Compare commits
10 commits
93b757b915
...
f45f45b426
Author | SHA1 | Date | |
---|---|---|---|
Natsu Kagami | f45f45b426 | ||
Natsu Kagami | b91190022f | ||
Natsu Kagami | 43b6885983 | ||
Natsu Kagami | f592e1e897 | ||
Natsu Kagami | f0ec9c2ad1 | ||
Natsu Kagami | 1bc774c24f | ||
Natsu Kagami | 137a809232 | ||
Natsu Kagami | b485be966a | ||
Natsu Kagami | 0e936ee2bb | ||
Natsu Kagami | 4554c04549 |
31
flake.lock
31
flake.lock
|
@ -404,16 +404,16 @@
|
|||
"nixos-m1": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable-asahi"
|
||||
"nixpkgs-unstable"
|
||||
],
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1679451428,
|
||||
"narHash": "sha256-Xk3WBlejWUpnuOnMZzTH7mV/bTRxKIrln871ba3uQjI=",
|
||||
"lastModified": 1683434835,
|
||||
"narHash": "sha256-idBmY6LKkB5hTcTFroUi1oQdCK1/fDfJA+qNaivl1Wk=",
|
||||
"owner": "tpwrules",
|
||||
"repo": "nixos-apple-silicon",
|
||||
"rev": "696d7b4ac7ca05684a3cceedd44acfd0d1c5f1e3",
|
||||
"rev": "ef6f0de57ef175e0de8c7e846a95481ac6f4ce58",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -456,11 +456,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1681753173,
|
||||
"narHash": "sha256-MrGmzZWLUqh2VstoikKLFFIELXm/lsf/G9U9zR96VD4=",
|
||||
"lastModified": 1683442750,
|
||||
"narHash": "sha256-IiJ0WWW6OcCrVFl1ijE+gTaP0ChFfV6dNkJR05yStmw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0a4206a51b386e5cda731e8ac78d76ad924c7125",
|
||||
"rev": "eb751d65225ec53de9cf3d88acbf08d275882389",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -470,22 +470,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable-asahi": {
|
||||
"locked": {
|
||||
"lastModified": 1681740123,
|
||||
"narHash": "sha256-RrcHEqm+f04nFpQQSnsGsUhJb2mNuqfdcGWL2DREEaY=",
|
||||
"owner": "natsukagami",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "55325c13e8f5c06a57a210b30a19b2fbebe185f1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "natsukagami",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1665934222,
|
||||
|
@ -616,7 +600,6 @@
|
|||
"nixos-m1": "nixos-m1",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nixpkgs-unstable-asahi": "nixpkgs-unstable-asahi",
|
||||
"nur": "nur",
|
||||
"rnix-lsp": "rnix-lsp",
|
||||
"secrets": "secrets",
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
||||
nixpkgs-unstable-asahi.url = "github:natsukagami/nixpkgs/nixpkgs-unstable";
|
||||
# nixpkgs-unstable.follows = "nixos-m1/nixpkgs";
|
||||
darwin.url = "github:lnl7/nix-darwin/master";
|
||||
darwin.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
@ -45,7 +44,7 @@
|
|||
kak-lsp.url = github:kak-lsp/kak-lsp;
|
||||
kak-lsp.flake = false;
|
||||
nixos-m1.url = github:tpwrules/nixos-apple-silicon;
|
||||
nixos-m1.inputs.nixpkgs.follows = "nixpkgs-unstable-asahi";
|
||||
nixos-m1.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
||||
# ---
|
||||
# DEPLOYMENT ONLY! secrets
|
||||
|
@ -172,10 +171,10 @@
|
|||
# ];
|
||||
# };
|
||||
# macbook nixos
|
||||
nixosConfigurations."kagami-air-m1" = inputs.nixpkgs-unstable-asahi.lib.nixosSystem rec {
|
||||
nixosConfigurations."kagami-air-m1" = inputs.nixpkgs-unstable.lib.nixosSystem rec {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(common-nixos inputs.nixpkgs-unstable-asahi)
|
||||
(common-nixos inputs.nixpkgs-unstable)
|
||||
inputs.nixos-m1.nixosModules.apple-silicon-support
|
||||
./kagami-air-m1/configuration.nix
|
||||
inputs.home-manager-unstable.nixosModules.home-manager
|
||||
|
|
|
@ -50,6 +50,7 @@
|
|||
ripgrep
|
||||
fossil
|
||||
openssh
|
||||
tea # gitea CLI (gh-like)
|
||||
## File Manager
|
||||
nnn
|
||||
## PDF Processors
|
||||
|
@ -58,6 +59,11 @@
|
|||
htop-vim
|
||||
## Bitwarden
|
||||
rbw
|
||||
## File compression stuff
|
||||
zip
|
||||
unzip
|
||||
zstd
|
||||
atool
|
||||
|
||||
## To do tunneling with cloudflare
|
||||
pkgs.cloudflared
|
||||
|
|
|
@ -42,6 +42,7 @@ in
|
|||
cinnamon.nemo # File manager
|
||||
|
||||
zotero
|
||||
libreoffice
|
||||
|
||||
## CLI stuff
|
||||
dex # .desktop file management, startup
|
||||
|
@ -69,6 +70,7 @@ in
|
|||
|
||||
xdg.mimeApps.associations.added = {
|
||||
"x-scheme-handler/mailto" = [ "org.gnome.Evolution.desktop" ];
|
||||
"application/pdf" = [ "org.gnome.Evince.desktop" ];
|
||||
"text/plain" = [ "kakoune.desktop" ];
|
||||
};
|
||||
xdg.mimeApps.defaultApplications = {
|
||||
|
@ -90,6 +92,7 @@ in
|
|||
|
||||
# Text
|
||||
"text/plain" = [ "kakoune.desktop" ];
|
||||
"application/pdf" = [ "org.gnome.Evince.desktop" ];
|
||||
|
||||
# Files
|
||||
"inode/directory" = [ "nemo.desktop" ];
|
||||
|
|
114
modules/cloud/gotosocial/default.nix
Normal file
114
modules/cloud/gotosocial/default.nix
Normal file
|
@ -0,0 +1,114 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.cloud.gotosocial;
|
||||
|
||||
dbUser = "gotosocial";
|
||||
|
||||
configFile = pkgs.writeText "config.yml" (generators.toYAML { } {
|
||||
# General
|
||||
host = cfg.host;
|
||||
account-domain = cfg.accountDomain;
|
||||
bind-address = "localhost";
|
||||
port = cfg.port;
|
||||
# Database
|
||||
db-port = 0; # Use socket
|
||||
db-user = dbUser;
|
||||
db-database = dbUser;
|
||||
# Web
|
||||
web-template-base-dir = "${cfg.package}/share/web/template";
|
||||
web-asset-base-dir = "${cfg.package}/share/web/assets";
|
||||
# OIDC
|
||||
oidc-enabled = true;
|
||||
oidc-idp-name = "DTTH";
|
||||
oidc-scopes = [ "openid" "email" "profile" ];
|
||||
});
|
||||
in
|
||||
{
|
||||
options.cloud.gotosocial = {
|
||||
enable = mkEnableOption "Enable our local GtS server";
|
||||
package = mkPackageOption pkgs "gotosocial-bin" { };
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
description = "The GtS host";
|
||||
default = "gts.dtth.ch";
|
||||
};
|
||||
accountDomain = mkOption {
|
||||
type = types.str;
|
||||
description = "The GtS account domain";
|
||||
default = "dtth.ch";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
description = "The port to listen to";
|
||||
default = 10010;
|
||||
};
|
||||
envFile = mkOption {
|
||||
type = types.str;
|
||||
description = "Additional environment variables to pass, as a file";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# System user
|
||||
users.users."${dbUser}" = {
|
||||
group = "${dbUser}";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups."${dbUser}" = { };
|
||||
# Postgres
|
||||
cloud.postgresql.databases = [ dbUser ];
|
||||
# Traefik
|
||||
cloud.traefik.hosts = { gotosocial = { inherit (cfg) host port; }; } //
|
||||
(if cfg.accountDomain != cfg.host && cfg.accountDomain != "" then {
|
||||
gotosocial-wellknown = {
|
||||
inherit (cfg) port;
|
||||
filter = "Host(`${cfg.accountDomain}`) && (PathPrefix(`/.well-known/webfinger`) || PathPrefix(`/.well-known/nodeinfo`) || PathPrefix(`/.well-known/host-meta`))";
|
||||
};
|
||||
} else { });
|
||||
# The service itself
|
||||
systemd.services.gotosocial = {
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
User = dbUser;
|
||||
Group = dbUser;
|
||||
ExecStart = "${cfg.package}/bin/gotosocial --config-path ${configFile} server start";
|
||||
EnvironmentFile = cfg.envFile;
|
||||
# Sandboxing options to harden security
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges = "yes";
|
||||
PrivateTmp = "yes";
|
||||
PrivateDevices = "yes";
|
||||
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
|
||||
RestrictNamespaces = "yes";
|
||||
RestrictRealtime = "yes";
|
||||
DevicePolicy = "closed";
|
||||
ProtectSystem = "full";
|
||||
ProtectControlGroups = "yes";
|
||||
ProtectKernelModules = "yes";
|
||||
ProtectKernelTunables = "yes";
|
||||
LockPersonality = "yes";
|
||||
SystemCallFilter = "~@clock @debug @module @mount @obsolete @reboot @setuid @swap";
|
||||
|
||||
# Denying access to capabilities that should not be relevant
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet = strings.concatStringsSep " " [
|
||||
"CAP_RAWIO CAP_MKNOD"
|
||||
"CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE"
|
||||
"CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT"
|
||||
"CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK"
|
||||
"CAP_BLOCK_SUSPEND CAP_WAKE_ALARM"
|
||||
"CAP_SYS_TTY_CONFIG"
|
||||
"CAP_MAC_ADMIN CAP_MAC_OVERRIDE"
|
||||
"CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW"
|
||||
"CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG "
|
||||
];
|
||||
# You might need this if you are running as non-root on a privileged port (below 1024)
|
||||
#AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
StateDirectory = "gotosocial";
|
||||
WorkingDirectory = "/var/lib/gotosocial";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -28,15 +28,52 @@ in
|
|||
# PostgreSQL settings.
|
||||
config.services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_13;
|
||||
package = pkgs.postgresql_15;
|
||||
|
||||
ensureDatabases = cfg.databases;
|
||||
|
||||
ensureUsers = map userFromDatabase cfg.databases;
|
||||
ensureUsers = (map userFromDatabase cfg.databases) ++ [{
|
||||
name = "root";
|
||||
ensurePermissions = { "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; };
|
||||
}];
|
||||
};
|
||||
|
||||
# Backup settings
|
||||
config.services.postgresqlBackup = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Upgrade
|
||||
config.environment.systemPackages = [
|
||||
(
|
||||
let
|
||||
# XXX specify the postgresql package you'd like to upgrade to.
|
||||
# Do not forget to list the extensions you need.
|
||||
newPostgres = pkgs.postgresql_15.withPackages (pp: [
|
||||
# pp.plv8
|
||||
]);
|
||||
in
|
||||
pkgs.writeScriptBin "upgrade-pg-cluster" ''
|
||||
set -eux
|
||||
# XXX it's perhaps advisable to stop all services that depend on postgresql
|
||||
systemctl stop postgresql
|
||||
|
||||
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
|
||||
|
||||
export NEWBIN="${newPostgres}/bin"
|
||||
|
||||
export OLDDATA="${config.services.postgresql.dataDir}"
|
||||
export OLDBIN="${config.services.postgresql.package}/bin"
|
||||
|
||||
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
|
||||
cd "$NEWDATA"
|
||||
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
|
||||
|
||||
sudo -u postgres $NEWBIN/pg_upgrade \
|
||||
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
|
||||
--old-bindir $OLDBIN --new-bindir $NEWBIN \
|
||||
"$@"
|
||||
''
|
||||
)
|
||||
];
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@ let
|
|||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
defaultNetwork.settings.dns_enabled = true;
|
||||
# defaultNetwork.settings.dns_enabled = true;
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.backend = "podman";
|
||||
|
@ -172,6 +172,8 @@ in
|
|||
# Firewall: only open to SSH now
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.firewall.allowedUDPPorts = [ 22 ];
|
||||
# Enable tailscale
|
||||
services.tailscale.enable = true;
|
||||
|
||||
## Time and Region
|
||||
time.timeZone = "Europe/Zurich";
|
||||
|
@ -206,7 +208,7 @@ in
|
|||
qt5.qtwayland
|
||||
];
|
||||
# Add a reliable terminal
|
||||
programs.gnome-terminal.enable = true;
|
||||
# programs.gnome-terminal.enable = true;
|
||||
# KDEConnect is just based
|
||||
programs.kdeconnect.enable = true;
|
||||
# Flatpaks are useful... sometimes...
|
||||
|
|
|
@ -108,7 +108,7 @@ with lib;
|
|||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
|
||||
# tinc network
|
||||
sops.secrets."tinc/ed25519-private-key" = { };
|
||||
|
|
|
@ -11,6 +11,10 @@
|
|||
../modules/cloud/mail
|
||||
../modules/cloud/conduit
|
||||
../modules/cloud/writefreely
|
||||
../modules/cloud/gotosocial
|
||||
|
||||
./headscale.nix
|
||||
./gitea.nix
|
||||
];
|
||||
|
||||
common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine.
|
||||
|
@ -28,6 +32,7 @@
|
|||
networking.hostName = "nki-personal";
|
||||
networking.firewall.allowPing = true;
|
||||
services.openssh.enable = true;
|
||||
services.openssh.passwordAuthentication = false;
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLr1Q+PJuDYJtBAVMSU0U2kZi4V0Z7dE+dpRxa4aEDupSlcPCwSEtcpNME1up7z0yxjcIHHkBYq0RobIaLqwEmntnZzz37jg/iiHwyZsN93jZljId1X0uykcMem4ljiqgmRg3Fs8RKj2+N1ovpIZVDOWINLJJDVJntNvwW/anSCtx27FATVdroHoiyXCwVknG6p3bHU5Nd3idRMn45kZ7Qf1J50XUhtu3ehIWI2/5nYIbi8WDnzY5vcRZEHROyTk2pv/m9rRkCTaGnUdZsv3wfxeeT3223k0mUfRfCsiPtNDGwXn66HcG2cmhrBIeDoZQe4XNkzspaaJ2+SGQfO8Zf natsukagami@gmail.com"
|
||||
];
|
||||
|
@ -222,6 +227,13 @@
|
|||
cloud.postgresql.databases = [ "outline" ];
|
||||
cloud.traefik.hosts.outline = { host = "wiki.dtth.ch"; port = 18729; };
|
||||
|
||||
# GoToSocial
|
||||
sops.secrets.gts-env = { };
|
||||
cloud.gotosocial = {
|
||||
enable = true;
|
||||
envFile = config.sops.secrets.gts-env.path;
|
||||
};
|
||||
|
||||
# Minio
|
||||
sops.secrets.minio-credentials = { };
|
||||
services.minio = {
|
||||
|
@ -232,5 +244,30 @@
|
|||
};
|
||||
cloud.traefik.hosts.minio = { host = "s3.dtth.ch"; port = 61929; };
|
||||
system.stateVersion = "21.11";
|
||||
|
||||
# ntfy
|
||||
cloud.traefik.hosts.ntfy-sh = { host = "ntfy.nkagami.me"; port = 11161; };
|
||||
services.ntfy-sh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
listen-http = "127.0.0.1:11161";
|
||||
cache-file = "/var/lib/ntfy-sh/cache.db";
|
||||
auth-file = "/var/lib/ntfy-sh/auth.db";
|
||||
auth-default-access = "deny-all";
|
||||
behind-proxy = true;
|
||||
base-url = "https://ntfy.nkagami.me";
|
||||
attachment-cache-dir = "/var/lib/ntfy-sh/attachments";
|
||||
enable-login = true;
|
||||
enable-reservations = true;
|
||||
upstream-base-url = "https://ntfy.sh";
|
||||
};
|
||||
};
|
||||
systemd.services.ntfy-sh.serviceConfig = {
|
||||
WorkingDirectory = "/var/lib/ntfy-sh";
|
||||
StateDirectory = "ntfy-sh";
|
||||
};
|
||||
systemd.services.ntfy-sh.preStart = ''
|
||||
mkdir -p /var/lib/ntfy-sh/attachments
|
||||
'';
|
||||
}
|
||||
|
||||
|
|
199
nki-personal-do/gitea.nix
Normal file
199
nki-personal-do/gitea.nix
Normal file
|
@ -0,0 +1,199 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
user = "gitea";
|
||||
host = "git.dtth.ch";
|
||||
port = 61116;
|
||||
|
||||
secrets = config.sops.secrets;
|
||||
|
||||
signingKey = "0x3681E15E5C14A241";
|
||||
|
||||
catppuccinThemes = builtins.fetchurl {
|
||||
url = "https://github.com/catppuccin/gitea/releases/download/v0.2.1/catppuccin-gitea.tar.gz";
|
||||
sha256 = "sha256:18l67whffayrgylsf5j6g7sj95anjcjl0cy7fzqn1wrm0gg2xns0";
|
||||
};
|
||||
themes = strings.concatStringsSep "," [
|
||||
"catppuccin-macchiato-green"
|
||||
"catppuccin-mocha-teal"
|
||||
"catppuccin-macchiato-sky"
|
||||
"catppuccin-mocha-sky"
|
||||
"catppuccin-mocha-yellow"
|
||||
"catppuccin-mocha-lavender"
|
||||
"catppuccin-macchiato-rosewater"
|
||||
"catppuccin-macchiato-lavender"
|
||||
"catppuccin-macchiato-pink"
|
||||
"catppuccin-frappe-lavender"
|
||||
"catppuccin-macchiato-yellow"
|
||||
"catppuccin-frappe-yellow"
|
||||
"catppuccin-latte-red"
|
||||
"catppuccin-frappe-flamingo"
|
||||
"catppuccin-mocha-blue"
|
||||
"catppuccin-macchiato-peach"
|
||||
"catppuccin-macchiato-flamingo"
|
||||
"catppuccin-mocha-pink"
|
||||
"catppuccin-macchiato-mauve"
|
||||
"catppuccin-mocha-rosewater"
|
||||
"catppuccin-latte-rosewater"
|
||||
"catppuccin-mocha-red"
|
||||
"catppuccin-macchiato-sapphire"
|
||||
"catppuccin-latte-teal"
|
||||
"catppuccin-latte-flamingo"
|
||||
"catppuccin-macchiato-blue"
|
||||
"catppuccin-latte-blue"
|
||||
"catppuccin-latte-peach"
|
||||
"catppuccin-frappe-mauve"
|
||||
"catppuccin-frappe-green"
|
||||
"catppuccin-frappe-teal"
|
||||
"catppuccin-latte-mauve"
|
||||
"catppuccin-macchiato-teal"
|
||||
"catppuccin-frappe-red"
|
||||
"catppuccin-latte-yellow"
|
||||
"catppuccin-latte-lavender"
|
||||
"catppuccin-mocha-flamingo"
|
||||
"catppuccin-frappe-sapphire"
|
||||
"catppuccin-frappe-blue"
|
||||
"catppuccin-mocha-green"
|
||||
"catppuccin-frappe-maroon"
|
||||
"catppuccin-latte-green"
|
||||
"catppuccin-frappe-rosewater"
|
||||
"catppuccin-latte-sapphire"
|
||||
"catppuccin-frappe-sky"
|
||||
"catppuccin-mocha-sapphire"
|
||||
"catppuccin-mocha-maroon"
|
||||
"catppuccin-macchiato-red"
|
||||
"catppuccin-latte-pink"
|
||||
"catppuccin-frappe-peach"
|
||||
"catppuccin-frappe-pink"
|
||||
"catppuccin-mocha-mauve"
|
||||
"catppuccin-macchiato-maroon"
|
||||
"catppuccin-mocha-peach"
|
||||
"catppuccin-latte-sky"
|
||||
"catppuccin-latte-maroon"
|
||||
];
|
||||
in
|
||||
{
|
||||
sops.secrets."gitea/signing-key".owner = user;
|
||||
sops.secrets."gitea/mailer-password".owner = user;
|
||||
# database
|
||||
cloud.postgresql.databases = [ user ];
|
||||
# traefik
|
||||
cloud.traefik.hosts.gitea = {
|
||||
inherit port host;
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.gitea;
|
||||
|
||||
inherit user;
|
||||
|
||||
domain = host;
|
||||
rootUrl = "https://${host}/";
|
||||
httpAddress = "127.0.0.1";
|
||||
httpPort = port;
|
||||
|
||||
appName = "DTTHgit";
|
||||
|
||||
settings = {
|
||||
repository = {
|
||||
DEFAULT_PRIVATE = "private";
|
||||
PREFERRED_LICENSES = strings.concatStringsSep "," [ "AGPL-3.0-or-later" "GPL-3.0-or-later" "Apache-2.0" ];
|
||||
DISABLE_HTTP_GIT = true;
|
||||
DEFAULT_BRANCH = "master";
|
||||
ENABLE_PUSH_CREATE_USER = true;
|
||||
};
|
||||
"repository.pull-request" = {
|
||||
DEFAULT_MERGE_STYLE = "squash";
|
||||
};
|
||||
"repository.signing" = {
|
||||
SIGNING_KEY = signingKey;
|
||||
SIGNING_NAME = "DTTHGit";
|
||||
SIGNING_EMAIL = "dtth-gitea@nkagami.me";
|
||||
};
|
||||
ui.THEMES = "auto,gitea,arc-green," + themes;
|
||||
"ui.meta" = {
|
||||
AUTHOR = "DTTHgit - Gitea instance for GTTH";
|
||||
DESCRIPTION = "DTTHGit is a custom Gitea instance hosted for DTTH members only.";
|
||||
KEYWORDS = "git,gitea,dtth";
|
||||
};
|
||||
service = {
|
||||
DISABLE_REGISTRATION = true;
|
||||
ENABLE_NOTIFY_MAIL = true;
|
||||
ENABLE_BASIC_AUTHENTICATION = false;
|
||||
REGISTER_EMAIL_CONFIRM = true;
|
||||
};
|
||||
"service.explore" = {
|
||||
REQUIRE_SIGNIN_VIEW = true;
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
};
|
||||
|
||||
oauth2_client = {
|
||||
REGISTER_EMAIL_CONFIRM = false;
|
||||
ENABLE_AUTO_REGISTRATION = true;
|
||||
};
|
||||
|
||||
mailer = {
|
||||
ENABLED = true;
|
||||
PROTOCOL = "smtps";
|
||||
SMTP_ADDR = "mx1.nkagami.me";
|
||||
SMTP_PORT = 465;
|
||||
USER = "dtth-gitea@nkagami.me";
|
||||
FROM = "DTTHGit <dtth-gitea@nkagami.me>";
|
||||
};
|
||||
|
||||
git = {
|
||||
PATH = "${pkgs.git}/bin/git";
|
||||
};
|
||||
|
||||
federation.ENABLED = true;
|
||||
};
|
||||
|
||||
mailerPasswordFile = secrets."gitea/mailer-password".path;
|
||||
|
||||
database = {
|
||||
inherit user;
|
||||
createDatabase = false;
|
||||
type = "postgres";
|
||||
socket = "/var/run/postgresql";
|
||||
name = user;
|
||||
};
|
||||
|
||||
# LFS
|
||||
lfs.enable = true;
|
||||
|
||||
# Backup
|
||||
# dump.enable = true;
|
||||
};
|
||||
|
||||
# Set up gpg signing key
|
||||
systemd.services.gitea = {
|
||||
path = with pkgs; [ gnupg ];
|
||||
environment.GNUPGHOME = "${config.services.gitea.stateDir}/.gnupg";
|
||||
# https://github.com/NixOS/nixpkgs/commit/93c1d370db28ad4573fb9890c90164ba55391ce7
|
||||
serviceConfig.SystemCallFilter = mkForce "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
||||
preStart = ''
|
||||
# Import the signing subkey
|
||||
if cat ${config.services.gitea.stateDir}/.gnupg/gpg.conf | grep -q ${signingKey}; then
|
||||
echo "Keys already imported"
|
||||
# imported
|
||||
else
|
||||
echo "Import your keys!"
|
||||
${pkgs.gnupg}/bin/gpg --quiet --import ${secrets."gitea/signing-key".path}
|
||||
echo "trusted-key ${signingKey}" >> ${config.services.gitea.stateDir}/.gnupg/gpg.conf
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Copy icons
|
||||
mkdir -p ${config.services.gitea.stateDir}/custom/public/img
|
||||
install -m 0644 ${./gitea/img}/* ${config.services.gitea.stateDir}/custom/public/img
|
||||
|
||||
# Copy the themes
|
||||
mkdir -p ${config.services.gitea.stateDir}/custom/public/css
|
||||
env PATH=${pkgs.gzip}/bin:${pkgs.gnutar}/bin:$PATH \
|
||||
tar -xvf ${catppuccinThemes} -C ${config.services.gitea.stateDir}/custom/public/css/
|
||||
'';
|
||||
};
|
||||
}
|
BIN
nki-personal-do/gitea/img/apple-touch-icon.png
Normal file
BIN
nki-personal-do/gitea/img/apple-touch-icon.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 32 KiB |
BIN
nki-personal-do/gitea/img/avatar_default.png
Normal file
BIN
nki-personal-do/gitea/img/avatar_default.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 213 KiB |
BIN
nki-personal-do/gitea/img/favicon.png
Normal file
BIN
nki-personal-do/gitea/img/favicon.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 139 KiB |
1
nki-personal-do/gitea/img/favicon.svg
Normal file
1
nki-personal-do/gitea/img/favicon.svg
Normal file
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 97 KiB |
BIN
nki-personal-do/gitea/img/logo.png
Normal file
BIN
nki-personal-do/gitea/img/logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 139 KiB |
1
nki-personal-do/gitea/img/logo.svg
Normal file
1
nki-personal-do/gitea/img/logo.svg
Normal file
File diff suppressed because one or more lines are too long
After Width: | Height: | Size: 97 KiB |
86
nki-personal-do/headscale.nix
Normal file
86
nki-personal-do/headscale.nix
Normal file
|
@ -0,0 +1,86 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
secrets = config.sops.secrets;
|
||||
|
||||
host = "hs.dtth.ch";
|
||||
port = 19876;
|
||||
webuiPort = 19877;
|
||||
in
|
||||
rec {
|
||||
sops.secrets."headscale/client_secret" = { owner = "headscale"; };
|
||||
sops.secrets."headscale/webui-env" = { };
|
||||
sops.secrets."headscale/derp-servers/vnm" = { owner = "headscale"; name = "headscale/derp-servers/vnm.yaml"; };
|
||||
# database
|
||||
cloud.postgresql.databases = [ "headscale" ];
|
||||
# traefik
|
||||
cloud.traefik.hosts.headscale = {
|
||||
inherit port host;
|
||||
filter = "Host(`hs.dtth.ch`) && !PathPrefix(`/admin`)";
|
||||
};
|
||||
cloud.traefik.hosts.headscale_webui = {
|
||||
inherit host;
|
||||
port = webuiPort;
|
||||
filter = "Host(`hs.dtth.ch`) && PathPrefix(`/admin`)";
|
||||
};
|
||||
|
||||
services.headscale = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.headscale;
|
||||
inherit port;
|
||||
|
||||
settings = {
|
||||
server_url = "https://hs.dtth.ch";
|
||||
|
||||
db_type = "postgres";
|
||||
db_host = "/var/run/postgresql"; # find out yourself
|
||||
db_user = "headscale";
|
||||
db_name = "headscale";
|
||||
|
||||
dns_config = {
|
||||
base_domain = host;
|
||||
};
|
||||
|
||||
noise = {
|
||||
private_key_path = "/var/lib/headscale/noise_private.key";
|
||||
};
|
||||
|
||||
ip_prefixes = [
|
||||
"fd7a:115c:a1e0::/48"
|
||||
"100.64.0.0/10"
|
||||
];
|
||||
|
||||
derp.paths = [
|
||||
secrets."headscale/derp-servers/vnm".path
|
||||
];
|
||||
|
||||
oidc = {
|
||||
only_start_if_oidc_is_available = true;
|
||||
client_id = "XgHLi5CC7mbW6xF8wuOHq3xxCPagSUaHt1fFM74M";
|
||||
client_secret_path = secrets."headscale/client_secret".path;
|
||||
issuer = "https://auth.dtth.ch/application/o/headscale/";
|
||||
strip_email_domain = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc."headscale/config.yaml".mode = "0644";
|
||||
virtualisation.arion.projects.headscale-webui.settings = {
|
||||
services.webui.service = {
|
||||
image = "ghcr.io/ifargle/headscale-webui@sha256:b4f02337281853648b071301af4329b4e4fc9189d77ced2eb2fbb78204321cab";
|
||||
restart = "unless-stopped";
|
||||
|
||||
environment = {
|
||||
TZ = "Europe/Zurich";
|
||||
COLOR = "blue-gray";
|
||||
HS_SERVER = "https://hs.dtth.ch";
|
||||
SCRIPT_NAME = "/admin";
|
||||
};
|
||||
env_file = [ secrets."headscale/webui-env".path ];
|
||||
ports = [ "${toString webuiPort}:5000" ];
|
||||
volumes = [
|
||||
"/var/lib/headscale/webui:/data"
|
||||
"/etc/headscale:/etc/headscale:ro"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,7 +7,7 @@ minio-secret-key: ENC[AES256_GCM,data:FkF4hFiW7s5gYbMbdemsmhduYDtb/aqMoUgP+CWI3r
|
|||
cloudflare-dns-api-token: ENC[AES256_GCM,data:2ny3JehpK30fTUDKrbzHv1QOczriChRyMQn6kNPULpUJ+eVwdptLvg==,iv:8wNAn3oawzLez7sO4ZvhFXcaZIpFVKgKCvTBlszFHn8=,tag:fRaO+u/5MtAWnTiy2Zwh0Q==,type:str]
|
||||
#ENC[AES256_GCM,data:KWrVRQg+cLm5MUdfsYrh7hkI4CWkl4Z0sDj0769eebeXDy+veixrQrxh1ZW+ro3WLwoIdU/IH5DPM4TWYn2qoM5aDHjGX764pr1x,iv:uZHBsGvSHv9vd/Wragl1dYNJ+8vCcMit2K3SrMFlz7s=,tag:7z4LyADfQvXsM2vvtWru8w==,type:comment]
|
||||
traefik-dashboard-users: ENC[AES256_GCM,data:kviapOq+xzxhjryse+5DaZbXRS/LEYyjqqFbHymXAZVEkWlu0T5pZ2bxSNCbXN+tXnb0u+6YPgGCaRNPLW74AF1hO8W8QqlLDA==,iv:41bwPyFQcuOLILTjLWUu5Kcnct/MaIIJsMbllc+n7Y0=,tag:17HyUjfRUcLGb0FrUm1O2A==,type:str]
|
||||
mail-users: ENC[AES256_GCM,data:DXVx2e6MSSSpHfKFD35zHGnGDPoZi7cOqPfAGubxa4gupatYcpI+PDEYwCPUc1ep2RXRXEMQW1BC3AOOEV/HUKfsPXOsx7jdb8Q4uHPb/ZJ7yNucNl3YxGBiP8N4/u4Avc9kGiHVsVlsMbVIMuOj3a/OF0x7g95DDNT4BscTCjKDFX+mMnkKceemUCc4gmmOJNAU3ytssCwdVZho0nzY80hGT2BwFXXE/KDl/Q==,iv:7zf1Av7I9nXxeRFGNBKK//1FqSTHzCavZTknx5lEy4g=,tag:zXUlnNxBi1JybnTlCAKF0g==,type:str]
|
||||
mail-users: ENC[AES256_GCM,data:FLmmXKcYLNRCyksuEervvU3HHzbPa4nPyHziF0CAtvB571AilH35KylvVb6YAh66Zacr8aO6CkxgIhcqs4/IFWmqNRSWta3R2r5g6yQE3gUW+HhPra1rRrmB9lRFs8j6lkUza0Rrrr1NmTkf2YqGyAR40+lEcaCQUyDAqUE3GW39YSunWDkvbsBCHK/Pj+Oq46dKr8NrOHqkbN7rdamSdReAKMzk8/lRAkbsxe9kfra/cwxVArEEVX10w2g4zTdPW2QlykvrmBLcjY6NA6FWDPwSUvq87lfKo6svUSN3zgfsgo2F809FdKPazEMQq9QvAoWe5jJ1YJbiquuJpelH6Ip7ShKGGw==,iv:BlhylfpbRfq9e9UOuhwcL2BUuWpynZT46RsprcaEVrI=,tag:g8QVUuNk4TuxgkHrfzqQvQ==,type:str]
|
||||
youmubot-env: ENC[AES256_GCM,data:m/NGN8r6Caq2tTHeVWV9y5fol9r36aKYYXLjHaa0AR+0XpVeJdXVZxPfQtzX4uo09rOGAPE4lepO05weo7mvEjI5m5QJ4FWrw0/HkLm4SUWnTnDU6BlK7l4K/2Ayz7jmD6GLWI+KcOSjEmma9GXNkVwDnxVrwaAWYOfDqDJMjMES/1S8OgCe5+74MCgNeefIwgXnmmxVMpl8fAdnOgovh1zRvcKPVrN5T0ia39IatDERwegas+q8t90Jjw==,iv:IEFvaMWzgClbHbsxGTdP5EdGayHQgggOT9CU7oAyMtE=,tag:GoEEcGCNHMimzltDit4kzA==,type:str]
|
||||
outline:
|
||||
smtp-password: ENC[AES256_GCM,data:zpIi6jVB2Y7ksBOR8SGFgjOD1x3aS6dKa6taLKB8v2l9p92iWDti75qgB1puglmmq8mCzz8KXLrM0Bv7W8GWRg==,iv:6tKINzQcApmNuIbNn0kSzFJtwn3rky/uFG2Ff3lazUk=,tag:kjB6qB87tRQVpy32Pt3D5A==,type:str]
|
||||
|
@ -15,6 +15,15 @@ heisenbridge: ENC[AES256_GCM,data:rJY7gpcOY8nODR3KlYW1rEs54mKxr+AjNBeg1/2vTG0Gzp
|
|||
matrix-discord-bridge: ENC[AES256_GCM,data:/rlSjD6inKfak7HKKghH5ays5RjKmb9czGsoIOYHyTZC4A5EMucCbfn8DL1gkYXgvRHJ+QglGX/BGo5ebaxSj6nF60+aW87UG31KggOt5kkMuWsPsjvrufoc5IlNfWnXIWmqf8cdC01hmHEp7biUpI8CcfEZiD9OkOxbZcRfYqW+ttnzplFniRBjGPVZfL5g4DBbuJen5MuOrrMDo5CT+78n,iv:r9VBbDCAAElisCaDehrB6PhJHsaaHjdrk3103lmBT7o=,tag:WoNMMfyMifsL56yWq3MUOg==,type:str]
|
||||
authentik-env: ENC[AES256_GCM,data:CjxTaqIcpBX7ea9L3tgJDELr8HBPJdxXsrOfhsiH4cXwCEzktsNKHjF7l95ZFgI5O08q4Vlbln5Dg4xPEx33nwUesEbQrT5d+n+2YaAxmm/WInrYzF+jB7HYTXASb3rY9PWgd2C3v+YPBkJetHlTUc/k19Q7lOQRNw==,iv:cG8Bi2eCsS+v94tSJBsqp+bjVLzXZvvwX1QVVSYExL8=,tag:VmbfcxCcfi3IpKjg3f8QPw==,type:str]
|
||||
firezone-env: ENC[AES256_GCM,data:Guwc3ovHJyr0m0gsvcJeYDXxOsccv6ZMBJSjWa87F7BZwCXLanMetz8b/GAxe/+0qT8IBKCDvLS7B5v2DM5SYOZD2tQWnrwjU90Pjji2RZhZZy7Pc1kAmhLA6ddpBKGJTLcGxWkTnWOcv8qWEwmfNpgT+kUIDLmjQz2pIMUXiXBpheQyPLWBvIIgrBT8QxkX81LHSUDNG29r7olJv1t4oox58r/PKxnfzUkX7lMhZdIpDMbxdWCU6/F2R483YIaFAaL1BuhCkK/QbuqOPRL7yIGID+W1a0JvKsRc2oPPU7WAWyGA3CLwmJka2sTvHrxosMgY/eZYfCWDtRno6q+OA+LI5ZfFu0weA9dpiUkWLGJ2auSZtiL0Sa5D0VHxZlG2m0iD7o3bcIWUi65cb2olcABn3NikMglw6PCWXxM7E5hqAbpvwcN5JeIkTTesI6xthzT9eoUak5SSvdThrwSlc3dvMqOvmRVGD/wR8T9GcKIZoNT7wOvgltecpDbYPNgwKimHhBloMON/qKXuIaYV1dP1XQ10MMpSM1vUZl/JD24pDjFXH8XkZK6owVI2tRTTRZajQT2uB73oVN8EMPFHPdI3uwyH72NycQojIzXmDvMI/UXNsYWArWZyTwGpHbE0pr+I9rXch78pJYKvlIVFTqicE/NceeOm8bMO1O7qofk1/yiIE8RVjs7YrNNahcBrNI+97lvBNLmk9zpWU0YFtfmyDb/XxBsepwj++QY+3gJ5331ohp9BK5Ypr9pp1WRt9syKv2cwFMBIcHKMCji43NW1MqBj/2bgKGfoNAyCUaJqZ9yRcb1TwHyulvEVhJUAOeUxPHdJeA==,iv:6kPPn4Zl1lhxaEtRqq2BcMW7d1zKy/HUJzXdAgkPv7E=,tag:VaVIWg4RbOE7tnimOuqhGw==,type:str]
|
||||
gts-env: ENC[AES256_GCM,data:xnL6FYNQ4Cd1XUsHcgGN0jYBPDViVAi9WsD4ewImk4IxmMyJi50xxfS6X7x5lVJ4FGcI7XvxT4uCEwSVjxKaVaDXHw/1TPaY8xQkXzZNvHI1oQvs7ULUVtQ9Mlyv08CwqJGQbptJvBmlvszuTeEqgZ0uVK8iKBbqnw9FB9v3swyfjr0VZYZt+uFCwUI6KDXSTPzTX1axzBBqdPuGDB0G8ZPMpY9nLgtBzZpj/+ozdmlHiwswdPnvTx8YrkJCurdaBzmW1gQmXpM+1xsj03jOr1bYOQ7gm5KzWhviAPdPFYmIS8GOv1Jh33Y/r1WkMvAp3HGv7OGoY8kCJp21gcbzxMH7UScFN1uQipknxrpSPkAy0I7AZD/tEpaBLObPVt3803LFQEq9neXSap7XZEj6Jcl9NppRwJjXIun5ebuiWcONGsa0XeLNNhBajzpYq217k242h8DTAht6mgS+6AohID4lIESsr2cYrXeb4PTNr2mpG/4JOzhSV/eOxc9i1GQeXX+RHXOfn5lIIbQxLwfaarorXvrgAf7jAoEzMHm9/LhYGHasBNnQoEYe0kGmEPju6Pkq769o5Am2NHeG3y0N0EEHyTBLj3P3gjEatzlBjOveBlbeIzFqnNP8VuM86neYvyhGi2+M42u3QQs/fCrXbZnhumqxPKQqNy9UZClH6gzZYMUBcPXOLDqUrDIGLst/W0KaKx/2bv25vo0d9V/fOwEkw4RGb3hibhDNe5psSsHupwU3T3EZenTiloaExfUK1yzYQJ/wXai5sZHcHK6m0nPTtGxGM8b8G367BsICFraZbW2q4fFHY7XvbGGdv6ydpxhdI69ERS7FSGWgEcJlUcxCsXE2NeLtmLgfUz0zQrEHPYo3kxJYRedmSARvUNJzZWZMb3NQ0QjqGsq1us9uo7LgPF+Ur+oeQyrKWi+4JQRKB16nxUd/HrDIXbAWxub/Fk730kZVdQ8Vus6B2lrSs+hDHoihek40Tfq1CKq8tSI=,iv:fa9Lpq3/ppG3dbYMgWtWI/sReN6bnHvXQSOSnIbpF8A=,tag:i97q7HTGLRdAkC8aF75aPg==,type:str]
|
||||
headscale:
|
||||
client_secret: ENC[AES256_GCM,data:MLW0z2stjhXgxb4poAYr7LzrLzTNj5HqJzsyzOvYpKpKbyfx7SEdeZidG+m3ROuaN4PVsdpJblFjsvozzQlDQYRJZo8q+kpPvUPvhU0Ejya/XBO/sFcJKzulpfr4j3rK7FSKh2V6PiB8m9mvLziHfDmgL30le0wDD9uCNWkaHVo=,iv:1hRwI1NG2yO6igBsEGCg2Qn/po97ZhsyAEZOMKP3EZc=,tag:FV+RXBKyq+EJRsKT+DZ6lQ==,type:str]
|
||||
webui-env: ENC[AES256_GCM,data:F4fGd5szjEGYqseq15VF8Emdd5oXKAlj+O7jET7BpD/w0/M162KgXQ/xN/uzO5Bh/euzedMrair0c8SQKO/06Ko9cj35lclaSrnBiwHSDIkFvuoITvLeSVSR4W3dsui91Dh8GCCYO8JAZQnpqClls6kHBOO2FYVwF06zg8Coxli9cKkPdeJKLDEnPGUb2UpLoP0dieanNFc3YNIavlXwkgt4/hxEoKHJplTYrilekBtZjD998SyvubhhVKHTH/VhTgxodXgnbI3sV1a3uJCrUKWt79NwHu5TUd+C2/gZqAniCbo4AX8=,iv:87cme6ToLFR4eF5apZauIm3Q6HR3Z8EM3GkQxo06oNI=,tag:dbXLQhw6qn/DyYJ3/UeDiw==,type:str]
|
||||
derp-servers:
|
||||
vnm: ENC[AES256_GCM,data:zS03SDnCMXW44zfkJORxmgEZ5kwCcfeg4dLUePLJSloP/vjJYcb5KI36lxiJqYsNBWvKvBZBonO+4xD/cJrsETPiTZotaD+xWxht9jtjiWKyJgfGlczh57EaVCDcwqadKgvJrLyNRQhdKrN/axtIh25vv2gVUqHlcf1nfbSFtuTR87k1rtY16WOEsGdoGQn2JMt90ItEGFh7Z7ULPLqDDhKSiAvHFajpuvw1ZM1lewQ8aSmh+UYlbxP0ZbA5sDPxRO7nCRD3SyVyhq1soXvKMld19GYtR8gYxp1XcedZg8FDq3dtm/otfSKEdOkAL14=,iv:tsKVcwKrUW9FReBUZ2Zk3naqjXs77sX3xK7smZE8Sfo=,tag:S1xUhpc2fGxwR08DKOhw3Q==,type:str]
|
||||
gitea:
|
||||
mailer-password: ENC[AES256_GCM,data:LDW0bpbfanBa2QjqdgtKu6F+zG84xaGuLg1cs6eTJbg=,iv:Kle+czR9Xqi45qWjYJIjRhq87rG2PNoNF6YQ7tQ+HJA=,tag:WUuPgwdnz8F2WtFsgcrw/Q==,type:str]
|
||||
signing-key: ENC[AES256_GCM,data:64tLU6rVcCq6CSfVGtFfSc8m89gHFHwGQ4JSHw8p7GqlB7ioHrJVu8o+6u6UPERMfkcHsTG2gTwh7wpblF//bk1+TRyYWSuDnIGl1G7+6FVmJbvLyGJBck0NauW4s5Keiqr2qg38i3y9qy7kPaJGz/2J6cYYSQxB9xy8mtdoxwypGf+zxu1teiUnKmWa89i941s2FZZ+FoQvQCZs/7En3YnxNiDM+lXR4wqbPZPROlYHaVDOgeACBgq8GwNdgAFF7qRLdjxMGgjS3jjlD4QCJlEO6UbqVEBEK7pf4Or4kx/RM2A0rgGNUPpwKu/b5xGTUkA0X7TcZNIcLJ2zred0JIEj0bM7MNrkBIQovHEYLT3m33W1zKTTBC2lgPh90I/tPauIOb1hWHzgjM+LpV8bPkGXIk3BmoxW8eCiFmSjfvxdyS6WVJ6lGOIhaFNl59LyKsljyUmYcauig7/T+ylGyWiPViXuYB4fWxWr1t7Tb6DgY2fJdl5KQHLkDoAylHQ6pOb0l2YUGw1+vvHocMA9KTJeTnhTWAPZLOIFbfZL8sxrWRlpuZvvKdXlOjzKwVgCzWudYJ4jUoPSCmvxpnuCpiPbqaoZyA3Vyx7UCTN7UhKRb99jxEqdTrDPwRL0VlVZUQgLDTMPXHjdoOan06wXmDJEDRDBFsrrpna9wY1uvyPGBBpZ+uQZdxPZfXKQ8HRVHS1dKfyvdIaG/eYUrimF9euhYKYGPH02S6UcU+yQXw5B12HBxLDwS0oF3yWXfTMBsgejWFAuyQkQVJJjAi/Zs+9HJ3FQqr4vl/hUclv/X2XURuPc/jjYziNuOAn6yGhXuNC713SzUOnZlDgEcCkm8DHn5hQ/W4rZGUbSq+y/HUk8GA6XSw8u8H7KDQFnV4l4Chg1cKAf0YSXeinJ2x/RA9GXBvC5FVOM/Cx95arxS57vD578Rkdf/c7UQmuH+6X9YTX8MHVgkpHAGJ+bu2UnQ/hjAvGW6kee4jqefybCTxJm7qcSz1JrG6rS+S+9ZFj8BrXLcSIRlvxotg+FmBjdlqJMj5i0w+cR2f2zXPsmeDC0gmSTV7mYNz9+uMv708xwm26e4/rTT0hS+szLzzz/Ygm9yAkLf9lIS3457IWEjF+LCs9SEq3jfkx5zqpWfOpBCQU9rYKJhvjCVK6a1Hb2PfO4klkuwSNFPwyMHDlEqNmIVUf6uM5p8RVEQy07GsE4ycNtgicC32JGpkotcaU1ByQVbqRXlqJqMJnUEbnWH6qf3Em+wi8eBHmPf1BNjdP3f9BOle+H17/SdKssRbA8o4qQAGVkFzfjybMIh0onB1e15Rt5TUrRDxQAZG+uIsrHEiEOCDED846wO9apeV7wuOKXv2USDhybQhIctcuwxFGQEZWtGGrKzWTlK82Qb8FUM44x2HFj1SK7mIQbU20TcL2bd3b1OZ2kQe16CaT9R0BkpRlPLfiA1ZD7+3DdCyOJxTjutCQgaI1ONQuWn47rDOMbyqZhxs+Gj6bormGEWVRXQpV4VTknN/GyFB2aWQmZF8hGpEBl/t8IfOXDs56kN2Z8W2eKzHZz9u11HQ0eJ05LX2xz5DB+22UZT4bGK6Y3vJtB0+27r7G7hh79Fkapggm61xh3+D593epyW6Ix4hN29KrJWz/s93gi/g==,iv:LlUhINacJf7haxl7i0QI9ALdOFLdLJGbsXgszKVJOVg=,tag:ALkAcUmPFHp8wpI7DVYbiw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -48,8 +57,8 @@ sops:
|
|||
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
|
||||
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-04-27T00:35:39Z"
|
||||
mac: ENC[AES256_GCM,data:eUuISaqS6F7SegO6GHygQjkSugPF+WQSvhlhftVEJ6CuOb54SUzAKpTX1/aNWmH5kZBvkXSd/SwNUE0/2iD0ZECw3tP2KMuyVcuMJjnob9KbRgEmoMz7LAmnO6kAmPAxrkxOgYdkjgSi0Du0c2cpSNBxQ/H9S8W9KuzT3dECvH0=,iv:3J8MUa3h9+BfCixDVpwAKIQFMnJMNL8HXg2wslhPQd8=,tag:SREU8gjDTJveiEld9GRlFg==,type:str]
|
||||
lastmodified: "2023-05-07T15:39:19Z"
|
||||
mac: ENC[AES256_GCM,data:5+ORtiY/Ky9uk4eCoqypExNd2EJIi+VPOCVvwJeCXqD+arkAcwt1SGLETUI9Rh16Bs9k+e3q6bu9LBmoNjCBJ39yvDVChwNR7F0Uw0D5leTzDG9uLBFmAxJ+fTp8OL4UNQOwTO4Fmfhe9UC8v5X7wBBNmi5GS1dvDrw8FrfQvK0=,iv:ZFjT48N26e+TO5tjhcPgXmpBT5zjWs8BZfJx5eep24o=,tag:QajcmWss9MwKWmu6Ysy/8A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
@ -17,12 +17,18 @@ let
|
|||
sources = final.lib.attrsets.filterAttrs (name: f: !(builtins.hasAttr "outputs" f)) inputs;
|
||||
};
|
||||
|
||||
overlay-versioning = final: prev: { };
|
||||
overlay-versioning = final: prev: {
|
||||
ulauncher = prev.ulauncher.override { webkitgtk = final.webkitgtk_4_1; };
|
||||
};
|
||||
|
||||
overlay-libs = final: prev: {
|
||||
libs.crane = inputs.crane.lib.${prev.system};
|
||||
};
|
||||
|
||||
overlay-packages = final: prev: {
|
||||
gotosocial-bin = final.callPackage ./packages/x86_64-linux/gotosocial-bin.nix { };
|
||||
};
|
||||
|
||||
overlay-aarch64-linux = final: prev:
|
||||
let
|
||||
optionalOverride = pkg: alt:
|
||||
|
@ -57,6 +63,7 @@ in
|
|||
(import ./overlays/openrazer)
|
||||
overlay-unstable
|
||||
overlay-needs-unstable
|
||||
overlay-packages
|
||||
overlay-imported
|
||||
overlay-versioning
|
||||
overlay-libs
|
||||
|
|
30
packages/x86_64-linux/gotosocial-bin.nix
Normal file
30
packages/x86_64-linux/gotosocial-bin.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ stdenv, lib, autoPatchelfHook }:
|
||||
with lib;
|
||||
let
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "gotosocial-bin";
|
||||
version = "0.8.1";
|
||||
|
||||
src = builtins.fetchurl {
|
||||
url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v${version}/gotosocial_${version}_linux_amd64.tar.gz";
|
||||
sha256 = "sha256:0vfgz236s4zqcv4a8bylp5znina26nvckdk1vgxbqkdnip3mnirj";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoPatchelfHook ];
|
||||
|
||||
sourceRoot = ".";
|
||||
|
||||
installPhase = ''
|
||||
install -m755 -D gotosocial $out/bin/gotosocial
|
||||
mkdir $out/share
|
||||
cp -r web $out/share/web
|
||||
cp -r example $out/share/example
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://docs.gotosocial.org";
|
||||
description = "GoToSocial network";
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue