mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-25 04:31:26 +00:00
Merge pull request 'API 2.1.0 support' (#24) from api-redis into master
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/24
This commit is contained in:
commit
ab0c3e113c
|
@ -3,7 +3,7 @@
|
|||
services.selfprivacy-api = {
|
||||
enable = true;
|
||||
enableSwagger = config.services.userdata.api.enableSwagger;
|
||||
b2Bucket = config.services.userdata.backblaze.bucket;
|
||||
b2Bucket = config.services.userdata.backup.bucket;
|
||||
};
|
||||
|
||||
users.users."selfprivacy-api" = {
|
||||
|
|
|
@ -6,7 +6,7 @@ in
|
|||
services.restic.backups = {
|
||||
options = {
|
||||
passwordFile = "/etc/restic/resticPasswd";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backblaze.bucket}";
|
||||
repository = "s3:s3.anazonaws.com/${cfg.backup.bucket}";
|
||||
initialize = true;
|
||||
paths = [
|
||||
"/var/dkim"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz";
|
||||
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/redis.tar.gz";
|
||||
nix-overlay = (import (builtins.fetchTarball url-overlay));
|
||||
in
|
||||
{
|
||||
|
@ -30,6 +30,26 @@ in
|
|||
|
||||
nixpkgs.overlays = [ (nix-overlay) ];
|
||||
|
||||
services.redis.servers.sp-api = {
|
||||
enable = true;
|
||||
save = [
|
||||
[
|
||||
30
|
||||
1
|
||||
]
|
||||
[
|
||||
10
|
||||
10
|
||||
]
|
||||
];
|
||||
port = 0;
|
||||
settings = {
|
||||
notify-keyspace-events = "KEA";
|
||||
};
|
||||
};
|
||||
|
||||
services.do-agent.enable = if config.services.userdata.server.provider == "DIGITALOCEAN" then true else false;
|
||||
|
||||
boot.cleanTmpDir = true;
|
||||
networking = {
|
||||
hostName = config.services.userdata.hostname;
|
||||
|
|
|
@ -43,7 +43,7 @@ in
|
|||
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||
'';
|
||||
|
@ -56,8 +56,8 @@ in
|
|||
echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
|
||||
echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
|
||||
|
||||
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf
|
||||
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf
|
||||
|
||||
chmod 0400 /root/.config/rclone/rclone.conf
|
||||
chown root:root /root/.config/rclone/rclone.conf
|
||||
|
|
|
@ -26,10 +26,10 @@ in
|
|||
path = "/var/lib/gitea/data/gitea.db";
|
||||
createDatabase = true;
|
||||
};
|
||||
ssh = {
|
||||
enable = true;
|
||||
clonePort = 22;
|
||||
};
|
||||
# ssh = {
|
||||
# enable = true;
|
||||
# clonePort = 22;
|
||||
# };
|
||||
lfs = {
|
||||
enable = true;
|
||||
contentDir = "/var/lib/gitea/lfs";
|
||||
|
|
|
@ -8,7 +8,10 @@ in
|
|||
};
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "${cfg.username}@${cfg.domain}";
|
||||
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
|
||||
};
|
||||
certs = lib.mkForce {
|
||||
"${cfg.domain}" = {
|
||||
domain = "*.${cfg.domain}";
|
||||
|
|
|
@ -85,12 +85,28 @@ in
|
|||
#############
|
||||
# Secrets #
|
||||
#############
|
||||
backblaze = {
|
||||
dns = {
|
||||
provider = mkOption {
|
||||
description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
useStagingACME = mkOption {
|
||||
description = "Use staging ACME server. Default is false";
|
||||
type = types.nullOr types.bool;
|
||||
};
|
||||
};
|
||||
backup = {
|
||||
bucket = mkOption {
|
||||
description = "Bucket name used for userdata backups";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
server = {
|
||||
provider = mkOption {
|
||||
description = "Server provider that was defined at the initial setup process. Default is HETZNER";
|
||||
type = types.nullOr types.str;
|
||||
};
|
||||
};
|
||||
##############
|
||||
# Services #
|
||||
##############
|
||||
|
|
|
@ -18,8 +18,15 @@ in
|
|||
enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
|
||||
skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
|
||||
};
|
||||
backblaze = {
|
||||
bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
|
||||
dns = {
|
||||
provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
|
||||
useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
|
||||
};
|
||||
backup = {
|
||||
bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;
|
||||
};
|
||||
server = {
|
||||
provider = lib.attrsets.attrByPath [ "server" "provider" ] "HETZNER" jsonData;
|
||||
};
|
||||
bitwarden = {
|
||||
enable = lib.attrsets.attrByPath [ "bitwarden" "enable" ] false jsonData;
|
||||
|
|
Loading…
Reference in a new issue