alteur/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

vps update

Browse source 
file sharing and forgejo
This commit is contained in:
alsaiduq-lab 2026-03-13 00:19:07 -06:00
parent 6f530b1d5d
commit ace2b38ec9
11 changed files with 329 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

64
hosts/server/copyparty.nix Normal file
View file

@ -0,0 +1,64 @@
{config, ...}: {
sops = {
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
secrets.copyparty = {
owner = "copyparty";
};
};
services.copyparty = {
enable = true;
settings = {
i = "127.0.0.1";
p = [3923];
e2dsa = true;
e2ts = true;
xff-src = "127.0.0.1";
og-ua = "(Discord|Twitter|Slack)bot";
};
accounts = {
admin.passwordFile = config.sops.secrets.copyparty.path;
};
volumes = {
"/" = {
path = "/srv/copyparty";
access = {
A = "admin";
g = "*";
};
flags = {
e2d = true;
dedup = true;
};
};
};
};
systemd.tmpfiles.rules = [
"d /srv/copyparty 0750 copyparty copyparty -"
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."share.monaie.ca" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3923";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
proxy_buffers 32 8k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_set_header Connection "Keep-Alive";
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
'';
};
};
};
}

34
hosts/server/filebrowser.nix Normal file
View file

@ -0,0 +1,34 @@
{...}: {
services.filebrowser = {
enable = true;
settings = {
address = "127.0.0.1";
port = 6767;
root = "/srv/filebrowser";
database = "/var/lib/filebrowser/filebrowser.db";
};
};
systemd.tmpfiles.rules = [
"d /srv/filebrowser 0750 filebrowser filebrowser -"
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."share.monaie.ca" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:6767";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
}

79
hosts/server/forgejo.nix Normal file
View file

@ -0,0 +1,79 @@
{...}: let
domain = "git.monaie.ca";
port = 3000;
in {
services.postgresql = {
enable = true;
ensureDatabases = ["forgejo"];
ensureUsers = [
{
name = "forgejo";
ensureDBOwnership = true;
}
];
};
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = port;
SSH_DOMAIN = domain;
};
service = {
DISABLE_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
session = {
PROVIDER = "redis";
PROVIDER_CONFIG = "network=unix,addr=/run/redis-forgejo/redis.sock,db=0,pool_size=100,idle_timeout=180";
};
cache = {
ADAPTER = "redis";
HOST = "network=unix,addr=/run/redis-forgejo/redis.sock,db=1,pool_size=100,idle_timeout=180";
};
queue = {
TYPE = "redis";
CONN_STR = "network=unix,addr=/run/redis-forgejo/redis.sock,db=2";
};
log.LEVEL = "Warn";
security.INSTALL_LOCK = true;
actions.ENABLED = false;
};
};
services.redis.servers.forgejo = {
enable = true;
port = 0;
unixSocket = "/run/redis-forgejo/redis.sock";
unixSocketPerm = 660;
};
users.users.forgejo.extraGroups = ["redis-forgejo"];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
extraConfig = "client_max_body_size 0M;";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
proxyWebsockets = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "riiidge.racer@gmail.com";
};
}

6
hosts/server/networking.nix
View file

@ -1,8 +1,4 @@
{
config,
lib,
...
}: {
{...}: {
networking = {
hostName = "magus";
useDHCP = false;

6
hosts/server/redis.nix
View file

@ -1,8 +1,4 @@
{
config,
pkgs,
...
}: {
{...}: {
services.redis.servers."" = {
enable = true;
bind = "127.0.0.1";

6
hosts/server/security.nix
View file

@ -1,8 +1,4 @@
{
config,
pkgs,
...
}: {
{pkgs, ...}: {
services.openssh = {
enable = true;
ports = [8123];