Merge branch 'master' of ssh://ssh.nx2.site:20022/nx2/dotfiles

configuration.nix

@@ -6,6 +6,7 @@
     ./system-modules/auto-mount.nix
     ./system-modules/hardware-configuration.nix
     ./system-modules/fuse.nix
+    ./system-modules/games.nix
     ./system-modules/nvidia.nix 
     ./system-modules/users.nix
     ./system-modules/sound.nix
@@ -42,7 +43,7 @@
     ./system-modules/postgres.nix
     ./system-modules/nx2site/proxy.nix
     # ./system-modules/nx2site/gitea.nix
-    # ./system-modules/nx2site/vaultwarden.nix
+    ./system-modules/nx2site/vaultwarden.nix
   ] else []);
 
   # Set your time zone.
@@ -99,6 +100,7 @@
     blueman
     dmidecode
     file
+    cowsay
   # ]) ++ (with pkgs-unstable; [
   # # sendme
   ]);

home-modules/games.nix

@@ -1,7 +1,18 @@
-{  pkgs, lib, host, ... }:
+{ pkgs-unstable, lib, host, ... }:
-lib.mkIf (host != "NxACE")
+lib.mkIf (host == "NxNORTH")
 {
-  home.packages = with pkgs; [
+  home = {
+    packages = with pkgs-unstable; [
+      protonup
+      mangohud
+
+      heroic
+
       mindustry-wayland 
     ];
+    sessionVariables = {
+      STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
+    };
+  };
 }
+

system-modules/games.nix

@@ -0,0 +1,12 @@
+{ lib, host, ... }:
+lib.mkIf (host == "NxNORTH")
+{
+  programs = {
+    gamemode = {
+      enable = true;
+    };
+    gamescope = {
+      enable = true;
+    };
+  };
+}

system-modules/nx2site/gitea.nix

@@ -1,12 +1,16 @@
-{ config, pkgs-unstable, domain, ... }: 
+{ config, pkgs, lib, domain, ... }: 
 {
   sops.secrets = {
-    "postgres-pw" = { owner = "gitea"; };
+    "postgres-pw" = { owner = config.services.gitea.user; };
   };
 
+  environment.systemPackages = with pkgs; [
+    gitea
+  ];
+
   services.gitea = {
     enable = true;
-    package = pkgs-unstable.gitea;
+    package = pkgs.gitea;
     group = "gitea"; # default
     user = "gitea"; # default
     appName = "NxGit";
@@ -26,20 +30,20 @@
       name = "gitea"; # default
       user = "gitea"; # default
     };
-    dump = {
+    # dump = {
-      enable = true;
+      # enable = true;
-      backupDir = "${config.services.gitea.stateDir}/dump"; # default
+    #   backupDir = "${config.services.gitea.stateDir}/dump"; # default
-      file = null; # default
+    #   file = null; # default
-      interval = "daily";
+    #   interval = "daily";
-      type = "zip"; # default
+    #   type = "zip"; # default
-    };
+    # };
-    extraConfig = null; # default
+    # extraConfig = null; # default
-    lfs = {
+    # lfs = {
-      enable = false; # default
+    #   enable = false; # default
-      contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
+    #   contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
-    };
+    # };
-    mailerPasswordFile = null; # default
+    # mailerPasswordFile = null; # default
-    metricsTokenFile = null; # default
+    # metricsTokenFile = null; # default
     repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
     settings = {
       log = {
@@ -47,17 +51,17 @@
         # LEVEL = "Error";
         ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default
       };
-      i18n = {
+      # i18n = {
-        LANGS = "en-US";
+      #   LANGS = "en-US";
-      };
+      # };
       server = {
         DISABLE_SSH = false; # default
         SSH_PORT = 20022;
-        DOMAIN = "pw2.${domain}";
+        # DOMAIN = "pw2.${domain}";
-        HTTP_ADDR = "http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
+        # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/";
-        HTTP_PORT = 3000; # default
+        # HTTP_PORT = 3000; # default
-        PROTOCOL = "http"; # default
+        # PROTOCOL = "http"; # default
-        ROOT_URL = "https:pw2.${domain}/"; # default
+        # ROOT_URL = "https:pw2.${domain}/"; # default
         STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static";
       };
       session = {
@@ -69,3 +73,108 @@
     };
   };
 }
+# APP_NAME = Gitea: Git with a cup of tea
+# RUN_MODE = prod
+# RUN_USER = git
+# WORK_PATH = /data/gitea
+
+# [repository]
+# ROOT = /data/git/repositories
+# ENABLE_PUSH_CREATE_ORG = true
+# ENABLE_PUSH_CREATE_USER = true
+
+# [repository.local]
+# LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+# [repository.upload]
+# TEMP_PATH = /data/gitea/uploads
+
+# [server]
+# APP_DATA_PATH = /data/gitea
+# DOMAIN = git.nx2.site
+# SSH_DOMAIN = git.nx2.site
+# HTTP_PORT = 3000
+# ROOT_URL = https://git.nx2.site/
+# DISABLE_SSH = false
+# SSH_PORT = 22
+# SSH_LISTEN_PORT = 22
+# LFS_START_SERVER = true
+# LFS_JWT_SECRET = aitnnoway
+# OFFLINE_MODE = false
+
+# [database]
+# PATH = /data/gitea/gitea.db
+# DB_TYPE = postgres
+# HOST = giteadb:5432
+# NAME = gitea
+# USER = gitea
+# PASSWD = -lkjlkj
+# LOG_SQL = false
+# SCHEMA = 
+# SSL_MODE = disable
+
+# [indexer]
+# ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+# [session]
+# PROVIDER_CONFIG = /data/gitea/sessions
+# PROVIDER = file
+
+# [picture]
+# AVATAR_UPLOAD_PATH = /data/gitea/avatars
+# REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+# [attachment]
+# PATH = /data/gitea/attachments
+
+# [log]
+# MODE = console
+# LEVEL = info
+# ROOT_PATH = /data/gitea/log
+
+# [security]
+# INSTALL_LOCK = true
+# SECRET_KEY = 
+# REVERSE_PROXY_LIMIT = 1
+# REVERSE_PROXY_TRUSTED_PROXIES = *
+# INTERNAL_TOKEN = faaaaakeeyJuYmYiOjE3MTMxMTAzMjN9.iliwlrfZDTb8oL296gpXRYhC-6_AJdjePO7dk3NT-PE
+# PASSWORD_HASH_ALGO = pbkdf2
+
+# [service]
+# DISABLE_REGISTRATION = true
+# REQUIRE_SIGNIN_VIEW = false
+# REGISTER_EMAIL_CONFIRM = false
+# ENABLE_NOTIFY_MAIL = false
+# ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+# ENABLE_CAPTCHA = false
+# DEFAULT_KEEP_EMAIL_PRIVATE = false
+# DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+# DEFAULT_ENABLE_TIMETRACKING = true
+# NO_REPLY_ADDRESS = noreply.nx2.site
+
+# [lfs]
+# PATH = /data/git/lfs
+
+# [mailer]
+# ENABLED = true
+# SMTP_ADDR = smtp.gmail.com
+# SMTP_PORT = 587
+# FROM = git@nx2.site
+# USER = lennart.kurzweg.lk@gmail.com
+# PASSWD = "ihh"
+
+# [openid]
+# ENABLE_OPENID_SIGNIN = true
+# ENABLE_OPENID_SIGNUP = false
+
+# [cron.update_checker]
+# ENABLED = false
+
+# [repository.pull-request]
+# DEFAULT_MERGE_STYLE = merge
+
+# [repository.signing]
+# DEFAULT_TRUST_MODEL = committer
+
+# [oauth2]
+# JWT_SECRET = redavt

system-modules/nx2site/proxy.nix

@@ -110,7 +110,9 @@
       };
       "pw2.${domain}" = vh // {
         listen = dl;
-        locations = let d = "127.0.0.1:3000"; in {
+        locations = let 
+          d = with config.services.vaultwarden.config; "${ROCKET_ADDRESS}:${builtins.toString ROCKET_PORT}"; 
+        in {
           "/" = { proxyPass = "http://${d}"; };
           "/admin" = { proxyPass = "http://${d}"; };
           "/notifications/hub" = { proxyPass = "http://${d}"; };
@@ -126,8 +128,9 @@
         locations = { "/" = { proxyPass = "http://git.docker:3000"; }; }; 
       };
       "git2.${domain}" = vh // {
+        http2 = false;
         listen = dl;
-        locations = { "/" = { proxyPass = "http://127.0.0.1:8222"; }; }; 
+        locations = { "/" = { proxyPass = "http://127.0.0.1:3000"; }; }; 
       };
       "~^(.*).${domain}$" = {
         listen = dl;

system-modules/nx2site/vaultwarden.nix

@@ -0,0 +1,43 @@
+{ config, pkgs, secrets, domain, ... }:
+{
+  sops.secrets = {
+    "nx2site/vaultwarden.env" = {
+      owner = "vaultwarden";
+    };
+  };
+  services.vaultwarden = {
+    enable = true;
+    package = pkgs.vaultwarden;
+    webVaultPackage = pkgs.vaultwarden.webvault;
+    dbBackend = "postgresql";
+    # backupDir = "/var/backup/vaultwarden";
+    environmentFile = config.sops.secrets."nx2site/vaultwarden.env".path;
+    config = {
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+
+      DATABASE_URL = "@DATABASE_URL@";
+      # DATABASE_URL = "postgresql://vaultwarden:fakepw123@127.0.0.1:5432/vaultwarden";
+      
+      SMTP_HOST = "smtp.gmail.com";
+      SMTP_FROM = secrets.email.gmail-online.mail;
+      SMTP_PORT = 587;
+      SMTP_SECURITY = "starttls";
+      SMTP_USERNAME = secrets.email.gmail-online.mail;
+      SMTP_PASSWORD = "@SMTP_PASSWORD@";
+      LOGIN_RATELIMIT_MAX_BURST = 10;
+      LOGIN_RATELIMIT_SECONDS = 60;
+      DOMAIN = "https://pw2.${domain}";
+      INVITATION_ORG_NAME = "NxPW";
+      INVITATIONS_ALLOWED = true;
+      ADMIN_TOKEN = "@ADMIN_TOKEN@";
+      SIGNUPS_ALLOWED = false;
+      SIGNUPS_VERIFY = true;
+      SIGNUPS_VERIFY_RESEND_TIME = 3600;
+      SIGNUPS_VERIFY_RESEND_LIMIT = 6;
+      EMERGENCY_ACCESS_ALLOWED = true;
+      SENDS_ALLOWED = true;
+      WEB_VAULT_ENABLED = true;
+    };
+  };
+}

system-modules/postgres.nix

@@ -23,7 +23,7 @@
  			# recoveryConfig = null;
 			ensureDatabases = [
 				"gitea"
-				# "vaultwarden"
+				"vaultwarden"
 			];
 			settings = {
 				port = 5432; # default
@@ -51,6 +51,10 @@
 					name = "gitea"; 
 					ensureDBOwnership = true;
 				}
+				{
+					name = "vaultwarden";
+					ensureDBOwnership = true;
+				}
 			];
 		};
 # postgresqlBackup = {