adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

deploy 2 conduwuits

Browse source
This commit is contained in:
Adithya 2024-11-27 23:59:27 +05:30
parent aeb0720818
commit 20d2e5740e
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
11 changed files with 214 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

119
flake.lock
View file

@ -281,6 +281,25 @@
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_7"
},
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@ -295,9 +314,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_7": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_8"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1726560853,
@ -590,6 +609,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_10": {
"locked": {
"lastModified": 1729755165,
"narHash": "sha256-6IpnOHWsaSSjT3yvqlrWfHW6HVCT+wOAlUpcooGJ+FQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cabaf14d3e69c9921d7acedf5d7d60bb2b90be02",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1732014248,
@ -671,6 +706,22 @@
} }
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1728492678, "lastModified": 1728492678,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
@ -686,7 +737,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1731763621, "lastModified": 1731763621,
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
@ -702,22 +753,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1729755165,
"narHash": "sha256-6IpnOHWsaSSjT3yvqlrWfHW6HVCT+wOAlUpcooGJ+FQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cabaf14d3e69c9921d7acedf5d7d60bb2b90be02",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -745,6 +780,26 @@
"type": "github" "type": "github"
} }
}, },
"recipes": {
"inputs": {
"flake-utils": "flake-utils_5",
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1732731942,
"narHash": "sha256-uF+paBlFe6EfWQj3WET1WH9/om4OMbrHCd0IzvoHBe0=",
"ref": "main",
"rev": "d66dcb6bc5da9285d204aed145944f3fad390f2d",
"revCount": 7,
"type": "git",
"url": "https://git.acomputer.lol/adtya/recipes.nix"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.acomputer.lol/adtya/recipes.nix"
}
},
"root": { "root": {
"inputs": { "inputs": {
"adtyaxyz": "adtyaxyz", "adtyaxyz": "adtyaxyz",
@ -757,6 +812,7 @@
"lix-module": "lix-module", "lix-module": "lix-module",
"neovim-nightly": "neovim-nightly", "neovim-nightly": "neovim-nightly",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"recipes": "recipes",
"smc-fonts": "smc-fonts", "smc-fonts": "smc-fonts",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"wiki": "wiki" "wiki": "wiki"
@ -785,8 +841,8 @@
}, },
"smc-fonts": { "smc-fonts": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1731189279, "lastModified": 1731189279,
@ -805,7 +861,7 @@
}, },
"sops-nix": { "sops-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1732186149, "lastModified": 1732186149,
@ -927,6 +983,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_3"
@ -947,8 +1018,8 @@
}, },
"wiki": { "wiki": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1729817327, "lastModified": 1729817327,

8
flake.nix
View file

@ -33,6 +33,7 @@
caddy.url = "git+https://git.acomputer.lol/adtya/caddy-with-modules?ref=main"; caddy.url = "git+https://git.acomputer.lol/adtya/caddy-with-modules?ref=main";
adtyaxyz.url = "git+https://git.acomputer.lol/adtya/adtya.xyz?ref=main"; adtyaxyz.url = "git+https://git.acomputer.lol/adtya/adtya.xyz?ref=main";
wiki.url = "git+https://git.acomputer.lol/adtya/wiki?ref=main"; wiki.url = "git+https://git.acomputer.lol/adtya/wiki?ref=main";
recipes.url = "git+https://git.acomputer.lol/adtya/recipes.nix?ref=main";
smc-fonts.url = "gitlab:smc/smc-fonts-flake?ref=trunk"; smc-fonts.url = "gitlab:smc/smc-fonts-flake?ref=trunk";
}; };
@ -50,6 +51,7 @@
, caddy , caddy
, adtyaxyz , adtyaxyz
, wiki , wiki
, recipes
, smc-fonts , smc-fonts
, ,
} @ inputs: } @ inputs:
@ -110,6 +112,7 @@
nixpkgs.hostPlatform = lib.mkDefault system; nixpkgs.hostPlatform = lib.mkDefault system;
} }
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/rico0 ./hosts/rico0
@ -132,6 +135,7 @@
nixpkgs.hostPlatform = lib.mkDefault system; nixpkgs.hostPlatform = lib.mkDefault system;
} }
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/rico1 ./hosts/rico1
@ -154,6 +158,7 @@
nixpkgs.hostPlatform = lib.mkDefault system; nixpkgs.hostPlatform = lib.mkDefault system;
} }
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/rico2 ./hosts/rico2
@ -177,6 +182,7 @@
} }
lix-module.nixosModules.default lix-module.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/wynne ./hosts/wynne
@ -200,6 +206,7 @@
} }
lix-module.nixosModules.default lix-module.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/layne ./hosts/layne
@ -223,6 +230,7 @@
} }
lix-module.nixosModules.default lix-module.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
recipes.nixosModules.default
self.nixosModules.default self.nixosModules.default
./common ./common
./hosts/bifrost ./hosts/bifrost

17
hosts/bifrost/services/apps/acomputer.lol.nix
View file

@ -1,22 +1,9 @@
_: _:
let let domainName = "acomputer.lol"; in {
domainName = "acomputer.lol";
in
{
services = { services = {
caddy.virtualHosts."${domainName}" = { caddy.virtualHosts."${domainName}" = {
extraConfig = '' extraConfig = ''
handle /.well-known/matrix/server { reverse_proxy /.well-known/matrix/* 10.10.10.13:6167
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.server": "matrix.${domainName}:443"}`
}
handle /.well-known/matrix/client {
header Content-Type application/json
header Access-Control-Allow-Origin *
respond `{"m.homeserver": {"base_url": "https://matrix.${domainName}:443"}}`
}
''; '';
}; };
}; };

23
hosts/bifrost/services/apps/conduwuit.nix Normal file
View file

@ -0,0 +1,23 @@
_: {
services = {
caddy.virtualHosts = {
"matrix.acomputer.lol" = {
serverAliases = [ "matrix.acomputer.lol:8448" ];
extraConfig = ''
reverse_proxy /_matrix/* 10.10.10.13:6167
reverse_proxy /_conduwuit/* 10.10.10.13:6167
reverse_proxy /.well-known/matrix/* 10.10.10.13:6167
'';
};
"matrix.ironyofprivacy.org" = {
serverAliases = [ "matrix.ironyofprivacy.org:8448" ];
extraConfig = ''
reverse_proxy /_matrix/* 10.10.10.13:6168
reverse_proxy /_conduwuit/* 10.10.10.13:6168
reverse_proxy /.well-known/matrix/* 10.10.10.13:6168
'';
};
};
};
networking.firewall.interfaces.ens3.allowedTCPPorts = [ 8448 ];
}

2
hosts/bifrost/services/apps/default.nix
View file

@ -3,8 +3,10 @@ _: {
./adtya.xyz.nix ./adtya.xyz.nix
./acomputer.lol.nix ./acomputer.lol.nix
./blocky.nix ./blocky.nix
./conduwuit.nix
./dendrite.nix ./dendrite.nix
./forgejo.nix ./forgejo.nix
./ironyofprivacy.org.nix
./ntfy.nix ./ntfy.nix
./proofs.nix ./proofs.nix
./wiki.nix ./wiki.nix

11
hosts/bifrost/services/apps/ironyofprivacy.org.nix Normal file
View file

@ -0,0 +1,11 @@
_:
let domainName = "ironyofprivacy.org"; in {
services = {
caddy.virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy /.well-known/matrix/* 10.10.10.13:6168
'';
};
};
}

7
hosts/wynne/hardware/filesystem.nix
View file

@ -37,6 +37,13 @@ _: {
options = [ "subvol=/" "compress-force=zstd" "noatime" "nofail" "x-systemd.automount" "x-systemd.device-timeout=5" ]; options = [ "subvol=/" "compress-force=zstd" "noatime" "nofail" "x-systemd.automount" "x-systemd.device-timeout=5" ];
}; };
"/var/lib/private" = {
device = "/dev/disk/by-partlabel/DATA1";
fsType = "btrfs";
options = [ "subvol=@state" "compress-force=zstd" "noatime" ];
};
"/boot" = { "/boot" = {
device = "/dev/disk/by-partlabel/WYNNE_BOOT"; device = "/dev/disk/by-partlabel/WYNNE_BOOT";
fsType = "vfat"; fsType = "vfat";

60
hosts/wynne/services/apps/conduwuit.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, ... }: {
sops.secrets = {
"conduwuit/secrets" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
recipes.conduwuit.instances = {
acomputer-lol = let domain = "acomputer.lol"; in {
enable = true;
environmentFiles = [ config.sops.secrets."conduwuit/secrets".path ];
settings = {
global = {
server_name = domain;
address = [ "10.10.10.13" ];
port = 6167;
database_backend = "rocksdb";
ip_lookup_strategy = 1;
new_user_displayname_suffix = "💯";
allow_check_for_updates = false;
allow_encryption = true;
allow_federation = true;
trusted_servers = [ "matrix.org" ];
well_known = {
server = "matrix.${domain}:443";
client = "https://matrix.${domain}";
};
};
};
};
ironyofprivacy = let domain = "ironyofprivacy.org"; in {
enable = true;
environmentFiles = [ config.sops.secrets."conduwuit/secrets".path ];
settings = {
global = {
server_name = domain;
address = [ "10.10.10.13" ];
port = 6168;
database_backend = "rocksdb";
ip_lookup_strategy = 1;
new_user_displayname_suffix = "💯";
allow_check_for_updates = false;
allow_encryption = true;
allow_federation = true;
trusted_servers = [ "matrix.org" ];
well_known = {
server = "matrix.${domain}:443";
client = "https://matrix.${domain}";
};
};
};
};
};
systemd.services."conduwuit-ironyofprivacy".unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
systemd.services."conduwuit-acomputer-lol".unitConfig.RequiresMountsFor = [ "/var/lib/private" ];
}

1
hosts/wynne/services/apps/default.nix
View file

@ -1,5 +1,6 @@
_: { _: {
imports = [ imports = [
./conduwuit.nix
./dendrite ./dendrite
./forgejo.nix ./forgejo.nix
./ntfy.nix ./ntfy.nix

2
hosts/wynne/services/apps/dendrite/config.yaml
View file

@ -3,7 +3,7 @@ version: 2
global: global:
server_name: acomputer.lol server_name: acomputer.lol
private_key: /persist/secrets/dendrite/matrix_key.pem private_key: /persist/secrets/dendrite/matrix_key.pem
key_validity_period: 168h0m0s key_validity_period: 0h10m0s
database: database:
connection_string: postgresql://dendrite@localhost/dendrite?sslmode=disable connection_string: postgresql://dendrite@localhost/dendrite?sslmode=disable
max_open_conns: 90 max_open_conns: 90

6
secrets.yaml
View file

@ -20,6 +20,8 @@ caddy:
env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str]
forgejo: forgejo:
runner_registration_token_file: ENC[AES256_GCM,data:fHHAk5i3xjsTx7Zro1EOpbQaMCii0kksjTLgM+gXH2Gu2Mw+bCgKCKfeYccEQg==,iv:6jrQwEfqGDdbI/QCMvHcIEtZXtoDFT7OxVu80+oykCs=,tag:u3UClo6ca6ipBeQ/Am8yVA==,type:str] runner_registration_token_file: ENC[AES256_GCM,data:fHHAk5i3xjsTx7Zro1EOpbQaMCii0kksjTLgM+gXH2Gu2Mw+bCgKCKfeYccEQg==,iv:6jrQwEfqGDdbI/QCMvHcIEtZXtoDFT7OxVu80+oykCs=,tag:u3UClo6ca6ipBeQ/Am8yVA==,type:str]
conduwuit:
secrets: ENC[AES256_GCM,data:eYrm7PSELWFZgJOamChhD+Vx59QeybltE/RTUnRjIu7nkNuHoMYNCmJr2m/PiGpjvypkYIQpfX4Qcdio0hSKwe5FeN+U4XanryFq4eLK7TrXn/9rTxo5rNcj1bildNsQ,iv:Jbf7zM6bPs3ukBT+NlPon1y30FX7LRCup8Xqs+G8zcg=,tag:hf7jMdYUdv2lrYcKNdFgYA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -98,8 +100,8 @@ sops:
Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh Ynd0czBOK0NCdnZIQzNJZ3BqNndlSG8Kg9UUjMZ2p7xUhHLEL6SjSiVPw5JemYxh
sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg== sdiuZVVxzEasXLXXk6tax6AD5fz5mXEhXB24Op5scF4+VTfSZ+g9Cg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-22T05:40:29Z" lastmodified: "2024-11-24T17:39:15Z"
mac: ENC[AES256_GCM,data:dialk5LEy/M+zx839s9YKU1DxPOPkBadMAcXqkvyDE20dr0EoXjeNa9oQMuA++RsCUJfUKAOskyqjCFhLjDD4VHNr1htE4uBpfRS196p16Cgp4Qp12uj51D/7JCgQeAwGAwc1K7R0z1lXfrqDE2I6xrGcTWxlJcN7PN6IT2X6tA=,iv:Y5alGY//VAXd3yiHR//5BbZumLU3IyBJNvWweVKUDeM=,tag:rfn/6RLQlGU+nXZPlIQjfg==,type:str] mac: ENC[AES256_GCM,data:6RxJy0sdKAb19lI84U1KLYRFMxhTGPvG3l7f3usfSogjAqTwZsI5uGxlTZEoHOCMtiX2WKgjEh6xvo5f2Qm+gSNzwxDRbV/4VvGyddAy0ZA7j0baWyqECZEGc5w8jbekb9zknZ9miFF9yLXL9qGjTEaeUDHGPNE8yOrkYpPGg3Y=,iv:tQZUqyQSbUt2F35XxCpojItGstq+8ljJFOZ9xbeCbR4=,tag:7hpUewJZU8GJ+iO/VLyI3A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.1