Remove fsr domain option and use the native networking ones #67
27 changed files with 54 additions and 77 deletions
|
@ -52,7 +52,6 @@
|
|||
./modules/course-management.nix
|
||||
./modules/gitea.nix
|
||||
{
|
||||
fsr.domain = "ifsr.de";
|
||||
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
||||
}
|
||||
];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
|
@ -15,7 +15,6 @@
|
|||
#boot.supportedFilesystems = [ "zfs" ];
|
||||
#boot.zfs.devNodes = "/dev/";
|
||||
|
||||
networking.hostName = "quitte"; # Define your hostname.
|
||||
services.qemuGuest.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ config, ... }:
|
||||
let
|
||||
wireguard_port = 51820;
|
||||
in
|
||||
|
@ -11,7 +11,9 @@ in
|
|||
|
||||
networking = {
|
||||
hostId = "a71c81fc";
|
||||
rdns = "quitte.ifsr.de";
|
||||
domain = "ifsr.de";
|
||||
hostName = "quitte";
|
||||
rDNS = config.networking.fqdn;
|
||||
enableIPv6 = true;
|
||||
useDHCP = true;
|
||||
interfaces.ens18.useDHCP = true;
|
||||
|
|
|
@ -57,7 +57,7 @@ in
|
|||
'';
|
||||
extraMessagesConfig = ''
|
||||
director = abel-dir = all, !skipped, !restored
|
||||
mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.fsr.domain}>\" -s \"Bacula report" %r"
|
||||
mailcommand = "${bacula_package}/bin/bsmtp -f \"Bacula <bacula@${config.networking.domain}>\" -s \"Bacula report" %r"
|
||||
mail = root+backup = all, !skipped
|
||||
'';
|
||||
director."abel-dir".password = "@${config.sops.secrets."bacula/password".path}";
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
# hostName = "kurse.${config.fsr.domain}";
|
||||
hostName = "kurse.ifsr.de";
|
||||
hostName = "kurse.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets =
|
||||
|
@ -22,15 +21,15 @@ in
|
|||
adminPassFile = config.sops.secrets."course-management/adminpass".path;
|
||||
admins = [{
|
||||
name = "Root iFSR";
|
||||
email = "root@${config.fsr.domain}";
|
||||
email = "root@${config.networking.domain}";
|
||||
}];
|
||||
database = {
|
||||
ENGINE = "django.db.backends.postgresql";
|
||||
NAME = "course-management";
|
||||
};
|
||||
email = lib.mkDefault {
|
||||
fromEmail = "noreply@${config.fsr.domain}";
|
||||
serverEmail = "root@${config.fsr.domain}";
|
||||
fromEmail = "noreply@${config.networking.domain}";
|
||||
serverEmail = "root@${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "ftp.ifsr.de";
|
||||
domain = "ftp.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ];
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
domain = "git.${config.fsr.domain}";
|
||||
domain = "git.${config.networking.domain}";
|
||||
giteaUser = "git";
|
||||
in
|
||||
{
|
||||
|
@ -38,7 +38,7 @@ in
|
|||
server = {
|
||||
PROTOCOL = "http+unix";
|
||||
DOMAIN = domain;
|
||||
SSH_DOMAIN = config.fsr.domain;
|
||||
SSH_DOMAIN = config.networking.domain;
|
||||
ROOT_URL = "https://${domain}";
|
||||
OFFLINE_MODE = true; # disable use of CDNs
|
||||
};
|
||||
|
@ -46,7 +46,7 @@ in
|
|||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
ENABLE_NOTIFY_MAIL = true;
|
||||
NO_REPLY_ADDRESS = "noreply.${config.fsr.domain}";
|
||||
NO_REPLY_ADDRESS = "noreply.${config.networking.domain}";
|
||||
};
|
||||
"service.explore".DISABLE_USERS_PAGE = true;
|
||||
openid = {
|
||||
|
@ -55,7 +55,7 @@ in
|
|||
};
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
FROM = "\"iFSR Git\" <git@${config.fsr.domain}>";
|
||||
FROM = "\"iFSR Git\" <git@${config.networking.domain}>";
|
||||
SMTP_ADDR = "localhost";
|
||||
SMTP_PORT = 25;
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
domain = "pad.ifsr.de";
|
||||
domain = "pad.${config.networking.domain}";
|
||||
template = pkgs.writeText "hedgedoc-template.md" ''
|
||||
---
|
||||
tags: listed
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
domain = "hydra.ifsr.de";
|
||||
domain = "hydra.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets."hydra_ldap_search" = { owner = "hydra"; group = "hydra"; mode = "440"; };
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
domain = "kpp.ifsr.de";
|
||||
domain = "kpp.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
services.kpp = {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
domain = "auth.${config.fsr.domain}";
|
||||
domain = "auth.${config.networking.domain}";
|
||||
seed = {
|
||||
groups = [
|
||||
{
|
||||
|
@ -55,7 +55,7 @@ in
|
|||
|
||||
services.portunus = {
|
||||
enable = true;
|
||||
package = pkgs.portunus.overrideAttrs (old: {
|
||||
package = pkgs.portunus.overrideAttrs (_old: {
|
||||
patches = [
|
||||
./0001-update-user-validation-regex.patch
|
||||
./0002-both-ldap-and-ldaps.patch
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
hostname = "mail.${config.fsr.domain}";
|
||||
domain = config.fsr.domain;
|
||||
rspamd-domain = "rspamd.${config.fsr.domain}";
|
||||
hostname = "mail.${config.networking.domain}";
|
||||
domain = config.networking.domain;
|
||||
rspamd-domain = "rspamd.${config.networking.domain}";
|
||||
dovecot-ldap-args = pkgs.writeText "ldap-args" ''
|
||||
uris = ldap://localhost
|
||||
dn = uid=search, ou=users, dc=ifsr, dc=de
|
||||
|
@ -84,8 +84,7 @@ in
|
|||
config = {
|
||||
home_mailbox = "Maildir/";
|
||||
# hostname used in helo command. It is recommended to have this match the reverse dns entry
|
||||
# smtp_helo_name = "x8d1e1ea9.agdsn.tu-dresden.de";
|
||||
smtp_helo_name = config.networking.rdns;
|
||||
smtp_helo_name = config.networking.rDNS;
|
||||
smtp_use_tls = true;
|
||||
# smtp_tls_security_level = "encrypt";
|
||||
smtpd_use_tls = true;
|
||||
|
@ -235,7 +234,7 @@ in
|
|||
};
|
||||
opendkim = {
|
||||
enable = true;
|
||||
domains = "csl:${config.fsr.domain}";
|
||||
domains = "csl:${config.networking.domain}";
|
||||
selector = config.networking.hostName;
|
||||
configFile = pkgs.writeText "opendkim-config" ''
|
||||
UMask 0117
|
||||
|
|
|
@ -7,10 +7,10 @@
|
|||
services.mailman = {
|
||||
enable = true;
|
||||
serve.enable = true;
|
||||
webHosts = [ "lists.${config.fsr.domain}" ];
|
||||
webHosts = [ "lists.${config.networking.domain}" ];
|
||||
hyperkitty.enable = true;
|
||||
enablePostfix = true;
|
||||
siteOwner = "mailman@${config.fsr.domain}";
|
||||
siteOwner = "mailman@${config.networking.domain}";
|
||||
settings = {
|
||||
database = {
|
||||
class = "mailman.database.postgresql.PostgreSQLDatabase";
|
||||
|
@ -58,7 +58,7 @@
|
|||
];
|
||||
ensureDatabases = [ "mailman" "mailmanweb" ];
|
||||
};
|
||||
services.nginx.virtualHosts."lists.${config.fsr.domain}" = {
|
||||
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domainServer = "matrix.staging.ifsr.de";
|
||||
domainClient = "chat.staging.ifsr.de";
|
||||
domainServer = "matrix.staging.${config.networking.domain}";
|
||||
domainClient = "chat.staging.${config.networking.domain}";
|
||||
|
||||
clientConfig = {
|
||||
"m.homeserver" = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, options, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
homeserverDomain = config.services.matrix-synapse.settings.server_name;
|
||||
registrationFileSynapse = "/var/lib/matrix-synapse/telegram-registration.yaml";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
domain = "nc.staging.ifsr.de";
|
||||
legacy_domain = "oc.ifsr.de";
|
||||
domain = "nc.staging.${config.networking.domain}";
|
||||
legacy_domain = "oc.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
|
|
|
@ -29,7 +29,7 @@
|
|||
acceptTerms = true;
|
||||
defaults = {
|
||||
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
email = "root@ifsr.de";
|
||||
email = "root@${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
security.pam.services.nginx.text = ''
|
||||
|
|
|
@ -1,17 +1,5 @@
|
|||
{ config, lib, ... }: with lib; {
|
||||
options.fsr = {
|
||||
enable_office_bloat = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "install heavy office bloat like texlive, okular, ...";
|
||||
};
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
default = "ifsr.de";
|
||||
description = "under which top level domain the services should run";
|
||||
};
|
||||
};
|
||||
options.networking.rdns = mkOption {
|
||||
{ lib, ... }: with lib; {
|
||||
options.networking.rDNS = mkOption {
|
||||
type = types.str;
|
||||
default = networking.fqdn;
|
||||
description = "The reverse dns record known to be set for this host.";
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# php pad lister tool written by jonas
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
domain = "list.pad.ifsr.de";
|
||||
domain = "list.pad.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
services.phpfpm.pools.padlist = {
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, lib, ... }:
|
||||
let
|
||||
sogo-hostname = "mail.${config.fsr.domain}";
|
||||
domain = config.fsr.domain;
|
||||
sogo-hostname = "mail.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.generateKey = false;
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ config, ... }:
|
||||
{
|
||||
services = {
|
||||
nginx = {
|
||||
virtualHosts = {
|
||||
# "stream.${config.fsr.domain}" = {
|
||||
"stream.ifsr.de" = {
|
||||
"stream.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" =
|
||||
|
@ -17,13 +16,6 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
#streamConfig = ''
|
||||
# server {
|
||||
# listen 1935;
|
||||
# proxy_pass [::1]:1935;
|
||||
# proxy_buffer_size 32k;
|
||||
#}
|
||||
#'';
|
||||
};
|
||||
owncast = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, ... }:
|
||||
let
|
||||
domain = "users.${config.fsr.domain}";
|
||||
domain = "users.${config.networking.domain}";
|
||||
port = 8083;
|
||||
apacheUser = config.services.httpd.user;
|
||||
in
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
domain = "vault.ifsr.de";
|
||||
domain = "vault.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets."vaultwarden_env".owner = "vaultwarden";
|
||||
|
@ -16,7 +16,7 @@ in
|
|||
smtpHost = "127.0.0.1";
|
||||
smtpPort = 25;
|
||||
smtpSSL = false;
|
||||
smtpFrom = "noreply@${config.fsr.domain}";
|
||||
smtpFrom = "noreply@${config.networking.domain}";
|
||||
smtpFromName = "iFSR Vaultwarden";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -31,13 +31,13 @@ in
|
|||
|
||||
services.nginx = {
|
||||
|
||||
virtualHosts."www.${config.fsr.domain}" = {
|
||||
virtualHosts."www.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".return = "301 $scheme://ifsr.de$request_uri";
|
||||
|
||||
};
|
||||
virtualHosts."${config.fsr.domain}" = {
|
||||
virtualHosts."${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/srv/web/ifsrde";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "wiki.ifsr.de";
|
||||
domain = "wiki.${config.networking.domain}";
|
||||
listenPort = 8080;
|
||||
in
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue