From 9692174ced26fddae245b2e07a2913f1df12ce5f Mon Sep 17 00:00:00 2001 From: natto1784 Date: Fri, 4 Jun 2021 02:10:31 +0530 Subject: [PATCH] Marisa:added gitea service --- hosts/servers/marisa.nix | 6 +++- hosts/servers/marisa/networking.nix | 23 ++++++++++-- hosts/servers/marisa/services.nix | 55 +++++++++++++++++++++++++++-- hosts/servers/pkgs.nix | 2 +- 4 files changed, 80 insertions(+), 6 deletions(-) diff --git a/hosts/servers/marisa.nix b/hosts/servers/marisa.nix index 6bb3caf..3fb11ef 100755 --- a/hosts/servers/marisa.nix +++ b/hosts/servers/marisa.nix @@ -1,4 +1,4 @@ -{lib, config, ...}: +{config, pkgs, ...}: { imports = [ @@ -11,5 +11,9 @@ ./marisa/cachix.nix ../../configs/nvim.nix ]; + environment.systemPackages = with pkgs; [ + docker_compose + ]; + virtualisation.docker.enable = true; system.stateVersion = "21.05"; } diff --git a/hosts/servers/marisa/networking.nix b/hosts/servers/marisa/networking.nix index cf8b594..d8ea489 100755 --- a/hosts/servers/marisa/networking.nix +++ b/hosts/servers/marisa/networking.nix @@ -1,8 +1,11 @@ -{config, ...}: +{config, pkgs, ...}: { networking = { hostName = "Marisa"; - firewall.allowedTCPPorts = [ 22 80 ]; + firewall = { + allowedTCPPorts = [ 22 80 8000 6060 5001 ]; + allowedUDPPorts = [ 17840 ]; + }; wireless = { enable = false; iwd.enable = true; @@ -16,6 +19,22 @@ } ]; }; }; + wireguard.interfaces.wg0 = { + ips = [ "100.0.0.2/24" ]; + listenPort = 17840; +# postSetup = "${pkgs.iproute}/bin/ip route add weirdnatto.in via 192.168.0.1"; +# postShutdown = "${pkgs.iproute}/bin/ip route del weirdnatto.in via 192.168.0.1"; + privateKeyFile = "/var/secrets/wg"; + peers = [ + { + #Oracle VM1 + publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM="; + allowedIPs = [ "100.0.0.0/24" ]; + endpoint = "140.238.230.155:17840"; + persistentKeepalive = 25; + } + ]; + }; defaultGateway = "192.168.0.1"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; }; diff --git a/hosts/servers/marisa/services.nix b/hosts/servers/marisa/services.nix index 18cd1da..a0f7fa5 100755 --- a/hosts/servers/marisa/services.nix +++ b/hosts/servers/marisa/services.nix @@ -1,10 +1,61 @@ -{config, ...}: +{lib, config, pkgs, ...}: { services = { openssh = { enable = true; permitRootLogin = "yes"; }; - tailscale.enable = true; + dovecot2 = { + enable = true; + enableImap = true; + }; + /* vault = { + enable = true; + address = "127.0.0.1:8000"; + storageBackend = "postgresql"; + };*/ + postgresql = { + enable = true; + port = 6060; + enableTCPIP = true; + authentication = '' + local gitea all ident map=gitea-map + host all all 192.168.0.110/32 md5 + ''; + identMap = '' + gitea-map gitea gitea + ''; + }; + gitea = { + enable = true; + appName = "Natto Tea"; + rootUrl = "https://git.weirdnatto.in/"; + cookieSecure = true; + httpPort = 5001; + database = rec { + createDatabase = false; + port = 6060; + name = "gitea"; + user = name; + passwordFile = "/var/secrets/gitea"; + type = "postgres"; + }; + settings = { + oauth2_client = { + ENABLE_AUTO_REGISTRATION = true; + UPDATE_AVATAR = true; + }; + ui = { + DEFAULT_THEME="arc-green"; + }; + security = { + LOGIN_REMEMBER_DAYS = 50; + }; + }; + }; }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw" + ]; } diff --git a/hosts/servers/pkgs.nix b/hosts/servers/pkgs.nix index dffd110..c384365 100755 --- a/hosts/servers/pkgs.nix +++ b/hosts/servers/pkgs.nix @@ -2,10 +2,10 @@ { environment.systemPackages = with pkgs; [ git - gnumake htop vim wireguard + vault ]; programs = { zsh = {