From 1256cabb7981cfed4bf02c70940c4553edc557a6 Mon Sep 17 00:00:00 2001 From: Soispha Date: Wed, 2 Aug 2023 14:19:21 +0200 Subject: Feat(system/services/snapper): Add --- system/services/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'system/services/default.nix') diff --git a/system/services/default.nix b/system/services/default.nix index 7bf26c3..8f5540f 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -10,5 +10,6 @@ ./nix-sync ./openssh ./rust-motd + ./snapper ]; } -- cgit 1.4.1 From 317575461a640ddc601751741bc6da92a3edb867 Mon Sep 17 00:00:00 2001 From: sils Date: Mon, 7 Aug 2023 12:40:14 +0200 Subject: Feat(system): Add invidious --- system/secrets/default.nix | 12 ++++++++++++ system/secrets/invidious/passwd.tix | 16 ++++++++++++++++ system/secrets/invidious/settings.tix | 14 ++++++++++++++ system/secrets/secrets.nix | 2 ++ system/services/default.nix | 1 + system/services/invidious/default.nix | 12 ++++++++++++ 6 files changed, 57 insertions(+) create mode 100644 system/secrets/invidious/passwd.tix create mode 100644 system/secrets/invidious/settings.tix create mode 100644 system/services/invidious/default.nix (limited to 'system/services/default.nix') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 5cd401c..515c3e7 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -13,6 +13,18 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; + invidious = { + file = ./invidious/passwd.tix; + mode = "700"; + owner = "invidious"; + group = "invidious"; + }; + invidiousSettings = { + file = ./invidious/settings.tix; + mode = "700"; + owner = "invidious"; + group = "invidious"; + }; }; }; } diff --git a/system/secrets/invidious/passwd.tix b/system/secrets/invidious/passwd.tix new file mode 100644 index 0000000..beaee32 --- /dev/null +++ b/system/secrets/invidious/passwd.tix @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQeHpwZFZEWXc0cGxZZ2dV +WDkvUmVFWXE5azZ1VlREM090bWJ6elgxR3hFCmhnNkhWZWVqdmxEcUJVTnFZaGw1 +YnVOYmpYOGd5YU1EaDlmc0ZrNk0zT0EKLT4gWDI1NTE5IEwyL1ptVzJ2bUdvSW1n +TzNod1BKZHQ3YXhUMkl5ZzRiT2Y3aUt0NGw4RVUKWTF3ampTMG1DYTBYTFcwNEp6 +bkFWbGl6WEVCcVdhQnVWY0piQ1VHMzk0SQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +TnFGVkQxTndPZ1l4c2J5dzNmT1YrZ0dQYytIMmtxaTN2Y01uZFdXOThqWQo2TDkv +MUJzc3BON1JwbGN3OW44WWZ5WUxWdWU2UnpJczVYVHBsdUFmdllJCi0+IHg5YmFB +eS1ncmVhc2UgYl9hXWlgIC5fIGpLaU1wWiN4ICczCkVmOHRibWptbDBxOS9Ic1VC +L0tFQXo5Sk45TDFlQlB5bnFleUF0dFlMSmdvd2dmUlZ3Ci0tLSBIN0MvMEduQVlR +bDVTQUxvZjB2TTljdjZkbGphN1l1QnZESWNZUjZzd1dVCmCWuxwFj1FyTEFasr8X +apyuQkXs6Cvfx82qMvwE1G4SLOEulJjVp/VDcICQ8RE8BE0HJGRjG64FqdtbHY2K +tPMADqfz/jt7kbXKSwB6zOHE9VNcTrGl+mx2Ki8HUG8GElj+hE2m0cWdGijcsGVW +lo2HKPa7F/d9vBUC9sLYo8U5VrnIRhBN1s4ECfAa4vj2RSsCZePCHkJMH7qFPGuC +PZST +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/invidious/settings.tix b/system/secrets/invidious/settings.tix new file mode 100644 index 0000000..fe80a7d --- /dev/null +++ b/system/secrets/invidious/settings.tix @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkNzBJNXhlcGVJWk1nZERp +QXJrSEtxY2tyY0FwZnN6ZFB6dGVxZVVsdWtjCjI5cE85ZHhoRVBqcjdZaG9BWFJK +b09GblVERUZsR2ZPaW9aU1NCc25GM00KLT4gWDI1NTE5IHZwL3YraVBBVXVFVmpR +TENiaFoxdTJhUCtWcEFkU0ptaERpbEl1aGw3M00KWUozUTZxYm4rclN6L1IrTi9k +eEF0dVlYVEVNTnZ4Y0tUU0hwV2U0bXVCSQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +QkpGQ1RkVWhNQTFyMS9qRGYrT2s2djJHMEI0eFI5R3ZMVlRsa1JoMXIwawpRVG5z +TnZWMWhQSGxlL0VnUng1N0QvbTFuNS9WZmhnK3ZnVTdoMmtsejVJCi0+IDJNPHpY +LWdyZWFzZSBdVyBYZ3s8IG8ve0ByIHlrIkZkMwo4bmJOZU5yd3loSDlURWorZ0VZ +bWF2dHdLNkQ1ZUx5STZSa3dibVRsTCtQekdKWCtYNWlOR3BVQm5MRmQ2Z085Cmkw +OGhJU2kzR21MNk1OdkpHY29Gc21rNEh6VEZKWGkyCi0tLSBSemVvc2hlSnEyYUVM +UXRPSWtrd1hEcWtVTm95dzVFU085Y09adlFwYnhFCrbJEjFMSSaKqhW2GwuRilaw +N3U8GF22F10XHXyg+8csPFOpowRdS7ZBS52leGe/ve7oiVO5SBd3v7yWXa6ZInxo +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 11c0655..194ed3c 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -12,4 +12,6 @@ let in { "keycloak/passwd.tix".publicKeys = allSecrets; "matrix-synapse/passwd.tix".publicKeys = allSecrets; + "invidious/passwd.tix".publicKeys = allSecrets; + "invidious/settings.tix".publicKeys = allSecrets; } diff --git a/system/services/default.nix b/system/services/default.nix index 8f5540f..6c2670d 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,6 +1,7 @@ {...}: { imports = [ ./fail2ban + ./invidious ./keycloak ./mail ./matrix diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix new file mode 100644 index 0000000..50a32e8 --- /dev/null +++ b/system/services/invidious/default.nix @@ -0,0 +1,12 @@ +{config, ...}: { + services.invidious = { + enable = true; + database = { + createLocally = true; + passwordFile = "${config.age.secrets.invidious.path}"; + }; + domain = "invidious.vhack.eu"; + nginx.enable = true; + extraSettingsFile = "${config.age.secrets.invidiousSettings.path}"; + }; +} -- cgit 1.4.1 From 7428d690a6df382444c15683377e105456f72cab Mon Sep 17 00:00:00 2001 From: Soispha Date: Fri, 18 Aug 2023 14:12:24 +0200 Subject: Feat(system/services/libreddit): Init --- system/services/default.nix | 1 + system/services/libreddit/default.nix | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 system/services/libreddit/default.nix (limited to 'system/services/default.nix') diff --git a/system/services/default.nix b/system/services/default.nix index 6c2670d..9163588 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -3,6 +3,7 @@ ./fail2ban ./invidious ./keycloak + ./libreddit ./mail ./matrix ./minecraft diff --git a/system/services/libreddit/default.nix b/system/services/libreddit/default.nix new file mode 100644 index 0000000..e52507f --- /dev/null +++ b/system/services/libreddit/default.nix @@ -0,0 +1,7 @@ +{...}: { + services.libreddit = { + enable = true; + address = "libreddit.vhack.eu"; + openFirewall = true; + }; +} -- cgit 1.4.1 From cd75ff6797386c5924a2f0bbc62eadf1c6e2725d Mon Sep 17 00:00:00 2001 From: Soispha Date: Sun, 1 Oct 2023 22:07:22 +0200 Subject: feat(system/services/taskserver): Init This is the server part used in combination with Taskwarrior to regain control over the unwieldy amount of task, that accumulate over the day. --- notes/taskserver.md | 7 +++++++ system/impermanence/default.nix | 1 + system/impermanence/mods/taskserver.nix | 5 +++++ system/services/default.nix | 1 + system/services/taskserver/default.nix | 28 ++++++++++++++++++++++++++++ 5 files changed, 42 insertions(+) create mode 100644 notes/taskserver.md create mode 100644 system/impermanence/mods/taskserver.nix create mode 100644 system/services/taskserver/default.nix (limited to 'system/services/default.nix') diff --git a/notes/taskserver.md b/notes/taskserver.md new file mode 100644 index 0000000..36aeff0 --- /dev/null +++ b/notes/taskserver.md @@ -0,0 +1,7 @@ +# User export +Use +```bash +nixos-taskserver user export my-company alice +# or via ssh +ssh $server nixos-taskserver user export my-company alice #| sh +``` diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index b60eb4c..6e977b5 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -8,6 +8,7 @@ ./mods/nix-sync.nix ./mods/openssh.nix ./mods/postgresql.nix + ./mods/taskserver.nix ./mods/users.nix ]; diff --git a/system/impermanence/mods/taskserver.nix b/system/impermanence/mods/taskserver.nix new file mode 100644 index 0000000..9208aa4 --- /dev/null +++ b/system/impermanence/mods/taskserver.nix @@ -0,0 +1,5 @@ +{...}: { + environment.persistence."/srv".directories = [ + "/var/lib/taskserver" + ]; +} diff --git a/system/services/default.nix b/system/services/default.nix index 9163588..3349b38 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -13,5 +13,6 @@ ./openssh ./rust-motd ./snapper + ./taskserver ]; } diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix new file mode 100644 index 0000000..56255cd --- /dev/null +++ b/system/services/taskserver/default.nix @@ -0,0 +1,28 @@ +{...}: { + services.taskserver = { + enable = true; + pki.auto = { + expiration = { + server = 365; + crl = 365; + client = 365; + ca = 365; + }; + bits = 4096; + }; + organisations = { + vhack = { + users = [ + "soispha" + ]; + }; + soispha = { + users = [ + "soispha" + ]; + }; + }; + openFirewall = true; + fqdn = "taskserver.vhack.eu"; + }; +} -- cgit 1.4.1 From 932c45d2eb843bac1bb2f6e64a91613fe0fa3dd2 Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 16:10:04 +0200 Subject: feat(system/services/miniflux): Init --- system/secrets/default.nix | 6 ++++++ system/secrets/miniflux/admin.tix | 20 ++++++++++++++++++++ system/secrets/secrets.nix | 1 + system/services/default.nix | 1 + system/services/miniflux/default.nix | 19 +++++++++++++++++++ 5 files changed, 47 insertions(+) create mode 100644 system/secrets/miniflux/admin.tix create mode 100644 system/services/miniflux/default.nix (limited to 'system/services/default.nix') diff --git a/system/secrets/default.nix b/system/secrets/default.nix index 2269672..6cd7524 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -19,6 +19,12 @@ owner = "root"; group = "root"; }; + minifluxAdmin = { + file = ./miniflux/admin.tix; + mode = "700"; + owner = "root"; + group = "root"; + }; }; }; } diff --git a/system/secrets/miniflux/admin.tix b/system/secrets/miniflux/admin.tix new file mode 100644 index 0000000..5f9855b --- /dev/null +++ b/system/secrets/miniflux/admin.tix @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3a1AwRUpRS2dTVWc5dFFx +SWtnOHh0SWRVODBxUTlkWmQvOURvVk90d1hVCkNwTlZDWGhhSnNyYzZQa2N4aUxV +SUx3aWk3ditmVURjTjJCckNqOSs1QzAKLT4gWDI1NTE5IElQNHBVZnB3Umw0bW9R +K1lsQXlLc3Vld0ljanBjS1E4TGdHSE8rR3ZMemsKY3ZpVm5OSDZrNHlXMVh6bXIz +YnhFSmdFTTNCUUFkeEpCbCt6Z21SbCtEUQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +VGQxbTRiNkxRTUhRVFZEWkZiZ3ZoRStDbk5OZWFMb1BacEhmOWxjVmlRdwpidTlI +TXNnVHJPVUJjZXdGVWdMZkJ3WVZ2c3k2a3BrSDJDdWdTd1VLdVhjCi0+IExLOWst +Z3JlYXNlIC9kIDJYWlZDCkpXUW1IdFA3RjFoQXJHdG10bERLNk93ZFRvVVgxRjNY +QUlJcmpPVVU0RXYvVEZFZk5nTFNrWXVNWVg5Q0xzLzcKWWlDUUtPRWIwVWF3RXZt +M2dJenh3bk9nQ0paMTVweHlnQQotLS0gK3J4NTJ3Wkl1bDlVd3F1NVFlcVhWS0ZT +RlFxUFRBcXJEcC91M3pYaWNmYwoKAC8nGzAQewMVBhgwU4UxDIzm16OH1Te2N1Up +WjjAaHKGHeLcTG8UN6CgmIsjijV1EIN4qMLGQy1tJlMoim4/Q5kyTkHSEVAgLbKI +vUiW2/7mblgkTJzlVw0EB7wep6HPT9C7JYuirBRstUf0TdBIIB+u0Q/AGTnydcg8 +Kus1e4zuoanFxXoIFoUt48zC8T+EsPd3hMMe8h//rAfsBIxB3CJaqibxmQSWAPoA +yCuULWrmD48xjS6tzwZQo+Fx334HdH/hQSaZS0wJccwONbXaqexm+rEn+wmnBZW6 +lOFE86S9f3b1+GI3ze23yD4nbY+7txlP2QwADu815IZ3eOLBfxXjJR7K4+bEeiqz +0Q+t8fWZntB9sL0iELQlXa4uwcu7DlxLnopC/klTBisrEXizH4ALwVcr9Cxwp4Hj +vpOTqLt2Qxw= +-----END AGE ENCRYPTED FILE----- diff --git a/system/secrets/secrets.nix b/system/secrets/secrets.nix index 9fa9cc5..cd27612 100644 --- a/system/secrets/secrets.nix +++ b/system/secrets/secrets.nix @@ -14,4 +14,5 @@ in { "matrix-synapse/passwd.tix".publicKeys = allSecrets; "invidious/hmac.tix".publicKeys = allSecrets; "invidious/settings.tix".publicKeys = allSecrets; + "miniflux/admin.tix".publicKeys = allSecrets; } diff --git a/system/services/default.nix b/system/services/default.nix index 3349b38..2530f3a 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -7,6 +7,7 @@ ./mail ./matrix ./minecraft + ./miniflux ./nginx ./nix ./nix-sync diff --git a/system/services/miniflux/default.nix b/system/services/miniflux/default.nix new file mode 100644 index 0000000..e42ebe2 --- /dev/null +++ b/system/services/miniflux/default.nix @@ -0,0 +1,19 @@ +{config, ...}: { + services.miniflux = { + enable = true; + config = { + LISTEN_ADDR = "127.0.0.1:5892"; + }; + adminCredentialsFile = config.secrets.age.minifluxAdmin.path; + }; + + services.nginx = { + enable = true; + virtualHosts."rss.vhack.eu" = { + locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}"; + + enableACME = true; + forceSSL = true; + }; + }; +} -- cgit 1.4.1 From a3c31664dad17674721b0d31eec8ca0d8e57bd3e Mon Sep 17 00:00:00 2001 From: Soispha Date: Tue, 3 Oct 2023 17:11:46 +0200 Subject: feat(system/services/murmur): Initialize --- system/services/default.nix | 1 + system/services/murmur/default.nix | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 system/services/murmur/default.nix (limited to 'system/services/default.nix') diff --git a/system/services/default.nix b/system/services/default.nix index 2530f3a..db42284 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -8,6 +8,7 @@ ./matrix ./minecraft ./miniflux + ./murmur ./nginx ./nix ./nix-sync diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix new file mode 100644 index 0000000..9c04db0 --- /dev/null +++ b/system/services/murmur/default.nix @@ -0,0 +1,23 @@ +{config, ...}: { + services.murmur = { + enable = true; + openFirewall = true; + welcometext = '' + You never get a second chance to make a first impression + + The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! + ''; + sslKey = "${config.security.acme.certs.murmur.directory}/key.pem"; + sslCert = "${config.security.acme.certs.murmur.directory}/fullchain.pem"; + + registerUrl = "vhack.eu"; + registerName = "vhack"; + registerHostname = "mumble.vhack.eu"; + hostName = "mumble.vhack.eu"; + clientCertRequired = true; + }; + + security.acme.certs.murmur = { + domain = "mumble.vhack.eu"; + }; +} -- cgit 1.4.1 From 927fc165253804a6b8ffe0e648baa279e77a8233 Mon Sep 17 00:00:00 2001 From: sils Date: Thu, 12 Oct 2023 20:57:20 +0200 Subject: feat(system/services): actually import mastodon --- system/services/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'system/services/default.nix') diff --git a/system/services/default.nix b/system/services/default.nix index db42284..9998e43 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -5,6 +5,7 @@ ./keycloak ./libreddit ./mail + ./mastodon ./matrix ./minecraft ./miniflux -- cgit 1.4.1