SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-22 03:41:26 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request 'API 2.1.0 support' (#24) from api-redis into master

Browse source 
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/24
This commit is contained in:
Inex Code 2022-12-30 20:35:45 +02:00
parent 426d84f636 b4827e6e26
commit ab0c3e113c
8 changed files with 60 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api/api.nix
View file

@ -3,7 +3,7 @@
services.selfprivacy-api = { services.selfprivacy-api = {
enable = true; enable = true;
enableSwagger = config.services.userdata.api.enableSwagger; enableSwagger = config.services.userdata.api.enableSwagger;
b2Bucket = config.services.userdata.backblaze.bucket; b2Bucket = config.services.userdata.backup.bucket;
}; };
users.users."selfprivacy-api" = { users.users."selfprivacy-api" = {

2
backup/restic.nix
View file

@ -6,7 +6,7 @@ in
services.restic.backups = { services.restic.backups = {
options = { options = {
passwordFile = "/etc/restic/resticPasswd"; passwordFile = "/etc/restic/resticPasswd";
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}"; repository = "s3:s3.anazonaws.com/${cfg.backup.bucket}";
initialize = true; initialize = true;
paths = [ paths = [
"/var/dkim" "/var/dkim"

22
configuration.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz"; url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/redis.tar.gz";
nix-overlay = (import (builtins.fetchTarball url-overlay)); nix-overlay = (import (builtins.fetchTarball url-overlay));
in in
{ {
@ -30,6 +30,26 @@ in
nixpkgs.overlays = [ (nix-overlay) ]; nixpkgs.overlays = [ (nix-overlay) ];
services.redis.servers.sp-api = {
enable = true;
save = [
[
30
1
]
[
10
10
]
];
port = 0;
settings = {
notify-keyspace-events = "KEA";
};
};
services.do-agent.enable = if config.services.userdata.server.provider == "DIGITALOCEAN" then true else false;
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
networking = { networking = {
hostName = config.services.userdata.hostname; hostName = config.services.userdata.hostname;

6
files.nix
View file

@ -43,7 +43,7 @@ in
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
chmod 0440 /var/lib/cloudflare/Credentials.ini chmod 0440 /var/lib/cloudflare/Credentials.ini
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
''; '';
@ -56,8 +56,8 @@ in
echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf ${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf ${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf
chmod 0400 /root/.config/rclone/rclone.conf chmod 0400 /root/.config/rclone/rclone.conf
chown root:root /root/.config/rclone/rclone.conf chown root:root /root/.config/rclone/rclone.conf

8
git/gitea.nix
View file

@ -26,10 +26,10 @@ in
path = "/var/lib/gitea/data/gitea.db"; path = "/var/lib/gitea/data/gitea.db";
createDatabase = true; createDatabase = true;
}; };
ssh = { # ssh = {
enable = true; # enable = true;
clonePort = 22; # clonePort = 22;
}; # };
lfs = { lfs = {
enable = true; enable = true;
contentDir = "/var/lib/gitea/lfs"; contentDir = "/var/lib/gitea/lfs";

5
letsencrypt/acme.nix
View file

@ -8,7 +8,10 @@ in
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "${cfg.username}@${cfg.domain}"; defaults = {
email = "${cfg.username}@${cfg.domain}";
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
};
certs = lib.mkForce { certs = lib.mkForce {
"${cfg.domain}" = { "${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";

18
variables-module.nix
View file

@ -85,12 +85,28 @@ in
############# #############
# Secrets # # Secrets #
############# #############
backblaze = { dns = {
provider = mkOption {
description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
type = types.nullOr types.str;
};
useStagingACME = mkOption {
description = "Use staging ACME server. Default is false";
type = types.nullOr types.bool;
};
};
backup = {
bucket = mkOption { bucket = mkOption {
description = "Bucket name used for userdata backups"; description = "Bucket name used for userdata backups";
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
}; };
server = {
provider = mkOption {
description = "Server provider that was defined at the initial setup process. Default is HETZNER";
type = types.nullOr types.str;
};
};
############## ##############
# Services # # Services #
############## ##############

11
variables.nix
View file

@ -18,8 +18,15 @@ in
enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData; enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData; skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
}; };
backblaze = { dns = {
bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData; provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
};
backup = {
bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;
};
server = {
provider = lib.attrsets.attrByPath [ "server" "provider" ] "HETZNER" jsonData;
}; };
bitwarden = { bitwarden = {
enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData; enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;