Compare commits
44 Commits
Author | SHA1 | Date |
---|---|---|
Inex Code | 65b5a19777 | |
Inex Code | 60dd766846 | |
Inex Code | 8006f83257 | |
Inex Code | 74d35b16f2 | |
Inex Code | dd020c3a7d | |
Inex Code | ba1695c642 | |
Inex Code | bc5778fdea | |
Inex Code | 8d99d1c78a | |
Inex Code | 5e64b08381 | |
Inex Code | 7e590ae60c | |
Inex Code | eb36e9b265 | |
Inex Code | 3626506e3a | |
Inex Code | c8c69957b5 | |
Inex Code | 9a8af62e0b | |
Inex Code | a5b965f08f | |
Inex Code | d7edf5a95d | |
Inex Code | bdaf88208f | |
Inex Code | 2e175f8c10 | |
Inex Code | 497cf28ecc | |
Inex Code | 9c662d9629 | |
Inex Code | 0500315ae0 | |
Inex Code | d8f0922b8a | |
Inex Code | ab0c3e113c | |
Inex Code | b4827e6e26 | |
Inex Code | bfe0d18090 | |
Inex Code | 426d84f636 | |
sоvд[сова] | 41edc9f26f | |
sоvд[сова] | 5d3395648a | |
Inex Code | 1944739d28 | |
Inex Code | 08d8407a86 | |
Inex Code | 0d3e8c890c | |
Inex Code | 3dd8ff1821 | |
Inex Code | 895a816ef5 | |
Inex Code | 5210e610df | |
Inex Code | eab3d1e761 | |
Inex Code | a59fbef22a | |
Inex Code | 7a6f57def8 | |
Inex Code | e4ba827d5a | |
Inex Code | aeeffe42b1 | |
Inex Code | 399790e202 | |
Inex Code | 5f2ab0495b | |
Inex Code | 53c9655b7b | |
Inex Code | 52b896da45 | |
Inex Code | 8c81f24fa7 |
|
@ -43,12 +43,62 @@ in
|
|||
ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
|
||||
B2_BUCKET = cfg.b2Bucket;
|
||||
} // config.networking.proxy.envVars;
|
||||
path = [ "/var/" "/var/dkim/" pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild pkgs.restic pkgs.mkpasswd ];
|
||||
path = [
|
||||
"/var/"
|
||||
"/var/dkim/"
|
||||
pkgs.coreutils
|
||||
pkgs.gnutar
|
||||
pkgs.xz.bin
|
||||
pkgs.gzip
|
||||
pkgs.gitMinimal
|
||||
config.nix.package.out
|
||||
pkgs.nixos-rebuild
|
||||
pkgs.restic
|
||||
pkgs.mkpasswd
|
||||
pkgs.util-linux
|
||||
pkgs.e2fsprogs
|
||||
pkgs.iproute2
|
||||
];
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
User = "root";
|
||||
ExecStart = "${pkgs.selfprivacy-api}/bin/app.py";
|
||||
ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py";
|
||||
Restart = "always";
|
||||
RestartSec = "5";
|
||||
};
|
||||
};
|
||||
systemd.services.selfprivacy-api-worker = {
|
||||
description = "Task worker for SelfPrivacy API";
|
||||
environment = config.nix.envVars // {
|
||||
inherit (config.environment.sessionVariables) NIX_PATH;
|
||||
HOME = "/root";
|
||||
PYTHONUNBUFFERED = "1";
|
||||
ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
|
||||
B2_BUCKET = cfg.b2Bucket;
|
||||
PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.10/site-packages/";
|
||||
} // config.networking.proxy.envVars;
|
||||
path = [
|
||||
"/var/"
|
||||
"/var/dkim/"
|
||||
pkgs.coreutils
|
||||
pkgs.gnutar
|
||||
pkgs.xz.bin
|
||||
pkgs.gzip
|
||||
pkgs.gitMinimal
|
||||
config.nix.package.out
|
||||
pkgs.nixos-rebuild
|
||||
pkgs.restic
|
||||
pkgs.mkpasswd
|
||||
pkgs.util-linux
|
||||
pkgs.e2fsprogs
|
||||
pkgs.iproute2
|
||||
];
|
||||
after = [ "network-online.target" ];
|
||||
wantedBy = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
User = "root";
|
||||
ExecStart = "${pkgs.python310Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";
|
||||
Restart = "always";
|
||||
RestartSec = "5";
|
||||
};
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
services.selfprivacy-api = {
|
||||
enable = true;
|
||||
enableSwagger = config.services.userdata.api.enableSwagger;
|
||||
b2Bucket = config.services.userdata.backblaze.bucket;
|
||||
b2Bucket = config.services.userdata.backup.bucket;
|
||||
};
|
||||
|
||||
users.users."selfprivacy-api" = {
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
services.restic.backups = {
|
||||
options = {
|
||||
passwordFile = "/etc/restic/resticPasswd";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backup.bucket}";
|
||||
initialize = true;
|
||||
paths = [
|
||||
"/var/dkim"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz";
|
||||
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/22-11.tar.gz";
|
||||
nix-overlay = (import (builtins.fetchTarball url-overlay));
|
||||
in
|
||||
{
|
||||
|
@ -9,6 +9,7 @@ in
|
|||
./variables-module.nix
|
||||
./variables.nix
|
||||
./files.nix
|
||||
./volumes.nix
|
||||
./users.nix
|
||||
./mailserver/system/mailserver.nix
|
||||
./vpn/ocserv.nix
|
||||
|
@ -29,6 +30,26 @@ in
|
|||
|
||||
nixpkgs.overlays = [ (nix-overlay) ];
|
||||
|
||||
services.redis.servers.sp-api = {
|
||||
enable = true;
|
||||
save = [
|
||||
[
|
||||
30
|
||||
1
|
||||
]
|
||||
[
|
||||
10
|
||||
10
|
||||
]
|
||||
];
|
||||
port = 0;
|
||||
settings = {
|
||||
notify-keyspace-events = "KEA";
|
||||
};
|
||||
};
|
||||
|
||||
services.do-agent.enable = if config.services.userdata.server.provider == "DIGITALOCEAN" then true else false;
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
networking = {
|
||||
hostName = config.services.userdata.hostname;
|
||||
|
@ -68,6 +89,7 @@ in
|
|||
allowReboot = config.services.userdata.autoUpgrade.allowReboot;
|
||||
channel = "https://channel.selfprivacy.org/nixos-selfpricacy";
|
||||
};
|
||||
system.stateVersion = config.services.userdata.stateVersion;
|
||||
nix = {
|
||||
optimise.automatic = true;
|
||||
gc = {
|
||||
|
@ -75,6 +97,7 @@ in
|
|||
options = "--delete-older-than 7d";
|
||||
};
|
||||
};
|
||||
services.journald.extraConfig = "SystemMaxUse=500M";
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = 1;
|
||||
};
|
||||
|
|
37
files.nix
37
files.nix
|
@ -1,6 +1,16 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
dnsCredentialsTemplates = {
|
||||
DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
|
||||
CLOUDFLARE = ''
|
||||
CF_API_KEY=REPLACEME
|
||||
CLOUDFLARE_DNS_API_TOKEN=REPLACEME
|
||||
CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
|
||||
'';
|
||||
DESEC = "DESEC_TOKEN=REPLACEME";
|
||||
};
|
||||
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
|
||||
in
|
||||
{
|
||||
systemd.tmpfiles.rules =
|
||||
|
@ -14,6 +24,7 @@ in
|
|||
"d /var/lib/restic 0600 restic - - -"
|
||||
(if cfg.pleroma.enable then "f /var/lib/pleroma/secrets.exs 0755 pleroma pleroma - -" else "")
|
||||
"f+ /var/domain 0444 selfprivacy-api selfprivacy-api - ${domain}"
|
||||
(if cfg.bitwarden.enable then "f /var/lib/bitwarden/.env 0640 vaultwarden vaultwarden - -" else "")
|
||||
];
|
||||
system.activationScripts =
|
||||
let
|
||||
|
@ -23,6 +34,7 @@ in
|
|||
{
|
||||
nextcloudSecrets =
|
||||
if cfg.nextcloud.enable then ''
|
||||
mkdir -p /var/lib/nextcloud
|
||||
cat /etc/nixos/userdata/userdata.json | ${jq} -r '.nextcloud.databasePassword' > /var/lib/nextcloud/db-pass
|
||||
chmod 0440 /var/lib/nextcloud/db-pass
|
||||
chown nextcloud:nextcloud /var/lib/nextcloud/db-pass
|
||||
|
@ -39,10 +51,8 @@ in
|
|||
mkdir -p /var/lib/cloudflare
|
||||
chmod 0440 /var/lib/cloudflare
|
||||
chown nginx:acmerecievers /var/lib/cloudflare
|
||||
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||
'';
|
||||
|
@ -55,8 +65,8 @@ in
|
|||
echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
|
||||
echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
|
||||
|
||||
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf
|
||||
|
||||
chmod 0400 /root/.config/rclone/rclone.conf
|
||||
chown root:root /root/.config/rclone/rclone.conf
|
||||
|
@ -78,5 +88,20 @@ in
|
|||
'' else ''
|
||||
rm -f /var/lib/pleroma/secrets.exs
|
||||
'';
|
||||
bitwardenCredentials =
|
||||
if cfg.bitwarden.enable then ''
|
||||
mkdir -p /var/lib/bitwarden
|
||||
token=$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.bitwarden.adminToken')
|
||||
if [ "$token" == "null" ]; then
|
||||
# If it's null, delete the contents of the file
|
||||
> /var/lib/bitwarden/.env
|
||||
else
|
||||
echo "ADMIN_TOKEN=$token" > /var/lib/bitwarden/.env
|
||||
fi
|
||||
chmod 0640 /var/lib/bitwarden/.env
|
||||
chown vaultwarden:vaultwarden /var/lib/bitwarden/.env
|
||||
'' else ''
|
||||
rm -f /var/lib/bitwarden/.env
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,16 +1,22 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
in
|
||||
{
|
||||
fileSystems = lib.mkIf cfg.useBinds {
|
||||
"/var/lib/gitea" = {
|
||||
device = "/volumes/${cfg.gitea.location}/gitea";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
services = {
|
||||
gitea = {
|
||||
enable = cfg.gitea.enable;
|
||||
stateDir = "/var/lib/gitea";
|
||||
log = {
|
||||
rootPath = "/var/lib/gitea/log";
|
||||
level = "Warn";
|
||||
};
|
||||
# log = {
|
||||
# rootPath = "/var/lib/gitea/log";
|
||||
# level = "Warn";
|
||||
# };
|
||||
user = "gitea";
|
||||
database = {
|
||||
type = "sqlite3";
|
||||
|
@ -20,10 +26,10 @@ in
|
|||
path = "/var/lib/gitea/data/gitea.db";
|
||||
createDatabase = true;
|
||||
};
|
||||
ssh = {
|
||||
enable = true;
|
||||
clonePort = 22;
|
||||
};
|
||||
# ssh = {
|
||||
# enable = true;
|
||||
# clonePort = 22;
|
||||
# };
|
||||
lfs = {
|
||||
enable = true;
|
||||
contentDir = "/var/lib/gitea/lfs";
|
||||
|
@ -31,16 +37,17 @@ in
|
|||
appName = "SelfPrivacy git Service";
|
||||
repositoryRoot = "/var/lib/gitea/repositories";
|
||||
domain = "git.${cfg.domain}";
|
||||
rootUrl = "https://${cfg.domain}/";
|
||||
rootUrl = "https://git.${cfg.domain}/";
|
||||
httpAddress = "0.0.0.0";
|
||||
httpPort = 3000;
|
||||
cookieSecure = true;
|
||||
# cookieSecure = true;
|
||||
settings = {
|
||||
mailer = {
|
||||
ENABLED = false;
|
||||
};
|
||||
ui = {
|
||||
DEFAULT_THEME = "arc-green";
|
||||
SHOW_USER_EMAIL = false;
|
||||
};
|
||||
picture = {
|
||||
DISABLE_GRAVATAR = true;
|
||||
|
@ -51,6 +58,13 @@ in
|
|||
repository = {
|
||||
FORCE_PRIVATE = false;
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
log = {
|
||||
ROOT_PATH = "/var/lib/gitea/log";
|
||||
LEVEL = "Warn";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -8,19 +8,18 @@ in
|
|||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "${cfg.username}@${cfg.domain}";
|
||||
defaults = {
|
||||
email = "${cfg.username}@${cfg.domain}";
|
||||
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
|
||||
dnsPropagationCheck = false;
|
||||
reloadServices = [ "nginx" ];
|
||||
};
|
||||
certs = lib.mkForce {
|
||||
"${cfg.domain}" = {
|
||||
domain = "*.${cfg.domain}";
|
||||
extraDomainNames = [ "${cfg.domain}" ];
|
||||
group = "acmerecievers";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||
};
|
||||
"meet.${cfg.domain}" = {
|
||||
domain = "meet.${cfg.domain}";
|
||||
group = "acmerecievers";
|
||||
dnsProvider = "cloudflare";
|
||||
dnsProvider = lib.strings.toLower cfg.dns.provider;
|
||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -12,11 +12,6 @@ in
|
|||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
"nginx-config-reload" = {
|
||||
serviceConfig = {
|
||||
After = [ "acme-${domain}.service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,13 +6,24 @@ in
|
|||
imports = [
|
||||
(builtins.fetchTarball {
|
||||
# Pick a commit from the branch you are interested in
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/5675b122/nixos-mailserver-5675b122.tar.gz";
|
||||
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/6d0d9fb9/nixos-mailserver-6d0d9fb9.tar.gz";
|
||||
|
||||
# And set its hash
|
||||
sha256 = "1fwhb7a5v9c98nzhf3dyqf3a5ianqh7k50zizj8v5nmj3blxw4pi";
|
||||
sha256 = "sha256:0h35al73p15z9v8zb6hi5nq987sfl5wp4rm5c8947nlzlnsjl61x";
|
||||
})
|
||||
];
|
||||
|
||||
fileSystems = lib.mkIf cfg.useBinds {
|
||||
"/var/vmail" = {
|
||||
device = "/volumes/${cfg.email.location}/vmail";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/var/sieve" = {
|
||||
device = "/volumes/${cfg.email.location}/sieve";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users = {
|
||||
virtualMail = {
|
||||
isNormalUser = false;
|
||||
|
@ -32,7 +43,7 @@ in
|
|||
sieveScript = ''
|
||||
require ["fileinto", "mailbox"];
|
||||
if header :contains "Chat-Version" "1.0"
|
||||
{
|
||||
{
|
||||
fileinto :create "DeltaChat";
|
||||
stop;
|
||||
}
|
||||
|
@ -46,7 +57,7 @@ in
|
|||
sieveScript = ''
|
||||
require ["fileinto", "mailbox"];
|
||||
if header :contains "Chat-Version" "1.0"
|
||||
{
|
||||
{
|
||||
fileinto :create "DeltaChat";
|
||||
stop;
|
||||
}
|
||||
|
|
|
@ -1,11 +1,17 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
in
|
||||
{
|
||||
fileSystems = lib.mkIf cfg.useBinds {
|
||||
"/var/lib/nextcloud" = {
|
||||
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
services.nextcloud = {
|
||||
enable = cfg.nextcloud.enable;
|
||||
package = pkgs.nextcloud22;
|
||||
package = pkgs.nextcloud25;
|
||||
hostName = "cloud.${cfg.domain}";
|
||||
|
||||
# Use HTTPS for links
|
||||
|
|
|
@ -1,12 +1,23 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
in
|
||||
{
|
||||
fileSystems = lib.mkIf cfg.useBinds {
|
||||
"/var/lib/bitwarden" = {
|
||||
device = "/volumes/${cfg.bitwarden.location}/bitwarden";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/var/lib/bitwarden_rs" = {
|
||||
device = "/volumes/${cfg.bitwarden.location}/bitwarden_rs";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
services.vaultwarden = {
|
||||
enable = cfg.bitwarden.enable;
|
||||
dbBackend = "sqlite";
|
||||
backupDir = "/var/lib/bitwarden/backup";
|
||||
environmentFile = "/var/lib/bitwarden/.env";
|
||||
config = {
|
||||
domain = "https://password.${cfg.domain}/";
|
||||
signupsAllowed = true;
|
||||
|
|
|
@ -1,8 +1,18 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
in
|
||||
{
|
||||
fileSystems = lib.mkIf cfg.useBinds {
|
||||
"/var/lib/pleroma" = {
|
||||
device = "/volumes/${cfg.pleroma.location}/pleroma";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/var/lib/postgresql" = {
|
||||
device = "/volumes/${cfg.pleroma.location}/postgresql";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
};
|
||||
services = {
|
||||
pleroma = {
|
||||
enable = cfg.pleroma.enable;
|
||||
|
|
|
@ -41,6 +41,13 @@ in
|
|||
type = types.nullOr types.bool;
|
||||
};
|
||||
};
|
||||
stateVersion = mkOption {
|
||||
description = ''
|
||||
State version of the server
|
||||
'';
|
||||
type = types.str;
|
||||
default = "22.11";
|
||||
};
|
||||
########################
|
||||
# Server admin options #
|
||||
########################
|
||||
|
@ -85,12 +92,28 @@ in
|
|||
#############
|
||||
# Secrets #
|
||||
#############
|
||||
backblaze = {
|
||||
dns = {
|
||||
provider = mkOption {
|
||||
description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
useStagingACME = mkOption {
|
||||
description = "Use staging ACME server. Default is false";
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
};
|
||||
backup = {
|
||||
bucket = mkOption {
|
||||
description = "Bucket name used for userdata backups";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
server = {
|
||||
provider = mkOption {
|
||||
description = "Server provider that was defined at the initial setup process. Default is HETZNER";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
##############
|
||||
# Services #
|
||||
##############
|
||||
|
@ -99,24 +122,46 @@ in
|
|||
default = false;
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
location = mkOption {
|
||||
default = "sda1";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
email = {
|
||||
location = mkOption {
|
||||
default = "sda1";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
gitea = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
location = mkOption {
|
||||
default = "sda1";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
nextcloud = {
|
||||
enable = mkOption {
|
||||
default = true;
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
location = mkOption {
|
||||
default = "sda1";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
pleroma = {
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
location = mkOption {
|
||||
default = "sda1";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
jitsi = {
|
||||
enable = mkOption {
|
||||
|
@ -163,5 +208,19 @@ in
|
|||
type = types.nullOr (types.listOf (types.attrsOf types.anything));
|
||||
default = [ ];
|
||||
};
|
||||
##############
|
||||
# Volumes #
|
||||
##############
|
||||
volumes = mkOption {
|
||||
description = ''
|
||||
Volumes that will be created on the server
|
||||
'';
|
||||
type = types.nullOr (types.listOf (types.attrsOf types.anything));
|
||||
default = [ ];
|
||||
};
|
||||
useBinds = mkOption {
|
||||
type = types.nullOr types.bool;
|
||||
default = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -7,6 +7,7 @@ in
|
|||
hostname = lib.attrsets.attrByPath [ "hostname" ] null jsonData;
|
||||
domain = lib.attrsets.attrByPath [ "domain" ] null jsonData;
|
||||
timezone = lib.attrsets.attrByPath [ "timezone" ] "Europe/Uzhgorod" jsonData;
|
||||
stateVersion = lib.attrsets.attrByPath [ "stateVersion" ] "22.05" jsonData;
|
||||
autoUpgrade = {
|
||||
enable = lib.attrsets.attrByPath [ "autoUpgrade" "enable" ] true jsonData;
|
||||
allowReboot = lib.attrsets.attrByPath [ "autoUpgrade" "allowReboot" ] true jsonData;
|
||||
|
@ -18,20 +19,31 @@ in
|
|||
enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
|
||||
skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
|
||||
};
|
||||
backblaze = {
|
||||
bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
|
||||
dns = {
|
||||
provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
|
||||
useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
|
||||
};
|
||||
backup = {
|
||||
bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;
|
||||
};
|
||||
server = {
|
||||
provider = lib.attrsets.attrByPath [ "server" "provider" ] "HETZNER" jsonData;
|
||||
};
|
||||
bitwarden = {
|
||||
enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;
|
||||
location = lib.attrsets.attrByPath [ "bitwarden" "location" ] "sda1" jsonData;
|
||||
};
|
||||
gitea = {
|
||||
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
|
||||
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
|
||||
};
|
||||
nextcloud = {
|
||||
enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
|
||||
location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData;
|
||||
};
|
||||
pleroma = {
|
||||
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
|
||||
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;
|
||||
};
|
||||
jitsi = {
|
||||
enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData;
|
||||
|
@ -44,6 +56,11 @@ in
|
|||
rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;
|
||||
passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData;
|
||||
};
|
||||
email = {
|
||||
location = lib.attrsets.attrByPath [ "email" "location" ] "sda1" jsonData;
|
||||
};
|
||||
users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData;
|
||||
volumes = lib.attrsets.attrByPath [ "volumes" ] [ ] jsonData;
|
||||
useBinds = lib.attrsets.attrByPath [ "useBinds" ] false jsonData;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
in
|
||||
{
|
||||
fileSystems = { } // builtins.listToAttrs (builtins.map
|
||||
(volume: {
|
||||
name = "${volume.mountPoint}";
|
||||
value = {
|
||||
device = "${volume.device}";
|
||||
fsType = "${volume.fsType}";
|
||||
};
|
||||
})
|
||||
cfg.volumes);
|
||||
}
|
|
@ -126,6 +126,7 @@ in
|
|||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:5050";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -150,6 +151,13 @@ in
|
|||
};
|
||||
};
|
||||
};
|
||||
"meet.${domain}" = {
|
||||
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
||||
forceSSL = true;
|
||||
useACMEHost = domain;
|
||||
enableACME = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue