tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

Compare commits

base: tlaternet:97154256daca79cc33210536c7362cebfa1365d0
Branches Tags
tlaternet:master
tlaternet:tlater/authelia-attempt-3
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia
..
compare: tlaternet:da948178a1688ff2b1a216eedf9a513a8e8dcfa9
Branches Tags
tlaternet:tlater/authelia-attempt-3
tlaternet:master
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia

3 commits
97154256da ... da948178a1

Author SHA1 Message Date
Tristan Daniël Maat
da948178a1
feat(battery-manager): Switch to rust version 2025-02-21 04:09:35 +08:00
Tristan Daniël Maat
ee09ce5870
chore(coturn): Switch to letsencrypt certificate 2025-02-16 18:46:25 +08:00
Tristan Daniël Maat
e45478b89a
bump: Update inputs 2025-02-16 18:46:22 +08:00
8 changed files with 824 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

6
configuration/services/battery-manager.nix
View file

@ -4,9 +4,13 @@
services.batteryManager = { services.batteryManager = {
enable = true; enable = true;
battery = "3ca39300-c523-4315-b9a3-d030f85a9373";
emailFile = "${config.sops.secrets."battery-manager/email".path}"; emailFile = "${config.sops.secrets."battery-manager/email".path}";
passwordFile = "${config.sops.secrets."battery-manager/password".path}"; passwordFile = "${config.sops.secrets."battery-manager/password".path}";
settings = {
battery_id = "3ca39300-c523-4315-b9a3-d030f85a9373";
log_level = "DEBUG";
};
}; };
} }

7
configuration/services/conduit/default.nix
View file

@ -59,11 +59,8 @@ in
relay-ips = [ "116.202.158.55" ]; relay-ips = [ "116.202.158.55" ];
# SSL config # SSL config
# pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
# TODO(tlater): Switch to letsencrypt once google fix: cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
# https://github.com/vector-im/element-android/issues/1533
pkey = config.sops.secrets."turn/ssl-key".path;
cert = config.sops.secrets."turn/ssl-cert".path;
# Based on suggestions from # Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md # https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md

11
configuration/sops.nix
View file

@ -1,18 +1,11 @@
{ config, lib, ... }:
{ {
sops = { sops = {
defaultSopsFile = ../keys/production.yaml; defaultSopsFile = ../keys/production.yaml;
secrets = { secrets = {
"battery-manager/email" = lib.mkIf config.services.batteryManager.enable { "battery-manager/email" = { };
owner = "battery-manager";
group = "battery-manager";
};
"battery-manager/password" = lib.mkIf config.services.batteryManager.enable { "battery-manager/password" = { };
owner = "battery-manager";
group = "battery-manager";
};
# Gitea # Gitea
"forgejo/metrics-token" = { "forgejo/metrics-token" = {

887
flake.lock generated
View file

File diff suppressed because it is too large Load diff

5
flake.nix
View file

@ -23,11 +23,9 @@
}; };
sonnenshift = { sonnenshift = {
url = "git+ssh://git@github.com/sonnenshift/battery-manager"; url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec";
}; };
outputs = outputs =
@ -106,7 +104,6 @@
in in
{ {
default = vm.config.system.build.vm; default = vm.config.system.build.vm;
crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { };
crowdsec-hub = localPkgs.crowdsec.hub; crowdsec-hub = localPkgs.crowdsec.hub;
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer; crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
}; };

9
modules/crowdsec/default.nix
View file

@ -1,5 +1,4 @@
{ {
flake-inputs,
pkgs, pkgs,
lib, lib,
config, config,
@ -9,8 +8,6 @@ let
cfg = config.security.crowdsec; cfg = config.security.crowdsec;
settingsFormat = pkgs.formats.yaml { }; settingsFormat = pkgs.formats.yaml { };
crowdsec = flake-inputs.self.packages.${pkgs.system}.crowdsec;
hub = pkgs.fetchFromGitHub { hub = pkgs.fetchFromGitHub {
owner = "crowdsecurity"; owner = "crowdsecurity";
repo = "hub"; repo = "hub";
@ -19,14 +16,14 @@ let
}; };
cscli = pkgs.writeShellScriptBin "cscli" '' cscli = pkgs.writeShellScriptBin "cscli" ''
export PATH="$PATH:${crowdsec}/bin/" export PATH="$PATH:${cfg.package}/bin/"
sudo=exec sudo=exec
if [ "$USER" != "crowdsec" ]; then if [ "$USER" != "crowdsec" ]; then
sudo='exec /run/wrappers/bin/sudo -u crowdsec' sudo='exec /run/wrappers/bin/sudo -u crowdsec'
fi fi
$sudo ${crowdsec}/bin/cscli "$@" $sudo ${cfg.package}/bin/cscli "$@"
''; '';
acquisitions = '' acquisitions = ''
@ -53,7 +50,7 @@ in
package = lib.mkOption { package = lib.mkOption {
type = package; type = package;
default = crowdsec; default = pkgs.crowdsec;
}; };
stateDirectory = lib.mkOption { stateDirectory = lib.mkOption {

8
pkgs/crowdsec/_sources/generated.json
View file

@ -21,7 +21,7 @@
}, },
"crowdsec-hub": { "crowdsec-hub": {
"cargoLocks": null, "cargoLocks": null,
"date": "2025-01-30", "date": "2025-02-16",
"extract": null, "extract": null,
"name": "crowdsec-hub", "name": "crowdsec-hub",
"passthru": null, "passthru": null,
@ -33,10 +33,10 @@
"name": null, "name": null,
"owner": "crowdsecurity", "owner": "crowdsecurity",
"repo": "hub", "repo": "hub",
"rev": "8f102f5ac79af59d3024ca2771b65ec87411ac02", "rev": "f7d7f476f88a4af05e1cfb3994536990adecfb57",
"sha256": "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=", "sha256": "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=",
"type": "github" "type": "github"
}, },
"version": "8f102f5ac79af59d3024ca2771b65ec87411ac02" "version": "f7d7f476f88a4af05e1cfb3994536990adecfb57"
} }
} }

8
pkgs/crowdsec/_sources/generated.nix
View file

@ -14,14 +14,14 @@
}; };
crowdsec-hub = { crowdsec-hub = {
pname = "crowdsec-hub"; pname = "crowdsec-hub";
version = "8f102f5ac79af59d3024ca2771b65ec87411ac02"; version = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "crowdsecurity"; owner = "crowdsecurity";
repo = "hub"; repo = "hub";
rev = "8f102f5ac79af59d3024ca2771b65ec87411ac02"; rev = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
fetchSubmodules = false; fetchSubmodules = false;
sha256 = "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo="; sha256 = "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=";
}; };
date = "2025-01-30"; date = "2025-02-16";
}; };
} }