SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-23 12:01:27 +00:00
Code Issues Projects Releases Wiki Activity

Switched to binds, volume management, new API

Browse source
This commit is contained in:
inexcode 2022-08-26 14:21:05 +04:00
parent 52b896da45
commit 53c9655b7b
11 changed files with 150 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
api/api-module.nix
View file

@ -57,12 +57,48 @@ in
pkgs.mkpasswd
pkgs.util-linux
pkgs.e2fsprogs
pkgs.iproute2
];
after = [ "network-online.target" ];
wantedBy = [ "network-online.target" ];
serviceConfig = {
User = "root";
ExecStart = "${pkgs.selfprivacy-api}/bin/app.py";
ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py";
Restart = "always";
RestartSec = "5";
};
};
systemd.services.selfprivacy-api-worker = {
description = "Task worker for SelfPrivacy API";
environment = config.nix.envVars // {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
PYTHONUNBUFFERED = "1";
ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
B2_BUCKET = cfg.b2Bucket;
PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.9/site-packages/";
} // config.networking.proxy.envVars;
path = [
"/var/"
"/var/dkim/"
pkgs.coreutils
pkgs.gnutar
pkgs.xz.bin
pkgs.gzip
pkgs.gitMinimal
config.nix.package.out
pkgs.nixos-rebuild
pkgs.restic
pkgs.mkpasswd
pkgs.util-linux
pkgs.e2fsprogs
pkgs.iproute2
];
after = [ "network-online.target" ];
wantedBy = [ "network-online.target" ];
serviceConfig = {
User = "root";
ExecStart = "${pkgs.python39Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";
Restart = "always";
RestartSec = "5";
};

2
configuration.nix
View file

@ -9,6 +9,7 @@ in
./variables-module.nix
./variables.nix
./files.nix
./volumes.nix
./users.nix
./mailserver/system/mailserver.nix
./vpn/ocserv.nix
@ -75,6 +76,7 @@ in
options = "--delete-older-than 7d";
};
};
services.journald.extraConfig = "SystemMaxUse=500M";
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
};

8
git/gitea.nix
View file

@ -1,8 +1,14 @@
{ config, pkgs, ... }:
{ config, lib, pkgs, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/gitea" = {
device = "/volumes/${cfg.gitea.location}/gitea";
options = [ "bind" ];
};
};
services = {
gitea = {
enable = cfg.gitea.enable;

15
mailserver/system/mailserver.nix
View file

@ -13,6 +13,17 @@ in
})
];
fileSystems = lib.mkIf cfg.useBinds {
"/var/vmail" = {
device = "/volumes/${cfg.email.location}/vmail";
options = [ "bind" ];
};
"/var/sieve" = {
device = "/volumes/${cfg.email.location}/sieve";
options = [ "bind" ];
};
};
users.users = {
virtualMail = {
isNormalUser = false;
@ -32,7 +43,7 @@ in
sieveScript = ''
require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0"
{
{
fileinto :create "DeltaChat";
stop;
}
@ -46,7 +57,7 @@ in
sieveScript = ''
require ["fileinto", "mailbox"];
if header :contains "Chat-Version" "1.0"
{
{
fileinto :create "DeltaChat";
stop;
}

10
nextcloud/nextcloud.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, ... }:
{ pkgs, lib, config, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/nextcloud" = {
device = "/volumes/${cfg.nextcloud.location}/nextcloud";
options = [ "bind" ];
};
};
services.nextcloud = {
enable = cfg.nextcloud.enable;
package = pkgs.nextcloud22;
package = pkgs.nextcloud23;
hostName = "cloud.${cfg.domain}";
# Use HTTPS for links

12
passmgr/bitwarden.nix
View file

@ -1,8 +1,18 @@
{ pkgs, config, ... }:
{ pkgs, lib, config, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/bitwarden" = {
device = "/volumes/${cfg.bitwarden.location}/bitwarden";
options = [ "bind" ];
};
"/var/lib/bitwarden_rs" = {
device = "/volumes/${cfg.bitwarden.location}/bitwarden_rs";
options = [ "bind" ];
};
};
services.vaultwarden = {
enable = cfg.bitwarden.enable;
dbBackend = "sqlite";

12
social/pleroma.nix
View file

@ -1,8 +1,18 @@
{ pkgs, config, ... }:
{ pkgs, lib, config, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = lib.mkIf cfg.useBinds {
"/var/lib/pleroma" = {
device = "/volumes/${cfg.pleroma.location}/pleroma";
options = [ "bind" ];
};
"/var/lib/postgresql" = {
device = "/volumes/${cfg.pleroma.location}/postgresql";
options = [ "bind" ];
};
};
services = {
pleroma = {
enable = cfg.pleroma.enable;

36
variables-module.nix
View file

@ -99,24 +99,46 @@ in
default = false;
type = types.nullOr types.bool;
};
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
email = {
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
gitea = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
nextcloud = {
enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
pleroma = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
location = mkOption {
default = "sda1";
type = types.nullOr types.str;
};
};
jitsi = {
enable = mkOption {
@ -163,5 +185,19 @@ in
type = types.nullOr (types.listOf (types.attrsOf types.anything));
default = [ ];
};
##############
# Volumes #
##############
volumes = mkOption {
description = ''
Volumes that will be created on the server
'';
type = types.nullOr (types.listOf (types.attrsOf types.anything));
default = [ ];
};
useBinds = mkOption {
type = types.nullOr types.bool;
default = false;
};
};
}

9
variables.nix
View file

@ -23,15 +23,19 @@ in
};
bitwarden = {
enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "bitwarden" "location" ] "sda1" jsonData;
};
gitea = {
enable = lib.attrsets.attrByPath [ "gitea" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "gitea" "location" ] "sda1" jsonData;
};
nextcloud = {
enable = lib.attrsets.attrByPath [ "nextcloud" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "nextcloud" "location" ] "sda1" jsonData;
};
pleroma = {
enable = lib.attrsets.attrByPath [ "pleroma" "enable" ] false jsonData;
location = lib.attrsets.attrByPath [ "pleroma" "location" ] "sda1" jsonData;
};
jitsi = {
enable = lib.attrsets.attrByPath [ "jitsi" "enable" ] false jsonData;
@ -44,6 +48,11 @@ in
rootKeys = lib.attrsets.attrByPath [ "ssh" "rootKeys" ] [ "" ] jsonData;
passwordAuthentication = lib.attrsets.attrByPath [ "ssh" "passwordAuthentication" ] true jsonData;
};
email = {
location = lib.attrsets.attrByPath [ "email" "location" ] "sda1" jsonData;
};
users = lib.attrsets.attrByPath [ "users" ] [ ] jsonData;
volumes = lib.attrsets.attrByPath [ "volumes" ] [ ] jsonData;
useBinds = lib.attrsets.attrByPath [ "useBinds" ] false jsonData;
};
}

15
volumes.nix Normal file
View file

@ -0,0 +1,15 @@
{ pkgs, config, ... }:
let
cfg = config.services.userdata;
in
{
fileSystems = { } // builtins.listToAttrs (builtins.map
(volume: {
name = "${volume.mountPoint}";
value = {
device = "${volume.device}";
fsType = "${volume.fsType}";
};
})
cfg.volumes);
}

1
webserver/nginx.nix
View file

@ -126,6 +126,7 @@ in
locations = {
"/" = {
proxyPass = "http://127.0.0.1:5050";
proxyWebsockets = true;
};
};
};