SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-23 12:01:27 +00:00
Code Issues Projects Releases Wiki Activity

Switched to binds, volume management, new API

Browse source
This commit is contained in:
inexcode 2022-08-26 14:21:05 +04:00
parent 52b896da45
commit 53c9655b7b
11 changed files with 150 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
api/api-module.nix
View file

@ -57,12 +57,48 @@ in
pkgs.mkpasswd pkgs.mkpasswd
pkgs.util-linux pkgs.util-linux
pkgs.e2fsprogs pkgs.e2fsprogs
pkgs.iproute2
]; ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wantedBy = [ "network-online.target" ]; wantedBy = [ "network-online.target" ];
serviceConfig = { serviceConfig = {
User = "root"; User = "root";
ExecStart = "${pkgs.selfprivacy-api}/bin/app.py"; ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py";
Restart = "always";
RestartSec = "5";
};
};
systemd.services.selfprivacy-api-worker = {
description = "Task worker for SelfPrivacy API";
environment = config.nix.envVars // {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
PYTHONUNBUFFERED = "1";
ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
B2_BUCKET = cfg.b2Bucket;
PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.9/site-packages/";
} // config.networking.proxy.envVars;
path = [
"/var/"
"/var/dkim/"
pkgs.coreutils
pkgs.gnutar
pkgs.xz.bin
pkgs.gzip
pkgs.gitMinimal
config.nix.package.out
pkgs.nixos-rebuild
pkgs.restic
pkgs.mkpasswd
pkgs.util-linux
pkgs.e2fsprogs
pkgs.iproute2
];
after = [ "network-online.target" ];
wantedBy = [ "network-online.target" ];
serviceConfig = {
User = "root";
ExecStart = "${pkgs.python39Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";
Restart = "always"; Restart = "always";
RestartSec = "5"; RestartSec = "5";
}; };

2
configuration.nix
View file

@ -9,6 +9,7 @@ in
./variables-module.nix ./variables-module.nix
./variables.nix ./variables.nix
./files.nix ./files.nix
./volumes.nix
./users.nix ./users.nix
./mailserver/system/mailserver.nix ./mailserver/system/mailserver.nix
./vpn/ocserv.nix ./vpn/ocserv.nix
@ -75,6 +76,7 @@ in
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
}; };
}; };
services.journald.extraConfig = "SystemMaxUse=500M";
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
}; };

8
git/gitea.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, ... }: { config, lib, pkgs, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
in in
{ {
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/gitea" = {
device = "/volumes/${cfg.gitea.location}/gitea";
options = [ "bind" ];
};
};
services = { services = {
gitea = { gitea = {
enable = cfg.gitea.enable; enable = cfg.gitea.enable;

15
mailserver/system/mailserver.nix
View file

@ -13,6 +13,17 @@ in
}) })
]; ];
fileSystems = lib.mkIf cfg.useBinds {
"/var/vmail" = {
device = "/volumes/${cfg.email.location}/vmail";
options = [ "bind" ];
};
"/var/sieve" = {
device = "/volumes/${cfg.email.location}/sieve";
options = [ "bind" ];
};
};
users.users = { users.users = {
virtualMail = { virtualMail = {
isNormalUser = false; isNormalUser = false;
@ -32,7 +43,7 @@ in
sieveScript = '' sieveScript = ''
require ["fileinto", "mailbox"]; require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0" if header :contains "Chat-Version" "1.0"
{ {
fileinto :create "DeltaChat"; fileinto :create "DeltaChat";
stop; stop;
} }
@ -46,7 +57,7 @@ in
sieveScript = '' sieveScript = ''
require ["fileinto", "mailbox"]; require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0" if header :contains "Chat-Version" "1.0"
{ {
fileinto :create "DeltaChat"; fileinto :create "DeltaChat";
stop; stop;
} }

10
nextcloud/nextcloud.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
in in
{ {
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/nextcloud" = {
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
options = [ "bind" ];
};
};
services.nextcloud = { services.nextcloud = {
enable = cfg.nextcloud.enable; enable = cfg.nextcloud.enable;
package = pkgs.nextcloud22; package = pkgs.nextcloud23;
hostName = "cloud.${cfg.domain}"; hostName = "cloud.${cfg.domain}";
# Use HTTPS for links # Use HTTPS for links

12
passmgr/bitwarden.nix
View file

@ -1,8 +1,18 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
in in
{ {
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/bitwarden" = {
device = "/volumes/${cfg.bitwarden.location}/bitwarden";
options = [ "bind" ];
};
"/var/lib/bitwarden_rs" = {
device = "/volumes/${cfg.bitwarden.location}/bitwarden_rs";
options = [ "bind" ];
};
};
services.vaultwarden = { services.vaultwarden = {
enable = cfg.bitwarden.enable; enable = cfg.bitwarden.enable;
dbBackend = "sqlite"; dbBackend = "sqlite";

12
social/pleroma.nix
View file

@ -1,8 +1,18 @@
{ pkgs, config, ... }: { pkgs, lib, config, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
in in
{ {
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/pleroma" = {
device = "/volumes/${cfg.pleroma.location}/pleroma";
options = [ "bind" ];
};
"/var/lib/postgresql" = {
device = "/volumes/${cfg.pleroma.location}/postgresql";
options = [ "bind" ];
};
};
services = { services = {
pleroma = { pleroma = {
enable = cfg.pleroma.enable; enable = cfg.pleroma.enable;

36
variables-module.nix
View file

@ -99,24 +99,46 @@ in
default = false; default = false;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
email = {
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
}; };
gitea = { gitea = {
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
}; };
nextcloud = { nextcloud = {
enable = mkOption { enable = mkOption {
default = true; default = true;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
}; };
pleroma = { pleroma = {
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.nullOr types.bool; type = types.nullOr types.bool;
}; };
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
}; };
jitsi = { jitsi = {
enable = mkOption { enable = mkOption {
@ -163,5 +185,19 @@ in
type = types.nullOr (types.listOf (types.attrsOf types.anything)); type = types.nullOr (types.listOf (types.attrsOf types.anything));
default = [ ]; default = [ ];
}; };
##############
# Volumes #
##############
volumes = mkOption {
description = ''
Volumes that will be created on the server
'';
type = types.nullOr (types.listOf (types.attrsOf types.anything));
default = [ ];
};
useBinds = mkOption {
type = types.nullOr types.bool;
default = false;
};
}; };
} }

9
variables.nix
View file

@ -23,15 +23,19 @@ in
}; };
bitwarden = { bitwarden = {
enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "bitwarden" "location" ] "sda1" jsonData;
}; };
gitea = { gitea = {
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
}; };
nextcloud = { nextcloud = {
enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData;
}; };
pleroma = { pleroma = {
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;
}; };
jitsi = { jitsi = {
enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData;
@ -44,6 +48,11 @@ in
rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData; rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;
passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData; passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData;
}; };
email = {
location = lib.attrsets.attrByPath [ "email" "location" ] "sda1" jsonData;
};
users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData; users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData;
volumes = lib.attrsets.attrByPath [ "volumes" ] [ ] jsonData;
useBinds = lib.attrsets.attrByPath [ "useBinds" ] false jsonData;
}; };
} }

15
volumes.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, config, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = { } // builtins.listToAttrs (builtins.map
(volume: {
name = "${volume.mountPoint}";
value = {
device = "${volume.device}";
fsType = "${volume.fsType}";
};
})
cfg.volumes);
}

1
webserver/nginx.nix
View file

@ -126,6 +126,7 @@ in
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:5050"; proxyPass = "http://127.0.0.1:5050";
proxyWebsockets = true;
}; };
}; };
}; };