caem/caenix
caem/caenix
1
Fork 0
Code Pull requests Releases Activity

Replace legacy configuration with the new

Browse source 
The old configuration is still available in the legacy branch of this
repository. It contains the mostly server oriented configuration while
this new configuration is aimed at desktop usage.
This commit is contained in:
caem 2024-04-04 01:41:19 +02:00
parent ab0f848847
commit eff6860aa2
35 changed files with 266 additions and 1091 deletions
Download patch file Download diff file Expand all files Collapse all files

28
packages/akkoma/package.nix
View file

@ -1,28 +0,0 @@
{ pkgs, ... }:
{
services.akkoma = {
enable = true;
config = {
":pleroma" = {
":instance" = {
name = "Dirae";
description = "This server uses NixOS btw";
email = "caem@dirae.org";
registration_open = false;
};
"Pleroma.Upload".filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.Exiftool"
"Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename"
];
};
"Pleroma.Web.Endpoint" = {
url.host = "social.dirae.org";
};
};
};
}

27
packages/deluge/homeserver.nix
View file

@ -1,27 +0,0 @@
{ ... }:
{
services.deluge = {
enable = true;
user = "media";
declarative = true;
dataDir = "/mnt/mass/Services/Deluge";
authFile = "/mnt/mass/Services/Deluge/auth";
config = {
download_location = "/mnt/mass/Torrents/incomplete";
move_completed_path = "/mnt/mass/Torrents";
move_completed = true;
listen_random_port = false;
outgoing_interface = "wg0";
listen_interface = "wg0";
allow_remote = true;
listen_ports = [ 57597 ];
max_active_seeding = -1;
max_active_downloading = 5;
max_active_limit = -1;
};
};
networking.firewall.allowedTCPPorts = [ 57597 58846 ];
}

72
packages/forgejo/dirae.nix
View file

@ -1,72 +0,0 @@
{ pkgs, config, lib, ... }: let
# theme = builtins.fetchurl {
# url = "";
# sha256 = "";
# };
in
{
# systemd.services.gitea.preStart = lib.mkAfter ''
# mkdir -p ${config.services.gitea.stateDir}/custom/public/css
# cp -f ${theme} ${config.services.gitea.stateDir}/custom/public/css/
# '';
services.gitea = {
enable = true;
package = pkgs.forgejo;
appName = "git.dirae.org";
settings = {
service = {
DISABLE_REGISTRATION = true;
};
server = {
DOMAIN = "git.dirae.org";
ROOT_URL = "https://git.dirae.org";
HTTP_PORT = 3001;
};
"ui" = {
THEMES = ''
forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green
'';
DEFAULT_THEME = "forgejo-dark";
};
"ui.user" = {
REPO_PAGING_NUM = 50;
};
"ui.meta" = {
AUTHOR = "dirae.org Forgejo instance";
DESCRIPTION = "Forgejo instance hosting git repositories for dirae.org";
KEYWORDS = "go,git,self-hosted,gitea,forgejo,foss,oss,decentrialised,federation";
};
"repository" = {
DEFAULT_BRANCH = "master";
DISABLE_STARS = true;
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_REPO_UNITS = ''
repo.code,repo.releases,repo.issues,repo.pulls
'';
PREFERRED_LICENSES="GPL-3.0-or-later,AGPL-3.0-or-later";
};
};
database = {
type = "postgres";
passwordFile = "/var/keys/gitea/db";
};
};
services.postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = ''
gitea-users gitea gitea
'';
};
}

26
packages/gitlab/package.nix
View file

@ -1,26 +0,0 @@
{ ... }:
{
services.gitlab = {
enable = true;
host = "gitlab.dirae.org";
# Server is running on limited budet :,)
# https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html
puma.workers = 0;
puma.threadsMax = 1;
user = "gitlab";
group = "gitlab";
https = true;
databasePasswordFile = "/var/keys/gitlab/db_password";
initialRootPasswordFile = "/var/keys/gitlab/root_password";
secrets = {
dbFile = "/var/keys/gitlab/db";
secretFile = "/var/keys/gitlab/secret";
otpFile = "/var/keys/gitlab/otp";
jwsFile = "/var/keys/gitlab/jws";
};
};
}

33
packages/mailserver/package.nix
View file

@ -1,33 +0,0 @@
{ simple-mailserver, ... }:
{
imports = [
simple-mailserver.nixosModule
];
mailserver = {
enable = true;
fqdn = "dirae.org";
domains = [ "dirae.org" ];
loginAccounts = {
"caem@dirae.org" = {
hashedPasswordFile = "/nix/config/packages/mailserver/pw";
aliases = [
"admin@dirae.org"
"postmaser@dirae.org"
"legal@dirae.org"
"contact@dirae.org"
"dmca@dirae.org"
"pt@dirae.org"
"cali@dirae.org"
"abuse@dirae.org"
];
};
};
# Managed in configuration for nginx
certificateScheme = "acme";
};
}

61
packages/nginx/dirae.nix
View file

@ -1,61 +0,0 @@
{ ... }:
let
fqdn = "dirae.org";
serverConfig."m.server" = "dirae.org:443";
mkWellKnown = data: ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
security.acme.acceptTerms = true;
security.acme.defaults.email = "caem@dirae.org";
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"caem.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/www/caem";
};
};
"dirae.org" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/www/dirae";
};
locations."/.well-known/matrix/server".extraConfig = ''
return 200 '{"m.server": "dirae.org:443"}';
default_type application/json;
add_header Access-Control-Allow-Origin *;
'';
locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
};
"git.dirae.org" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:3001";
};
# "gitlab.dirae.org" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
# };
# };
};
};
}

16
packages/nginx/homeserver.nix
View file

@ -1,16 +0,0 @@
{ ... }:
{
services.nginx = {
enable = true;
user = "media";
virtualHosts."192.168.2.69" = {
root = "/mnt/mass/Torrents";
extraConfig = ''
autoindex on;
'';
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
}

18
packages/sshd/package.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
ChallengeResponseAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
users.users."user".openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnopPaLuQT4+5LzqiBM4JfdRamzArszOrfoDy96KpQL9jeZQhT4E7LE63tySza4auJyTkFcnfGEQQaAlCUYTVvWrvB6l2nG7mVZ5Cr0YvQ1U9AY+1OPE5wCSDUk9zaUm3ldWgUWRA/MyGtzm3kQ+ZtYIOqtvF6Ki5vPRYl+QR0cjThw5Sr/99sTqZwgmbPoAkLXnioSI+oOgV6H8M9XCuvwmlm6YKfBrjTQltj93GpSf24Lf9YaFc51Auao78AfOof/EtGWlcBrvfdjaS/scxSmHO9r/AShV/BEVboG+89i+Qia67cATGIwDLB6HZO1dO5qTSImzcQ/QnFW1E0IGZy3LvKd/FT8QCpHjDtPlsxWwIuTgyLD3c9OZTTA8w619QBKic3KEhuRkhuwOqSPgpvgkK8hS91gr8spL+6U4Bdgo8gZH14kj7ZhiNsIur0Chj/X1uCHGXEHhlV4ky2XAxhGSSr9fy06w4uPsIXGnSufm8jbBAhYDrNzaod2Q/73VE= user@workstation"
];
networking.firewall.allowedTCPPorts = [ 22 ];
}

31
packages/synapse/package.nix
View file

@ -1,31 +0,0 @@
{ pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = {
enable = true;
settings.server_name = "dirae.org";
settings.listeners = [
{
port = 8008;
bind_addresses = [ "127.0.0.1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = true;
}];
}
];
};
}

18
packages/syncthing/homeserver.nix
View file

@ -1,18 +0,0 @@
{ ... }:
{
imports = [
../../users/media.nix
];
services.syncthing = {
enable = true;
user = "media";
dataDir = "/mnt/mass";
configDir = "/mnt/mass/Services/Syncthing";
guiAddress = "0.0.0.0:8384";
};
networking.firewall.allowedTCPPorts = [ 8384 22000 ];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
}

34
packages/vim/package.nix
View file

@ -1,34 +0,0 @@
{ pkgs, ... }:
{
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
((vim_configurable.override { }).customize{
name = "vim";
vimrcConfig.packages.plugins = with pkgs.vimPlugins; {
start = [ vim-nix ];
opt = [];
};
vimrcConfig.customRC = ''
syntax on
set tabstop=4
set shiftwidth=4 smarttab
set expandtab
set noswapfile
set incsearch
set noerrorbells
set smartindent
set number
set relativenumber
set nobackup
set scrolloff=8
set sidescrolloff=8
set fileencoding='utf-8'
set nohlsearch
'';
})
];
}

30
packages/wireguard/package.nix
View file

@ -1,30 +0,0 @@
{ pkgs, ... }:
{
networking.wg-quick.interfaces = {
wg0 = {
address = [ "10.174.110.32/32" ];
dns = [ "10.128.0.1" ];
mtu = 1320;
privateKeyFile = "/nix/config/packages/wireguard/privkey";
# Route local traffic through local network
preUp = ''
${pkgs.unixtools.route}/bin/route add -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1
'';
postDown = ''
${pkgs.unixtools.route}/bin/route del -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1
'';
peers = [{
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
presharedKeyFile = "/nix/config/packages/wireguard/privpsk";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "nl.vpn.airdns.org:1637";
persistentKeepalive = 15;
}];
};
};
networking.firewall.allowedUDPPorts = [ 1637 ];
}