Compare commits
2 Commits
6ef0bd704d
...
1b0b37c13c
Author | SHA1 | Date | |
---|---|---|---|
1b0b37c13c | |||
b4b74227c3 |
@ -23,6 +23,7 @@
|
|||||||
./services/hedgedoc.nix
|
./services/hedgedoc.nix
|
||||||
./services/home-assistant.nix
|
./services/home-assistant.nix
|
||||||
./services/keycloak.nix
|
./services/keycloak.nix
|
||||||
|
./services/koillection.nix
|
||||||
./services/matrix
|
./services/matrix
|
||||||
./services/microbin.nix
|
./services/microbin.nix
|
||||||
# ./services/minecraft.nix
|
# ./services/minecraft.nix
|
||||||
|
@ -5,7 +5,6 @@
|
|||||||
boot = {
|
boot = {
|
||||||
zfs.extraPools = [ "tank" ];
|
zfs.extraPools = [ "tank" ];
|
||||||
supportedFilesystems = [ "zfs" ];
|
supportedFilesystems = [ "zfs" ];
|
||||||
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
|
||||||
};
|
};
|
||||||
services.prometheus.exporters.zfs.enable = true;
|
services.prometheus.exporters.zfs.enable = true;
|
||||||
|
|
||||||
|
@ -16,17 +16,17 @@ in {
|
|||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
cache = "local";
|
cache = "local";
|
||||||
hostname = "iam.feal.no";
|
hostname = "https://iam.feal.no";
|
||||||
hostname-strict-backchannel = true;
|
hostname-backchannel-dynamic = false;
|
||||||
http-enable = true;
|
http-enabled = true;
|
||||||
http-host = "127.0.1.2";
|
http-host = "127.0.1.2";
|
||||||
http-port = 5060;
|
http-port = 5060;
|
||||||
proxy = "edge";
|
proxy-headers = "xforwarded";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# The main reverse proxy is defined in ./nginx.nix
|
# The main reverse proxy is defined in ./nginx.nix
|
||||||
services.nginx.virtualHosts.${cfg.hostname} = {
|
services.nginx.virtualHosts.${cfg.hostname} = {
|
||||||
locations."= /".return = "302 https://${cfg.hostname}/realms/feal.no/account";
|
locations."= /".return = "302 ${cfg.hostname}/realms/feal.no/account";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
59
hosts/defiant/services/koillection.nix
Normal file
59
hosts/defiant/services/koillection.nix
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
domain = "koillection.home.feal.no";
|
||||||
|
port = 5023;
|
||||||
|
in {
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
koillection = {
|
||||||
|
image = "koillection/koillection";
|
||||||
|
|
||||||
|
ports = [
|
||||||
|
"127.0.1.2:${toString port}:80"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
APP_DEBUG = "0";
|
||||||
|
APP_ENV = "prod";
|
||||||
|
HTTPS_ENABLED = "0";
|
||||||
|
UPLOAD_MAX_FILESIZE = "512M";
|
||||||
|
PHP_MEMORY_LIMIT = "512M";
|
||||||
|
PHP_TZ = "Europe/Oslo";
|
||||||
|
|
||||||
|
CORS_ALLOW_ORIGIN = "https?://(localhost|koillection\\.home\\.feal\\.no)(:[0-9]+)?$";
|
||||||
|
JWT_SECRET_KEY = "%kernel.project_dir%/config/jwt/private.pem";
|
||||||
|
JWT_PUBLIC_KEY = "%kernel.project_dir%/config/jwt/public.pem";
|
||||||
|
|
||||||
|
DB_DRIVER = "pdo_pgsql";
|
||||||
|
DB_NAME = "koillection";
|
||||||
|
DB_HOST = "host.docker.internal";
|
||||||
|
DB_USER = "koillection";
|
||||||
|
# DB_PASSWORD = "koillection"; # Set in sops envfile
|
||||||
|
DB_PORT = "5432";
|
||||||
|
DB_VERSION = "16";
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFiles = [
|
||||||
|
config.sops.secrets."koillection/envfile".path
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--add-host=host.docker.internal:host-gateway"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.secrets."koillection/envfile" = { };
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
ensureDatabases = [ "koillection" ];
|
||||||
|
ensureUsers = [ {
|
||||||
|
name = "koillection";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
locations."/".proxyPass = "http://127.0.1.2:${toString port}";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,11 @@
|
|||||||
{
|
{
|
||||||
services.postgresql = {
|
services.postgresql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableTCPIP = false;
|
enableTCPIP = true;
|
||||||
|
|
||||||
|
authentication = ''
|
||||||
|
host all all 172.16.0.0/12 md5
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresqlBackup = {
|
services.postgresqlBackup = {
|
||||||
@ -14,5 +18,8 @@
|
|||||||
databases = [ ];
|
databases = [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Docker containers on this host can reach postgres
|
||||||
|
networking.firewall.extraCommands = "iptables -A INPUT -p tcp --destination-port 5432 -s 172.16.0.0/12 -j ACCEPT";
|
||||||
|
|
||||||
environment.systemPackages = [ config.services.postgresql.package ];
|
environment.systemPackages = [ config.services.postgresql.package ];
|
||||||
}
|
}
|
||||||
|
@ -18,6 +18,8 @@ restic:
|
|||||||
vaultwarden: ENC[AES256_GCM,data:tZKf1jeQPBASruDP67NrVfwFoAZ20whQIHf1SWIQz0s=,iv:kyfqvEf/DiAGHAU99HVGri15kluewijkSPOCGKjxIaQ=,tag:tmDQPH2IjjUV5wLegXXybg==,type:str]
|
vaultwarden: ENC[AES256_GCM,data:tZKf1jeQPBASruDP67NrVfwFoAZ20whQIHf1SWIQz0s=,iv:kyfqvEf/DiAGHAU99HVGri15kluewijkSPOCGKjxIaQ=,tag:tmDQPH2IjjUV5wLegXXybg==,type:str]
|
||||||
keycloak:
|
keycloak:
|
||||||
postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
|
postgres: ENC[AES256_GCM,data:OYvpSyBAQfAJg4/syz1r,iv:Ge6m63YPl+gJPepIRmBz747bXqUo65MHQaRn1S/8m2I=,tag:18bFwYtmcslXlgflfYqM8w==,type:str]
|
||||||
|
koillection:
|
||||||
|
envfile: ENC[AES256_GCM,data:3wq6xiULzELDxtDsBfPbKrnEsAEoG9oQREyaEoe0AVpJziVMrhEQruLCl1F/,iv:IscSmKD8nwQ2HmNnC+54rZrWMimdYPLCArmt/ToTdNM=,tag:J3QYTUtJhpn+R8hpqkA9zg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
@ -42,8 +44,8 @@ sops:
|
|||||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-10-05T08:43:32Z"
|
lastmodified: "2024-12-01T10:13:16Z"
|
||||||
mac: ENC[AES256_GCM,data:UMaxVqcS9SK/OclUe5k547zScx5BhAJt4f87Sfw2Ctdx6ZJRbju4310TeZUygzge4/OrCywD+9R09FzR65OBvIDxvUIqOblqzrYiHK6xRUSkUtLJEb8gzD7ycsccHaHpLYom0zbSixmMUDSthn2rexQixin9gUGVq+x9I3Z/sPk=,iv:oZAcTHjeFQjxZrNmQmJS3kJiXs1IcDbYJOo44kI3f5Y=,tag:7GINKR+6WMhlDAzeDOyrog==,type:str]
|
mac: ENC[AES256_GCM,data:SFZz05/9Wb5o9X0ieNxrk4LJkCniliQ7ykWR+ocLw+At9Ye620JQTYFHfpzT/h+aRdborgkRtldw0c5+UOzx9+F3HtoWsrK04uQ1qso8YjO87qEqlVenVPuOVUuvyVtPQOWyLrHOOPkLSrj0a1NQdPSsfxcC04DhSkiW4RTNWXw=,iv:zp6HP14YZYt8BNj7jPPM+cb5cBZThijfcaqDZ6rH5Hg=,tag:W+/XKoj61yUXL+PC5YXQlg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
Loading…
Reference in New Issue
Block a user