diff options
author | Martin Fischer <martin@push-f.com> | 2024-12-27 13:16:07 +0100 |
---|---|---|
committer | Martin Fischer <martin@push-f.com> | 2024-12-27 18:44:56 +0100 |
commit | 28424ccb86f9fe02c9e9f95958cf10d3a9fe3777 (patch) | |
tree | 676f8a3dae5266c24569c7c633d1247a7125c095 /nixos/hosts/tente/default.nix | |
parent | 1b65ba7a838e422c9bf16ddcaf796a996fa51b6b (diff) |
refactor: split up tente/default.nix
Diffstat (limited to 'nixos/hosts/tente/default.nix')
-rw-r--r-- | nixos/hosts/tente/default.nix | 121 |
1 files changed, 12 insertions, 109 deletions
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix index 7885ff4..e6ec7ec 100644 --- a/nixos/hosts/tente/default.nix +++ b/nixos/hosts/tente/default.nix @@ -4,16 +4,7 @@ # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). let - domains = - let - domain = "push-f.com"; - in - { - personalWebsite = domain; - tailscaleControlServer = "tailscale.${domain}"; - gitWebsite = "git.${domain}"; - matrixServer = "matrix.${domain}"; - }; + domain = "push-f.com"; acmeEmail = "martin@push-f.com"; in { config, lib, pkgs, ... }: @@ -22,8 +13,19 @@ in imports = [ ./hardware-configuration.nix <top/profiles/server> + ./web-personal.nix + ./git.nix + ./headscale.nix + ./matrix.nix ]; + web-personal.domain = domain; + web-personal.matrixApiDomain = config.matrix.apiDomain; + git.webUiDomain = "git.${domain}"; + headscale.domain = "tailscale.${domain}"; + matrix.serverName = domain; + matrix.apiDomain = "matrix.${domain}"; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; # boot.loader.grub.efiSupport = true; @@ -91,45 +93,11 @@ in ]; services = { - gitolite = { - enable = true; - adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional - user = "git"; - group = "git"; - dataDir = "/srv/gitolite"; - extraGitoliteRc = '' - $RC{UMASK} = 0027; - $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*'; - - # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS - # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config - ''; - }; - nginx = { enable = true; group = "www-data"; }; - headscale = { - enable = true; - port = 8080; - # TODO: make dataDir configurable and set it to /srv/ - settings = { - server_url = "https://${domains.tailscaleControlServer}"; - dns = { base_domain = "tailnet"; }; - }; - }; - - nginx.virtualHosts.${domains.tailscaleControlServer} = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - postgresql = { enable = true; authentication = pkgs.lib.mkOverride 10 '' @@ -137,71 +105,6 @@ in local sameuser all peer ''; }; - - matrix-synapse = { - enable = true; - settings = { - server_name = domains.personalWebsite; - }; - }; - - nginx.virtualHosts.${domains.matrixServer} = { - enableACME = true; - forceSSL = true; - - # TODO: add locations."/" with some message - - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; - # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; - }; - - nginx.virtualHosts.${domains.personalWebsite} = - let - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; - in - { - enableACME = true; - forceSSL = true; - root = "/srv/www/${domains.personalWebsite}"; - - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { - "m.server" = "${domains.matrixServer}:443"; - }; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { - "m.homeserver" = { base_url = "https://${domains.matrixServer}"; }; - }; - }; - - nginx.virtualHosts.${domains.gitWebsite} = { - enableACME = true; - forceSSL = true; - }; - - cgit.main = { - enable = true; - # running as the gitolite user because otherwise cloning a repo via cgit fails with: - # fatal: detected dubious ownership in repository - user = config.services.gitolite.user; - group = config.services.gitolite.group; - nginx.virtualHost = domains.gitWebsite; - scanPath = "${config.services.gitolite.dataDir}/repositories"; - settings = { - remove-suffix = 1; - enable-git-config = 1; - root-title = "push-f.com repositories"; - root-desc = "My various repositories."; - enable-index-owner = 0; - source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - clone-prefix = "https://${domains.gitWebsite}"; - }; - }; }; security.acme = { |