commit
02de2df6d3
113
flake.lock
113
flake.lock
|
@ -9,11 +9,11 @@
|
||||||
"poetry2nix": "poetry2nix"
|
"poetry2nix": "poetry2nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1699040089,
|
"lastModified": 1701429257,
|
||||||
"narHash": "sha256-EEBYKHZgC3ecjEZno+a/ZbFRCCln2PrkVVzLJDXquZ4=",
|
"narHash": "sha256-qogV2s6wU1KrFaPUPdUdRNYMLnuRJ19lnF8+bqqA5YE=",
|
||||||
"owner": "fsr",
|
"owner": "fsr",
|
||||||
"repo": "course-management",
|
"repo": "course-management",
|
||||||
"rev": "28f2eedcf0be82f5b718dc2077c6fba0f444d971",
|
"rev": "a0342bef0d833ef2175769e6cf3475a210fa3b94",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -47,11 +47,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687709756,
|
"lastModified": 1694529238,
|
||||||
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
|
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
|
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -65,11 +65,11 @@
|
||||||
"systems": "systems_2"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687709756,
|
"lastModified": 1694529238,
|
||||||
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
|
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
|
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -98,6 +98,28 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nix-github-actions": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"course-management",
|
||||||
|
"poetry2nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1698974481,
|
||||||
|
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nix-index-database": {
|
"nix-index-database": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -105,11 +127,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700363379,
|
"lastModified": 1702291765,
|
||||||
"narHash": "sha256-fBEVPFwSZ6AmBE1s1oT7E9WVuqRghruxTnSQ8UUlMkw=",
|
"narHash": "sha256-kfxavgLKPIZdYVPUPcoDZyr5lleymrqbr5G9PVfQ2NY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "27920146e671a0d565aaa7452907383be14d8d82",
|
"rev": "45d82e0a8b9dd6c5dd9da835ac0c072239af7785",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -120,27 +142,27 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700403855,
|
"lastModified": 1702346276,
|
||||||
"narHash": "sha256-Q0Uzjik9kUTN9pd/kp52XJi5kletBhy29ctBlAG+III=",
|
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0c5678df521e1407884205fe3ce3cf1d7df297db",
|
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700342017,
|
"lastModified": 1702148972,
|
||||||
"narHash": "sha256-HaibwlWH5LuqsaibW3sIVjZQtEM/jWtOHX4Nk93abGE=",
|
"narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "decdf666c833a325cb4417041a90681499e06a41",
|
"rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -153,17 +175,20 @@
|
||||||
"poetry2nix": {
|
"poetry2nix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-utils": "flake-utils_2",
|
||||||
|
"nix-github-actions": "nix-github-actions",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"course-management",
|
"course-management",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"systems": "systems_3",
|
||||||
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688440303,
|
"lastModified": 1701399357,
|
||||||
"narHash": "sha256-hFfOyityHdVFI0HNM+sqZfpi9Fbvjvy0N9O7FjuqPWY=",
|
"narHash": "sha256-QSGP2J73HQ4gF5yh+MnClv2KUKzcpTmikdmV8ULfq2E=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "poetry2nix",
|
"repo": "poetry2nix",
|
||||||
"rev": "04714155bae013fb9b207e54d1faf9f0c3d08706",
|
"rev": "7acb78166a659d6afe9b043bb6fe5cb5e86bb75e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -190,11 +215,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700362823,
|
"lastModified": 1702177193,
|
||||||
"narHash": "sha256-/H7XgvrYM0IbkpWkcdfkOH0XyBM5ewSWT1UtaLvOgKY=",
|
"narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "49a87c6c827ccd21c225531e30745a9a6464775c",
|
"rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -232,6 +257,42 @@
|
||||||
"repo": "default",
|
"repo": "default",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "systems",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"treefmt-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"course-management",
|
||||||
|
"poetry2nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1699786194,
|
||||||
|
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = github:nixos/nixpkgs/nixos-23.05;
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
sops-nix.url = github:Mic92/sops-nix;
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||||
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -22,6 +22,7 @@
|
||||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
|
||||||
hydraJobs."x86-64-linux".quitte = self.packages."x86_64-linux".quitte;
|
hydraJobs."x86-64-linux".quitte = self.packages."x86_64-linux".quitte;
|
||||||
|
|
||||||
|
overlays.default = import ./overlays;
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
quitte = nixpkgs.lib.nixosSystem {
|
quitte = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -67,6 +68,7 @@
|
||||||
./modules/sharepic.nix
|
./modules/sharepic.nix
|
||||||
./modules/zammad.nix
|
./modules/zammad.nix
|
||||||
{
|
{
|
||||||
|
nixpkgs.overlays = [ self.overlays.default ];
|
||||||
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,41 +1,4 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{ pkgs, config, lib, ... }:
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
|
||||||
# We write a custom config file because the upstream config has some flaws
|
|
||||||
fd_cfg = config.services.bacula-fd;
|
|
||||||
fd_conf = pkgs.writeText "bacula-fd.conf" ''
|
|
||||||
Client {
|
|
||||||
Name = ${fd_cfg.name}
|
|
||||||
FDPort = ${toString fd_cfg.port}
|
|
||||||
WorkingDirectory = /var/lib/bacula
|
|
||||||
Pid Directory = /run
|
|
||||||
${fd_cfg.extraClientConfig}
|
|
||||||
}
|
|
||||||
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
|
||||||
Director {
|
|
||||||
Name = ${name}
|
|
||||||
Password = ${value.password}
|
|
||||||
Monitor = ${value.monitor}
|
|
||||||
}
|
|
||||||
'') fd_cfg.director)}
|
|
||||||
|
|
||||||
Messages {
|
|
||||||
Name = Standard;
|
|
||||||
syslog = all, !skipped, !restored
|
|
||||||
${fd_cfg.extraMessagesConfig}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
# AGDSN is running an outdated version that we have to comply to
|
|
||||||
bacula_package = (pkgs.bacula.overrideAttrs (old: rec {
|
|
||||||
version = "9.6.7";
|
|
||||||
src = pkgs.fetchurl {
|
|
||||||
url = "mirror://sourceforge/bacula/${old.pname}-${version}.tar.gz";
|
|
||||||
sha256 = "sha256-3w+FJezbo4DnS1N8pxrfO3WWWT8CGJtZqw6//IXMyN4=";
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"bacula/password".owner = "bacula";
|
"bacula/password".owner = "bacula";
|
||||||
|
@ -56,7 +19,7 @@ in
|
||||||
'';
|
'';
|
||||||
extraMessagesConfig = ''
|
extraMessagesConfig = ''
|
||||||
director = abel-dir = all, !skipped, !restored
|
director = abel-dir = all, !skipped, !restored
|
||||||
mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
|
mailcommand = "${pkgs.bacula}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
|
||||||
mail = root+backup = all, !skipped
|
mail = root+backup = all, !skipped
|
||||||
'';
|
'';
|
||||||
director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
|
director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
|
||||||
|
@ -73,5 +36,4 @@ in
|
||||||
Password = @${config.sops.secrets."bacula/password".path}
|
Password = @${config.sops.secrets."bacula/password".path}
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
systemd.services.bacula-fd.serviceConfig.ExecStart = lib.mkForce "${bacula_package}/sbin/bacula-fd -f -u root -g bacula -c ${fd_conf}";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -93,7 +93,7 @@
|
||||||
sysstat
|
sysstat
|
||||||
tree
|
tree
|
||||||
whois
|
whois
|
||||||
exa
|
eza
|
||||||
zsh
|
zsh
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,9 +38,7 @@ in
|
||||||
enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
|
enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "course-management";
|
name = "course-management";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "course-management" ];
|
ensureDatabases = [ "course-management" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -67,9 +67,7 @@ in
|
||||||
enableTCPIP = lib.mkForce false;
|
enableTCPIP = lib.mkForce false;
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "course-management";
|
name = "course-management";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "course-management" ];
|
ensureDatabases = [ "course-management" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,40 +1,43 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
domain = "git.${config.networking.domain}";
|
domain = "git.${config.networking.domain}";
|
||||||
giteaUser = "git";
|
gitUser = "git";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
sops.secrets.gitea_ldap_search = {
|
sops.secrets.gitea_ldap_search = {
|
||||||
key = "portunus/search-password";
|
key = "portunus/search-password";
|
||||||
owner = config.services.gitea.user;
|
owner = config.services.forgejo.user;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.${giteaUser} = {
|
users.users.${gitUser} = {
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
home = config.services.gitea.stateDir;
|
home = config.services.gitea.stateDir;
|
||||||
group = giteaUser;
|
group = gitUser;
|
||||||
useDefaultShell = true;
|
useDefaultShell = true;
|
||||||
};
|
};
|
||||||
users.groups.${giteaUser} = { };
|
users.groups.${gitUser} = { };
|
||||||
|
|
||||||
services.gitea = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.forgejo; # community fork
|
# package = pkgs.forgejo; # community fork
|
||||||
user = giteaUser;
|
user = gitUser;
|
||||||
group = giteaUser;
|
group = gitUser;
|
||||||
appName = "iFSR Git";
|
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
|
name = "git"; # legacy
|
||||||
createDatabase = true;
|
createDatabase = true;
|
||||||
user = giteaUser;
|
user = gitUser;
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
|
# TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
|
||||||
# dump = { };
|
# dump = { };
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
|
DEFAULT = {
|
||||||
|
APP_NAME = "iFSR Git";
|
||||||
|
};
|
||||||
server = {
|
server = {
|
||||||
PROTOCOL = "http+unix";
|
PROTOCOL = "http+unix";
|
||||||
DOMAIN = domain;
|
DOMAIN = domain;
|
||||||
|
@ -68,7 +71,7 @@ in
|
||||||
|
|
||||||
systemd.services.gitea.preStart =
|
systemd.services.gitea.preStart =
|
||||||
let
|
let
|
||||||
exe = lib.getExe config.services.gitea.package;
|
exe = lib.getExe config.services.forgejo.package;
|
||||||
portunus = config.services.portunus;
|
portunus = config.services.portunus;
|
||||||
basedn = "ou=users,${portunus.ldap.suffix}";
|
basedn = "ou=users,${portunus.ldap.suffix}";
|
||||||
ldapConfigArgs = ''
|
ldapConfigArgs = ''
|
||||||
|
@ -108,7 +111,7 @@ in
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}:/";
|
proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
locations."/api/v1/users/search".return = "403";
|
locations."/api/v1/users/search".return = "403";
|
||||||
|
|
|
@ -14,9 +14,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "hedgedoc";
|
name = "hedgedoc";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE hedgedoc" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "hedgedoc" ];
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
|
|
|
@ -20,7 +20,7 @@
|
||||||
webSettings = {
|
webSettings = {
|
||||||
DATABASES.default = {
|
DATABASES.default = {
|
||||||
ENGINE = "django.db.backends.postgresql";
|
ENGINE = "django.db.backends.postgresql";
|
||||||
NAME = "mailmanweb";
|
NAME = "mailman-web";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
ldap = {
|
ldap = {
|
||||||
|
@ -45,18 +45,14 @@
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "mailman";
|
name = "mailman";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE mailman" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
name = "mailman-web";
|
name = "mailman-web";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE mailmanweb" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "mailman" "mailmanweb" ];
|
ensureDatabases = [ "mailman" "mailman-web" ];
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
|
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -10,9 +10,7 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
ensureUsers = [{
|
ensureUsers = [{
|
||||||
name = "mautrix-telegram";
|
name = "mautrix-telegram";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE \"mautrix-telegram\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
}];
|
||||||
ensureDatabases = [ "mautrix-telegram" ];
|
ensureDatabases = [ "mautrix-telegram" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,7 +17,6 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
package = pkgs.nextcloud27;
|
package = pkgs.nextcloud27;
|
||||||
enableBrokenCiphersForSSE = false; # disable the openssl warning
|
|
||||||
hostName = domain;
|
hostName = domain;
|
||||||
https = true; # Use https for all urls
|
https = true; # Use https for all urls
|
||||||
phpExtraExtensions = all: [
|
phpExtraExtensions = all: [
|
||||||
|
|
|
@ -51,9 +51,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "sogo";
|
name = "sogo";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE sogo" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "sogo" ];
|
ensureDatabases = [ "sogo" ];
|
||||||
|
|
|
@ -25,9 +25,7 @@ in
|
||||||
ensureUsers = [
|
ensureUsers = [
|
||||||
{
|
{
|
||||||
name = "vaultwarden";
|
name = "vaultwarden";
|
||||||
ensurePermissions = {
|
ensureDBOwnership = true;
|
||||||
"DATABASE vaultwarden" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = [ "vaultwarden" ];
|
ensureDatabases = [ "vaultwarden" ];
|
||||||
|
|
15
overlays/default.nix
Normal file
15
overlays/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
_final: prev:
|
||||||
|
let
|
||||||
|
inherit (prev) fetchurl;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
# AGDSN is running an outdated version that we have to comply to
|
||||||
|
bacula = (prev.bacula.overrideAttrs (old: rec {
|
||||||
|
version = "9.6.7";
|
||||||
|
src = fetchurl {
|
||||||
|
url = "mirror://sourceforge/bacula/${old.pname}-${version}.tar.gz";
|
||||||
|
sha256 = "sha256-3w+FJezbo4DnS1N8pxrfO3WWWT8CGJtZqw6//IXMyN4=";
|
||||||
|
};
|
||||||
|
}));
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue