tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 10 Pull requests Activity

Compare commits

base: tlaternet:97154256daca79cc33210536c7362cebfa1365d0
Branches Tags
tlaternet:master
tlaternet:tlater/authelia-attempt-3
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia
..
compare: tlaternet:da948178a1688ff2b1a216eedf9a513a8e8dcfa9
Branches Tags
tlaternet:tlater/authelia-attempt-3
tlaternet:master
tlaternet:tlater/coturn-disable
tlaternet:tlater/authelia-2
tlaternet:tlater/crowdsec-whitelists
tlaternet:tlater/authelia

3 commits
97154256da ... da948178a1

Author SHA1 Message Date
Tristan Daniël Maat
da948178a1
feat(battery-manager): Switch to rust version 2025-02-21 04:09:35 +08:00
Tristan Daniël Maat
ee09ce5870
chore(coturn): Switch to letsencrypt certificate 2025-02-16 18:46:25 +08:00
Tristan Daniël Maat
e45478b89a
bump: Update inputs 2025-02-16 18:46:22 +08:00
8 changed files with 824 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

6
configuration/services/battery-manager.nix
View file

@ -4,9 +4,13 @@
services.batteryManager = {
enable = true;
battery = "3ca39300-c523-4315-b9a3-d030f85a9373";
emailFile = "${config.sops.secrets."battery-manager/email".path}";
passwordFile = "${config.sops.secrets."battery-manager/password".path}";
settings = {
battery_id = "3ca39300-c523-4315-b9a3-d030f85a9373";
log_level = "DEBUG";
};
};
}

7
configuration/services/conduit/default.nix
View file

@ -59,11 +59,8 @@ in
relay-ips = [ "116.202.158.55" ];
# SSL config
#
# TODO(tlater): Switch to letsencrypt once google fix:
# https://github.com/vector-im/element-android/issues/1533
pkey = config.sops.secrets."turn/ssl-key".path;
cert = config.sops.secrets."turn/ssl-cert".path;
pkey = "${config.security.acme.certs."tlater.net".directory}/key.pem";
cert = "${config.security.acme.certs."tlater.net".directory}/fullchain.pem";
# Based on suggestions from
# https://github.com/matrix-org/synapse/blob/develop/docs/turn-howto.md

11
configuration/sops.nix
View file

@ -1,18 +1,11 @@
{ config, lib, ... }:
{
sops = {
defaultSopsFile = ../keys/production.yaml;
secrets = {
"battery-manager/email" = lib.mkIf config.services.batteryManager.enable {
owner = "battery-manager";
group = "battery-manager";
};
"battery-manager/email" = { };
"battery-manager/password" = lib.mkIf config.services.batteryManager.enable {
owner = "battery-manager";
group = "battery-manager";
};
"battery-manager/password" = { };
# Gitea
"forgejo/metrics-token" = {

887
flake.lock generated
View file

File diff suppressed because it is too large Load diff

5
flake.nix
View file

@ -23,11 +23,9 @@
};
sonnenshift = {
url = "git+ssh://git@github.com/sonnenshift/battery-manager";
url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-crowdsec.url = "github:tlater/nixpkgs/tlater/fix-crowdsec";
};
outputs =
@ -106,7 +104,6 @@
in
{
default = vm.config.system.build.vm;
crowdsec = pkgs.callPackage "${inputs.nixpkgs-crowdsec}/pkgs/by-name/cr/crowdsec/package.nix" { };
crowdsec-hub = localPkgs.crowdsec.hub;
crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
};

9
modules/crowdsec/default.nix
View file

@ -1,5 +1,4 @@
{
flake-inputs,
pkgs,
lib,
config,
@ -9,8 +8,6 @@ let
cfg = config.security.crowdsec;
settingsFormat = pkgs.formats.yaml { };
crowdsec = flake-inputs.self.packages.${pkgs.system}.crowdsec;
hub = pkgs.fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
@ -19,14 +16,14 @@ let
};
cscli = pkgs.writeShellScriptBin "cscli" ''
export PATH="$PATH:${crowdsec}/bin/"
export PATH="$PATH:${cfg.package}/bin/"
sudo=exec
if [ "$USER" != "crowdsec" ]; then
sudo='exec /run/wrappers/bin/sudo -u crowdsec'
fi
$sudo ${crowdsec}/bin/cscli "$@"
$sudo ${cfg.package}/bin/cscli "$@"
'';
acquisitions = ''
@ -53,7 +50,7 @@ in
package = lib.mkOption {
type = package;
default = crowdsec;
default = pkgs.crowdsec;
};
stateDirectory = lib.mkOption {

8
pkgs/crowdsec/_sources/generated.json
View file

@ -21,7 +21,7 @@
},
"crowdsec-hub": {
"cargoLocks": null,
"date": "2025-01-30",
"date": "2025-02-16",
"extract": null,
"name": "crowdsec-hub",
"passthru": null,
@ -33,10 +33,10 @@
"name": null,
"owner": "crowdsecurity",
"repo": "hub",
"rev": "8f102f5ac79af59d3024ca2771b65ec87411ac02",
"sha256": "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=",
"rev": "f7d7f476f88a4af05e1cfb3994536990adecfb57",
"sha256": "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=",
"type": "github"
},
"version": "8f102f5ac79af59d3024ca2771b65ec87411ac02"
"version": "f7d7f476f88a4af05e1cfb3994536990adecfb57"
}
}

8
pkgs/crowdsec/_sources/generated.nix
View file

@ -14,14 +14,14 @@
};
crowdsec-hub = {
pname = "crowdsec-hub";
version = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
version = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
src = fetchFromGitHub {
owner = "crowdsecurity";
repo = "hub";
rev = "8f102f5ac79af59d3024ca2771b65ec87411ac02";
rev = "f7d7f476f88a4af05e1cfb3994536990adecfb57";
fetchSubmodules = false;
sha256 = "sha256-8K1HkBg0++Au1dr2KMrl9b2ruqXdo+vqWngOCwL11Mo=";
sha256 = "sha256-m78uipryHDKixJzrF4K59ioAJ3WJN1JlXEC0DNVMCJ8=";
};
date = "2025-01-30";
date = "2025-02-16";
};
}