genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 01:17:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Everything is migrated! Now to clean up...

Browse source
This commit is contained in:
Gene Liverman 2024-06-21 23:29:49 -04:00
parent 3075248fc7
commit 3457194cdd
8 changed files with 168 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

119
flake.lock generated
View file

@ -1,5 +1,21 @@
{ {
"nodes": { "nodes": {
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"brew-src": { "brew-src": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -74,6 +90,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -250,6 +282,21 @@
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-24_05": {
"locked": {
"lastModified": 1717144377,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.05",
"type": "indirect"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
@ -358,6 +405,21 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1717602782,
"narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"root": { "root": {
"inputs": { "inputs": {
"compose2nix": "compose2nix", "compose2nix": "compose2nix",
@ -371,9 +433,33 @@
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-terraform": "nixpkgs-terraform", "nixpkgs-terraform": "nixpkgs-terraform",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_4",
"nixpkgs-24_05": "nixpkgs-24_05",
"utils": "utils"
},
"locked": {
"lastModified": 1718084203,
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-24.05",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -424,6 +510,39 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

9
flake.nix
View file

@ -49,6 +49,8 @@
inputs.nixpkgs-unstable.follows = "nixpkgs-unstable"; inputs.nixpkgs-unstable.follows = "nixpkgs-unstable";
}; };
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
# Secrets managemnt # Secrets managemnt
sops-nix = { sops-nix = {
url = "github:mic92/sops-nix"; url = "github:mic92/sops-nix";
@ -58,7 +60,8 @@
}; # end inputs }; # end inputs
outputs = inputs@{ outputs = inputs@{
self, nixpkgs, nixpkgs-unstable, compose2nix, disko, genebean-omp-themes, self, nixpkgs, nixpkgs-unstable, compose2nix, disko, genebean-omp-themes,
home-manager, nix-darwin, nix-flatpak, nix-homebrew, nixos-hardware, nixpkgs-terraform, sops-nix, ... }: let home-manager, nix-darwin, nix-flatpak, nix-homebrew, nixos-hardware, nixpkgs-terraform,
simple-nixos-mailserver, sops-nix, ... }: let
# creates a macOS system config # creates a macOS system config
darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: nix-darwin.lib.darwinSystem { darwinHostConfig = { system, hostname, username, additionalModules, additionalSpecialArgs }: nix-darwin.lib.darwinSystem {
@ -195,7 +198,9 @@
system = "x86_64-linux"; system = "x86_64-linux";
hostname = "hetznix01"; hostname = "hetznix01";
username = "gene"; username = "gene";
additionalModules = []; additionalModules = [
simple-nixos-mailserver.nixosModule
];
additionalSpecialArgs = {}; additionalSpecialArgs = {};
}; };
nixnuc = nixosHostConfig { nixnuc = nixosHostConfig {

8
modules/hosts/nixos/hetznix01/default.nix
View file

@ -24,8 +24,11 @@
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
25 # SMTP (unencrypted)
80 # http to local Nginx 80 # http to local Nginx
443 # https to local Nginx 443 # https to local Nginx
465 # SMTP with TLS
587 # SMTP with STARTTLS
]; ];
# firewall.allowedUDPPorts = [ ... ]; # firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
@ -45,6 +48,11 @@
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
}; };
postgresqlBackup = {
enable = true;
backupAll = true;
startAt = "*-*-* 23:00:00";
};
uptime-kuma = { uptime-kuma = {
enable = true; enable = true;
settings = { settings = {

61
modules/hosts/nixos/hetznix01/owntracks.nix
View file

@ -1,61 +0,0 @@
{ config, pkgs, ... }: let
frontend_port = "8082";
in {
environment = {
etc = {
"default/ot-recorder".text = ''
OTR_USER="recorder"
OTR_PASS="toenail-madmen-nazareth-fum"
OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e"
OTR_TOPICS="owntracks/#"
OTR_HTTPHOST="127.0.0.1"
OTR_HTTPPREFIX="owntracks"
'';
};
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
address = "127.0.0.1";
port = 1883;
users = {
recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path;
};
}
];
};
users = {
groups.owntracks.gid = config.users.users.owntracks.uid;
users.owntracks = {
isSystemUser = true;
description = "OwnTracks";
group = "owntracks";
home = "/home/owntracks";
};
};
virtualisation.oci-containers.containers = {
"owntracks-frontend" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
environment = {
LISTEN = frontend_port;
SERVER_HOST = "ot-recorder";
};
ports = [ "127.0.0.1:${frontend_port}:80" ];
};
"ot-recorder" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
ports = [ "127.0.0.1:8083:8083" ];
volumes = [
"/etc/default/config:/config"
"/var/spool/owntracks/recorder/store:/store"
];
};
};
}

75
modules/hosts/nixos/hetznix01/owntracks.nix-back
View file

@ -1,75 +0,0 @@
{ config, pkgs, ... }: let
frontend_port = "8082";
in {
environment = {
etc = {
"default/ot-recorder".text = ''
OTR_USER="recorder"
OTR_PASS="toenail-madmen-nazareth-fum"
OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e"
OTR_TOPICS="owntracks/#"
OTR_HTTPHOST="127.0.0.1"
OTR_HTTPPREFIX="owntracks"
'';
};
systemPackages = with pkgs; [
owntracks-recorder
];
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
address = "127.0.0.1";
port = 1883;
users = {
recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path;
};
}
];
};
systemd.services.ot-recorder = {
name = "ot-recorder.service";
unitConfig = {
Description = "OwnTracks Recorder";
Wants = "network-online.target";
After = "network-online.target";
};
serviceConfig = {
Type = "simple";
User = "owntracks";
WorkingDirectory = "/";
ExecStartPre = "${pkgs.coreutils-full.out}/bin/sleep 15";
ExecStart = "${pkgs.owntracks-recorder.out}/bin/ot-recorder --debug";
};
wantedBy = [ "multi-user.target" ];
restartTriggers = [
config.environment.etc."default/ot-recorder".source
];
};
users = {
groups.owntracks.gid = config.users.users.owntracks.uid;
users.owntracks = {
isSystemUser = true;
description = "OwnTracks";
group = "owntracks";
home = "/home/owntracks";
};
};
virtualisation.oci-containers.containers = {
"owntracks-frontend" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
environment = {
LISTEN = frontend_port;
SERVER_HOST = "host.containers.internal";
};
ports = [ "127.0.0.1:${frontend_port}:80" ];
};
};
}

33
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,12 +1,45 @@
{ config, username, ... }: { { config, username, ... }: {
imports = [ imports = [
../../../../system/common/linux/lets-encrypt.nix
../../../../system/common/linux/restic.nix ../../../../system/common/linux/restic.nix
./matrix-synapse.nix ./matrix-synapse.nix
./nginx.nix ./nginx.nix
]; ];
mailserver = {
enable = true;
enableImap = false;
enableImapSsl = false;
fqdn = "mail.alt.technicalissues.us";
domains = [
"alt.technicalissues.us"
"indianspringsbsa.org"
];
forwards = {
"webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"@alt.technicalissues.us" = "gene+alt.technicalissues.us@geneliverman.com";
};
# Use Let's Encrypt certificates from Nginx
certificateScheme = "acme";
};
# Cert for the mail server
security.acme.certs."alt.technicalissues.us" = {
extraDomainNames = [
"mail.alt.technicalissues.us"
"mail.indianspringsbsa.org"
];
reloadServices = [
"postfix.service"
];
};
services = { services = {
restic.backups.daily.paths = [ restic.backups.daily.paths = [
"${config.users.users.${username}.home}/compose-files/owntracks"
"/var/backup/postgresql"
"/var/lib/uptime-kuma" "/var/lib/uptime-kuma"
]; ];
tailscale = { tailscale = {

4
modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, ... }: let { config, ... }: {
#
in {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
configureRedisLocally = true; configureRedisLocally = true;

4
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -1,12 +1,8 @@
{ config, ... }: let { config, ... }: let
domain = "technicalissues.us"; domain = "technicalissues.us";
http_port = 80;
https_port = 443; https_port = 443;
in { in {
imports = [
../../../../system/common/linux/lets-encrypt.nix
];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedBrotliSettings = true; recommendedBrotliSettings = true;