mirror of
https://codeberg.org/ultra/nixos-dotfiles.git
synced 2024-11-24 14:43:09 +02:00
Compare commits
No commits in common. "e0d4455fb593dfada29b35f93d6bb20bfb452522" and "644808d12de6b2b30341e6d88b27481c27177092" have entirely different histories.
e0d4455fb5
...
644808d12d
12 changed files with 34 additions and 506 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1 @@
|
||||||
result
|
result
|
||||||
hosts/titan/services/lemmy_credentials.txt
|
|
||||||
|
|
171
flake.lock
171
flake.lock
|
@ -1,21 +1,5 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"blobs": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1604995301,
|
|
||||||
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
|
|
||||||
"owner": "simple-nixos-mailserver",
|
|
||||||
"repo": "blobs",
|
|
||||||
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
|
|
||||||
"type": "gitlab"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "simple-nixos-mailserver",
|
|
||||||
"repo": "blobs",
|
|
||||||
"type": "gitlab"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"crane": {
|
"crane": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -68,11 +52,11 @@
|
||||||
"rust-overlay": "rust-overlay"
|
"rust-overlay": "rust-overlay"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702290399,
|
"lastModified": 1692366702,
|
||||||
"narHash": "sha256-hIP3l1a9Jm8HZx9TuV8IoqdvFzjI+SB5Npz08oC6ZU8=",
|
"narHash": "sha256-GEysmNDm+olt1WXHzRwb4ZLifkXmeP5+APAN3b81/Og=",
|
||||||
"owner": "elkowar",
|
"owner": "elkowar",
|
||||||
"repo": "eww",
|
"repo": "eww",
|
||||||
"rev": "fff40ce1a78d4d75bf63a8ee33dd7d9be8dc289e",
|
"rev": "a9a35c1804d72ef92e04ee71555bd9e5a08fa17e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -97,22 +81,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_2": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1668681692,
|
|
||||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-parts": {
|
"flake-parts": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
@ -174,11 +142,11 @@
|
||||||
"rust-overlay": "rust-overlay_2"
|
"rust-overlay": "rust-overlay_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702700966,
|
"lastModified": 1701875994,
|
||||||
"narHash": "sha256-KaSAZI12mhIcYHjFiARBclIl8CoxLpx5ZafrWZMsnw4=",
|
"narHash": "sha256-iHID4VbI2QyBzbG6WNgS1zZgU0zYzidhI72PeAl1aLw=",
|
||||||
"owner": "helix-editor",
|
"owner": "helix-editor",
|
||||||
"repo": "helix",
|
"repo": "helix",
|
||||||
"rev": "c56cd6ee8b9312a620d4fc38eea90a49613f5d72",
|
"rev": "b81aacc5e1332bb01043a18e55dd9e9543711ec6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -195,11 +163,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702735279,
|
"lastModified": 1701728041,
|
||||||
"narHash": "sha256-SztEzDOE/6bDNnWWvnRbSHPVrgewLwdSei1sxoZFejM=",
|
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e9b9ecef4295a835ab073814f100498716b05a96",
|
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -215,11 +183,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702242899,
|
"lastModified": 1700963402,
|
||||||
"narHash": "sha256-p2FmwhHlIW3V8YzlRu/bWCiKa2a9fSardt9Eh22JlWE=",
|
"narHash": "sha256-JhkanLmYRLekGOysO6JpCWKPlgRoemHPzUrARCGBqYA=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "contrib",
|
"repo": "contrib",
|
||||||
"rev": "740dbac96354c076a76b7cf6fe70dad150d21659",
|
"rev": "65e567a81176d39be7ce6513d1af23954f00cbec",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -239,11 +207,11 @@
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702675213,
|
"lastModified": 1701945972,
|
||||||
"narHash": "sha256-Sl5gAPzCvYmXw7jo7ISzz/djhprOstFLRyznfxq2JIw=",
|
"narHash": "sha256-Nvbjtu7FAM5ULS1Z028y1ou3qJR1x606fnyva5kLkuo=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "Hyprland",
|
"repo": "Hyprland",
|
||||||
"rev": "b1b8d732e64ecf527baef010ad2f28ed3b8c4ac1",
|
"rev": "a794eecd6a71e431b654cebb1b28dbff0d6da079",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -277,31 +245,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"mailserver": {
|
|
||||||
"inputs": {
|
|
||||||
"blobs": "blobs",
|
|
||||||
"flake-compat": "flake-compat_2",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-22_11": "nixpkgs-22_11",
|
|
||||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
|
||||||
"utils": "utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1700085753,
|
|
||||||
"narHash": "sha256-qtib7f3eRwfaUF+VziJXiBcZFqpHCAXS4HlrFsnzzl4=",
|
|
||||||
"owner": "simple-nixos-mailserver",
|
|
||||||
"repo": "nixos-mailserver",
|
|
||||||
"rev": "008d78cc21959e33d0d31f375b88353a7d7121ae",
|
|
||||||
"type": "gitlab"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "simple-nixos-mailserver",
|
|
||||||
"repo": "nixos-mailserver",
|
|
||||||
"type": "gitlab"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-but-gigachad": {
|
"nix-but-gigachad": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -309,11 +252,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702567580,
|
"lastModified": 1701522423,
|
||||||
"narHash": "sha256-lmO5UWwCyFD1WhwHru6Xb0zSRBGcIyqhyX3vVSGNTR0=",
|
"narHash": "sha256-V5TQ/1loQnegDjfLh61DxBWEQZivYEBq2kQpT0fn2cQ=",
|
||||||
"owner": "viperML",
|
"owner": "viperML",
|
||||||
"repo": "nh",
|
"repo": "nh",
|
||||||
"rev": "bd225f25992098122d83b28579a710d4181e0008",
|
"rev": "375c6cf57de3a839b7937358659bea526da27eae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -344,11 +287,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702291765,
|
"lastModified": 1701572887,
|
||||||
"narHash": "sha256-kfxavgLKPIZdYVPUPcoDZyr5lleymrqbr5G9PVfQ2NY=",
|
"narHash": "sha256-oCPwQZT0Inis4zcYhtFHUp7Rym1zglKPLDcRird35q8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "45d82e0a8b9dd6c5dd9da835ac0c072239af7785",
|
"rev": "41afa8d1c061beda68502bcc67f2788f3a77042b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -362,7 +305,7 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"utils": "utils_2"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1693158194,
|
"lastModified": 1693158194,
|
||||||
|
@ -380,11 +323,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702453208,
|
"lastModified": 1701656485,
|
||||||
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
|
"narHash": "sha256-xDFormrGCKKGqngHa2Bz1GTeKlFMMjLnHhTDRdMJ1hs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
|
"rev": "fa194fc484fd7270ab324bb985593f71102e84d1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -395,11 +338,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702312524,
|
"lastModified": 1701718080,
|
||||||
"narHash": "sha256-gkZJRDBUCpTPBvQk25G0B7vfbpEYM5s5OZqghkjZsnE=",
|
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a9bf124c46ef298113270b1f84a164865987a91c",
|
"rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -409,36 +352,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-22_11": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1669558522,
|
|
||||||
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixos-22.11",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-23_05": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1684782344,
|
|
||||||
"narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"id": "nixpkgs",
|
|
||||||
"ref": "nixos-23.05",
|
|
||||||
"type": "indirect"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "lib",
|
"dir": "lib",
|
||||||
|
@ -459,11 +372,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-master": {
|
"nixpkgs-master": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702753406,
|
"lastModified": 1701962726,
|
||||||
"narHash": "sha256-kRwOtgNWqrB/hXcK7JJwTMwAcKITRNBLPYsZ6zKcqZc=",
|
"narHash": "sha256-UFXSEVwzNrHqbY5yRBHf1ugXqirKUGxf1uQ6rm755R4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3b5083b83662210ef84325b879f5ec9189933822",
|
"rev": "2453c821f0a89bd579ac06f6a84152f41ee0c68b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -481,7 +394,6 @@
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"hypr-contrib": "hypr-contrib",
|
"hypr-contrib": "hypr-contrib",
|
||||||
"hyprland": "hyprland",
|
"hyprland": "hyprland",
|
||||||
"mailserver": "mailserver",
|
|
||||||
"nix-but-gigachad": "nix-but-gigachad",
|
"nix-but-gigachad": "nix-but-gigachad",
|
||||||
"nix-index-database": "nix-index-database",
|
"nix-index-database": "nix-index-database",
|
||||||
"nix-software-center": "nix-software-center",
|
"nix-software-center": "nix-software-center",
|
||||||
|
@ -583,21 +495,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1605370193,
|
|
||||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_3"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
|
@ -650,11 +547,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702334919,
|
"lastModified": 1700508250,
|
||||||
"narHash": "sha256-ibOZ3TLjqndGMcj2f+07NFwDWoum4IbzF58byZuJJNg=",
|
"narHash": "sha256-X4o/mifI7Nhu0UKYlxx53wIC+gYDo3pVM9L2u3PE2bE=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "xdg-desktop-portal-hyprland",
|
"repo": "xdg-desktop-portal-hyprland",
|
||||||
"rev": "f5c3576c3b6cb1c31a8dfa3e4113f59bfe40cd71",
|
"rev": "eb120ff25265ecacd0fc13d7dab12131b60d0f47",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -43,10 +43,6 @@
|
||||||
url = "github:nix-community/nix-index-database";
|
url = "github:nix-community/nix-index-database";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
mailserver = {
|
|
||||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
|
outputs = { self, nixpkgs, home-manager, ... }@inputs: {
|
||||||
|
|
|
@ -13,12 +13,6 @@ in {
|
||||||
./hardware/hardware-configuration.nix
|
./hardware/hardware-configuration.nix
|
||||||
./cachix.nix
|
./cachix.nix
|
||||||
( import ./hardware/nvidia.nix inputs )
|
( import ./hardware/nvidia.nix inputs )
|
||||||
( import ./services/forge.nix inputs )
|
|
||||||
( import ./services/cloud.nix inputs )
|
|
||||||
( import ./services/vaultwarden.nix inputs )
|
|
||||||
# ( import ./services/caddy.nix inputs ) # doesn't work
|
|
||||||
# ( import ./services/dnsmasq.nix inputs ) # borks my DNS
|
|
||||||
# ( import ./services/mail-server.nix inputs ) # needs a lot of DNS configs from cloudflaer, I only have 3 rules
|
|
||||||
inputs.nix-but-gigachad.nixosModules.default
|
inputs.nix-but-gigachad.nixosModules.default
|
||||||
];
|
];
|
||||||
nh = {
|
nh = {
|
||||||
|
|
|
@ -1,19 +0,0 @@
|
||||||
inputs: { config, ... }: {
|
|
||||||
services.caddy = {
|
|
||||||
enable = true;
|
|
||||||
/*
|
|
||||||
virtualHosts = {
|
|
||||||
"https://gra.phite.ro".extraConfig = ''
|
|
||||||
root * /home/ultra/code/html/blog
|
|
||||||
'';
|
|
||||||
"https://git.gra.phite.ro".extraConfig = ''
|
|
||||||
reverse_proxy :3000
|
|
||||||
'';
|
|
||||||
"https://phite.ro".extraConfig = ''
|
|
||||||
redir https://gra.phite.ro{uri} permanent
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
configFile = /home/ultra/code/html/blog/Caddyfile;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
inputs: { pkgs, config, ... }: {
|
|
||||||
services.nextcloud = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.nextcloud27;
|
|
||||||
hostName = "localhost";
|
|
||||||
config = {
|
|
||||||
adminpassFile = "/var/keys/nextcloud_initial_password";
|
|
||||||
extraTrustedDomains = [
|
|
||||||
"cloud.gra.phite.ro"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
|
||||||
inherit news files_markdown files_texteditor forms maps memories music onlyoffice polls;
|
|
||||||
};
|
|
||||||
/*
|
|
||||||
extraOptions = {
|
|
||||||
trusted_domains = [ "https://cloud.gra.phite.ro" ];
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
extraAppsEnable = true;
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."localhost".listen = [ { addr = "127.0.0.1"; port = 3001; } ];
|
|
||||||
}
|
|
|
@ -1,19 +0,0 @@
|
||||||
inputs: { config, pkgs, ... }: {
|
|
||||||
services.dnsmasq = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
server = [
|
|
||||||
"9.9.9.9"
|
|
||||||
"8.8.8.8"
|
|
||||||
];
|
|
||||||
listen-address = [
|
|
||||||
"192.168.100.35"
|
|
||||||
];
|
|
||||||
resolv-file = ''
|
|
||||||
${pkgs.writeText "$out/resolv.conf" ''
|
|
||||||
5.12.179.165 gra.phite.ro
|
|
||||||
''}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
inputs: { config, pkgs, ... }: {
|
|
||||||
services = {
|
|
||||||
/*
|
|
||||||
postgresql = {
|
|
||||||
ensureDatabases = [ config.services.gitea.user ];
|
|
||||||
ensureUsers = [
|
|
||||||
{
|
|
||||||
name = config.services.gitea.database.user;
|
|
||||||
ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
gitea = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.forgejo;
|
|
||||||
appName = "Graphite's Forge";
|
|
||||||
domain = "git.gra.phite.ro";
|
|
||||||
rootUrl = "https://git.gra.phite.ro";
|
|
||||||
lfs.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,231 +0,0 @@
|
||||||
inputs: { config, pkgs, lib, ... } :
|
|
||||||
let
|
|
||||||
|
|
||||||
# add nginx reverse proxy and ACME web certificate
|
|
||||||
add_nginx = true;
|
|
||||||
nginx_ports = [ 80 443 ];
|
|
||||||
|
|
||||||
lemmy = {
|
|
||||||
upstreamName = "lemmy";
|
|
||||||
dataDir = "/var/lib/lemmy";
|
|
||||||
ip = "127.0.0.1";
|
|
||||||
port = 1234;
|
|
||||||
domain = "lemmy.gra.phi.te";
|
|
||||||
};
|
|
||||||
|
|
||||||
lemmy-ui = {
|
|
||||||
upstreamName = "lemmy-ui";
|
|
||||||
ip = "127.0.0.1";
|
|
||||||
port = 8536;
|
|
||||||
};
|
|
||||||
|
|
||||||
pict-rs = {
|
|
||||||
ip = "127.0.0.1";
|
|
||||||
port = 8080;
|
|
||||||
};
|
|
||||||
|
|
||||||
acmeDomain = lemmy.domain;
|
|
||||||
nginxVhost = lemmy.domain;
|
|
||||||
|
|
||||||
in {
|
|
||||||
|
|
||||||
security.acme = lib.mkIf add_nginx {
|
|
||||||
acceptTerms = true;
|
|
||||||
defaults = {
|
|
||||||
email = "ultra980@proton.me";
|
|
||||||
dnsProvider = "cloudflare";
|
|
||||||
credentialsFile = ./lemmy_credentials.txt;
|
|
||||||
};
|
|
||||||
certs."${acmeDomain}" = {
|
|
||||||
domain = "${acmeDomain}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports;
|
|
||||||
|
|
||||||
# is needed because of certificate file permissions
|
|
||||||
users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"];
|
|
||||||
|
|
||||||
services.nginx = lib.mkIf add_nginx {
|
|
||||||
upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {};
|
|
||||||
upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {};
|
|
||||||
|
|
||||||
virtualHosts."${nginxVhost}" = {
|
|
||||||
useACMEHost = "${acmeDomain}";
|
|
||||||
# inherit from config.security.acme.acmeRoot;
|
|
||||||
acmeRoot = null;
|
|
||||||
# add redirects from http to https
|
|
||||||
forceSSL = true;
|
|
||||||
# this whole block was lifted from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines 21-32
|
|
||||||
extraConfig = ''
|
|
||||||
# disables emitting nginx version on error pages and in the “Server” response header field
|
|
||||||
server_tokens off;
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_types text/css application/javascript image/svg+xml;
|
|
||||||
gzip_vary on;
|
|
||||||
|
|
||||||
# Upload limit, relevant for pictrs
|
|
||||||
client_max_body_size 20M;
|
|
||||||
|
|
||||||
add_header X-Frame-Options SAMEORIGIN;
|
|
||||||
add_header X-Content-Type-Options nosniff;
|
|
||||||
add_header X-XSS-Protection "1; mode=block";
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
# we do not use the nixos "locations.<name>.proxyPass" option because the nginx config needs to do something fancy.
|
|
||||||
# again, lifted wholesale from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L36 lines 36-55
|
|
||||||
extraConfig = ''
|
|
||||||
# distinguish between ui requests and backend
|
|
||||||
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
|
|
||||||
set $proxpass "http://${lemmy-ui.upstreamName}";
|
|
||||||
|
|
||||||
if ($http_accept = "application/activity+json") {
|
|
||||||
set $proxpass "http://${lemmy.upstreamName}";
|
|
||||||
}
|
|
||||||
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
|
|
||||||
set $proxpass "http://${lemmy.upstreamName}";
|
|
||||||
}
|
|
||||||
if ($request_method = POST) {
|
|
||||||
set $proxpass "http://${lemmy.upstreamName}";
|
|
||||||
}
|
|
||||||
proxy_pass $proxpass;
|
|
||||||
|
|
||||||
# Cuts off the trailing slash on URLs to make them valid
|
|
||||||
rewrite ^(.+)/+$ $1 permanent;
|
|
||||||
|
|
||||||
# Send actual client IP upstream
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# again, lifted wholesale from https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines 60-69 (nice!)
|
|
||||||
"~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
|
|
||||||
proxyPass = "http://${lemmy.upstreamName}";
|
|
||||||
extraConfig = ''
|
|
||||||
# proxy common stuff
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
|
|
||||||
## Send actual client IP upstream
|
|
||||||
#proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
#proxy_set_header Host $host;
|
|
||||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.lemmy-ui = {
|
|
||||||
environment = {
|
|
||||||
LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}";
|
|
||||||
LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}";
|
|
||||||
LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ;
|
|
||||||
LEMMY_UI_HTTPS="true";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.pict-rs = {
|
|
||||||
enable = true;
|
|
||||||
port = pict-rs.port;
|
|
||||||
dataDir = "${dataDir}/pict-rs";
|
|
||||||
address = pict-rs.ip;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.lemmy = {
|
|
||||||
requires = ["postgresql.service"];
|
|
||||||
after = ["postgresql.service"];
|
|
||||||
environment = {
|
|
||||||
LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString config.services.postgresql.port}/lemmy";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.lemmy = {
|
|
||||||
enable = true;
|
|
||||||
ui.port = lemmy-ui.port;
|
|
||||||
database.createLocally = true;
|
|
||||||
settings = {
|
|
||||||
# TODO: Enable this much later when you tested everything.
|
|
||||||
# N.B. you can't change your domain name after enabling this.
|
|
||||||
federation.enabled = false;
|
|
||||||
# settings related to the postgresql database
|
|
||||||
database = {
|
|
||||||
user = "lemmy";
|
|
||||||
password = "secretlemmypassword";
|
|
||||||
host = "127.0.0.1";
|
|
||||||
port = ${config.services.postgresql.port};
|
|
||||||
database = "lemmy";
|
|
||||||
pool_size = 5;
|
|
||||||
};
|
|
||||||
/*
|
|
||||||
# Pictrs image server configuration.
|
|
||||||
pictrs = {
|
|
||||||
# Address where pictrs is available (for image hosting)
|
|
||||||
url = "http://${pict-rs.ip}:${toString pict-rs.port}/";
|
|
||||||
# TODO: Set a custom pictrs API key. ( Required for deleting images )
|
|
||||||
api_key = "";
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
# TODO: Email sending configuration. All options except login/password are mandatory
|
|
||||||
email = {
|
|
||||||
# Hostname and port of the smtp server
|
|
||||||
smtp_server = "";
|
|
||||||
# Login name for smtp server
|
|
||||||
smtp_login = "";
|
|
||||||
# Password to login to the smtp server
|
|
||||||
smtp_password = "";
|
|
||||||
# Address to send emails from, eg "noreply@your-instance.com";
|
|
||||||
smtp_from_address = "noreply@${lemmy.domain}";
|
|
||||||
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
|
|
||||||
tls_type = "none";
|
|
||||||
};
|
|
||||||
# TODO: Parameters for automatic configuration of new instance (only used at first start)
|
|
||||||
setup = {
|
|
||||||
# Username for the admin user
|
|
||||||
admin_username = "superawesomeadmin";
|
|
||||||
# Password for the admin user. It must be at least 10 characters.
|
|
||||||
admin_password = "";
|
|
||||||
# Name of the site (can be changed later)
|
|
||||||
site_name = "Lemmy at ${lemmy.domain}";
|
|
||||||
# Email for the admin user (optional, can be omitted and set later through the website)
|
|
||||||
admin_email = "admin@${lemmy.domain}";
|
|
||||||
};
|
|
||||||
# the domain name of your instance (mandatory)
|
|
||||||
hostname = lemmy.domain;
|
|
||||||
# Address where lemmy should listen for incoming requests
|
|
||||||
bind = lemmy.ip;
|
|
||||||
# Port where lemmy should listen for incoming requests
|
|
||||||
port = lemmy.port;
|
|
||||||
# Whether the site is available over TLS. Needs to be true for federation to work.
|
|
||||||
tls_enabled = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
# needed for now
|
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
|
||||||
"nodejs-14.21.3"
|
|
||||||
"openssl-1.1.1t"
|
|
||||||
];
|
|
||||||
|
|
||||||
system.activationScripts."make_sure_lemmy_user_owns_files" = ''
|
|
||||||
uid='${config.users.users.lemmy.uid}';
|
|
||||||
gid='${config.users.groups.lemmy.gid}';
|
|
||||||
dir='${lemmy.dataDir}'
|
|
||||||
|
|
||||||
mkdir -p "''${dir}"
|
|
||||||
|
|
||||||
if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then
|
|
||||||
chown -R "''${uid}:''${gid}" "''${dir}"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
inputs: { config, pkgs, ... }: {
|
|
||||||
imports = [
|
|
||||||
inputs.mailserver.nixosModules.default
|
|
||||||
];
|
|
||||||
mailserver = {
|
|
||||||
enable = true;
|
|
||||||
fqdn = "mail.gra.phite.ro";
|
|
||||||
domains = [ "gra.phite.ro" ];
|
|
||||||
|
|
||||||
loginAccounts = {
|
|
||||||
"alex@gra.phite.ro" = {
|
|
||||||
aliases = [
|
|
||||||
"postmaster@gra.phite.ro"
|
|
||||||
"ultra@gra.phite.ro"
|
|
||||||
"graphite@gra.phite.ro"
|
|
||||||
"me@gra.phite.ro"
|
|
||||||
"webmaster@gra.phite.ro"
|
|
||||||
"security@gra.phite.ro"
|
|
||||||
];
|
|
||||||
hashedPasswordFile = "/home/ultra/hashed_mail_password.txt";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
certificateScheme = "acme-nginx";
|
|
||||||
};
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
email = "security@gra.phite.ro";
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
inputs: { config, pkgs, ... }: {
|
|
||||||
services.vaultwarden = {
|
|
||||||
enable = true;
|
|
||||||
backupDir = "/var/vaultwarden/backups";
|
|
||||||
config = {
|
|
||||||
ROCKET_ADDRESS = "127.0.0.1";
|
|
||||||
ROCKET_PORT = 3002;
|
|
||||||
DOMAIN = "https://pwd.gra.phite.ro";
|
|
||||||
SIGNUPS_ALLOWED = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -183,7 +183,6 @@ in {
|
||||||
blender
|
blender
|
||||||
vesktop
|
vesktop
|
||||||
ktailctl
|
ktailctl
|
||||||
caddy
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue