committed powerdns web changes

modules/forgejo.nix

@@ -0,0 +1,68 @@
+{ config, lib, ... }:
+let
+  cfg = import ./vars.nix;
+  service = "forgejo";
+  dbport = cfg."${service}".dbport;
+  domain = cfg."${service}".domain;
+  port = cfg."${service}".port;
+  sshport = cfg."${service}".sshport;
+in
+
+{
+
+  imports = [
+    ./podman-postgresql.nix # for the database
+    ./nginx.nix             # for the webserver
+  ];
+
+  sops.secrets."gitea/db" = {};
+
+  services.podman-postgresql."${service}" = {
+    enable = true;
+    image = "docker.io/library/postgres:17-alpine";
+    port = (lib.strings.toInt dbport);
+    passwordFile = config.sops.secrets."gitea/db".path;
+  };
+
+  virtualisation.oci-containers.containers."${service}" = {
+    image = "codeberg.org/forgejo/forgejo:10";
+    environment = {
+      TZ = "Europe/Berlin";
+    };
+    ports = [
+      "${port}:3000"
+      "${sshport}:22"
+    ];
+    volumes = [
+      "/var/lib/${service}:/data"
+    ];
+    extraOptions = cfg.podman.extraOptions;
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://localhost:${port}";
+        extraConfig = ''
+          proxy_set_header Connection $http_connection;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Host $host;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          client_max_body_size 512M;
+        '';
+      };
+
+    };
+    extraConfig = ''
+      access_log  /var/log/nginx/${domain}_access.log;
+      error_log   /var/log/nginx/${domain}_error.log;
+    '';
+
+  };
+
+}
+# vim: set et ts=2 sw=2 ai:

modules/powerdns-admin.nix

@@ -6,7 +6,7 @@ let
 in
 {
   imports = [
-    ./podman.nix
+    #./podman.nix
     ./podman-postgresql.nix # for the database
     #./nginx.nix             # for the webserver
   ];
@@ -14,24 +14,24 @@ in
   sops.secrets."powerdns-admin/db" = { };
   sops.secrets."powerdns-admin/env" = { };
 
-  #services.podman-postgresql."${pdnsa_database}" = {
+  services.podman-postgresql."powerdnsadmin" = {
-  #  enable = true;
+    enable = true;
-  #  image = "docker.io/library/postgres:15-alpine";
+    image = "docker.io/library/postgres:15-alpine";
-  #  port = (lib.strings.toInt webdbport);
+    port = (lib.strings.toInt webdbport);
-  #  passwordFile = config.sops.secrets."powerdns-admin/db".path;
+    passwordFile = config.sops.secrets."powerdns-admin/db".path;
-  #};
+  };
 
-  #virtualisation.oci-containers.containers.powerdnsadmin = {
+  virtualisation.oci-containers.containers.powerdnsadmin = {
-  #  image = "docker.io/powerdnsadmin/pda-legacy";
+    image = "docker.io/powerdnsadmin/pda-legacy";
-  #  environment = {
+    environment = {
-  #    TZ = "Europe/Berlin";
+      TZ = "Europe/Berlin";
-  #  };
+    };
-  #  environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
+    environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
-  #  ports = [
+    ports = [
-  #    "${webport}:80"
+      "${webport}:80"
-  #  ];
+    ];
-  #  extraOptions = cfg.podman.extraOptions;
+    extraOptions = cfg.podman.extraOptions;
-  #};
+  };
 
 }
 # vim: set et ts=2 sw=2 ai:

modules/powerdns-web.nix

@@ -1,10 +1,14 @@
 { ... }:
 let
   domain = "powerdns.mc-fucker.cool";
-  pdnsa_host = "100.64.0.6";
+  #pdnsa_host = "100.64.0.6";
-  pdnsa_port = "8000";
+  pdnsa_host = "127.0.0.1";
+  pdnsa_port = "8282";
 in
 {
+
+  imports = [ ./nginx.nix ];
+
   services.nginx.virtualHosts."${domain}" = {
     forceSSL = true;
     enableACME = true;

modules/vars.nix

@@ -38,6 +38,13 @@
 
   feishin.port = "9180";
 
+  forgejo = {
+    dbport = "54325";
+    domain = "dev.mc-fucker.cool";
+    port = "3333";
+    sshport = "2222";
+  };
+
   ihatemoney = {
     db = "ihatemoney";
     dbport = "54324";
@@ -72,6 +79,12 @@
     port = "587";
   };
 
+  mozsync = {
+    dbport = "33062";
+    domain = "mozsync.mc-fucker.cool";
+    port = "12345";
+  };
+
   navidrome.port = "4533";
 
   nextcloud = {

systems/mc7/configuration.nix

@@ -5,17 +5,38 @@
       ./hardware-configuration.nix
       ./modules/generic.nix
       ./modules/borg.nix
-      ./modules/minecraft.nix
+      #./modules/minecraft.nix
-      ./modules/rclone.nix
+      #./modules/rclone.nix
       ./modules/authentik-server.nix
+      ./modules/authentik-ldap.nix
+      ./modules/powerdns-web.nix
+      ./modules/powerdns-admin.nix
+      ./modules/ihatemoney.nix
+      #./modules/postgresql.nix
+      ./modules/zabbix-server.nix
+      ./modules/vaultwarden.nix
+      ./modules/remotebuild/host.nix
     ];
 
-  services.rclone.cacheSize = "100G";
+  services.postgresql = {
-
+    package = pkgs.postgresql_15;
-  system.autoUpgrade = {
-    allowReboot = false;
   };
 
+
+  sops.secrets."authentik/ldap/mc7" = {};
+  services.authentik-ldap.token = builtins.readFile config.sops.secrets."authentik/ldap/mc7".path;
+
+  networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
+  networking.firewall.interfaces.podman0.allowedTCPPorts = [ 5432 ];
+
+  #services.rclone.cacheSize = "100G";
+
+  #system.autoUpgrade = {
+  #  allowReboot = false;
+  #};
+
+  #nix.gc.automatic = false;
+
   system.stateVersion = "22.05";
 }