diff --git a/README.md b/README.md index 72f5bbe..3e3ab44 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Systems Physical server. Mostly used for files. (storage: 6 TB hdd + 256GB ssd, RAM: 8GB, 2 cores ht) -- [git hosting](./modules/gogs.nix) +- [git hosting](./roles/gogs.nix) - [public files](./roles/pub.nix) - torrents - [quassel](./roles/quassel.nix) diff --git a/conf b/conf index de65c0a..d479d0f 100755 --- a/conf +++ b/conf @@ -12,7 +12,7 @@ git) eval ${@:3} ;; stable) - export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-16.09/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH" + export NIX_PATH="nixpkgs=https://nixos.org/channels/nixos-17.03/nixexprs.tar.xz:nixos-config=`pwd`/logical/$2.nix:$NIX_PATH" eval ${@:3} ;; channel) diff --git a/logical/frumar.nix b/logical/frumar.nix index d08e01f..0c71722 100644 --- a/logical/frumar.nix +++ b/logical/frumar.nix @@ -10,10 +10,10 @@ in { imports = [ # Include the results of the hardware scan. - ../psysical/fractal.nix + ../physical/fractal.nix ../roles/common.nix ../modules/nginx.nix - ../modules/gogs.nix # todo: better separation here + ../roles/gogs.nix ../modules/tor-hidden-service.nix ../roles/quassel.nix ../roles/pub.nix @@ -26,7 +26,6 @@ in # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - gogs.domain = "git.yori.cc"; nginxssl.enable = true; # hidden SSH service diff --git a/logical/pennyworth.nix b/logical/pennyworth.nix index c2ce059..0be506a 100644 --- a/logical/pennyworth.nix +++ b/logical/pennyworth.nix @@ -7,9 +7,6 @@ let secrets = import ; yoricc = import ../packages/yori-cc.nix; - luadbi = pkgs.callPackage ../packages/luadbi.nix {}; - acmeWebRoot = "/etc/sslcerts/acmeroot"; - acmeKeyDir = "${config.security.acme.directory}/yori.cc"; in { imports = [ diff --git a/modules/gogs.nix b/modules/gogs.nix deleted file mode 100644 index 6dd9b5f..0000000 --- a/modules/gogs.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, pkgs, lib, ... }: -let - gitHome = "/var/gogs"; - gogs = pkgs.callPackage ../packages/gogs.nix { }; - gogsPort = 8001; - domain = config.gogs.domain; - gogsConfig = pkgs.writeText "gogs.ini" '' -APP_NAME = Gogs: Go Git Service -RUN_USER = git -RUN_MODE = prod -[database] -DB_TYPE = sqlite3 -HOST = 127.0.0.1:3306 -NAME = gogs -USER = root -PASSWD = -SSL_MODE = disable -PATH = ${gitHome}/data/gogs.db -[repository] -ROOT = ${gitHome}/gogs-repositories -[server] -DOMAIN = ${domain} -HTTP_PORT = ${toString gogsPort} -ROOT_URL = https://${domain}/ -DISABLE_SSH = false -SSH_PORT = 22 -OFFLINE_MODE = false -[mailer] -ENABLED = false -[service] -REGISTER_EMAIL_CONFIRM = false -ENABLE_NOTIFY_MAIL = false -DISABLE_REGISTRATION = true -REQUIRE_SIGNIN_VIEW = false -[picture] -DISABLE_GRAVATAR = false -AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars -[session] -PROVIDER = file -[log] -ROOT_PATH = ${gitHome}/logs -MODE = file -LEVEL = Info -[security] -INSTALL_LOCK = true -''; -inherit (lib) mkOption types; -in -{ - #imports = [./nginx.nix]; - options.gogs = { - domain = mkOption { - type = types.string; - description = "The domain to run the servers on"; - default = {}; - example = "git.domain.com"; - }; - }; - config = -{ - users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;}; - users.extraGroups.git = { }; - systemd.services.gogs = { - path = with pkgs; [ git openssh bash ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - Restart = "always"; - User = "git"; - Group = "git"; - ExecStart = "${gogs}/gogs web -c ${gogsConfig}"; - WorkingDirectory = gitHome; - }; - }; - services.nginx.virtualHosts.${domain} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString gogsPort}"; - extraConfig = '' - proxy_buffering off; - ''; - }; - }; -}; -} diff --git a/packages/yori-cc.nix b/packages/yori-cc.nix index eaa3e5e..f118f68 100644 --- a/packages/yori-cc.nix +++ b/packages/yori-cc.nix @@ -3,12 +3,12 @@ with import {}; let gogitget = callPackage ./gogitget.nix {}; in stdenv.mkDerivation { - name = "yori-cc-1.3"; + name = "yori-cc-1.3.5"; src = gogitget { "url" = "git@git.yori.cc:yorick/yori-cc.git"; - "rev" = "db207b9fd74a1036d2272c38dcbb6de504cf590a"; - "sha256" = "1rqsv7pdij15f6nxxwggw58q12ggl6g7gjjq73sbdz1v9x78xbzp"; + "rev" = "f049e4330dfb64bbbaf700897269c003fce8b5c4"; + "sha256" = "1x8knlsp7cx52sr15gr0yhj1vl8ncznrqn4nvaycgwmhr1kysffr"; }; buildInputs = [ ]; diff --git a/roles/asterisk.nix b/roles/asterisk.nix index 2542899..f54b0fc 100644 --- a/roles/asterisk.nix +++ b/roles/asterisk.nix @@ -5,37 +5,22 @@ services.asterisk = { enable = true; #extraArguments = ["-vvvddd"]; - confFiles."asterisk.conf" = '' - [directories] - astetcdir => /etc/asterisk/ - astmoddir => ${pkgs.asterisk}/lib/asterisk/modules - astvarlibdir => /var/lib/asterisk - astdbdir => /var/lib/asterisk - astkeydir => /var/lib/asterisk - astdatadir => /var/lib/asterisk - astagidir => /var/lib/asterisk/agi-bin - astspooldir => /var/spool/asterisk - astrundir => /var/run/asterisk - astlogdir => /var/log/asterisk - astsbindir => ${pkgs.asterisk}/sbin - ''; - }; - environment.etc = { - # Loading all modules by default is considered sensible by the authors of - # "Asterisk: The Definitive Guide". Secure sites will likely want to - # specify their own "modules.conf" in the confFiles option. - "asterisk/modules.conf".text = '' - [modules] - autoload=yes - ''; - - # Use syslog for logging so logs can be viewed with journalctl - "asterisk/logger.conf".text = '' + confFiles."logger.conf" = '' [general] [logfiles] syslog.local0 => notice,warning,error console => debug,notice,warning,error,verbose,dtmf,fax ''; + confFiles."extensions.conf" = '' + [from-sim] + exten => _X.,1,Verbose(Call from Limesco SIM [''${CALLERID(num)}] to [''${EXTEN}]) + same => n,Dial(SIP/speakup01/''${EXTEN}) + + [from-speakup] + ; Vervang ... door de rest van je DIY-nummer: + exten => 31626972516,1,Verbose(Call from SpeakUp [''${CALLERID(num)}] to [''${EXTEN}]) + same => n,Dial(SIP/limesco/''${EXTEN}) + ''; }; environment.systemPackages = with pkgs; [ asterisk diff --git a/roles/gogs.nix b/roles/gogs.nix new file mode 100644 index 0000000..37e40d1 --- /dev/null +++ b/roles/gogs.nix @@ -0,0 +1,58 @@ +{ config, pkgs, lib, ... }: +let + gitHome = "/var/gogs"; + gogs = pkgs.callPackage ../packages/gogs.nix { }; + gogsPort = 8001; + domain = "git.yori.cc"; +in +{ + imports = [ + ../modules/nginx.nix + ]; + + users.extraUsers.git = { home = gitHome; extraGroups = [ "git" ]; useDefaultShell = true;}; + users.extraGroups.git = { }; + services.gogs = rec { + enable = true; + user = "git"; + group = "git"; + database.user = "root"; + stateDir = gitHome; + repositoryRoot = "${stateDir}/gogs-repositories"; + rootUrl = "https://${domain}/"; + httpAddress = "localhost"; + httpPort = gogsPort; + extraConfig = '' + [service] + REGISTER_EMAIL_CONFIRM = false + ENABLE_NOTIFY_MAIL = false + DISABLE_REGISTRATION = true + REQUIRE_SIGNIN_VIEW = false + [picture] + DISABLE_GRAVATAR = false + AVATAR_UPLOAD_PATH = ${gitHome}/data/avatars + [mailer] + ENABLED = false + [session] + PROVIDER = file + [log] + ROOT_PATH = ${gitHome}/logs + MODE = file + LEVEL = Info + [server] + DISABLE_ROUTER_LOG = true + ''; + inherit domain; + }; + users.extraUsers.gogs.createHome = lib.mkForce false; + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString gogsPort}"; + extraConfig = '' + proxy_buffering off; + ''; + }; + }; +} diff --git a/roles/mail.nix b/roles/mail.nix index fde9845..8dfd293 100644 --- a/roles/mail.nix +++ b/roles/mail.nix @@ -1,5 +1,6 @@ { config, pkgs, lib, ... }: let secrets = import ; +acmeKeyDir = "${config.security.acme.directory}/yori.cc"; in { imports = [ diff --git a/roles/quassel.nix b/roles/quassel.nix index 75bf8a6..b7e595e 100644 --- a/roles/quassel.nix +++ b/roles/quassel.nix @@ -19,7 +19,7 @@ interfaces = ["0.0.0.0"]; }; environment.systemPackages = [ - pkgs.kde4.quasselDaemon + pkgs.quasselDaemon ]; networking.firewall.allowedTCPPorts = [4242]; }; diff --git a/roles/xmpp.nix b/roles/xmpp.nix index 7bc575b..c654637 100644 --- a/roles/xmpp.nix +++ b/roles/xmpp.nix @@ -2,6 +2,7 @@ let luadbi = pkgs.callPackage ../packages/luadbi.nix {}; + acmeKeyDir = "${config.security.acme.directory}/yori.cc"; in { # XMPP