summaryrefslogtreecommitdiff
path: root/nixos/tente-configuration.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/tente-configuration.nix')
-rw-r--r--nixos/tente-configuration.nix239
1 files changed, 0 insertions, 239 deletions
diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix
deleted file mode 100644
index 183e065..0000000
--- a/nixos/tente-configuration.nix
+++ /dev/null
@@ -1,239 +0,0 @@
-# channel="nixos-small"
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-let
- domains =
- let
- domain = "push-f.com";
- in
- {
- personalWebsite = domain;
- tailscaleControlServer = "tailscale.${domain}";
- gitWebsite = "git.${domain}";
- matrixServer = "matrix.${domain}";
- };
- acmeEmail = "martin@push-f.com";
-in
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- ./tente-hardware-configuration.nix
- ./sanix.nix
- ./parts/server.nix
- ./parts/basics.nix
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
- networking.hostName = "tente"; # Define your hostname.
- # Pick only one of the below networking options.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
-
- # Set your time zone.
- time.timeZone = "Europe/Vienna";
-
- # Select internationalisation properties.
- # i18n.defaultLocale = "en_US.UTF-8";
- # console = {
- # font = "Lat2-Terminus16";
- # keyMap = "us";
- # useXkbConfig = true; # use xkb.options in tty.
- # };
-
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
-
- users.users.martin = {
- isNormalUser = true;
- extraGroups = [
- "wheel" # Enable ‘sudo’ for the user.
- "www-data"
- ];
- packages = with pkgs; [
- ];
- };
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
- wget
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [
- # Enabling openssh automatically opens its port in the firewall.
- # For all other services we need to manually list the ports here.
- 80 443
- ];
- networking.firewall.allowedUDPPorts = [];
-
- users.groups.www-data = {};
-
- systemd.tmpfiles.rules = [
- "d /srv/www 2770 root www-data -"
- ];
-
- services = {
- gitolite = {
- enable = true;
- adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
- user = "git";
- group = "git";
- dataDir = "/srv/gitolite";
- extraGitoliteRc = ''
- $RC{UMASK} = 0027;
- $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*';
-
- # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS
- # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config
- '';
- };
-
- nginx = {
- enable = true;
- group = "www-data";
- };
-
- headscale = {
- enable = true;
- port = 8080;
- # TODO: make dataDir configurable and set it to /srv/
- settings = {
- server_url = "https://${domains.tailscaleControlServer}";
- dns = { base_domain = "tailnet"; };
- };
- };
-
- nginx.virtualHosts.${domains.tailscaleControlServer} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:${toString config.services.headscale.port}";
- proxyWebsockets = true;
- };
- };
-
- postgresql = {
- enable = true;
- authentication = pkgs.lib.mkOverride 10 ''
- #type database DBuser auth-method
- local sameuser all peer
- '';
- };
-
- matrix-synapse = {
- enable = true;
- settings = {
- server_name = domains.personalWebsite;
- };
- };
-
- nginx.virtualHosts.${domains.matrixServer} = {
- enableACME = true;
- forceSSL = true;
-
- # TODO: add locations."/" with some message
-
- # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
- # *must not* be used here.
- locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
- # Forward requests for e.g. SSO and password-resets.
- locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
- };
-
- nginx.virtualHosts.${domains.personalWebsite} =
- let
- mkWellKnown = data: ''
- default_type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '${builtins.toJSON data}';
- '';
- in
- {
- enableACME = true;
- forceSSL = true;
- root = "/srv/www/${domains.personalWebsite}";
-
- locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
- "m.server" = "${domains.matrixServer}:443";
- };
- locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
- "m.homeserver" = { base_url = "https://${domains.matrixServer}"; };
- };
- };
-
- nginx.virtualHosts.${domains.gitWebsite} = {
- enableACME = true;
- forceSSL = true;
- };
-
- cgit.main = {
- enable = true;
- # running as the gitolite user because otherwise cloning a repo via cgit fails with:
- # fatal: detected dubious ownership in repository
- user = config.services.gitolite.user;
- group = config.services.gitolite.group;
- nginx.virtualHost = domains.gitWebsite;
- scanPath = "${config.services.gitolite.dataDir}/repositories";
- settings = {
- remove-suffix = 1;
- enable-git-config = 1;
- root-title = "push-f.com repositories";
- root-desc = "My various repositories.";
- enable-index-owner = 0;
- source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
- clone-prefix = "https://${domains.gitWebsite}";
- };
- };
- };
-
- security.acme = {
- acceptTerms = true; # https://letsencrypt.org/repository/
- defaults.email = acmeEmail;
- };
-
- # Copy the NixOS configuration file and link it from the resulting system
- # (/run/current-system/configuration.nix). This is useful in case you
- # accidentally delete configuration.nix.
- # system.copySystemConfiguration = true;
-
- # This option defines the first version of NixOS you have installed on this particular machine,
- # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
- #
- # Most users should NEVER change this value after the initial install, for any reason,
- # even if you've upgraded your system to a new NixOS release.
- #
- # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
- # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
- # to actually do that.
- #
- # This value being lower than the current NixOS release does NOT mean your system is
- # out of date, out of support, or vulnerable.
- #
- # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
- # and migrated your data accordingly.
- #
- # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
- system.stateVersion = "24.11"; # Did you read the comment?
-
-}
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-09 16:23:06 +0000