Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

many changes

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2024-07-02 23:03:24 +02:00
parent 972084cd65
commit 982a12ba08
13 changed files with 492 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/fw.cloonar.com/modules/palworld.nix
View File

@@ -19,5 +19,24 @@
}; };
}; };
systemd.timers."restart-palworld" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 3:00:00";
Unit = "restart-palworld.service";
};
};
systemd.services."restart-palworld" = {
script = ''
set -eu
${pkgs.systemd}/bin/systemctl restart podman-palworld.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
sops.secrets.palworld = {}; sops.secrets.palworld = {};
} }

17
hosts/fw.cloonar.com/modules/unbound.nix
View File

@@ -16,7 +16,7 @@ let
"10.42.101.0/24 allow" "10.42.101.0/24 allow"
"0.0.0.0/0 allow" "0.0.0.0/0 allow"
]; ];
# tls-cert-bundle = "/var/lib/acme/ns.cloonar.com/fullchain.pem"; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
local-zone = "\"cloonar.com\" transparent"; local-zone = "\"cloonar.com\" transparent";
local-data = [ local-data = [
"\"localhost A 127.0.0.1\"" "\"localhost A 127.0.0.1\""
@@ -143,44 +143,51 @@ let
forward-zone = [ forward-zone = [
{ {
name = "ghetto.at.local."; name = "ghetto.at.local.";
forward-tls-upstream = "no";
forward-addr = [ forward-addr = [
"10.43.97.1" "10.43.97.1"
]; ];
} }
{ {
name = "epicenter.works."; name = "epicenter.works.";
forward-tls-upstream = "no";
forward-addr = [ forward-addr = [
"10.50.60.1" "10.50.60.1"
]; ];
} }
{ {
name = "akvorrat.at."; name = "akvorrat.at.";
forward-tls-upstream = "no";
forward-addr = [ forward-addr = [
"10.50.60.1" "10.50.60.1"
]; ];
} }
{ {
name = "epicenter.intra."; name = "epicenter.intra.";
forward-tls-upstream = "no";
forward-addr = [ forward-addr = [
"10.14.1.1" "10.14.1.1"
]; ];
} }
{ {
name = "intra.epicenter.works."; name = "intra.epicenter.works.";
forward-tls-upstream = "no";
forward-addr = [ forward-addr = [
"10.14.1.1" "10.14.1.1"
]; ];
} }
{ {
name = "."; name = ".";
forward-tls-upstream = "yes";
forward-first = "no";
# forward-addr = "104.16.248.249@853#cloudflare-dns.com"; # forward-addr = "104.16.248.249@853#cloudflare-dns.com";
forward-addr = [ forward-addr = [
# "9.9.9.9@853#dns9.quad9.net" "9.9.9.9@853#dns9.quad9.net"
# "149.112.112.11@853#dns11.quad9.net" "149.112.112.11@853#dns11.quad9.net"
# "9.9.9.9@853" # "9.9.9.9@853"
# "149.112.112.11@853" # "149.112.112.11@853"
"9.9.9.9" # "9.9.9.9"
"149.112.112.11" # "149.112.112.11"
]; ];
} }
]; ];

76
hosts/mail.cloonar.com/modules/openldap.nix
View File

@@ -104,44 +104,6 @@ in {
]; ];
}; };
"olcDatabase={3}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{3}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=myhidden,dc=life";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
"olcOverlay=memberof,olcDatabase={3}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
olcOverlay = "memberof";
olcMemberOfRefint = "TRUE";
};
"olcOverlay=ppolicy,olcDatabase={3}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
olcOverlay = "ppolicy";
olcPPolicyHashCleartext = "TRUE";
};
"olcDatabase={4}mdb".attrs = { "olcDatabase={4}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"]; objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
@@ -253,6 +215,44 @@ in {
olcPPolicyHashCleartext = "TRUE"; olcPPolicyHashCleartext = "TRUE";
}; };
"olcDatabase={7}mdb".attrs = {
objectClass = ["olcDatabaseConfig" "olcMdbConfig"];
olcDatabase = "{7}mdb";
olcDbDirectory = "/var/lib/openldap/data";
olcSuffix = "dc=myhidden,dc=life";
olcAccess = [
''
{0}to attrs=userPassword
by self write
by anonymous auth
by dn="cn=owncloud,ou=system,ou=users,dc=cloonar,dc=com" write
by dn="cn=authelia,ou=system,ou=users,dc=cloonar,dc=com" write
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * none
''
''
{1}to *
by dn.subtree="ou=system,ou=users,dc=cloonar,dc=com" read
by group.exact="cn=Administrators,ou=groups,dc=cloonar,dc=com" write
by * read
''
];
};
# "olcOverlay=memberof,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcMemberOf" ];
# olcOverlay = "memberof";
# olcMemberOfRefint = "TRUE";
# };
# "olcOverlay=ppolicy,olcDatabase={7}mdb".attrs = {
# objectClass = [ "olcOverlayConfig" "olcPPolicyConfig" ];
# olcOverlay = "ppolicy";
# olcPPolicyHashCleartext = "TRUE";
# };
# "cn=module{0},cn=config" = { # "cn=module{0},cn=config" = {
# attrs = { # attrs = {
# objectClass = "olcModuleList"; # objectClass = "olcModuleList";

3
hosts/nb-01.cloonar.com/configuration.nix
View File

@@ -21,6 +21,8 @@ in {
./modules/nvim/default.nix ./modules/nvim/default.nix
./utils/modules/autoupgrade.nix ./utils/modules/autoupgrade.nix
./users
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@@ -28,7 +30,6 @@ in {
(import ./utils/overlays/packages.nix) (import ./utils/overlays/packages.nix)
]; ];
# nixpkgs.config.permittedInsecurePackages = [ # nixpkgs.config.permittedInsecurePackages = [
# "openssl-1.1.1v" # "openssl-1.1.1v"
# "electron-24.8.6" # "electron-24.8.6"

2
hosts/nb-01.cloonar.com/modules/nvim/config/copilot.lua
View File

@@ -1,2 +1,2 @@
vim.api.nvim_set_keymap('i', '<M-CR>', 'copilot#Accept("<CR>")', { expr=true, noremap = true, silent = true }) vim.api.nvim_set_keymap('i', '<C-J>', 'copilot#Accept("<CR>")', { expr=true, noremap = true, silent = true })
vim.g.copilot_no_tab_map = true vim.g.copilot_no_tab_map = true

2
hosts/nb-01.cloonar.com/modules/nvim/default.nix
View File

@@ -28,7 +28,7 @@
copilot-vim copilot-vim
copilot-lua copilot-lua
copilot-cmp copilot-cmp
CopilotChat-nvim # CopilotChat-nvim
dracula-vim dracula-vim
friendly-snippets friendly-snippets
gitsigns-nvim gitsigns-nvim

5
hosts/nb-01.cloonar.com/modules/sway/social.nix
View File

@@ -1,11 +1,10 @@
{ pkgs, ... }: { pkgs, ... }:
let let
socialDesktopItem = pkgs.makeDesktopItem { socialDesktopItem = pkgs.makeDesktopItem {
name = "social"; name = "social";
desktopName = "Librewolf browser with social profile"; desktopName = "Firefox browser with social profile";
exec = "librewolf -P social"; exec = "firefox -P social";
}; };
in { in {
environment.systemPackages = [ socialDesktopItem ]; environment.systemPackages = [ socialDesktopItem ];

12
hosts/nb-01.cloonar.com/modules/sway/sway.nix
View File

@@ -23,8 +23,8 @@ in {
imports = [ imports = [
./social.nix ./social.nix
./signal-work.nix ./signal-work.nix
./thunderbird.nix
./parsec.nix ./parsec.nix
./thunderbird.nix
]; ];
options.cloonar.sway = { options.cloonar.sway = {
@@ -52,19 +52,20 @@ in {
bitwarden bitwarden
bitwarden-cli bitwarden-cli
rofi-rbw-wayland rofi-rbw-wayland
brave
cryptomator cryptomator
brave
chromium chromium
firefox
vivaldi
unstable.cura unstable.cura
freecad freecad
openscad openscad
dbus-sway-environment dbus-sway-environment
ddev ddev
dracula-theme dracula-theme
firefox
foot foot
gcc gcc
git git
@@ -72,6 +73,7 @@ in {
gimp gimp
gnome.seahorse gnome.seahorse
gnome3.adwaita-icon-theme gnome3.adwaita-icon-theme
go
grim grim
hunspell hunspell
hunspellDicts.de_DE hunspellDicts.de_DE
@@ -94,7 +96,7 @@ in {
sway-launcher-desktop sway-launcher-desktop
swayidle swayidle
swaylock swaylock
# thunderbird thunderbird
unzip unzip
vlc vlc
waybar waybar

4
hosts/nb-01.cloonar.com/modules/sway/thunderbird.nix
View File

@@ -5,13 +5,13 @@ let
name = "thunderbird-work"; name = "thunderbird-work";
desktopName = "Thunderbird Work"; desktopName = "Thunderbird Work";
icon = "thunderbird"; icon = "thunderbird";
exec = "thunderbird -P Work"; exec = "thunderbird -P work";
}; };
thunderbirdCloonarDesktopItem = pkgs.makeDesktopItem { thunderbirdCloonarDesktopItem = pkgs.makeDesktopItem {
name = "thunderbird-cloonar"; name = "thunderbird-cloonar";
desktopName = "Thunderbird Cloonar"; desktopName = "Thunderbird Cloonar";
icon = "thunderbird"; icon = "thunderbird";
exec = "thunderbird -P Cloonar"; exec = "thunderbird -P cloonar";
}; };
in in
{ {

16
hosts/nb-01.cloonar.com/users/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ config, pkgs, ... }:
let
home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz";
in
{
imports = [
(import "${home-manager}/nixos")
./dominik.nix
];
home-manager.sharedModules = [
"${builtins.fetchTarball "https://github.com/Mic92/sops-nix/archive/master.tar.gz"}/modules/home-manager/sops.nix"
];
}

378
hosts/nb-01.cloonar.com/users/dominik.nix Normal file
View File

@@ -0,0 +1,378 @@
{ config, lib, pkgs, ... }:
let
thunderbirdSettings = {
"extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
"browser.theme.content-theme" = 0;
"browser.theme.toolbar-theme" = 0;
"calendar.alarms.showmissed" = false;
"mail.uidensity" = 2;
"mail.inline_attachments" = false;
"mail.folder.views.version" = 1;
"calendar.list.sortOrder" = "cloonar-personal";
"calendar.ui.version" = 3;
"calendar.timezone.local" = "Europe/Vienna";
"calendar.week.start" = 1;
};
thunderbirdCalendarPersonal = {
"calendar.registry.cloonar-personal.cache.enabled" = true;
"calendar.registry.cloonar-personal.calendar-main-in-composite" = true;
"calendar.registry.cloonar-personal.color" = "#232323";
"calendar.registry.cloonar-personal.disabled" = false;
"calendar.registry.cloonar-personal.forceEmailScheduling" = true;
"calendar.registry.cloonar-personal.imip.identity.key" = "id6";
"calendar.registry.cloonar-personal.name" = "Personal";
"calendar.registry.cloonar-personal.readOnly" = false;
"calendar.registry.cloonar-personal.refreshInterval" = 30;
"calendar.registry.cloonar-personal.suppressAlarms" = false;
"calendar.registry.cloonar-personal.type" = "caldav";
"calendar.registry.cloonar-personal.uri" = "https://cloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/";
"calendar.registry.cloonar-personal.username" = "dominik.polakovics@cloonar.com";
};
thunderbirdCalendarEpicenterEmployees = {
"calendar.registry.epicenter-employees.cache.enabled" = true;
"calendar.registry.epicenter-employees.calendar-main-in-composite" = true;
"calendar.registry.epicenter-employees.color" = "#e774ca";
"calendar.registry.epicenter-employees.disabled" = true;
"calendar.registry.epicenter-employees.forceEmailScheduling" = true;
"calendar.registry.epicenter-employees.name" = "epicenter.works-Employees (admin)";
"calendar.registry.epicenter-employees.readOnly" = false;
"calendar.registry.epicenter-employees.refreshInterval" = 30;
"calendar.registry.epicenter-employees.suppressAlarms" = true;
"calendar.registry.epicenter-employees.type" = "caldav";
"calendar.registry.epicenter-employees.uri" = "https://cloud.epicenter.works/remote.php/dav/calendars/razormind/akvorrat-employees_shared_by_admin/";
"calendar.registry.epicenter-employees.username" = "razormind";
};
thunderbirdContactsPersonal = {
"ldap_2.servers.Contacts.carddav.token" = "http://sabre.io/ns/sync/325";
"ldap_2.servers.Contacts.carddav.url" = "https://cloud.cloonar.com/remote.php/dav/addressbooks/users/dominik.polakovics@cloonar.com/contacts/";
"ldap_2.servers.Contacts.carddav.username" = "dominik.polakovics@cloonar.com";
"ldap_2.servers.Contacts.description" = "Contacts";
"ldap_2.servers.Contacts.dirType" = 102;
"ldap_2.servers.Contacts.filename" = "abook-1.sqlite";
"ldap_2.servers.Contacts.uid" = "68fb463c-1c2d-4f39-be37-bbb6ecb97e63";
"ldap_2.servers.history.uid" = "01df0056-319d-47ac-93ff-b24b978c0902";
"ldap_2.servers.pab.uid" = "3a7c1bff-18ec-4500-9ae2-098b5fdbaeaa";
};
firefoxSettings = {
"browser.startup.homepage" = "https://start.duckduckgo.com";
"browser.startup.page" = 1;
"browser.startup.homepage_override.mstone" = "ignore";
"extensions.autoDisableScopes" = 0;
"app.normandy.first_run" = false;
"browser.download.panel.shown" = true;
"devtools.cache.disabled" = true;
"devtools.toolbox.host" = "right";
"browser.uiCustomization.state" = "{\"placements\":{\"widget-overflow-fixed-list\":[],\"unified-extensions-area\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"urlbar-container\",\"downloads-button\",\"screenshot-button\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"_testpilot-containers-browser-action\",\"unified-extensions-button\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"firefox-view-button\",\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"import-button\",\"personal-bookmarks\"]},\"seen\":[\"save-to-pocket-button\",\"_d634138d-c276-4fc8-924b-40a0ea21d284_-browser-action\",\"_testpilot-containers-browser-action\",\"_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action\",\"ublock0_raymondhill_net-browser-action\",\"jid1-mnnxcxisbpnsxq_jetpack-browser-action\",\"developer-button\"],\"dirtyAreaCache\":[\"unified-extensions-area\",\"nav-bar\",\"PersonalToolbar\"],\"currentVersion\":20,\"newElementCount\":3}";
};
firefoxExtensions = with pkgs.nur.repos.rycee.firefox-addons; [
bitwarden
multi-account-containers
onepassword-password-manager
privacy-badger
ublock-origin
];
in
{
home-manager.users.dominik = { lib, pkgs, ... }: {
/* The home.stateVersion option does not have a default and must be set */
home.stateVersion = "24.05";
home.enableNixpkgsReleaseCheck = false;
/* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Dominik Polakovics";
userEmail = "dominik.polakovics@cloonar.com";
# signing = {
# key = "dominik.polakovics@cloonar.com";
# signByDefault = false;
# };
iniContent = {
# Branch with most recent change comes first
branch.sort = "-committerdate";
# Remember and auto-resolve merge conflicts
# https://git-scm.com/book/en/v2/Git-Tools-Rerere
rerere.enabled = true;
};
};
programs.thunderbird = {
enable = true;
profiles = {
private = {
isDefault = true;
settings = lib.mkMerge [
thunderbirdSettings
thunderbirdCalendarPersonal
thunderbirdContactsPersonal
];
};
cloonar = {
settings = lib.mkMerge [
thunderbirdSettings
thunderbirdCalendarPersonal
thunderbirdContactsPersonal
];
};
work = {
settings = lib.mkMerge [
thunderbirdSettings
thunderbirdCalendarPersonal
thunderbirdCalendarEpicenterEmployees
thunderbirdContactsPersonal
];
};
};
};
accounts.email.accounts = {
"dominik@superbros.tv" = {
primary = true;
realName = "Dominik Polakovics";
address = "dominik@superbros.tv";
userName = "dominik@superbros.tv";
imap = {
host = "imap.cloonar.com";
port = 993;
};
smtp = {
host = "mail.cloonar.com";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "private" "cloonar" "work" ];
};
};
"office@cloonar.com" = {
realName = "Cloonar";
address = "office@cloonar.com";
userName = "office@cloonar.com";
imap = {
host = "imap.cloonar.com";
port = 993;
};
smtp = {
host = "mail.cloonar.com";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "cloonar" "work" ];
};
};
"dominik.polakovics@cloonar.com" = {
realName = "Dominik Polakovics";
address = "dominik.polakovics@cloonar.com";
userName = "dominik.polakovics@cloonar.com";
imap = {
host = "imap.cloonar.com";
port = 993;
};
smtp = {
host = "mail.cloonar.com";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "cloonar" "work" ];
};
};
"dominik.polakovics@epicenter.works" = {
realName = "Dominik Polakovics";
address = "dominik.polakovics@epicenter.works";
userName = "dominik.polakovics@epicenter.works";
imap = {
host = "mail.epicenter.works";
port = 993;
};
smtp = {
host = "mail.epicenter.works";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "work" ];
};
};
};
programs.firefox = {
enable = true;
profiles = {
default = {
id = 0;
isDefault = true;
settings = firefoxSettings;
search.default = "DuckDuckGo";
search.privateDefault = "DuckDuckGo";
extensions = firefoxExtensions;
};
social = {
id = 1;
settings = firefoxSettings;
search.default = "DuckDuckGo";
search.privateDefault = "DuckDuckGo";
containersForce = true;
containers = {
"private" = {
color = "green";
icon = "fingerprint";
id = 1;
};
"cloonar" = {
color = "purple";
icon = "briefcase";
id = 2;
};
"epicenter.works" = {
color = "blue";
icon = "briefcase";
id = 3;
};
};
extensions = firefoxExtensions;
};
};
};
/* Setup development projects */
home.activation.projects = lib.hm.dag.entryAfter ["writeBoundary"] ''
PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH"
set +eu
git clone gitea@git.cloonar.com:Cloonar/nixos.git ~/projects/cloonar/cloonar-nixos 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/website.git ~/projects/cloonar/cloonar-website 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/wohnservice-wien-typo3.git ~/projects/cloonar/wohnservice-wien 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/gbv-aktuell.git ~/projects/cloonar/gbv-aktuell 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/api.git ~/projects/cloonar/paraclub/paraclub-api 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/frontend.git ~/projects/cloonar/paraclub/paraclub-frontend 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/website.git ~/projects/cloonar/paraclub/paraclub-website 2>/dev/null
git clone gitea@git.cloonar.com:Paraclub/module.git ~/projects/cloonar/paraclub/paraclub-module 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/amz-api.git ~/projects/cloonar/amz/amz-api 2>/dev/null
git clone gitea@git.cloonar.com:Cloonar/amz-frontend.git ~/projects/cloonar/amz/amz-frontend 2>/dev/null
git clone gitea@git.cloonar.com:myhidden.life/web.git ~/projects/myhidden.life/myhidden.life-web 2>/dev/null
git clone git@gitlab.epicenter.works:epicenter.works/campaigntool.git ~/projects/epicenter.works/campaigntool 2>/dev/null
git clone git@gitlab.epicenter.works:epicenter.works/website.git ~/projects/epicenter.works/epicenter.works 2>/dev/null
git clone git@gitlab.epicenter.works:epicenter.works/nixos.git ~/projects/epicenter.works/epicenter-nixos 2>/dev/null
git clone git@github.com:AKVorrat/spenden.akvorrat.at.git ~/projects/epicenter.works/spenden.akvorrat.at 2>/dev/null
git clone git@github.com:AKVorrat/dearmep-website.git ~/projects/epicenter.works/dearmep-website 2>/dev/null
set -eu
'';
home.activation.nvim-project = lib.hm.dag.entryAfter ["writeBoundary"] ''
PATH="${pkgs.coreutils}/bin:$PATH"
if [ ! -e "~/.local/share/nvim/project_nvim/project_history" ] ; then
cat > ~/.local/share/nvim/project_nvim/project_history << EOL
/home/dominik/projects/cloonar/cloonar-nixos
/home/dominik/projects/cloonar/cloonar-website
/home/dominik/projects/cloonar/wohnservice-wien
/home/dominik/projects/cloonar/gbv-aktuell
/home/dominik/projects/cloonar/paraclub/paraclub-api
/home/dominik/projects/cloonar/paraclub/paraclub-frontend
/home/dominik/projects/cloonar/paraclub/paraclub-website
/home/dominik/projects/cloonar/paraclub/paraclub-module
/home/dominik/projects/cloonar/amz/amz-api
/home/dominik/projects/cloonar/amz/amz-frontend
/home/dominik/projects/myhidden.life/myhidden.life-web
/home/dominik/projects/epicenter.works/campaigntool
/home/dominik/projects/epicenter.works/epicenter.works
/home/dominik/projects/epicenter.works/epicenter-nixos
/home/dominik/projects/epicenter.works/spenden.akvorrat.at
/home/dominik/projects/epicenter.works/dearmep-website
EOL
fi
'';
/* Setup nextcloud folders */
home.activation.nextcloud = lib.hm.dag.entryAfter ["writeBoundary"] ''
set +eu
${pkgs.coreutils}/bin/mkdir ~/cloud.cloonar.com
${pkgs.coreutils}/bin/mkdir ~/cloud.epicenter.works
set -eu
'';
programs.ssh = {
enable = true;
matchBlocks = {
"git.cloonar.com" = {
user = "git";
identityFile = "~/.ssh/id_rsa";
identitiesOnly = true;
};
"gitlab.epicenter.works" = {
user = "git";
identityFile = "~/.ssh/id_rsa";
identitiesOnly = true;
};
"tools.epicenter.works" = {
user = "root";
identityFile = "~/.ssh/epicenter.id_rsa";
};
"*.epicenter.works" = {
user = "dominik";
identityFile = "~/.ssh/epicenter.id_rsa";
};
"*.dearmep.eu" = {
user = "root";
identityFile = "~/.ssh/epicenter.id_rsa";
};
"*.akvorrat.at" = {
user = "dominik";
setEnv = {
TERM = "xterm-256color";
};
identityFile = "~/.ssh/epicenter.id_rsa";
};
"*.cloonar.com" = {
user = "root";
};
"*.cloonar.smart" = {
user = "root";
};
"*.wsw.at" = {
user = "wswdpolakovics";
setEnv = {
TERM = "xterm-256color";
};
};
"*.nycro.net" = {
user = "hilgenberg-gmbh.de_kk33i9d2xv"; # prod
#user = "hilgenberg.gmbh.de_pci2n5aqzt"; # stage
setEnv = {
TERM = "xterm-256color";
};
};
"amz-websrv-01.amz.at" = {
user = "ebs";
};
"u149513.your-backup.de" = {
user = "u149513";
# user = "u149513-sub2"; # fw.cloonar.com
port = 23;
};
};
};
};
}

9
hosts/web-01.cloonar.com/modules/web/stack.nix
View File

@@ -43,6 +43,14 @@ let
''; '';
}; };
phpOptions = mkOption {
type = types.lines;
default = "";
description = ''
"Options appended to the PHP configuration file {file}`php.ini` used for this PHP-FPM pool."
'';
};
enableMysql = mkEnableOption (lib.mdDoc "MySQL Database"); enableMysql = mkEnableOption (lib.mdDoc "MySQL Database");
enableDefaultLocations = mkEnableOption (lib.mdDoc "Create default nginx location directives") // { default = true; }; enableDefaultLocations = mkEnableOption (lib.mdDoc "Create default nginx location directives") // { default = true; };
@@ -154,6 +162,7 @@ in
"php_admin_value[max_input_vars]" = 1500; "php_admin_value[max_input_vars]" = 1500;
"access.log" = "/var/log/$pool.access.log"; "access.log" = "/var/log/$pool.access.log";
}; };
phpOptions = instanceOpts.phpOptions;
phpPackage = instanceOpts.phpPackage; phpPackage = instanceOpts.phpPackage;
phpEnv."PATH" = pkgs.lib.makeBinPath [ instanceOpts.phpPackage ]; phpEnv."PATH" = pkgs.lib.makeBinPath [ instanceOpts.phpPackage ];
} }

5
hosts/web-01.cloonar.com/sites/stage.myhidden.life.nix
View File

@@ -31,6 +31,11 @@
''; '';
phpPackage = pkgs.php82.withExtensions ({ enabled, all }: phpPackage = pkgs.php82.withExtensions ({ enabled, all }:
enabled ++ [ all.imagick ]); enabled ++ [ all.imagick ]);
phpOptions = ''
upload_max_filesize = 50M
post_max_size = 50M
'';
}; };
systemd.services."stage-myhidden-life-schedule" = { systemd.services."stage-myhidden-life-schedule" = {