Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Fix server config

Browse source
This commit is contained in:
DashieTM 2024-08-04 15:12:59 +02:00
parent 75292c920c
commit 14b1bb6b0d
2 changed files with 21 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -70,7 +70,7 @@
in in
{ {
nixosConfigurations = (dashielib.build_systems [ "marmo" "overheating" "spaceship" ]) // { nixosConfigurations = (dashielib.build_systems [ "marmo" "overheating" "spaceship" ]) // {
server = { server = inputs.stable.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs; pkgs = stable; inherit inputs; pkgs = stable;
}; };

59
hardware/server/configuration.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
nextcloud_pw = (config.sops.secrets.nextcloud_server.path); nextcloud_pw = (builtins.readFile ./nextcloud);
forgejo_pw = (config.sops.secrets.forgejo_server.path); forgejo_pw = (builtins.readFile ./dbpw/forgejo);
matrix_pw = (config.sops.secrets.matrix_server.path); matrix_pw = (builtins.readFile ./dbpw/matrix-synapse);
mautrix_signal_pw = (config.sops.secrets.mautrix_signal_server.path); mautrix_signal_pw = (builtins.readFile ./dbpw/mautrix_signal);
mautrix_whatsapp_pw = (config.sops.secrets.mautrix_whatsapp_server.path); mautrix_whatsapp_pw = (builtins.readFile ./dbpw/mautrix_whatsapp);
mautrix_discord_pw = (config.sops.secrets.mautrix_discord_server.path); mautrix_discord_pw = (builtins.readFile ./dbpw/mautrix_discord);
fqdn = "matrix.${config.networking.domain}"; fqdn = "matrix.${config.networking.domain}";
baseUrl = "https://${fqdn}"; baseUrl = "https://${fqdn}";
@ -18,7 +18,7 @@ let
''; '';
in in
{ {
networking.hostName = "server"; networking.hostName = "dashie";
networking.domain = "dashie.org"; networking.domain = "dashie.org";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -26,27 +26,11 @@ in
./mautrix-discord.nix ./mautrix-discord.nix
]; ];
sops = {
gnupg = {
home = "~/.gnupg";
sshKeyPaths = [ ];
};
defaultSopsFile = ../../secrets/secrets.yaml;
secrets.nextcloud_server = { };
secrets.nextcloud_admin = { };
secrets.forgejo_server = { };
secrets.matrix_server = { };
secrets.mautrix_signal_server = { };
secrets.mautrix_whatsapp_server = { };
secrets.mautrix_discord_server = { };
};
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "ntfs" ]; boot.supportedFilesystems = [ "ntfs" ];
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Zurich"; time.timeZone = "Europe/Zurich";
@ -78,7 +62,7 @@ in
server_name = "matrix.dashie.org"; server_name = "matrix.dashie.org";
database.name = "psycopg2"; database.name = "psycopg2";
database.args.user = "matrix-synapse"; database.args.user = "matrix-synapse";
database.args.passfile = "${matrix_pw}"; database.args.password = "${matrix_pw}";
public_baseurl = "https://matrix.dashie.org"; public_baseurl = "https://matrix.dashie.org";
enable_registration = true; enable_registration = true;
enable_registration_without_verification = true; enable_registration_without_verification = true;
@ -105,7 +89,7 @@ in
id = "whatsapp"; id = "whatsapp";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&passfile=${mautrix_whatsapp_pw}"; uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}";
}; };
}; };
bridge = { bridge = {
@ -126,7 +110,7 @@ in
id = "signal"; id = "signal";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&passfile=${mautrix_signal_pw}"; uri = "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}";
}; };
}; };
bridge = { bridge = {
@ -147,7 +131,7 @@ in
id = "discord"; id = "discord";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&passfile=${mautrix_discord_pw}"; uri = "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}";
}; };
}; };
bridge = { bridge = {
@ -198,10 +182,8 @@ in
}; };
services.nginx.virtualHosts."matrix.dashie.org" = { services.nginx.virtualHosts."matrix.dashie.org" = {
#addSSL = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
#locations."*" = {
locations."/".extraConfig = '' locations."/".extraConfig = ''
return 404; return 404;
''; '';
@ -224,12 +206,12 @@ in
services.nextcloud.hostName = "cloud.dashie.org"; services.nextcloud.hostName = "cloud.dashie.org";
services.nextcloud.https = true; services.nextcloud.https = true;
services.nextcloud.config = { services.nextcloud.config = {
adminpassFile = "${config.sops.nextcloud_admin.path}"; adminpassFile = "/etc/nixos/file2";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbhost = "/run/postgresql"; dbhost = "/run/postgresql";
dbname = "nextcloud"; dbname = "nextcloud";
dbtype = "pgsql"; dbtype = "pgsql";
dbpassFile = "${config.sops.secrets.nextcloud_server.path}"; dbpassFile = "/etc/nixos/nextcloud";
}; };
services.nextcloud.settings = { services.nextcloud.settings = {
port = 12001; port = 12001;
@ -237,7 +219,7 @@ in
}; };
services.forgejo = { services.forgejo = {
enable = true; enable = true;
database.passwordFile = "${forgejo_pw}"; database.passwordFile = ./dbpw/forgejo;
settings = { settings = {
server.DOMAIN = "git.dashie.org"; server.DOMAIN = "git.dashie.org";
server.SSH_PORT = 12008; server.SSH_PORT = 12008;
@ -264,27 +246,27 @@ in
''; '';
initialScript = pkgs.writeText "backend-initScript" '' initialScript = pkgs.writeText "backend-initScript" ''
CREATE DATABASE nextcloud; CREATE DATABASE nextcloud;
CREATE USER nextcloud WITH ENCRYPTED PASSWORD pg_read_file(${nextcloud_pw}); CREATE USER nextcloud WITH ENCRYPTED PASSWORD '${nextcloud_pw}';
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud; GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE DATABASE forgejo; CREATE DATABASE forgejo;
CREATE USER forgejo WITH ENCRYPTED PASSWORD pg_read_file(${forgejo_pw}); CREATE USER forgejo WITH ENCRYPTED PASSWORD '${forgejo_pw}';
GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo; GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo;
CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD pg_read_file(${matrix_pw}) CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD '${matrix_pw}'
SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"' SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec
CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD pg_read_file(${mautrix_whatsapp_pw}) CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD '${mautrix_whatsapp_pw}'
SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"' SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec
CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD 'pg_read_file(${mautrix_signal_pw}) CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD '${mautrix_signal_pw}'
SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"' SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec
CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD 'pg_read_file(${mautrix_discord_pw}) CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD '${mautrix_discord_pw}'
SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"' SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec
''; '';
@ -342,4 +324,3 @@ in
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
system.stateVersion = "24.05"; system.stateVersion = "24.05";
} }