diff --git a/flake.lock b/flake.lock index adefc1b..3cc7b38 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1773190009, - "narHash": "sha256-QDBoepUZNQaIEvOqCGku6XjUp2sSh+7xamA8vNe9HlQ=", + "lastModified": 1774411715, + "narHash": "sha256-mceIHtVMXpLAfr1W0VK9ceTBX5yKu4gGWpVbThWTsAA=", "owner": "9001", "repo": "copyparty", - "rev": "8a9066c35cd94226ee0e99d5d36e8b630ed8d2a3", + "rev": "26e663d111e39ca96c63702ad27a05b6736607cf", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1773179137, - "narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", + "lastModified": 1774626137, + "narHash": "sha256-1WelwA45Xm4glTG8R9IX9jYeFKDG2HbR79jAauLezUE=", "owner": "nix-community", "repo": "home-manager", - "rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", + "rev": "9df3a639007cfe0d074433f7fc225ea94f877d08", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772963539, - "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { diff --git a/hosts/galanthus/configuration.nix b/hosts/galanthus/configuration.nix index bd955ed..4335df4 100644 --- a/hosts/galanthus/configuration.nix +++ b/hosts/galanthus/configuration.nix @@ -9,8 +9,15 @@ imports = [ inputs.agenix.nixosModules.default inputs.copyparty.nixosModules.default + ./hardware-configuration.nix - ../../modules/nixos + + ../../modules/nixos/tailscale.nix + ../../modules/nixos/jellyfin.nix + ../../modules/nixos/immich.nix + ../../modules/nixos/paperless.nix + ../../modules/nixos/copyparty.nix + ../../modules/nixos/samba.nix ]; boot = { diff --git a/hosts/nimbus/configuration.nix b/hosts/nimbus/configuration.nix index b7c4df4..e8e7af2 100644 --- a/hosts/nimbus/configuration.nix +++ b/hosts/nimbus/configuration.nix @@ -7,10 +7,13 @@ { imports = [ inputs.agenix.nixosModules.default + ./hardware-configuration.nix + ../../modules/nixos/tailscale.nix + ../../modules/nixos/caddy.nix ../../modules/nixos/matrix.nix - ../../modules/nixos/website.nix + ../../modules/nixos/forgejo.nix ]; # Workaround for https://github.com/NixOS/nix/issues/8502 @@ -22,6 +25,13 @@ zramSwap.enable = true; + swapDevices = [ + { + device = "/swapfile"; + size = 1 * 1024; # 1GB + } + ]; + security.sudo.extraConfig = '' Defaults lecture = never Defaults pwfeedback diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix new file mode 100644 index 0000000..086c277 --- /dev/null +++ b/modules/nixos/caddy.nix @@ -0,0 +1,74 @@ +{ + systemd.tmpfiles.rules = [ + "d /var/www/jankremer.de 755 jan users -" + ]; + + services.caddy = { + enable = true; + virtualHosts = { + "jankremer.de:8448".extraConfig = # caddyfile + '' + reverse_proxy localhost:6167 + ''; + + "jankremer.de".extraConfig = # caddyfile + '' + handle /_matrix/* { + reverse_proxy localhost:6167 + } + + handle /.well-known/matrix/server { + header Content-Type application/json + respond `{"m.server": "jankremer.de:443"}` 200 + } + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 + } + + handle { + root * /var/www/jankremer.de + file_server + + @static { + path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp + } + header @static Cache-Control "public, max-age=31536000, immutable" + + @html { + path *.html + } + header @html Cache-Control "no-cache" + } + + handle_errors { + rewrite * /404.html + file_server + } + ''; + + "git.jankremer.de".extraConfig = # caddyfile + '' + reverse_proxy localhost:3000 + ''; + + "jankremer.eu".extraConfig = # caddyfile + '' + redir https://jankremer.de{uri} permanent + ''; + + "git.jankremer.eu".extraConfig = # caddyfile + '' + redir https://git.jankremer.de{uri} permanent + ''; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + ]; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix deleted file mode 100644 index a30a033..0000000 --- a/modules/nixos/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./copyparty.nix - # ./forgejo.nix - ./immich.nix - ./jellyfin.nix - # ./minecraft.nix - ./paperless.nix - ./samba.nix - ./tailscale.nix - ]; -} diff --git a/modules/nixos/forgejo.nix b/modules/nixos/forgejo.nix index 654ce26..75e748a 100644 --- a/modules/nixos/forgejo.nix +++ b/modules/nixos/forgejo.nix @@ -1,5 +1,13 @@ { config, ... }: +let + domain = "git.jankremer.de"; +in { + age.secrets.forgejo-mailer = { + file = ../../modules/secrets/forgejo-mailer.age; + owner = "forgejo"; + }; + services = { forgejo = { enable = true; @@ -8,14 +16,25 @@ settings = { service.DISABLE_REGISTRATION = true; server = { - DOMAIN = "git.alpine-centauri.ts.net"; - ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}"; - HTTP_PORT = 3010; + DOMAIN = domain; + ROOT_URL = "https://${domain}"; + START_SSH_SERVER = false; + SSH_PORT = 22; }; - actions = { + mailer = { ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; + SMTP_ADDR = "smtp.mail.me.com"; + SMTP_PORT = 587; + FROM = "git@jankremer.de"; + USER = "janurskremer@me.com"; }; + # actions = { + # ENABLED = true; + # DEFAULT_ACTIONS_URL = "github"; + # }; + }; + secrets = { + mailer.PASSWD = config.age.secrets.forgejo-mailer.path; }; }; }; diff --git a/modules/nixos/matrix.nix b/modules/nixos/matrix.nix index 677859d..379a790 100644 --- a/modules/nixos/matrix.nix +++ b/modules/nixos/matrix.nix @@ -17,40 +17,4 @@ }; }; }; - - services.caddy = { - enable = true; - ## Matrix federation - virtualHosts = { - "jankremer.de:8448" = { - extraConfig = '' - reverse_proxy localhost:6167 - ''; - }; - "jankremer.de" = { - extraConfig = '' - handle /_matrix/* { - reverse_proxy localhost:6167 - } - - handle /.well-known/matrix/server { - header Content-Type application/json - respond `{"m.server": "jankremer.de:443"}` 200 - } - - handle /.well-known/matrix/client { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 - } - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - 8448 - ]; } diff --git a/modules/nixos/website.nix b/modules/nixos/website.nix deleted file mode 100644 index 59558a1..0000000 --- a/modules/nixos/website.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /var/www/jankremer.de 755 jan users -" - ]; - - services.caddy.virtualHosts."jankremer.de".extraConfig = '' - handle { - root * /var/www/jankremer.de - file_server - - @static { - path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp - } - header @static Cache-Control "public, max-age=31536000, immutable" - - @html { - path *.html - } - header @html Cache-Control "no-cache" - } - ''; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; -} diff --git a/modules/secrets/forgejo-mailer.age b/modules/secrets/forgejo-mailer.age new file mode 100644 index 0000000..d5eeb84 --- /dev/null +++ b/modules/secrets/forgejo-mailer.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 2otpcg 3/3V9NuhhEEvC5Czd52LroF3gb+5R8kVMwUQEdjQPz4 +W69B15eEI4+0v+TRKzS9mCs1+Gwjd2XeS9lykr5pxyQ +-> ssh-ed25519 40YjXQ Ie0rCVXk2DtsE/V8pcL3o7UXD1U/1Ag/knDrDOr0REw +Zuc42+JOtssFl7puQvHRdLuPpA51qgykiQ9/9xJlSK0 +-> ssh-ed25519 wbs2Dw qwhCUJQmXljIcEO8ysfSFpFPWqdmW5ysMhYxEW9QmUU +w5nSiL+pAX36RG2A/V4QijFjqVzIZ+5/HsbS/C2I8S0 +--- Rm8JLyJwpZp1BBfARjKFz7vnJjGagN1VOgpHSmI7zDU +‚C_.¹¡Ìâ"׋: `F…ƒ­U¤Ø_ÀŒ_)ÚžŸkRÉ7|I.b ±áö)4: \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 6a3e41e..9b47379 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -2,6 +2,7 @@ let malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE"; galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u"; nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj"; + all = [ malus galanthus @@ -13,4 +14,5 @@ in "paperless-admin.age".publicKeys = all; "tailscale.age".publicKeys = all; "matrix-registration-token.age".publicKeys = all; + "forgejo-mailer.age".publicKeys = all; }