Andromeda/server-configuration
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Andromeda:a6d6637b3e4eda453d5f4b2bea791696be1428a8
Branches Tags
Andromeda:master
...
compare: Andromeda:91206fb3c071e2c2c46b968bd852a100f04c80f6
Branches Tags
Andromeda:master

8 commits
a6d6637b3e ... 91206fb3c0

Author SHA1 Message Date
mtgmonkey
91206fb3c0 add forgejo 2025-06-18 15:45:04 +00:00
mtgmonkey
de1d958778 fix breaking change pushed in bdc3a22 2025-06-17 14:23:03 +00:00
mtgmonkey
dbec636ab7 updated all the systemd daemons 2025-06-17 14:05:43 +00:00
mtgmonkey
bdc3a22570 add git user to rgit service 2025-06-16 21:20:42 +00:00
mtgmonkey
56af2b408c add ipv6 2025-06-16 20:40:06 +00:00
mtgmonkey
8af386e521 add ports for rgit 2025-06-16 20:13:51 +00:00
mtgmonkey
7865de7103 Merge remote-tracking branch 'origin' 2025-06-12 10:53:17 +00:00
mtgmonkey
1fdb3a8599 fix translation problem 2025-06-12 10:52:11 +00:00
14 changed files with 389 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

13
cachix.nix Normal file
View file

@ -0,0 +1,13 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
let
folder = ./cachix;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.settings.substituters = ["https://cache.nixos.org/"];
}

13
cachix/rgit.nix Normal file
View file

@ -0,0 +1,13 @@
{
nix = {
settings = {
substituters = [
"https://rgit.cachix.org"
];
trusted-public-keys = [
"rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0="
];
};
};
}

9
configuration.nix
View file

@ -12,7 +12,8 @@
networking.domain = ""; networking.domain = "";
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443]; allowedTCPPorts = [80 443 9418];
allowedUDPPorts = [80 443 9418];
}; };
boot.loader.grub.devices = ["nodev"]; boot.loader.grub.devices = ["nodev"];
@ -34,12 +35,6 @@
''; '';
}; };
services.fail2ban = {
enable = true;
maxretry = 10;
bantime-increment.enable = true;
};
users.users.mtgmonkey = { users.users.mtgmonkey = {
isNormalUser = true; isNormalUser = true;
description = "mtgmonkey"; description = "mtgmonkey";

276
flake.lock generated
View file

@ -1,15 +1,46 @@
{ {
"nodes": { "nodes": {
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1747937073,
"narHash": "sha256-52H8P6jAHEwRvg7rXr4Z7h1KHZivO8T1Z9tN6R0SWJg=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "bccf313a98c034573ac4170e6271749113343d97",
"type": "github"
},
"original": {
"owner": "rustsec",
"repo": "advisory-db",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1748047550,
"narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "b718a78696060df6280196a6f992d04c87a16aef",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"elmskell-blog": { "elmskell-blog": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1749395936, "lastModified": 1749494299,
"narHash": "sha256-tEqZKBzQbENlyIDvVMWcnhifjEQkaEzK3eKDQWCbt58=", "narHash": "sha256-I6/TSz5ciJTEZNFCyrCXWRYqBkNIh3fZy67UErIw3fk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "36fa8afd57449cacdc0535417c8d20fb6b702348", "rev": "596af4a7318d60816ee995526d571643e21744b5",
"revCount": 9, "revCount": 11,
"type": "git", "type": "git",
"url": "file:///var/lib/git-server/blog.git" "url": "file:///var/lib/git-server/blog.git"
}, },
@ -20,7 +51,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -36,6 +67,79 @@
"type": "github" "type": "github"
} }
}, },
"helix": {
"flake": false,
"locked": {
"lastModified": 1727654850,
"narHash": "sha256-du6Vy5Yxy6aZFP7ad5guz5GOD/8uMY+Pgse1ZM+K2Jo=",
"owner": "JordanForks",
"repo": "helix",
"rev": "1603715cc91bf6fdffb4aedfb5b76fb69fd10e28",
"type": "github"
},
"original": {
"owner": "JordanForks",
"repo": "helix",
"type": "github"
}
},
"jank-client": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1749606892,
"narHash": "sha256-ZGUUWNORko3QFy9p/2mc4voJ65/11Joy6Au79+TwxPw=",
"ref": "refs/heads/main",
"rev": "0e59a339c813bcf1e9969344d8b50ed380231552",
"revCount": 1179,
"type": "git",
"url": "file:///var/lib/git-server/jank-client-fork.git"
},
"original": {
"type": "git",
"url": "file:///var/lib/git-server/jank-client-fork.git"
}
},
"math-project": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1750258769,
"narHash": "sha256-BazJgo04yFqFfp2AA0Tfba+nBAeaNddQJBdLghVJskk=",
"ref": "refs/heads/master",
"rev": "fa0e8ca47dd5341d24d8aae90a0bc28a689c3d46",
"revCount": 6,
"type": "git",
"url": "file:///var/lib/git-server/math-project.git"
},
"original": {
"type": "git",
"url": "file:///var/lib/git-server/math-project.git"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"rgit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1749143949, "lastModified": 1749143949,
@ -53,21 +157,50 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1749373575, "lastModified": 1749285348,
"narHash": "sha256-/3nvhGaUMG1A6zG185QHyTFR2fMiyffxU7VdMYk5qj0=", "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6a8d437617048567166f83b32d07ba73aeb2d125", "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "id": "nixpkgs",
"ref": "release-25.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "type": "indirect"
"type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1748889542,
"narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1749794982,
"narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1714253743, "lastModified": 1714253743,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@ -83,7 +216,38 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_6": {
"locked": {
"lastModified": 1748159586,
"narHash": "sha256-xeCMAhKjhDjVFsfJcftv+CWcExYo+X8IBUW8L947ww4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7382d075365a977c4a9c8aa4c5e4abed15f00ee1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1745377448,
"narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1746141548, "lastModified": 1746141548,
"narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=", "narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
@ -101,7 +265,7 @@
}, },
"noshell": { "noshell": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1717396029, "lastModified": 1717396029,
@ -117,18 +281,45 @@
"type": "github" "type": "github"
} }
}, },
"rgit": {
"inputs": {
"advisory-db": "advisory-db",
"crane": "crane",
"helix": "helix",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix",
"utils": "utils"
},
"locked": {
"lastModified": 1748169485,
"narHash": "sha256-JxPNDrvpqgpz6MQp6LKT3cbK4bl7/E9+eST1cEhl/jA=",
"owner": "w4",
"repo": "rgit",
"rev": "9224aa1a006acb6af6da8cfbee82278612bd05d0",
"type": "github"
},
"original": {
"owner": "w4",
"repo": "rgit",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"elmskell-blog": "elmskell-blog", "elmskell-blog": "elmskell-blog",
"nixpkgs": "nixpkgs_2", "jank-client": "jank-client",
"math-project": "math-project",
"nixpkgs": "nixpkgs_4",
"noshell": "noshell", "noshell": "noshell",
"rgit": "rgit",
"spacebar-server": "spacebar-server" "spacebar-server": "spacebar-server"
} }
}, },
"spacebar-server": { "spacebar-server": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_8"
}, },
"locked": { "locked": {
"lastModified": 1748414795, "lastModified": 1748414795,
@ -158,6 +349,57 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1747912973,
"narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

13
flake.nix
View file

@ -1,9 +1,10 @@
{ {
description = "server flake"; description = "server flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-25.05"; nixpkgs.url = "nixpkgs/nixos-unstable";
noshell.url = "github:viperML/noshell"; noshell.url = "github:viperML/noshell";
spacebar-server.url = "github:spacebarchat/server"; spacebar-server.url = "github:spacebarchat/server";
rgit.url = "github:w4/rgit";
elmskell-blog.url = "git+file:///var/lib/git-server/blog.git"; elmskell-blog.url = "git+file:///var/lib/git-server/blog.git";
jank-client.url = "git+file:///var/lib/git-server/jank-client-fork.git"; jank-client.url = "git+file:///var/lib/git-server/jank-client-fork.git";
@ -18,6 +19,7 @@
spacebar-server, spacebar-server,
jank-client, jank-client,
math-project, math-project,
rgit,
... ...
}: let }: let
system = "x86_64-linux"; system = "x86_64-linux";
@ -29,6 +31,8 @@
inherit system; inherit system;
inherit elmskell-blog; inherit elmskell-blog;
inherit spacebar-server; inherit spacebar-server;
inherit math-project;
inherit rgit;
ssh-pub-keys = import ./ssh-pub-keys.nix; ssh-pub-keys = import ./ssh-pub-keys.nix;
}; };
modules = [ modules = [
@ -39,15 +43,16 @@
jank-client.nixosModules.x86_64-linux.default jank-client.nixosModules.x86_64-linux.default
./services/spacebar.nix ./services/spacebar.nix
./services/rgit.nix # ./services/rgit.nix
./services/gitea.nix
./services/translate.nix ./services/translate.nix
noshell.nixosModules.default noshell.nixosModules.default
{programs.noshell.enable = true;} {programs.noshell.enable = true;}
math-project.nixosModules.default math-project.nixosModules.x86_64-linux.default
{programs.math-project.enable = true;} {services.math-project.enable = true;}
./services/math-project.nix ./services/math-project.nix
./configuration.nix ./configuration.nix

5
services/blog.nix
View file

@ -49,7 +49,12 @@ in {
Type = "simple"; Type = "simple";
ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml"; ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml";
RemainAfterExit = true; RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
}; };
wantedBy = ["multi-user.target"];
}; };
environment.etc."blog.ferron.yaml" = { environment.etc."blog.ferron.yaml" = {
source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix; source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix;

5
services/elmskell.nix
View file

@ -39,7 +39,12 @@ in {
Type = "simple"; Type = "simple";
ExecStart = "/etc/nixos/services/elmskell/elmskell"; ExecStart = "/etc/nixos/services/elmskell/elmskell";
RemainAfterExit = true; RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
}; };
wantedBy = ["multi-user.target"];
}; };
services.tor = { services.tor = {
enable = true; enable = true;

1
services/ferron.nix
View file

@ -50,6 +50,7 @@ in {
ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml"; ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml";
RemainAfterExit = true; RemainAfterExit = true;
}; };
wantedBy = ["multi-user.target"];
}; };
environment.etc."ferron.yaml" = { environment.etc."ferron.yaml" = {

28
services/gitea.nix Executable file
View file

@ -0,0 +1,28 @@
{
pkgs,
lib,
...
}: {
systemd.services.gitea = {
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe pkgs.forgejo} -c /etc/gitea/config.ini";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
User = "git";
Group = "git";
};
wantedBy = ["multi-user.target"];
};
environment.etc."gitea/config.ini.default" = {
text = ''
WORK_PATH = /var/lib/git-server
[server]
HTTP_PORT = 8000
'';
mode = "644";
};
}

9
services/math-project.nix
View file

@ -29,7 +29,7 @@ in {
METRICS_BIND = "[::1]:9283"; METRICS_BIND = "[::1]:9283";
METRICS_BIND_NETWORK = "tcp"; METRICS_BIND_NETWORK = "tcp";
POLICY_FNAME = "/etc/anubis/math-project.botPolicies.yaml"; POLICY_FNAME = "/etc/anubis/math-project.botPolicies.yaml";
TARGET = "http://localhost:8080"; TARGET = "http://localhost:8081";
}; };
}; };
}; };
@ -42,8 +42,13 @@ in {
systemd.services.math-project = { systemd.services.math-project = {
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${lib.getExe math-project}"; ExecStart = "${lib.getExe math-project.packages.x86_64-linux.default}";
RemainAfterExit = true; RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
}; };
wantedBy = ["multi-user.target"];
}; };
} }

33
services/rgit.nix
View file

@ -1,23 +1,16 @@
{ {rgit, ...}: {
virtualisation.docker = { systemd.services.rgit = {
enable = true; serviceConfig = {
}; Type = "simple";
virtualisation.oci-containers.backend = "docker"; ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:8000 /var/lib/git-server";
virtualisation.oci-containers.containers.rgit = { RemainAfterExit = true;
image = "ghcr.io/w4/rgit:main"; Restart = "always";
ports = [ RestartMaxDelay = "1m";
"8000:8000" RestartSec = "100ms";
]; RestartSteps = 9;
volumes = [ User = "git";
"/var/lib/git-server:/git:ro" Group = "git";
];
cmd = [
"[::]:8000"
"/git"
"-d /tmp/rgit-cache.db"
];
environment = {
REFRESH_INTERVAL = "5m";
}; };
wantedBy = ["multi-user.target"];
}; };
} }

23
services/rgit.nix.bak Executable file
View file

@ -0,0 +1,23 @@
{
virtualisation.docker = {
enable = true;
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.rgit = {
image = "ghcr.io/w4/rgit:main";
ports = [
"8000:8000"
];
volumes = [
"/var/lib/git-server:/git:ro"
];
cmd = [
"[::]:8000"
"/git"
"-d /tmp/rgit-cache.db"
];
environment = {
REFRESH_INTERVAL = "5m";
};
};
}

5
services/spacebar.nix
View file

@ -45,7 +45,12 @@ in {
RemainAfterExit = true; RemainAfterExit = true;
User = "spacebar"; User = "spacebar";
Group = "spacebar"; Group = "spacebar";
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
}; };
wantedBy = ["multi-user.target"];
environment = { environment = {
DATABASE = "/var/lib/spacebar-server/database.db"; DATABASE = "/var/lib/spacebar-server/database.db";
STORAGE_LOCATION = "/var/lib/spacebar-server/files/"; STORAGE_LOCATION = "/var/lib/spacebar-server/files/";

7
services/translate.nix
View file

@ -41,8 +41,13 @@ in {
systemd.services.translate = { systemd.services.translate = {
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${lib.getExe pkgs.libretranslate}"; ExecStart = "${lib.getExe pkgs.libretranslate} --port 8108";
RemainAfterExit = true; RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
}; };
wantedBy = ["multi-user.target"];
}; };
} }