mc-fucker/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: mc-fucker:35a5f481505b8fc161687d62b7e35645277cab84
Branches Tags
mc-fucker:master
..
compare: mc-fucker:17c4dbbbbb1568943cc89e9945ecfda51b87fa05
Branches Tags
mc-fucker:master

No commits in common. "35a5f481505b8fc161687d62b7e35645277cab84" and "17c4dbbbbb1568943cc89e9945ecfda51b87fa05" have entirely different histories.
35a5f48150 ... 17c4dbbbbb

5 changed files with 26 additions and 132 deletions
Show stats Expand all files Collapse all files

68
modules/forgejo.nix
View file

@ -1,68 +0,0 @@
{ config, lib, ... }:
let
cfg = import ./vars.nix;
service = "forgejo";
dbport = cfg."${service}".dbport;
domain = cfg."${service}".domain;
port = cfg."${service}".port;
sshport = cfg."${service}".sshport;
in
{
imports = [
./podman-postgresql.nix # for the database
./nginx.nix # for the webserver
];
sops.secrets."gitea/db" = {};
services.podman-postgresql."${service}" = {
enable = true;
image = "docker.io/library/postgres:17-alpine";
port = (lib.strings.toInt dbport);
passwordFile = config.sops.secrets."gitea/db".path;
};
virtualisation.oci-containers.containers."${service}" = {
image = "codeberg.org/forgejo/forgejo:10";
environment = {
TZ = "Europe/Berlin";
};
ports = [
"${port}:3000"
"${sshport}:22"
];
volumes = [
"/var/lib/${service}:/data"
];
extraOptions = cfg.podman.extraOptions;
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:${port}";
extraConfig = ''
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 512M;
'';
};
};
extraConfig = ''
access_log /var/log/nginx/${domain}_access.log;
error_log /var/log/nginx/${domain}_error.log;
'';
};
}
# vim: set et ts=2 sw=2 ai:

36
modules/powerdns-admin.nix
View file

@ -6,7 +6,7 @@ let
in in
{ {
imports = [ imports = [
#./podman.nix ./podman.nix
./podman-postgresql.nix # for the database ./podman-postgresql.nix # for the database
#./nginx.nix # for the webserver #./nginx.nix # for the webserver
]; ];
@ -14,24 +14,24 @@ in
sops.secrets."powerdns-admin/db" = { }; sops.secrets."powerdns-admin/db" = { };
sops.secrets."powerdns-admin/env" = { }; sops.secrets."powerdns-admin/env" = { };
services.podman-postgresql."powerdnsadmin" = { #services.podman-postgresql."${pdnsa_database}" = {
enable = true; # enable = true;
image = "docker.io/library/postgres:15-alpine"; # image = "docker.io/library/postgres:15-alpine";
port = (lib.strings.toInt webdbport); # port = (lib.strings.toInt webdbport);
passwordFile = config.sops.secrets."powerdns-admin/db".path; # passwordFile = config.sops.secrets."powerdns-admin/db".path;
}; #};
virtualisation.oci-containers.containers.powerdnsadmin = { #virtualisation.oci-containers.containers.powerdnsadmin = {
image = "docker.io/powerdnsadmin/pda-legacy"; # image = "docker.io/powerdnsadmin/pda-legacy";
environment = { # environment = {
TZ = "Europe/Berlin"; # TZ = "Europe/Berlin";
}; # };
environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ]; # environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
ports = [ # ports = [
"${webport}:80" # "${webport}:80"
]; # ];
extraOptions = cfg.podman.extraOptions; # extraOptions = cfg.podman.extraOptions;
}; #};
} }
# vim: set et ts=2 sw=2 ai: # vim: set et ts=2 sw=2 ai:

8
modules/powerdns-web.nix
View file

@ -1,14 +1,10 @@
{ ... }: { ... }:
let let
domain = "powerdns.mc-fucker.cool"; domain = "powerdns.mc-fucker.cool";
#pdnsa_host = "100.64.0.6"; pdnsa_host = "100.64.0.6";
pdnsa_host = "127.0.0.1"; pdnsa_port = "8000";
pdnsa_port = "8282";
in in
{ {
imports = [ ./nginx.nix ];
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

13
modules/vars.nix
View file

@ -38,13 +38,6 @@
feishin.port = "9180"; feishin.port = "9180";
forgejo = {
dbport = "54325";
domain = "dev.mc-fucker.cool";
port = "3333";
sshport = "2222";
};
ihatemoney = { ihatemoney = {
db = "ihatemoney"; db = "ihatemoney";
dbport = "54324"; dbport = "54324";
@ -79,12 +72,6 @@
port = "587"; port = "587";
}; };
mozsync = {
dbport = "33062";
domain = "mozsync.mc-fucker.cool";
port = "12345";
};
navidrome.port = "4533"; navidrome.port = "4533";
nextcloud = { nextcloud = {

33
systems/mc7/configuration.nix
View file

@ -5,38 +5,17 @@
./hardware-configuration.nix ./hardware-configuration.nix
./modules/generic.nix ./modules/generic.nix
./modules/borg.nix ./modules/borg.nix
#./modules/minecraft.nix ./modules/minecraft.nix
#./modules/rclone.nix ./modules/rclone.nix
./modules/authentik-server.nix ./modules/authentik-server.nix
./modules/authentik-ldap.nix
./modules/powerdns-web.nix
./modules/powerdns-admin.nix
./modules/ihatemoney.nix
#./modules/postgresql.nix
./modules/zabbix-server.nix
./modules/vaultwarden.nix
./modules/remotebuild/host.nix
]; ];
services.postgresql = { services.rclone.cacheSize = "100G";
package = pkgs.postgresql_15;
system.autoUpgrade = {
allowReboot = false;
}; };
sops.secrets."authentik/ldap/mc7" = {};
services.authentik-ldap.token = builtins.readFile config.sops.secrets."authentik/ldap/mc7".path;
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
networking.firewall.interfaces.podman0.allowedTCPPorts = [ 5432 ];
#services.rclone.cacheSize = "100G";
#system.autoUpgrade = {
# allowReboot = false;
#};
#nix.gc.automatic = false;
system.stateVersion = "22.05"; system.stateVersion = "22.05";
} }