Иммутабельный конфиг NixOS
Go to file
Inex Code c1ed3a522c Move secrets out of Nix Store (#19)
Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store.

In the past tmpfiles.d was used, but its entire contents get to the nix store.

Now, all files with secrets are generated in activation scripts, with the help of jq and sed.

Also dead Pleroma code was deleted, but CAPTCHA is still broken.

Co-authored-by: inexcode <inex.code@selfprivacy.org>
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/19
Co-authored-by: Inex Code <inex.code@selfprivacy.org>
Co-committed-by: Inex Code <inex.code@selfprivacy.org>
2022-07-19 15:18:46 +03:00
api Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
backup Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
git Initial commit 2021-11-15 13:02:05 +03:00
letsencrypt roll back the roll back 2022-02-16 11:06:51 +03:00
mailserver/system Remove alps from server configurtaion 2022-06-24 18:51:29 +03:00
nextcloud Overwrite nextcloud protocol to https 2021-12-06 21:37:45 +03:00
passmgr Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
resources Initial commit 2021-11-15 13:02:05 +03:00
social Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
userdata Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
videomeet roll back the roll back 2022-02-16 11:06:51 +03:00
vpn Add groups to users 2022-04-20 13:22:16 +03:00
webserver roll back the roll back 2022-02-16 11:06:51 +03:00
.gitignore Add tokens.json to gitignore 2022-04-29 16:40:59 +03:00
configuration.nix Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
files.nix Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
LICENSE Изменил(а) на 'LICENSE' 2021-11-18 10:08:19 +02:00
README.md Update README 2021-11-16 19:22:36 +03:00
users.nix Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
variables-module.nix Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00
variables.nix Move secrets out of Nix Store (#19) 2022-07-19 15:18:46 +03:00

SelfPrivacy NixOS configuration

This is a NixOS config which builds a SelfPrivacy server distribution based on data provided in userdata/userdata.json.

JSON schema is provided in userdata/schema.json for reference.

hardware-configuration.nix is not included.

Example JSON config:

{
    "backblaze": {
        "accountId": "BACKBLAZE_KEY_ID",
        "accountKey": "BACKBLAZE_ACCOUNT_KEY",
        "bucket": "BACKBLAZE_BUCKET_NAME"
    },
    "api": {
        "token": "API_TOKEN",
        "enableSwagger": false
    },
    "bitwarden": {
        "enable": true
    },
    "cloudflare": {
        "apiKey": "CF_TOKEN"
    },
    "databasePassword": "DB_PASSWORD",
    "domain": "DOMAIN",
    "hashedMasterPassword": "HASHED_PASSWORD",
    "hostname": "DOMAIN",
    "nextcloud": {
        "enable": true,
        "adminPassword": "PASSWORD",
        "databasePassword": "PASSWORD"
    },
    "gitea": {
        "enable": true
    },
    "jitsi": {
        "enable": true
    },
    "ocserv": {
        "enable": true
    },
    "pleroma": {
        "enable": true
    },
    "timezone": "Europe/Moscow",
    "resticPassword": "PASSWORD",
    "ssh": {
        "enable": true,
        "rootSshKeys": [
            "ssh-ed25519 KEY user@host"
        ],
        "passwordAuthentication": true
    },
    "username": "LUSER",
    "users": [
        {
            "hashedPassword": "OTHER_USER_HASHED_PASSWORD",
            "username": "OTHER_USER"
        }
    ]
}