Merge pull request 'Update element-web, matrix-synapse' (#121) from chore/flake-updates into main
Reviewed-on: #121 Reviewed-by: b12f <b12f@noreply.git.pub.solar>
commit
787f0441e2
24
flake.lock
24
flake.lock
|
@ -224,11 +224,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709554374,
|
||||
"narHash": "sha256-1yYgwxBzia+QrOaQaZ6YKqGFfiQcSBwYLzd9XRsRLQY=",
|
||||
"lastModified": 1710717205,
|
||||
"narHash": "sha256-Wf3gHh5uV6W1TV/A8X8QJf99a5ypDSugY4sNtdJDe0A=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "daa03606dfb5296a22e842acb02b46c1c4e9f5e7",
|
||||
"rev": "bcc8afd06e237df060c85bad6af7128e05fd61a3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -240,11 +240,11 @@
|
|||
},
|
||||
"nixos-flake": {
|
||||
"locked": {
|
||||
"lastModified": 1708785992,
|
||||
"narHash": "sha256-0gEsD/EpKrbLuLcYT9CXIVEY6ChmVvVTZJDAsqBXDhg=",
|
||||
"lastModified": 1710867744,
|
||||
"narHash": "sha256-wtAZ+zhW5kMkiOomEA27p+T3M5ZNgY6U4zB+03/EJDs=",
|
||||
"owner": "srid",
|
||||
"repo": "nixos-flake",
|
||||
"rev": "50203d68b305abff2f29e555992eb55ddeffbcd5",
|
||||
"rev": "05f9464e282dee5a706273f50344a8201d8980b5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -255,11 +255,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1709569716,
|
||||
"narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=",
|
||||
"lastModified": 1710838473,
|
||||
"narHash": "sha256-RLvwdQSENKOaLdKhNie8XqHmTXzNm00/M/THj6zplQo=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "617579a787259b9a6419492eaac670a5f7663917",
|
||||
"rev": "fa9f817df522ac294016af3d40ccff82f5fd3a63",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -405,11 +405,11 @@
|
|||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1709479366,
|
||||
"narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=",
|
||||
"lastModified": 1710806803,
|
||||
"narHash": "sha256-qrxvLS888pNJFwJdK+hf1wpRCSQcqA6W5+Ox202NDa0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b8697e57f10292a6165a20f03d2f42920dfaf973",
|
||||
"rev": "b06025f1533a1e07b6db3e75151caa155d1c7eb3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -63,6 +63,7 @@
|
|||
deploy-rs
|
||||
nixpkgs-fmt
|
||||
agenix
|
||||
age-plugin-yubikey
|
||||
cachix
|
||||
editorconfig-checker
|
||||
nodePackages.prettier
|
||||
|
|
|
@ -72,7 +72,7 @@
|
|||
autoStart = true;
|
||||
user = "994";
|
||||
ports = [
|
||||
"4000:80"
|
||||
"127.0.0.1:4000:80"
|
||||
];
|
||||
dependsOn = [ "drone-db" ];
|
||||
extraOptions = [
|
||||
|
|
|
@ -0,0 +1,145 @@
|
|||
{ config
|
||||
, lib
|
||||
, pkgs
|
||||
, self
|
||||
, ...
|
||||
}: let
|
||||
uid = 980;
|
||||
gid = 979;
|
||||
in {
|
||||
age.secrets.loomio-environment = {
|
||||
file = "${flake.self}/secrets/loomio-environment.age";
|
||||
symlink = false;
|
||||
mode = "440";
|
||||
owner = "loomio";
|
||||
group = "loomio";
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
authentication = ''
|
||||
host loomio all 172.17.0.0/16 password
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.loomio = {
|
||||
isSystemUser = true;
|
||||
group = "loomio";
|
||||
inherit uid;
|
||||
};
|
||||
users.groups.loomio = { inherit gid; };
|
||||
|
||||
services.nginx.virtualHosts."decide.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."channels.decide.pub.solar" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
proxy_pass http://127.0.0.1:3001;
|
||||
proxy_set_header Host $host;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
oci-containers = let
|
||||
loomioConfig = {
|
||||
image = "loomio/loomio:stable";
|
||||
|
||||
autoStart = true;
|
||||
|
||||
volumes = [
|
||||
"/run/redis-loomio/redis.sock:/run/redis/redis.sock"
|
||||
"/var/lib/loomio/uploads:/loomio/public/system"
|
||||
"/var/lib/loomio/storage:/loomio/storage"
|
||||
"/var/lib/loomio/files:/loomio/public/files"
|
||||
"/var/lib/loomio/plugins:/loomio/plugins/docker"
|
||||
"/var/lib/loomio/tmp:/loomio/tmp"
|
||||
];
|
||||
|
||||
extraOptions = [
|
||||
"--add-host=host.docker.internal:host-gateway"
|
||||
"--pull=always"
|
||||
];
|
||||
|
||||
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
||||
|
||||
environment = {
|
||||
CANONICAL_HOST = "";
|
||||
SUPPORT_EMAIL = "";
|
||||
SITE_NAME = "";
|
||||
REPLY_HOSTNAME = "";
|
||||
CHANNELS_URI = "";
|
||||
HELPER_BOT_EMAIL = "no-reply@";
|
||||
|
||||
SMTP_AUTH = "plain";
|
||||
SMTP_DOMAIN = "";
|
||||
SMTP_SERVER = "smtp.example.com";
|
||||
SMTP_PORT = "465";
|
||||
SMTP_USE_SSL = "1";
|
||||
|
||||
ACTIVE_STORAGE_SERVICE = "local";
|
||||
|
||||
ALLOW_ROBOTS = "0";
|
||||
|
||||
THEME_ICON_SRC = "/files/icon.png";
|
||||
THEME_APP_LOGO_SRC = "/files/logo.svg";
|
||||
THEME_EMAIL_HEADER_LOGO_SRC = "/files/logo_128h.png";
|
||||
THEME_EMAIL_FOOTER_LOGO_SRC = "/files/logo_64h.png";
|
||||
|
||||
# used in emails. use rgb or hsl values, not hex
|
||||
THEME_PRIMARY_COLOR = "rgb(255,167,38)";
|
||||
THEME_ACCENT_COLOR = "rgb(0,188,212)";
|
||||
THEME_TEXT_ON_PRIMARY_COLOR = "rgb(255,255,255)";
|
||||
THEME_TEXT_ON_ACCENT_COLOR = "rgb(255,255,255)";
|
||||
|
||||
REDIS_URL = "unix:///run/redis/redis.sock";
|
||||
|
||||
CHANNELS_URI = "wss://channels.";
|
||||
|
||||
RAILS_ENV = "production";
|
||||
};
|
||||
};
|
||||
in {
|
||||
backend = "docker";
|
||||
|
||||
containers."loomio" = loomioConfig // {
|
||||
ports = [ "127.0.0.1:3001:3000" ];
|
||||
volumes = [ "/var/lib/loomio/import:/import" ];
|
||||
};
|
||||
|
||||
containers."loomio-worker" = loomioConfig // {
|
||||
environment = {
|
||||
TASK = "worker";
|
||||
};
|
||||
volumes = [ "/var/lib/loomio/import:/import" ];
|
||||
};
|
||||
|
||||
containers."loomio-mailin" = {
|
||||
image = "loomio/mailin-docker:latest";
|
||||
autoStart = true;
|
||||
};
|
||||
|
||||
containers."loomio-channels" = {
|
||||
image = "loomio/loomio_channel_server";
|
||||
autoStart = true;
|
||||
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.servers.loomio.enable = true;
|
||||
}
|
|
@ -15,6 +15,7 @@
|
|||
./apps/coturn.nix
|
||||
./apps/forgejo.nix
|
||||
./apps/keycloak.nix
|
||||
./apps/loomio.nix
|
||||
./apps/mailman.nix
|
||||
./apps/mastodon.nix
|
||||
./apps/mediawiki.nix
|
||||
|
|
Binary file not shown.
|
@ -2,6 +2,8 @@ let
|
|||
# set ssh public keys here for your system and user
|
||||
axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix";
|
||||
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
|
||||
b12f-yubi485 = "age1yubikey1qgxuu2x3uzw7k5pg5sp2dv43edhwdz3xuhj7kjqrnw0p8t0l67c5yz9nm6q";
|
||||
b12f-yubi464 = "age1yubikey1qd7szmr9ux2znl4x4hzykkwaru60nr4ufu6kdd88sm7657gjz4x5w0jy4y7";
|
||||
hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb";
|
||||
hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy";
|
||||
teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||
|
@ -12,6 +14,8 @@ let
|
|||
baseKeys = [
|
||||
axeman-1
|
||||
b12f-bbcom
|
||||
b12f-yubi485
|
||||
b12f-yubi464
|
||||
hensoko-1
|
||||
hensoko-2
|
||||
teutat3s-1
|
||||
|
@ -52,6 +56,8 @@ in
|
|||
|
||||
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"loomio-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
|
||||
|
@ -72,3 +78,4 @@ in
|
|||
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
|
||||
}
|
||||
|
||||
|
|
|
@ -105,6 +105,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
|||
type = "CNAME"
|
||||
address = "nachtigall.pub.solar."
|
||||
}
|
||||
record {
|
||||
hostname = "decide"
|
||||
type = "CNAME"
|
||||
address = "decide.pub.solar."
|
||||
}
|
||||
record {
|
||||
hostname = "mastodon"
|
||||
type = "CNAME"
|
||||
|
|
Loading…
Reference in New Issue