sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

new stuff

Browse Source
This commit is contained in:
soraefir
2026-05-12 00:42:09 +02:00
parent 21d959b592
commit 3d4cdaf6e9
7 changed files with 48 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/server/containers/apps/authentik.nix
View File

@@ -64,14 +64,12 @@ in {
"AUTHENTIK_DISABLE_UPDATE_CHECK" = "true"; "AUTHENTIK_DISABLE_UPDATE_CHECK" = "true";
"AUTHENTIK_POSTGRESQL__SSLMODE" = "disable"; "AUTHENTIK_POSTGRESQL__SSLMODE" = "disable";
}; };
# extraOptions = [ "--user=:994" ]; #PODMAN GROUP FOR SOCKET ACCESS
overrides = { overrides = {
cmd = [ "worker" ]; cmd = [ "worker" ];
volumes = [ volumes = [
"${serverCfg.configPath}/authentik/media:/media" "${serverCfg.configPath}/authentik/media:/media"
"${serverCfg.configPath}/authentik/templates:/templates" "${serverCfg.configPath}/authentik/templates:/templates"
"${authentikData}:/blueprints/custom:ro" "${authentikData}:/blueprints/custom:ro"
# "/var/run/podman/podman.sock:/var/run/docker.sock" #PODMAN GROUP FOR SOCKET ACCESS
]; ];
}; };
}; };

33
modules/server/containers/apps/ethercalc.nix
View File

@@ -2,9 +2,7 @@
let let
serverCfg = config.syscfg.server; serverCfg = config.syscfg.server;
ethercalc_exe = pkgs.ethercalc; ethercalc_exe = pkgs.ethercalc;
settings = pkgs.writeText"settings.json" (builtins.toJSON {
title= "\${TITLE:Ethercalc}";
});
image = pkgs.dockerTools.streamLayeredImage { image = pkgs.dockerTools.streamLayeredImage {
name = "ethercalc"; name = "ethercalc";
tag = ethercalc_exe.version; tag = ethercalc_exe.version;
@@ -15,7 +13,10 @@ let
}; };
}; };
in { in {
paths = []; paths = [{
path="${serverCfg.dataPath}/etherpad/";
mode = "0666";
}];
containers = { containers = {
server = builder.mkContainer { server = builder.mkContainer {
@@ -25,33 +26,13 @@ in {
ip = containerCfg.ip; ip = containerCfg.ip;
secret = name; secret = name;
extraEnv = { extraEnv = {
TITLE = "Calc"; ETHERCALC_PORT = "8080";
PORT = "8080";
DB_TYPE = "postgres";
DB_HOST = builder.host;
DB_NAME = "ethercalc_db";
DB_USER = "ethercalc_user";
DB_CHARSET = "utf8mb4";
TRUST_PROXY = "true";
DEFAULT_CALC_TEXT = "";
SKIN_VARIANTS = "super-dark-toolbar light-editor dark-background";
}; };
overrides = { overrides = {
cmd = [ "--settings" "/etc/ethercalc/settings.json" "--apikey" "./APIKEY.txt" ];
volumes = [ volumes = [
"${settings}:/etc/ethercalc/settings.json" "${serverCfg.dataPath}/ethercalc:/data"
]; ];
}; };
}; };
}; };
setup = {
trigger = "server";
script = pkgs.writeShellScript "setup" ''
# Define the command wrapper
EXEC="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} ethercalc-server sh -c"
$EXEC "echo \"$APIKEY\" > ./APIKEY.txt"
'';
};
} }

1
modules/server/containers/apps/etherpad.nix
View File

@@ -120,5 +120,4 @@ in {
chmod 444 ${serverCfg.configPath}/etherpad/APIKEY.txt chmod 444 ${serverCfg.configPath}/etherpad/APIKEY.txt
''; '';
}; };
} }

36
modules/server/containers/apps/gitea.nix
View File

@@ -8,6 +8,10 @@ in {
path="${serverCfg.dataPath}/gitea/data"; path="${serverCfg.dataPath}/gitea/data";
owner = "1000:1000"; owner = "1000:1000";
mode = "0755"; mode = "0755";
}{
path="${serverCfg.dataPath}/gitea/data-runner";
owner = "1000:1000";
mode = "0755";
}]; }];
containers = { containers = {
server = builder.mkContainer { server = builder.mkContainer {
@@ -46,7 +50,6 @@ in {
GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/"; GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/";
GITEA__server__PROTOCOL = "http"; GITEA__server__PROTOCOL = "http";
# GITEA__server__USE_PROXY_PROTOCOL = true;
GITEA__server__HTTP_PORT = "8080"; GITEA__server__HTTP_PORT = "8080";
GITEA__server__LFS_START_SERVER = "true"; GITEA__server__LFS_START_SERVER = "true";
GITEA__security__INSTALL_LOCK = "true"; GITEA__security__INSTALL_LOCK = "true";
@@ -59,7 +62,7 @@ in {
GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true"; GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true";
GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true"; GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true";
GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true"; GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true";
GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/"; GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/sign_out";
GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username";
GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email";
GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name";
@@ -81,6 +84,24 @@ in {
ports = [ "2222:22" ]; ports = [ "2222:22" ];
}; };
}; };
runner = builder.mkContainer {
image = "gitea/act_runner:${version}";
secret = name;
extraEnv = {
CONFIG_FILE="/data/config.yml";
GITEA_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
GITHUB_INSTANCE_URL="https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
};
overrides = {
volumes = [
"${serverCfg.dataPath}/gitea/data-runner:/data"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
# ports = [ "8088:8088" ];
};
};
}; };
@@ -90,9 +111,18 @@ in {
script = pkgs.writeShellScript "setup" '' script = pkgs.writeShellScript "setup" ''
# Define the command wrapper # Define the command wrapper
GT="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-server gitea" GT="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-server gitea"
GTR="${pkgs.podman}/bin/podman --events-backend=none exec -u git gitea-runner ./act_runner"
$GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true $GT admin user create --username "$DEFAULT_ADMIN_USERNAME" --password "$DEFAULT_ADMIN_PASSWORD" --email "$DEFAULT_ADMIN_EMAIL" --admin || true
$GT admin user change --admin=true "$DEFAULT_ADMIN_USERNAME" || true
RUNNER_TOKEN=$($GT actions generate-runner-token)
$GTR register \
--instance "https://${containerCfg.subdomain}.${serverCfg.hostDomain}" \
--token "$RUNNER_TOKEN" \
--name "Runner" \
--labels "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest-slim" \
--no-interactive
echo "Completed Gitea Setup" echo "Completed Gitea Setup"
''; '';

1
modules/server/containers/data/authentik/authentik.yaml
View File

@@ -13,7 +13,6 @@ entries:
enabled: false enabled: false
# --- GROUPS --- # --- GROUPS ---
- model: authentik_core.group - model: authentik_core.group
state: present
identifiers: identifiers:
name: "admin" name: "admin"
attrs: attrs:

7
modules/server/sops/server.yaml
View File

@@ -4,7 +4,8 @@ AUTHENTIK: ENC[AES256_GCM,data:dZ+Kf85ZjaZ82coYNeNOXe5zfD2M9rEeOB6jDNoaKmo3jMABh
NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str] NEXTCLOUD: ENC[AES256_GCM,data:IWitzubILQ5SrGdO3UQZboisqAECt5lXOqHVg4yAKxedG7ZLOgVp6jPV+4VVDC13KEkxIsiYjjNvjqnOXCdYWQIC13YZ+o2IBDI9PgavBB3nmjfi0Q7BVki6C8qCtbM5H9uFlQ3h7rkPyEbE3pHa3dY5uwgdtmvw3qKf2UAZGIJCU7dKamjuTCucGitOEG434jFQik9duHZs7EV3AZrkLXqOfdvftvdpciDb/4/K7h/4uEYSXJ94Lf0b16/NRUcR,iv:1UvcbqC3hJEHU9t6Z+N226DTJEcgM315ynYkxPKpYSM=,tag:FGkXlUw+7LRu1/cpMys7OA==,type:str]
COLLABORA: ENC[AES256_GCM,data:cLGEziks5dyxTF1jugfpQE0l0nSkDP7MpROzCxCM94jv49sguA+d/SnY1olE8ZP9iCBnlvbMZyNR7uYo88B92Pmv8wVWfeuhHiHFIXh5aaOxntpt80UMg3Jy,iv:gmFG7C893QPuZ4rEqllAlUpNIXMcGsf9+/QCPLhWLTM=,tag:WpKHCUk6zhQRfFX2d6OPbQ==,type:str] COLLABORA: ENC[AES256_GCM,data:cLGEziks5dyxTF1jugfpQE0l0nSkDP7MpROzCxCM94jv49sguA+d/SnY1olE8ZP9iCBnlvbMZyNR7uYo88B92Pmv8wVWfeuhHiHFIXh5aaOxntpt80UMg3Jy,iv:gmFG7C893QPuZ4rEqllAlUpNIXMcGsf9+/QCPLhWLTM=,tag:WpKHCUk6zhQRfFX2d6OPbQ==,type:str]
ETHERPAD: ENC[AES256_GCM,data:PSr06GyOgY0HDNC4Hr2XUjbNUszGlfBjxDbrrKNQOqSMSVfZj4iFIGamrS72WO0un4U7IENx0T6CTBN/ELoq7J/+W9zf879uzKWuNaAulLVtBqrUbbqA7hTJpidnveZXzdwZRvlz/bU8kWAmXyhiDb2Q42Sz3BDb6duM3PO1AgG8Ko1pi2IemCPjO3uzudeT8FAlO8NnCUxKgwIKSz8CodOXFVGk66NX4xJd4ycfdNYXvKBNlzt1+WuWsZeZzeWmF7WD2dt4wWA9fWxB90fnth6ZV5LdeXjyYnzwkFOWoyNazgqV4jBv+aXKVwX4fYvspu13cVdrak3gc698bS2N1guDss4A/sfXMbtaYPGm98xXkqz1LP7sXQzKUdZf9sAS9gtOVv2tmg==,iv:uQ0Roe+XefzMjZCF3It+U2D1MWPMT5f6CPwlz0gQ5W0=,tag:wSgp0CVr6Y6M3eqcoTy8cw==,type:str] ETHERPAD: ENC[AES256_GCM,data:PSr06GyOgY0HDNC4Hr2XUjbNUszGlfBjxDbrrKNQOqSMSVfZj4iFIGamrS72WO0un4U7IENx0T6CTBN/ELoq7J/+W9zf879uzKWuNaAulLVtBqrUbbqA7hTJpidnveZXzdwZRvlz/bU8kWAmXyhiDb2Q42Sz3BDb6duM3PO1AgG8Ko1pi2IemCPjO3uzudeT8FAlO8NnCUxKgwIKSz8CodOXFVGk66NX4xJd4ycfdNYXvKBNlzt1+WuWsZeZzeWmF7WD2dt4wWA9fWxB90fnth6ZV5LdeXjyYnzwkFOWoyNazgqV4jBv+aXKVwX4fYvspu13cVdrak3gc698bS2N1guDss4A/sfXMbtaYPGm98xXkqz1LP7sXQzKUdZf9sAS9gtOVv2tmg==,iv:uQ0Roe+XefzMjZCF3It+U2D1MWPMT5f6CPwlz0gQ5W0=,tag:wSgp0CVr6Y6M3eqcoTy8cw==,type:str]
GITEA: ENC[AES256_GCM,data:KNFahbogAbmQngGh8RvUEk+QlWM1wXWj70Sf1oxSg+R2JLasyg5wslz16Q1IDN6ubXMyxTqw0GxstvqjrON444SKjAhbgoeHUf2vavYG1hqOdJEbkk9PUwN9sFyPJbA0PSeRMbm2nv4zr48jgtUz9d5rETdWR+U99qY8vx8DzVnnfz6ebeyxbQekXPnZ9Vosj49iPDsyrAvFlcE2WZHIsAGKhM0Gno+3b6AR4yZmMCjbT/TE89ZhRyxufw8E9aVVbSiNr7L2ZA39nO8LrQAZp6TklyVq6LBCXd4TTWqoPExF1fKJoJNBr1JhP/D7pzO7sgmJdgJ9Fkgm3JRQ+LATPKAuZYsLIoah9WzexPUQXSu4AjrO9DNTV2yn9+b/vAoTciHhpDEQBveZ7/rpOICnOQHFnRHp3wLTSeMY6Qp7dM9H8xqPcXYp1lUBcqChpDmL3HO5hp8Cuovp5OaIM0KLV1MuKxmLJy8jBmAix0BtkK8Hu61O0MX6Xx+fqICufzmLQ/LNe7CYUiieHP6/M6nmVPZrwEeIjWapSQPZG2AuMu5iwNQ4,iv:HHhpzprxxijGV8NioucRibFpNH5DG507Q6o3l7xbxqU=,tag:0vdRnxCJPTr5AcSUY5VUDw==,type:str] ETHERCALC: ENC[AES256_GCM,data:0ScnDsUNBt6wYJC4hTXn8huuTptBTDKZV4yFVQ4fuBWc6auWNWhDQlTc0ImJoK6efr2uyp3sVu3o+KlCNvUGhDOJ1you6socyTgRP0q7oLPC+Ln+bFP8gWG8v2nyEFY=,iv:YqvVjBFG/WZg1l4aMAiioOruWZ9zcTMr74DVW+1+2DQ=,tag:ePBXd4ddipJtxhFE1amfMg==,type:str]
GITEA: ENC[AES256_GCM,data:TGsye52g8DVOk51o1dWfF6x3m6BFPe0MtUbOayxYejaYSZ4cDCfx02EPAhiL3FJGLfidZt7+WpjhVqJvFeCvJ1OXdYMQyuL3akPBCmEjmBgBhJvEjVtVgV3aNMS21gy3o0RG/MXDXOLpjHeaXn3G/XWKsv5bw+gg94bDirOguLC5eaFxddn5/UGFvfwXzDmkoNmc9zufGvVpUkRy8rju/TjOz4Q5GZk1gXWtJWdkTGhuVYVBDDHIQq9DBS0qXi8tP3FvY8prOi/c5ZbyyZjTOgNpWB9uU4HkHz4aUTMFIrPFwUeWmNMIdyUmarSQ7tDDdhBfIiLhb94jaMATHq+PfwwpCcmiTfBEG3OS/3SXPMWg6jhfUxvxsKNT2HQca31B9IRqlitaio3r6KEPBTYh2nWtFO9d5Is7TUWkGsOaV+0JSiNPNh5uD7kNyBxsKUKcND7JXMxW/TZOqARY64x6IwDrbcypsyMW5i+4Er1/0HCvZ7FBH1XkTul8vBGF5ZGD/tYp/m6Ld26GKYkj967eYIwlNFcOMGNue5PyJfFCq0qWbLWO9dFA9c2e9r81DCD8y/0S3Ts7X7TkXVGShm7JoMqb8dzg9i6CoNlmbPAM5GwoNV3ftQugvqEGMk5UIvf05YsgSNvq4UJbhsT4bZqpV0plnxYD5TswCGF/XQ3nwwFTudmf1OLcgYwM2NckbVui128o1Rw=,iv:vo6l0QirLIUvwLN675LYkffkXejJecvBesLJvoW/bjY=,tag:zyLyiCskF84A3QVoq5X3iw==,type:str]
sops: sops:
age: age:
- recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
@@ -25,8 +26,8 @@ sops:
S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA== d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-11T19:41:48Z" lastmodified: "2026-05-11T22:33:41Z"
mac: ENC[AES256_GCM,data:QcsSKUsRGS2mI2vwTFZA143MxL7HcmJZPCiUeviOxoVENlNGfYER1BlDEg2ju6Em+yFAygIpfnNE99sGD7rIuJrQAQ8cVzX4epgzysOQ9tRzWRbl2ekQZnIeFOuuMCTQ87wzUkTa1i3ndj/B167P+iDic1WH/M3s8WJGs9M2v+w=,iv:VK0lYuFRlFCJR1Oou+6R3WME9sEHU86jQz/e/l4R2sM=,tag:TYPrwu+GixcWgTNdVB09Eg==,type:str] mac: ENC[AES256_GCM,data:276HHpEW56HOvKKbNPM79QrEBYDM590bOLfsgssSb79jm+LzrgLlYk2QImmXArADWby4Ai4jBPL4EahNm+a3aBazMEbwAu+EorvORE2P12W5C1ztskx5XUI3yDKY96jlZvmpXsqefa2pOQc1USk8ai/Obd5MLK06kMr2w3a7P9s=,iv:NJoe1lvw1hrWNL79Ux065UkSEDEEc0+NqlqB4tk3mAw=,tag:YTjIvEP1BO69Pa0qispMLQ==,type:str]
pgp: pgp:
- created_at: "2026-05-05T23:46:27Z" - created_at: "2026-05-05T23:46:27Z"
enc: |- enc: |-

4
systems/sandbox/cfg.nix
View File

@@ -55,6 +55,10 @@
db = true; db = true;
subdomain = "pad"; subdomain = "pad";
}; };
ethercalc = {
enable = true;
subdomain = "pad";
};
gitea = { gitea = {
enable = true; enable = true;
db = true; db = true;