hacc
/
haccfiles
8
0
Fork 1
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Merge branch 'main' into add-help-studentsforfuture-info

keep-around/dbd4b66411bd9576e7866a3f6cc9491f6b9ac17b
schweby 2021-09-28 21:23:02 +02:00
parent 86b1f884f2 56cbb7601b
commit dbd4b66411
9 changed files with 81 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
common/default.nix
View File

@ -36,7 +36,6 @@ in {
security.sudo.wheelNeedsPassword = lib.mkDefault false;
i18n.defaultLocale = "en_IE.UTF-8";
time.timeZone = "UTC";
console = {
font = "Lat2-Terminus16";
keyMap = "de";

1
desktop/default.nix
View File

@ -20,6 +20,7 @@
] ++ (with pkgs; [ alacritty picom feh copyq polybar cinnamon.nemo rofi arandr notepadqq nomacs bat ]);
sound.enable = true;
time.timeZone = "Europe/Berlin";
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;

1
hosts/parsons/configuration.nix
View File

@ -21,6 +21,7 @@
../../services/gitlab-runner.nix
../../services/unifi.nix
../../services/lantifa.nix
../../services/vaultwarden.nix
./lxc.nix
];

7
modules/default.nix
View File

@ -5,5 +5,12 @@ in {
imports = [
./nftnat
./decklink.nix
"${sources.nixpkgs-unstable}/nixos/modules/services/security/vaultwarden"
];
# disabled since vaultwarden defines a dummy bitwarden_rs option that
# shows a deprication warning, which conflicts with this module
disabledModules = [
"services/security/bitwarden_rs/default.nix"
];
}

38
nix/sources.json
View File

@ -11,10 +11,10 @@
"homepage": "https://nix-community.github.io/home-manager/",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f5adb9be829f487f99bcc0f1884f74ddb85f70c8",
"sha256": "1x77fglv81rrpihkv8vnl1023hawg83k42vbflp76blgljv1sxm7",
"rev": "7d9ba15214004c979d2c8733f8be12ce6502cf8a",
"sha256": "18kmvzinsi9xgm81dk5kyd03m3y5nn125kmbkxf66xasrg13yqdv",
"type": "tarball",
"url": "https://github.com/nix-community/home-manager/archive/f5adb9be829f487f99bcc0f1884f74ddb85f70c8.tar.gz",
"url": "https://github.com/nix-community/home-manager/archive/7d9ba15214004c979d2c8733f8be12ce6502cf8a.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"mattermost-server": {
@ -23,19 +23,19 @@
"homepage": "https://mattermost.com",
"owner": "mattermost",
"repo": "mattermost-server",
"rev": "a6629129eaa30e791706add18d0f3f51a688592b",
"sha256": "1vihpmy7253yl87arlz8y9rahk1q69blykwm3172dk1hxajr7c13",
"rev": "28ef5856ed5f1c3cfb29a869cb6f14662f964ff3",
"sha256": "0qcl32lidvwjrg8kil8a67141lnbrdx3hha0y9cwdlz8b6l8gxsz",
"type": "tarball",
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v5.37.1.tar.gz",
"url": "https://github.com/mattermost/mattermost-server/archive/refs/tags/v5.39.0.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/refs/tags/v<version>.tar.gz",
"version": "5.37.1"
"version": "5.39.0"
},
"mattermost-webapp": {
"sha256": "00q1kcfda2z69ijpw71a6cbj76p5f57nj7pym44pp4cadi2wz180",
"sha256": "1dm7zswz61p1008hkz0c4maq8382p8iv5kmc4ivzlqd2hhixbvvg",
"type": "tarball",
"url": "https://releases.mattermost.com/5.37.1/mattermost-5.37.1-linux-amd64.tar.gz",
"url": "https://releases.mattermost.com/5.39.0/mattermost-5.39.0-linux-amd64.tar.gz",
"url_template": "https://releases.mattermost.com/<version>/mattermost-<version>-linux-amd64.tar.gz",
"version": "5.37.1"
"version": "5.39.0"
},
"mumble-website": {
"branch": "master",
@ -49,10 +49,10 @@
"homepage": "https://github.com/nmattia/niv",
"owner": "nmattia",
"repo": "niv",
"rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070",
"sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx",
"rev": "65a61b147f307d24bfd0a5cd56ce7d7b7cc61d2e",
"sha256": "17mirpsx5wyw262fpsd6n6m47jcgw8k2bwcp1iwdnrlzy4dhcgqh",
"type": "tarball",
"url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz",
"url": "https://github.com/nmattia/niv/archive/65a61b147f307d24bfd0a5cd56ce7d7b7cc61d2e.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nix-hexchen": {
@ -81,10 +81,10 @@
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "74d017edb6717ad76d38edc02ad3210d4ad66b96",
"sha256": "0wvz41izp4djzzr0a6x54hcm3xjr51nlj8vqghfgyrjpk8plyk4s",
"rev": "6120ac5cd201f6cb593d1b80e861be0342495be9",
"sha256": "04mrjxr1qsdcgcryx7yy72cgcw14c0770gfcgzrdfpnvmjdgbi9i",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/74d017edb6717ad76d38edc02ad3210d4ad66b96.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/6120ac5cd201f6cb593d1b80e861be0342495be9.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"nixpkgs-unstable": {
@ -93,10 +93,10 @@
"homepage": "",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28",
"sha256": "059hbdy43m448ccdi8fmglz9b980hv8fhpa695pl9cyi4lx3nlq4",
"rev": "79c444b5bdeaba142d128afddee14c89ecf2a968",
"sha256": "1qpkmv90b7sf2dvrc24nm8x2ws78w4aif1qi1zlglqssxfy888jm",
"type": "tarball",
"url": "https://github.com/nixos/nixpkgs/archive/21c937f8cb1e6adcfeb36dfd6c90d9d9bfab1d28.tar.gz",
"url": "https://github.com/nixos/nixpkgs/archive/79c444b5bdeaba142d128afddee14c89ecf2a968.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"pbb-nixfiles": {

2
pkgs/companion/default.nix
View File

@ -11,7 +11,7 @@ let
};
nodeHeaders = fetchurl {
url = "https://nodejs.org/download/release/v${nodejs.version}/node-v${nodejs.version}-headers.tar.gz";
sha256 = "19xsyjg9y71fw7hhz2f0nsfrijlyrk8ma9gs5kiq0y824lwnmyi4";
sha256 = "0jzczy67qgw7arq8rprxv9wwb4axjjrhx72ss6a4rw5x08w58hbq";
};
webui = mkYarnPackage rec {
inherit version;

2
pkgs/default.nix
View File

@ -60,7 +60,7 @@ let
'';
};
inherit (unstable) bottom;
inherit (unstable) bottom vaultwarden vaultwarden-vault;
};
in pkgs.extend(_: _: newpkgs)

4
services/lantifa.nix
View File

@ -80,8 +80,8 @@ in {
sha256 = "1k0z44jfqsxzwy6jjz3yfibiq8wi845d5iwwh8j3yijn2854fj0i";
};
intersection = pkgs.fetchzip { # This is the DynamicPageList extension
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-789511a.tar.gz";
sha256 = "0b5viv0d2pm1g68hynm8xbvcyw2cr3lgaxbqzdykk2yvvhc4w8j5";
url = "https://extdist.wmflabs.org/dist/extensions/intersection-REL1_36-6ab9c9c.tar.gz";
sha256 = "03xyahqafgz174kmh14sqkqkx4nihdj2i0j8s97sycf2nzla63ww";
};
PageForms = pkgs.fetchzip {
url = "https://github.com/wikimedia/mediawiki-extensions-PageForms/archive/5.0.1.zip";

49
services/vaultwarden.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
config = {
DATA_FOLDER="/persist/var/lib/vaultwarden/data";
LOG_LEVEL="error";
SIGNUPS_ALLOWED=false;
SIGNUPS_VERIFY=true;
SIGNUPS_DOMAINS_WHITELIST="hacc.space";
ORG_CREATION_USERS="admin@hacc.space";
INVITATIONS_ALLOWED=true;
INVITATION_ORG_NAME="haccwarden";
TRASH_AUTO_DELETE_DAYS=90;
DOMAIN="https://pw.hacc.space";
ROCKET_ADDRESS="127.0.0.1";
ROCKET_PORT=5354;
ROCKET_WORKERS=2;
SMTP_HOST="mail.hacc.space";
SMTP_FROM="vaultwarden@hacc.space";
SMTP_FROM_NAME="haccwarden";
SMTP_PORT=587;
SMTP_USERNAME="noreply@infra4future.de";
};
environmentFile = "/persist/var/lib/vaultwarden/vaultwarden.env"; #contains SMTP_PASSWORD
dbBackend = "sqlite";
backupDir = "/persist/data/vaultwarden_backups/";
};
#work around ProtectSystem=strict, cleanup
systemd.services.vaultwarden.serviceConfig = {
ReadWritePaths = [ "/persist/var/lib/vaultwarden" ];
StateDirectory = lib.mkForce "";
};
services.nginx.virtualHosts."pw.hacc.space" = {
locations."/" = {
proxyPass = "http://127.0.0.1:5354";
proxyWebsockets = true;
};
forceSSL = true;
enableACME = true;
};
}