq7gf!hBL#PH>lhw2OAinVO>Ef)7e6|Rj?G4K2O+zAvIk%PoNE&rU67V?Si#5)7nPl2P>HMmTXUwnOP_>tVNtNg5Ssn%6!6hyhSj((Cv}Inr${u5+FFEYBW@W& z;JIl_b9)`stz@b#bkKy+xAD?*@_3Vtk;ZWPyt|@2=WnBF(qvL+5EwOfCE&HoHAh7< zr&WnQuGh9DVUIski@D;&u|&|p2jUM-ZlAtbyw5*_*SDR$>lVIy|GED@53}RXhuy=V O#5cXi7mzT@)$A7^VsX3x literal 0 HcmV?d00001 From 05dc9b467171b058aba1d5486b8f75f8aa13b243 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 12:40:02 +0100 Subject: [PATCH 3/7] falkenstein.vpn -> falkenstein --- hosts/falkenstein/modules/mail/default.nix | 4 ++-- hosts/falkenstein/modules/networks/default.nix | 6 +++++- hosts/thinkpad/modules/networks/default.nix | 2 +- users/rouven/modules/ssh/default.nix | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/hosts/falkenstein/modules/mail/default.nix b/hosts/falkenstein/modules/mail/default.nix index 1e96bae..4f5ef3f 100644 --- a/hosts/falkenstein/modules/mail/default.nix +++ b/hosts/falkenstein/modules/mail/default.nix @@ -44,7 +44,8 @@ in sslKey = "/var/lib/acme/${hostname}/key.pem"; config = { home_mailbox = "Maildir/"; - smtp_helo_name = "falkenstein.vpn.rfive.de"; + smtp_helo_name = config.networking.fqdn; + smtpd_banner = "${config.networking.fqdn} ESMTP $mail_name"; smtp_use_tls = true; smtpd_use_tls = true; smtpd_tls_protocols = [ @@ -220,7 +221,6 @@ in "dkim_signing.conf".text = '' selector = "rspamd"; allow_username_mismatch = true; - allow_hdrfrom_mismatch = true; path = /var/lib/rspamd/dkim/$domain.key; ''; }; diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix index 4452579..163bf41 100644 --- a/hosts/falkenstein/modules/networks/default.nix +++ b/hosts/falkenstein/modules/networks/default.nix @@ -31,6 +31,10 @@ "2620:fe::fe" "2620:fe::9" ]; + extraConfig = '' + [Resolve] + DNSStubListener=no + ''; }; systemd.network = { enable = true; @@ -72,7 +76,7 @@ wireguardPeerConfig = { PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; - Endpoint = "dorm.vpn.rfive.de:51820"; + Endpoint = "nuc.rfive.de:51820"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; }; } diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 3d1cbdb..7bfaf31 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -151,7 +151,7 @@ wireguardPeerConfig = { PublicKey = "Z5lwwHTCDr6OF4lfaCdSHNveunOn4RzuOQeyB+El9mQ="; PresharedKeyFile = config.age.secrets."wireguard/dorm/preshared".path; - Endpoint = "dorm.vpn.rfive.de:51820"; + Endpoint = "nuc.rfive.de:51820"; AllowedIPs = "192.168.42.0/24, 192.168.43.0/24"; }; } diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index fb95c2e..59fd80d 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -22,7 +22,7 @@ in identityFile = git; }; "rfive.de" = { - hostname = "falkenstein.vpn.rfive.de"; + hostname = "falkenstein.rfive.de"; user = "root"; extraOptions = { VerifyHostKeyDNS = "yes"; From b97675b24639092b333629728aea0136341bfbf7 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 12:40:33 +0100 Subject: [PATCH 4/7] user: convenience updates --- flake.lock | 18 +++++++++--------- users/rouven/modules/packages.nix | 2 +- users/rouven/modules/wayland/default.nix | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 425358b..ded9ba5 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1709485962, - "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", + "lastModified": 1709825366, + "narHash": "sha256-voasXvMdMSDU12etTmv2DT9SlcZyUNC7Y8OehMbETKE=", "owner": "nix-community", "repo": "home-manager", - "rev": "d579633ff9915a8f4058d5c439281097e92380a8", + "rev": "1283bf6ebbdee4d980b7551bed4c6596805e812c", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709435391, - "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=", + "lastModified": 1709708644, + "narHash": "sha256-XAFOkZ6yexsqeJrCXWoHxopq0i+7ZqbwATXomMnGmr4=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9", + "rev": "94a1e46434736a40f976a454f8bd3ea2144f349b", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1709703039, + "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d", "type": "github" }, "original": { diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index d66570a..ff2d7ec 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -8,7 +8,7 @@ zip unzip man-pages - cinnamon.nemo + pcmanfm xdg-utils # used for xdg-open appimage-run seafile-client diff --git a/users/rouven/modules/wayland/default.nix b/users/rouven/modules/wayland/default.nix index 16f0b52..e68e13b 100644 --- a/users/rouven/modules/wayland/default.nix +++ b/users/rouven/modules/wayland/default.nix @@ -29,7 +29,7 @@ { event = "lock"; command = lib.getExe pkgs.swaylock-effects; } ]; timeouts = [ - { timeout = 300; command = lib.getExe pkgs.swaylock-effects; } + # { timeout = 300; command = lib.getExe pkgs.swaylock-effects; } ]; systemdTarget = "graphical-session.target"; }; From 7bad85eb1f1844bb1a9558c0f7a33eb3c8259aa0 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 13:26:49 +0100 Subject: [PATCH 5/7] trucksimulator: shorten urls --- hosts/falkenstein/modules/dns/default.nix | 27 +++++++++---------- .../modules/trucksimulatorbot/default.nix | 4 +-- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index e50a718..92da955 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -6,8 +6,6 @@ "rfive.de" = { master = true; slaves = [ - "192.174.68.104" - "176.97.158.104" "185.181.104.96" ]; extraConfig = '' @@ -16,7 +14,7 @@ file = pkgs.writeText "rfive.de_zone.txt" '' $TTL 3600 - rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030827 10800 3600 604800 3600 + rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030829 10800 3600 604800 3600 @ 3600 IN NS ns.rfive.de. @ 3600 IN NS ns.inwx.de. @ 3600 IN NS ns2.inwx.de. @@ -47,18 +45,17 @@ rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" _dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" - auth IN CNAME nuc.rfive.de. - test IN CNAME nuc.rfive.de. - cache IN CNAME nuc.rfive.de. - chat IN CNAME nuc.rfive.de. - images.trucksimulatorbot IN CNAME falkenstein.rfive.de. - matrix IN CNAME nuc.rfive.de. - purge IN CNAME falkenstein.rfive.de. - rspamd IN CNAME falkenstein.rfive.de. - seafile IN CNAME nuc.rfive.de. - trucksimulatorbot IN CNAME falkenstein.rfive.de. - uptime IN CNAME nuc.rfive.de. - vault IN CNAME nuc.rfive.de. + auth IN CNAME nuc.rfive.de. + cache IN CNAME nuc.rfive.de. + chat IN CNAME nuc.rfive.de. + img.trucks IN CNAME falkenstein.rfive.de. + matrix IN CNAME nuc.rfive.de. + purge IN CNAME falkenstein.rfive.de. + rspamd IN CNAME falkenstein.rfive.de. + seafile IN CNAME nuc.rfive.de. + trucks IN CNAME falkenstein.rfive.de. + uptime IN CNAME nuc.rfive.de. + vault IN CNAME nuc.rfive.de. _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c" ''; diff --git a/hosts/falkenstein/modules/trucksimulatorbot/default.nix b/hosts/falkenstein/modules/trucksimulatorbot/default.nix index 18d4496..6e9ecd3 100644 --- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix +++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix @@ -1,6 +1,6 @@ { config, pkgs, trucksimulatorbot, ... }: let - domain = "trucksimulatorbot.${config.networking.domain}"; + domain = "trucks.${config.networking.domain}"; in { services.trucksimulatorbot = { @@ -24,7 +24,7 @@ in ensureDatabases = [ "trucksimulator" ]; }; services.nginx.virtualHosts = { - "images.${domain}" = { + "img.${domain}" = { enableACME = true; forceSSL = true; locations."/" = { From 103c238e3e984db7611ec96d01cee67f9849b992 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 13:36:48 +0100 Subject: [PATCH 6/7] nuc: disable uptime-kuma --- flake.lock | 18 +++++++++--------- hosts/nuc/default.nix | 4 ---- hosts/nuc/modules/uptime-kuma/default.nix | 18 ------------------ 3 files changed, 9 insertions(+), 31 deletions(-) delete mode 100644 hosts/nuc/modules/uptime-kuma/default.nix diff --git a/flake.lock b/flake.lock index ded9ba5..2de47a7 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1709825366, - "narHash": "sha256-voasXvMdMSDU12etTmv2DT9SlcZyUNC7Y8OehMbETKE=", + "lastModified": 1709938482, + "narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=", "owner": "nix-community", "repo": "home-manager", - "rev": "1283bf6ebbdee4d980b7551bed4c6596805e812c", + "rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0", "type": "github" }, "original": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1709708644, - "narHash": "sha256-XAFOkZ6yexsqeJrCXWoHxopq0i+7ZqbwATXomMnGmr4=", + "lastModified": 1709906691, + "narHash": "sha256-206XMy1NGW42bnHukJl5W2F90yHNoJc7+H3i+/8i2Pg=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "94a1e46434736a40f976a454f8bd3ea2144f349b", + "rev": "2ad5ebce1e1be47a8cf330d85265ac09ffa15178", "type": "github" }, "original": { @@ -488,11 +488,11 @@ ] }, "locked": { - "lastModified": 1709309746, - "narHash": "sha256-janCP2IoaBQIYQVn/LSYXncheCQ2l7u8E7V2XgHz2G8=", + "lastModified": 1709987509, + "narHash": "sha256-q7iK2q1Sff0FQfsp4G5wX0A8r+k1p6XLOlrICueXtlI=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "6a6bd63946a031ac020a9463cddb3a99de9385fd", + "rev": "db517d53381e3ccea75653e8d29a68d0800cb8c0", "type": "github" }, "original": { diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 14f4e11..6177596 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -7,14 +7,10 @@ ./modules/networks ./modules/backup ./modules/cache - # ./modules/grafana - # ./modules/hydra ./modules/keycloak - # ./modules/prometheus ./modules/matrix ./modules/mautrix-telegram ./modules/seafile - ./modules/uptime-kuma ./modules/vaultwarden ./modules/nginx ]; diff --git a/hosts/nuc/modules/uptime-kuma/default.nix b/hosts/nuc/modules/uptime-kuma/default.nix deleted file mode 100644 index 9d2e32b..0000000 --- a/hosts/nuc/modules/uptime-kuma/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, ... }: -let - domain = "uptime.${config.networking.domain}"; -in -{ - services.uptime-kuma = { - enable = true; - }; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3001"; - proxyWebsockets = true; - }; - }; - -} From 7a3f987b0d51b23775e2b99ed144f8df9928aaf3 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Sat, 9 Mar 2024 15:23:50 +0100 Subject: [PATCH 7/7] keycloak: disable --- hosts/falkenstein/modules/dns/default.nix | 7 ++-- hosts/nuc/default.nix | 1 - hosts/nuc/modules/keycloak/default.nix | 43 ---------------------- secrets.nix | 1 - secrets/nuc/keycloak/db.age | Bin 339 -> 0 bytes 5 files changed, 3 insertions(+), 49 deletions(-) delete mode 100644 hosts/nuc/modules/keycloak/default.nix delete mode 100644 secrets/nuc/keycloak/db.age diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index 92da955..48b2eb8 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -13,8 +13,9 @@ ''; file = pkgs.writeText "rfive.de_zone.txt" '' $TTL 3600 + $ORIGIN rfive.de. - rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030829 10800 3600 604800 3600 + rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. 2024030832 10800 3600 604800 3600 @ 3600 IN NS ns.rfive.de. @ 3600 IN NS ns.inwx.de. @ 3600 IN NS ns2.inwx.de. @@ -28,7 +29,7 @@ @ IN CAA 0 issue "letsencrypt.org" @ IN CAA 0 issuewild ";" - nuc 3600 IN A 141.30.227.6 + nuc IN A 141.30.227.6 falkenstein IN A 23.88.121.184 falkenstein IN AAAA 2a01:4f8:c012:49de::1 @@ -45,7 +46,6 @@ rspamd._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" _dmarc IN TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" - auth IN CNAME nuc.rfive.de. cache IN CNAME nuc.rfive.de. chat IN CNAME nuc.rfive.de. img.trucks IN CNAME falkenstein.rfive.de. @@ -54,7 +54,6 @@ rspamd IN CNAME falkenstein.rfive.de. seafile IN CNAME nuc.rfive.de. trucks IN CNAME falkenstein.rfive.de. - uptime IN CNAME nuc.rfive.de. vault IN CNAME nuc.rfive.de. _discord IN TXT "dh=0bcca75b0a56c304f0c23fbdb3f12009411e8c0c" diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 6177596..7415d60 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -7,7 +7,6 @@ ./modules/networks ./modules/backup ./modules/cache - ./modules/keycloak ./modules/matrix ./modules/mautrix-telegram ./modules/seafile diff --git a/hosts/nuc/modules/keycloak/default.nix b/hosts/nuc/modules/keycloak/default.nix deleted file mode 100644 index 0ace24b..0000000 --- a/hosts/nuc/modules/keycloak/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, ... }: -let - domain = "auth.${config.networking.domain}"; -in -{ - age.secrets.keycloak = { - file = ../../../../secrets/nuc/keycloak/db.age; - }; - services.keycloak = { - enable = true; - settings = { - http-port = 8084; - https-port = 19000; - hostname = domain; - # proxy-headers = "forwarded"; - proxy = "edge"; - }; - database = { - # host = "/var/run/postgresql/.s.PGSQL.5432"; - # useSSL = false; - # createLocally = false; - passwordFile = config.age.secrets.keycloak.path; - }; - initialAdminPassword = "plschangeme"; - }; - # services.postgresql = { - # enable = true; - # ensureUsers = [ - # { - # name = "keycloak"; - # ensureDBOwnership = true; - # } - # ]; - # ensureDatabases = [ "keycloak" ]; - # }; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.keycloak.settings.http-port}"; - }; - }; -} diff --git a/secrets.nix b/secrets.nix index f73f67b..afcde6c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -20,7 +20,6 @@ in "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; "secrets/nuc/mautrix-telegram/env.age".publicKeys = [ rouven nuc ]; "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; - "secrets/nuc/keycloak/db.age".publicKeys = [ rouven nuc ]; "secrets/nuc/cache.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; diff --git a/secrets/nuc/keycloak/db.age b/secrets/nuc/keycloak/db.age deleted file mode 100644 index 1093a5bf5f6ea03cbdbdb1d3b8ec99964fadf213..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 339 zcmZ9_yH0~p002-o6E+j$%;Z9_P@tvJnB4YKD1BIGnZw2pHeg-229H%gYEPsuF1ppn}Y1hzvKrVSL0%nd(L zq7gf!hBL#PH>lhw2OAinVO>Ef)7e6|Rj?G4K2O+zAvIk%PoNE&rU67V?Si#5)7nPl2P>HMmTXUwnOP_>tVNtNg5Ssn%6!6hyhSj((Cv}Inr${u5+FFEYBW@W& z;JIl_b9)`stz@b#bkKy+xAD?*@_3Vtk;ZWPyt|@2=WnBF(qvL+5EwOfCE&HoHAh7< zr&WnQuGh9DVUIski@D;&u|&|p2jUM-ZlAtbyw5*_*SDR$>lVIy|GED@53}RXhuy=V O#5cXi7mzT@)$A7^VsX3x