Compare commits
2 commits
bec05bafb1
...
c56de6cf7e
Author | SHA1 | Date | |
---|---|---|---|
Tristan Daniël Maat | c56de6cf7e | ||
Tristan Daniël Maat | 3e13b575b0 |
|
@ -8,6 +8,7 @@
|
|||
"${modulesPath}/profiles/headless.nix"
|
||||
(import ../modules)
|
||||
|
||||
./services/conduit.nix
|
||||
./services/gitea.nix
|
||||
./services/nextcloud.nix
|
||||
./services/webserver.nix
|
||||
|
@ -49,7 +50,17 @@
|
|||
useDHCP = false;
|
||||
interfaces.eth0.useDHCP = true;
|
||||
|
||||
firewall.allowedTCPPorts = [80 443 2222 21025];
|
||||
firewall.allowedTCPPorts = [
|
||||
# http
|
||||
80
|
||||
443
|
||||
# ssh
|
||||
2222
|
||||
# matrix
|
||||
8448
|
||||
# starbound
|
||||
21025
|
||||
];
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
|
53
configuration/services/conduit.nix
Normal file
53
configuration/services/conduit.nix
Normal file
|
@ -0,0 +1,53 @@
|
|||
{config, ...}: let
|
||||
cfg = config.services.matrix-conduit;
|
||||
domain = "matrix.${config.services.nginx.domain}";
|
||||
in {
|
||||
services.matrix-conduit = {
|
||||
enable = true;
|
||||
settings.global = {
|
||||
address = "127.0.0.1";
|
||||
server_name = domain;
|
||||
database_backend = "rocksdb";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::0]";
|
||||
port = 443;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8448;
|
||||
ssl = true;
|
||||
}
|
||||
{
|
||||
addr = "[::0]";
|
||||
port = 8488;
|
||||
ssl = true;
|
||||
}
|
||||
];
|
||||
|
||||
addSSL = true;
|
||||
extraConfig = ''
|
||||
merge_slashes off;
|
||||
'';
|
||||
|
||||
locations."/_matrix" = {
|
||||
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
|
||||
# Recommended by conduit
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
17
flake.lock
17
flake.lock
|
@ -289,6 +289,22 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1666424192,
|
||||
"narHash": "sha256-rb/a7Kg9s31jqkvdOQHFrUc5ig5kB+O2ZKB8mjU2kW8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4f8287f3d597c73b0d706cfad028c2d51821f64d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1665466769,
|
||||
|
@ -390,6 +406,7 @@
|
|||
"inputs": {
|
||||
"deploy-rs": "deploy-rs",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nvfetcher": "nvfetcher",
|
||||
"sops-nix": "sops-nix",
|
||||
"tlaternet-webserver": "tlaternet-webserver"
|
||||
|
|
32
flake.nix
32
flake.nix
|
@ -3,6 +3,7 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
|
@ -21,6 +22,7 @@
|
|||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
nixpkgs-unstable,
|
||||
sops-nix,
|
||||
nvfetcher,
|
||||
deploy-rs,
|
||||
|
@ -66,7 +68,7 @@
|
|||
# Helper functions #
|
||||
####################
|
||||
lib = import ./lib {
|
||||
inherit nixpkgs sops-nix tlaternet-webserver;
|
||||
inherit nixpkgs nixpkgs-unstable sops-nix tlaternet-webserver;
|
||||
lib = nixpkgs.lib;
|
||||
};
|
||||
|
||||
|
@ -86,6 +88,7 @@
|
|||
"2222" = "2222";
|
||||
"3080" = "80";
|
||||
"3443" = "443";
|
||||
"8448" = "8448"; # Matrix
|
||||
"21025" = "21025"; # Starbound
|
||||
};
|
||||
in {
|
||||
|
@ -111,23 +114,16 @@
|
|||
###########################
|
||||
# Development environment #
|
||||
###########################
|
||||
devShells.${system}.default = let
|
||||
inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key;
|
||||
deploy-rs-bin = deploy-rs.packages.${system}.default;
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
in
|
||||
nixpkgs.legacyPackages.${system}.mkShell {
|
||||
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
||||
nativeBuildInputs = [
|
||||
sops-import-keys-hook
|
||||
];
|
||||
devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
|
||||
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
|
||||
nativeBuildInputs = [
|
||||
sops-nix.packages.${system}.sops-import-keys-hook
|
||||
];
|
||||
|
||||
packages = with pkgs; [
|
||||
nixfmt
|
||||
git-lfs
|
||||
sops-init-gpg-key
|
||||
deploy-rs-bin
|
||||
];
|
||||
};
|
||||
packages = [
|
||||
sops-nix.packages.${system}.sops-init-gpg-key
|
||||
deploy-rs.packages.${system}.default
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
lib,
|
||||
nixpkgs,
|
||||
nixpkgs-unstable,
|
||||
sops-nix,
|
||||
tlaternet-webserver,
|
||||
}: let
|
||||
|
@ -24,6 +25,13 @@ in {
|
|||
sops-nix.nixosModules.sops
|
||||
tlaternet-webserver.nixosModules.default
|
||||
(import ../configuration)
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
matrix-conduit = nixpkgs-unstable.legacyPackages.${system}.matrix-conduit;
|
||||
})
|
||||
];
|
||||
}
|
||||
]
|
||||
++ extraModules;
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue