nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:c381580cca1a98e2548e20f79f6c6223c196e822
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
..
compare: nx2:e4d0326a7465bdf492f9f30ef12c8c90df1ef5e5
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

6 Commits
c381580cca ... e4d0326a74

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
e4d0326a74 flake bump 2025-01-04 13:54:13 +01:00
Lennart J. Kurzweg (Nx2)
8525adecf4 Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles 2025-01-04 13:53:51 +01:00
Lennart J. Kurzweg (Nx2)
6f5f70f439 new ppl pw 2025-01-02 21:44:37 +01:00
Lennart J. Kurzweg (Nx2)
d40175d4a5 6 11 2025-01-02 21:44:27 +01:00
Lennart J. Kurzweg (Nx2)
34eba60193 radicale 2025-01-02 21:44:15 +01:00
Lennart J. Kurzweg (Nx2)
57230a32c3 nextcloud (deactivated) 2025-01-02 21:43:20 +01:00
9 changed files with 121 additions and 65 deletions
Expand all files Collapse all files

4
configuration.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, inputs, lib, host, ... }: { pkgs, inputs, host, ... }:
{ {
imports = ([ imports = ([
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
@@ -43,6 +43,8 @@
./system-modules/postgres.nix ./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix ./system-modules/nx2site/proxy.nix
./system-modules/nx2site/gitea.nix ./system-modules/nx2site/gitea.nix
./system-modules/nx2site/radicale.nix
# ./system-modules/nx2site/nextcloud.nix
./system-modules/nx2site/vaultwarden.nix ./system-modules/nx2site/vaultwarden.nix
./system-modules/nx2site/paperless.nix ./system-modules/nx2site/paperless.nix
] else []); ] else []);

106
flake.lock generated
View File

@@ -140,11 +140,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1733312601, "lastModified": 1735774679,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -279,11 +279,11 @@
"zig": "zig" "zig": "zig"
}, },
"locked": { "locked": {
"lastModified": 1735271978, "lastModified": 1735943291,
"narHash": "sha256-y6Ony5eq4F4E76Y2ZhALSEzBZ4GbGRVQIEScPieCDGI=", "narHash": "sha256-igXLrO0AtN7+k7VaR5zaHaPhDcS3go5NZr4liVqW9g4=",
"owner": "ghostty-org", "owner": "ghostty-org",
"repo": "ghostty", "repo": "ghostty",
"rev": "a8e5eef11cc67f87f445626f9ca2993373774bf8", "rev": "1baf8928a0bd6ccc2f49e1e9478baab71d49a018",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -365,11 +365,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734366194, "lastModified": 1735344290,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -453,11 +453,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1735209119, "lastModified": 1735946701,
"narHash": "sha256-4KfccQtaeiu1A4Ck9XFKc+vzLWCs8HneLwE2YQT5ybc=", "narHash": "sha256-MpFsLND0kN2KQTulDXQCYZC1j2h6wWMJdq6SQ5riJ5M=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e75e2cdac79417ffdbbbe903f72668953483a4e7", "rev": "60f069d54015fec66e63f1ff7e6ff26ddb349976",
"revCount": 5589, "revCount": 5625,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -485,11 +485,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735295819, "lastModified": 1735838245,
"narHash": "sha256-iHDDF1kj+wX7fHGTgKaM6rli6+O8mVFNmpypo+SgnNs=", "narHash": "sha256-dA2s+KFo6+TmYtQoXWfxQ8XukN6JQ0I0VoraG9zD7/I=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-plugins", "repo": "hyprland-plugins",
"rev": "a41bcdccac7d3fe220b3a8519633f0a812da3439", "rev": "920af33577a889772e96a067130252df5674ca8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -510,11 +510,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728345020, "lastModified": 1735734474,
"narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=", "narHash": "sha256-9OV4lOqrEJVLdOrpNN/9msNwAhI6FQTu4N7fufilG08=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "a7c183800e74f337753de186522b9017a07a8cee", "rev": "271df559dd30e4bc5ec6af02d017ac0aaabd63a7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -587,11 +587,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1732716575, "lastModified": 1735862179,
"narHash": "sha256-OvFJCj52HuXxRrcCXrieIoiOzbeYFvDXNO8SndFiyAE=", "narHash": "sha256-s0Sr9t2Mu7tV1+nWm/I0BarfAwgMdtSelMXE0UHhfZw=",
"owner": "h3rmt", "owner": "h3rmt",
"repo": "hyprswitch", "repo": "hyprswitch",
"rev": "2b77dbcb422123dfce9bb82d698649e9757f35e0", "rev": "0afa2f8e8295952942ae7259c8bc5830befe9dc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -613,11 +613,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734796073, "lastModified": 1735316583,
"narHash": "sha256-TnuKsa8OHrSJEmHm3TLGOWbPNA1gRjmZLsRzKrCqOsg=", "narHash": "sha256-AiiUwHWHfEdpFzXy7l1x3zInCUa1xcRMrbZ1XRSkzwU=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "c3331116ebd0b71df5ae8c6efe9a7f94148b03bf", "rev": "8f15d45b120b33712f6db477fe5ffb18034d0ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -678,11 +678,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1734649271, "lastModified": 1735291276,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -694,11 +694,11 @@
}, },
"nixpkgs-latest": { "nixpkgs-latest": {
"locked": { "locked": {
"lastModified": 1735297674, "lastModified": 1735994357,
"narHash": "sha256-yhczVSNtAqhqXt98OEqhMESBUI5nxhXGv5OvEehIuGE=", "narHash": "sha256-I41lP5N2rrROxlJ5hlv8LR8TpcvZ9P7LfzBGNZSKGpc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8d86075fcb37f3bac822923a5adc63e3f6bdfb70", "rev": "a8f36e39dcd9ac6f76c9ca5a9856401fd322d464",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -710,14 +710,14 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1733096140, "lastModified": 1735774519,
"narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
@@ -786,11 +786,11 @@
}, },
"nixpkgs-unstable_2": { "nixpkgs-unstable_2": {
"locked": { "locked": {
"lastModified": 1734649271, "lastModified": 1735834308,
"narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -801,11 +801,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1711588226, "lastModified": 1735831304,
"narHash": "sha256-nd7goEu+nH/WZ/uCxvbWzSYqzZZn25kWTeKfANOhCjU=", "narHash": "sha256-92A/Zr8UzZzlFYmkgO3HAgX/Cr53eodgNyvJA+Ibkz0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7232f19f7fb710e3554cafaa9d8e93cff8273b59", "rev": "0725951bfc4bbc2efff3a537837ca13159b4aec9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -832,11 +832,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1735141468, "lastModified": 1735922141,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1003,11 +1003,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734546875, "lastModified": 1735844895,
"narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=", "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d", "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1154,11 +1154,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1735141702, "lastModified": 1735863514,
"narHash": "sha256-iJ/my2mra0Ze4SegMoD+vJuKv1ikZiKTygA32/Qof9I=", "narHash": "sha256-9aoPsRhJ6Db2khf/wf+AlR+J1dlWLg5sFNMv3k5NPmg=",
"owner": "sxyazi", "owner": "sxyazi",
"repo": "yazi", "repo": "yazi",
"rev": "d754ac5dac10e7ad38243552711828ab1e9f25f4", "rev": "7d993c1517cfeffa6938e8056431e235f2dee186",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -1178,11 +1178,11 @@
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1734294375, "lastModified": 1735511552,
"narHash": "sha256-Q9EyfyeNCVKObybaevMydHzoR3v1gARqVkwFKHKTH84=", "narHash": "sha256-SCa+e+Iw923KmC7UJR/v61GMfTILucgCpjxbsbjGBNg=",
"owner": "lordkekz", "owner": "lordkekz",
"repo": "nix-yazi-plugins", "repo": "nix-yazi-plugins",
"rev": "5c42e2a33030c29801681102e89c8dc813e810aa", "rev": "505536399cab575b3baa6cfb7bba39edfd38bf5d",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

1
system-modules/boot.nix
View File

@@ -118,6 +118,7 @@ in
efiSupport = true; efiSupport = true;
}; };
}; };
kernelPackages = pkgs-unstable.linuxPackages_6_11;
}; };
}; };
} }

26
system-modules/nx2site/nextcloud.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, domain, ... }:
{
sops.secrets = {
"nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
"nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
# "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
};
services = {
nextcloud = {
enable = true;
hostName = "nc.${domain}";
https = true;
configureRedis = true;
config = {
adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
adminuser = "nx2";
dbtype = "pgsql";
# dbhost = config.services.postgresql.settings.port; # using usix socket
dbname = "nextcloud";
dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
};
};
};
}

7
system-modules/nx2site/proxy.nix
View File

@@ -136,6 +136,13 @@
listen = dl; listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; };
}; };
"dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
listen = dl;
locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; };
});
"nc.${domain}" = vh // {
# directly to nc
};
"~^(.*).${domain}$" = { "~^(.*).${domain}$" = {
listen = dl; listen = dl;
root = "/var/nginx/webroot"; root = "/var/nginx/webroot";

26
system-modules/nx2site/radicale.nix
View File

@@ -1,18 +1,28 @@
{ config, domain, ... }: { config, domain, ... }:
{ {
sops.secrets = { sops.secrets = {
"nx2site/radicale-htpasswd" = {}; "nx2site/radicale-htpasswd" = {
owner = "radicale";
};
}; };
services = { services = {
radicale = { radicale = {
server.hosts = let # is run by user radicale
port = builtins.toString 5232; enable = true;
in [ "192.168.178.32:${port}" ]; settings = {
auth = { server.hosts = let
type = "htpasswd"; port = builtins.toString 5232;
htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path; in [
htpasswd_encryption = "bcrypt"; "0.0.0.0:${port}"
"${domain}:${port}"
# "192.168.178.32:${port}"
];
auth = {
type = "htpasswd";
htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
htpasswd_encryption = "bcrypt";
};
}; };
}; };
}; };

5
system-modules/postgres.nix
View File

@@ -26,6 +26,7 @@
ensureDatabases = [ ensureDatabases = [
"gitea" "gitea"
"vaultwarden" "vaultwarden"
"nextcloud"
]; ];
settings = { settings = {
port = 5432; # default port = 5432; # default
@@ -44,6 +45,10 @@
name = "vaultwarden"; name = "vaultwarden";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "nextcloud";
ensureDBOwnership = true;
}
]; ];
}; };
postgresqlBackup = { postgresqlBackup = {

2
system-modules/users.nix
View File

@@ -20,6 +20,8 @@
"nginx" "nginx"
"adbusers" "adbusers"
"postgres" "postgres"
"radicale"
"nextcloud"
]; ];
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [