SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 7
Code Issues 20 Pull Requests 1 Projects Releases Wiki Activity

Compare commits

merge into: SelfPrivacy:inex/test-autobackup
Branches Tags
SelfPrivacy:flakes
SelfPrivacy:inex/test-3.2.0
SelfPrivacy:inex/test-autobackup
SelfPrivacy:inex/test-systemd-rebuild
SelfPrivacy:master
SelfPrivacy:pre-release
SelfPrivacy:flake-to-override-folder
SelfPrivacy:flake-to-override
SelfPrivacy:systemd-limits
SelfPrivacy:ldap
SelfPrivacy:api-redis
SelfPrivacy:pleroma-fixes
SelfPrivacy:development
SelfPrivacy:rolling-testing
...
pull from: SelfPrivacy:flakes
Branches Tags
SelfPrivacy:flakes
SelfPrivacy:inex/test-3.2.0
SelfPrivacy:inex/test-autobackup
SelfPrivacy:inex/test-systemd-rebuild
SelfPrivacy:master
SelfPrivacy:pre-release
SelfPrivacy:flake-to-override-folder
SelfPrivacy:flake-to-override
SelfPrivacy:systemd-limits
SelfPrivacy:ldap
SelfPrivacy:api-redis
SelfPrivacy:pleroma-fixes
SelfPrivacy:development
SelfPrivacy:rolling-testing

10 Commits
inex/test- ... flakes

Author SHA1 Message Date
Alexander 94d016e5f5 add script, which prints SP API token 2024-05-30 04:11:41 +04:00
Inex Code 132b6724cd chore: update API 3.2.1 and update nixpkgs 2024-05-24 22:54:45 +03:00
Inex Code 86182f0799 chore: update API 3.2.0 and update nixpkgs 2024-05-22 11:40:21 +03:00
Inex Code ce3231774e chore: update nixpkgs 2024-05-02 22:34:36 +03:00
Inex Code f8223192e5 fix: Add DeSEC to dnsPropagationCheckExceptions 
Probably a temp fix to #59
 2024-05-02 22:31:30 +03:00
Alexander 4c183d5b40 fix deSEC: DESEC_POLLING_INTERVAL=30, propagation timeout and TTL 2024-03-12 19:58:37 +04:00
Inex Code 5e005dc436 chore: update API 3.1.0 2024-03-07 23:52:30 +03:00
Inex Code 6619760f47 Revert "try fix" 
This reverts commit 3b4466b49d.
 2024-02-23 20:46:24 +03:00
Inex Code 3b4466b49d try fix 2024-02-23 20:45:38 +03:00
Inex Code 5d9c385d08 Revert "chore: update API 3.0.1" 
This reverts commit 3a7876aeb4.
 2024-02-23 20:40:26 +03:00
3 changed files with 33 additions and 11 deletions
Show Stats Expand all files Collapse all files

19
configuration.nix
View File

@ -1,4 +1,20 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let
redis-sp-api-srv-name = "sp-api";
sp-print-api-token = pkgs.writeShellApplication {
name = "sp-print-api-token";
runtimeInputs = with pkgs; [ redis ];
text = ''
hash_token="$(redis-cli -s /run/redis-${redis-sp-api-srv-name}/redis.sock keys "token_repo:tokens:*" | head -n 1)"
hash_token="''${hash_token#"token_repo:tokens:"}"
token="$(redis-cli -s /run/redis-${redis-sp-api-srv-name}/redis.sock HGETALL "token_repo:tokens:$hash_token")"
token="$(echo "$token" | sed -n '2p')"
echo "$token"
'';
};
in
{ {
imports = [ imports = [
./selfprivacy-module.nix ./selfprivacy-module.nix
@ -15,7 +31,7 @@
services.selfprivacy-api.enable = true; services.selfprivacy-api.enable = true;
services.redis.servers.sp-api = { services.redis.servers.${redis-sp-api-srv-name} = {
enable = true; enable = true;
save = [ save = [
[ [
@ -68,6 +84,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
jq jq
sp-print-api-token
]; ];
# consider environment.defaultPackages = lib.mkForce []; # consider environment.defaultPackages = lib.mkForce [];
documentation.enable = false; # no {man,info}-pages & docs, etc to save space documentation.enable = false; # no {man,info}-pages & docs, etc to save space

16
flake.lock
View File

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1708566995, "lastModified": 1716361217,
"narHash": "sha256-e/THimsoxxMAHSbwMKov5f5Yg+utTj6XVGEo24Lhx+0=", "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3cb4ae6689d2aa3f363516234572613b31212b78", "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,11 +28,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708708748, "lastModified": 1716580438,
"narHash": "sha256-51snbOSHPuqyz0ht7iG+XswqZhDEwdCki12szCsbt78=", "narHash": "sha256-wWKhCiRmjrFgnHUgcxBb2mtBy9uTrY93yxpMYh/wpVY=",
"ref": "refs/heads/master", "ref": "master",
"rev": "3965203d2884653c9f1bd45d531789b9c712e403", "rev": "4f1d44ce74432e745f0be3b192f8cc4ae06fd169",
"revCount": 1184, "revCount": 1304,
"type": "git", "type": "git",
"url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git"
}, },

9
letsencrypt/acme.nix
View File

@ -9,12 +9,17 @@ let
CLOUDFLARE_ZONE_API_TOKEN=$TOKEN CLOUDFLARE_ZONE_API_TOKEN=$TOKEN
CLOUDFLARE_POLLING_INTERVAL=30 CLOUDFLARE_POLLING_INTERVAL=30
''; '';
DESEC = "DESEC_TOKEN=$TOKEN"; DESEC = ''
DESEC_TOKEN=$TOKEN
DESEC_POLLING_INTERVAL=30
DESEC_PROPAGATION_TIMEOUT=180
DESEC_TTL=3600
'';
}; };
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider}; dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
acme-env-filepath = "/var/lib/selfprivacy/acme-env"; acme-env-filepath = "/var/lib/selfprivacy/acme-env";
secrets-filepath = "/etc/selfprivacy/secrets.json"; secrets-filepath = "/etc/selfprivacy/secrets.json";
dnsPropagationCheckExceptions = [ "DIGITALOCEAN" ]; dnsPropagationCheckExceptions = [ "DIGITALOCEAN" "DESEC" ];
in in
{ {
users.groups.acmereceivers.members = [ "nginx" ]; users.groups.acmereceivers.members = [ "nginx" ];