nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-11-14 01:21:42 +01:00
parent 77e9aa4ddd e26ac7cbe2
commit 37eb70db63
9 changed files with 186 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
system-modules/gitea.nix
View File

@@ -1,6 +0,0 @@
{ pkgs, ... }:
{
services.gitea = {
enable = true;
};
}

12
system-modules/networking.nix
View File

@@ -13,10 +13,20 @@
networkmanager = {
enable = true;
};
enableIPv6 = false;
enableIPv6 = true;
firewall.allowedTCPPorts = [
80
443
];
};
environment.etc = {
"ssl/certs/tuda-eduroam-root.crt".source = "${pkgs.cacert.unbundled}/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2:1.crt";
};
sops.secrets = {
"eduroam/tuda_nmconnection" = {
mode = "0600";
owner = "root";
path = "/etc/NetworkManager/system-connections/eduroam.nmconnection";
};
};
}

71
system-modules/nx2site/gitea.nix Normal file
View File

@@ -0,0 +1,71 @@
{ config, pkgs-unstable, domain, ... }:
{
sops.secrets = {
"postgres-pw" = { owner = "gitea"; };
};
services.gitea = {
enable = true;
package = pkgs-unstable.gitea;
group = "gitea"; # default
user = "gitea"; # default
appName = "NxGit";
stateDir = "/var/lib/gitea"; # default
useWizard = false; # default
# camoHmacKeyFile = ;
customDir = "${config.services.gitea.stateDir}/custom"; # default
database = {
createDatabase = false; # default
host = "127.0.0.1"; # default
port = 5432;
passwordFile = config.sops.secrets."postgres-pw".path;
# path = "${config.services.gitea.stateDir}/data/gitea.db"; # default
# socket = "/run/postgresql";
socket = null;
type = "postgres";
name = "gitea"; # default
user = "gitea"; # default
};
dump = {
enable = true;
backupDir = "${config.services.gitea.stateDir}/dump"; # default
file = null; # default
interval = "daily";
type = "zip"; # default
};
extraConfig = null; # default
lfs = {
enable = false; # default
contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
};
mailerPasswordFile = null; # default
metricsTokenFile = null; # default
repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
settings = {
log = {
LEVEL = "Info";
# LEVEL = "Error";
ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default
};
i18n = {
LANGS = "en-US";
};
server = {
DISABLE_SSH = false; # default
SSH_PORT = 20022;
DOMAIN = "pw2.${domain}";
HTTP_ADDR = "http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
HTTP_PORT = 3000; # default
PROTOCOL = "http"; # default
ROOT_URL = "https:pw2.${domain}/"; # default
STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static";
};
session = {
COOKIE_SECURE = true;
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

2
system-modules/nx2site/proxy.nix
View File

@@ -110,7 +110,7 @@
};
"pw2.${domain}" = vh // {
listen = dl;
locations = let d = "127.0.0.1:8222"; in {
locations = let d = "127.0.0.1:3000"; in {
"/" = { proxyPass = "http://${d}"; };
"/admin" = { proxyPass = "http://${d}"; };
"/notifications/hub" = { proxyPass = "http://${d}"; };

0
system-modules/nx2site/vaultwarden.nix Normal file
View File

83
system-modules/postgres.nix Normal file
View File

@@ -0,0 +1,83 @@
{ config, pkgs, lib, user, ... }:
{
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_12;
dataDir = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; # default
# identMap = ''
# ${user} ${user} ${user}
# '';
enableJIT = false; # default
initdbArgs = []; # default
checkConfig = true; # default
enableTCPIP = false;
# # extraPlugins =
initialScript = null; # default
authentication = lib.mkForce ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust #scram-sha-256
host all all ::1/128 trust #scram-sha-256
'';
# recoveryConfig = null;
ensureDatabases = [
"gitea"
# "vaultwarden"
];
settings = {
port = 5432; # default
listen_addresses = "localhost";
log_line_prefix = "[%p] "; # default
shared_preload_libraries = [ ]; # default
};
ensureUsers = [
# {
# name = "${user}";
# ensureDBOwnership = false;
# ensureClauses = {
# login = true;
# # inherit
# createdb = true;
# bypassrls = true;
# superuser = true;
# createrole = true;
# replication = true;
# };
# }
{
# as liong as there is no declarative user management you gotta set a pw by hand
# sudo -u postgres psql -c "ALTER USER gitea PASSWORD 'new-passwd';"
name = "gitea";
ensureDBOwnership = true;
}
];
};
# postgresqlBackup = {
# enable
# startAt
# location
# databases
# backupAll
# compression
# }
# postgresqlWalReceiver.receivers."main" = {
# postgresqlPackage = pkgs.postgresql_15;
# directory = /mnt/pg_wal/main/;
# slot = "main_wal_receiver";
# connection = "postgresql://user@somehost";
# compress
# extraArgs
# synchronous
# environment
# statusInterval
# };
# }
};
}

17
system-modules/users.nix
View File

@@ -5,7 +5,22 @@
users.users."${user}" = {
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" "input" "ydotool" "acme" "nginx" "adbusers" ];
extraGroups = [
"networkmanager"
"wheel"
"audio"
"video"
"docker"
"libvirtd"
"uinput"
"input"
"ydotool"
"acme"
"nginx"
"adbusers"
"gitea"
"postgres"
];
useDefaultShell = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1RPCcS8DtIf75a2FEW4d8X6WTVeLlmretoLqppvZlJ" # From [A] GPG Sub Key