felixalb/nixos-config
felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: felixalb:1b0b37c13cf7c218fd566145b219a41539356ddc
Branches Tags
felixalb:main
..
compare: felixalb:6ef0bd704ddad0f3d3f4e696035ae0c16d4057ea
Branches Tags
felixalb:main

1 Commits
1b0b37c13c ... 6ef0bd704d

Author SHA1 Message Date
Felix Albrigtsen
6ef0bd704d defiant: Update to NixOS 24.11 2024-12-01 11:05:19 +01:00
5 changed files with 6 additions and 75 deletions
Show Stats Expand all files Collapse all files

1
hosts/defiant/configuration.nix
View File

@ -23,7 +23,6 @@
./services/hedgedoc.nix ./services/hedgedoc.nix
./services/home-assistant.nix ./services/home-assistant.nix
./services/keycloak.nix ./services/keycloak.nix
./services/koillection.nix
./services/matrix ./services/matrix
./services/microbin.nix ./services/microbin.nix
# ./services/minecraft.nix # ./services/minecraft.nix

6
hosts/defiant/services/keycloak.nix
View File

@ -16,9 +16,9 @@ in {
settings = { settings = {
cache = "local"; cache = "local";
hostname = "https://iam.feal.no"; hostname = "iam.feal.no";
hostname-backchannel-dynamic = false; hostname-backchannel-dynamic = false;
http-enabled = true; http-enable = true;
http-host = "127.0.1.2"; http-host = "127.0.1.2";
http-port = 5060; http-port = 5060;
proxy-headers = "xforwarded"; proxy-headers = "xforwarded";
@ -27,6 +27,6 @@ in {
# The main reverse proxy is defined in ./nginx.nix # The main reverse proxy is defined in ./nginx.nix
services.nginx.virtualHosts.${cfg.hostname} = { services.nginx.virtualHosts.${cfg.hostname} = {
locations."= /".return = "302 ${cfg.hostname}/realms/feal.no/account"; locations."= /".return = "302 https://${cfg.hostname}/realms/feal.no/account";
}; };
} }

59
hosts/defiant/services/koillection.nix
View File

@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
domain = "koillection.home.feal.no";
port = 5023;
in {
virtualisation.oci-containers.containers = {
koillection = {
image = "koillection/koillection";
ports = [
"127.0.1.2:${toString port}:80"
];
environment = {
APP_DEBUG = "0";
APP_ENV = "prod";
HTTPS_ENABLED = "0";
UPLOAD_MAX_FILESIZE = "512M";
PHP_MEMORY_LIMIT = "512M";
PHP_TZ = "Europe/Oslo";
CORS_ALLOW_ORIGIN = "https?://(localhost|koillection\\.home\\.feal\\.no)(:[0-9]+)?$";
JWT_SECRET_KEY = "%kernel.project_dir%/config/jwt/private.pem";
JWT_PUBLIC_KEY = "%kernel.project_dir%/config/jwt/public.pem";
DB_DRIVER = "pdo_pgsql";
DB_NAME = "koillection";
DB_HOST = "host.docker.internal";
DB_USER = "koillection";
# DB_PASSWORD = "koillection"; # Set in sops envfile
DB_PORT = "5432";
DB_VERSION = "16";
};
environmentFiles = [
config.sops.secrets."koillection/envfile".path
];
extraOptions = [
"--add-host=host.docker.internal:host-gateway"
];
};
};
sops.secrets."koillection/envfile" = { };
services.postgresql = {
ensureDatabases = [ "koillection" ];
ensureUsers = [ {
name = "koillection";
ensureDBOwnership = true;
} ];
};
services.nginx.virtualHosts."${domain}" = {
locations."/".proxyPass = "http://127.0.1.2:${toString port}";
};
}

9
hosts/defiant/services/postgresql.nix
View File

@ -2,11 +2,7 @@
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableTCPIP = true; enableTCPIP = false;
authentication = ''
host all all 172.16.0.0/12 md5
'';
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
@ -18,8 +14,5 @@
databases = [ ]; databases = [ ];
}; };
# Docker containers on this host can reach postgres
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
environment.systemPackages = [ config.services.postgresql.package ]; environment.systemPackages = [ config.services.postgresql.package ];
} }

6
secrets/defiant/defiant.yaml
View File

@ -18,8 +18,6 @@ restic:
vaultwarden: ENC[AES256_GCM,data:tZKf1jeQPBASruDP67NrVfwFoAZ20whQIHf1SWIQz0s=,iv:kyfqvEf/DiAGHAU99HVGri15kluewijkSPOCGKjxIaQ=,tag:tmDQPH2IjjUV5wLegXXybg==,type:str] vaultwarden: ENC[AES256_GCM,data:tZKf1jeQPBASruDP67NrVfwFoAZ20whQIHf1SWIQz0s=,iv:kyfqvEf/DiAGHAU99HVGri15kluewijkSPOCGKjxIaQ=,tag:tmDQPH2IjjUV5wLegXXybg==,type:str]
keycloak: keycloak:
postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str] postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
koillection:
envfile: ENC[AES256_GCM,data:3wq6xiULzELDxtDsBfPbKrnEsAEoG9oQREyaEoe0AVpJziVMrhEQruLCl1F/,iv:IscSmKD8nwQ2HmNnC+54rZrWMimdYPLCArmt/ToTdNM=,tag:J3QYTUtJhpn+R8hpqkA9zg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -44,8 +42,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-01T10:13:16Z" lastmodified: "2024-10-05T08:43:32Z"
mac: ENC[AES256_GCM,data:SFZz05/9Wb5o9X0ieNxrk4LJkCniliQ7ykWR+ocLw+At9Ye620JQTYFHfpzT/h+aRdborgkRtldw0c5+UOzx9+F3HtoWsrK04uQ1qso8YjO87qEqlVenVPuOVUuvyVtPQOWyLrHOOPkLSrj0a1NQdPSsfxcC04DhSkiW4RTNWXw=,iv:zp6HP14YZYt8BNj7jPPM+cb5cBZThijfcaqDZ6rH5Hg=,tag:W+/XKoj61yUXL+PC5YXQlg==,type:str] mac: ENC[AES256_GCM,data:UMaxVqcS9SK/OclUe5k547zScx5BhAJt4f87Sfw2Ctdx6ZJRbju4310TeZUygzge4/OrCywD+9R09FzR65OBvIDxvUIqOblqzrYiHK6xRUSkUtLJEb8gzD7ycsccHaHpLYom0zbSixmMUDSthn2rexQixin9gUGVq+x9I3Z/sPk=,iv:oZAcTHjeFQjxZrNmQmJS3kJiXs1IcDbYJOo44kI3f5Y=,tag:7GINKR+6WMhlDAzeDOyrog==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1