diff --git a/flake.nix b/flake.nix index 2149789..1e864be 100755 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,6 @@ { inputs = { + nixpkgs.url = github:nixpkgs/nixos/nixos-22.05; sops-nix.url = github:Mic92/sops-nix; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; fsr-infoscreen.url = github:fsr/infoscreen; diff --git a/modules/base.nix b/modules/base.nix index a38a300..2ba9864 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -67,9 +67,9 @@ nmap tcpdump bat - dig - ethtool - iftop + dig + ethtool + iftop ipcalc iperf3 ipv6calc @@ -82,8 +82,8 @@ sysstat tree whois - exa - zsh + exa + zsh ]; } diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 8769369..407f847 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -61,7 +61,7 @@ in # ensure that postgres is running *before* running the setup systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; }; } diff --git a/modules/stream.nix b/modules/stream.nix index 64ec181..2d7bb7f 100644 --- a/modules/stream.nix +++ b/modules/stream.nix @@ -1,39 +1,42 @@ -{pkgs, lib, config, ...}: -let +{ pkgs, lib, config, ... }: +let website = pkgs.fetchgit { url = "ssh+git://git@github.com:fsr/fruitbasket.git"; rev = "1b380f3bfd48aae2a17aefbbdd0538f09b7d3bcf"; sha256 = ""; }; -in { +in +{ services = { nginx = { virtualHosts = { - "stream.ifsr.de" = { - enableACME = true; - forceSSL = true; - locations."/" = let - cfg = config.services.owncast; - in { + "stream.ifsr.de" = { + enableACME = true; + forceSSL = true; + locations."/" = + let + cfg = config.services.owncast; + in + { proxyPass = "http://${toString cfg.listen}:${toString cfg.port}"; proxyWebsockets = true; }; - }; }; - #streamConfig = '' - # server { - # listen 1935; - # proxy_pass [::1]:1935; - # proxy_buffer_size 32k; - #} - #''; - }; - owncast = { - enable = true; - port = 13142; - listen = "[::ffff:127.0.0.1]"; - openFirewall = true; - rtmp-port = 1935; }; + #streamConfig = '' + # server { + # listen 1935; + # proxy_pass [::1]:1935; + # proxy_buffer_size 32k; + #} + #''; + }; + owncast = { + enable = true; + port = 13142; + listen = "[::ffff:127.0.0.1]"; + openFirewall = true; + rtmp-port = 1935; + }; }; } diff --git a/modules/wiki.nix b/modules/wiki.nix index 0caf09d..23767c8 100644 --- a/modules/wiki.nix +++ b/modules/wiki.nix @@ -5,14 +5,14 @@ "mediawiki/initial_admin".owner = config.users.users.mediawiki.name; "mediawiki/ldapprovider".owner = config.users.users.mediawiki.name; }; - -# users.users.mediawiki.extraGroups = [ "postgres" ]; + + # users.users.mediawiki.extraGroups = [ "postgres" ]; nixpkgs.overlays = [ (final: prev: { - final.config.systemd.services.mediawiki-init.script = '' - - ''; - }) + final.config.systemd.services.mediawiki-init.script = '' + + ''; + }) ]; services = { mediawiki = { @@ -21,99 +21,99 @@ passwordFile = config.sops.secrets."mediawiki/initial_admin".path; database = { type = "postgres"; -# socket = "/run/postgresql"; + # socket = "/run/postgresql"; user = "mediawiki"; name = "mediawiki"; - host = "localhost"; - port = 5432; + host = "localhost"; + port = 5432; passwordFile = config.sops.secrets."mediawiki/postgres".path; }; -# virtualHost = { -# hostName = "wiki.quitte.tassilo-tanneberger.de"; -# adminAddr = "root@ifsr.de"; -# forceSSL = true; -# enableACME = true; -# }; + # virtualHost = { + # hostName = "wiki.quitte.tassilo-tanneberger.de"; + # adminAddr = "root@ifsr.de"; + # forceSSL = true; + # enableACME = true; + # }; - virtualHost = { - hostName = "wiki.quitte.tassilo-tanneberger.de"; - adminAddr = "root@ifsr.de"; - #forceSSL = true; - #enableACME = true; - }; + virtualHost = { + hostName = "wiki.quitte.tassilo-tanneberger.de"; + adminAddr = "root@ifsr.de"; + #forceSSL = true; + #enableACME = true; + }; - virtualHost.listen = [ - { - ip = "127.0.0.1"; - port = 8080; - ssl = false; - } - ]; + virtualHost.listen = [ + { + ip = "127.0.0.1"; + port = 8080; + ssl = false; + } + ]; extraConfig = '' - $wgDBport = "5432"; - $wgDBmwschema = "mediawiki"; + $wgDBport = "5432"; + $wgDBmwschema = "mediawiki"; - $wgDBserver = "localhost"; - $wgDBname = "mediawiki"; + $wgDBserver = "localhost"; + $wgDBname = "mediawiki"; - /////// $wgArticlePath = '/$1'; + /////// $wgArticlePath = '/$1'; - // $wgLogo = "https://www.c3d2.de/images/ck.png"; - $wgEmergencyContact = "root@ifsr.de"; - $wgPasswordSender = "root@ifsr.de"; - $wgLanguageCode = "de"; + // $wgLogo = "https://www.c3d2.de/images/ck.png"; + $wgEmergencyContact = "root@ifsr.de"; + $wgPasswordSender = "root@ifsr.de"; + $wgLanguageCode = "de"; - $wgGroupPermissions['*']['edit'] = false; - $wgGroupPermissions['user']['edit'] = true; - $wgGroupPermissions['sysop']['interwiki'] = true; - $wgGroupPermissions['sysop']['userrights'] = true; + $wgGroupPermissions['*']['edit'] = false; + $wgGroupPermissions['user']['edit'] = true; + $wgGroupPermissions['sysop']['interwiki'] = true; + $wgGroupPermissions['sysop']['userrights'] = true; - define("NS_INTERN", 100); - define("NS_INTERN_TALK", 101); + define("NS_INTERN", 100); + define("NS_INTERN_TALK", 101); - $wgExtraNamespaces[NS_INTERN] = "Intern"; - $wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion"; + $wgExtraNamespaces[NS_INTERN] = "Intern"; + $wgExtraNamespaces[NS_INTERN_TALK] = "Intern_Diskussion"; - $wgGroupPermissions['intern']['move'] = true; - $wgGroupPermissions['intern']['move-subpages'] = true; - $wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages - $wgGroupPermissions['intern']['read'] = true; - $wgGroupPermissions['intern']['edit'] = true; - $wgGroupPermissions['intern']['createpage'] = true; - $wgGroupPermissions['intern']['createtalk'] = true; - $wgGroupPermissions['intern']['writeapi'] = true; - $wgGroupPermissions['intern']['upload'] = true; - $wgGroupPermissions['intern']['reupload'] = true; - $wgGroupPermissions['intern']['reupload-shared'] = true; - $wgGroupPermissions['intern']['minoredit'] = true; - $wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok" - $wgGroupPermissions['intern']['sendemail'] = true; + $wgGroupPermissions['intern']['move'] = true; + $wgGroupPermissions['intern']['move-subpages'] = true; + $wgGroupPermissions['intern']['move-rootuserpages'] = true; // can move root userpages + $wgGroupPermissions['intern']['read'] = true; + $wgGroupPermissions['intern']['edit'] = true; + $wgGroupPermissions['intern']['createpage'] = true; + $wgGroupPermissions['intern']['createtalk'] = true; + $wgGroupPermissions['intern']['writeapi'] = true; + $wgGroupPermissions['intern']['upload'] = true; + $wgGroupPermissions['intern']['reupload'] = true; + $wgGroupPermissions['intern']['reupload-shared'] = true; + $wgGroupPermissions['intern']['minoredit'] = true; + $wgGroupPermissions['intern']['purge'] = true; // can use ?action=purge without clicking "ok" + $wgGroupPermissions['intern']['sendemail'] = true; - $wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern'); - $wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern'); + $wgNamespacePermissionLockdown[NS_INTERN]['*'] = array('intern'); + $wgNamespacePermissionLockdown[NS_INTERN_TALK]['*'] = array('intern'); - $wgGroupPermissions['sysop']['deletelogentry'] = true; - $wgGroupPermissions['sysop']['deleterevision'] = true; + $wgGroupPermissions['sysop']['deletelogentry'] = true; + $wgGroupPermissions['sysop']['deleterevision'] = true; - wfLoadExtension('ConfirmEdit/QuestyCaptcha'); - $wgCaptchaClass = 'QuestyCaptcha'; - $wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<>' ); + wfLoadExtension('ConfirmEdit/QuestyCaptcha'); + $wgCaptchaClass = 'QuestyCaptcha'; + $wgCaptchaQuestions[] = array( 'question' => 'How is C3D2 logo in ascii?', 'answer' => '<<>' ); - $wgEnableAPI = true; - $wgAllowUserCss = true; - $wgUseAjax = true; - $wgEnableMWSuggest = true; + $wgEnableAPI = true; + $wgAllowUserCss = true; + $wgUseAjax = true; + $wgEnableMWSuggest = true; - //TODO what about $wgUpgradeKey ? + //TODO what about $wgUpgradeKey ? - $wgScribuntoDefaultEngine = 'luastandalone'; + $wgScribuntoDefaultEngine = 'luastandalone'; - # LDAP - $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}"; - $wgPluggableAuth_EnableLocalLogin = true; + # LDAP + $LDAPProviderDomainConfigs = "${config.sops.secrets."mediawiki/ldapprovider".path}"; + $wgPluggableAuth_EnableLocalLogin = true; ''; extensions = { #Cite = pkgs.fetchzip { @@ -175,10 +175,10 @@ enable = true; ensureUsers = [ { - name = "mediawiki"; - ensurePermissions = { - "DATABASE \"mediawiki\"" = "ALL PRIVILEGES"; - }; + name = "mediawiki"; + ensurePermissions = { + "DATABASE \"mediawiki\"" = "ALL PRIVILEGES"; + }; } ]; ensureDatabases = [