diff --git a/configuration/default.nix b/configuration/default.nix index 42e43ec..73ae1a3 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: { imports = [ @@ -55,21 +55,19 @@ recommendedGzipSettings = true; recommendedProxySettings = true; clientMaxBodySize = "10G"; - domain = "tlater.net"; virtualHosts = let host = port: extra: - lib.recursiveUpdate { + { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; - } extra; - domain = config.services.nginx.domain; + } // extra; in { - "${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; }; - "gitea.${domain}" = host 3000 { }; - "nextcloud.${domain}" = host 3001 { }; - "hydra.${domain}" = host config.services.hydra.port { }; + "tlater.net" = host 3002 { serverAliases = [ "www.tlater.net" ]; }; + "gitea.tlater.net" = host 3000 { }; + "nextcloud.tlater.net" = host 3001 { }; + "hydra.tlater.net" = host config.services.hydra.port { }; }; }; diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index 2258566..0abdb49 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -14,7 +14,6 @@ virtualisation.pods.gitea = { hostname = "gitea.tlater.net"; publish = [ "3000:3000" "2221:2221" ]; - network = "slirp4netns"; containers = { gitea = { @@ -27,6 +26,7 @@ DB_HOST = "gitea-postgres:5432"; DB_NAME = "gitea"; DB_USER = "gitea"; + DB_PASSWD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY="; USER_UID = toString config.users.extraUsers.gitea.uid; USER_GID = toString config.users.extraGroups.gitea.gid; @@ -42,6 +42,7 @@ environment = { POSTGRES_DB = "gitea"; POSTGRES_USER = "gitea"; + POSTGRES_PASSWORD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY="; }; volumes = [ "gitea-db-data:/var/lib/postgresql/data" ]; }; diff --git a/configuration/services/hydra.nix b/configuration/services/hydra.nix index 2321407..3b7c136 100644 --- a/configuration/services/hydra.nix +++ b/configuration/services/hydra.nix @@ -7,10 +7,5 @@ hydraURL = "hydra.tlater.net"; notificationSender = "hydra@tlater.net"; - extraConfig = '' - <gitea_authorization> - - </gitea_authorization> - ''; }; } diff --git a/configuration/services/minecraft.nix b/configuration/services/minecraft.nix index 9b77c09..c3831aa 100644 --- a/configuration/services/minecraft.nix +++ b/configuration/services/minecraft.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, ... }: let minecraft-server-args = [ @@ -52,7 +52,7 @@ let in { nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ "forge-server" ]; + builtins.elem (pkgs.lib.getName pkg) [ "forge-server" ]; virtualisation.oci-containers.containers.minecraft-voor-kia = let properties = ./configs/minecraft/voor-kia/server.properties; diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index 4b74ac7..ba1754b 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -4,7 +4,6 @@ virtualisation.pods.nextcloud = { hostname = "nextcloud.tlater.net"; publish = [ "3001:80" ]; - network = "slirp4netns"; containers = { nextcloud = { @@ -19,6 +18,7 @@ POSTGRES_DB = "nextcloud"; POSTGRES_USER = "nextcloud"; POSTGRES_HOST = "nextcloud-postgres"; + POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8="; OVERWRITEPROTOCOL = "https"; }; }; @@ -43,6 +43,7 @@ environment = { POSTGRES_DB = "nextcloud"; POSTGRES_USER = "nextcloud"; + POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8="; }; volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ]; }; diff --git a/configuration/services/webserver.nix b/configuration/services/webserver.nix index d912618..e1c396d 100644 --- a/configuration/services/webserver.nix +++ b/configuration/services/webserver.nix @@ -34,10 +34,6 @@ ports = [ "3002:3002" ]; volumes = [ "tlaternet-mail:/srv/mail" ]; - extraOptions = [ - "--hostname=tlater.net" - # This can change with rocket 0.5. - "--stop-signal=SIGKILL" - ]; + extraOptions = [ "--hostname=tlater.net" ]; }; } diff --git a/flake.lock b/flake.lock index 03e3f45..a1b77b8 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "flake-utils": { "locked": { - "lastModified": 1620759905, - "narHash": "sha256-WiyWawrgmyN0EdmiHyG2V+fqReiVi8bM9cRdMaKQOFg=", + "lastModified": 1619345332, + "narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=", "owner": "numtide", "repo": "flake-utils", - "rev": "b543720b25df6ffdfcf9227afafc5b8c1fabfae8", + "rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28", "type": "github" }, "original": { @@ -37,11 +37,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1620983891, - "narHash": "sha256-E2OKVgGo/cUqDsrIeYGVx64b4cxgzd7+bX33NHL0rbA=", + "lastModified": 1619336929, + "narHash": "sha256-joIC2D26jtSbHodR/o8r+5T9XL2hXs6NIp5mVyA4JOc=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "c4399b921fa7ff5f93ee10b3521b56b722ed74d8", + "rev": "f7540d6c27704ec0fe56ecc8b2a9b663181850b0", "type": "github" }, "original": { @@ -53,11 +53,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1621088295, - "narHash": "sha256-hn8Rk6o5nRbWK/GE+z2OK8DIDIgGxCmVkaXpNYkald0=", + "lastModified": 1619486598, + "narHash": "sha256-ZEvJ+uItcKLQ9uSjGbQFE6Euu9w1Y98x0TWydXIgHAI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "17d3dab8647a31a00d8a11433a56cc12d84b5ab4", + "rev": "d4e7af972158a14ebdd9c828b1c2e07e2ce7ef1c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index bf1c240..a9baf34 100644 --- a/flake.nix +++ b/flake.nix @@ -68,28 +68,12 @@ (import ./modules) (import ./configuration) - ({ config, lib, ... }: { + ({ ... }: { users.users.tlater.password = "insecure"; # Disable graphical tty so -curses works boot.kernelParams = [ "nomodeset" ]; - # Sets the base domain for nginx to localhost so that we - # can easily test locally with the VM. - services.nginx.domain = lib.mkOverride 99 "localhost"; - - # Hydra uses X-Forwarded-Port to figure out how to - # include links to static files, but because we redirect - # 443 -> 3443 in the vm we need to explicitly set this - # (nginx can't see qemu's port redirection). - services.nginx.virtualHosts = - let domain = config.services.nginx.domain; - in { - "hydra.${domain}".locations."/".extraConfig = '' - proxy_set_header X-Forwarded-Port 3443; - ''; - }; - # # Set up VM settings to match real VPS # virtualisation.memorySize = 3941; # virtualisation.cores = 2; diff --git a/modules/default.nix b/modules/default.nix index 1fd86fc..0bc1f1c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,12 +1,5 @@ -{ lib, ... }: - -with lib; +{ ... }: { imports = [ ./virtualisation/pods.nix ]; - - options.services.nginx.domain = mkOption { - type = types.str; - description = "The base domain name to append to virtual domain names"; - }; }