materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: materus:cd78aabf19037dca76641e17a7db239a7a73957c
Branches Tags
materus:master
materus:experimental
materus:inputs
...
compare: materus:9242bc2a04ed114fe17e3d6dd01eb70a008e4c92
Branches Tags
materus:experimental
materus:master
materus:inputs

7 Commits
cd78aabf19 ... 9242bc2a04

Author SHA1 Message Date
Mateusz Słodkowicz 9242bc2a04
valkyrie: redirect change 2024-03-26 01:42:38 +01:00
Mateusz Słodkowicz e60d1a81f9
waffentrager: add nextcloud deps 2024-03-26 00:52:23 +01:00
Mateusz Słodkowicz 45d7f70792
waffentrager: allow iframe of gitea from nextcloud 2024-03-25 21:56:28 +01:00
Mateusz Słodkowicz f242dd700d
waffentrager: add samba for nextcloud 2024-03-25 21:56:01 +01:00
Mateusz Słodkowicz f8b7da96a7
valkyrie: reverse proxy for nextcloud 2024-03-25 21:55:35 +01:00
Mateusz Słodkowicz f9d19b1d66
waffentrager: update gitea option 2024-03-25 20:13:18 +01:00
Mateusz Słodkowicz a9146bb628
waffentrager: add nextcloud, config: remove private inputs 2024-03-25 19:46:18 +01:00
11 changed files with 80 additions and 7 deletions
Show Stats Expand all files Collapse all files

1
configurations/host/default.nix
View File

@ -25,7 +25,6 @@ let
system = arch; system = arch;
modules = [ modules = [
./${host} ./${host}
inputs.private.systemModule
profiles.osProfile profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { }) (if hmAsModule then hm.nixosModules.home-manager else { })

BIN
configurations/host/valkyrie/secrets/private/default.nix
View File

Binary file not shown.

1
configurations/host/waffentrager/secrets/default.nix
View File

@ -24,4 +24,5 @@
sops.secrets.wireguard = { }; sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; }; sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { }; sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
} }

5
configurations/host/waffentrager/secrets/secrets.yaml
View File

@ -1,4 +1,5 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str] wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str] elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users: users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str] materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
@ -17,8 +18,8 @@ sops:
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA== ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-23T01:18:06Z" lastmodified: "2024-03-25T17:12:26Z"
mac: ENC[AES256_GCM,data:VJvZl1wOOqDkiYXJyWn1V952H0Wovt4qi/ErQ2J63seRsqD8k52KpraB44gRyuRc3AwoDjm4gSj6vkWFoSmE+RxxiR03ArscVanJOrsefDclAcp9DLlHxyVopsnmzbd5HMAt89RznCwRtbxHk+Nm22uBrBjw3Kqq4zmHAZKjAjo=,iv:1Fg0RE4td6LL2ruJmy8lTL6euK0p+R/E/dQPjrQB9cg=,tag:os41oy4Wfo/HxPi0ESaeDA==,type:str] mac: ENC[AES256_GCM,data:TQR/BiXayPQ5S2fbMNJcdjdTjPemZFFWk9aWs0HI2UDG8DDZUUhz8U0OD8qM2+h7ZZK/HGlyQH6QBOZjitTcjbXLXZFGKo/ueAvT8vaeZAgYiFjPdHOOTbtr+MvaV/Ia5CWwVD42USxU3srVkHSwxpM1J/q4Rahag7EmF6raj08=,iv:42cnWEEYr6FysEeq6o4zndqNkC9uNrOdlVO652JsmoA=,tag:vQaJ8QoX4jWKbn1bOcVAaA==,type:str]
pgp: pgp:
- created_at: "2024-03-21T18:15:00Z" - created_at: "2024-03-21T18:15:00Z"
enc: |- enc: |-

2
configurations/host/waffentrager/services/default.nix
View File

@ -7,10 +7,12 @@
./mount-acme.nix ./mount-acme.nix
./gitea.nix ./gitea.nix
./nginx.nix ./nginx.nix
./nextcloud.nix
]; ];
waffentragerService.elements.enable = true; waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true; waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true; waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true; waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true; waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
} }

5
configurations/host/waffentrager/services/elements.nix
View File

@ -4,7 +4,7 @@
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; }; options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; }; options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; }; options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
config = config =
let let
cfg = config.waffentragerService.elements; cfg = config.waffentragerService.elements;
@ -24,6 +24,9 @@
'' + lib.optionalString config.waffentragerService.postgresql.enable '' '' + lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version} mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir} chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
'' ''
; ;

7
configurations/host/waffentrager/services/gitea.nix
View File

@ -17,9 +17,14 @@
services.gitea.lfs.enable = true; services.gitea.lfs.enable = true;
services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea"; services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea";
services.gitea.settings.service.DISABLE_REGISTRATION = true; services.gitea.settings.service.DISABLE_REGISTRATION = true;
services.gitea.domain = "baka.materus.pl"; services.gitea.settings.server.DOMAIN = "baka.materus.pl";
services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/"; services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/";
services.gitea.settings.server.PROTOCOL = "fcgi+unix"; services.gitea.settings.server.PROTOCOL = "fcgi+unix";
services.gitea.settings.cors = {
ENABLED = true;
X_FRAME_OPTIONS = "ALLOW-FROM https://*.materus.pl/";
};
services.gitea.database.type = "postgres"; services.gitea.database.type = "postgres";
services.gitea.database.socket = "/var/run/postgresql/"; services.gitea.database.socket = "/var/run/postgresql/";

63
configurations/host/waffentrager/services/nextcloud.nix Normal file
View File

@ -0,0 +1,63 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
config =
let
cfg = config.waffentragerService.nextcloud;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
notify_push.enable = true;
package = pkgs.nextcloud28;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
config.defaultPhoneRegion = "PL";
config.trustedProxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
extraAppsEnable = true;
maxUploadSize = "4G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
nginx.recommendedHttpHeaders = true;
extraApps = { notify_push = pkgs.nextcloud28Packages.apps.notify_push; };
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
};
phpOptions = {
"opcache.interned_strings_buffer" = "10";
};
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
}

1
configurations/profile/common/default.nix
View File

@ -10,6 +10,7 @@ in
imports = [ imports = [
./nixpkgs.nix ./nixpkgs.nix
./packages ./packages
./private
]; ];
options.materus.materusArg = lib.mkOption { default = { }; }; options.materus.materusArg = lib.mkOption { default = { }; };
config._module.args.materusArg = config.materus.materusArg // materusArg; config._module.args.materusArg = config.materus.materusArg // materusArg;

BIN
configurations/profile/common/private/default.nix Normal file
View File

Binary file not shown.

2
configurations/shared/home/genHomes.nix
View File

@ -19,7 +19,6 @@ let
(materusFlake.selfPath + "/configurations/shared/home/${username}") (materusFlake.selfPath + "/configurations/shared/home/${username}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${username}") (materusFlake.selfPath + "/configurations/host/${host}/home/${username}")
profiles.homeProfile profiles.homeProfile
inputs.private.homeModule
materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
]; ];
}; };
@ -49,7 +48,6 @@ let
modules = [ modules = [
./${username} ./${username}
profiles.homeProfile profiles.homeProfile
inputs.private.homeModule
materusCfg.configInputs.sops-nix.homeManagerModules.sops materusCfg.configInputs.sops-nix.homeManagerModules.sops
]; ];
}; };