nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Local changes on France

This commit is contained in:
root 2021-01-14 18:57:21 -06:00
parent 0cbffdd27f
commit b5a6d45f2f
4 changed files with 101 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fudo/users.nix
View File

@ -75,7 +75,8 @@
uid = 10035; uid = 10035;
group = "selby"; group = "selby";
common-name = "Ken Selby"; common-name = "Ken Selby";
hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds"; hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
# hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds";
# hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc"; # hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc";
}; };

1
hosts/france.nix
View File

@ -43,6 +43,7 @@ in {
nix-prefetch-docker nix-prefetch-docker
powerdns powerdns
tshark tshark
# vanilla-forum
]; ];
fudo.common = { fudo.common = {

139
hosts/france/selby-forum.nix
View File

@ -2,66 +2,117 @@
let let
hostname = "forum.test.selby.ca"; hostname = "forum.test.selby.ca";
local-port = "3157";
postgres-host = "france.fudo.org"; postgres-host = "france.fudo.org";
config-path = "/srv/selby-forum/conf"; config-path = "/srv/selby-forum/conf";
redis-data-path = "/srv/selby-forum/redis-data"; redis-data-path = "/srv/selby-forum/redis-data";
sidekiq-data-path = "/srv/selby-forum/sidekiq-data"; sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
discourse-data-path = "/srv/selby-forum/discourse-data"; discourse-data-path = "/srv/selby-forum/discourse-data";
postgres-data-path = "/srv/selby-forum/postgres-data";
env-file = "/srv/selby-forum/private/env";
ensure-dir-and-ownership = ownership: dir: ''
if [ ! -d ${dir} ]; then
mkdir -p ${dir}
fi
chown -R ${ownership} ${dir}
chmod 700 ${dir}
'';
in { in {
config = { config = {
users.users = { users.users = {
selby-discourse = { isSystemUser = true; }; selby-discourse = {
selby-discourse-redis = { isSystemUser = true; }; isSystemUser = true;
selby-discourse-sidekiq = { isSystemUser = true; }; # This is stupid: needs to be 1001, see bitnami docs
uid = 1001;
};
}; };
docker-containers = { security.acme.certs.${hostname}.email = "niten@fudo.org";
# selby-discourse = {
# image = "bitnami/discourse";
# ports = [ ];
# user = toString config.users.users.selby-discourse.uid;
# volumes = [
# "${config-path}:/opt/bitnami/discourse/mounted-conf"
# "${discourse-data-path}:/bitnami"
# ];
# extraDockerOptions = [ "--network=selby-discourse" ];
# environment = {
# DISCOURSE_SITENAME = "Selby Forum";
# DISCOURSE_EMAIL = "forum@selby.ca";
# DISCOURSE_HOSTNAME = hostname;
# };
# };
selby-discourse-redis = { services.nginx = {
image = "bitnami/redis"; enable = true;
user = toString config.users.users.selby-discourse-redis.uid;
volumes = [ "${redis-data-path}:/bitnami" ]; virtualHosts = {
extraDockerOptions = [ "--network=selby-discourse" ]; "${hostname}" = {
environment = { ALLOW_EMPTY_PASSWORD = "yes"; }; enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${local-port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
};
docker-containers = let
docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ];
discourse-env = {
DISCOURSE_USERNAME = "admin";
DISCOURSE_SITENAME = "Selby Forum";
DISCOURSE_EMAIL = "forum@selby.ca";
DISCOURSE_HOSTNAME = hostname;
POSTGRESQL_HOST = "selby-discourse-postgres";
DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum";
DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum";
# note: passwords are stored in env-file
REDIS_HOST = "selby-discourse-redis";
# note: password is store in env-file
}; };
# selby-discourse-sidekiq = { in {
# image = "bitnami/discourse"; selby-discourse = {
# user = toString config.users.users.selby-discourse-sidekiq.uid; image = "bitnami/discourse:2.6.0";
# volumes = [ "${sidekiq-data-path}:/bitnami" ]; ports = [ "127.0.0.1:${local-port}:3000" ];
# entrypoint = "nami"; # user = toString config.users.users.selby-discourse.uid;
# cmd = [ "start" "discourse-sidekiq" ]; volumes = [
# extraDockerOptions = [ "--network=selby-discourse" ]; "${config-path}:/opt/bitnami/discourse/mounted-conf"
# }; "${discourse-data-path}:/bitnami"
}; ];
extraDockerOptions = docker-flags;
environment = discourse-env;
};
systemd = { selby-discourse-redis = {
services = { image = "bitnami/redis:6.0";
# selby-discourse-config = { user = toString config.users.users.selby-discourse.uid;
# description = "Generate configuration for Selby discourse server."; volumes = [ "${redis-data-path}:/bitnami/redis/data" ];
# requiredBy = [ "docker-selby-discourse.service" ]; extraDockerOptions = docker-flags;
# requires = [ "fudo-passwords.target" ]; environment = { };
# serviceConfig.Type = "oneshot"; };
# restartIfChanged = true;
# script = ""; selby-discourse-sidekiq = {
# }; image = "bitnami/discourse:2.6.0";
# user = toString config.users.users.selby-discourse.uid;
volumes = [ "${sidekiq-data-path}:/bitnami" ];
cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ];
extraDockerOptions = docker-flags;
environment = discourse-env;
};
selby-discourse-postgres = {
image = "bitnami/postgresql:13";
# user = toString config.users.users.selby-discourse.uid;
volumes = [ "${postgres-data-path}:/bitnami/postgresql" ];
extraDockerOptions = docker-flags;
environment = {
POSTGRESQL_DATABASE = "discourse_selby_forum";
POSTGRESQL_USERNAME = "discourse_selby_forum";
};
}; };
}; };
}; };

5
packages/local.nix
View File

@ -16,8 +16,7 @@ in {
src = builtins.fetchurl { src = builtins.fetchurl {
url = url =
"https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar"; "https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar";
sha256 = sha256 = "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
"01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
}; };
}); });
@ -162,5 +161,7 @@ in {
rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4"; rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4";
sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7"; sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7";
}; };
# vanilla-forum = import vanilla-forum.nix { inherit pkgs lib; };
}; };
} }