gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

flexing on Plumeria

Browse source
This commit is contained in:
Gerg-L 2023-03-12 03:28:57 -04:00
parent fa8e9e6bc8
commit 04d0e3e9a7
2 changed files with 68 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

66
systems/gerg-desktop/containers/website.nix
View file

@ -1,5 +1,15 @@
_: {...}: { _: {...}: {
sops.secrets."website/sql" = {}; sops.secrets = {
"website/sql_gitea" = {
mode = "0444";
};
"website/sql_nextcloud" = {
mode = "0444";
};
"website/nextcloud" = {
mode = "0444";
};
};
containers."website" = { containers."website" = {
ephemeral = true; ephemeral = true;
autoStart = true; autoStart = true;
@ -31,7 +41,6 @@ _: {...}: {
defaultGateway = "192.168.1.1"; defaultGateway = "192.168.1.1";
nameservers = ["1.1.1.1" "1.0.0.1"]; nameservers = ["1.1.1.1" "1.0.0.1"];
firewall = { firewall = {
#allowedUDPPorts = [giteaPort 80 443];
allowedTCPPorts = [giteaPort 80 443 22]; allowedTCPPorts = [giteaPort 80 443 22];
}; };
}; };
@ -46,7 +55,7 @@ _: {...}: {
services = { services = {
gitea = { gitea = {
enable = true; enable = true;
appName = "WEEEWOOOO"; appName = "Powered by NixOS";
domain = "git.gerg-l.com"; domain = "git.gerg-l.com";
rootUrl = "https://git.gerg-l.com/"; rootUrl = "https://git.gerg-l.com/";
httpPort = giteaPort; httpPort = giteaPort;
@ -61,9 +70,52 @@ _: {...}: {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
}; };
}; };
database = {
type = "postgres";
passwordFile = "/secrets/sql_gitea";
};
};
nextcloud = {
enable = true;
package = pkgs.nextcloud25;
hostName = "next.gerg-l.com";
nginx.recommendedHttpHeaders = true;
enableBrokenCiphersForSSE = false;
https = true;
autoUpdateApps.enable = true;
config = {
dbtype = "pgsql";
dbhost = "/run/postgresql";
dbpassFile = "/secrets/sql_nextcloud";
adminpassFile = "/secrets/nextcloud";
adminuser = "admin-root";
defaultPhoneRegion = "IL";
extraTrustedDomains = ["[2605:59c8:252e:500:200:ff:fe00:11]"];
};
};
postgresql = {
enable = true;
package = pkgs.postgresql_13;
ensureDatabases = [config.services.nextcloud.config.dbname];
ensureUsers = [
{
name = config.services.nextcloud.config.dbuser;
ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES";
}
];
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = ''
gitea-users gitea gitea
'';
}; };
nginx = { nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"git.gerg-l.com" = { "git.gerg-l.com" = {
forceSSL = true; forceSSL = true;
@ -72,6 +124,10 @@ _: {...}: {
proxyPass = "http://localhost:${toString giteaPort}"; proxyPass = "http://localhost:${toString giteaPort}";
}; };
}; };
"next.gerg-l.com" = {
forceSSL = true;
enableACME = true;
};
}; };
}; };
openssh = { openssh = {
@ -83,6 +139,10 @@ _: {...}: {
}; };
}; };
}; };
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "gregleyda@proton.me"; defaults.email = "gregleyda@proton.me";

8
systems/gerg-desktop/secrets.yaml
View file

@ -2,7 +2,9 @@ discordenv: ENC[AES256_GCM,data:/A46urPOiqH2ejKmmzCIpR/g2hU6n/AUTNQPikAxvp1PikWg
root: ENC[AES256_GCM,data:9rmkBNILB1vvfaXtnU8mXqTIkoyI5R3FJKkh941Jhszrdj0FsmO8u3IFGAaCoe3TLVFOcRCS3QQWOZeZOvhUDvebZyYpVP/3ow==,iv:y8jvSxfrONSYqJ+xoxecN712EGiyawN1Q3VFjAMZO+g=,tag:jCCTZHTs01hioNKMlTd7Rw==,type:str] root: ENC[AES256_GCM,data:9rmkBNILB1vvfaXtnU8mXqTIkoyI5R3FJKkh941Jhszrdj0FsmO8u3IFGAaCoe3TLVFOcRCS3QQWOZeZOvhUDvebZyYpVP/3ow==,iv:y8jvSxfrONSYqJ+xoxecN712EGiyawN1Q3VFjAMZO+g=,tag:jCCTZHTs01hioNKMlTd7Rw==,type:str]
gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str] gerg: ENC[AES256_GCM,data:iSwWGIIxQenCPMd/Tith/eagjVINn0mgrO99IG85cP4UXtut6GF2R57XDMeD7SU18vW1ULod/lYuTo0SmmrkmX+wlDWgm4cODw==,iv:fHTcn4ZmjSqLC8jQkuualRbp+RwvgblS1ic6WPb2WEY=,tag:rkDuXhvleKekv3bVpdNNuw==,type:str]
website: website:
sql: ENC[AES256_GCM,data:NmP4AZjEmS+q/5oRjcst3e9Jhqk=,iv:OcQwjBPOu50YOVqKhM/1j/Vfx9LchX2HkquhofQkeU8=,tag:rpm0Kcpuy133dWX7aQX4hg==,type:str] nextcloud: ENC[AES256_GCM,data:JoxSXYzBhXV+h4Ar,iv:jKlAwWfX58DpgGbGOqWBIwcnx8EdIxhFKOUzsDccr7w=,tag:L6UBHh1HU8Je+OczQCypXg==,type:str]
sql_gitea: ENC[AES256_GCM,data:Usfd0QDm/4ntj7kzXXYa3O7H7/E=,iv:3xUD2KuQvJUQtai6C+qAnQ2RbkpN5VLK8BUJFiMpQkY=,tag:E6KNzFIZekgecJCBPlw4YA==,type:str]
sql_nextcloud: ENC[AES256_GCM,data:xkJioAZCCd8aIxS283UhZ2yfLgQ=,iv:7SQ2iSJShX6dDP3qD0KPaJP49CQ6RMHQ6uY5J/WODtI=,tag:HNXYa1L88mGB5uOrmTuFDg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -18,8 +20,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-12T04:27:16Z" lastmodified: "2023-03-12T06:10:20Z"
mac: ENC[AES256_GCM,data:xhZW5nsu9w/83Stm21NQ4kHvletVB1QbF9oaDyKLYk1AMe5hLH+SPgk2OWTMAIuZcYne69UP/XjI9PO9w3apa+P6hf47wAyyl1hmS/kqfA80K+qmvee1Pl9idjskhSe3+ypAiZBDEbjMDglamqSgv0cq3EyhOOQDlTNLju8BAXc=,iv:VtVJqYzWA7OvyR9hYTnkMUsxOOG8qVX80sjYifPwiJo=,tag:CHYxsZz05HkXNDLhURqtOw==,type:str] mac: ENC[AES256_GCM,data:0x7fngutav44zWsytXfxrOYYWvJsAVPGhG4KC8Vu6mxVz27alK52ZksLraQ6C+vGzUiPca1cv6nN/+aYBzU0NdxIJQOeCr//H1oDf7X8k5wTzcwxDRxqu6og66zCuMcLW5WZhuaoCKSIZX120gVZe4a6q1E2JzbpaXwlzz7wH8E=,iv:Htgcu9LvHOV1Xsxknq2vf9GEE9WG6ffS7q0D50xLiac=,tag:p6AL3w5PgqvQg2MuZ+URRw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3