summaryrefslogtreecommitdiff
path: root/nixos/hosts/tente/default.nix
diff options
context:
space:
mode:
authorMartin Fischer <martin@push-f.com>2024-12-27 13:16:07 +0100
committerMartin Fischer <martin@push-f.com>2024-12-27 18:44:56 +0100
commit28424ccb86f9fe02c9e9f95958cf10d3a9fe3777 (patch)
tree676f8a3dae5266c24569c7c633d1247a7125c095 /nixos/hosts/tente/default.nix
parent1b65ba7a838e422c9bf16ddcaf796a996fa51b6b (diff)
refactor: split up tente/default.nix
Diffstat (limited to 'nixos/hosts/tente/default.nix')
-rw-r--r--nixos/hosts/tente/default.nix121
1 files changed, 12 insertions, 109 deletions
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
index 7885ff4..e6ec7ec 100644
--- a/nixos/hosts/tente/default.nix
+++ b/nixos/hosts/tente/default.nix
@@ -4,16 +4,7 @@
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
let
- domains =
- let
- domain = "push-f.com";
- in
- {
- personalWebsite = domain;
- tailscaleControlServer = "tailscale.${domain}";
- gitWebsite = "git.${domain}";
- matrixServer = "matrix.${domain}";
- };
+ domain = "push-f.com";
acmeEmail = "martin@push-f.com";
in
{ config, lib, pkgs, ... }:
@@ -22,8 +13,19 @@ in
imports = [
./hardware-configuration.nix
<top/profiles/server>
+ ./web-personal.nix
+ ./git.nix
+ ./headscale.nix
+ ./matrix.nix
];
+ web-personal.domain = domain;
+ web-personal.matrixApiDomain = config.matrix.apiDomain;
+ git.webUiDomain = "git.${domain}";
+ headscale.domain = "tailscale.${domain}";
+ matrix.serverName = domain;
+ matrix.apiDomain = "matrix.${domain}";
+
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
@@ -91,45 +93,11 @@ in
];
services = {
- gitolite = {
- enable = true;
- adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
- user = "git";
- group = "git";
- dataDir = "/srv/gitolite";
- extraGitoliteRc = ''
- $RC{UMASK} = 0027;
- $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*';
-
- # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS
- # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config
- '';
- };
-
nginx = {
enable = true;
group = "www-data";
};
- headscale = {
- enable = true;
- port = 8080;
- # TODO: make dataDir configurable and set it to /srv/
- settings = {
- server_url = "https://${domains.tailscaleControlServer}";
- dns = { base_domain = "tailnet"; };
- };
- };
-
- nginx.virtualHosts.${domains.tailscaleControlServer} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:${toString config.services.headscale.port}";
- proxyWebsockets = true;
- };
- };
-
postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
@@ -137,71 +105,6 @@ in
local sameuser all peer
'';
};
-
- matrix-synapse = {
- enable = true;
- settings = {
- server_name = domains.personalWebsite;
- };
- };
-
- nginx.virtualHosts.${domains.matrixServer} = {
- enableACME = true;
- forceSSL = true;
-
- # TODO: add locations."/" with some message
-
- # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
- # *must not* be used here.
- locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
- # Forward requests for e.g. SSO and password-resets.
- locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
- };
-
- nginx.virtualHosts.${domains.personalWebsite} =
- let
- mkWellKnown = data: ''
- default_type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '${builtins.toJSON data}';
- '';
- in
- {
- enableACME = true;
- forceSSL = true;
- root = "/srv/www/${domains.personalWebsite}";
-
- locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
- "m.server" = "${domains.matrixServer}:443";
- };
- locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
- "m.homeserver" = { base_url = "https://${domains.matrixServer}"; };
- };
- };
-
- nginx.virtualHosts.${domains.gitWebsite} = {
- enableACME = true;
- forceSSL = true;
- };
-
- cgit.main = {
- enable = true;
- # running as the gitolite user because otherwise cloning a repo via cgit fails with:
- # fatal: detected dubious ownership in repository
- user = config.services.gitolite.user;
- group = config.services.gitolite.group;
- nginx.virtualHost = domains.gitWebsite;
- scanPath = "${config.services.gitolite.dataDir}/repositories";
- settings = {
- remove-suffix = 1;
- enable-git-config = 1;
- root-title = "push-f.com repositories";
- root-desc = "My various repositories.";
- enable-index-owner = 0;
- source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
- clone-prefix = "https://${domains.gitWebsite}";
- };
- };
};
security.acme = {