gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 08:53:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

unix ports cool

Browse source
This commit is contained in:
Gerg-L 2023-09-20 22:46:06 -04:00
parent 2fc4baa6ee
commit d47fc2217a
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
5 changed files with 37 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

48
hosts/gerg-desktop/services/gitea.nix
View file

@ -1,33 +1,31 @@
_: {config, ...}: {
sops.secrets.sql_gitea = {
owner = config.services.gitea.user;
inherit (config.services.gitea) group;
};
users.users = {
${config.services.gitea.user}.openssh.authorizedKeys.keys = [config.local.keys.gerg_gerg-desktop];
${config.services.gitea.user} = {
openssh.authorizedKeys.keys = [config.local.keys.gerg_gerg-desktop];
extraGroups = ["postgres"];
};
${config.services.nginx.user}.extraGroups = [config.services.gitea.group];
};
services = {
gitea = {
enable = true;
stateDir = "/persist/services/gitea";
appName = "Powered by NixOS";
settings = {
server = {
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
LANDING_PAGE = "/explore/repos";
HTTP_ADDR = "/run/gitea/gitea.sock";
PROTOCOL = "http+unix";
UNIX_SOCKET_PERMISSION = "660";
};
ui.DEFAULT_THEME = "arc-green";
service.DISABLE_REGISTRATION = true;
};
database = {
type = "postgres";
passwordFile = config.sops.secrets.sql_gitea.path;
services.gitea = {
enable = true;
stateDir = "/persist/services/gitea";
appName = "Powered by NixOS";
settings = {
server = {
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
LANDING_PAGE = "/explore/repos";
HTTP_ADDR = "/run/gitea/gitea.sock";
PROTOCOL = "http+unix";
UNIX_SOCKET_PERMISSION = "660";
};
ui.DEFAULT_THEME = "arc-green";
service.DISABLE_REGISTRATION = true;
};
database = {
type = "postgres";
socket = "/run/postgresql";
createDatabase = true;
};
};
_file = ./gitea.nix;

7
hosts/gerg-desktop/services/miniflux.nix
View file

@ -4,10 +4,7 @@ _: {
pkgs,
...
}: {
sops.secrets.minifluxenv = {
owner = "miniflux";
group = "miniflux";
};
sops.secrets.minifluxenv.owner = "miniflux";
systemd.services = {
miniflux = {
@ -48,6 +45,7 @@ _: {
};
environment = {
BASE_URL = "https://flux.gerg-l.com";
LISTEN_ADDR = "/run/miniflux/miniflux.sock";
DATABASE_URL = "user=miniflux host=/run/postgresql dbname=miniflux";
RUN_MIGRATIONS = "1";
@ -74,6 +72,7 @@ _: {
users = {
miniflux = {
group = "miniflux";
extraGroups = ["postgres"];
isSystemUser = true;
uid = 377;
};

26
hosts/gerg-desktop/services/nextcloud.nix
View file

@ -3,19 +3,10 @@ _: {
config,
...
}: {
sops.secrets = {
sql_nextcloud = {
owner = "nextcloud";
group = "nextcloud";
};
nextcloud = {
owner = "nextcloud";
group = "nextcloud";
};
};
systemd.tmpfiles.rules = [
"d /persist/services/nextcloud - nextcloud nextcloud - -"
];
sops.secrets.nextcloud.owner = "nextcloud";
users.users.nextcloud.extraGroups = ["postgres"];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
@ -23,18 +14,13 @@ _: {
hostName = "next.gerg-l.com";
autoUpdateApps.enable = false;
enableBrokenCiphersForSSE = false;
database.createLocally = true;
config = {
dbtype = "pgsql";
dbhost = "/run/postgresql";
dbpassFile = config.sops.secrets.sql_nextcloud.path;
adminpassFile = config.sops.secrets.sql_nextcloud.path;
adminpassFile = config.sops.secrets.nextcloud.path;
adminuser = "admin-root";
defaultPhoneRegion = "US";
};
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
_file = ./nextcloud.nix;
}

12
hosts/gerg-desktop/services/postgresql.nix
View file

@ -7,9 +7,9 @@ _: {
enable = true;
package = pkgs.postgresql_13;
dataDir = "/persist/services/postgresql";
ensureDatabases = [
"miniflux"
config.services.nextcloud.config.dbname
config.services.gitea.database.user
];
ensureUsers = [
@ -17,15 +17,9 @@ _: {
name = "miniflux";
ensurePermissions."DATABASE miniflux" = "ALL PRIVILEGES";
}
{
name = config.services.nextcloud.config.dbuser;
ensurePermissions."DATABASE ${config.services.nextcloud.config.dbname}" = "ALL PRIVILEGES";
}
{
name = config.services.gitea.database.user;
ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
}
];
settings.unix_socket_permissions = "0770";
};
_file = ./postgresql.nix;
}