committed powerdns web changes

added forgejo.nix
added forgejo vars
2025-03-10 11:13:33 +01:00 · 2025-03-10 11:05:50 +01:00 · 2025-03-10 11:04:48 +01:00 · 2025-03-10 11:03:53 +01:00
5 changed files with 132 additions and 26 deletions
--- a/modules/forgejo.nix
+++ b/modules/forgejo.nix
@ -0,0 +1,68 @@
+{ config, lib, ... }:
+let
+  cfg = import ./vars.nix;
+  service = "forgejo";
+  dbport = cfg."${service}".dbport;
+  domain = cfg."${service}".domain;
+  port = cfg."${service}".port;
+  sshport = cfg."${service}".sshport;
+in
+
+{
+
+  imports = [
+    ./podman-postgresql.nix # for the database
+    ./nginx.nix             # for the webserver
+  ];
+
+  sops.secrets."gitea/db" = {};
+
+  services.podman-postgresql."${service}" = {
+    enable = true;
+    image = "docker.io/library/postgres:17-alpine";
+    port = (lib.strings.toInt dbport);
+    passwordFile = config.sops.secrets."gitea/db".path;
+  };
+
+  virtualisation.oci-containers.containers."${service}" = {
+    image = "codeberg.org/forgejo/forgejo:10";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${port}:3000"
+      "${sshport}:22"
+    ];
+    volumes = [
+      "/var/lib/${service}:/data"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://localhost:${port}";
+        extraConfig = ''
+          proxy_set_header Connection $http_connection;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          client_max_body_size 512M;
+        '';
+      };
+
+    };
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+    '';
+
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:
--- a/modules/powerdns-admin.nix
+++ b/modules/powerdns-admin.nix
@ -6,7 +6,7 @@ let
 in
 {
  imports = [
-    ./podman.nix
+    #./podman.nix
    ./podman-postgresql.nix # for the database
    #./nginx.nix             # for the webserver
  ];
@ -14,24 +14,24 @@ in
  sops.secrets."powerdns-admin/db" = { };
  sops.secrets."powerdns-admin/env" = { };

-  #services.podman-postgresql."${pdnsa_database}" = {
-  #  enable = true;
-  #  image = "docker.io/library/postgres:15-alpine";
-  #  port = (lib.strings.toInt webdbport);
-  #  passwordFile = config.sops.secrets."powerdns-admin/db".path;
-  #};
+  services.podman-postgresql."powerdnsadmin" = {
+    enable = true;
+    image = "docker.io/library/postgres:15-alpine";
+    port = (lib.strings.toInt webdbport);
+    passwordFile = config.sops.secrets."powerdns-admin/db".path;
+  };

-  #virtualisation.oci-containers.containers.powerdnsadmin = {
-  #  image = "docker.io/powerdnsadmin/pda-legacy";
-  #  environment = {
-  #    TZ = "Europe/Berlin";
-  #  };
-  #  environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
-  #  ports = [
-  #    "${webport}:80"
-  #  ];
-  #  extraOptions = cfg.podman.extraOptions;
-  #};
+  virtualisation.oci-containers.containers.powerdnsadmin = {
+    image = "docker.io/powerdnsadmin/pda-legacy";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
+    ports = [
+      "${webport}:80"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };

 }
 # vim: set et ts=2 sw=2 ai:
--- a/modules/powerdns-web.nix
+++ b/modules/powerdns-web.nix
@ -1,10 +1,14 @@
 { ... }:
 let
  domain = "powerdns.mc-fucker.cool";
-  pdnsa_host = "100.64.0.6";
-  pdnsa_port = "8000";
+  #pdnsa_host = "100.64.0.6";
+  pdnsa_host = "127.0.0.1";
+  pdnsa_port = "8282";
 in
 {
+
+  imports = [ ./nginx.nix ];
+
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
--- a/modules/vars.nix
+++ b/modules/vars.nix
@ -38,6 +38,13 @@

  feishin.port = "9180";

+  forgejo = {
+    dbport = "54325";
+    domain = "dev.mc-fucker.cool";
+    port = "3333";
+    sshport = "2222";
+  };
+
  ihatemoney = {
    db = "ihatemoney";
    dbport = "54324";
@ -72,6 +79,12 @@
    port = "587";
  };

+  mozsync = {
+    dbport = "33062";
+    domain = "mozsync.mc-fucker.cool";
+    port = "12345";
+  };
+
  navidrome.port = "4533";

  nextcloud = {
--- a/systems/mc7/configuration.nix
+++ b/systems/mc7/configuration.nix
@ -5,17 +5,38 @@
      ./hardware-configuration.nix
      ./modules/generic.nix
      ./modules/borg.nix
-      ./modules/minecraft.nix
-      ./modules/rclone.nix
+      #./modules/minecraft.nix
+      #./modules/rclone.nix
      ./modules/authentik-server.nix
+      ./modules/authentik-ldap.nix
+      ./modules/powerdns-web.nix
+      ./modules/powerdns-admin.nix
+      ./modules/ihatemoney.nix
+      #./modules/postgresql.nix
+      ./modules/zabbix-server.nix
+      ./modules/vaultwarden.nix
+      ./modules/remotebuild/host.nix
    ];

-  services.rclone.cacheSize = "100G";
-
-  system.autoUpgrade = {
-    allowReboot = false;
+  services.postgresql = {
+    package = pkgs.postgresql_15;
  };

+
+  sops.secrets."authentik/ldap/mc7" = {};
+  services.authentik-ldap.token = builtins.readFile config.sops.secrets."authentik/ldap/mc7".path;
+
+  networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
+  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 5432 ];
+
+  #services.rclone.cacheSize = "100G";
+
+  #system.autoUpgrade = {
+  #  allowReboot = false;
+  #};
+
+  #nix.gc.automatic = false;
+
  system.stateVersion = "22.05";
 }
Author	SHA1	Message	Date
mc-fucker	35a5f48150	committed powerdns web changes	2025-03-10 11:13:33 +01:00
mc-fucker	f1feebbbca	added forgejo.nix	2025-03-10 11:05:50 +01:00
mc-fucker	5c5100ce62	added forgejo vars	2025-03-10 11:04:48 +01:00
mc-fucker	d5dbefe219	changes to mc7 configuration.nix	2025-03-10 11:03:53 +01:00