root/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fmt

Browse source
This commit is contained in:
root 2025-11-04 11:31:52 +00:00
parent e856c0dfb1
commit 766f143e51
6 changed files with 23 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

9
secrets/secrets.nix
View file

@ -1,13 +1,12 @@
let let
user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196"; user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxah5pnxmk+P7HtwRsryDoAHZsDs5RcGP9IPCNg1KFe cardno:16_179_196";
users = [ user ]; users = [user];
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKxw1fDsIUUh3vWCD90LDgDMAG/NSVRg7QamUbknz5A root@distrust"; system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKxw1fDsIUUh3vWCD90LDgDMAG/NSVRg7QamUbknz5A root@distrust";
systems = [ system ]; systems = [system];
all = users ++ systems; all = users ++ systems;
in in {
{
"bind_pw".publicKeys = all; "bind_pw".publicKeys = all;
"nextcloud-admin-pass".publicKeys = all; "nextcloud-admin-pass".publicKeys = all;
"vaultwarden.env".publicKeys = all; "vaultwarden.env".publicKeys = all;

4
services/dante.nix
View file

@ -9,6 +9,6 @@
''; '';
}; };
networking.firewall.allowedTCPPorts = [ 1080 ]; networking.firewall.allowedTCPPorts = [1080];
networking.firewall.allowedUDPPorts = [ 1080 ]; networking.firewall.allowedUDPPorts = [1080];
} }

7
services/mailserver.nix
View file

@ -1,16 +1,15 @@
{ config, ... }: {config, ...}: {
{
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "distrust.network"; fqdn = "distrust.network";
domains = [ "distrust.network" ]; domains = ["distrust.network"];
certificateScheme = "acme"; certificateScheme = "acme";
ldap = { ldap = {
enable = true; enable = true;
bind.dn = "cn=bind,ou=people,dc=distrust,dc=network"; bind.dn = "cn=bind,ou=people,dc=distrust,dc=network";
bind.passwordFile = config.age.secrets."bind_pw".path; bind.passwordFile = config.age.secrets."bind_pw".path;
searchBase = "ou=people,dc=distrust,dc=network"; searchBase = "ou=people,dc=distrust,dc=network";
uris = [ "ldap://localhost:3890" ]; uris = ["ldap://localhost:3890"];
}; };
}; };
} }

8
services/nextcloud.nix
View file

@ -7,7 +7,7 @@
onionUrl = "http://znfdxs4e3rqvzxtkksiidomupgm2x44wtrzyxtpomczto3xg5qxpcbqd.onion"; onionUrl = "http://znfdxs4e3rqvzxtkksiidomupgm2x44wtrzyxtpomczto3xg5qxpcbqd.onion";
in { in {
age.secrets."nextcloud-admin-pass".file = ../secrets/nextcloud-admin-pass; age.secrets."nextcloud-admin-pass".file = ../secrets/nextcloud-admin-pass;
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
hostName = "cloud.distrust.network"; hostName = "cloud.distrust.network";
@ -27,7 +27,7 @@ in {
database.createLocally = true; database.createLocally = true;
}; };
users.groups.nextcloud.members = [ "nextcloud" "caddy" ]; users.groups.nextcloud.members = ["nextcloud" "caddy"];
services.nginx.enable = lib.mkForce false; services.nginx.enable = lib.mkForce false;
services.phpfpm.pools.nextcloud.settings = { services.phpfpm.pools.nextcloud.settings = {
"listen.owner" = "caddy"; "listen.owner" = "caddy";
@ -35,7 +35,7 @@ in {
}; };
services.caddy.virtualHosts."https://cloud.distrust.network ${onionUrl}".extraConfig = '' services.caddy.virtualHosts."https://cloud.distrust.network ${onionUrl}".extraConfig = ''
# encode zstd gzip # encode zstd gzip
root * ${config.services.nginx.virtualHosts."cloud.distrust.network".root} root * ${config.services.nginx.virtualHosts."cloud.distrust.network".root}
redir /.well-known/carddav /remote.php/dav 301 redir /.well-known/carddav /remote.php/dav 301
@ -61,7 +61,7 @@ in {
X-Forwarded-Host {host} X-Forwarded-Host {host}
} }
php_fastcgi unix/${config.services.phpfpm.pools.nextcloud.socket} { php_fastcgi unix/${config.services.phpfpm.pools.nextcloud.socket} {
root ${config.services.nginx.virtualHosts."cloud.distrust.network".root} root ${config.services.nginx.virtualHosts."cloud.distrust.network".root}
env front_controller_active true env front_controller_active true

8
services/vaultwarden.nix
View file

@ -1,11 +1,9 @@
{ config, ... }: {config, ...}: let
let
vaultPort = 8222; vaultPort = 8222;
onionUrl = "http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion"; onionUrl = "http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion";
in in {
{
age.secrets."vaultwarden.env".file = ../secrets/vaultwarden.env; age.secrets."vaultwarden.env".file = ../secrets/vaultwarden.env;
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
config = { config = {

15
system/configuration.nix
View file

@ -1,11 +1,10 @@
{pkgs, ...}: {pkgs, ...}: let
let updateScript = pkgs.writeShellScriptBin "rebuild" '' updateScript = pkgs.writeShellScriptBin "rebuild" ''
#!/bin/sh #!/bin/sh
nixos-rebuild switch --flake /etc/nixos#distrust --impure nixos-rebuild switch --flake /etc/nixos#distrust --impure
''; '';
in in {
{ environment.systemPackages = with pkgs; [vim btop git alejandra statix deadnix] ++ [updateScript];
environment.systemPackages = with pkgs; [vim btop git alejandra statix deadnix] ++ [ updateScript ];
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];