dennis/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: dennis:f7e4fdb662ed916990e00349dd7f5906b87d9ce6
Branches Tags
dennis:main
..
compare: dennis:90e4691c2547e83df25728c62efcae2d1f537dd4
Branches Tags
dennis:main

No commits in common. "f7e4fdb662ed916990e00349dd7f5906b87d9ce6" and "90e4691c2547e83df25728c62efcae2d1f537dd4" have entirely different histories.
f7e4fdb662 ... 90e4691c25

7 changed files with 5 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/hosts/dnsc-vps-sm/default.nix
View file

@ -21,11 +21,9 @@ in
uptime-kuma uptime-kuma
homepage homepage
actual-server actual-server
memos
forgejo
( (
{ config, lib, ... }: { config, ... }:
{ {
imports = [ imports = [
./_hardware-configuration.nix ./_hardware-configuration.nix
@ -45,8 +43,6 @@ in
}; };
system.stateVersion = "24.11"; system.stateVersion = "24.11";
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
# Fix due to https://github.com/NixOS/nixpkgs/issues/180175 # Fix due to https://github.com/NixOS/nixpkgs/issues/180175
@ -58,25 +54,19 @@ in
"${config.users.users.dennis.home}/.ssh/id_ed25519" "${config.users.users.dennis.home}/.ssh/id_ed25519"
]; ];
secrets."vaultwarden/env" = { secrets."vaultwarden/env" = {
file = "${secretsDir}/vaultwarden/env.age"; file = "${secretsDir}/vaultwarden/env";
}; };
secrets."restic/password" = { secrets."restic/password" = {
file = "${secretsDir}/restic/password.age"; file = "${secretsDir}/restic/password.age";
}; };
secrets."forgejo/mail-password" = {
file = "${secretsDir}/forgejo/mail-password.age";
};
}; };
# Custom Module Options # Custom Module Options
restic.repository = "sftp:dnsc-storage:restic/dnsc-server"; restic.repository = "sftp:dnsc-storage:restic/dnsc-server";
restic.backupPaths = [ restic.backupPaths = [
"/var/backup/vaultwarden" "/var/backup/vaultwarden"
"/var/lib/vaultwarden" "/data/actual-server"
"/var/lib/actual-server" # TODO: Include memos path, maybe uptime kuma
"/var/lib/memos"
"/var/lib/uptime-kuma"
"/var/lib/forgejo"
]; ];
} }
) )

3
modules/selfhosted/caddy/default.nix
View file

@ -35,9 +35,6 @@
virtualHosts."notes.dnsc.io".extraConfig = '' virtualHosts."notes.dnsc.io".extraConfig = ''
reverse_proxy localhost:9003 reverse_proxy localhost:9003
''; '';
virtualHosts."git.dnsc.io".extraConfig = ''
reverse_proxy localhost:9004
'';
}; };
}; };
} }

32
modules/selfhosted/forgejo/default.nix
View file

@ -1,32 +0,0 @@
{ ... }:
{
flake.modules.nixos.forgejo =
{
pkgs,
config,
lib,
...
}:
{
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.dnsc.io";
ROOT_URL = "https://git.dnsc.io/";
HTTP_PORT = 9004;
SSH_PORT = lib.head config.services.openssh.ports;
};
service.DISABLE_REGISTRATION = true;
mailer = {
ENABLED = true;
SMTP_ADDR = "me@dnsc.io";
FROM = "git@dnsc.io";
USER = "git@dnsc.io";
};
};
secrets.mailer.PASSWD = config.age.secrets."forgejo/mail-password".path;
};
};
}

7
modules/selfhosted/homepage/default.nix
View file

@ -49,15 +49,10 @@
url = "https://vault.dnsc.io"; url = "https://vault.dnsc.io";
icon = "si:vaultwarden"; icon = "si:vaultwarden";
} }
{
title = "Forgejo";
url = "https://git.dnsc.io";
icon = "si:forgejo";
}
{ {
title = "Notes"; title = "Notes";
url = "https://notes.dnsc.io"; url = "https://notes.dnsc.io";
icon = "si:parrotsecurity"; icon = "si:memos";
} }
{ {
title = "Uptime Kuma"; title = "Uptime Kuma";

17
modules/selfhosted/memos/default.nix
View file

@ -1,17 +0,0 @@
{ ... }:
{
flake.modules.nixos.memos =
{ pkgs, config, ... }:
{
services.memos = {
enable = true;
settings = {
MEMOS_MODE = "prod";
MEMOS_PORT = "9003";
MEMOS_DATA = "/var/lib/memos";
MEMOS_DRIVER = "sqlite";
MEMOS_INSTANCE_URL = "https://notes.dnsc.io";
};
};
};
}

9
secrets/forgejo/mail-password.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 JIw3cQ 6dRa6cCY05awbR5Ypq89K9nAPN1SBcoz67RrZ2PLvWE
yYJn+UHJHt+DX34+EHneLuCWDs4qw7l/+LUVe3DaVEo
-> ssh-ed25519 HufN+g Avtl/q3JuMecU5fFnGHqByHg5y/ZMVN90UDB325Mhi4
7Mw+QqltaEDAOCCSlAG/aBOayGBxtOeiJwRfdXGX2ow
-> ssh-ed25519 cTYF0w 8VwH3Yz2dUAhAVBHeeZL7leSmyUQfMusiAEFLGnafhQ
mtc13Xfnc7X42iMgrxGVdLWk54H9IjjmTI2T26jWMXQ
--- bVcpPfFruDRU3VEipqVt6ztjsOon71V38jKdDQkhvQA
ÍãùÐvÿÐ'ªcg܉ ß8`neo<65> ë*V ™GJ vN¶BSoŠCï

3
secrets/secrets.nix
View file

@ -2,11 +2,9 @@ let
dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac"; dnsc-air = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac";
dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/sUA38t7TI1LYADLBn898Hh0MTR4maiHVwEtDoN9W5 dnsc-vps-sm"; dnsc-vps-sm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF/sUA38t7TI1LYADLBn898Hh0MTR4maiHVwEtDoN9W5 dnsc-vps-sm";
dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server"; dnsc-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM3mkEgvHrwjsEReHQHpLbMP71JLvp6XxMPyW7PTaLCd dennis@dnsc-server";
dnsc-vps-sm-r = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKCIgMI4LjpYuVcFEhSM3VIYvOEb94jW/fJS+HZwPog8 root@dnsc-vps-sm";
systems = [ systems = [
dnsc-air dnsc-air
dnsc-vps-sm dnsc-vps-sm
dnsc-vps-sm-r
dnsc-server dnsc-server
]; ];
in in
@ -14,7 +12,6 @@ in
# Add like this: "secret1.age".publicKeys = systems; # Add like this: "secret1.age".publicKeys = systems;
"vaultwarden/env.age".publicKeys = systems; "vaultwarden/env.age".publicKeys = systems;
"restic/password.age".publicKeys = systems; "restic/password.age".publicKeys = systems;
"forgejo/mail-password.age".publicKeys = systems;
} }
# 1. Create a file with secret # 1. Create a file with secret