Get domain url from machine.vHost config (except for cache).

Add turn server option to nextcloud (untested).
2019-10-07 02:48:07 +02:00 · 2019-10-07 02:48:07 +02:00 · a4fde6972f
parent ce2c259059
commit a4fde6972f
4 changed files with 93 additions and 62 deletions
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -3,17 +3,20 @@
 with lib;
 mkIf (elem "gitea" config.machine.services) {
-  services.gitea = {
+  services.gitea = let
    cfg = config.machine;
    domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
  in {
    enable = true;
    user = "git";
    cookieSecure = true;
-    domain = "git.${config.machine.domain}";
+    domain = domain;
-    rootUrl = "http://git.${config.machine.domain}/";
+    rootUrl = "http://${domain}/";
    database = {
      type = "mysql";
      user = "git";
      name = "gitea";
-      passwordFile = "${config.machine.secretPath}/gitea_db";
+      passwordFile = "${cfg.secretPath}/gitea_db";
    };
    extraConfig = ''
      [repository]
--- a/services/hydra.nix
+++ b/services/hydra.nix
@ -21,38 +21,43 @@ mkIf (elem "hydra" config.machine.services) {
    }
  ];
-  services.hydra = {
+  services = let
-    enable = true;
+    cfg = config.machine;
-    hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
+    domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
-    listenHost = "localhost";
+  in {
-    port = 3001;
+    hydra = {
-    minimumDiskFree = 15;
+      enable = true;
-    minimumDiskFreeEvaluator = 15;
+      hydraURL = domain; # externally visible URL
-    notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
+      listenHost = "localhost";
-    useSubstitutes = true;
+      port = 3001;
-    debugServer = false;
+      minimumDiskFree = 15;
-    # Hints from hydra-queue-runner:
+      minimumDiskFreeEvaluator = 15;
-    # binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
+      notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
-    # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
+      useSubstitutes = true;
-    extraConfig = ''
+      debugServer = false;
-      max_output_size = 4294967296
+      # Hints from hydra-queue-runner:
-      store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
+      # binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
-      # add ?local-nar-cache= to set nar cache location
+      # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
-      server_store_uri = https://cache.${config.machine.domain}
+      extraConfig = ''
-      binary_cache_public_uri https://cache.${config.machine.domain}
+        max_output_size = 4294967296
-      upload_logs_to_binary_cache = true
+        store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
-    '';
+        # add ?local-nar-cache= to set nar cache location
-  };
+        server_store_uri = https://cache.${cfg.domain}
        binary_cache_public_uri https://cache.${cfg.domain}
        upload_logs_to_binary_cache = true
      '';
    };
-  services.nix-serve = {
+    nix-serve = {
-    enable = true;
+      enable = true;
-    bindAddress = "0.0.0.0";
+      bindAddress = "0.0.0.0";
-    port = 5000;
+      port = 5000;
-    secretKeyFile = "${config.machine.secretPath}/hydra_cache";
+      secretKeyFile = "${cfg.secretPath}/hydra_cache";
-    extraParams = ''
+      extraParams = ''
-# Dont know how to change the store root yet...
+        # Dont know how to change the store root yet...
-#      --user hydra-queue-runner
+        # --user hydra-queue-runner
-#      --group hydra
+        # --group hydra
-    ''; 
+      '';
    };
  };  
 }
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@ -4,20 +4,22 @@ with lib;
 mkIf (elem "mailserver" config.machine.services) {
  mailserver = let
    cfg = config.machine;
    domain = config.machine.domain;
-    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
+    fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
    mkUser = user: rec {
      name = "${user.name}@${domain}";
      value = {
-        hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
+        hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
-        aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
+        aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
      };
    };
  in rec {
    enable = true;
-    fqdn = "mail.${domain}";
+    fqdn = fdomain;
-    domains = [ domain ];
+    domains = [ fdomain domain ];
-    loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
+    loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
    # Use Let's Encrypt certificates. Note that this needs to set up a stripped
    # down nginx and opens port 80.
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -3,27 +3,48 @@
 with lib;
 mkIf (elem "nextcloud" config.machine.services) {
-  services.nextcloud = {
+  services = let
-    enable = true;
+    cfg = config.machine;
-    home = "/var/lib/nextcloud";
+    domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
-    hostName = "storage.${config.machine.domain}";
+  in {
-    https = true;
+    nextcloud = {
-    maxUploadSize = "1024M";
+      enable = true;
-    config = {
+      home = "/var/lib/nextcloud";
-      adminuser = "derped";
+      hostName = domain;
-      adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
+      https = true;
-      dbtype = "mysql";
+      maxUploadSize = "1024M";
-      dbhost = "localhost";
+      config = {
-      dbport = "3306";
+        adminuser = "derped";
-      dbuser = "nextcloud";
+        adminpassFile = "${cfg.secretPath}/nextcloud_admin";
-      dbpassFile = "${config.machine.secretPath}/nextcloud_db";
+        dbtype = "mysql";
-      dbname = "nextcloud";
+        dbhost = "localhost";
-      dbtableprefix = "oc_";
+        dbport = "3306";
        dbuser = "nextcloud";
        dbpassFile = "${cfg.secretPath}/nextcloud_db";
        dbname = "nextcloud";
        dbtableprefix = "oc_";
      };
      caching = {
        apcu = true;
        memcached = true;
        redis = false;
      };
    };
-    caching = {
+    # Turn Server used for nextcloud-talk
-      apcu = true;
+    # This stuff is still untested.
-      memcached = true;
+    coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
-      redis = false;
+      # TLS is not needed as WebRTC is already encrypted.
      enable = true;
      realm = domain;
      listening-port = 3478;
      use-auth-secret = true;
      extraConfig = ''
        fingerprint
        total-quota=100
        bps-capacity=0
        stale-nonce
        no-multicast-peers
      '';
    };
  };
 }