From bce60dc872316d8f6390349361e489d128ea8634 Mon Sep 17 00:00:00 2001 From: Jade Date: Wed, 26 Apr 2023 23:25:04 +0200 Subject: [PATCH] continuing things --- flake.lock | 44 ++++------------------------ flake.nix | 9 +++--- modules/base-stuff.nix | 25 ++++++++++++++-- modules/conduit.nix | 4 +++ modules/containers/default.nix | 7 +++++ modules/containers/phtanumb-wiki.nix | 40 +++++++++++++++++++++++++ modules/containers/postgres.nix | 32 ++++++++++++++++++++ modules/keycloak.nix | 16 ++++++++++ modules/proxy.nix | 24 +++++++++++++++ 9 files changed, 156 insertions(+), 45 deletions(-) create mode 100644 modules/conduit.nix create mode 100644 modules/containers/default.nix create mode 100644 modules/containers/phtanumb-wiki.nix create mode 100644 modules/containers/postgres.nix create mode 100644 modules/keycloak.nix diff --git a/flake.lock b/flake.lock index 6352a03..05520eb 100644 --- a/flake.lock +++ b/flake.lock @@ -2,57 +2,23 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1682362401, - "narHash": "sha256-/UMUHtF2CyYNl4b60Z2y4wwTTdIWGKhj9H301EDcT9M=", + "lastModified": 1682303062, + "narHash": "sha256-x+KAADp27lbxeoPXLUMxKcRsUUHDlg+qVjt5PjgBw9A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "884ac294018409e0d1adc0cae185439a44bd6b0b", + "rev": "f5364316e314436f6b9c8fd50592b18920ab18f9", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } }, "root": { "inputs": { - "nixpkgs": "nixpkgs", - "utils": "utils" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "utils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1681202837, - "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "cfacdce06f30d2b68473a46042957675eebb3401", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index dc27103..53ec584 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,9 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - utils.url = "github:numtide/flake-utils"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; }; - outputs = { self, nixpkgs, utils, ... }: + outputs = { self, nixpkgs, ... }@inputs: let pkgs = import nixpkgs { system = "x86_64-linux"; }; in { @@ -25,9 +24,11 @@ buildOnTarget = true; }; imports = [ + ./modules/base-stuff.nix ./modules/proxy.nix ./modules/jitsi.nix - ./modules/base-stuff.nix + ./modules/containers + ./modules/keycloak.nix ]; system.stateVersion = "22.11"; diff --git a/modules/base-stuff.nix b/modules/base-stuff.nix index 5365555..46a7c49 100644 --- a/modules/base-stuff.nix +++ b/modules/base-stuff.nix @@ -2,9 +2,30 @@ { networking.hostName = "katzen-cafe"; + networking.firewall = { + allowedTCPPorts = [ 22 80 443 ]; + }; + boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = false; + boot.loader.efi.canTouchEfiVariables = true; boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelParams = [ "console=tty" ]; + boot.initrd.kernelModules = [ "virtio_gpu" ]; + + users.users.april = { + isNormalUser = true; + packages = with pkgs; [ podman ]; + createHome = true; + }; + + services.openssh = { + enable = true; + permitRootLogin = "prohibit-password"; + }; + + environment.systemPackages = with pkgs; [ + neovim wget neofetch + ]; fileSystems."/" = { device = "/dev/sda1"; @@ -17,6 +38,6 @@ }; swapDevices = [ { - device = "/dev/disk/by-uuid/9cb23bf3-128c-4847-8f72-f14f4aaa5026"; + device = "/dev/sda2"; } ]; } diff --git a/modules/conduit.nix b/modules/conduit.nix new file mode 100644 index 0000000..eb67509 --- /dev/null +++ b/modules/conduit.nix @@ -0,0 +1,4 @@ +{ pkgs, inputs, ... }: +{ + # TODO: matrix-conduit +} diff --git a/modules/containers/default.nix b/modules/containers/default.nix new file mode 100644 index 0000000..0f678c6 --- /dev/null +++ b/modules/containers/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + imports = [ + ./postgres.nix + ./phtanumb-wiki.nix + ]; +} diff --git a/modules/containers/phtanumb-wiki.nix b/modules/containers/phtanumb-wiki.nix new file mode 100644 index 0000000..2aee90d --- /dev/null +++ b/modules/containers/phtanumb-wiki.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +{ + containers."phtanumb-wiki" = { + autoStart = true; + localAddress = "127.0.0.1"; + bindMounts = { + "/var/mediawiki" = { + hostPath = "/phtanum-b/wiki"; + isReadOnly = false; + }; + }; + config = { config, pkgs, ... }: { + + services.mediawiki = { + enable = true; + name = "phtanum-b"; + virtualHost.listen = [ + { + ip = "127.0.0.1"; + port = 8080; + ssl = false; + } + ]; + virtualHost.hostName = "wiki.phtanum-b.katzen.cafe"; + virtualHost.adminAddr = "admin@katzen.cafe"; + passwordFile = "/var/mediawiki/passwordFile"; + extraConfig = '' + # Disable anonymous editing + $wgGroupPermissions['*']['edit'] = false; + ''; + }; + + system.stateVersion = "22.11"; + }; + }; + deployment.keys."passwordFile" = { + keyCommand = [ "cat" "/home/jade/keys/phtanumb-wiki/passwordFile" ]; + destDir = "/var/mediawiki"; + }; +} diff --git a/modules/containers/postgres.nix b/modules/containers/postgres.nix new file mode 100644 index 0000000..50c9324 --- /dev/null +++ b/modules/containers/postgres.nix @@ -0,0 +1,32 @@ +{ pkgs, ... }: +{ + containers.postgres = { + autoStart = true; + localAddress = "127.0.0.1"; + bindMounts = { + "/var/lib/postgresql" = { + hostPath = "/postgres"; + isReadOnly = false; + }; + }; + config = { config, pkgs, ... }: { + + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "keycloak"; + ensurePermissions = { + "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; + }; + } + ]; + ensureDatabases = [ + "keycloak" + ]; + }; + + system.stateVersion = "22.11"; + }; + }; +} diff --git a/modules/keycloak.nix b/modules/keycloak.nix new file mode 100644 index 0000000..6a64867 --- /dev/null +++ b/modules/keycloak.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: +{ + services.keycloak = { + enable = true; + + settings = { + http-port = 8097; + proxy = "edge"; + hostname = "auth.katzen.cafe"; + }; + + database = { + createLocally = false; + }; + }; +} diff --git a/modules/proxy.nix b/modules/proxy.nix index 224ca77..87135da 100644 --- a/modules/proxy.nix +++ b/modules/proxy.nix @@ -12,6 +12,30 @@ group = "nginx"; keyType = "rsa4096"; }; + "wiki.phtanum-b.katzen.cafe" = { + group = "nginx"; + keyType = "rsa4096"; + }; }; }; + services.nginx = { + enable = true; + virtualHosts = { + "wiki.phtanum-b.katzen.cafe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; + }; + "auth.katzen.cafe" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8097"; + }; + }; + }; + + }; }