palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

move terranix.org to github and fix matrix.terranix.org

Browse source
This commit is contained in:
Ingolf Wagner 2024-01-03 14:32:22 +01:00
parent cc8f610382
commit acaec28a55
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
7 changed files with 167 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nixos/machines/robi/nginx.nix
View file

@ -141,21 +141,6 @@ in
}; };
} // error.locations; } // error.locations;
}; };
"terranix.org" = {
forceSSL = true;
enableACME = true;
extraConfig = error.extraConfig;
locations = {
"/" = {
root = "/srv/www/terranix";
extraConfig = ''
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$request_uri/ permanent;
}
'';
};
} // error.locations;
};
}; };
}; };
} }

48
nixos/machines/robi/terranix-dendrite.nix
View file

@ -3,7 +3,8 @@ let
inherit (config.services.dendrite.settings.global) server_name; inherit (config.services.dendrite.settings.global) server_name;
nginx-vhost = "matrix.terranix.org"; matrix_host = "matrix.terranix.org";
element_host = "element.terranix.org";
element-web-terranix.org = element-web-terranix.org =
pkgs.runCommand "element-web-with-config" pkgs.runCommand "element-web-with-config"
{ {
@ -11,9 +12,9 @@ let
} '' } ''
cp -r ${pkgs.element-web} $out cp -r ${pkgs.element-web} $out
chmod -R u+w $out chmod -R u+w $out
jq '."default_server_config"."m.homeserver" = { "base_url": "https://${nginx-vhost}:443", "server_name": "${server_name}" }' \ jq '."default_server_config"."m.homeserver" = { "base_url": "https://${matrix_host}:443", "server_name": "${server_name}" }' \
> $out/config.json < ${pkgs.element-web}/config.json > $out/config.json < ${pkgs.element-web}/config.json
ln -s $out/config.json $out/config.${nginx-vhost}.json ln -s $out/config.json $out/config.${matrix_host}.json
''; '';
in in
{ {
@ -86,7 +87,37 @@ in
"matrix-server-key:${config.sops.secrets.matrix-server-key.path}" "matrix-server-key:${config.sops.secrets.matrix-server-key.path}"
]; ];
services.nginx.virtualHosts.${nginx-vhost} = { # Verify if federation works with
# https://federationtester.matrix.org/#terranix.org
services.nginx.virtualHosts.${matrix_host} = {
serverAliases = [ "terranix.org" ];
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
extraParameters = [ "default_server" ];
}
];
forceSSL = true;
enableACME = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
'';
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
};
networking.firewall.allowedTCPPorts = [ 8448 ];
networking.firewall.allowedUDPPorts = [ 8448 ];
services.nginx.virtualHosts.${element_host} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
@ -94,16 +125,7 @@ in
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600; proxy_read_timeout 600;
''; '';
locations."/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
# for remote admin access
locations."/_synapse".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
locations."/".root = element-web-terranix.org; locations."/".root = element-web-terranix.org;
}; };
services.nginx.virtualHosts.${server_name} = {
locations."= /.well-known/matrix/server".alias =
pkgs.writeText "matrix-server" (builtins.toJSON { "m.server" = "${nginx-vhost}:443"; });
locations."= /.well-known/matrix/client".alias =
pkgs.writeText "matrix-client" (builtins.toJSON { "m.homeserver".base_url = "https://${nginx-vhost}"; });
};
} }

1
terranix/terranix.org/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
terraform.tfstate*

19
terranix/terranix.org/targets/namecheap/__provider.tf Normal file
View file

@ -0,0 +1,19 @@
# Generated by Terragrunt. Sig: nIlQXj57tbuaRZEa
terraform {
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
}
}
# Namecheap API credentials
provider "namecheap" {
user_name = var.namecheap_user
api_user = var.namecheap_user
api_key = var.namecheap_api_key
}
variable "namecheap_user" {}
variable "namecheap_api_key" {}

68
terranix/terranix.org/targets/namecheap/main.tf Normal file
View file

@ -0,0 +1,68 @@
locals {
minutes = 60
hours = 60 * local.minutes
days = 24 * local.hours
normal_ttl = 12 * local.hours
short_ttl = 30 * local.minutes
very_short_ttl = 2 * local.minutes
}
resource "namecheap_domain_records" "terranix" {
domain = "terranix.org"
mode = "OVERWRITE"
email_type = "OX"
# terranix.org
record {
address = "terranix.github.io"
hostname = "@"
mx_pref = 10
ttl = local.normal_ttl
type = "CNAME"
}
# subdomain regex
record {
address = "144.76.13.147"
hostname = "*"
mx_pref = 10
ttl = local.normal_ttl
type = "A"
}
# matrix.terranix.org (needed?)
record {
address = "144.76.13.147"
hostname = "matrix"
mx_pref = 10
ttl = local.normal_ttl
type = "A"
}
# Github Challenges
record {
address = "c3fd9329fe"
hostname = "_github-challenge-terranix-org"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
record {
address = "ece2e1608cde1d7785b1315d0b0019"
hostname = "_github-pages-challenge-terranix"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
# Mail Challenges
record {
address = "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlSGd9dcuYFJ8CNAIgF/IWzKD8MlW41V4QeMgWgAQvKCW4JU2pF9IlcQGN+7IQf4PtJlzr/ClUspex58q75IZUjcLCGU0QdaqWPveQuIlS4JwgQadfNc8JtOiDlUSxMWfpROyvNyLtXUQftUvmppJDml2evo2OA5CpN7cKPzR4KcVINHlaL23m7mw9rLWWIpoxaGgp/aTi/a9m3PovUQ/lfDPrgvnmEGIc9piVO3DVE64dB/7yAZe9Jd2Qka3nwq5x3so1YPIOKXVK8G40NlyBOfPdKOeKhERuFL5zMIsLlcJd0BeLiuVqobc6DWLQMjrKDUEVnBsx2dJmhosqeG2wIDAQAB"
hostname = "default._domainkey"
mx_pref = 10
ttl = local.normal_ttl
type = "TXT"
}
}

30
terranix/terranix.org/targets/namecheap/terragrunt.hcl Normal file
View file

@ -0,0 +1,30 @@
inputs = {
namecheap_user = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/username")
namecheap_api_key = run_cmd("--terragrunt-quiet", "pass", "show", "development/namecheap.com/api-key")
}
generate "provider" {
path = "__provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
terraform {
required_providers {
namecheap = {
source = "namecheap/namecheap"
version = ">= 2.0.0"
}
}
}
# Namecheap API credentials
provider "namecheap" {
user_name = var.namecheap_user
api_user = var.namecheap_user
api_key = var.namecheap_api_key
}
variable "namecheap_user" { }
variable "namecheap_api_key" { }
EOF
}

15
treefmt.toml
View file

@ -32,4 +32,17 @@ includes = [
"*.md", "*.md",
"*.yaml", "*.yaml",
"*.yml", "*.yml",
] ]
[formatter.terragrunt]
command = "terragrunt"
options = [ "hclfmt" ]
includes = [ "*.hcl" ]
excludes = [ "*/.terraform" ]
[formatter.terraform]
command = "terraform"
options = [ "fmt" ]
includes = [ "*.tf" ]
excludes = [ "*/.terraform" ]