Compare commits
No commits in common. "6c09df8fa0147c3dd3b928b89d449b2db02f4051" and "544ea1236dd87bd27aac54170f11ff42eb404ae1" have entirely different histories.
6c09df8fa0
...
544ea1236d
|
@ -1,5 +0,0 @@
|
||||||
creation_rules:
|
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
|
|
||||||
key_groups:
|
|
||||||
- age:
|
|
||||||
- age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
|
@ -7,7 +7,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.secrets."smb/secrets" = {
|
sops.secrets."smb/secrets" = {
|
||||||
owner = config.profile.user.name;
|
owner = config.users.users.tigor.name;
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
@ -15,10 +15,10 @@
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
system.fsPackages = [ pkgs.bindfs pkgs.cifs-utils ];
|
system.fsPackages = [ pkgs.bindfs ];
|
||||||
fileSystems."/nas" =
|
fileSystems."/nas" =
|
||||||
{
|
{
|
||||||
device = "//192.168.100.5/nas";
|
device = "//192.168.100.5/wd_red_1";
|
||||||
fsType = "cifs";
|
fsType = "cifs";
|
||||||
options = [
|
options = [
|
||||||
"_netdev"
|
"_netdev"
|
||||||
|
@ -27,8 +27,8 @@
|
||||||
"x-systemd.idle-timeout=60"
|
"x-systemd.idle-timeout=60"
|
||||||
"x-systemd.device-timeout=5s"
|
"x-systemd.device-timeout=5s"
|
||||||
"x-systemd.mount-timeout=5s"
|
"x-systemd.mount-timeout=5s"
|
||||||
"uid=${toString config.profile.user.uid}"
|
"uid=1000"
|
||||||
"gid=${toString config.profile.user.gid}"
|
"gid=100"
|
||||||
"credentials=${config.sops.secrets."smb/secrets".path}"
|
"credentials=${config.sops.secrets."smb/secrets".path}"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,7 +5,6 @@
|
||||||
./hyprland.nix
|
./hyprland.nix
|
||||||
./docker.nix
|
./docker.nix
|
||||||
./podman.nix
|
./podman.nix
|
||||||
./services.nix
|
|
||||||
];
|
];
|
||||||
options.profile = {
|
options.profile = {
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,5 @@
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,5 @@
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
kavita.enable = lib.mkEnableOption "kavita docker";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
{ lib, ... }:
|
|
||||||
let
|
|
||||||
inherit (lib) mkEnableOption;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.profile.services = {
|
|
||||||
caddy.enable = mkEnableOption "caddy";
|
|
||||||
cockpit.enable = mkEnableOption "cockpit";
|
|
||||||
forgejo.enable = mkEnableOption "forgejo";
|
|
||||||
kavita.enable = mkEnableOption "kavita";
|
|
||||||
samba.enable = mkEnableOption "samba";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -48,19 +48,5 @@
|
||||||
brightnessctl.enable = true;
|
brightnessctl.enable = true;
|
||||||
keyboard.language.japanese = true;
|
keyboard.language.japanese = true;
|
||||||
|
|
||||||
mpris-proxy.enable = true;
|
|
||||||
kitty.enable = true;
|
|
||||||
neovide.enable = true;
|
|
||||||
spotify.enable = true;
|
|
||||||
vscode.enable = true;
|
|
||||||
jellyfin.enable = false;
|
|
||||||
mpv.enable = true;
|
|
||||||
go.enable = true;
|
|
||||||
chromium.enable = true;
|
|
||||||
bitwarden.enable = true;
|
|
||||||
dbeaver.enable = true;
|
|
||||||
|
|
||||||
microsoft-edge.enable = true;
|
|
||||||
nextcloud.enable = false;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,28 +17,17 @@
|
||||||
audio.enable = false;
|
audio.enable = false;
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
|
podman = {
|
||||||
|
enable = false;
|
||||||
|
};
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
go.enable = true;
|
go.enable = true;
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
cockpit.enable = true;
|
cockpit.enable = false;
|
||||||
docker = {
|
docker = {
|
||||||
enable = false;
|
|
||||||
caddy.enable = false;
|
|
||||||
kavita.enable = false;
|
|
||||||
};
|
|
||||||
podman = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
caddy.enable = false;
|
|
||||||
kavita.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
caddy.enable = true;
|
caddy.enable = true;
|
||||||
cockpit.enable = true;
|
|
||||||
forgejo.enable = true;
|
|
||||||
kavita.enable = true;
|
|
||||||
samba.enable = true;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
forgejo: ENC[AES256_GCM,data:w/qGCqEsbzhgCmGiy4pqvwjEbIWhOIPjQyQyNtbiBzadrFxG6+cxFQJ1gY/q9tENuogKoVdCtKdHYONM6gs+yd3+/Xk=,iv:u5P7so4J3OeHmnf33ss2X7f8GAA04I0/mw1/MUy6C3Y=,tag:nYhY/ecas7dPYP6FwEnOsg==,type:str]
|
|
||||||
cockpit: ENC[AES256_GCM,data:5/ztOP1mJwKlcLS0RLqbre2nMOphIg59+/Dqz3njZW7jDJm37gMdgaPpY+eA5IWBMW7gZNCcVA==,iv:mmGsqA7U3rzhZ40BUReMlDaKxzKsDTw0mSZzcpu2QB4=,tag:jwmqiMGbENjX4B8GbPHcjw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhK1lrMkJlNmJwK3ZvSjhz
|
|
||||||
VnFQa2xMdEt0dU9pRlQxbWZIT09ObVI2cUNBCkx2UnBQOTFRYkhXR0pyWGgxdVIr
|
|
||||||
R3NvZDBTU3lIY3RHZkxKRDQzRWhmYUUKLS0tIDJtNFc2VzRNQVdxZ0kxME91Um9p
|
|
||||||
OTBPaGdUZ1ZueUlKMVlhOHBreFV6OVEKBhcqTTA9Vufnn/WAhR5zb08Nsn48zmD2
|
|
||||||
+bdJf+0B68Z57Q/47fNjvXclqLdDCWToTlIjOTnzVH2oXOWKQQxj6g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-06-13T06:44:09Z"
|
|
||||||
mac: ENC[AES256_GCM,data:S0/He8nAYp524SIteg1bd7aa4b7OJ2jshP/x+m9Grt+9fI8ZN42XpcW/u7JA6xV2eAJ7ZS4YBt965V6ttJu/Ric0xRzdG/evK9zrG0CFcoY8Di9eBU/KqBSyXxO7E/ZYamp9AQpkO9KzsSBYYStkZe4FjPy/5o4bSCjkLOIPO1w=,iv:OR42uFaNxMHAdaq1JZLz4B+cPZPJw5TP97W+rbHckK0=,tag:BXKF4WSHDZ63eyzNNBR2JA==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,7 +1,7 @@
|
||||||
gnome-keyring:
|
gnome-keyring:
|
||||||
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
|
tigor: ENC[AES256_GCM,data:fUJzIUburewNo6eSLdk0d4RJuL0XIWc=,iv:4pVbLT91IoS6XDEOd9jg4GQkVpQxYNasUeqv2otMgT8=,tag:aSFQKgu7N4p/73omC0wqNw==,type:str]
|
||||||
smb:
|
smb:
|
||||||
secrets: ENC[AES256_GCM,data:2XiBlll1fhr2N7CYfMmqVR6INm5j1B0dUhhLUDUmHH/Med0XzWrqh+0Fme7CTt3mdnbIO+AOe0U=,iv:jhWoP97kyGwDicB0CV2B0ppNB8JlFrajsnhvJsUv7FE=,tag:Alo0zX0AqbjziGflNFvepw==,type:str]
|
secrets: ENC[AES256_GCM,data:DKG6wjW/gBLX4cqisodnCX5OO6vVMQFerlAzlvW434xLQjHfn/SyTr3D/8GOSsMO,iv:4Qqdg2bDzNeCNeLifySfxwN/rA+qcAG0JSjt8ByFG/o=,tag:ALOoJ7h3EtjRIHskBfIouA==,type:str]
|
||||||
spotify:
|
spotify:
|
||||||
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
||||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||||
|
@ -23,8 +23,8 @@ sops:
|
||||||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-13T09:09:57Z"
|
lastmodified: "2024-06-12T16:32:51Z"
|
||||||
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
|
mac: ENC[AES256_GCM,data:dHh4kDSHDQAKLgGaW2TjBH09pEdpPSnNLvFb/EqfHWhUuXqjniFGOsR/KkhoYP2aVfQXBoRUyDvC0cspD6//wSqZuWNAwfVhP20XUQ6fNRaV/3RIU4Btp641Mg+wE3RkwANspkF9o5CD0wicDxNoirf60qPTWnD9ABmBPvd6bdI=,iv:nTg9WWP4WnnCmvMb91h8RH4ZS1Jh9xRmawF5k+IzEbw=,tag:B0uncQm5J9T2Q/ZwVrbjug==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -4,8 +4,7 @@
|
||||||
profile-path
|
profile-path
|
||||||
hardware-configuration
|
hardware-configuration
|
||||||
./modules
|
./modules
|
||||||
./services
|
# ./podman
|
||||||
./podman
|
|
||||||
./docker
|
./docker
|
||||||
./programs.nix
|
./programs.nix
|
||||||
./user.nix
|
./user.nix
|
||||||
|
|
|
@ -11,6 +11,5 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
./kavita.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
user = config.profile.user;
|
|
||||||
docker = config.profile.docker;
|
|
||||||
volume = "/nas/kavita";
|
|
||||||
image = "lscr.io/linuxserver/kavita:latest";
|
|
||||||
gid = toString user.gid;
|
|
||||||
uid = toString user.uid;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = lib.mkIf (docker.enable && docker.kavita.enable) {
|
|
||||||
system.activationScripts.docker-kavita = ''
|
|
||||||
mkdir -p ${volume}
|
|
||||||
chown -R ${user.name}:${gid} ${volume}
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.kavita = {
|
|
||||||
inherit image;
|
|
||||||
environment = {
|
|
||||||
PUID = uid;
|
|
||||||
PGID = gid;
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
};
|
|
||||||
ports = [ "5000:5000" ];
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"${volume}/config:/config"
|
|
||||||
"${volume}/library:/library"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,16 +1,13 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.profile.services.cockpit;
|
cfg = config.profile.cockpit;
|
||||||
inherit (lib) mkIf;
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
environment.systemPackages = mkIf config.profile.podman.enable [
|
environment.systemPackages = lib.mkIf config.profile.podman.enable [
|
||||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||||
];
|
];
|
||||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
services.udisks2.enable = true;
|
||||||
reverse_proxy 0.0.0.0:9090
|
|
||||||
'';
|
|
||||||
services.cockpit = {
|
services.cockpit = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
|
@ -7,6 +7,7 @@
|
||||||
./bluetooth.nix
|
./bluetooth.nix
|
||||||
./boot_loader.nix
|
./boot_loader.nix
|
||||||
./brightnessctl.nix
|
./brightnessctl.nix
|
||||||
|
./cockpit.nix
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./font.nix
|
./font.nix
|
||||||
./gnome.nix
|
./gnome.nix
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ config, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
let
|
let
|
||||||
owner = config.profile.user.name;
|
owner = "tigor";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
|
@ -31,6 +31,10 @@ in
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
"--network=caddy"
|
"--network=caddy"
|
||||||
];
|
];
|
||||||
|
labels = {
|
||||||
|
"caddy" = "cockpit.tigor.web.id";
|
||||||
|
"caddy.reverse_proxy" = "hosts.container.internal:9090";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,7 +4,6 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
# services.caddy.enable = true;
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
dive # look into docker image layers
|
dive # look into docker image layers
|
||||||
podman-tui # status of containers in the terminal
|
podman-tui # status of containers in the terminal
|
||||||
|
@ -29,6 +28,5 @@ in
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./caddy.nix
|
./caddy.nix
|
||||||
./kavita.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }:
|
|
||||||
let
|
|
||||||
user = config.profile.user;
|
|
||||||
podman = config.profile.podman;
|
|
||||||
volume = "/nas/kavita";
|
|
||||||
image = "lscr.io/linuxserver/kavita:latest";
|
|
||||||
gid = toString user.gid;
|
|
||||||
uid = toString user.uid;
|
|
||||||
gateway = "10.1.1.1";
|
|
||||||
subnet = "10.1.1.0/24";
|
|
||||||
ip = "10.1.1.3";
|
|
||||||
ip-range = "10.1.1.3/25";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = lib.mkIf (podman.enable && podman.kavita.enable) {
|
|
||||||
services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
|
|
||||||
reverse_proxy ${ip}:5000
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.services.create-kavita-network = with config.virtualisation.oci-containers; {
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
wantedBy = [ "${backend}-kavita.service" ];
|
|
||||||
script = ''${pkgs.podman}/bin/podman network exists kavita || ${pkgs.podman}/bin/podman network create --gateway=${gateway} --subnet=${subnet} --ip-range=${ip-range} kavita'';
|
|
||||||
};
|
|
||||||
|
|
||||||
system.activationScripts.docker-kavita = ''
|
|
||||||
mkdir -p ${volume}
|
|
||||||
chown -R ${user.name}:${gid} ${volume}
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.kavita = {
|
|
||||||
inherit image;
|
|
||||||
environment = {
|
|
||||||
PUID = uid;
|
|
||||||
PGID = gid;
|
|
||||||
TZ = "Asia/Jakarta";
|
|
||||||
};
|
|
||||||
extraOptions = [
|
|
||||||
"--network=kavita"
|
|
||||||
"--ip=${ip}"
|
|
||||||
];
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"${volume}/config:/config"
|
|
||||||
"${volume}/library:/library"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.profile.services.caddy;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.caddy = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = ''
|
|
||||||
import /etc/caddy/sites-enabled/*
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
{ ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./caddy.nix
|
|
||||||
./cockpit.nix
|
|
||||||
./forgejo.nix
|
|
||||||
./samba.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.profile.services.forgejo;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
|
|
||||||
reverse_proxy * unix//run/forgejo/forgejo.sock
|
|
||||||
'';
|
|
||||||
|
|
||||||
|
|
||||||
services.forgejo = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
server = {
|
|
||||||
PROTOCOL = "http+unix";
|
|
||||||
SSH_PORT = 2222;
|
|
||||||
DOMAIN = "git.tigor.web.id";
|
|
||||||
HTTP_PORT = 443;
|
|
||||||
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
|
||||||
};
|
|
||||||
service = {
|
|
||||||
DISABLE_REGISTRATION = true;
|
|
||||||
};
|
|
||||||
session.COOKIE_SECURE = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.profile.services.samba;
|
|
||||||
user = config.profile.user;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.samba = {
|
|
||||||
enable = true;
|
|
||||||
securityType = "user";
|
|
||||||
openFirewall = true;
|
|
||||||
extraConfig = ''
|
|
||||||
workgroup = WORKGROUP
|
|
||||||
server string = smbnix
|
|
||||||
netbios name = smbnix
|
|
||||||
security = user
|
|
||||||
guest account = ${user.name}
|
|
||||||
'';
|
|
||||||
shares = {
|
|
||||||
nas = {
|
|
||||||
path = "/nas";
|
|
||||||
browsable = "yes";
|
|
||||||
"read only" = "no";
|
|
||||||
"guest ok" = "yes";
|
|
||||||
"create mask" = "0777";
|
|
||||||
"directory mask" = "0777";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.samba-wsdd = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue