xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

beep

Browse source
This commit is contained in:
Lucy Hochkamp 2025-08-11 19:37:52 +02:00
parent a701e6ead9
commit 6dd6a4021f
No known key found for this signature in database
7 changed files with 95 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

35
hosts/picard/default.nix
View file

@ -109,6 +109,13 @@
}
'';
virtualHosts."*.hailsatan.eu".extraConfig = ''
tls ssl@xyno.systems {
propagation_delay 1m
ca https://acme-v02.api.letsencrypt.org/directory # hard coded so zerossl doesn't get used
dns desec {
token "{$TOKEN}"
}
}
reverse_proxy https://ds9.kangaroo-galaxy.ts.net {
transport http {
tls_server_name {host}
@ -118,29 +125,6 @@
virtualHosts."l621.net".extraConfig = ''
reverse_proxy http://127.0.0.1:8186
'';
virtualHosts."*.ragon.xyz".extraConfig = ''
# @8081 host 8081.ragon.xyz
# handle @8081 {
# reverse_proxy http://[::1]:8081
# }
# @files host files.ragon.xyz
# handle @files {
# encode zstd gzip
# root * /srv/www
# file_server browse
# basicauth * {
# {$BAUSER} {$BAPASSWD}
# }
# }
@bw host bw.ragon.xyz
handle @bw {
reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
}
handle {
abort
}
'';
virtualHosts."xyno.space".extraConfig =
let
fqdn = "matrix.xyno.space";
@ -227,6 +211,11 @@
handle @ntfy {
reverse_proxy http://127.0.0.1:15992
}
@bw host bw.xyno.systems
handle @bw {
reverse_proxy http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}
}
handle {
abort

67
hosts/picard/plausible.nix
View file

@ -15,51 +15,48 @@ in {
IP_GEOLOCATION_DB = "${pkgs.unstable.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb";
DATABASE_URL = "postgresql:///plausible?host=/run/postgresql";
};
systemd.services.plausible.script =
let cfg = config.services.plausible; in lib.mkForce ''
# Elixir does not start up if `RELEASE_COOKIE` is not set,
# even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
# Thus, make a random one, which should then be ignored.
export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
# systemd.services.plausible.script =
# let cfg = config.services.plausible; in lib.mkForce ''
# # Elixir does not start up if `RELEASE_COOKIE` is not set,
# # even though we set `RELEASE_DISTRIBUTION=none` so the cookie should be unused.
# # Thus, make a random one, which should then be ignored.
# export RELEASE_COOKIE=$(tr -dc A-Za-z0-9 < /dev/urandom | head -c 20)
# export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
# export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
${lib.optionalString (
cfg.mail.smtp.passwordFile != null
) ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
# ${lib.optionalString (
# cfg.mail.smtp.passwordFile != null
# ) ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
echo setup
${lib.optionalString cfg.database.postgres.setup ''
# setup
${cfg.package}/createdb.sh
''}
# echo setup
# ${lib.optionalString cfg.database.postgres.setup ''
# # setup
# ${cfg.package}/createdb.sh
# ''}
echo migrate
${cfg.package}/migrate.sh
export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
# ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
${lib.optionalString cfg.adminUser.activate ''
psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';"
''}
# echo migrate
# ${cfg.package}/migrate.sh
# export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
# # ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
echo start
exec plausible start
# echo start
# exec plausible start
'';
# '';
services.plausible = {
enable = true;
package = pkgs.unstable.plausible;
# releaseCookiePath = config.age.secrets.plausibleSecretKeybase.path;
adminUser = {
# activate is used to skip the email verification of the admin-user that's
# automatically created by plausible. This is only supported if
# postgresql is configured by the module. This is done by default, but
# can be turned off with services.plausible.database.postgres.setup.
activate = true;
email = "plausible@xyno.space";
passwordFile = config.age.secrets.plausibleAdminPw.path;
};
# adminUser = {
# # activate is used to skip the email verification of the admin-user that's
# # automatically created by plausible. This is only supported if
# # postgresql is configured by the module. This is done by default, but
# # can be turned off with services.plausible.database.postgres.setup.
# activate = true;
# email = "plausible@xyno.space";
# passwordFile = config.age.secrets.plausibleAdminPw.path;
# };
server = {
baseUrl = "https://${domain}";

9
hosts/picard/xynospace-matrix.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib,inputs, ... }:
let
fqdn = "matrix.xyno.space";
serverName = "xyno.space";
@ -62,7 +62,12 @@ in
containers.xynospace-matrix = let ms = config.age.secrets.matrixSecrets.path; unst = pkgs.unstable; in {
config = { config, pkgs, ... }: {
nixpkgs.overlays = [(self: super: {
matrix-synapse-unwrapped = unst.matrix-synapse-unwrapped;
matrix-synapse-unwrapped = super.matrix-synapse-unwrapped.overrideAttrs (super: self: {
src = inputs.synapse;
# cargoHash = "sha256-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=";
});
})];
system.stateVersion = stateVer;
networking.firewall.allowedTCPPorts = [ 8008 ];