dennis/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: dennis:90e4691c2547e83df25728c62efcae2d1f537dd4
Branches Tags
dennis:main
..
compare: dennis:f7e4fdb662ed916990e00349dd7f5906b87d9ce6
Branches Tags
dennis:main

10 commits
90e4691c25 ... f7e4fdb662

Author SHA1 Message Date
Dennis
f7e4fdb662 adds forgejo to hompage 2026-03-11 23:07:47 +01:00
Dennis
5d35068050 adds root to secrets 2026-03-11 23:02:49 +01:00
Dennis
d40cbe396e adds forgejo directory to backup 2026-03-11 22:51:58 +01:00
Dennis
3397c8541c includes forgejo in vps 2026-03-11 22:44:19 +01:00
Dennis
1e9cacb761 configures forgejo 2026-03-11 22:42:54 +01:00
Dennis
31976a7c9c adapts backup paths 2026-03-10 20:39:55 +01:00
Dennis
f2d2d5b792 fixes secret path 2026-03-10 20:23:51 +01:00
Dennis
f9aee5f484 forces overwrite of conflicting values 2026-03-10 20:21:32 +01:00
Dennis
546a298406 disables systemd boot for vps 2026-03-10 20:18:44 +01:00
Dennis
f65c47213c adds memos configuration 2026-03-10 20:07:40 +01:00
7 changed files with 84 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/hosts/dnsc-vps-sm/default.nix
View file

@ -21,9 +21,11 @@ in
uptime-kuma
homepage
actual-server
memos
forgejo
(
{ config, ... }:
{ config, lib, ... }:
{
imports = [
./_hardware-configuration.nix
@ -43,6 +45,8 @@ in
};
system.stateVersion = "24.11";
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
# Fix due to https://github.com/NixOS/nixpkgs/issues/180175
@ -54,19 +58,25 @@ in
"${config.users.users.dennis.home}/.ssh/id_ed25519"
];
secrets."vaultwarden/env" = {
file = "${secretsDir}/vaultwarden/env";
file = "${secretsDir}/vaultwarden/env.age";
};
secrets."restic/password" = {
file = "${secretsDir}/restic/password.age";
};
secrets."forgejo/mail-password" = {
file = "${secretsDir}/forgejo/mail-password.age";
};
};
# Custom Module Options
restic.repository = "sftp:dnsc-storage:restic/dnsc-server";
restic.backupPaths = [
"/var/backup/vaultwarden"
"/data/actual-server"
# TODO: Include memos path, maybe uptime kuma
"/var/lib/vaultwarden"
"/var/lib/actual-server"
"/var/lib/memos"
"/var/lib/uptime-kuma"
"/var/lib/forgejo"
];
}
)

3
modules/selfhosted/caddy/default.nix
View file

@ -35,6 +35,9 @@
virtualHosts."notes.dnsc.io".extraConfig = ''
reverse_proxy localhost:9003
'';
virtualHosts."git.dnsc.io".extraConfig = ''
reverse_proxy localhost:9004
'';
};
};
}

32
modules/selfhosted/forgejo/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ ... }:
{
flake.modules.nixos.forgejo =
{
pkgs,
config,
lib,
...
}:
{
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.dnsc.io";
ROOT_URL = "https://git.dnsc.io/";
HTTP_PORT = 9004;
SSH_PORT = lib.head config.services.openssh.ports;
};
service.DISABLE_REGISTRATION = true;
mailer = {
ENABLED = true;
SMTP_ADDR = "me@dnsc.io";
FROM = "git@dnsc.io";
USER = "git@dnsc.io";
};
};
secrets.mailer.PASSWD = config.age.secrets."forgejo/mail-password".path;
};
};
}

7
modules/selfhosted/homepage/default.nix
View file

@ -49,10 +49,15 @@
url = "https://vault.dnsc.io";
icon = "si:vaultwarden";
}
{
title = "Forgejo";
url = "https://git.dnsc.io";
icon = "si:forgejo";
}
{
title = "Notes";
url = "https://notes.dnsc.io";
icon = "si:memos";
icon = "si:parrotsecurity";
}
{
title = "Uptime Kuma";

17
modules/selfhosted/memos/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
flake.modules.nixos.memos =
{ pkgs, config, ... }:
{
services.memos = {
enable = true;
settings = {
MEMOS_MODE = "prod";
MEMOS_PORT = "9003";
MEMOS_DATA = "/var/lib/memos";
MEMOS_DRIVER = "sqlite";
MEMOS_INSTANCE_URL = "https://notes.dnsc.io";
};
};
};
}

9
secrets/forgejo/mail-password.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 JIw3cQ 6dRa6cCY05awbR5Ypq89K9nAPN1SBcoz67RrZ2PLvWE
yYJn+UHJHt+DX34+EHneLuCWDs4qw7l/+LUVe3DaVEo
-> ssh-ed25519 HufN+g Avtl/q3JuMecU5fFnGHqByHg5y/ZMVN90UDB325Mhi4
7Mw+QqltaEDAOCCSlAG/aBOayGBxtOeiJwRfdXGX2ow
-> ssh-ed25519 cTYF0w 8VwH3Yz2dUAhAVBHeeZL7leSmyUQfMusiAEFLGnafhQ
mtc13Xfnc7X42iMgrxGVdLWk54H9IjjmTI2T26jWMXQ
--- bVcpPfFruDRU3VEipqVt6ztjsOon71V38jKdDQkhvQA
ÍãùÐvÿÐ'ªcg܉ ß8`neo<65> ë*V ™GJ vN¶BSoŠCï

3
secrets/secrets.nix
View file

@ -2,9 +2,11 @@ let
dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac";
dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/sUA38t7TI1LYADLBn898Hh0MTR4maiHVwEtDoN9W5 dnsc-vps-sm";
dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server";
dnsc-vps-sm-r = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIgMI4LjpYuVcFEhSM3VIYvOEb94jW/fJS+HZwPog8 root@dnsc-vps-sm";
systems = [
dnsc-air
dnsc-vps-sm
dnsc-vps-sm-r
dnsc-server
];
in
@ -12,6 +14,7 @@ in
# Add like this: "secret1.age".publicKeys = systems;
"vaultwarden/env.age".publicKeys = systems;
"restic/password.age".publicKeys = systems;
"forgejo/mail-password.age".publicKeys = systems;
}
# 1. Create a file with secret