Compare commits
10 commits
544ea1236d
...
6c09df8fa0
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | 6c09df8fa0 | ||
Tigor Hutasuhut | 39433f7488 | ||
Tigor Hutasuhut | 9925102b5f | ||
Tigor Hutasuhut | 6b0f2316fa | ||
Tigor Hutasuhut | 5d27259205 | ||
Tigor Hutasuhut | 0713245e6e | ||
Tigor Hutasuhut | 507b91bc52 | ||
Tigor Hutasuhut | 906d35e44d | ||
Tigor Hutasuhut | ae1fa920b5 | ||
Tigor Hutasuhut | 46f4a0ee48 |
5
.sops.yaml
Normal file
5
.sops.yaml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
creation_rules:
|
||||||
|
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
@ -7,7 +7,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.secrets."smb/secrets" = {
|
sops.secrets."smb/secrets" = {
|
||||||
owner = config.users.users.tigor.name;
|
owner = config.profile.user.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
@ -15,10 +15,10 @@
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
system.fsPackages = [ pkgs.bindfs ];
|
system.fsPackages = [ pkgs.bindfs pkgs.cifs-utils ];
|
||||||
fileSystems."/nas" =
|
fileSystems."/nas" =
|
||||||
{
|
{
|
||||||
device = "//192.168.100.5/wd_red_1";
|
device = "//192.168.100.5/nas";
|
||||||
fsType = "cifs";
|
fsType = "cifs";
|
||||||
options = [
|
options = [
|
||||||
"_netdev"
|
"_netdev"
|
||||||
|
@ -27,8 +27,8 @@
|
||||||
"x-systemd.idle-timeout=60"
|
"x-systemd.idle-timeout=60"
|
||||||
"x-systemd.device-timeout=5s"
|
"x-systemd.device-timeout=5s"
|
||||||
"x-systemd.mount-timeout=5s"
|
"x-systemd.mount-timeout=5s"
|
||||||
"uid=1000"
|
"uid=${toString config.profile.user.uid}"
|
||||||
"gid=100"
|
"gid=${toString config.profile.user.gid}"
|
||||||
"credentials=${config.sops.secrets."smb/secrets".path}"
|
"credentials=${config.sops.secrets."smb/secrets".path}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
./hyprland.nix
|
./hyprland.nix
|
||||||
./docker.nix
|
./docker.nix
|
||||||
./podman.nix
|
./podman.nix
|
||||||
|
./services.nix
|
||||||
];
|
];
|
||||||
options.profile = {
|
options.profile = {
|
||||||
|
|
||||||
|
|
|
@ -6,5 +6,6 @@
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
|
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,5 +6,6 @@
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
|
kavita.enable = lib.mkEnableOption "kavita docker";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
13
options/services.nix
Normal file
13
options/services.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.profile.services = {
|
||||||
|
caddy.enable = mkEnableOption "caddy";
|
||||||
|
cockpit.enable = mkEnableOption "cockpit";
|
||||||
|
forgejo.enable = mkEnableOption "forgejo";
|
||||||
|
kavita.enable = mkEnableOption "kavita";
|
||||||
|
samba.enable = mkEnableOption "samba";
|
||||||
|
};
|
||||||
|
}
|
|
@ -48,5 +48,19 @@
|
||||||
brightnessctl.enable = true;
|
brightnessctl.enable = true;
|
||||||
keyboard.language.japanese = true;
|
keyboard.language.japanese = true;
|
||||||
|
|
||||||
|
mpris-proxy.enable = true;
|
||||||
|
kitty.enable = true;
|
||||||
|
neovide.enable = true;
|
||||||
|
spotify.enable = true;
|
||||||
|
vscode.enable = true;
|
||||||
|
jellyfin.enable = false;
|
||||||
|
mpv.enable = true;
|
||||||
|
go.enable = true;
|
||||||
|
chromium.enable = true;
|
||||||
|
bitwarden.enable = true;
|
||||||
|
dbeaver.enable = true;
|
||||||
|
|
||||||
|
microsoft-edge.enable = true;
|
||||||
|
nextcloud.enable = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,17 +17,28 @@
|
||||||
audio.enable = false;
|
audio.enable = false;
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
podman = {
|
|
||||||
enable = false;
|
|
||||||
};
|
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
go.enable = true;
|
go.enable = true;
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
cockpit.enable = false;
|
cockpit.enable = true;
|
||||||
docker = {
|
docker = {
|
||||||
|
enable = false;
|
||||||
|
caddy.enable = false;
|
||||||
|
kavita.enable = false;
|
||||||
|
};
|
||||||
|
podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
caddy.enable = false;
|
||||||
|
kavita.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
caddy.enable = true;
|
caddy.enable = true;
|
||||||
|
cockpit.enable = true;
|
||||||
|
forgejo.enable = true;
|
||||||
|
kavita.enable = true;
|
||||||
|
samba.enable = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
22
secrets/caddy_reverse_proxy.yaml
Normal file
22
secrets/caddy_reverse_proxy.yaml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
|
||||||
|
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK1lrMkJlNmJwK3ZvSjhz
|
||||||
|
VnFQa2xMdEt0dU9pRlQxbWZIT09ObVI2cUNBCkx2UnBQOTFRYkhXR0pyWGgxdVIr
|
||||||
|
R3NvZDBTU3lIY3RHZkxKRDQzRWhmYUUKLS0tIDJtNFc2VzRNQVdxZ0kxME91Um9p
|
||||||
|
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
|
||||||
|
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-13T06:44:09Z"
|
||||||
|
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,7 +1,7 @@
|
||||||
gnome-keyring:
|
gnome-keyring:
|
||||||
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
|
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
|
||||||
smb:
|
smb:
|
||||||
secrets: ENC[AES256_GCM,data:DKG6wjW/gBLX4cqisodnCX5OO6vVMQFerlAzlvW434xLQjHfn/SyTr3D/8GOSsMO,iv:4Qqdg2bDzNeCNeLifySfxwN/rA+qcAG0JSjt8ByFG/o=,tag:ALOoJ7h3EtjRIHskBfIouA==,type:str]
|
secrets: ENC[AES256_GCM,data:2XiBlll1fhr2N7CYfMmqVR6INm5j1B0dUhhLUDUmHH/Med0XzWrqh+0Fme7CTt3mdnbIO+AOe0U=,iv:jhWoP97kyGwDicB0CV2B0ppNB8JlFrajsnhvJsUv7FE=,tag:Alo0zX0AqbjziGflNFvepw==,type:str]
|
||||||
spotify:
|
spotify:
|
||||||
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
||||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||||
|
@ -23,8 +23,8 @@ sops:
|
||||||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-12T16:32:51Z"
|
lastmodified: "2024-06-13T09:09:57Z"
|
||||||
mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
|
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,7 +4,8 @@
|
||||||
profile-path
|
profile-path
|
||||||
hardware-configuration
|
hardware-configuration
|
||||||
./modules
|
./modules
|
||||||
# ./podman
|
./services
|
||||||
|
./podman
|
||||||
./docker
|
./docker
|
||||||
./programs.nix
|
./programs.nix
|
||||||
./user.nix
|
./user.nix
|
||||||
|
|
|
@ -11,5 +11,6 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
|
./kavita.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
32
system/docker/kavita.nix
Normal file
32
system/docker/kavita.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
user = config.profile.user;
|
||||||
|
docker = config.profile.docker;
|
||||||
|
volume = "/nas/kavita";
|
||||||
|
image = "lscr.io/linuxserver/kavita:latest";
|
||||||
|
gid = toString user.gid;
|
||||||
|
uid = toString user.uid;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (docker.enable && docker.kavita.enable) {
|
||||||
|
system.activationScripts.docker-kavita = ''
|
||||||
|
mkdir -p ${volume}
|
||||||
|
chown -R ${user.name}:${gid} ${volume}
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.kavita = {
|
||||||
|
inherit image;
|
||||||
|
environment = {
|
||||||
|
PUID = uid;
|
||||||
|
PGID = gid;
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
ports = [ "5000:5000" ];
|
||||||
|
autoStart = true;
|
||||||
|
volumes = [
|
||||||
|
"${volume}/config:/config"
|
||||||
|
"${volume}/library:/library"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,7 +7,6 @@
|
||||||
./bluetooth.nix
|
./bluetooth.nix
|
||||||
./boot_loader.nix
|
./boot_loader.nix
|
||||||
./brightnessctl.nix
|
./brightnessctl.nix
|
||||||
./cockpit.nix
|
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./font.nix
|
./font.nix
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
owner = "tigor";
|
owner = config.profile.user.name;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -31,10 +31,6 @@ in
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=caddy"
|
"--network=caddy"
|
||||||
];
|
];
|
||||||
labels = {
|
|
||||||
"caddy" = "cockpit.tigor.web.id";
|
|
||||||
"caddy.reverse_proxy" = "hosts.container.internal:9090";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,6 +4,7 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
# services.caddy.enable = true;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
dive # look into docker image layers
|
dive # look into docker image layers
|
||||||
podman-tui # status of containers in the terminal
|
podman-tui # status of containers in the terminal
|
||||||
|
@ -28,5 +29,6 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
|
./kavita.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
49
system/podman/kavita.nix
Normal file
49
system/podman/kavita.nix
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
user = config.profile.user;
|
||||||
|
podman = config.profile.podman;
|
||||||
|
volume = "/nas/kavita";
|
||||||
|
image = "lscr.io/linuxserver/kavita:latest";
|
||||||
|
gid = toString user.gid;
|
||||||
|
uid = toString user.uid;
|
||||||
|
gateway = "10.1.1.1";
|
||||||
|
subnet = "10.1.1.0/24";
|
||||||
|
ip = "10.1.1.3";
|
||||||
|
ip-range = "10.1.1.3/25";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf (podman.enable && podman.kavita.enable) {
|
||||||
|
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
|
||||||
|
reverse_proxy ${ip}:5000
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
wantedBy = [ "${backend}-kavita.service" ];
|
||||||
|
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.docker-kavita = ''
|
||||||
|
mkdir -p ${volume}
|
||||||
|
chown -R ${user.name}:${gid} ${volume}
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.kavita = {
|
||||||
|
inherit image;
|
||||||
|
environment = {
|
||||||
|
PUID = uid;
|
||||||
|
PGID = gid;
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
};
|
||||||
|
extraOptions = [
|
||||||
|
"--network=kavita"
|
||||||
|
"--ip=${ip}"
|
||||||
|
];
|
||||||
|
autoStart = true;
|
||||||
|
volumes = [
|
||||||
|
"${volume}/config:/config"
|
||||||
|
"${volume}/library:/library"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
15
system/services/caddy.nix
Normal file
15
system/services/caddy.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.caddy;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = ''
|
||||||
|
import /etc/caddy/sites-enabled/*
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,13 +1,16 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.cockpit;
|
cfg = config.profile.services.cockpit;
|
||||||
|
inherit (lib) mkIf;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = lib.mkIf config.profile.podman.enable [
|
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||||
];
|
];
|
||||||
services.udisks2.enable = true;
|
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
||||||
|
reverse_proxy 0.0.0.0:9090
|
||||||
|
'';
|
||||||
services.cockpit = {
|
services.cockpit = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
9
system/services/default.nix
Normal file
9
system/services/default.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./caddy.nix
|
||||||
|
./cockpit.nix
|
||||||
|
./forgejo.nix
|
||||||
|
./samba.nix
|
||||||
|
];
|
||||||
|
}
|
32
system/services/forgejo.nix
Normal file
32
system/services/forgejo.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.forgejo;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
|
||||||
|
reverse_proxy * unix//run/forgejo/forgejo.sock
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
PROTOCOL = "http+unix";
|
||||||
|
SSH_PORT = 2222;
|
||||||
|
DOMAIN = "git.tigor.web.id";
|
||||||
|
HTTP_PORT = 443;
|
||||||
|
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
||||||
|
};
|
||||||
|
service = {
|
||||||
|
DISABLE_REGISTRATION = true;
|
||||||
|
};
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
|
||||||
|
};
|
||||||
|
}
|
36
system/services/samba.nix
Normal file
36
system/services/samba.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.samba;
|
||||||
|
user = config.profile.user;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.samba = {
|
||||||
|
enable = true;
|
||||||
|
securityType = "user";
|
||||||
|
openFirewall = true;
|
||||||
|
extraConfig = ''
|
||||||
|
workgroup = WORKGROUP
|
||||||
|
server string = smbnix
|
||||||
|
netbios name = smbnix
|
||||||
|
security = user
|
||||||
|
guest account = ${user.name}
|
||||||
|
'';
|
||||||
|
shares = {
|
||||||
|
nas = {
|
||||||
|
path = "/nas";
|
||||||
|
browsable = "yes";
|
||||||
|
"read only" = "no";
|
||||||
|
"guest ok" = "yes";
|
||||||
|
"create mask" = "0777";
|
||||||
|
"directory mask" = "0777";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.samba-wsdd = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue