gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Migrate services from Kyouko to Daiyousei: part 1

Browse source
This commit is contained in:
kat witch 2021-12-21 22:08:56 +00:00 committed by kat
parent bfe2f67da2
commit 04992dc784
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
10 changed files with 22 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/hosts/daiyousei.nix
View file

@ -4,6 +4,12 @@
profiles.hardware.oracle.ubuntu
profiles.network
services.nginx
services.gitea
services.murmur
services.murmur-ldap
services.prosody
services.synapse
services.syncplay
services.filehost
services.keycloak
services.vikunja
@ -11,7 +17,9 @@
services.openldap
services.mail
services.hedgedoc
services.website
services.dnscrypt-proxy
services.vaultwarden
];
kw.oci = {

6
config/hosts/goliath.nix
View file

@ -151,15 +151,15 @@
displays = {
"HDMI-A-1" = {
res = "1920x1080";
pos = "0 0";
pos = "1920 0";
};
"DVI-D-1" = {
res = "1920x1200";
pos = "1920 0";
pos = "3840 0";
};
"DP-1" = {
res = "1920x1080";
pos = "3840 0";
pos = "0 0";
};
};
bamboo.display = "HDMI-A-1";

8
config/hosts/kyouko.nix
View file

@ -10,19 +10,11 @@ with lib;
profiles.network
users.kat.server
users.kat.services.weechat
services.gitea
services.logrotate
services.synapse
services.murmur
services.murmur-ldap
services.nginx
services.postgres
services.prosody
services.restic
services.syncplay
services.taskserver
services.vaultwarden
services.website
services.weechat
services.znc
];

2
config/profiles/hardware/default.nix
View file

@ -20,7 +20,7 @@
ryzen
amdgpu
laptop
wifi
networkmanager
];
};
x270 = {

4
config/services/keycloak.nix
View file

@ -3,6 +3,9 @@
in {
services.keycloak = {
enable = builtins.getEnv "CI_PLATFORM" == "impure";
package = (pkgs.keycloak.override {
jre = pkgs.openjdk11;
});
bindAddress = "127.0.0.1";
httpPort = "8089";
httpsPort = "8445";
@ -38,6 +41,7 @@ in {
security.acme.certs.domain-auth = {
group = "domain-auth";
postRun = ''
${pkgs.adoptopenjdk-jre-bin}/bin/keytool -delete -alias auth.kittywit.ch -keypass ${keystore-pass} -storepass ${keystore-pass} -keystore ./trust-store.jks
${pkgs.adoptopenjdk-jre-bin}/bin/keytool -import -alias auth.${config.network.dns.domain} -noprompt -keystore trust-store.jks -keypass ${keystore-pass} -storepass ${keystore-pass} -file cert.pem
chown acme:domain-auth ./trust-store.jks
'';

1
config/services/murmur.nix
View file

@ -36,7 +36,6 @@ in
${optionalString forking "pidfile=/run/murmur/murmurd.pid"}
welcometext="${cfg.welcometext}"
port=${toString cfg.port}
${if cfg.hostName == "" then "" else "host="+cfg.hostName}
${if cfg.password == "" then "" else "serverpassword="+cfg.password}
bandwidth=${toString cfg.bandwidth}
users=${toString cfg.users}

4
config/services/prosody.nix
View file

@ -69,13 +69,13 @@ with lib;
services_prosody_xmpp = {
inherit (config.network.dns) zone;
domain = "xmpp";
a.address = config.network.addresses.public.nixos.ipv4.address;
a.address = config.network.addresses.public.nixos.ipv4.selfaddress;
};
services_prosody_xmpp_v6 = {
inherit (config.network.dns) zone;
domain = "xmpp";
aaaa.address = config.network.addresses.public.nixos.ipv6.address;
aaaa.address = config.network.addresses.public.nixos.ipv6.selfaddress;
};
services_prosody_upload = {

3
config/services/website.nix
View file

@ -5,9 +5,10 @@
services.nginx.virtualHosts = {
"${config.network.dns.domain}" = {
root = pkgs.kittywitch-site;
#root = pkgs.kittywitch-site;
enableACME = true;
forceSSL = true;
};
};
}

2
config/tf

@ -1 +1 @@
Subproject commit 91453a80e77a738d247ec55f2df42a504c3c3d0f
Subproject commit c8f2b37479367758f7518859b335e641d4833eef

2
overlays/default.nix
View file

@ -15,7 +15,7 @@ let
]);
config = {
allowUnfree = true;
allowUnsupportedSystem = true;
allowBroken = true;
permittedInsecurePackages = [
"ffmpeg-3.4.8"
"ffmpeg-2.8.17"