Immutable NixOS config

Go to file

Inex Code c1ed3a522c Move secrets out of Nix Store (#19 ) Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store. In the past tmpfiles.d was used, but its entire contents get to the nix store. Now, all files with secrets are generated in activation scripts, with the help of jq and sed. Also dead Pleroma code was deleted, but CAPTCHA is still broken. Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: #19 Co-authored-by: Inex Code <inex.code@selfprivacy.org> Co-committed-by: Inex Code <inex.code@selfprivacy.org>		2022-07-19 15:18:46 +03:00
api	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
backup	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
git	Initial commit	2021-11-15 13:02:05 +03:00
letsencrypt	roll back the roll back	2022-02-16 11:06:51 +03:00
mailserver/system	Remove alps from server configurtaion	2022-06-24 18:51:29 +03:00
nextcloud	Overwrite nextcloud protocol to https	2021-12-06 21:37:45 +03:00
passmgr	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
resources	Initial commit	2021-11-15 13:02:05 +03:00
social	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
userdata	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
videomeet	roll back the roll back	2022-02-16 11:06:51 +03:00
vpn	Add groups to users	2022-04-20 13:22:16 +03:00
webserver	roll back the roll back	2022-02-16 11:06:51 +03:00
.gitignore	Add tokens.json to gitignore	2022-04-29 16:40:59 +03:00
LICENSE	Изменил(а) на 'LICENSE'	2021-11-18 10:08:19 +02:00
README.md	Update README	2021-11-16 19:22:36 +03:00
configuration.nix	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
files.nix	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
users.nix	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
variables-module.nix	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00
variables.nix	Move secrets out of Nix Store (#19 )	2022-07-19 15:18:46 +03:00

README.md

SelfPrivacy NixOS configuration

This is a NixOS config which builds a SelfPrivacy server distribution based on data provided in userdata/userdata.json.

JSON schema is provided in userdata/schema.json for reference.

hardware-configuration.nix is not included.

Example JSON config:

{
    "backblaze": {
        "accountId": "BACKBLAZE_KEY_ID",
        "accountKey": "BACKBLAZE_ACCOUNT_KEY",
        "bucket": "BACKBLAZE_BUCKET_NAME"
    },
    "api": {
        "token": "API_TOKEN",
        "enableSwagger": false
    },
    "bitwarden": {
        "enable": true
    },
    "cloudflare": {
        "apiKey": "CF_TOKEN"
    },
    "databasePassword": "DB_PASSWORD",
    "domain": "DOMAIN",
    "hashedMasterPassword": "HASHED_PASSWORD",
    "hostname": "DOMAIN",
    "nextcloud": {
        "enable": true,
        "adminPassword": "PASSWORD",
        "databasePassword": "PASSWORD"
    },
    "gitea": {
        "enable": true
    },
    "jitsi": {
        "enable": true
    },
    "ocserv": {
        "enable": true
    },
    "pleroma": {
        "enable": true
    },
    "timezone": "Europe/Moscow",
    "resticPassword": "PASSWORD",
    "ssh": {
        "enable": true,
        "rootSshKeys": [
            "ssh-ed25519 KEY user@host"
        ],
        "passwordAuthentication": true
    },
    "username": "LUSER",
    "users": [
        {
            "hashedPassword": "OTHER_USER_HASHED_PASSWORD",
            "username": "OTHER_USER"
        }
    ]
}