Compare commits

..

2 commits

5 changed files with 104 additions and 19 deletions

View file

@ -8,6 +8,7 @@
"${modulesPath}/profiles/headless.nix"
(import ../modules)
./services/conduit.nix
./services/gitea.nix
./services/nextcloud.nix
./services/webserver.nix
@ -49,7 +50,17 @@
useDHCP = false;
interfaces.eth0.useDHCP = true;
firewall.allowedTCPPorts = [80 443 2222 21025];
firewall.allowedTCPPorts = [
# http
80
443
# ssh
2222
# matrix
8448
# starbound
21025
];
};
time.timeZone = "Europe/London";

View file

@ -0,0 +1,53 @@
{config, ...}: let
cfg = config.services.matrix-conduit;
domain = "matrix.${config.services.nginx.domain}";
in {
services.matrix-conduit = {
enable = true;
settings.global = {
address = "127.0.0.1";
server_name = domain;
database_backend = "rocksdb";
};
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "[::0]";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
{
addr = "[::0]";
port = 8488;
ssl = true;
}
];
addSSL = true;
extraConfig = ''
merge_slashes off;
'';
locations."/_matrix" = {
proxyPass = "http://${cfg.settings.global.address}:${toString cfg.settings.global.port}";
# Recommended by conduit
extraConfig = ''
proxy_buffering off;
'';
};
};
}

View file

@ -289,6 +289,22 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1666424192,
"narHash": "sha256-rb/a7Kg9s31jqkvdOQHFrUc5ig5kB+O2ZKB8mjU2kW8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4f8287f3d597c73b0d706cfad028c2d51821f64d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1665466769,
@ -390,6 +406,7 @@
"inputs": {
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nvfetcher": "nvfetcher",
"sops-nix": "sops-nix",
"tlaternet-webserver": "tlaternet-webserver"

View file

@ -3,6 +3,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
sops-nix = {
url = "github:Mic92/sops-nix";
@ -21,6 +22,7 @@
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
sops-nix,
nvfetcher,
deploy-rs,
@ -66,7 +68,7 @@
# Helper functions #
####################
lib = import ./lib {
inherit nixpkgs sops-nix tlaternet-webserver;
inherit nixpkgs nixpkgs-unstable sops-nix tlaternet-webserver;
lib = nixpkgs.lib;
};
@ -86,6 +88,7 @@
"2222" = "2222";
"3080" = "80";
"3443" = "443";
"8448" = "8448"; # Matrix
"21025" = "21025"; # Starbound
};
in {
@ -111,23 +114,16 @@
###########################
# Development environment #
###########################
devShells.${system}.default = let
inherit (sops-nix.packages.${system}) sops-import-keys-hook sops-init-gpg-key;
deploy-rs-bin = deploy-rs.packages.${system}.default;
pkgs = nixpkgs.legacyPackages.${system};
in
nixpkgs.legacyPackages.${system}.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = [
sops-import-keys-hook
];
devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
sopsPGPKeyDirs = ["./keys/hosts/" "./keys/users/"];
nativeBuildInputs = [
sops-nix.packages.${system}.sops-import-keys-hook
];
packages = with pkgs; [
nixfmt
git-lfs
sops-init-gpg-key
deploy-rs-bin
];
};
packages = [
sops-nix.packages.${system}.sops-init-gpg-key
deploy-rs.packages.${system}.default
];
};
};
}

View file

@ -1,6 +1,7 @@
{
lib,
nixpkgs,
nixpkgs-unstable,
sops-nix,
tlaternet-webserver,
}: let
@ -24,6 +25,13 @@ in {
sops-nix.nixosModules.sops
tlaternet-webserver.nixosModules.default
(import ../configuration)
{
nixpkgs.overlays = [
(self: super: {
matrix-conduit = nixpkgs-unstable.legacyPackages.${system}.matrix-conduit;
})
];
}
]
++ extraModules;
};