nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Changes to add selby forum, but it's not done yet

Browse Source
This commit is contained in:
root
2020-12-14 11:45:08 -06:00
parent 34f787bd26
commit eeea25a648
8 changed files with 177 additions and 181 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
hosts/france.nix
View File

@@ -8,7 +8,7 @@ let
host_ipv4 = "208.81.3.117";
# Use a special IP for git.fudo.org, since it needs to be SSH-able
link_ipv4 = "208.81.3.126";
all-hostnames = [];
all-hostnames = [ ];
acme-private-key = hostname: "/var/lib/acme/${hostname}/key.pem";
acme-certificate = hostname: "/var/lib/acme/${hostname}/fullchain.pem";
@@ -33,6 +33,7 @@ in {
../defaults.nix
./france/jabber.nix
./france/backplane.nix
./france/selby-forum.nix
];
environment.systemPackages = with pkgs; [
@@ -55,22 +56,18 @@ in {
www-root = /srv/www;
local-networks = [
"208.81.1.128/28"
"208.81.3.112/28"
"172.17.0.0/16"
"127.0.0.0/8"
];
local-networks =
[ "208.81.1.128/28" "208.81.3.112/28" "172.17.0.0/16" "127.0.0.0/8" ];
};
fudo.prometheus = {
enable = true;
hostname = "metrics.fudo.org";
service-discovery-dns = {
node = [ "node._metrics._tcp.fudo.org" ];
node = [ "node._metrics._tcp.fudo.org" ];
postfix = [ "postfix._metrics._tcp.fudo.org" ];
dovecot = [ "dovecot._metrics._tcp.fudo.org" ];
rspamd = [ "rspamd._metrics._tcp.fudo.org" ];
rspamd = [ "rspamd._metrics._tcp.fudo.org" ];
};
};
@@ -91,9 +88,7 @@ in {
};
# So that grafana waits for postgresql
systemd.services.grafana.after = [
"postgresql.service"
];
systemd.services.grafana.after = [ "postgresql.service" ];
fudo.postgresql = {
enable = true;
@@ -162,27 +157,16 @@ in {
};
};
};
niten = {};
niten = { };
};
local-users = [
"niten"
"fudo_git"
];
local-users = [ "niten" "fudo_git" ];
databases = {
fudo_git = {
users = ["niten"];
};
grafana = {
users = ["niten"];
};
mattermost = {
users = ["niten"];
};
webmail = {
users = ["niten"];
};
fudo_git = { users = [ "niten" ]; };
grafana = { users = [ "niten" ]; };
mattermost = { users = [ "niten" ]; };
webmail = { users = [ "niten" ]; };
};
};
@@ -207,7 +191,8 @@ in {
ns3 = {
ip-addresses = [ "104.131.53.95" ];
ipv6-addresses = [ "2604:a880:800:10::8:7001" ];
description = "Nameserver 3, ns2.henchmman21.net, in New York City, NY, US";
description =
"Nameserver 3, ns2.henchmman21.net, in New York City, NY, US";
rp = "reaper reaper.rp";
};
ns4 = {
@@ -218,11 +203,9 @@ in {
};
};
listen-ips = [host_ipv4];
listen-ips = [ host_ipv4 ];
domains = {
"fudo.org" = import ../fudo/fudo.org.nix { inherit config; };
};
domains = { "fudo.org" = import ../fudo/fudo.org.nix { inherit config; }; };
};
# Not all users need access to france; don't allow LDAP-user access.
@@ -251,11 +234,7 @@ in {
# sslKey = (acme-private-key hostname);
# sslCACert = acme-ca;
listen-uris = [
"ldap:///"
"ldaps:///"
"ldapi:///"
];
listen-uris = [ "ldap:///" "ldaps:///" "ldapi:///" ];
users = import ../fudo/users.nix;
@@ -271,11 +250,7 @@ in {
realm = "FUDO.ORG";
mkey-file = "/var/heimdal/m-key";
acl-file = "/etc/heimdal/kdc.acl";
bind-addresses = [
host_ipv4
"127.0.0.1"
"127.0.1.1"
];
bind-addresses = [ host_ipv4 "127.0.0.1" "127.0.1.1" ];
};
};
@@ -293,7 +268,7 @@ in {
fudo.mail-server = import ../fudo/email.nix { inherit config; } // {
enableContainer = true;
debug = true;
debug = false;
monitoring = true;
hostname = mail-hostname;
@@ -459,32 +434,26 @@ in {
# result of:
# echo $FQDN-extif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
macAddress = "02:d4:e8:3b:10:2f";
ipv4.addresses = [
{
address = host_ipv4;
prefixLength = 28;
}
];
ipv4.addresses = [{
address = host_ipv4;
prefixLength = 28;
}];
};
extif1 = {
macAddress = "02:6d:e2:e1:ad:ca";
ipv4.addresses = [
{
address = link_ipv4;
prefixLength = 28;
}
];
ipv4.addresses = [{
address = link_ipv4;
prefixLength = 28;
}];
};
intif0 = {
# result of:
# echo $FQDN-intif|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
macAddress = "02:ba:ba:e9:08:21";
ipv4.addresses = [
{
address = "192.168.11.1";
prefixLength = 24;
}
];
ipv4.addresses = [{
address = "192.168.11.1";
prefixLength = 24;
}];
};
};
};
@@ -496,35 +465,31 @@ in {
enable = true;
enableOnBoot = true;
autoPrune = {
enable = true;
};
autoPrune = { enable = true; };
};
lxd = {
enable = true;
};
lxd = { enable = true; };
};
fileSystems = {
"/srv/archiva" = {
fsType = "btrfs";
options = ["subvol=archiva"];
options = [ "subvol=archiva" ];
label = "pool0";
};
"/srv/grafana" = {
fsType = "btrfs";
options = ["subvol=grafana"];
options = [ "subvol=grafana" ];
label = "pool0";
};
"${system-mail-directory}" = {
fsType = "btrfs";
options = ["subvol=mail"];
options = [ "subvol=mail" ];
label = "pool0";
};
"/srv/gitlab" = {
fsType = "btrfs";
options = ["subvol=gitlab"];
options = [ "subvol=gitlab" ];
label = "pool0";
};
"/var/lib/lxd/storage-pools/pool0" = {
@@ -576,12 +541,12 @@ in {
locations."/" = {
proxyPass = "http://127.0.0.1:8001";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
@@ -600,12 +565,10 @@ in {
docker-containers = {
archiva = {
image = "xetusoss/archiva";
ports = ["127.0.0.1:8001:8080"];
ports = [ "127.0.0.1:8001:8080" ];
# Ugly: name-to-uid lookup fails.
user = toString config.users.users.archiva.uid;
volumes = [
"/srv/archiva:/archiva-data"
];
volumes = [ "/srv/archiva:/archiva-data" ];
environment = {
# Not directly connected to the world anyway
SSL_ENABLED = "false";

68
hosts/france/selby-forum.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
let
hostname = "forum.test.selby.ca";
postgres-host = "france.fudo.org";
config-path = "/srv/selby-forum/conf";
redis-data-path = "/srv/selby-forum/redis-data";
sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
discourse-data-path = "/srv/selby-forum/discourse-data";
in {
config = {
users.users = {
selby-discourse = { isSystemUser = true; };
selby-discourse-redis = { isSystemUser = true; };
selby-discourse-sidekiq = { isSystemUser = true; };
};
docker-containers = {
selby-discourse = {
image = "bitnami/discourse";
ports = [ ];
user = toString config.users.users.selby-discourse.uid;
volumes = [
"${config-path}:/opt/bitnami/discourse/mounted-conf"
"${discourse-data-path}:/bitnami"
];
extraDockerOptions = [ "--network=selby-discourse" ];
environment = {
DISCOURSE_SITENAME = "Selby Forum";
DISCOURSE_EMAIL = "forum@selby.ca";
DISCOURSE_HOSTNAME = hostname;
};
};
selby-discourse-redis = {
image = "bitnami/redis";
user = toString config.users.users.selby-discourse-redis.uid;
volumes = [ "${redis-data-path}:/bitnami" ];
extraDockerOptions = [ "--network=selby-discourse" ];
environment = { ALLOW_EMPTY_PASSWORD = "yes"; };
};
selby-discourse-sidekiq = {
image = "bitnami/discourse";
user = toString config.users.users.selby-discourse-sidekiq.uid;
volumes = [ "${sidekiq-data-path}:/bitnami" ];
entrypoint = "nami";
cmd = [ "start" "discourse-sidekiq" ];
extraDockerOptions = [ "--network=selby-discourse" ];
};
};
systemd = {
services = {
# selby-discourse-config = {
# description = "Generate configuration for Selby discourse server.";
# requiredBy = [ "docker-selby-discourse.service" ];
# requires = [ "fudo-passwords.target" ];
# serviceConfig.Type = "oneshot";
# restartIfChanged = true;
# script = "";
# };
};
};
};
}