Compare commits

..

No commits in common. "91ab1b85d179f1e9f49b867a5de3687de8ed9d98" and "e1db3dc03402ea63ee1cdb83544d3eea84853f53" have entirely different histories.

10 changed files with 68 additions and 77 deletions

View file

@ -2,11 +2,10 @@
{
config,
lib,
modulesPath,
pkgs,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];
boot = {
initrd = {
@ -17,28 +16,26 @@
"usbhid" # USB HID transport layer
"usb_storage" # USB Mass Storage support
"sd_mod" # SCSI disk support
"aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128
"cryptd" # Software async crypto daemon
];
kernelModules = ["dm-snapshot"];
luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4";
};
kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/0bdc11fc-c497-47ff-bcc2-3044f81f40be";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/9c8a9dd1-b234-4a6d-ad62-3962e85d4063";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c";
fsType = "ext4";
};
swapDevices = [{device = "/dev/disk/by-uuid/05aed0b0-3a79-44f2-aa4d-e5e5724643f2";}];
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96";
fsType = "ext4";
};
networking.useDHCP = lib.mkDefault true;
swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}];
nix.settings.max-jobs = lib.mkDefault 4;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -16,7 +16,6 @@
loader.grub = {
enable = true;
device = "/dev/nvme0n1"; # or "nodev" for efi only
useOSProber = true;
};
kernel.sysctl."net.ipv4.ip_forward" = "1";
extraModprobeConfig = "options kvm_intel nested=1";
@ -24,11 +23,6 @@
networking = {
hostName = "dionach"; # Define your hostname.
firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [15000];
};
};
systemd.network.networks.enp0s20f0u4u4i5.ipv6SendRAConfig = {
@ -39,9 +33,15 @@
services.kbfs.enable = true;
networking.firewall = {
enable = true;
checkReversePath = false; # Needed for libvirtd
allowedTCPPorts = [15000];
};
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "23.11"; # Did you read the comment?
system.stateVersion = "20.03"; # Did you read the comment?
}

View file

@ -31,7 +31,6 @@
mplayer # A movie player that supports many video formats
nextcloud-client # Nextcloud desktop client
pwgen # Password generator
rsync
shotwell # Photo organizer
signal-desktop # Private, simple, and secure messenger
usbutils # Tools for working with USB devices, such as lsusb
@ -70,27 +69,19 @@
};
libinput.enable = true; # Enable touchpad support.
};
pipewire = {
enable = true;
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
};
};
sound.enable = true; # Enable sound.
security.rtkit.enable = true; # realtime scheduling for sound
# Configure common hardware settings
hardware = {
pulseaudio = {
enable = false;
enable = true;
package = pkgs.pulseaudioFull;
};
bluetooth = {
enable = true; # Enable bluetooth
hsphfpd.enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";

View file

@ -9,12 +9,18 @@
sources = import ../nix/sources.nix;
unstable = import sources.nixpkgsUnstable {};
in {
services.forgejo = {
services.gitea = {
enable = true; # Enable Forgejo
appName = "mcwhirter.io: Forgejo Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/forgejo-dbpass"; # Where to find the password
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
disableRegistration = true;
domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
package = pkgs.forgejo; # a soft fork of gitea
settings = let
docutils = pkgs.python39.withPackages (ps:
with ps; [
@ -22,21 +28,12 @@ in {
pygments # Provides syntax highlighting
]);
in {
DEFAULT.APP_NAME = "mcwhirter.io: Forgejo Service"; # Give the site a name
mailer = {
ENABLED = true;
FROM = "forgejo@mcwhirter.io";
FROM = "gitea@mcwhirter.io";
};
repository = {DEFAULT_BRANCH = "consensus";};
service = {REGISTER_EMAIL_CONFIRM = true;};
server = {
DOMAIN = "source.mcwhirter.io"; # Domain name
HTTP_PORT = 3002; # Provided unique port
ROOT_URL = "https://source.mcwhirter.io/"; # Root web URL
};
service = {
DISABLE_REGISTRATION = true;
};
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
@ -52,10 +49,10 @@ in {
systemd = {
services = {
forgejo = {
# Ensure forgejo starts after nixops keys are loaded
after = ["forgejo-dbpass-key.service"];
wants = ["forgejo-dbpass-key.service"];
gitea = {
# Ensure gitea starts after nixops keys are loaded
after = ["gitea-dbpass-key.service"];
wants = ["gitea-dbpass-key.service"];
};
};
};
@ -63,23 +60,27 @@ in {
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local forgejo all ident map=forgejo-users
local gitea all ident map=gitea-users
'';
identMap =
# Map the forgejo user to postgresql
# Map the gitea user to postgresql
''
forgejo-users forgejo forgejo
gitea-users gitea gitea
'';
ensureDatabases = ["forgejo"]; # Ensure the database persists
ensureDatabases = ["gitea"]; # Ensure the database persists
ensureUsers = [
{
name = "forgejo"; # Ensure the database user persists
ensureDBOwnership = true;
name = "gitea"; # Ensure the database user persists
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};
services.postgresqlBackup.databases = ["forgejo"];
services.postgresqlBackup.databases = ["gitea"];
services.nginx = {
enable = true; # Enable Nginx
@ -116,5 +117,5 @@ in {
};
};
users.groups.keys.members = ["forgejo"]; # Required due to NixOps issue #1204
users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
}

View file

@ -65,6 +65,9 @@ in {
services = {
keybase.enable = true;
#postgresql = {
# enable = true; # Ensure postgresql is enabled
# package = pkgs.postgresql_10; # Set the required version, if needed
};
users.groups.docker.members = ["craige"];

View file

@ -17,7 +17,6 @@
extraConfig = {
WEB_DOMAIN = "social.mcwhirter.io";
};
streamingProcesses = 5;
};
};

View file

@ -129,7 +129,11 @@
ensureUsers = [
{
name = "matrix-synapse"; # Ensure the database user persists
ensureDBOwnership = true;
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
# Initial database creation

View file

@ -27,12 +27,8 @@
enable = true; # Run regular auto update of all apps installed
startAt = "01:00:00"; # When to run the update
};
enableBrokenCiphersForSSE = false; # force upgrade to SSL v3
package = pkgs.nextcloud27;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts deck news notes tasks twofactor_webauthn;
};
extraAppsEnable = true;
appstoreEnable = true;
};
systemd = {
@ -47,19 +43,15 @@
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local nextcloud all ident map=nextcloud-users
'';
identMap =
# Map the forgejo user to postgresql
''
nextcloud-users nextcloud nextcloud
'';
ensureDatabases = ["nextcloud"]; # Ensure the database persists
ensureUsers = [
{
name = "nextcloud"; # Ensure the database user persists
ensureDBOwnership = true;
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE nextcloud" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};

View file

@ -20,7 +20,7 @@ in {
};
services.postgresql = {
package = pkgs.postgresql_16;
package = pkgs.postgresql_11;
};
security.polkit.enable = false; # avoid CVE-2021-4034 (PwnKit)

View file

@ -34,7 +34,11 @@
ensureUsers = [
{
name = "tt_rss"; # Ensure the database user persists
ensureDBOwnership = true;
ensurePermissions = {
# Ensure the database permissions persist
"DATABASE tt_rss" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
];
};