diff --git a/flake.lock b/flake.lock index 3cc7b38..adefc1b 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1774411715, - "narHash": "sha256-mceIHtVMXpLAfr1W0VK9ceTBX5yKu4gGWpVbThWTsAA=", + "lastModified": 1773190009, + "narHash": "sha256-QDBoepUZNQaIEvOqCGku6XjUp2sSh+7xamA8vNe9HlQ=", "owner": "9001", "repo": "copyparty", - "rev": "26e663d111e39ca96c63702ad27a05b6736607cf", + "rev": "8a9066c35cd94226ee0e99d5d36e8b630ed8d2a3", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1774626137, - "narHash": "sha256-1WelwA45Xm4glTG8R9IX9jYeFKDG2HbR79jAauLezUE=", + "lastModified": 1773179137, + "narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", "owner": "nix-community", "repo": "home-manager", - "rev": "9df3a639007cfe0d074433f7fc225ea94f877d08", + "rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", "type": "github" }, "original": { @@ -144,11 +144,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1772963539, + "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "type": "github" }, "original": { diff --git a/hosts/galanthus/configuration.nix b/hosts/galanthus/configuration.nix index 4335df4..bd955ed 100644 --- a/hosts/galanthus/configuration.nix +++ b/hosts/galanthus/configuration.nix @@ -9,15 +9,8 @@ imports = [ inputs.agenix.nixosModules.default inputs.copyparty.nixosModules.default - ./hardware-configuration.nix - - ../../modules/nixos/tailscale.nix - ../../modules/nixos/jellyfin.nix - ../../modules/nixos/immich.nix - ../../modules/nixos/paperless.nix - ../../modules/nixos/copyparty.nix - ../../modules/nixos/samba.nix + ../../modules/nixos ]; boot = { diff --git a/hosts/nimbus/configuration.nix b/hosts/nimbus/configuration.nix index e8e7af2..b7c4df4 100644 --- a/hosts/nimbus/configuration.nix +++ b/hosts/nimbus/configuration.nix @@ -7,13 +7,10 @@ { imports = [ inputs.agenix.nixosModules.default - ./hardware-configuration.nix - ../../modules/nixos/tailscale.nix - ../../modules/nixos/caddy.nix ../../modules/nixos/matrix.nix - ../../modules/nixos/forgejo.nix + ../../modules/nixos/website.nix ]; # Workaround for https://github.com/NixOS/nix/issues/8502 @@ -25,13 +22,6 @@ zramSwap.enable = true; - swapDevices = [ - { - device = "/swapfile"; - size = 1 * 1024; # 1GB - } - ]; - security.sudo.extraConfig = '' Defaults lecture = never Defaults pwfeedback diff --git a/modules/nixos/caddy.nix b/modules/nixos/caddy.nix deleted file mode 100644 index 086c277..0000000 --- a/modules/nixos/caddy.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - systemd.tmpfiles.rules = [ - "d /var/www/jankremer.de 755 jan users -" - ]; - - services.caddy = { - enable = true; - virtualHosts = { - "jankremer.de:8448".extraConfig = # caddyfile - '' - reverse_proxy localhost:6167 - ''; - - "jankremer.de".extraConfig = # caddyfile - '' - handle /_matrix/* { - reverse_proxy localhost:6167 - } - - handle /.well-known/matrix/server { - header Content-Type application/json - respond `{"m.server": "jankremer.de:443"}` 200 - } - - handle /.well-known/matrix/client { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 - } - - handle { - root * /var/www/jankremer.de - file_server - - @static { - path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp - } - header @static Cache-Control "public, max-age=31536000, immutable" - - @html { - path *.html - } - header @html Cache-Control "no-cache" - } - - handle_errors { - rewrite * /404.html - file_server - } - ''; - - "git.jankremer.de".extraConfig = # caddyfile - '' - reverse_proxy localhost:3000 - ''; - - "jankremer.eu".extraConfig = # caddyfile - '' - redir https://jankremer.de{uri} permanent - ''; - - "git.jankremer.eu".extraConfig = # caddyfile - '' - redir https://git.jankremer.de{uri} permanent - ''; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - 8448 - ]; -} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..a30a033 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./copyparty.nix + # ./forgejo.nix + ./immich.nix + ./jellyfin.nix + # ./minecraft.nix + ./paperless.nix + ./samba.nix + ./tailscale.nix + ]; +} diff --git a/modules/nixos/forgejo.nix b/modules/nixos/forgejo.nix index 75e748a..654ce26 100644 --- a/modules/nixos/forgejo.nix +++ b/modules/nixos/forgejo.nix @@ -1,13 +1,5 @@ { config, ... }: -let - domain = "git.jankremer.de"; -in { - age.secrets.forgejo-mailer = { - file = ../../modules/secrets/forgejo-mailer.age; - owner = "forgejo"; - }; - services = { forgejo = { enable = true; @@ -16,25 +8,14 @@ in settings = { service.DISABLE_REGISTRATION = true; server = { - DOMAIN = domain; - ROOT_URL = "https://${domain}"; - START_SSH_SERVER = false; - SSH_PORT = 22; + DOMAIN = "git.alpine-centauri.ts.net"; + ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}"; + HTTP_PORT = 3010; }; - mailer = { + actions = { ENABLED = true; - SMTP_ADDR = "smtp.mail.me.com"; - SMTP_PORT = 587; - FROM = "git@jankremer.de"; - USER = "janurskremer@me.com"; + DEFAULT_ACTIONS_URL = "github"; }; - # actions = { - # ENABLED = true; - # DEFAULT_ACTIONS_URL = "github"; - # }; - }; - secrets = { - mailer.PASSWD = config.age.secrets.forgejo-mailer.path; }; }; }; diff --git a/modules/nixos/matrix.nix b/modules/nixos/matrix.nix index 379a790..677859d 100644 --- a/modules/nixos/matrix.nix +++ b/modules/nixos/matrix.nix @@ -17,4 +17,40 @@ }; }; }; + + services.caddy = { + enable = true; + ## Matrix federation + virtualHosts = { + "jankremer.de:8448" = { + extraConfig = '' + reverse_proxy localhost:6167 + ''; + }; + "jankremer.de" = { + extraConfig = '' + handle /_matrix/* { + reverse_proxy localhost:6167 + } + + handle /.well-known/matrix/server { + header Content-Type application/json + respond `{"m.server": "jankremer.de:443"}` 200 + } + + handle /.well-known/matrix/client { + header Content-Type application/json + header Access-Control-Allow-Origin * + respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200 + } + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8448 + ]; } diff --git a/modules/nixos/website.nix b/modules/nixos/website.nix new file mode 100644 index 0000000..59558a1 --- /dev/null +++ b/modules/nixos/website.nix @@ -0,0 +1,27 @@ +{ + systemd.tmpfiles.rules = [ + "d /var/www/jankremer.de 755 jan users -" + ]; + + services.caddy.virtualHosts."jankremer.de".extraConfig = '' + handle { + root * /var/www/jankremer.de + file_server + + @static { + path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp + } + header @static Cache-Control "public, max-age=31536000, immutable" + + @html { + path *.html + } + header @html Cache-Control "no-cache" + } + ''; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; +} diff --git a/modules/secrets/forgejo-mailer.age b/modules/secrets/forgejo-mailer.age deleted file mode 100644 index d5eeb84..0000000 --- a/modules/secrets/forgejo-mailer.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 2otpcg 3/3V9NuhhEEvC5Czd52LroF3gb+5R8kVMwUQEdjQPz4 -W69B15eEI4+0v+TRKzS9mCs1+Gwjd2XeS9lykr5pxyQ --> ssh-ed25519 40YjXQ Ie0rCVXk2DtsE/V8pcL3o7UXD1U/1Ag/knDrDOr0REw -Zuc42+JOtssFl7puQvHRdLuPpA51qgykiQ9/9xJlSK0 --> ssh-ed25519 wbs2Dw qwhCUJQmXljIcEO8ysfSFpFPWqdmW5ysMhYxEW9QmUU -w5nSiL+pAX36RG2A/V4QijFjqVzIZ+5/HsbS/C2I8S0 ---- Rm8JLyJwpZp1BBfARjKFz7vnJjGagN1VOgpHSmI7zDU -‚C_.¹¡Ìâ"׋: `F…ƒ­U¤Ø_ÀŒ_)ÚžŸkRÉ7|I.b ±áö)4: \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 9b47379..6a3e41e 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -2,7 +2,6 @@ let malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE"; galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u"; nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj"; - all = [ malus galanthus @@ -14,5 +13,4 @@ in "paperless-admin.age".publicKeys = all; "tailscale.age".publicKeys = all; "matrix-registration-token.age".publicKeys = all; - "forgejo-mailer.age".publicKeys = all; }