loooph
/
bib3.de-nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove commented out config and fix format

master
loooph 2021-08-31 20:51:15 +02:00
parent 005688c212
commit 7b0bd4e789
6 changed files with 21 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
configuration.nix
View File

@ -19,14 +19,10 @@
# Boot # Boot
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
#boot.loader.raspberryPi.enable = true;
#boot.loader.raspberryPi.version = 4;
boot.loader.generic-extlinux-compatible.enable = true; boot.loader.generic-extlinux-compatible.enable = true;
#boot.loader.generationsDir.enable = true;
# Kernel configuration # Kernel configuration
boot.kernelPackages = pkgs.linuxPackages_rpi4; boot.kernelPackages = pkgs.linuxPackages_rpi4;
#hardware.deviceTree.kernelPackage = pkgs.linux_rpi4;
boot.kernelParams = [ "console=ttyAMA0,115200n8" ]; boot.kernelParams = [ "console=ttyAMA0,115200n8" ];
# Enable additional firmware (such as Wi-Fi drivers). # Enable additional firmware (such as Wi-Fi drivers).
@ -40,19 +36,6 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true; networking.interfaces.eth0.useDHCP = true;
# simple wireguard vpn
#networking.wireguard.interfaces.wg0 = {
# ips = [ "10.0.69.1/24" ];
# privateKey = "EEMw16rqdUCLwuhSlGYINXwUGo+kj88EBTBjl/6QwFU=";
# listenPort = 51666;
# peers = [
# {
# allowedIPs = [ "10.0.69.0/24" ];
# publicKey = "uFNoJWwVEWHMn7FRrxQm//pDXsKXLyIA4x3y6Q9+wlY=";
# }
# ];
#};
security.acme.email = "webmaster@bib3.de"; security.acme.email = "webmaster@bib3.de";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
@ -63,10 +46,6 @@
services.openssh.enable = true; services.openssh.enable = true;
networking.firewall.allowPing = false; networking.firewall.allowPing = false;
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedUDPPorts = [ 51666 ]; # Wireguard
networking.firewall.extraCommands = ''
iptables -A INPUT -p tcp -s 95.90.117.138 -j ACCEPT
'';
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.loooph = { users.users.loooph = {

2
git.nix
View File

@ -15,7 +15,7 @@ in
''; '';
}; };
}; };
services.gitea = { services.gitea = {
enable = true; enable = true;
rootUrl = "https://git.bib3.de"; rootUrl = "https://git.bib3.de";

4
matrix-synapse.nix
View File

@ -15,7 +15,7 @@ in {
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@ -42,7 +42,7 @@ in {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
max_upload_size = "100M"; max_upload_size = "100M";
server_name = fqdn; server_name = fqdn;
registration_shared_secret = "aKCsb4AQyx7NPLDtyfRSR3ifmCDMb9NDMvaQnCznmI0VTHLNrckKQ8PNKOACYwkU"; registration_shared_secret = "aKCsb4AQyx7NPLDtyfRSR3ifmCDMb9NDMvaQnCznmI0VTHLNrckKQ8PNKOACYwkU";
listeners = [ listeners = [

15
nginx.nix
View File

@ -10,21 +10,20 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
# nginx would warn otherwise # nginx would warn otherwise
mapHashBucketSize = 64; mapHashBucketSize = 64;
virtualHosts = { virtualHosts = {
${fqdn} = { ${fqdn} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/default";
};
"www.${fqdn}" = {
enableACME = true;
#globalRedirect = "${fqdn}";
root = "/var/www/default"; root = "/var/www/default";
}; };
"www.${fqdn}" = {
enableACME = true;
root = "/var/www/default";
};
}; };
}; };
} }

13
openldap.nix
View File

@ -9,11 +9,6 @@
services.openldap = { services.openldap = {
enable = true; enable = true;
#database = "mdb";
#dataDir = "/var/lib/openldap";
#rootpwFile = "/etc/nixos/secret/openldaproot.pw";
#suffix = "o=bib3,c=DE";
#rootdn = "cn=admin,o=bib3,c=DE";
settings = { settings = {
children = { children = {
"cn=schema".includes = [ "cn=schema".includes = [
@ -74,21 +69,21 @@
loginShell: /run/current-system/sw/bin/bash loginShell: /run/current-system/sw/bin/bash
sn: sn:
givenName: givenName:
mail: mail:
userPassword: {CRYPT}$6$GRvHa9J1FuDnxZu4$oZT75ZDoh78JQ1GNQGtzftlL9HO6HPzouxdGsbyBCyDld/9skUC78/8m6YW.KE3k5p6pWMAZs.4iYvrhvDfwe. userPassword: {CRYPT}$6$GRvHa9J1FuDnxZu4$oZT75ZDoh78JQ1GNQGtzftlL9HO6HPzouxdGsbyBCyDld/9skUC78/8m6YW.KE3k5p6pWMAZs.4iYvrhvDfwe.
dn: cn=loooph, ou=users, o=bib3, c=DE dn: cn=loooph, ou=users, o=bib3, c=DE
objectclass: InetOrgPerson objectclass: InetOrgPerson
sn: sn:
givenName: givenName:
mail: mail:
userPassword: {CRYPT}$6$C906P7N7ZbqxjC38$BezcmyYs1XR45cAqUDkuoUyca2fchXzNnvhZsB/TmR5Py6M9xEERdIm9anyXkVMwVvBrMn9LujVXxKxSpuz.1. userPassword: {CRYPT}$6$C906P7N7ZbqxjC38$BezcmyYs1XR45cAqUDkuoUyca2fchXzNnvhZsB/TmR5Py6M9xEERdIm9anyXkVMwVvBrMn9LujVXxKxSpuz.1.
dn: cn=lmux, ou=users, o=bib3, c=DE dn: cn=lmux, ou=users, o=bib3, c=DE
objectclass: InetOrgPerson objectclass: InetOrgPerson
sn: sn:
givenName: givenName:
mail: mail:
userPassword: {CRYPT}$6$NGdlZVYAvETLQAb2$AXyC9myezCAGGq94HvyKRgjpvt04MGZXcMSMS5vP10Y.LzPot/DyRdIvx2LBs9rsOtTGsFYPCpTx7dnEK1LDs0 userPassword: {CRYPT}$6$NGdlZVYAvETLQAb2$AXyC9myezCAGGq94HvyKRgjpvt04MGZXcMSMS5vP10Y.LzPot/DyRdIvx2LBs9rsOtTGsFYPCpTx7dnEK1LDs0
dn: cn=imoc, ou=users, o=bib3, c=DE dn: cn=imoc, ou=users, o=bib3, c=DE

15
sd.nix
View File

@ -10,21 +10,20 @@ in
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
# nginx would warn otherwise # nginx would warn otherwise
mapHashBucketSize = 64; mapHashBucketSize = 64;
virtualHosts = { virtualHosts = {
${fqdn} = { ${fqdn} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/var/www/schwulesding";
};
"www.${fqdn}" = {
enableACME = true;
#globalRedirect = "${fqdn}";
root = "/var/www/schwulesding"; root = "/var/www/schwulesding";
}; };
"www.${fqdn}" = {
enableACME = true;
root = "/var/www/schwulesding";
};
}; };
}; };
} }