Xetibo/DashNix
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Add sops modules to server

Browse source
This commit is contained in:
DashieTM 2024-08-04 14:29:34 +02:00
parent 8ee4ea7fe1
commit 75292c920c
2 changed files with 19 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -75,6 +75,7 @@
inherit inputs; pkgs = stable; inherit inputs; pkgs = stable;
}; };
modules = [ modules = [
inputs.sops-nix.nixosModules.sops
./hardware/server/configuration.nix ./hardware/server/configuration.nix
]; ];
}; };

36
hardware/server/configuration.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
nextcloud_pw = (builtins.readFile config.sops.secrets.nextcloud_server.path); nextcloud_pw = (config.sops.secrets.nextcloud_server.path);
forgejo_pw = (builtins.readFile config.sops.secrets.forgejo_server.path); forgejo_pw = (config.sops.secrets.forgejo_server.path);
matrix_pw = (builtins.readFile config.sops.secrets.matrix_server.path); matrix_pw = (config.sops.secrets.matrix_server.path);
mautrix_signal_pw = (builtins.readFile config.sops.secrets.mautrix_signal_server.path); mautrix_signal_pw = (config.sops.secrets.mautrix_signal_server.path);
mautrix_whatsapp_pw = (builtins.readFile config.sops.secrets.mautrix_whatsapp_server.path); mautrix_whatsapp_pw = (config.sops.secrets.mautrix_whatsapp_server.path);
mautrix_discord_pw = (builtins.readFile config.sops.secrets.mautrix_discord_server.path); mautrix_discord_pw = (config.sops.secrets.mautrix_discord_server.path);
fqdn = "matrix.${config.networking.domain}"; fqdn = "matrix.${config.networking.domain}";
baseUrl = "https://${fqdn}"; baseUrl = "https://${fqdn}";
@ -18,7 +18,7 @@ let
''; '';
in in
{ {
networking.hostName = "dashie"; networking.hostName = "server";
networking.domain = "dashie.org"; networking.domain = "dashie.org";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -78,7 +78,7 @@ in
server_name = "matrix.dashie.org"; server_name = "matrix.dashie.org";
database.name = "psycopg2"; database.name = "psycopg2";
database.args.user = "matrix-synapse"; database.args.user = "matrix-synapse";
database.args.password = "${matrix_pw}"; database.args.passfile = "${matrix_pw}";
public_baseurl = "https://matrix.dashie.org"; public_baseurl = "https://matrix.dashie.org";
enable_registration = true; enable_registration = true;
enable_registration_without_verification = true; enable_registration_without_verification = true;
@ -105,7 +105,7 @@ in
id = "whatsapp"; id = "whatsapp";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&password=${mautrix_whatsapp_pw}"; uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql&sslmode=disable&user=mautrix_whatsapp&passfile=${mautrix_whatsapp_pw}";
}; };
}; };
bridge = { bridge = {
@ -126,7 +126,7 @@ in
id = "signal"; id = "signal";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&password=${mautrix_signal_pw}"; uri = "postgresql:///mautrix_signal?host=/run/postgresql&sslmode=disable&user=mautrix_signal&passfile=${mautrix_signal_pw}";
}; };
}; };
bridge = { bridge = {
@ -147,7 +147,7 @@ in
id = "discord"; id = "discord";
database = { database = {
type = "postgres"; type = "postgres";
uri = "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&password=${mautrix_discord_pw}"; uri = "postgresql:///mautrix_discord?host=/run/postgresql&sslmode=disable&user=mautrix_discord&passfile=${mautrix_discord_pw}";
}; };
}; };
bridge = { bridge = {
@ -237,7 +237,7 @@ in
}; };
services.forgejo = { services.forgejo = {
enable = true; enable = true;
database.passwordFile = ./dbpw/forgejo; database.passwordFile = "${forgejo_pw}";
settings = { settings = {
server.DOMAIN = "git.dashie.org"; server.DOMAIN = "git.dashie.org";
server.SSH_PORT = 12008; server.SSH_PORT = 12008;
@ -264,27 +264,27 @@ in
''; '';
initialScript = pkgs.writeText "backend-initScript" '' initialScript = pkgs.writeText "backend-initScript" ''
CREATE DATABASE nextcloud; CREATE DATABASE nextcloud;
CREATE USER nextcloud WITH ENCRYPTED PASSWORD '${nextcloud_pw}'; CREATE USER nextcloud WITH ENCRYPTED PASSWORD pg_read_file(${nextcloud_pw});
GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud; GRANT ALL PRIVILEGES ON DATABASE nextcloud TO nextcloud;
CREATE DATABASE forgejo; CREATE DATABASE forgejo;
CREATE USER forgejo WITH ENCRYPTED PASSWORD '${forgejo_pw}'; CREATE USER forgejo WITH ENCRYPTED PASSWORD pg_read_file(${forgejo_pw});
GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo; GRANT ALL PRIVILEGES ON DATABASE forgejo TO forgejo;
CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD '${matrix_pw}' CREATE USER "matrix-synapse" WITH ENCRYPTED PASSWORD pg_read_file(${matrix_pw})
SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"' SELECT 'CREATE DATABASE "matrix-synapse" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "matrix-synapse"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'matrix-synapse')\gexec
CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD '${mautrix_whatsapp_pw}' CREATE USER mautrix_whatsapp WITH ENCRYPTED PASSWORD pg_read_file(${mautrix_whatsapp_pw})
SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"' SELECT 'CREATE DATABASE "mautrix_whatsapp" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_whatsapp"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_whatsapp')\gexec
CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD '${mautrix_signal_pw}' CREATE USER mautrix_signal WITH ENCRYPTED PASSWORD 'pg_read_file(${mautrix_signal_pw})
SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"' SELECT 'CREATE DATABASE "mautrix_signal" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_signal"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_signal')\gexec
CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD '${mautrix_discord_pw}' CREATE USER mautrix_discord WITH ENCRYPTED PASSWORD 'pg_read_file(${mautrix_discord_pw})
SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"' SELECT 'CREATE DATABASE "mautrix_discord" LOCALE "C" ENCODING UTF8 TEMPLATE template0 OWNER "mautrix_discord"'
WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'mautrix_discord')\gexec
''; '';