xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix picard compile

Browse source
This commit is contained in:
Lucy Hochkamp 2024-03-17 10:41:45 +01:00
parent 1d7bb49bfe
commit e1d6fe22c0
No known key found for this signature in database
5 changed files with 6 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nixos-modules/services/authelia.nix
View file

@ -57,10 +57,6 @@ in
};
};
services.nginx.virtualHosts."${cfg.domain}" = {
locations."/".proxyWebsockets = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.authelia.instances.${instanceName}.settings.server.port}";
} // (lib.my.findOutTlsConfig cfg.domain config);
services.postgresql = {
enable = true;

13
nixos-modules/services/bitwarden.nix
View file

@ -1,14 +1,13 @@
{ config, lib, pkgs, ... }:
let
cfg = config.ragon.services.bitwarden;
domain = config.ragon.services.nginx.domain;
in
{
options.ragon.services.bitwarden.enable = lib.mkEnableOption "Enables the vaultwarden BitWarden Server";
options.ragon.services.bitwarden.domainPrefix =
options.ragon.services.bitwarden.domain =
lib.mkOption {
type = lib.types.str;
default = "bw";
default = "bw.ragon.xyz";
};
config = lib.mkIf cfg.enable {
services.vaultwarden = {
@ -16,7 +15,7 @@ in
package = pkgs.unstable.vaultwarden;
#backupDir = "/persistent/backups/vaultwarden";
config = {
domain = "https://${cfg.domainPrefix}.${domain}";
domain = "https://${cfg.domain}";
signupsAllowed = true;
rocketPort = 8222;
rocketAddress = "127.0.0.1";
@ -26,12 +25,6 @@ in
dbBackend = "postgresql";
};
services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/".proxyPass = "http://${config.services.vaultwarden.config.rocketAddress}:${toString config.services.vaultwarden.config.rocketPort}";
locations."/".proxyWebsockets = true;
};
services.postgresql = {
enable = true;

4
nixos-modules/services/hedgedoc.nix
View file

@ -46,10 +46,6 @@ in
};
ragon.agenix.secrets.hedgedocSecret.owner = "hedgedoc";
services.nginx.virtualHosts."${cfg.domain}" = {
locations."/".proxyWebsockets = true;
locations."/".proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}";
} // (lib.my.findOutTlsConfig cfg.domain config);
services.postgresql = {
enable = true;

141
nixos-modules/services/synapse.nix
View file

@ -1,141 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
with lib.my;
let
cfg = config.ragon.services.synapse;
fqdn = cfg.fqdn;
serverName = cfg.serverName;
domain = config.ragon.services.nginx.domain;
in
{
options.ragon.services.synapse.enable = mkEnableOption "Enables synapse";
options.ragon.services.synapse.fqdn =
lib.mkOption {
type = lib.types.str;
default = "m.ragon.xyz";
};
options.ragon.services.synapse.enableElement = mkBoolOpt true; # TODO fix
options.ragon.services.synapse.elementFqdn =
lib.mkOption {
type = lib.types.str;
default = "e.ragon.xyz";
};
options.ragon.services.synapse.serverName =
lib.mkOption {
type = lib.types.str;
default = "ragon.xyz";
};
config = lib.mkIf cfg.enable {
services.matrix-synapse = {
enable = true;
extraConfigFiles = [ config.age.secrets.matrixSecrets.path ];
settings.server_name = serverName;
settings.listeners = [
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
services.postgresql = {
enable = true;
};
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.nginx.virtualHosts = {
#"${cfg.elementFqdn}" = {
# useACMEHost = "${domain}";
# forceSSL = true;
# root = pkgs.element-web.override {
# conf = {
# default_server_config."m.homeserver" = {
# "base_url" = "https://${fqdn}";
# "server_name" = "${domain}";
# };
# default_theme = "dark";
# }; # TODO make this less shit
# };
#};
"${cfg.serverName}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."= /.well-known/matrix/server".extraConfig =
let
# use 443 instead of the default 8448 port to unite
# the client-server and server-server port for simplicity
server = { "m.server" = "${fqdn}:443"; };
in
''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
"im.vector.riot.jitsi" = { "preferredDomain" = "jitsi.${domain}"; };
};
# ACAO required to allow element-web on any URL to request this json file
in
''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
# Reverse proxy for Matrix client-server and server-server communication
"${fqdn}" = {
forceSSL = true;
useACMEHost = "${domain}";
# Or do a redirect instead of the 404, or whatever is appropriate for you.
# But do not put a Matrix Web client here! See the Element web section below.
locations."/".extraConfig = ''
return 404;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
};
locations."/synapse" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
};
};
"slidingsync.${domain}" = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/" = {
proxyPass = "http://127.0.0.1:8009";
};
};
};
ragon.persist.extraDirectories = [
"${config.services.postgresql.dataDir}"
"${config.services.matrix-synapse.dataDir}"
];
};
}