Add garden and updates.
This commit is contained in:
parent
67823cbed6
commit
dab0af910b
14 changed files with 216 additions and 24 deletions
17
hosts/garden/default.nix
Normal file
17
hosts/garden/default.nix
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../base.nix
|
||||
../../users/root.nix
|
||||
../../roles/tailscale.nix
|
||||
../../roles/caddy.nix
|
||||
../../roles/vscode-remote.nix
|
||||
../../roles/syncthing.nix
|
||||
];
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
networking.hostName = "GARDEN";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
14
hosts/garden/hardware-configuration.nix
Normal file
14
hosts/garden/hardware-configuration.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
boot.loader.grub = {
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
fileSystems."/boot" = { device = "/dev/disk/by-uuid/FAAB-A09E"; fsType = "vfat"; };
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
|
||||
boot.initrd.kernelModules = [ "nvme" ];
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
|
||||
}
|
||||
|
|
@ -66,10 +66,14 @@
|
|||
useHostResolvConf = lib.mkForce false;
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
environment.sessionVariables = {
|
||||
PATH = [ "${pkgs.gitea}/bin" ];
|
||||
GITEA_WORK_DIR = "/var/lib/gitea";
|
||||
};
|
||||
};
|
||||
bindMounts = {
|
||||
"/run/postgresql/.s.PGSQL.5432" = {
|
||||
hostPath = "/run/postgresql/.s.PGSQL.5432";
|
||||
"/run/postgresql" = {
|
||||
hostPath = "/run/postgresql";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@
|
|||
package = pkgs.nextcloud30;
|
||||
configureRedis = true;
|
||||
maxUploadSize = "16G";
|
||||
autoUpdateApps.enable = true;
|
||||
# autoUpdateApps.enable = true;
|
||||
notify_push.enable = true;
|
||||
webfinger = true;
|
||||
settings = {
|
||||
|
|
@ -44,6 +44,7 @@
|
|||
dbhost = "/run/postgresql";
|
||||
adminpassFile = "/etc/nextcloud-admin-pass";
|
||||
};
|
||||
phpOptions."opcache.interned_strings_buffer" = "23";
|
||||
};
|
||||
onlyoffice = {
|
||||
enable = true;
|
||||
|
|
@ -51,6 +52,7 @@
|
|||
};
|
||||
resolved.enable = true;
|
||||
};
|
||||
programs.nix-ld.enable = true;
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [ 80 ];
|
||||
useHostResolvConf = lib.mkForce false;
|
||||
|
|
@ -62,11 +64,14 @@
|
|||
};
|
||||
};
|
||||
bindMounts = {
|
||||
"/run/postgresql/.s.PGSQL.5432" = {
|
||||
hostPath = "/run/postgresql/.s.PGSQL.5432";
|
||||
"/run/postgresql" = {
|
||||
hostPath = "/run/postgresql";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."nextcloud.thewordnerd.info".extraConfig = ''reverse_proxy nextcloud'';
|
||||
services.caddy.virtualHosts."nextcloud.thewordnerd.info".extraConfig = ''
|
||||
reverse_proxy nextcloud
|
||||
header Strict-Transport-Security max-age=31536000;
|
||||
'';
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@
|
|||
../../roles/zfs.nix
|
||||
../../base.nix
|
||||
../../users/root.nix
|
||||
../../roles/fail2ban.nix
|
||||
../../roles/tailscale.nix
|
||||
../../roles/lldap.nix
|
||||
../../roles/authelia.nix
|
||||
|
|
@ -18,6 +19,7 @@
|
|||
../../roles/caddy.nix
|
||||
../../roles/vscode-remote.nix
|
||||
../../roles/postgres.nix
|
||||
../../roles/syncthing.nix
|
||||
./apps/dev.nix
|
||||
./apps/nextcloud.nix
|
||||
];
|
||||
|
|
@ -64,11 +66,6 @@
|
|||
acceptTerms = true;
|
||||
defaults.email = "nolan@thewordnerd.info";
|
||||
certs."thewordnerd.info" = {
|
||||
domain = "*.thewordnerd.info";
|
||||
dnsProvider = "cloudflare";
|
||||
environmentFile = config.age.secrets.cloudflareApi.path;
|
||||
};
|
||||
certs."hub.thewordnerd.info" = {
|
||||
dnsProvider = "cloudflare";
|
||||
environmentFile = config.age.secrets.cloudflareApi.path;
|
||||
};
|
||||
|
|
@ -103,6 +100,15 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.fail2ban.jails = {
|
||||
dovecot.settings = {
|
||||
filter = "dovecot[mode=aggressive]";
|
||||
};
|
||||
postfix.settings = {
|
||||
filter = "postfix[mode=aggressive]";
|
||||
};
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."users.thewordnerd.info".extraConfig =
|
||||
''reverse_proxy localhost:17170'';
|
||||
|
||||
|
|
@ -110,6 +116,22 @@
|
|||
reverse_proxy localhost:9091
|
||||
'';
|
||||
|
||||
services.authelia.instances.main.settings.access_control.rules = [
|
||||
{
|
||||
domain = "syncthing.thewordnerd.info";
|
||||
policy = "one_factor";
|
||||
}
|
||||
];
|
||||
|
||||
services.caddy.virtualHosts."syncthing.thewordnerd.info".extraConfig = ''
|
||||
forward_auth localhost:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
}
|
||||
reverse_proxy localhost:8384 {
|
||||
header_up Host {upstream_hostport}
|
||||
}
|
||||
'';
|
||||
|
||||
services.caddy.virtualHosts."www.thewordnerd.info".extraConfig = ''
|
||||
file_server
|
||||
root * /var/www/thewordnerd.info
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue