sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

rename and fix

Browse Source
This commit is contained in:
soraefir
2026-05-08 20:46:23 +02:00
parent 4d398d5596
commit df523c48e5
12 changed files with 21 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/server/containers/default.nix
View File

@@ -4,7 +4,7 @@ let
builder = import ./builder.nix { inherit config lib serverCfg; };
enabledConfigs = lib.filterAttrs (name: c: c.enable) serverCfg.containers;
containerSetsList = lib.mapAttrsToList (name: containerCfg:
let defs = import (./defs + "/${name}.nix") {inherit config pkgs lib containerCfg builder;};
let defs = import (./defs + "/${name}.nix") {inherit config pkgs lib containerCfg builder name;};
in{
containers = lib.mapAttrs' (cName: cValue:
lib.nameValuePair "${name}-${cName}" cValue

4
modules/server/containers/defs/authentik.nix
View File

@@ -1,4 +1,4 @@
{ config, containerCfg, pkgs, lib, builder, ... }:
{ config, containerCfg, pkgs, lib, builder, name, ... }:
let
version = "2026.2.2";
serverCfg = config.syscfg.server;
@@ -19,7 +19,7 @@ in {
image = "ghcr.io/goauthentik/server:${version}";
port = containerCfg.port;
ip = containerCfg.ip;
secret = "authentik";
secret = name;
extraEnv = {
"AUTHENTIK_REDIS__HOST" = builder.host;
"AUTHENTIK_POSTGRESQL__HOST" = builder.host;

4
modules/server/containers/defs/collabora.nix
View File

@@ -1,4 +1,4 @@
{ config, containerCfg, pkgs, lib, builder, ... }:
{ config, containerCfg, pkgs, lib, builder, name, ... }:
let
version = "latest";
serverCfg = config.syscfg.server;
@@ -9,7 +9,7 @@ in {
image = "collabora/code:${version}";
port = containerCfg.port;
ip = containerCfg.ip;
secret = "collabora";
secret = name;
extraEnv = {
"aliasgroup1" = "https://${serverCfg.containers.nextcloud.subdomain}.${serverCfg.hostDomain}";
"server_name" = "${containerCfg.subdomain}.${serverCfg.hostDomain}";

4
modules/server/containers/defs/etherpad.nix
View File

@@ -1,4 +1,4 @@
{ config, containerCfg, pkgs, lib, builder, ... }:
{ config, containerCfg, pkgs, lib, builder, name,... }:
let
version = "latest";
serverCfg = config.syscfg.server;
@@ -20,7 +20,7 @@ in {
image = "etherpad/etherpad:${version}";
port = containerCfg.port;
ip = containerCfg.ip;
secret = "etherpad";
secret = name;
extraEnv = {
NODE_ENV = "production";
TITLE = "Pad";

4
modules/server/containers/defs/nextcloud.nix
View File

@@ -1,4 +1,4 @@
{ config, containerCfg, pkgs, lib, builder, ... }:
{ config, containerCfg, pkgs, lib, builder, name,... }:
let
version = "27";
serverCfg = config.syscfg.server;
@@ -20,7 +20,7 @@ in {
image = "nextcloud:${version}";
port = containerCfg.port;
ip = containerCfg.ip;
secret = "nextcloud";
secret = name;
extraEnv = {
REDIS_HOST = builder.host;
POSTGRES_HOST = builder.host;

5
modules/server/containers/defs/traefik.nix
View File

@@ -1,4 +1,4 @@
{ config, containerCfg, pkgs, lib, builder, ... }:
{ config, containerCfg, pkgs, lib, builder, name,... }:
let
version = "2026.2.2";
serverCfg = config.syscfg.server;
@@ -19,8 +19,9 @@ in {
image = "traefik:${version}";
port = containerCfg.port;
ip = containerCfg.ip;
secret = name;
extraEnv = {
"INFOMANIAK_ACCESS_TOKEN" = config.sops.secrets.INFOMANIAK_API_KEY.path;
config.sops.secrets.INFOMANIAK_API_KEY.path
};
overrides = {
cmd = [

2
modules/server/default.nix
View File

@@ -1,3 +1,3 @@
{ config, pkgs, lib, ... }:{
imports = [ ./containers ./database ./nftables ./nginx ./openssh ./sops ];
imports = [ ./containers ./database ./nftables ./openssh ./sops ];
}

11
modules/server/nftables/default.nix
View File

@@ -1,7 +1,8 @@
{ config, lib, ... }:
let
cfg = config.syscfg.server;
in{
in {
config = mkIf (cfg.ipfw.enable) {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
@@ -9,7 +10,6 @@ in{
networking.nftables.enable = true;
networking.nftables.ruleset = ''
${if cfg.nftables.enable then ''
table inet nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
@@ -28,13 +28,14 @@ in{
iifname "${srcInt}" tcp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
iifname "${srcInt}" udp dport ${srcPort} counter dnat ip6 to [${dstAddr6}]:${dstPort}
''
) config.syscfg.server.nftables.ports}
) cfg.ipfw.ports}
}
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') config.syscfg.server.nftables.ifs} } masquerade
oifname { ${lib.concatMapStringsSep ", " (iface: ''"${iface}"'') cfg.ipfw.ifs} } masquerade
}
}'' else ""}
}
'';
};
}

2
modules/server/sops/default.nix
View File

@@ -5,7 +5,6 @@ let
(lib.filterAttrs (name: cfg: cfg.db or cfg.sops or false) config.syscfg.server.containers);
allApps = lib.unique (listNames ++ containerNames);
in{
config = lib.mkIf (config.syscfg.server.sops) {
sops.secrets = {
INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
} // (lib.genAttrs (map (name: "${lib.toUpper name}") allApps) (name: {
@@ -13,5 +12,4 @@ in{
mode = "0644";
sopsFile = ./server.yaml;
}));
};
}

15
modules/shared/syscfg/default.nix
View File

@@ -82,18 +82,9 @@ let
};
serverOpt = with lib; {
hostDomain = mkOption { type = types.str; };
shortName = mkOption { type = types.str; };
mailDomain = mkOption { type = types.str; };
mailServer = mkOption { type = types.str; };
dbHost = mkOption {
type = types.str;
default = "localhost";
};
dbPort = mkOption {
type = types.str;
default = "3306";
};
configPath = mkOption {
type = types.str;
default = "/media/config";
@@ -117,10 +108,6 @@ let
});
default = {};
};
sops = mkOption {
type = types.bool;
default = false;
};
openssh = mkOption {
type = types.bool;
default = false;
@@ -133,7 +120,7 @@ let
type = types.bool;
default = false;
};
nftables = {
ipfw = {
enable = mkOption {
type = types.bool;
default = false;