Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fixes and formatting

Browse source
This commit is contained in:
Henry Hiles 2025-09-23 09:17:26 -04:00
commit 80cf48f1e8
No known key found for this signature in database
71 changed files with 746 additions and 1110 deletions
Download patch file Download diff file Expand all files Collapse all files

67
clients/quadraticserver/dav.nix
View file

@ -1,36 +1,39 @@
{config, ...}: {
services = let
domain = "dav.henryhiles.com";
in {
davis = {
enable = true;
hostname = domain;
appSecretFile = config.age.secrets."davSecret.age".path;
adminPasswordFile = config.age.secrets."davPassword.age".path;
{ config, ... }:
{
services =
let
domain = "dav.henryhiles.com";
in
{
davis = {
enable = true;
hostname = domain;
appSecretFile = config.age.secrets."davSecret.age".path;
adminPasswordFile = config.age.secrets."davPassword.age".path;
poolConfig = with config.services.caddy; {
"listen.owner" = user;
"listen.group" = group;
poolConfig = with config.services.caddy; {
"listen.owner" = user;
"listen.group" = group;
};
nginx = null;
};
nginx = null;
caddy.virtualHosts."${domain}".extraConfig = ''
encode zstd gzip
header {
-Server
-X-Powered-By
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
Referrer-Policy no-referrer-when-downgrade
}
root * ${config.services.davis.package}/public
php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
file_server
redir /.well-known/carddav /dav/ 301
redir /.well-known/caldav /dav/ 301
'';
};
caddy.virtualHosts."${domain}".extraConfig = ''
encode zstd gzip
header {
-Server
-X-Powered-By
Strict-Transport-Security max-age=31536000;
X-Content-Type-Options nosniff
Referrer-Policy no-referrer-when-downgrade
}
root * ${config.services.davis.package}/public
php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
file_server
redir /.well-known/carddav /dav/ 301
redir /.well-known/caldav /dav/ 301
'';
};
}

13
clients/quadraticserver/docs/default.nix
View file

@ -47,16 +47,13 @@ in
enableNginx = false;
redis.createLocally = true;
postgresql.createLocally = true;
backendPackage = inputs.nixpkgs-lasuite.legacyPackages.${pkgs.system}.lasuite-docs.overrideAttrs {
backendPackage = pkgs.lasuite-docs.overrideAttrs {
patches = [ ./enable-languages.patch ];
};
collaborationServer.package =
inputs.nixpkgs-lasuite.legacyPackages.${pkgs.system}.lasuite-docs-collaboration-server;
frontendPackage =
inputs.nixpkgs-lasuite.legacyPackages.${pkgs.system}.lasuite-docs-frontend.overrideAttrs
{
NEXT_PUBLIC_PUBLISH_AS_MIT = "false";
};
collaborationServer.package = pkgs.lasuite-docs-collaboration-server;
frontendPackage = pkgs.lasuite-docs-frontend.overrideAttrs {
NEXT_PUBLIC_PUBLISH_AS_MIT = "false";
};
bind = "unix:${socket}";
inherit s3Url domain;

87
clients/quadraticserver/forgejo.nix
View file

@ -2,53 +2,56 @@
pkgs,
config,
...
}: {
networking.firewall.allowedTCPPorts = [22];
services = let
domain = "git.federated.nexus";
socket = "/run/forgejo/socket";
in {
forgejo = {
enable = true;
package = pkgs.forgejo; # Not LTS
settings = {
service = {
ENABLE_INTERNAL_SIGNIN = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
}:
{
networking.firewall.allowedTCPPorts = [ 22 ];
services =
let
domain = "git.federated.nexus";
socket = "/run/forgejo/socket";
in
{
forgejo = {
enable = true;
package = pkgs.forgejo; # Not LTS
settings = {
service = {
ENABLE_INTERNAL_SIGNIN = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
};
oauth2_client.ENABLE_AUTO_REGISTRATION = true;
repository.GO_GET_CLONE_URL_PROTOCOL = "ssh";
actions.DEFAULT_ACTIONS_URL = "github";
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}";
HTTP_ADDR = socket;
PROTOCOL = "http+unix";
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
LANDING_PAGE = "explore";
};
federation.enable = true;
};
oauth2_client.ENABLE_AUTO_REGISTRATION = true;
repository.GO_GET_CLONE_URL_PROTOCOL = "ssh";
actions.DEFAULT_ACTIONS_URL = "github";
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}";
HTTP_ADDR = socket;
PROTOCOL = "http+unix";
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
LANDING_PAGE = "explore";
};
federation.enable = true;
};
caddy.virtualHosts."${domain}".extraConfig = ''
respond /robots.txt <<EOF
User-agent: *
Disallow: /*/*/archive/
Disallow: /*/*/src/commit
EOF 200
reverse_proxy unix/${socket}
'';
};
caddy.virtualHosts."${domain}".extraConfig = ''
respond /robots.txt <<EOF
User-agent: *
Disallow: /*/*/archive/
Disallow: /*/*/src/commit
EOF 200
reverse_proxy unix/${socket}
'';
};
systemd.sockets.forgejo = {
requiredBy = ["forgejo.service"];
wantedBy = ["sockets.target"];
requiredBy = [ "forgejo.service" ];
wantedBy = [ "sockets.target" ];
listenStreams = [
(toString config.services.forgejo.settings.server.SSH_PORT)

45
clients/quadraticserver/matrix/cinny.nix
View file

@ -1,25 +1,28 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.caddy.virtualHosts."app.federated.nexus".extraConfig = ''
root ${pkgs.cinny.override {
conf = {
defaultHomeserver = 0;
homeserverList = ["federated.nexus"];
allowCustomHomeservers = false;
};
# cinny-unwrapped = pkgs.cinny-unwrapped.overrideAttrs (old: rec {
# src = pkgs.fetchFromGitHub {
# owner = "GigiaJ";
# repo = "cinny";
# rev = "a299e9c4cb4df1a3b732fdfddb1297170251a10d";
# hash = "sha256-EDsDVOlaYT0S30Cml+t71U7OOKkfcE4aJxwE8iTdV3s=";
# };
# npmDeps = pkgs.fetchNpmDeps {
# inherit src;
# name = "${old.pname}-${old.version}-npm-deps";
# hash = "sha256-k8eCQO1uIpoKpLHO3E3EYWbQSjcAya2AxngA9mvSfns=";
# };
# });
}}
root ${
pkgs.cinny.override {
conf = {
defaultHomeserver = 0;
homeserverList = [ "federated.nexus" ];
allowCustomHomeservers = false;
};
# cinny-unwrapped = pkgs.cinny-unwrapped.overrideAttrs (old: rec {
# src = pkgs.fetchFromGitHub {
# owner = "GigiaJ";
# repo = "cinny";
# rev = "a299e9c4cb4df1a3b732fdfddb1297170251a10d";
# hash = "sha256-EDsDVOlaYT0S30Cml+t71U7OOKkfcE4aJxwE8iTdV3s=";
# };
# npmDeps = pkgs.fetchNpmDeps {
# inherit src;
# name = "${old.pname}-${old.version}-npm-deps";
# hash = "sha256-k8eCQO1uIpoKpLHO3E3EYWbQSjcAya2AxngA9mvSfns=";
# };
# });
}
}
try_files {path} {path}/ /index.html
file_server
'';

63
clients/quadraticserver/matrix/continuwuity.nix
View file

@ -3,40 +3,43 @@
pkgs,
lib,
...
}: {
}:
{
systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
services = let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in {
matrix-continuwuity = {
enable = true;
package = inputs.nixpkgs-continuwuity.legacyPackages.${pkgs.system}.matrix-continuwuity;
group = "caddy";
settings.global = {
server_name = domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [];
url_preview_domain_explicit_allowlist = ["*"];
services =
let
domain = "federated.nexus";
subdomain = "matrix.${domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in
{
matrix-continuwuity = {
enable = true;
package = inputs.nixpkgs-continuwuity.legacyPackages.${pkgs.system}.matrix-continuwuity;
group = "caddy";
settings.global = {
server_name = domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [ ];
url_preview_domain_explicit_allowlist = [ "*" ];
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
support_email = "henry@henryhiles.com";
support_mxid = "@quadradical:${domain}";
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
support_email = "henry@henryhiles.com";
support_mxid = "@quadradical:${domain}";
};
};
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
};
}

13
clients/quadraticserver/redlib.nix
View file

@ -2,17 +2,18 @@
config,
pkgs,
...
}: {
}:
{
services = {
redlib = {
enable = true;
package = pkgs.redlib.overrideAttrs (oldAttrs: {
doCheck = false;
src = pkgs.fetchFromGitHub {
owner = "chowder";
owner = "redlib-org";
repo = "redlib";
rev = "47ef6a06d47416559609c385d5234d155938f3e3";
hash = "sha256-gsgWqVOUizSYFjSg9x+dG1VRWabvjpuCGjaG94q1cQY=";
rev = "a989d19ca92713878e9a20dead4252f266dc4936";
hash = "sha256-YJZVkCi8JQ1U47s52iOSyyf32S3b35pEqw4YTW8FHVY=";
};
});
@ -21,7 +22,9 @@
settings.REDLIB_DEFAULT_THEME = "nord";
};
caddy.authedHosts."redlib.federated.nexus" = with config.services.redlib; "reverse_proxy ${address}:${toString port}";
caddy.authedHosts."redlib.federated.nexus" =
with config.services.redlib;
"reverse_proxy ${address}:${toString port}";
};
systemd.services.redlib.serviceConfig.Restart = "always";

2
clients/quadraticserver/timezone.nix
View file

@ -1 +1 @@
{time.timeZone = "America/Toronto";}
{ time.timeZone = "America/Toronto"; }

32
clients/quadraticserver/vaultwarden.nix
View file

@ -1,17 +1,21 @@
{config, ...}: {
services = let
domain = "vault.henryhiles.com";
in {
vaultwarden = {
enable = true;
config = {
domain = "https://${domain}";
signupsAllowed = false;
passwordHintsAllowed = false;
rocketAddress = "127.0.0.2";
{ config, ... }:
{
services =
let
domain = "vault.henryhiles.com";
in
{
vaultwarden = {
enable = true;
config = {
domain = "https://${domain}";
signupsAllowed = false;
passwordHintsAllowed = false;
rocketAddress = "127.0.0.2";
};
};
};
caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy ${config.services.vaultwarden.config.rocketAddress}:8000";
};
caddy.virtualHosts."${domain}".extraConfig =
"reverse_proxy ${config.services.vaultwarden.config.rocketAddress}:8000";
};
}