phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update to NixOS 23.05

Browse source
This commit is contained in:
Paul-Henri Froidmont 2023-07-10 19:19:25 +02:00
parent e4c0ab4b3e
commit 27462b9e7e
Signed by: phfroidmont
GPG key ID: BE948AFD7E7873BE
7 changed files with 142 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

27
modules/dokuwiki.nix
View file

@ -18,7 +18,8 @@ let
sops.secrets."usersFile-${name}" = {
owner = "dokuwiki";
key = "wiki/${name}/users_file";
restartUnits = [ "phpfpm-dokuwiki-${name}.${config.networking.domain}.service" ];
restartUnits =
[ "phpfpm-dokuwiki-${name}.${config.networking.domain}.service" ];
};
services.dokuwiki.sites = {
@ -26,12 +27,13 @@ let
enable = true;
stateDir = "/nix/var/data/dokuwiki/${name}/data";
usersFile = config.sops.secrets."usersFile-${name}".path;
disableActions = "register";
templates = [ template-chippedsnow ];
extraConfig = ''
$conf['title'] = 'Chroniques d\'Arkadia';
$conf['template'] = 'chippedsnow';
'';
settings = {
useacl = true;
title = "Chroniques d`Arkadia";
template = "chippedsnow";
disableactions = "register";
};
};
};
@ -40,21 +42,14 @@ let
enableACME = true;
};
};
in
{
in {
options.custom.services.dokuwiki = {
enable = mkEnableOption "dokuwiki";
secretKeyFile = mkOption {
type = types.path;
};
secretKeyFile = mkOption { type = types.path; };
};
config = mkIf cfg.enable
(lib.mkMerge [
(configureWiki "anderia")
(configureWiki "arkadia")
]);
(lib.mkMerge [ (configureWiki "anderia") (configureWiki "arkadia") ]);
}

31
modules/mailserver.nix
View file

@ -1,22 +1,11 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
sops.secrets = {
paultrialPassword = {
key = "email/accounts_passwords/paultrial";
};
eliosPassword = {
key = "email/accounts_passwords/elios";
};
mariePassword = {
key = "email/accounts_passwords/marie";
};
alicePassword = {
key = "email/accounts_passwords/alice";
};
monitPassword = {
key = "email/accounts_passwords/monit";
};
paultrialPassword = { key = "email/accounts_passwords/paultrial"; };
eliosPassword = { key = "email/accounts_passwords/elios"; };
mariePassword = { key = "email/accounts_passwords/marie"; };
alicePassword = { key = "email/accounts_passwords/alice"; };
monitPassword = { key = "email/accounts_passwords/monit"; };
noreplyBanditlairPassword = {
key = "email/accounts_passwords/noreply_banditlair";
};
@ -41,10 +30,7 @@
"paultrial@banditlair.com" = {
# nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2 > /hashed/password/file/location
hashedPasswordFile = config.sops.secrets.paultrialPassword.path;
aliases = [
"contact@froidmont.org"
"account@banditlair.com"
];
aliases = [ "contact@froidmont.org" "account@banditlair.com" ];
};
"marie-alice@froidmont.org" = {
hashedPasswordFile = config.sops.secrets.mariePassword.path;
@ -190,8 +176,7 @@
"@falbo.fr" = "elios@banditlair.com";
};
certificateScheme = 3;
certificateScheme = "acme-nginx";
};
}

19
modules/openssh.nix
View file

@ -1,20 +1,13 @@
{ config, lib, ... }:
with lib;
let
cfg = config.custom.services.openssh;
in
{
options.custom.services.openssh = {
enable = mkEnableOption "openssh";
};
let cfg = config.custom.services.openssh;
in {
options.custom.services.openssh = { enable = mkEnableOption "openssh"; };
config = mkIf cfg.enable {
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keyFiles = [
../ssh_keys/froidmpa-desktop.pub
../ssh_keys/froidmpa-laptop.pub
];
services.openssh.settings.PermitRootLogin = "prohibit-password";
users.users.root.openssh.authorizedKeys.keyFiles =
[ ../ssh_keys/froidmpa-desktop.pub ../ssh_keys/froidmpa-laptop.pub ];
};
}