diff --git a/hosts/fw.cloonar.com/modules/palworld.nix b/hosts/fw.cloonar.com/modules/palworld.nix index ab14a30..8d4ae25 100644 --- a/hosts/fw.cloonar.com/modules/palworld.nix +++ b/hosts/fw.cloonar.com/modules/palworld.nix @@ -19,5 +19,24 @@ }; }; + systemd.timers."restart-palworld" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "*-*-* 3:00:00"; + Unit = "restart-palworld.service"; + }; + }; + + systemd.services."restart-palworld" = { + script = '' + set -eu + ${pkgs.systemd}/bin/systemctl restart podman-palworld.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + sops.secrets.palworld = {}; } diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 6eab6d3..93846a7 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -16,7 +16,7 @@ let "10.42.101.0/24 allow" "0.0.0.0/0 allow" ]; - # tls-cert-bundle = "/var/lib/acme/ns.cloonar.com/fullchain.pem"; + tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; local-zone = "\"cloonar.com\" transparent"; local-data = [ "\"localhost A 127.0.0.1\"" @@ -143,44 +143,51 @@ let forward-zone = [ { name = "ghetto.at.local."; + forward-tls-upstream = "no"; forward-addr = [ "10.43.97.1" ]; } { name = "epicenter.works."; + forward-tls-upstream = "no"; forward-addr = [ "10.50.60.1" ]; } { name = "akvorrat.at."; + forward-tls-upstream = "no"; forward-addr = [ "10.50.60.1" ]; } { name = "epicenter.intra."; + forward-tls-upstream = "no"; forward-addr = [ "10.14.1.1" ]; } { name = "intra.epicenter.works."; + forward-tls-upstream = "no"; forward-addr = [ "10.14.1.1" ]; } { name = "."; + forward-tls-upstream = "yes"; + forward-first = "no"; # forward-addr = "104.16.248.249@853#cloudflare-dns.com"; forward-addr = [ - # "9.9.9.9@853#dns9.quad9.net" - # "149.112.112.11@853#dns11.quad9.net" + "9.9.9.9@853#dns9.quad9.net" + "149.112.112.11@853#dns11.quad9.net" # "9.9.9.9@853" # "149.112.112.11@853" - "9.9.9.9" - "149.112.112.11" + # "9.9.9.9" + # "149.112.112.11" ]; } ]; diff --git a/hosts/mail.cloonar.com/modules/openldap.nix b/hosts/mail.cloonar.com/modules/openldap.nix index dccad6a..a696611 100644 --- a/hosts/mail.cloonar.com/modules/openldap.nix +++ b/hosts/mail.cloonar.com/modules/openldap.nix @@ -104,44 +104,6 @@ in { ]; }; - "olcDatabase={3}mdb".attrs = { - objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; - - olcDatabase = "{3}mdb"; - olcDbDirectory = "/var/lib/openldap/data"; - - olcSuffix = "dc=myhidden,dc=life"; - - olcAccess = [ - '' - {0}to attrs=userPassword - by self write - by anonymous auth - by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write - by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * none - '' - '' - {1}to * - by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read - by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write - by * read - '' - ]; - }; - "olcOverlay=memberof,olcDatabase={3}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; - olcOverlay = "memberof"; - olcMemberOfRefint = "TRUE"; - }; - "olcOverlay=ppolicy,olcDatabase={3}mdb".attrs = { - objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; - olcOverlay = "ppolicy"; - olcPPolicyHashCleartext = "TRUE"; - }; - "olcDatabase={4}mdb".attrs = { objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; @@ -253,6 +215,44 @@ in { olcPPolicyHashCleartext = "TRUE"; }; + "olcDatabase={7}mdb".attrs = { + objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; + + olcDatabase = "{7}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; + + olcSuffix = "dc=myhidden,dc=life"; + + olcAccess = [ + '' + {0}to attrs=userPassword + by self write + by anonymous auth + by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write + by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write + by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read + by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by * none + '' + '' + {1}to * + by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read + by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write + by * read + '' + ]; + }; + # "olcOverlay=memberof,olcDatabase={7}mdb".attrs = { + # objectClass = [ "olcOverlayConfig" "olcMemberOf" ]; + # olcOverlay = "memberof"; + # olcMemberOfRefint = "TRUE"; + # }; + # "olcOverlay=ppolicy,olcDatabase={7}mdb".attrs = { + # objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ]; + # olcOverlay = "ppolicy"; + # olcPPolicyHashCleartext = "TRUE"; + # }; + # "cn=module{0},cn=config" = { # attrs = { # objectClass = "olcModuleList"; diff --git a/hosts/nb-01.cloonar.com/configuration.nix b/hosts/nb-01.cloonar.com/configuration.nix index e61786f..4ff51d1 100644 --- a/hosts/nb-01.cloonar.com/configuration.nix +++ b/hosts/nb-01.cloonar.com/configuration.nix @@ -21,6 +21,8 @@ in { ./modules/nvim/default.nix ./utils/modules/autoupgrade.nix + ./users + ./hardware-configuration.nix ]; @@ -28,7 +30,6 @@ in { (import ./utils/overlays/packages.nix) ]; - # nixpkgs.config.permittedInsecurePackages = [ # "openssl-1.1.1v" # "electron-24.8.6" diff --git a/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua b/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua index d2cdc77..32ad2ea 100644 --- a/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua +++ b/hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua @@ -1,2 +1,2 @@ -vim.api.nvim_set_keymap('i', '', 'copilot#Accept("")', { expr=true, noremap = true, silent = true }) +vim.api.nvim_set_keymap('i', '', 'copilot#Accept("")', { expr=true, noremap = true, silent = true }) vim.g.copilot_no_tab_map = true diff --git a/hosts/nb-01.cloonar.com/modules/nvim/default.nix b/hosts/nb-01.cloonar.com/modules/nvim/default.nix index 1cd65b4..4a37415 100644 --- a/hosts/nb-01.cloonar.com/modules/nvim/default.nix +++ b/hosts/nb-01.cloonar.com/modules/nvim/default.nix @@ -28,7 +28,7 @@ copilot-vim copilot-lua copilot-cmp - CopilotChat-nvim + # CopilotChat-nvim dracula-vim friendly-snippets gitsigns-nvim diff --git a/hosts/nb-01.cloonar.com/modules/sway/social.nix b/hosts/nb-01.cloonar.com/modules/sway/social.nix index 4ca7559..148a862 100644 --- a/hosts/nb-01.cloonar.com/modules/sway/social.nix +++ b/hosts/nb-01.cloonar.com/modules/sway/social.nix @@ -1,11 +1,10 @@ - { pkgs, ... }: let socialDesktopItem = pkgs.makeDesktopItem { name = "social"; - desktopName = "Librewolf browser with social profile"; - exec = "librewolf -P social"; + desktopName = "Firefox browser with social profile"; + exec = "firefox -P social"; }; in { environment.systemPackages = [ socialDesktopItem ]; diff --git a/hosts/nb-01.cloonar.com/modules/sway/sway.nix b/hosts/nb-01.cloonar.com/modules/sway/sway.nix index 9f2137e..85770b7 100644 --- a/hosts/nb-01.cloonar.com/modules/sway/sway.nix +++ b/hosts/nb-01.cloonar.com/modules/sway/sway.nix @@ -23,8 +23,8 @@ in { imports = [ ./social.nix ./signal-work.nix - ./thunderbird.nix ./parsec.nix + ./thunderbird.nix ]; options.cloonar.sway = { @@ -52,19 +52,20 @@ in { bitwarden bitwarden-cli rofi-rbw-wayland - brave cryptomator + + brave chromium + firefox + vivaldi unstable.cura freecad openscad - dbus-sway-environment ddev dracula-theme - firefox foot gcc git @@ -72,6 +73,7 @@ in { gimp gnome.seahorse gnome3.adwaita-icon-theme + go grim hunspell hunspellDicts.de_DE @@ -94,7 +96,7 @@ in { sway-launcher-desktop swayidle swaylock - # thunderbird + thunderbird unzip vlc waybar diff --git a/hosts/nb-01.cloonar.com/modules/sway/thunderbird.nix b/hosts/nb-01.cloonar.com/modules/sway/thunderbird.nix index bdd0a85..935867b 100644 --- a/hosts/nb-01.cloonar.com/modules/sway/thunderbird.nix +++ b/hosts/nb-01.cloonar.com/modules/sway/thunderbird.nix @@ -5,13 +5,13 @@ let name = "thunderbird-work"; desktopName = "Thunderbird Work"; icon = "thunderbird"; - exec = "thunderbird -P Work"; + exec = "thunderbird -P work"; }; thunderbirdCloonarDesktopItem = pkgs.makeDesktopItem { name = "thunderbird-cloonar"; desktopName = "Thunderbird Cloonar"; icon = "thunderbird"; - exec = "thunderbird -P Cloonar"; + exec = "thunderbird -P cloonar"; }; in { diff --git a/hosts/nb-01.cloonar.com/users/default.nix b/hosts/nb-01.cloonar.com/users/default.nix new file mode 100644 index 0000000..96def77 --- /dev/null +++ b/hosts/nb-01.cloonar.com/users/default.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: +let + home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz"; + + +in +{ + imports = [ + (import "${home-manager}/nixos") + ./dominik.nix + ]; + + home-manager.sharedModules = [ + "${builtins.fetchTarball "https://github.com/Mic92/sops-nix/archive/master.tar.gz"}/modules/home-manager/sops.nix" + ]; +} diff --git a/hosts/nb-01.cloonar.com/users/dominik.nix b/hosts/nb-01.cloonar.com/users/dominik.nix new file mode 100644 index 0000000..4b08745 --- /dev/null +++ b/hosts/nb-01.cloonar.com/users/dominik.nix @@ -0,0 +1,378 @@ +{ config, lib, pkgs, ... }: +let + thunderbirdSettings = { + "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org"; + "browser.theme.content-theme" = 0; + "browser.theme.toolbar-theme" = 0; + "calendar.alarms.showmissed" = false; + "mail.uidensity" = 2; + "mail.inline_attachments" = false; + "mail.folder.views.version" = 1; + "calendar.list.sortOrder" = "cloonar-personal"; + "calendar.ui.version" = 3; + "calendar.timezone.local" = "Europe/Vienna"; + "calendar.week.start" = 1; + }; + + thunderbirdCalendarPersonal = { + "calendar.registry.cloonar-personal.cache.enabled" = true; + "calendar.registry.cloonar-personal.calendar-main-in-composite" = true; + "calendar.registry.cloonar-personal.color" = "#232323"; + "calendar.registry.cloonar-personal.disabled" = false; + "calendar.registry.cloonar-personal.forceEmailScheduling" = true; + "calendar.registry.cloonar-personal.imip.identity.key" = "id6"; + "calendar.registry.cloonar-personal.name" = "Personal"; + "calendar.registry.cloonar-personal.readOnly" = false; + "calendar.registry.cloonar-personal.refreshInterval" = 30; + "calendar.registry.cloonar-personal.suppressAlarms" = false; + "calendar.registry.cloonar-personal.type" = "caldav"; + "calendar.registry.cloonar-personal.uri" = "https://cloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/"; + "calendar.registry.cloonar-personal.username" = "dominik.polakovics@cloonar.com"; + }; + thunderbirdCalendarEpicenterEmployees = { + "calendar.registry.epicenter-employees.cache.enabled" = true; + "calendar.registry.epicenter-employees.calendar-main-in-composite" = true; + "calendar.registry.epicenter-employees.color" = "#e774ca"; + "calendar.registry.epicenter-employees.disabled" = true; + "calendar.registry.epicenter-employees.forceEmailScheduling" = true; + "calendar.registry.epicenter-employees.name" = "epicenter.works-Employees (admin)"; + "calendar.registry.epicenter-employees.readOnly" = false; + "calendar.registry.epicenter-employees.refreshInterval" = 30; + "calendar.registry.epicenter-employees.suppressAlarms" = true; + "calendar.registry.epicenter-employees.type" = "caldav"; + "calendar.registry.epicenter-employees.uri" = "https://cloud.epicenter.works/remote.php/dav/calendars/razormind/akvorrat-employees_shared_by_admin/"; + "calendar.registry.epicenter-employees.username" = "razormind"; + }; + + thunderbirdContactsPersonal = { + "ldap_2.servers.Contacts.carddav.token" = "http://sabre.io/ns/sync/325"; + "ldap_2.servers.Contacts.carddav.url" = "https://cloud.cloonar.com/remote.php/dav/addressbooks/users/dominik.polakovics@cloonar.com/contacts/"; + "ldap_2.servers.Contacts.carddav.username" = "dominik.polakovics@cloonar.com"; + "ldap_2.servers.Contacts.description" = "Contacts"; + "ldap_2.servers.Contacts.dirType" = 102; + "ldap_2.servers.Contacts.filename" = "abook-1.sqlite"; + "ldap_2.servers.Contacts.uid" = "68fb463c-1c2d-4f39-be37-bbb6ecb97e63"; + "ldap_2.servers.history.uid" = "01df0056-319d-47ac-93ff-b24b978c0902"; + "ldap_2.servers.pab.uid" = "3a7c1bff-18ec-4500-9ae2-098b5fdbaeaa"; + }; + + firefoxSettings = { + "browser.startup.homepage" = "https://start.duckduckgo.com"; + "browser.startup.page" = 1; + "browser.startup.homepage_override.mstone" = "ignore"; + "extensions.autoDisableScopes" = 0; + "app.normandy.first_run" = false; + "browser.download.panel.shown" = true; + "devtools.cache.disabled" = true; + "devtools.toolbox.host" = "right"; + "browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\",\"screenshot-button\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"_testpilot-containers-browser-action\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_testpilot-containers-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"developer-button\"],\"dirtyAreaCache\":[\"unified-extensions-area\",\"nav-bar\",\"PersonalToolbar\"],\"currentVersion\":20,\"newElementCount\":3}"; + }; + + firefoxExtensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + multi-account-containers + onepassword-password-manager + privacy-badger + ublock-origin + ]; +in +{ + home-manager.users.dominik = { lib, pkgs, ... }: { + /* The home.stateVersion option does not have a default and must be set */ + home.stateVersion = "24.05"; + home.enableNixpkgsReleaseCheck = false; + /* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */ + programs.git = { + + enable = true; + package = pkgs.gitAndTools.gitFull; + userName = "Dominik Polakovics"; + userEmail = "dominik.polakovics@cloonar.com"; + # signing = { + # key = "dominik.polakovics@cloonar.com"; + # signByDefault = false; + # }; + iniContent = { + # Branch with most recent change comes first + branch.sort = "-committerdate"; + # Remember and auto-resolve merge conflicts + # https://git-scm.com/book/en/v2/Git-Tools-Rerere + rerere.enabled = true; + }; + }; + + programs.thunderbird = { + enable = true; + profiles = { + private = { + isDefault = true; + settings = lib.mkMerge [ + thunderbirdSettings + thunderbirdCalendarPersonal + thunderbirdContactsPersonal + ]; + }; + cloonar = { + settings = lib.mkMerge [ + thunderbirdSettings + thunderbirdCalendarPersonal + thunderbirdContactsPersonal + ]; + }; + work = { + settings = lib.mkMerge [ + thunderbirdSettings + thunderbirdCalendarPersonal + thunderbirdCalendarEpicenterEmployees + thunderbirdContactsPersonal + ]; + }; + }; + }; + + accounts.email.accounts = { + "dominik@superbros.tv" = { + primary = true; + realName = "Dominik Polakovics"; + address = "dominik@superbros.tv"; + userName = "dominik@superbros.tv"; + imap = { + host = "imap.cloonar.com"; + port = 993; + }; + smtp = { + host = "mail.cloonar.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "private" "cloonar" "work" ]; + }; + }; + "office@cloonar.com" = { + realName = "Cloonar"; + address = "office@cloonar.com"; + userName = "office@cloonar.com"; + imap = { + host = "imap.cloonar.com"; + port = 993; + }; + smtp = { + host = "mail.cloonar.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "cloonar" "work" ]; + }; + }; + "dominik.polakovics@cloonar.com" = { + realName = "Dominik Polakovics"; + address = "dominik.polakovics@cloonar.com"; + userName = "dominik.polakovics@cloonar.com"; + imap = { + host = "imap.cloonar.com"; + port = 993; + }; + smtp = { + host = "mail.cloonar.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "cloonar" "work" ]; + }; + }; + "dominik.polakovics@epicenter.works" = { + realName = "Dominik Polakovics"; + address = "dominik.polakovics@epicenter.works"; + userName = "dominik.polakovics@epicenter.works"; + imap = { + host = "mail.epicenter.works"; + port = 993; + }; + smtp = { + host = "mail.epicenter.works"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + thunderbird = { + enable = true; + profiles = [ "work" ]; + }; + }; + }; + + programs.firefox = { + enable = true; + profiles = { + default = { + id = 0; + isDefault = true; + settings = firefoxSettings; + search.default = "DuckDuckGo"; + search.privateDefault = "DuckDuckGo"; + extensions = firefoxExtensions; + }; + social = { + id = 1; + settings = firefoxSettings; + search.default = "DuckDuckGo"; + search.privateDefault = "DuckDuckGo"; + containersForce = true; + containers = { + "private" = { + color = "green"; + icon = "fingerprint"; + id = 1; + }; + "cloonar" = { + color = "purple"; + icon = "briefcase"; + id = 2; + }; + "epicenter.works" = { + color = "blue"; + icon = "briefcase"; + id = 3; + }; + }; + extensions = firefoxExtensions; + }; + }; + }; + + /* Setup development projects */ + home.activation.projects = lib.hm.dag.entryAfter ["writeBoundary"] '' + PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" + set +eu + git clone gitea@git.cloonar.com:Cloonar/nixos.git ~/projects/cloonar/cloonar-nixos 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/website.git ~/projects/cloonar/cloonar-website 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ~/projects/cloonar/wohnservice-wien 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ~/projects/cloonar/gbv-aktuell 2>/dev/null + git clone gitea@git.cloonar.com:Paraclub/api.git ~/projects/cloonar/paraclub/paraclub-api 2>/dev/null + git clone gitea@git.cloonar.com:Paraclub/frontend.git ~/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null + git clone gitea@git.cloonar.com:Paraclub/website.git ~/projects/cloonar/paraclub/paraclub-website 2>/dev/null + git clone gitea@git.cloonar.com:Paraclub/module.git ~/projects/cloonar/paraclub/paraclub-module 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/amz-api.git ~/projects/cloonar/amz/amz-api 2>/dev/null + git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ~/projects/cloonar/amz/amz-frontend 2>/dev/null + git clone gitea@git.cloonar.com:myhidden.life/web.git ~/projects/myhidden.life/myhidden.life-web 2>/dev/null + + git clone git@gitlab.epicenter.works:epicenter.works/campaigntool.git ~/projects/epicenter.works/campaigntool 2>/dev/null + git clone git@gitlab.epicenter.works:epicenter.works/website.git ~/projects/epicenter.works/epicenter.works 2>/dev/null + git clone git@gitlab.epicenter.works:epicenter.works/nixos.git ~/projects/epicenter.works/epicenter-nixos 2>/dev/null + git clone git@github.com:AKVorrat/spenden.akvorrat.at.git ~/projects/epicenter.works/spenden.akvorrat.at 2>/dev/null + git clone git@github.com:AKVorrat/dearmep-website.git ~/projects/epicenter.works/dearmep-website 2>/dev/null + set -eu + ''; + + home.activation.nvim-project = lib.hm.dag.entryAfter ["writeBoundary"] '' + PATH="${pkgs.coreutils}/bin:$PATH" + if [ ! -e "~/.local/share/nvim/project_nvim/project_history" ] ; then +cat > ~/.local/share/nvim/project_nvim/project_history << EOL +/home/dominik/projects/cloonar/cloonar-nixos +/home/dominik/projects/cloonar/cloonar-website +/home/dominik/projects/cloonar/wohnservice-wien +/home/dominik/projects/cloonar/gbv-aktuell +/home/dominik/projects/cloonar/paraclub/paraclub-api +/home/dominik/projects/cloonar/paraclub/paraclub-frontend +/home/dominik/projects/cloonar/paraclub/paraclub-website +/home/dominik/projects/cloonar/paraclub/paraclub-module +/home/dominik/projects/cloonar/amz/amz-api +/home/dominik/projects/cloonar/amz/amz-frontend +/home/dominik/projects/myhidden.life/myhidden.life-web +/home/dominik/projects/epicenter.works/campaigntool +/home/dominik/projects/epicenter.works/epicenter.works +/home/dominik/projects/epicenter.works/epicenter-nixos +/home/dominik/projects/epicenter.works/spenden.akvorrat.at +/home/dominik/projects/epicenter.works/dearmep-website +EOL + fi + ''; + + /* Setup nextcloud folders */ + home.activation.nextcloud = lib.hm.dag.entryAfter ["writeBoundary"] '' + set +eu + ${pkgs.coreutils}/bin/mkdir ~/cloud.cloonar.com + ${pkgs.coreutils}/bin/mkdir ~/cloud.epicenter.works + set -eu + ''; + + programs.ssh = { + enable = true; + matchBlocks = { + "git.cloonar.com" = { + user = "git"; + identityFile = "~/.ssh/id_rsa"; + identitiesOnly = true; + }; + "gitlab.epicenter.works" = { + user = "git"; + identityFile = "~/.ssh/id_rsa"; + identitiesOnly = true; + }; + "tools.epicenter.works" = { + user = "root"; + identityFile = "~/.ssh/epicenter.id_rsa"; + }; + "*.epicenter.works" = { + user = "dominik"; + identityFile = "~/.ssh/epicenter.id_rsa"; + }; + "*.dearmep.eu" = { + user = "root"; + identityFile = "~/.ssh/epicenter.id_rsa"; + }; + "*.akvorrat.at" = { + user = "dominik"; + setEnv = { + TERM = "xterm-256color"; + }; + identityFile = "~/.ssh/epicenter.id_rsa"; + }; + "*.cloonar.com" = { + user = "root"; + }; + "*.cloonar.smart" = { + user = "root"; + }; + "*.wsw.at" = { + user = "wswdpolakovics"; + setEnv = { + TERM = "xterm-256color"; + }; + }; + "*.nycro.net" = { + user = "hilgenberg-gmbh.de_kk33i9d2xv"; # prod + #user = "hilgenberg.gmbh.de_pci2n5aqzt"; # stage + setEnv = { + TERM = "xterm-256color"; + }; + }; + "amz-websrv-01.amz.at" = { + user = "ebs"; + }; + "u149513.your-backup.de" = { + user = "u149513"; + # user = "u149513-sub2"; # fw.cloonar.com + port = 23; + }; + }; + }; + }; +} diff --git a/hosts/web-01.cloonar.com/modules/web/stack.nix b/hosts/web-01.cloonar.com/modules/web/stack.nix index 7a0194c..e588cf3 100644 --- a/hosts/web-01.cloonar.com/modules/web/stack.nix +++ b/hosts/web-01.cloonar.com/modules/web/stack.nix @@ -43,6 +43,14 @@ let ''; }; + phpOptions = mkOption { + type = types.lines; + default = ""; + description = '' + "Options appended to the PHP configuration file {file}`php.ini` used for this PHP-FPM pool." + ''; + }; + enableMysql = mkEnableOption (lib.mdDoc "MySQL Database"); enableDefaultLocations = mkEnableOption (lib.mdDoc "Create default nginx location directives") // { default = true; }; @@ -154,6 +162,7 @@ in "php_admin_value[max_input_vars]" = 1500; "access.log" = "/var/log/$pool.access.log"; }; + phpOptions = instanceOpts.phpOptions; phpPackage = instanceOpts.phpPackage; phpEnv."PATH" = pkgs.lib.makeBinPath [ instanceOpts.phpPackage ]; } diff --git a/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix b/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix index 5a99be0..1596040 100644 --- a/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix +++ b/hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix @@ -31,6 +31,11 @@ ''; phpPackage = pkgs.php82.withExtensions ({ enabled, all }: enabled ++ [ all.imagick ]); + + phpOptions = '' + upload_max_filesize = 50M + post_max_size = 50M + ''; }; systemd.services."stage-myhidden-life-schedule" = {