misschloe/nix-config
1
0
Fork 0
mirror of https://github.com/harryssecret/homelab-nix.git synced 2025-08-09 07:00:21 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: misschloe:211e10c0ee07ecb1a1891994ab8b268c156b7fb9
Branches Tags
misschloe:main
misschloe:next
...
compare: misschloe:72e0ccf47113b41a36e673615bbf25aa8d0ec758
Branches Tags
misschloe:main
misschloe:next

28 commits
211e10c0ee ... 72e0ccf471

Author SHA1 Message Date
kity
72e0ccf471 matched name to fe config 2025-08-07 19:38:28 +02:00
kity
4a818aa778 fix wrong naming 2025-08-07 19:33:24 +02:00
kity
3b5a637ec4 does it work if i rm things? 2025-08-07 19:31:57 +02:00
kity
c396982ef3 moved correctly the thing 2025-08-07 19:29:45 +02:00
kity
daad8bfe18 fix the place of the thing 2025-08-07 19:20:27 +02:00
kity
7b45af25f1 remove duplicated thing 2025-08-07 19:19:28 +02:00
kity
350a8bb4fd fixed depreciation warning 2025-08-07 19:18:35 +02:00
kity
f5fa3790a8 added missing library 2025-08-07 19:18:15 +02:00
kity
3c2662e5fc added missing ref 2025-08-07 19:16:34 +02:00
kity
43843a39e2 missing name for frontend 2025-08-07 19:15:30 +02:00
kity
7bd0e4459e why did i tried to use an overlay 2025-08-07 19:11:38 +02:00
kity
bf56f19574 dist does not exists 2025-08-07 19:03:04 +02:00
kity
08505b3933 added dist file 2025-08-07 18:54:19 +02:00
kity
194e9fd7a7 theres no postInstall 2025-08-07 18:26:14 +02:00
kity
c2de3f7cff try with postInstall 2025-08-07 18:25:02 +02:00
kity
7f485371d4 fixed path again 2025-08-07 18:22:15 +02:00
kity
b7cedb7933 changed path 2025-08-07 18:18:29 +02:00
kity
5c4ff80858 fix no buildInputs set 2025-08-07 18:07:49 +02:00
kity
d22840eb0a akkoma fe is a separate package 2025-08-07 18:06:05 +02:00
kity
710d7f5aea added ssh jail 2025-08-07 17:54:23 +02:00
kity
4ec9428370 tried another path 2025-08-07 17:54:15 +02:00
kity
ebdd3dccf5 file wont be created 2025-08-07 17:41:27 +02:00
kity
d9db3909c0 fixed not a list 2025-08-07 17:36:40 +02:00
kity
16d00b902b disabled nextcloud for the moment 2025-08-07 17:36:34 +02:00
kity
1b61750dcf tried removing out var 2025-08-07 17:34:11 +02:00
kity
41e9161fce caddy shouldnt handle https on this vm 2025-08-07 14:26:51 +02:00
kity
ae1eab6ff3 fix akkoma depreciation notice 2025-08-07 14:25:29 +02:00
kity
be289c7cef typo in akkoma config 2025-08-07 14:23:14 +02:00
2 changed files with 51 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

40
hosts/sisyphe/features/fail2ban.nix
View file

@ -5,24 +5,34 @@
ignoreIP = [ "192.168.1.0/24" ]; ignoreIP = [ "192.168.1.0/24" ];
extraPackages = [ ]; extraPackages = [ ];
jails = { jails = {
nextcloud = '' /*
enabled = true; nextcloud = ''
filter = nextcloud enabled = true;
port = http,https filter = nextcloud
''; port = http,https
}; '';
*/
};
sshd = ''
enabled = true
port = ssh
logpath = %(sshd_log)s
backend = %(sshd_backend)s
'';
}; };
environment.etc = { environment.etc = {
/*
"fail2ban/filter.d/nextcloud.conf".text = '' "fail2ban/filter.d/nextcloud.conf".text = ''
[Definition] [Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*) _groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?" datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed: failregex = ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error. ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed: ^[^{]*\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Two-factor challenge failed:
journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service journalmatch = _SYSTEMD_UNIT=phpfpm-nextcloud.service
''; '';
}; */
};
} }

47
hosts/sisyphe/features/services/akkoma.nix
View file

@ -26,24 +26,8 @@ let
"${theme}": "/static/themes/${theme}.json" "${theme}": "/static/themes/${theme}.json"
} }
''; '';
akkoma-overlay = self: super: {
akkoma = super.akkoma.overrideAttrs (old: {
postPatch = ''
mkdir -p $out/priv/static/themes
cp ${themeSrc} $out/priv/static/themes/${theme}.json
cp ${pkgs.writeText "styles.json" styles} $out/priv/static/themes
cp ${tosFile} $out/priv/static/terms-of-service.html
'';
buildInputs = old.buildInputs ++ [
pkgs.curl
];
});
};
in in
{ {
nixpkgs.overlays = [ akkoma-overlay ];
services.akkoma.enable = true; services.akkoma.enable = true;
services.akkoma.initDb.enable = true; services.akkoma.initDb.enable = true;
services.akkoma.config = { services.akkoma.config = {
@ -67,21 +51,42 @@ in
base_url = "https://blurb.rougebordeaux.xyz/media"; base_url = "https://blurb.rougebordeaux.xyz/media";
link_name = true; link_name = true;
filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [ filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [
"Pleroma.Upload.Filter.Exiftool" "Pleroma.Upload.Filter.Exiftool.StripMetadata"
"Pleroma.Upload.Filter.Dedupe" "Pleroma.Upload.Filter.Dedupe"
"Pleroma.Upload.Filter.AnonymizeFilename" "Pleroma.Upload.Filter.AnonymizeFilename"
]; ];
}; };
":configurable_from_database" = false; ":configurable_from_database" = false;
"frontend_configurations" = { ":frontend_configurations" = {
"pleroma_fe" = { "primary" = {
"theme" = "${theme}"; "theme" = "${theme}";
}; };
}; };
}; };
}; };
services.akkoma.frontends.primary = {
name = "akkoma-fe";
ref = "stable";
package =
pkgs.runCommand "akkoma-fe"
{
nativeBuildInputs = with pkgs; [
xorg.lndir
];
}
''
mkdir $out
lndir ${pkgs.akkoma-fe} $out
services.caddy.virtualHosts."${pleromaUrl}".extraConfig = '' cp ${themeSrc} $out/static/themes/${theme}.json
rm $out/static/styles.json
cp ${pkgs.writeText "styles.json" styles} $out/static/styles.json
rm $out/static/terms-of-service.html
cp ${tosFile} $out/static/terms-of-service.html
'';
};
services.caddy.virtualHosts."http://${pleromaUrl}".extraConfig = ''
log { log {
output file /var/log/caddy/akkoma.log output file /var/log/caddy/akkoma.log
} }
@ -90,7 +95,7 @@ in
reverse_proxy 127.0.0.1:4000 reverse_proxy 127.0.0.1:4000
''; '';
services.caddy.virtualHosts."${pleromaMediaUrl}".extraConfig = '' services.caddy.virtualHosts."http://${pleromaMediaUrl}".extraConfig = ''
log { log {
output file /var/log/caddy/akkoma_media.log output file /var/log/caddy/akkoma_media.log
} }