Get domain url from machine.vHost config (except for cache).

Add turn server option to nextcloud (untested).
This commit is contained in:
Kevin Baensch 2019-10-07 02:48:07 +02:00
parent ce2c259059
commit a4fde6972f
4 changed files with 93 additions and 62 deletions

View file

@ -3,17 +3,20 @@
with lib;
mkIf (elem "gitea" config.machine.services) {
services.gitea = {
services.gitea = let
cfg = config.machine;
domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
in {
enable = true;
user = "git";
cookieSecure = true;
domain = "git.${config.machine.domain}";
rootUrl = "http://git.${config.machine.domain}/";
domain = domain;
rootUrl = "http://${domain}/";
database = {
type = "mysql";
user = "git";
name = "gitea";
passwordFile = "${config.machine.secretPath}/gitea_db";
passwordFile = "${cfg.secretPath}/gitea_db";
};
extraConfig = ''
[repository]

View file

@ -21,14 +21,18 @@ mkIf (elem "hydra" config.machine.services) {
}
];
services.hydra = {
services = let
cfg = config.machine;
domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
in {
hydra = {
enable = true;
hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
hydraURL = domain; # externally visible URL
listenHost = "localhost";
port = 3001;
minimumDiskFree = 15;
minimumDiskFreeEvaluator = 15;
notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
useSubstitutes = true;
debugServer = false;
# Hints from hydra-queue-runner:
@ -36,23 +40,24 @@ mkIf (elem "hydra" config.machine.services) {
# hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
extraConfig = ''
max_output_size = 4294967296
store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
# add ?local-nar-cache= to set nar cache location
server_store_uri = https://cache.${config.machine.domain}
binary_cache_public_uri https://cache.${config.machine.domain}
server_store_uri = https://cache.${cfg.domain}
binary_cache_public_uri https://cache.${cfg.domain}
upload_logs_to_binary_cache = true
'';
};
services.nix-serve = {
nix-serve = {
enable = true;
bindAddress = "0.0.0.0";
port = 5000;
secretKeyFile = "${config.machine.secretPath}/hydra_cache";
secretKeyFile = "${cfg.secretPath}/hydra_cache";
extraParams = ''
# Dont know how to change the store root yet...
# --user hydra-queue-runner
# --group hydra
# Dont know how to change the store root yet...
# --user hydra-queue-runner
# --group hydra
'';
};
};
}

View file

@ -4,20 +4,22 @@ with lib;
mkIf (elem "mailserver" config.machine.services) {
mailserver = let
cfg = config.machine;
domain = config.machine.domain;
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
mkUser = user: rec {
name = "${user.name}@${domain}";
value = {
hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
};
};
in rec {
enable = true;
fqdn = "mail.${domain}";
domains = [ domain ];
loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
fqdn = fdomain;
domains = [ fdomain domain ];
loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
# Use Let's Encrypt certificates. Note that this needs to set up a stripped
# down nginx and opens port 80.

View file

@ -3,20 +3,24 @@
with lib;
mkIf (elem "nextcloud" config.machine.services) {
services.nextcloud = {
services = let
cfg = config.machine;
domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
in {
nextcloud = {
enable = true;
home = "/var/lib/nextcloud";
hostName = "storage.${config.machine.domain}";
hostName = domain;
https = true;
maxUploadSize = "1024M";
config = {
adminuser = "derped";
adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
adminpassFile = "${cfg.secretPath}/nextcloud_admin";
dbtype = "mysql";
dbhost = "localhost";
dbport = "3306";
dbuser = "nextcloud";
dbpassFile = "${config.machine.secretPath}/nextcloud_db";
dbpassFile = "${cfg.secretPath}/nextcloud_db";
dbname = "nextcloud";
dbtableprefix = "oc_";
};
@ -26,4 +30,21 @@ mkIf (elem "nextcloud" config.machine.services) {
redis = false;
};
};
# Turn Server used for nextcloud-talk
# This stuff is still untested.
coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
# TLS is not needed as WebRTC is already encrypted.
enable = true;
realm = domain;
listening-port = 3478;
use-auth-secret = true;
extraConfig = ''
fingerprint
total-quota=100
bps-capacity=0
stale-nonce
no-multicast-peers
'';
};
};
}