mysaa/midori-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added services

Browse Source
This commit is contained in:
Samy Avrillon 2025-11-02 22:52:16 +01:00
parent c31bd41a30
commit 577b10906a
No known key found for this signature in database
GPG Key ID: 4E77725580DA73CE
9 changed files with 182 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
README.md
View File

@ -1,5 +1,6 @@
Inspiration from https://gitlab.aliens-lyon.fr/AliENS/infrastructure
# Install
## Make a disk image
@ -34,17 +35,34 @@ print("Mot de passe:",pc)
```Bash
# Write disk encryption password to secret.key
#### Write disk encryption password to secret.key
echo "motdepasse" > secret.key
# Connect to ssh, run kexec to nixos install rom, and format disko
#### Connect to ssh, run kexec to nixos install rom, and format disko
nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases kexec,disko
# Mount persistence directories that nixos will install stuff into
#### Mount persistence directories that nixos will install stuff into
mkdir -p /mnt/persistence/nix
mkdir -p /mnt/persistence/var/lib/nixos
mount --bind -m -o X-fstrim.notrim /mnt/persistence/nix /mnt/nix
mount --bind -m -o X-fstrim.notrim /mnt/persistence/var/lib/nixos /mnt/var/lib/nixos
# Run the install phase
#### Run the install phase
nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases install
```
# Update
From a nixos system, checked out in this tree:
```
nixos-rebuild --flake .#midori --target-host mysaa@midori --use-remote-sudo switch
```
# Services
## External ports
SSH Port 2168
## Internal ports
Gitea Port 2301

22
flake.lock generated
View File

@ -124,9 +124,31 @@
"disko": "disko",
"impermanence": "impermanence",
"nixpkgs": "nixpkgs",
"sdow": "sdow",
"treefmt-nix": "treefmt-nix"
}
},
"sdow": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1762102527,
"narHash": "sha256-m7O61TeM6wDZu64XyLuKqMpM34pttDxfK+6w/kVM+RQ=",
"owner": "MysaaJava",
"repo": "sdow",
"rev": "923c40aecbd4b889f4682520522c115ac06f9448",
"type": "github"
},
"original": {
"owner": "MysaaJava",
"ref": "stuff",
"repo": "sdow",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

5
flake.nix
View File

@ -21,6 +21,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
sdow = {
url = "github:MysaaJava/sdow?ref=stuff";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =

5
profiles/mysaa.nix
View File

@ -1,6 +1,6 @@
{ ... }:
{
config.users.users.mysaa = {
users.users.mysaa = {
extraGroups = [ "wheel" ];
isNormalUser = true;
openssh.authorizedKeys.keys = [
@ -9,4 +9,7 @@
hashedPassword = "$y$j9T$DR/KwQM8rJAzad6Rv8GhO0$nOeNLBoSYiniiLb9MkgU1//HpWpvbBhKm1JbsI3ZoZ7";
};
# Allows mysaa to nixos-rebuild from a remote host
nix.settings.trusted-users = [ "mysaa" ];
}

9
services/apache.nix Normal file
View File

@ -0,0 +1,9 @@
{...}: {
services.httpd.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.persistence."/persistence".directories = [
"/var/lib/certs/"
];
}

7
services/default.nix
View File

@ -1,3 +1,10 @@
inputs: {
imports = [
./postgresql.nix
./apache.nix
./gitea.nix
./sdow.nix
];
}

42
services/gitea.nix Normal file
View File

@ -0,0 +1,42 @@
{ ... }: {
services.gitea = {
enable = true;
database = {
user = "gitea";
name = "gitea";
type = "postgres";
socket = "/run/postgresql/";
password = "8/xdr6EkKvMyGLhBz5atFN1GFntN8GdjVbVZUadcoyE"; #TODO change to passwordFile (and change password)
};
stateDir = "/var/lib/gitea/data/";
settings = {
"server" = {
ALLOW_DOWAIN = "https://git.bernard.com.de";
HTTP_PORT = 2301; #TODO Make these midori config settings
#TODO change to unix socket
};
};
};
services.httpd.virtualHosts."gitea" = {
hostName = "git.bernard.com.de";
forceSSL = true;
sslServerCert = "/var/lib/certs/bernard.com.de/fullchain.pem";
sslServerKey = "/var/lib/certs/bernard.com.de/privkey.pem";
sslServerChain = "/var/lib/certs/bernard.com.de/fullchain.pem";
locations."/" = {
proxyPass = "http://localhost:2301/";
};
};
environment.persistence."/persistence".directories = [
"/var/lib/gitea/data/"
];
}

12
services/postgresql.nix Normal file
View File

@ -0,0 +1,12 @@
{ ... }: {
services.postgresql = {
enable = true;
settings.port = 5432;
enableTCPIP = false;
};
environment.persistence."/persistence".directories = [
"/var/lib/postgresql/data/"
];
}

59
services/sdow.nix Normal file
View File

@ -0,0 +1,59 @@
{ sdow, pkgs, lib, system, ... }: let
sdow-env-file = pkgs.writeTextFile {
name = "env.js";
text = ''
window.env = {
"SDOW_API_URL": "https://sdow.bernard.com.de/api/paths",
"WIKIPEDIA_API_URL": "https://fr.wikipedia.org/w/api.php",
"WIKIPEDIA_BASE_URL": "https://fr.wikipedia.org/wiki/",
"WIKIPEDIA_API_USERAGENT": "Six Degrees of Wikipedia/1.0 (https://sdow.bernard.com.de/; mysaa@hadoly.fr)"
};
'';
destination = "/env.js";
};
sdow-website = pkgs.symlinkJoin {
name = "sdow";
paths = [
sdow-env-file
sdow.packages.${pkgs.system}.sdow
];
};
in {
services.httpd.virtualHosts."sdow" = {
hostName = "sdow.bernard.com.de";
forceSSL = true;
sslServerCert = "/var/lib/certs/bernard.com.de/fullchain.pem";
sslServerKey = "/var/lib/certs/bernard.com.de/privkey.pem";
sslServerChain = "/var/lib/certs/bernard.com.de/fullchain.pem";
documentRoot = "${sdow-website}";
locations."/api" = {
proxyPass = "http://localhost:2302";
};
};
systemd.services."sdow-api" = {
description = "Sdow Backend API";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart="${sdow.apps.${pkgs.system}.sdow-api.program} /var/lib/sdow/sdow.sqlite /var/lib/sdow/searches.sqlite 2302";
Environment="GUNICORN_PORT=2302";
ExecReload="kill -s HUP $MAINPID";
KillMode="mixed";
TimeoutStopSec=5;
PrivateTmp=true;
};
};
environment.persistence."/persistence".files = [
"/var/lib/sdow/sdow.sqlite"
"/var/lib/sdow/searches.sqlite"
];
}