nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New Flake Style XPS fix

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-05-27 12:12:36 +02:00
parent ce140cf4f2
commit 68cb4377b7
52 changed files with 220 additions and 245 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
system-modules/nx2site/dyn_dns.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, domain, ... }:
{ config, pkgs, hyper, ... }:
{
sops.secrets = {
# "nx2site/namecheap.pw" = { };
@@ -8,13 +8,14 @@
};
};
services.cloudflare-dyndns = {
pkgs = pkgs.cloudflare-dyndns;
enable = true;
ipv4 = true;
ipv6 = config.networking.enableIPv6;
domains = [
"${domain}"
"*.${domain}"
"ssh.${domain}"
"${hyper.domain}"
"*.${hyper.domain}"
"ssh.${hyper.domain}"
];
proxied = true;
apiTokenFile = config.sops.secrets."nx2site/cloudflare/global-api-key-env".path;

14
system-modules/nx2site/gitea.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, secrets, user, domain, ... }:
{ config, pkgs, hyper, secrets, ... }:
let git-user = "git"; in
{
sops.secrets = {
@@ -7,13 +7,13 @@ let git-user = "git"; in
users = {
users = {
"${user}".extraGroups = [ git-user ];
"${hyper.user}".extraGroups = [ git-user ];
"${git-user}" = {
isSystemUser = true;
group = git-user;
useDefaultShell = true;
home = config.services.gitea.stateDir;
openssh.authorizedKeys.keys = config.users.users."${user}".openssh.authorizedKeys.keys;
openssh.authorizedKeys.keys = config.users.users."${hyper.user}".openssh.authorizedKeys.keys;
};
};
groups."${git-user}" = {};
@@ -63,12 +63,12 @@ let git-user = "git"; in
START_SSH_SERVER = false; # default
SSH_LISTEN_HOST = "0.0.0.0";
SSH_PORT = secrets.ssh.port;
DOMAIN = "git.${domain}";
SSH_DOMAIN = "ssh.${domain}";
DOMAIN = "git.${hyper.domain}";
SSH_DOMAIN = "ssh.${hyper.domain}";
# HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}";
# HTTP_PORT = 3000; # default
# PROTOCOL = "http"; # default
ROOT_URL = "https://git.${domain}/"; # default
ROOT_URL = "https://git.${hyper.domain}/"; # default
};
session = {
COOKIE_SECURE = true;
@@ -90,7 +90,7 @@ let git-user = "git"; in
# hash = "sha256-Eibgoc3BJUXWdq8irgXea09fAvfKx2eQrJotp3P5DTg=";
# };
theme = pkgs.fetchFromGitea {
domain = "git.${domain}";
domain = "git.${hyper.domain}";
owner = "nx2";
repo = "Gitea-Pitch-Black";
rev = "0.1.0";

4
system-modules/nx2site/nextcloud.nix
View File

@@ -1,4 +1,4 @@
{ config, domain, ... }:
{ config, hyper, ... }:
{
sops.secrets = {
"nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
@@ -9,7 +9,7 @@
services = {
nextcloud = {
enable = true;
hostName = "nc.${domain}";
hostName = "nc.${hyper.domain}";
https = true;
configureRedis = true;
config = {

7
system-modules/nx2site/open-web-calendar.nix
View File

@@ -1,15 +1,14 @@
{ pkgs, domain, ... }:
{ pkgs, hyper, ... }:
{
services = {
open-web-calendar = {
enable = true;
domain = "cal.${domain}";
domain = "cal.${hyper.domain}";
package = pkgs.open-web-calendar;
settings = {
# PORT = 21342;
};
calendarSettings = {
};
calendarSettings = { };
};
};
}

6
system-modules/nx2site/paperless.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, secrets, domain, user, ... }:
{ config, pkgs, hyper, secrets, ... }:
let paperless-user = "paperless"; in
{
sops.secrets = {
@@ -8,7 +8,7 @@ let paperless-user = "paperless"; in
};
users.users = {
"${user}".extraGroups = [ paperless-user ];
"${hyper.user}".extraGroups = [ paperless-user ];
"${paperless-user}".extraGroups = [ "redis-paperless" ];
};
@@ -64,7 +64,7 @@ let paperless-user = "paperless"; in
# PAPERLESS_LOGROTATE_MAX_SIZE= 1 MiB.
# PAPERLESS_LOGROTATE_MAX_BACKUPS= 20.
# PAPERLESS_SECRET_KEY=
PAPERLESS_URL = "https://doc.${domain}";
PAPERLESS_URL = "https://doc.${hyper.domain}";
# PAPERLESS_CSRF_TRUSTED_ORIGINS=
# PAPERLESS_ALLOWED_HOSTS=
# PAPERLESS_CORS_ALLOWED_HOSTS=

38
system-modules/nx2site/proxy.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, domain, ... }:
{ config, hyper, pkgs, ... }:
{
sops.secrets = {
"nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
@@ -8,13 +8,13 @@
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@${domain}";
email = "acme@${hyper.domain}";
webroot = "/var/nginx/webroot";
group = "nginx";
};
certs = {
"${domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${domain}") [ "sync" "dev" ];
"${hyper.domain}" = {
extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" "dev" ];
};
};
};
@@ -76,7 +76,7 @@
enableACME = true;
};
in {
"${domain}" = vh // {
"${hyper.domain}" = vh // {
root = "/var/nginx/webroot";
default = true;
listen = dl;
@@ -95,11 +95,11 @@
"/.well-known/matrix/server" = { return = "502"; };
};
};
"matrix.${domain}" = {
"matrix.${hyper.domain}" = {
listen = dl;
locations = { "~.*" = { return = "502"; }; };
};
# "pw.${domain}" = vh // {
# "pw.${hyper.domain}" = vh // {
# listen = dl;
# locations = let d = "pw.docker:80"; in {
# "/" = { proxyPass = "http://${d}"; };
@@ -108,7 +108,7 @@
# "/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
# };
# };
"pw.${domain}" = vh // {
"pw.${hyper.domain}" = vh // {
listen = dl;
locations = let
d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}";
@@ -119,38 +119,38 @@
"/notifications/hub/negotiate" = { proxyPass = "http://${d}"; };
};
};
"sync.${domain}" = vh // {
"sync.${hyper.domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:11434"; }; };
};
# "git.${domain}" = vh // {
# "git.${hyper.domain}" = vh // {
# listen = dl;
# locations = { "/" = { proxyPass = "http://git.docker:3000"; }; };
# };
"git.${domain}" = vh // {
"git.${hyper.domain}" = vh // {
http2 = false;
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; };
};
"doc.${domain}" = vh // {
"doc.${hyper.domain}" = vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; };
};
"dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
"dav.${hyper.domain}" = lib.mkIf config.services.radicale.enable (vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
});
# "nc.${domain}" = vh // {
# "nc.${hyper.domain}" = vh // {
# # directly to nc
# };
"abs.${domain}" = vh // {
"abs.${hyper.domain}" = vh // {
listen = dl;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
};
};
"dev.${domain}" = vh // {
"dev.${hyper.domain}" = vh // {
listen = dl ++ [
# { addr = "0.0.0.0"; port = 8000; ssl = true; }
# { addr = "[::0]"; port = 8000; ssl = true; }
@@ -162,17 +162,17 @@
# };
};
# is done atomatically
# "cal.${domain}" = vh // {
# "cal.${hyper.domain}" = vh // {
# listen = dl;
# locations = { "/" = {
# proxyPass = "http://unix:///run/open-web-calendar/socket";
# proxyWebsockets = true;
# }; };
# };
"~^(.*).${domain}$" = {
"~^(.*).${hyper.domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = { "~.*" = { return = "301 https://${domain}/502.html"; }; };
locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; };
};
};
};

4
system-modules/nx2site/radicale.nix
View File

@@ -1,4 +1,4 @@
{ config, domain, ... }:
{ config, hyper, ... }:
{
sops.secrets = {
"nx2site/radicale/htpasswd" = {
@@ -15,7 +15,7 @@
port = builtins.toString 5232;
in [
"0.0.0.0:${port}"
"${domain}:${port}"
"${hyper.domain}:${port}"
# "192.168.178.32:${port}"
];
auth = {

4
system-modules/nx2site/vaultwarden.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, secrets, domain, ... }:
{ config, pkgs, hyper, secrets, ... }:
{
sops.secrets = {
"nx2site/vaultwarden.env" = {
@@ -27,7 +27,7 @@
SMTP_PASSWORD = "@SMTP_PASSWORD@";
LOGIN_RATELIMIT_MAX_BURST = 10;
LOGIN_RATELIMIT_SECONDS = 60;
DOMAIN = "https://pw.${domain}";
DOMAIN = "https://pw.${hyper.domain}";
INVITATION_ORG_NAME = "NxPW";
INVITATIONS_ALLOWED = true;
ADMIN_TOKEN = "@ADMIN_TOKEN@";