wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

fix checks

Browse source
This commit is contained in:
Rouven Seifert 2023-12-14 15:42:10 +01:00
parent 42c2cce513
commit 8acfe6ee0c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
10 changed files with 27 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/base.nix
View file

@ -93,7 +93,7 @@
sysstat sysstat
tree tree
whois whois
exa eza
zsh zsh
]; ];
} }

4
modules/course-management.nix
View file

@ -38,9 +38,7 @@ in
enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force enable = lib.mkForce true; # upstream bacula config wants to disable it, so we need to force
ensureUsers = [{ ensureUsers = [{
name = "course-management"; name = "course-management";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
};
}]; }];
ensureDatabases = [ "course-management" ]; ensureDatabases = [ "course-management" ];
}; };

4
modules/courses-phil.nix
View file

@ -67,9 +67,7 @@ in
enableTCPIP = lib.mkForce false; enableTCPIP = lib.mkForce false;
ensureUsers = [{ ensureUsers = [{
name = "course-management"; name = "course-management";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
};
}]; }];
ensureDatabases = [ "course-management" ]; ensureDatabases = [ "course-management" ];
}; };

29
modules/gitea.nix
View file

@ -1,40 +1,43 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
domain = "git.${config.networking.domain}"; domain = "git.${config.networking.domain}";
giteaUser = "git"; gitUser = "git";
in in
{ {
sops.secrets.gitea_ldap_search = { sops.secrets.gitea_ldap_search = {
key = "portunus/search-password"; key = "portunus/search-password";
owner = config.services.gitea.user; owner = config.services.forgejo.user;
}; };
users.users.${giteaUser} = { users.users.${gitUser} = {
isSystemUser = true; isSystemUser = true;
home = config.services.gitea.stateDir; home = config.services.gitea.stateDir;
group = giteaUser; group = gitUser;
useDefaultShell = true; useDefaultShell = true;
}; };
users.groups.${giteaUser} = { }; users.groups.${gitUser} = { };
services.gitea = { services.forgejo = {
enable = true; enable = true;
package = pkgs.forgejo; # community fork # package = pkgs.forgejo; # community fork
user = giteaUser; user = gitUser;
group = giteaUser; group = gitUser;
appName = "iFSR Git";
lfs.enable = true; lfs.enable = true;
database = { database = {
type = "postgres"; type = "postgres";
name = "git"; # legacy
createDatabase = true; createDatabase = true;
user = giteaUser; user = gitUser;
}; };
# TODO: enable periodic dumps of the DB and repos, maybe use this for backups? # TODO: enable periodic dumps of the DB and repos, maybe use this for backups?
# dump = { }; # dump = { };
settings = { settings = {
DEFAULT = {
APP_NAME = "iFSR Git";
};
server = { server = {
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
DOMAIN = domain; DOMAIN = domain;
@ -68,7 +71,7 @@ in
systemd.services.gitea.preStart = systemd.services.gitea.preStart =
let let
exe = lib.getExe config.services.gitea.package; exe = lib.getExe config.services.forgejo.package;
portunus = config.services.portunus; portunus = config.services.portunus;
basedn = "ou=users,${portunus.ldap.suffix}"; basedn = "ou=users,${portunus.ldap.suffix}";
ldapConfigArgs = '' ldapConfigArgs = ''
@ -108,7 +111,7 @@ in
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}:/"; proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
locations."/api/v1/users/search".return = "403"; locations."/api/v1/users/search".return = "403";

4
modules/hedgedoc.nix
View file

@ -14,9 +14,7 @@ in
ensureUsers = [ ensureUsers = [
{ {
name = "hedgedoc"; name = "hedgedoc";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE hedgedoc" = "ALL PRIVILEGES";
};
} }
]; ];
ensureDatabases = [ "hedgedoc" ]; ensureDatabases = [ "hedgedoc" ];

12
modules/mailman.nix
View file

@ -20,7 +20,7 @@
webSettings = { webSettings = {
DATABASES.default = { DATABASES.default = {
ENGINE = "django.db.backends.postgresql"; ENGINE = "django.db.backends.postgresql";
NAME = "mailmanweb"; NAME = "mailman-web";
}; };
}; };
ldap = { ldap = {
@ -45,18 +45,14 @@
ensureUsers = [ ensureUsers = [
{ {
name = "mailman"; name = "mailman";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE mailman" = "ALL PRIVILEGES";
};
} }
{ {
name = "mailman-web"; name = "mailman-web";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE mailmanweb" = "ALL PRIVILEGES";
};
} }
]; ];
ensureDatabases = [ "mailman" "mailmanweb" ]; ensureDatabases = [ "mailman" "mailman-web" ];
}; };
services.nginx.virtualHosts."lists.${config.networking.domain}" = { services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true; enableACME = true;

4
modules/mautrix-telegram.nix
View file

@ -10,9 +10,7 @@ in
enable = true; enable = true;
ensureUsers = [{ ensureUsers = [{
name = "mautrix-telegram"; name = "mautrix-telegram";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE \"mautrix-telegram\"" = "ALL PRIVILEGES";
};
}]; }];
ensureDatabases = [ "mautrix-telegram" ]; ensureDatabases = [ "mautrix-telegram" ];
}; };

1
modules/nextcloud.nix
View file

@ -17,7 +17,6 @@ in
enable = true; enable = true;
configureRedis = true; configureRedis = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
enableBrokenCiphersForSSE = false; # disable the openssl warning
hostName = domain; hostName = domain;
https = true; # Use https for all urls https = true; # Use https for all urls
phpExtraExtensions = all: [ phpExtraExtensions = all: [

4
modules/sogo.nix
View file

@ -51,9 +51,7 @@ in
ensureUsers = [ ensureUsers = [
{ {
name = "sogo"; name = "sogo";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE sogo" = "ALL PRIVILEGES";
};
} }
]; ];
ensureDatabases = [ "sogo" ]; ensureDatabases = [ "sogo" ];

4
modules/vaultwarden.nix
View file

@ -25,9 +25,7 @@ in
ensureUsers = [ ensureUsers = [
{ {
name = "vaultwarden"; name = "vaultwarden";
ensurePermissions = { ensureDBOwnership = true;
"DATABASE vaultwarden" = "ALL PRIVILEGES";
};
} }
]; ];
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];