tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

Compare commits

base: tlaternet:f2916b84d81482b0811d55b3f34418e338fb7e7b
Branches Tags
tlaternet:master
tlaternet:tlater/with-minecraft
tlaternet:tlater/nixpkgs-formatting
tlaternet:tlater/authelia
..
compare: tlaternet:7c65e7ad020b85a160baa258aec0cf808e91696d
Branches Tags
tlaternet:tlater/with-minecraft
tlaternet:master
tlaternet:tlater/nixpkgs-formatting
tlaternet:tlater/authelia

7 commits
f2916b84d8 ... 7c65e7ad02

Author SHA1 Message Date
Tristan Daniël Maat 7c65e7ad02
WIP: podman: Configure auto-updates 2021-05-17 00:35:54 +01:00
Tristan Daniël Maat 4c94932490
webserver: Use SIGKILL instead of SIGTERM 2021-05-17 00:18:51 +01:00
Tristan Daniël Maat 343c7fcc36
nginx: Don't override extra options in the host helper 2021-05-17 00:13:58 +01:00
Tristan Daniël Maat 5f8899d542
nginx: Make VM testing easier by binding virtualHosts to localhost 2021-05-17 00:13:38 +01:00
Tristan Daniël Maat b8bf3bd3a2
minecraft: Clean up use of pkgs.lib 2021-05-17 00:13:28 +01:00
Tristan Daniël Maat 458f6c7f7b
nginx: Avoid connection issues caused by IPv6 resolution 
If localhost is specified in the proxyPass url, nginx will happily
resolve IPv6 addresses, even if the upstream doesn't support them.

This can result in connection issues, especially with containers that
don't support IPv6.
 2021-05-16 01:34:03 +01:00
Tristan Daniël Maat 517f4f0080
postgres: Get rid of password authentication 
Podman pods make this obsolete; though we need to explicitly set
slirp4netns, otherwise podman will not create private network
namespaces for the pods.
 2021-05-16 00:40:09 +01:00
7 changed files with 31 additions and 16 deletions
Show stats Expand all files Collapse all files

16
configuration/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
{ {
imports = [ imports = [
@ -54,18 +54,20 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
clientMaxBodySize = "10G"; clientMaxBodySize = "10G";
domain = "tlater.net";
virtualHosts = let virtualHosts = let
host = port: extra: host = port: extra:
{ lib.recursiveUpdate {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { proxyPass = "http://localhost:${toString port}"; }; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
} // extra; } extra;
domain = config.services.nginx.domain;
in { in {
"tlater.net" = host 3002 { serverAliases = [ "www.tlater.net" ]; }; "${domain}" = host 3002 { serverAliases = [ "www.${domain}" ]; };
"gitea.tlater.net" = host 3000 { }; "gitea.${domain}" = host 3000 { };
"nextcloud.tlater.net" = host 3001 { }; "nextcloud.${domain}" = host 3001 { };
}; };
}; };

3
configuration/services/gitea.nix
View file

@ -14,6 +14,7 @@
virtualisation.pods.gitea = { virtualisation.pods.gitea = {
hostname = "gitea.tlater.net"; hostname = "gitea.tlater.net";
publish = [ "3000:3000" "2221:2221" ]; publish = [ "3000:3000" "2221:2221" ];
network = "slirp4netns";
containers = { containers = {
gitea = { gitea = {
@ -26,7 +27,6 @@
DB_HOST = "gitea-postgres:5432"; DB_HOST = "gitea-postgres:5432";
DB_NAME = "gitea"; DB_NAME = "gitea";
DB_USER = "gitea"; DB_USER = "gitea";
DB_PASSWD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
USER_UID = toString config.users.extraUsers.gitea.uid; USER_UID = toString config.users.extraUsers.gitea.uid;
USER_GID = toString config.users.extraGroups.gitea.gid; USER_GID = toString config.users.extraGroups.gitea.gid;
@ -47,7 +47,6 @@
environment = { environment = {
POSTGRES_DB = "gitea"; POSTGRES_DB = "gitea";
POSTGRES_USER = "gitea"; POSTGRES_USER = "gitea";
POSTGRES_PASSWORD = "/qNDDK9WCMuubfA7D8DFwfl9T+Gy2IMDvPhiNpcxZjY=";
}; };
volumes = [ "gitea-db-data:/var/lib/postgresql/data" ]; volumes = [ "gitea-db-data:/var/lib/postgresql/data" ];
}; };

4
configuration/services/minecraft.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
minecraft-server-args = [ minecraft-server-args = [
@ -52,7 +52,7 @@ let
in { in {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (pkgs.lib.getName pkg) [ "forge-server" ]; builtins.elem (lib.getName pkg) [ "forge-server" ];
virtualisation.oci-containers.containers.minecraft-voor-kia = let virtualisation.oci-containers.containers.minecraft-voor-kia = let
properties = ./configs/minecraft/voor-kia/server.properties; properties = ./configs/minecraft/voor-kia/server.properties;

3
configuration/services/nextcloud.nix
View file

@ -4,6 +4,7 @@
virtualisation.pods.nextcloud = { virtualisation.pods.nextcloud = {
hostname = "nextcloud.tlater.net"; hostname = "nextcloud.tlater.net";
publish = [ "3001:80" ]; publish = [ "3001:80" ];
network = "slirp4netns";
containers = { containers = {
nextcloud = { nextcloud = {
@ -18,7 +19,6 @@
POSTGRES_DB = "nextcloud"; POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud"; POSTGRES_USER = "nextcloud";
POSTGRES_HOST = "nextcloud-postgres"; POSTGRES_HOST = "nextcloud-postgres";
POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
OVERWRITEPROTOCOL = "https"; OVERWRITEPROTOCOL = "https";
}; };
}; };
@ -43,7 +43,6 @@
environment = { environment = {
POSTGRES_DB = "nextcloud"; POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud"; POSTGRES_USER = "nextcloud";
POSTGRES_PASSWORD = "rI7t7Nek1yGA9ucrRc7Uhy0jcjwPjnXa8me4o8tJON8=";
}; };
volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ]; volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ];
}; };

6
configuration/services/webserver.nix
View file

@ -34,6 +34,10 @@
ports = [ "3002:3002" ]; ports = [ "3002:3002" ];
volumes = [ "tlaternet-mail:/srv/mail" ]; volumes = [ "tlaternet-mail:/srv/mail" ];
extraOptions = [ "--hostname=tlater.net" ]; extraOptions = [
"--hostname=tlater.net"
# Rocket 0.4 doesn't support SIGTERM anyway, so SIGKILL is the cleanest exit possible.
"--stop-signal=SIGKILL"
];
}; };
} }

6
flake.nix
View file

@ -68,12 +68,16 @@
(import ./modules) (import ./modules)
(import ./configuration) (import ./configuration)
({ ... }: { ({ lib, ... }: {
users.users.tlater.password = "insecure"; users.users.tlater.password = "insecure";
# Disable graphical tty so -curses works # Disable graphical tty so -curses works
boot.kernelParams = [ "nomodeset" ]; boot.kernelParams = [ "nomodeset" ];
# Sets the base domain for nginx to localhost so that we
# can easily test locally with the VM.
services.nginx.domain = lib.mkOverride 99 "localhost";
# # Set up VM settings to match real VPS # # Set up VM settings to match real VPS
# virtualisation.memorySize = 3941; # virtualisation.memorySize = 3941;
# virtualisation.cores = 2; # virtualisation.cores = 2;

9
modules/default.nix
View file

@ -1,5 +1,12 @@
{ ... }: { lib, ... }:
with lib;
{ {
imports = [ ./virtualisation/pods.nix ./virtualisation/oci-containers.nix ]; imports = [ ./virtualisation/pods.nix ./virtualisation/oci-containers.nix ];
options.services.nginx.domain = mkOption {
type = types.str;
description = "The base domain name to append to virtual domain names";
};
} }