steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
steveej 2023-03-21 13:38:22 +01:00
parent 0777ef46aa
commit 6befc79c8e
14 changed files with 189 additions and 198 deletions
Download patch file Download diff file Expand all files Collapse all files

48
nix/os/containers/syncthing.nix
View file

@ -1,31 +1,31 @@
{ hostAddress
, localAddress
, syncthingPort ? 22000
, syncthingLocalAnnouncePort ? 21027
, autoStart ? false
,
{
hostAddress,
localAddress,
syncthingPort ? 22000,
syncthingLocalAnnouncePort ? 21027,
autoStart ? false,
}: {
config =
{ config
, pkgs
, ...
}: {
system.stateVersion = "20.05"; # Did you read the comment?
config = {
config,
pkgs,
...
}: {
system.stateVersion = "20.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# syncthing gui
8384
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# syncthing gui
8384
];
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
};
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
};
};
inherit autoStart;
@ -36,7 +36,7 @@
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [

158
nix/os/containers/webserver.nix
View file

@ -1,96 +1,94 @@
{ hostAddress
, localAddress
, httpPort ? 80
, httpsPort ? 443
, autoStart ? false
,
}:
let
passwords = import ../../variables/passwords.crypt.nix;
in
{
config =
{ config
, pkgs
, lib
, ...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
hostAddress,
localAddress,
httpPort ? 80,
httpsPort ? 443,
autoStart ? false,
}: let
passwords = import ../../variables/passwords.crypt.nix;
in {
config = {
config,
pkgs,
lib,
...
}: {
system.stateVersion = "22.05"; # Did you read the comment?
imports = [ ../profiles/containers/configuration.nix ];
imports = [../profiles/containers/configuration.nix];
networking.firewall.enable = false;
networking.firewall.enable = false;
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
};
services.ddclientovh = {
enable = true;
domain = "www.stefanjunker.de";
};
security.acme = {
acceptTerms = true;
certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
preliminarySelfsigned = true;
security.acme = {
acceptTerms = true;
certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
preliminarySelfsigned = true;
# can be used for debugging
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
# can be used for debugging
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."www.stefanjunker.de" = {
default = true;
addSSL = true;
listen = [
{
addr = "0.0.0.0";
port = httpPort;
ssl = false;
}
{
addr = "0.0.0.0";
port = httpsPort;
ssl = true;
}
];
services.nginx.enable = true;
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."www.stefanjunker.de" = {
default = true;
addSSL = true;
listen = [
{
addr = "0.0.0.0";
port = httpPort;
ssl = false;
}
{
addr = "0.0.0.0";
port = httpsPort;
ssl = true;
}
];
root = "/var/www/stefanjunker.de/htdocs";
root = "/var/www/stefanjunker.de/htdocs";
enableACME = true;
enableACME = true;
locations."/hedgedoc/" = { proxyPass = "http://[::1]:3000/"; };
locations."/hedgedoc/" = {proxyPass = "http://[::1]:3000/";};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://[::1]:3000/socket.io/";
proxyWebsockets = true;
};
};
services.hedgedoc = {
enable = true;
settings = {
domain = "www.stefanjunker.de";
urlPath = "hedgedoc";
protocolUseSSL = true;
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
allowAnonymous = false;
allowAnonymousEdits = false;
allowGravatar = false;
allowFreeURL = false;
defaultPermission = "private";
allowEmailRegister = false;
# oauth2 provider config
inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
uploadsPath = "/var/lib/hedgedoc/uploads";
};
locations."/hedgedoc/socket.io/" = {
proxyPass = "http://[::1]:3000/socket.io/";
proxyWebsockets = true;
};
};
services.hedgedoc = {
enable = true;
settings = {
domain = "www.stefanjunker.de";
urlPath = "hedgedoc";
protocolUseSSL = true;
db = {
dialect = "sqlite";
storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite";
};
allowAnonymous = false;
allowAnonymousEdits = false;
allowGravatar = false;
allowFreeURL = false;
defaultPermission = "private";
allowEmailRegister = false;
# oauth2 provider config
inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox;
uploadsPath = "/var/lib/hedgedoc/uploads";
};
};
};
inherit autoStart;
bindMounts = {
@ -115,7 +113,7 @@ in
};
};
extraFlags = [ "--resolv-conf=bind-host" ];
extraFlags = ["--resolv-conf=bind-host"];
privateNetwork = true;
forwardPorts = [