jan/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jan:f268e1e4621b2464c8705ac877cc408ad97eedfc
Branches Tags
jan:main
..
compare: jan:b5d6919c625190a13d4f23d0b35c4cb2b0d04482
Branches Tags
jan:main

No commits in common. "f268e1e4621b2464c8705ac877cc408ad97eedfc" and "b5d6919c625190a13d4f23d0b35c4cb2b0d04482" have entirely different histories.
f268e1e462 ... b5d6919c62

10 changed files with 91 additions and 137 deletions
Download patch file Download diff file Expand all files Collapse all files

18
flake.lock generated
View file

@ -31,11 +31,11 @@
]
},
"locked": {
"lastModified": 1774411715,
"narHash": "sha256-mceIHtVMXpLAfr1W0VK9ceTBX5yKu4gGWpVbThWTsAA=",
"lastModified": 1773190009,
"narHash": "sha256-QDBoepUZNQaIEvOqCGku6XjUp2sSh+7xamA8vNe9HlQ=",
"owner": "9001",
"repo": "copyparty",
"rev": "26e663d111e39ca96c63702ad27a05b6736607cf",
"rev": "8a9066c35cd94226ee0e99d5d36e8b630ed8d2a3",
"type": "github"
},
"original": {
@ -129,11 +129,11 @@
]
},
"locked": {
"lastModified": 1774626137,
"narHash": "sha256-1WelwA45Xm4glTG8R9IX9jYeFKDG2HbR79jAauLezUE=",
"lastModified": 1773179137,
"narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9df3a639007cfe0d074433f7fc225ea94f877d08",
"rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09",
"type": "github"
},
"original": {
@ -144,11 +144,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1774386573,
"narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {

9
hosts/galanthus/configuration.nix
View file

@ -9,15 +9,8 @@
imports = [
inputs.agenix.nixosModules.default
inputs.copyparty.nixosModules.default
./hardware-configuration.nix
../../modules/nixos/tailscale.nix
../../modules/nixos/jellyfin.nix
../../modules/nixos/immich.nix
../../modules/nixos/paperless.nix
../../modules/nixos/copyparty.nix
../../modules/nixos/samba.nix
../../modules/nixos
];
boot = {

12
hosts/nimbus/configuration.nix
View file

@ -7,13 +7,10 @@
{
imports = [
inputs.agenix.nixosModules.default
./hardware-configuration.nix
../../modules/nixos/tailscale.nix
../../modules/nixos/caddy.nix
../../modules/nixos/matrix.nix
../../modules/nixos/forgejo.nix
../../modules/nixos/website.nix
];
# Workaround for https://github.com/NixOS/nix/issues/8502
@ -25,13 +22,6 @@
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 1 * 1024; # 1GB
}
];
security.sudo.extraConfig = ''
Defaults lecture = never
Defaults pwfeedback

74
modules/nixos/caddy.nix
View file

@ -1,74 +0,0 @@
{
systemd.tmpfiles.rules = [
"d /var/www/jankremer.de 755 jan users -"
];
services.caddy = {
enable = true;
virtualHosts = {
"jankremer.de:8448".extraConfig = # caddyfile
''
reverse_proxy localhost:6167
'';
"jankremer.de".extraConfig = # caddyfile
''
handle /_matrix/* {
reverse_proxy localhost:6167
}
handle /.well-known/matrix/server {
header Content-Type application/json
respond `{"m.server": "jankremer.de:443"}` 200
}
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200
}
handle {
root * /var/www/jankremer.de
file_server
@static {
path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp
}
header @static Cache-Control "public, max-age=31536000, immutable"
@html {
path *.html
}
header @html Cache-Control "no-cache"
}
handle_errors {
rewrite * /404.html
file_server
}
'';
"git.jankremer.de".extraConfig = # caddyfile
''
reverse_proxy localhost:3000
'';
"jankremer.eu".extraConfig = # caddyfile
''
redir https://jankremer.de{uri} permanent
'';
"git.jankremer.eu".extraConfig = # caddyfile
''
redir https://git.jankremer.de{uri} permanent
'';
};
};
networking.firewall.allowedTCPPorts = [
80
443
8448
];
}

12
modules/nixos/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
imports = [
./copyparty.nix
# ./forgejo.nix
./immich.nix
./jellyfin.nix
# ./minecraft.nix
./paperless.nix
./samba.nix
./tailscale.nix
];
}

29
modules/nixos/forgejo.nix
View file

@ -1,13 +1,5 @@
{ config, ... }:
let
domain = "git.jankremer.de";
in
{
age.secrets.forgejo-mailer = {
file = ../../modules/secrets/forgejo-mailer.age;
owner = "forgejo";
};
services = {
forgejo = {
enable = true;
@ -16,25 +8,14 @@ in
settings = {
service.DISABLE_REGISTRATION = true;
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}";
START_SSH_SERVER = false;
SSH_PORT = 22;
DOMAIN = "git.alpine-centauri.ts.net";
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
HTTP_PORT = 3010;
};
mailer = {
actions = {
ENABLED = true;
SMTP_ADDR = "smtp.mail.me.com";
SMTP_PORT = 587;
FROM = "git@jankremer.de";
USER = "janurskremer@me.com";
DEFAULT_ACTIONS_URL = "github";
};
# actions = {
# ENABLED = true;
# DEFAULT_ACTIONS_URL = "github";
# };
};
secrets = {
mailer.PASSWD = config.age.secrets.forgejo-mailer.path;
};
};
};

36
modules/nixos/matrix.nix
View file

@ -17,4 +17,40 @@
};
};
};
services.caddy = {
enable = true;
## Matrix federation
virtualHosts = {
"jankremer.de:8448" = {
extraConfig = ''
reverse_proxy localhost:6167
'';
};
"jankremer.de" = {
extraConfig = ''
handle /_matrix/* {
reverse_proxy localhost:6167
}
handle /.well-known/matrix/server {
header Content-Type application/json
respond `{"m.server": "jankremer.de:443"}` 200
}
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver": {"base_url": "https://jankremer.de"}}` 200
}
'';
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
8448
];
}

27
modules/nixos/website.nix Normal file
View file

@ -0,0 +1,27 @@
{
systemd.tmpfiles.rules = [
"d /var/www/jankremer.de 755 jan users -"
];
services.caddy.virtualHosts."jankremer.de".extraConfig = ''
handle {
root * /var/www/jankremer.de
file_server
@static {
path *.css *.js *.woff2 *.woff *.ttf *.png *.jpg *.jpeg *.svg *.ico *.webp
}
header @static Cache-Control "public, max-age=31536000, immutable"
@html {
path *.html
}
header @html Cache-Control "no-cache"
}
'';
networking.firewall.allowedTCPPorts = [
80
443
];
}

9
modules/secrets/forgejo-mailer.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 2otpcg 3/3V9NuhhEEvC5Czd52LroF3gb+5R8kVMwUQEdjQPz4
W69B15eEI4+0v+TRKzS9mCs1+Gwjd2XeS9lykr5pxyQ
-> ssh-ed25519 40YjXQ Ie0rCVXk2DtsE/V8pcL3o7UXD1U/1Ag/knDrDOr0REw
Zuc42+JOtssFl7puQvHRdLuPpA51qgykiQ9/9xJlSK0
-> ssh-ed25519 wbs2Dw qwhCUJQmXljIcEO8ysfSFpFPWqdmW5ysMhYxEW9QmUU
w5nSiL+pAX36RG2A/V4QijFjqVzIZ+5/HsbS/C2I8S0
--- Rm8JLyJwpZp1BBfARjKFz7vnJjGagN1VOgpHSmI7zDU
C_.¹¡Ìâ"×: `F…ƒ­U¤Ø_ÀŒ_)ÚžŸkRÉ7|I.b ±áö)4:

2
modules/secrets/secrets.nix
View file

@ -2,7 +2,6 @@ let
malus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTpgedzJ7vs3GMOjUeQGkAzGhNZRhvMMz9Z1whaWieE";
galanthus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZYQao2OKQxyic+I327VZ7lQECh9hSS9cgsls3e/a1u";
nimbus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDIjr3r9RVTzMPNvfBWxVei8aGMlay3smMhhuGxEMRaj";
all = [
malus
galanthus
@ -14,5 +13,4 @@ in
"paperless-admin.age".publicKeys = all;
"tailscale.age".publicKeys = all;
"matrix-registration-token.age".publicKeys = all;
"forgejo-mailer.age".publicKeys = all;
}