robi migration

This commit is contained in:
Ingolf Wagner 2022-01-13 13:40:18 +01:00
parent e8492a17bb
commit 340ec98c0f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
16 changed files with 212 additions and 94 deletions

View file

@ -0,0 +1,12 @@
{ config, pkgs, lib, ... }: {
services.bitwarden_rs = {
enable = true;
config = {
domain = "https://bitwarden.ingolf-wagner.de";
signupsAllowed = false;
rocketPort = 8222;
rocketLog = "critical";
};
};
#backup.dirs = [ "/var/lib/bitwarden_rs" ];
}

View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
let
domain = "md.ingolf-wagner.de";
in
{
services.nginx.enable = true;
services.nginx.virtualHosts.hedgedoc = {
enableACME = true;
forceSSL = true;
serverName = domain;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.hedgedoc.configuration.port}";
proxyWebsockets = true;
};
};
services.hedgedoc = {
enable = true;
configuration = {
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.sqlite";
useCDN = false;
};
allowFreeURL = true;
domain = domain;
port = 3091;
useCDN = false;
};
};
}

View file

@ -6,16 +6,20 @@
../../system/server/netdata.nix ../../system/server/netdata.nix
./hetzner.nix ./hetzner.nix
./packages.nix ./packages.nix
./tinc.nix ./tinc.nix
./syncthing.nix ./syncthing.nix
./taskserver.nix ./taskserver.nix
./transmission.nix ./transmission.nix
./nextcloud.nix ./nextcloud.nix
./codimd.nix
# todo # todo
./gitlab.nix ./gitea.nix
#./gitlab.nix
#./bitwarden.nix
#../../system/server #../../system/server

View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"git.ingolf-wagner.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.gogs.httpPort}";
};
};
};
};
services.gitea = {
enable = true;
appName = "git.ingolf-wagner.de";
cookieSecure = true;
disableRegistration = true;
domain = "git.ingolf-wagner.de";
dump.enable = true;
rootUrl = "https://git.ingolf-wagner.de/";
settings = {
other = {
SHOW_FOOTER_VERSION = false;
};
};
#backup.dirs = [ config.services.gogs.repositoryRoot ];
}

View file

@ -7,8 +7,8 @@
../../system/server/packages.nix ../../system/server/packages.nix
./nginx.nix ./nginx.nix
./tinc.nix ./tinc.nix
./codimd.nix
./bitwarden.nix ./bitwarden.nix
#./codimd.nix
#./syncplay.nix #./syncplay.nix
./grocy.nix ./grocy.nix

View file

@ -65,58 +65,57 @@ in
}; };
"git.ingolf-wagner.de" = { #"git.ingolf-wagner.de" = {
#listen = [ # #listen = [
# { # # {
# addr = "0.0.0.0"; # # addr = "0.0.0.0";
# port = 4443; # # port = 4443;
# ssl = true; # # ssl = true;
# # }
# # {
# # addr = "0.0.0.0";
# # port = 80;
# # ssl = false;
# # }
# #];
# forceSSL = true;
# enableACME = true;
# extraConfig = error.extraConfig;
# locations = {
# "/" = {
# proxyPass = "http://workhorse.private:3000";
# extraConfig = ''
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# #
# # Custom headers and headers various browsers *should* be OK with but aren't
# #
# add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
# #
# # Tell client that this pre-flight info is valid for 20 days
# #
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain; charset=utf-8';
# add_header 'Content-Length' 0;
# return 204;
# } # }
# { # if ($request_method = 'POST') {
# addr = "0.0.0.0"; # add_header 'Access-Control-Allow-Origin' '*';
# port = 80; # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# ssl = false; # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
# } # }
#]; # if ($request_method = 'GET') {
forceSSL = true; # add_header 'Access-Control-Allow-Origin' '*';
enableACME = true; # add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
extraConfig = error.extraConfig; # add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
# add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
locations = { # }
"/" = { # '';
proxyPass = "http://workhorse.private:3000"; # };
extraConfig = '' # } // error.locations;
if ($request_method = 'OPTIONS') { #};
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
#
# Custom headers and headers various browsers *should* be OK with but aren't
#
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
if ($request_method = 'POST') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
if ($request_method = 'GET') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
}
'';
};
} // error.locations;
};
#"grocy.ingolf-wagner.de" = { #"grocy.ingolf-wagner.de" = {
# listen = [ # listen = [
@ -447,13 +446,13 @@ in
''; '';
}; };
systemd.services."socat-gogs-ssh" = { #systemd.services."socat-gogs-ssh" = {
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
script = # script =
let port = "2222"; # let port = "2222";
in '' # in ''
${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} # ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port}
''; # '';
}; #};
} }

View file

@ -10,4 +10,7 @@
}; };
}; };
users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { };
} }

View file

@ -24,8 +24,16 @@
sops.secrets.tinc_retiolum_rsa_key = { }; sops.secrets.tinc_retiolum_rsa_key = { };
security.wrappers = { security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount"; pmount = {
pumount.source = "${pkgs.pmount}/bin/pumount"; source = "${pkgs.pmount}/bin/pmount";
owner = config.users.users.mainUser.name;
group = "nogroup";
};
pumount = {
source = "${pkgs.pmount}/bin/pumount";
owner = config.users.users.mainUser.name;
group = "nogroup";
};
}; };
# keybase # keybase

View file

@ -36,7 +36,7 @@ in
imagemagick imagemagick
bitwig-studio3 bitwig-studio3
sononym-crawler #sononym-crawler
darktable darktable
# rust development environment # rust development environment

View file

@ -20,5 +20,9 @@ with lib;
connectTo = [ "sputnik" ]; connectTo = [ "sputnik" ];
}; };
}; };
users.users."tinc.retiolum".group = "tinc.retiolum";
users.groups."tinc.retiolum" = { };
users.users."tinc.secret".group = "tinc.secret";
users.groups."tinc.secret" = { };
} }

View file

@ -55,7 +55,9 @@
"inputs": { "inputs": {
"doom-emacs": "doom-emacs", "doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets", "doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay", "emacs-overlay": [
"emacs-overlay"
],
"emacs-so-long": "emacs-so-long", "emacs-so-long": "emacs-so-long",
"evil-markdown": "evil-markdown", "evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode", "evil-org-mode": "evil-org-mode",
@ -108,11 +110,11 @@
"emacs-overlay": { "emacs-overlay": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1626972035, "lastModified": 1642012880,
"narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", "narHash": "sha256-TOjm/NVua9SC7t+qi5AWBMwH2J3Sz5jrQBEqw8K+krk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", "rev": "5db3fa544f264e5b5a11162475228446498827b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -401,11 +403,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1641528457, "lastModified": 1641887635,
"narHash": "sha256-FyU9E63n1W7Ql4pMnhW2/rO9OftWZ37pLppn/c1aisY=", "narHash": "sha256-kDGpufwzVaiGe5e1sBUBPo9f1YN+nYHJlYqCaVpZTQQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ff377a78794d412a35245e05428c8f95fef3951f", "rev": "b2737d4980a17cc2b7d600d7d0b32fd7333aca88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +419,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1641593416, "lastModified": 1641870998,
"narHash": "sha256-Vn/vqQtYnVuZlbGGO0gSzLjmtFwb6OPvakwyoG1D/MY=", "narHash": "sha256-6HkxR2WZsm37VoQS7jgp6Omd71iw6t1kP8bDbaqCDuI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "36480448d470bf41bb21267cf9062a1542c4a95f", "rev": "386234e2a61e1e8acf94dfa3a3d3ca19a6776efb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -569,11 +571,11 @@
"rev": "b39c539f9e720cc144c9ad7fe0d72cd46f793dab", "rev": "b39c539f9e720cc144c9ad7fe0d72cd46f793dab",
"revCount": 22, "revCount": 22,
"type": "git", "type": "git",
"url": "ssh://gitlab@gitlab.ingolf-wagner.de/palo/polygon-art" "url": "https://gitlab.ingolf-wagner.de/palo/polygon-art.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "ssh://gitlab@gitlab.ingolf-wagner.de/palo/polygon-art" "url": "https://gitlab.ingolf-wagner.de/palo/polygon-art.git"
} }
}, },
"revealjs": { "revealjs": {
@ -596,6 +598,7 @@
"inputs": { "inputs": {
"cluster-module": "cluster-module", "cluster-module": "cluster-module",
"doom-emacs-nix": "doom-emacs-nix", "doom-emacs-nix": "doom-emacs-nix",
"emacs-overlay": "emacs-overlay",
"grocy-scanner": "grocy-scanner", "grocy-scanner": "grocy-scanner",
"home-manager": "home-manager", "home-manager": "home-manager",
"home-manager-utils": "home-manager-utils", "home-manager-utils": "home-manager-utils",

View file

@ -5,13 +5,16 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
polygon-art = { polygon-art = {
url = "git+ssh://gitlab@gitlab.ingolf-wagner.de/palo/polygon-art"; url = "git+https://gitlab.ingolf-wagner.de/palo/polygon-art.git";
#url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; };
#inputs.nixpkgs.follows = "nixpkgs"; emacs-overlay = {
url = "github:nix-community/emacs-overlay";
flake = false;
}; };
doom-emacs-nix = { doom-emacs-nix = {
url = "github:vlaci/nix-doom-emacs"; url = "github:vlaci/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.emacs-overlay.follows = "emacs-overlay";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-21.11"; url = "github:nix-community/home-manager/release-21.11";
@ -40,6 +43,7 @@
, nixpkgs , nixpkgs
, home-manager , home-manager
, home-manager-utils , home-manager-utils
, emacs-overlay
, doom-emacs-nix , doom-emacs-nix
, nixpkgs-unstable , nixpkgs-unstable
, cluster-module , cluster-module
@ -82,7 +86,10 @@
desktopModules = [ desktopModules = [
{ {
home-manager.users.mainUser = { home-manager.users.mainUser = {
imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; imports = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
];
}; };
environment.systemPackages = [ environment.systemPackages = [
nixpkgs-fmt.defaultPackage."x86_64-linux" nixpkgs-fmt.defaultPackage."x86_64-linux"

View file

@ -25,6 +25,8 @@ in
# see https://nixos.wiki/wiki/Fonts # see https://nixos.wiki/wiki/Fonts
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.xserver.dpi = cfg.dpi;
fonts = { fonts = {
enableDefaultFonts = true; enableDefaultFonts = true;
@ -32,7 +34,7 @@ in
fontDir.enable = true; fontDir.enable = true;
fontconfig = { fontconfig = {
dpi = cfg.dpi; #dpi = cfg.dpi;
subpixel = { subpixel = {
lcdfilter = "default"; lcdfilter = "default";
rgba = "rgb"; rgba = "rgb";

View file

@ -1,4 +1,9 @@
{ config, lib, ... }: { { config, lib, ... }:
# borg core setup
# ---------------
# provides an easy interface for all services
# to append it's files to be backuped
{
options = { options = {
backup.dirs = lib.mkOption { backup.dirs = lib.mkOption {
@ -24,10 +29,10 @@
let let
servers = [ servers = [
{ #{
name = "workhorse"; # name = "robi";
host = "workhorse.private"; # host = "robi.private";
} #}
{ {
name = "pepe"; name = "pepe";
host = "pepe.private"; host = "pepe.private";
@ -45,11 +50,9 @@
repo = "borg@${server}:./${myHostname}"; repo = "borg@${server}:./${myHostname}";
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
"cat ${config.sops.secrets.backup_repository_passphrase.path}";
}; };
environment.BORG_RSH = environment.BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
"ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
compression = "auto,lzma"; compression = "auto,lzma";
startAt = "daily"; startAt = "daily";
prune.keep = { prune.keep = {

View file

@ -10,8 +10,8 @@
--rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \ --rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \
"$@" "$@"
''; '';
hosts = [ "workhorse" "pepe" ]; hosts = [ "pepe" "robi" ];
repositories = [ "workhorse" "pepe" "sterni" "workout" ]; repositories = [ "pepe" "sterni" "robi" ];
commands = [ "list" ]; commands = [ "list" ];
in in
lib.flatten (map lib.flatten (map

View file

@ -3,6 +3,12 @@
programs.doom-emacs = { programs.doom-emacs = {
enable = true; enable = true;
doomPrivateDir = ./doom.d; doomPrivateDir = ./doom.d;
emacsPackagesOverlay = self: super: {
# fixes https://github.com/vlaci/nix-doom-emacs/issues/394
gitignore-mode = pkgs.emacsPackages.git-modes;
gitconfig-mode = pkgs.emacsPackages.git-modes;
};
}; };
}; };
environment.systemPackages = [ environment.systemPackages = [