Get domain url from machine.vHost config (except for cache).
Add turn server option to nextcloud (untested).
This commit is contained in:
parent
ce2c259059
commit
a4fde6972f
4 changed files with 93 additions and 62 deletions
|
@ -3,17 +3,20 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
mkIf (elem "gitea" config.machine.services) {
|
mkIf (elem "gitea" config.machine.services) {
|
||||||
services.gitea = {
|
services.gitea = let
|
||||||
|
cfg = config.machine;
|
||||||
|
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "git";
|
user = "git";
|
||||||
cookieSecure = true;
|
cookieSecure = true;
|
||||||
domain = "git.${config.machine.domain}";
|
domain = domain;
|
||||||
rootUrl = "http://git.${config.machine.domain}/";
|
rootUrl = "http://${domain}/";
|
||||||
database = {
|
database = {
|
||||||
type = "mysql";
|
type = "mysql";
|
||||||
user = "git";
|
user = "git";
|
||||||
name = "gitea";
|
name = "gitea";
|
||||||
passwordFile = "${config.machine.secretPath}/gitea_db";
|
passwordFile = "${cfg.secretPath}/gitea_db";
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
[repository]
|
[repository]
|
||||||
|
|
|
@ -21,14 +21,18 @@ mkIf (elem "hydra" config.machine.services) {
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
services.hydra = {
|
services = let
|
||||||
|
cfg = config.machine;
|
||||||
|
domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
|
||||||
|
in {
|
||||||
|
hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
|
hydraURL = domain; # externally visible URL
|
||||||
listenHost = "localhost";
|
listenHost = "localhost";
|
||||||
port = 3001;
|
port = 3001;
|
||||||
minimumDiskFree = 15;
|
minimumDiskFree = 15;
|
||||||
minimumDiskFreeEvaluator = 15;
|
minimumDiskFreeEvaluator = 15;
|
||||||
notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
|
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
|
||||||
useSubstitutes = true;
|
useSubstitutes = true;
|
||||||
debugServer = false;
|
debugServer = false;
|
||||||
# Hints from hydra-queue-runner:
|
# Hints from hydra-queue-runner:
|
||||||
|
@ -36,23 +40,24 @@ mkIf (elem "hydra" config.machine.services) {
|
||||||
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
max_output_size = 4294967296
|
max_output_size = 4294967296
|
||||||
store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
|
||||||
# add ?local-nar-cache= to set nar cache location
|
# add ?local-nar-cache= to set nar cache location
|
||||||
server_store_uri = https://cache.${config.machine.domain}
|
server_store_uri = https://cache.${cfg.domain}
|
||||||
binary_cache_public_uri https://cache.${config.machine.domain}
|
binary_cache_public_uri https://cache.${cfg.domain}
|
||||||
upload_logs_to_binary_cache = true
|
upload_logs_to_binary_cache = true
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nix-serve = {
|
nix-serve = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bindAddress = "0.0.0.0";
|
bindAddress = "0.0.0.0";
|
||||||
port = 5000;
|
port = 5000;
|
||||||
secretKeyFile = "${config.machine.secretPath}/hydra_cache";
|
secretKeyFile = "${cfg.secretPath}/hydra_cache";
|
||||||
extraParams = ''
|
extraParams = ''
|
||||||
# Dont know how to change the store root yet...
|
# Dont know how to change the store root yet...
|
||||||
# --user hydra-queue-runner
|
# --user hydra-queue-runner
|
||||||
# --group hydra
|
# --group hydra
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,20 +4,22 @@ with lib;
|
||||||
|
|
||||||
mkIf (elem "mailserver" config.machine.services) {
|
mkIf (elem "mailserver" config.machine.services) {
|
||||||
mailserver = let
|
mailserver = let
|
||||||
|
cfg = config.machine;
|
||||||
domain = config.machine.domain;
|
domain = config.machine.domain;
|
||||||
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
|
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
|
||||||
|
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
|
||||||
mkUser = user: rec {
|
mkUser = user: rec {
|
||||||
name = "${user.name}@${domain}";
|
name = "${user.name}@${domain}";
|
||||||
value = {
|
value = {
|
||||||
hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
|
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
|
||||||
aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
|
aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in rec {
|
in rec {
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mail.${domain}";
|
fqdn = fdomain;
|
||||||
domains = [ domain ];
|
domains = [ fdomain domain ];
|
||||||
loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
|
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
|
||||||
|
|
||||||
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
|
||||||
# down nginx and opens port 80.
|
# down nginx and opens port 80.
|
||||||
|
|
|
@ -3,20 +3,24 @@
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
mkIf (elem "nextcloud" config.machine.services) {
|
mkIf (elem "nextcloud" config.machine.services) {
|
||||||
services.nextcloud = {
|
services = let
|
||||||
|
cfg = config.machine;
|
||||||
|
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
|
||||||
|
in {
|
||||||
|
nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
home = "/var/lib/nextcloud";
|
home = "/var/lib/nextcloud";
|
||||||
hostName = "storage.${config.machine.domain}";
|
hostName = domain;
|
||||||
https = true;
|
https = true;
|
||||||
maxUploadSize = "1024M";
|
maxUploadSize = "1024M";
|
||||||
config = {
|
config = {
|
||||||
adminuser = "derped";
|
adminuser = "derped";
|
||||||
adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
|
adminpassFile = "${cfg.secretPath}/nextcloud_admin";
|
||||||
dbtype = "mysql";
|
dbtype = "mysql";
|
||||||
dbhost = "localhost";
|
dbhost = "localhost";
|
||||||
dbport = "3306";
|
dbport = "3306";
|
||||||
dbuser = "nextcloud";
|
dbuser = "nextcloud";
|
||||||
dbpassFile = "${config.machine.secretPath}/nextcloud_db";
|
dbpassFile = "${cfg.secretPath}/nextcloud_db";
|
||||||
dbname = "nextcloud";
|
dbname = "nextcloud";
|
||||||
dbtableprefix = "oc_";
|
dbtableprefix = "oc_";
|
||||||
};
|
};
|
||||||
|
@ -26,4 +30,21 @@ mkIf (elem "nextcloud" config.machine.services) {
|
||||||
redis = false;
|
redis = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# Turn Server used for nextcloud-talk
|
||||||
|
# This stuff is still untested.
|
||||||
|
coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
|
||||||
|
# TLS is not needed as WebRTC is already encrypted.
|
||||||
|
enable = true;
|
||||||
|
realm = domain;
|
||||||
|
listening-port = 3478;
|
||||||
|
use-auth-secret = true;
|
||||||
|
extraConfig = ''
|
||||||
|
fingerprint
|
||||||
|
total-quota=100
|
||||||
|
bps-capacity=0
|
||||||
|
stale-nonce
|
||||||
|
no-multicast-peers
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue