Get domain url from machine.vHost config (except for cache).
Add turn server option to nextcloud (untested).
This commit is contained in:
parent
ce2c259059
commit
a4fde6972f
4 changed files with 93 additions and 62 deletions
|
@ -3,17 +3,20 @@
|
|||
with lib;
|
||||
|
||||
mkIf (elem "gitea" config.machine.services) {
|
||||
services.gitea = {
|
||||
services.gitea = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
enable = true;
|
||||
user = "git";
|
||||
cookieSecure = true;
|
||||
domain = "git.${config.machine.domain}";
|
||||
rootUrl = "http://git.${config.machine.domain}/";
|
||||
domain = domain;
|
||||
rootUrl = "http://${domain}/";
|
||||
database = {
|
||||
type = "mysql";
|
||||
user = "git";
|
||||
name = "gitea";
|
||||
passwordFile = "${config.machine.secretPath}/gitea_db";
|
||||
passwordFile = "${cfg.secretPath}/gitea_db";
|
||||
};
|
||||
extraConfig = ''
|
||||
[repository]
|
||||
|
|
|
@ -21,38 +21,43 @@ mkIf (elem "hydra" config.machine.services) {
|
|||
}
|
||||
];
|
||||
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
|
||||
listenHost = "localhost";
|
||||
port = 3001;
|
||||
minimumDiskFree = 15;
|
||||
minimumDiskFreeEvaluator = 15;
|
||||
notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
|
||||
useSubstitutes = true;
|
||||
debugServer = false;
|
||||
# Hints from hydra-queue-runner:
|
||||
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
|
||||
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
||||
extraConfig = ''
|
||||
max_output_size = 4294967296
|
||||
store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
||||
# add ?local-nar-cache= to set nar cache location
|
||||
server_store_uri = https://cache.${config.machine.domain}
|
||||
binary_cache_public_uri https://cache.${config.machine.domain}
|
||||
upload_logs_to_binary_cache = true
|
||||
'';
|
||||
};
|
||||
services = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
hydra = {
|
||||
enable = true;
|
||||
hydraURL = domain; # externally visible URL
|
||||
listenHost = "localhost";
|
||||
port = 3001;
|
||||
minimumDiskFree = 15;
|
||||
minimumDiskFreeEvaluator = 15;
|
||||
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
|
||||
useSubstitutes = true;
|
||||
debugServer = false;
|
||||
# Hints from hydra-queue-runner:
|
||||
# binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
|
||||
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
||||
extraConfig = ''
|
||||
max_output_size = 4294967296
|
||||
store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
||||
# add ?local-nar-cache= to set nar cache location
|
||||
server_store_uri = https://cache.${cfg.domain}
|
||||
binary_cache_public_uri https://cache.${cfg.domain}
|
||||
upload_logs_to_binary_cache = true
|
||||
'';
|
||||
};
|
||||
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
bindAddress = "0.0.0.0";
|
||||
port = 5000;
|
||||
secretKeyFile = "${config.machine.secretPath}/hydra_cache";
|
||||
extraParams = ''
|
||||
# Dont know how to change the store root yet...
|
||||
# --user hydra-queue-runner
|
||||
# --group hydra
|
||||
'';
|
||||
nix-serve = {
|
||||
enable = true;
|
||||
bindAddress = "0.0.0.0";
|
||||
port = 5000;
|
||||
secretKeyFile = "${cfg.secretPath}/hydra_cache";
|
||||
extraParams = ''
|
||||
# Dont know how to change the store root yet...
|
||||
# --user hydra-queue-runner
|
||||
# --group hydra
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,20 +4,22 @@ with lib;
|
|||
|
||||
mkIf (elem "mailserver" config.machine.services) {
|
||||
mailserver = let
|
||||
cfg = config.machine;
|
||||
domain = config.machine.domain;
|
||||
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
|
||||
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
|
||||
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
|
||||
mkUser = user: rec {
|
||||
name = "${user.name}@${domain}";
|
||||
value = {
|
||||
hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
|
||||
aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
|
||||
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
|
||||
aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
|
||||
};
|
||||
};
|
||||
in rec {
|
||||
enable = true;
|
||||
fqdn = "mail.${domain}";
|
||||
domains = [ domain ];
|
||||
loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
|
||||
fqdn = fdomain;
|
||||
domains = [ fdomain domain ];
|
||||
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
|
||||
|
||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||
# down nginx and opens port 80.
|
||||
|
|
|
@ -3,27 +3,48 @@
|
|||
with lib;
|
||||
|
||||
mkIf (elem "nextcloud" config.machine.services) {
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
home = "/var/lib/nextcloud";
|
||||
hostName = "storage.${config.machine.domain}";
|
||||
https = true;
|
||||
maxUploadSize = "1024M";
|
||||
config = {
|
||||
adminuser = "derped";
|
||||
adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
|
||||
dbtype = "mysql";
|
||||
dbhost = "localhost";
|
||||
dbport = "3306";
|
||||
dbuser = "nextcloud";
|
||||
dbpassFile = "${config.machine.secretPath}/nextcloud_db";
|
||||
dbname = "nextcloud";
|
||||
dbtableprefix = "oc_";
|
||||
services = let
|
||||
cfg = config.machine;
|
||||
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
||||
in {
|
||||
nextcloud = {
|
||||
enable = true;
|
||||
home = "/var/lib/nextcloud";
|
||||
hostName = domain;
|
||||
https = true;
|
||||
maxUploadSize = "1024M";
|
||||
config = {
|
||||
adminuser = "derped";
|
||||
adminpassFile = "${cfg.secretPath}/nextcloud_admin";
|
||||
dbtype = "mysql";
|
||||
dbhost = "localhost";
|
||||
dbport = "3306";
|
||||
dbuser = "nextcloud";
|
||||
dbpassFile = "${cfg.secretPath}/nextcloud_db";
|
||||
dbname = "nextcloud";
|
||||
dbtableprefix = "oc_";
|
||||
};
|
||||
caching = {
|
||||
apcu = true;
|
||||
memcached = true;
|
||||
redis = false;
|
||||
};
|
||||
};
|
||||
caching = {
|
||||
apcu = true;
|
||||
memcached = true;
|
||||
redis = false;
|
||||
# Turn Server used for nextcloud-talk
|
||||
# This stuff is still untested.
|
||||
coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
|
||||
# TLS is not needed as WebRTC is already encrypted.
|
||||
enable = true;
|
||||
realm = domain;
|
||||
listening-port = 3478;
|
||||
use-auth-secret = true;
|
||||
extraConfig = ''
|
||||
fingerprint
|
||||
total-quota=100
|
||||
bps-capacity=0
|
||||
stale-nonce
|
||||
no-multicast-peers
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue