Andromeda/server-configuration
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Andromeda:a6d6637b3e4eda453d5f4b2bea791696be1428a8
Branches Tags
Andromeda:master
..
compare: Andromeda:91206fb3c071e2c2c46b968bd852a100f04c80f6
Branches Tags
Andromeda:master

8 commits
a6d6637b3e ... 91206fb3c0

Author SHA1 Message Date
mtgmonkey
91206fb3c0 add forgejo 2025-06-18 15:45:04 +00:00
mtgmonkey
de1d958778 fix breaking change pushed in bdc3a22 2025-06-17 14:23:03 +00:00
mtgmonkey
dbec636ab7 updated all the systemd daemons 2025-06-17 14:05:43 +00:00
mtgmonkey
bdc3a22570 add git user to rgit service 2025-06-16 21:20:42 +00:00
mtgmonkey
56af2b408c add ipv6 2025-06-16 20:40:06 +00:00
mtgmonkey
8af386e521 add ports for rgit 2025-06-16 20:13:51 +00:00
mtgmonkey
7865de7103 Merge remote-tracking branch 'origin' 2025-06-12 10:53:17 +00:00
mtgmonkey
1fdb3a8599 fix translation problem 2025-06-12 10:52:11 +00:00
14 changed files with 389 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files

13
cachix.nix Normal file
View file

@ -0,0 +1,13 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
let
folder = ./cachix;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.settings.substituters = ["https://cache.nixos.org/"];
}

13
cachix/rgit.nix Normal file
View file

@ -0,0 +1,13 @@
{
nix = {
settings = {
substituters = [
"https://rgit.cachix.org"
];
trusted-public-keys = [
"rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0="
];
};
};
}

9
configuration.nix
View file

@ -12,7 +12,8 @@
networking.domain = "";
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedTCPPorts = [80 443 9418];
allowedUDPPorts = [80 443 9418];
};
boot.loader.grub.devices = ["nodev"];
@ -34,12 +35,6 @@
'';
};
services.fail2ban = {
enable = true;
maxretry = 10;
bantime-increment.enable = true;
};
users.users.mtgmonkey = {
isNormalUser = true;
description = "mtgmonkey";

276
flake.lock generated
View file

@ -1,15 +1,46 @@
{
"nodes": {
"advisory-db": {
"flake": false,
"locked": {
"lastModified": 1747937073,
"narHash": "sha256-52H8P6jAHEwRvg7rXr4Z7h1KHZivO8T1Z9tN6R0SWJg=",
"owner": "rustsec",
"repo": "advisory-db",
"rev": "bccf313a98c034573ac4170e6271749113343d97",
"type": "github"
},
"original": {
"owner": "rustsec",
"repo": "advisory-db",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1748047550,
"narHash": "sha256-t0qLLqb4C1rdtiY8IFRH5KIapTY/n3Lqt57AmxEv9mk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "b718a78696060df6280196a6f992d04c87a16aef",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"elmskell-blog": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1749395936,
"narHash": "sha256-tEqZKBzQbENlyIDvVMWcnhifjEQkaEzK3eKDQWCbt58=",
"lastModified": 1749494299,
"narHash": "sha256-I6/TSz5ciJTEZNFCyrCXWRYqBkNIh3fZy67UErIw3fk=",
"ref": "refs/heads/master",
"rev": "36fa8afd57449cacdc0535417c8d20fb6b702348",
"revCount": 9,
"rev": "596af4a7318d60816ee995526d571643e21744b5",
"revCount": 11,
"type": "git",
"url": "file:///var/lib/git-server/blog.git"
},
@ -20,7 +51,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
@ -36,6 +67,79 @@
"type": "github"
}
},
"helix": {
"flake": false,
"locked": {
"lastModified": 1727654850,
"narHash": "sha256-du6Vy5Yxy6aZFP7ad5guz5GOD/8uMY+Pgse1ZM+K2Jo=",
"owner": "JordanForks",
"repo": "helix",
"rev": "1603715cc91bf6fdffb4aedfb5b76fb69fd10e28",
"type": "github"
},
"original": {
"owner": "JordanForks",
"repo": "helix",
"type": "github"
}
},
"jank-client": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1749606892,
"narHash": "sha256-ZGUUWNORko3QFy9p/2mc4voJ65/11Joy6Au79+TwxPw=",
"ref": "refs/heads/main",
"rev": "0e59a339c813bcf1e9969344d8b50ed380231552",
"revCount": 1179,
"type": "git",
"url": "file:///var/lib/git-server/jank-client-fork.git"
},
"original": {
"type": "git",
"url": "file:///var/lib/git-server/jank-client-fork.git"
}
},
"math-project": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1750258769,
"narHash": "sha256-BazJgo04yFqFfp2AA0Tfba+nBAeaNddQJBdLghVJskk=",
"ref": "refs/heads/master",
"rev": "fa0e8ca47dd5341d24d8aae90a0bc28a689c3d46",
"revCount": 6,
"type": "git",
"url": "file:///var/lib/git-server/math-project.git"
},
"original": {
"type": "git",
"url": "file:///var/lib/git-server/math-project.git"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"rgit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1749143949,
@ -53,21 +157,50 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1749373575,
"narHash": "sha256-/3nvhGaUMG1A6zG185QHyTFR2fMiyffxU7VdMYk5qj0=",
"owner": "nixos",
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6a8d437617048567166f83b32d07ba73aeb2d125",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-25.05",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1748889542,
"narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1749794982,
"narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1714253743,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
@ -83,7 +216,38 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_6": {
"locked": {
"lastModified": 1748159586,
"narHash": "sha256-xeCMAhKjhDjVFsfJcftv+CWcExYo+X8IBUW8L947ww4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7382d075365a977c4a9c8aa4c5e4abed15f00ee1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1745377448,
"narHash": "sha256-jhZDfXVKdD7TSEGgzFJQvEEZ2K65UMiqW5YJ2aIqxMA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "507b63021ada5fee621b6ca371c4fca9ca46f52c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1746141548,
"narHash": "sha256-IgBWhX7A2oJmZFIrpRuMnw5RAufVnfvOgHWgIdds+hc=",
@ -101,7 +265,7 @@
},
"noshell": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1717396029,
@ -117,18 +281,45 @@
"type": "github"
}
},
"rgit": {
"inputs": {
"advisory-db": "advisory-db",
"crane": "crane",
"helix": "helix",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix",
"utils": "utils"
},
"locked": {
"lastModified": 1748169485,
"narHash": "sha256-JxPNDrvpqgpz6MQp6LKT3cbK4bl7/E9+eST1cEhl/jA=",
"owner": "w4",
"repo": "rgit",
"rev": "9224aa1a006acb6af6da8cfbee82278612bd05d0",
"type": "github"
},
"original": {
"owner": "w4",
"repo": "rgit",
"type": "github"
}
},
"root": {
"inputs": {
"elmskell-blog": "elmskell-blog",
"nixpkgs": "nixpkgs_2",
"jank-client": "jank-client",
"math-project": "math-project",
"nixpkgs": "nixpkgs_4",
"noshell": "noshell",
"rgit": "rgit",
"spacebar-server": "spacebar-server"
}
},
"spacebar-server": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1748414795,
@ -158,6 +349,57 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1747912973,
"narHash": "sha256-XgxghfND8TDypxsMTPU2GQdtBEsHTEc3qWE6RVEk8O0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "020cb423808365fa3f10ff4cb8c0a25df35065a3",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

13
flake.nix
View file

@ -1,9 +1,10 @@
{
description = "server flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/release-25.05";
nixpkgs.url = "nixpkgs/nixos-unstable";
noshell.url = "github:viperML/noshell";
spacebar-server.url = "github:spacebarchat/server";
rgit.url = "github:w4/rgit";
elmskell-blog.url = "git+file:///var/lib/git-server/blog.git";
jank-client.url = "git+file:///var/lib/git-server/jank-client-fork.git";
@ -18,6 +19,7 @@
spacebar-server,
jank-client,
math-project,
rgit,
...
}: let
system = "x86_64-linux";
@ -29,6 +31,8 @@
inherit system;
inherit elmskell-blog;
inherit spacebar-server;
inherit math-project;
inherit rgit;
ssh-pub-keys = import ./ssh-pub-keys.nix;
};
modules = [
@ -39,15 +43,16 @@
jank-client.nixosModules.x86_64-linux.default
./services/spacebar.nix
./services/rgit.nix
# ./services/rgit.nix
./services/gitea.nix
./services/translate.nix
noshell.nixosModules.default
{programs.noshell.enable = true;}
math-project.nixosModules.default
{programs.math-project.enable = true;}
math-project.nixosModules.x86_64-linux.default
{services.math-project.enable = true;}
./services/math-project.nix
./configuration.nix

5
services/blog.nix
View file

@ -49,7 +49,12 @@ in {
Type = "simple";
ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
};
wantedBy = ["multi-user.target"];
};
environment.etc."blog.ferron.yaml" = {
source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix;

5
services/elmskell.nix
View file

@ -39,7 +39,12 @@ in {
Type = "simple";
ExecStart = "/etc/nixos/services/elmskell/elmskell";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
};
wantedBy = ["multi-user.target"];
};
services.tor = {
enable = true;

1
services/ferron.nix
View file

@ -50,6 +50,7 @@ in {
ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml";
RemainAfterExit = true;
};
wantedBy = ["multi-user.target"];
};
environment.etc."ferron.yaml" = {

28
services/gitea.nix Executable file
View file

@ -0,0 +1,28 @@
{
pkgs,
lib,
...
}: {
systemd.services.gitea = {
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe pkgs.forgejo} -c /etc/gitea/config.ini";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
User = "git";
Group = "git";
};
wantedBy = ["multi-user.target"];
};
environment.etc."gitea/config.ini.default" = {
text = ''
WORK_PATH = /var/lib/git-server
[server]
HTTP_PORT = 8000
'';
mode = "644";
};
}

9
services/math-project.nix
View file

@ -29,7 +29,7 @@ in {
METRICS_BIND = "[::1]:9283";
METRICS_BIND_NETWORK = "tcp";
POLICY_FNAME = "/etc/anubis/math-project.botPolicies.yaml";
TARGET = "http://localhost:8080";
TARGET = "http://localhost:8081";
};
};
};
@ -42,8 +42,13 @@ in {
systemd.services.math-project = {
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe math-project}";
ExecStart = "${lib.getExe math-project.packages.x86_64-linux.default}";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
};
wantedBy = ["multi-user.target"];
};
}

33
services/rgit.nix
View file

@ -1,23 +1,16 @@
{
virtualisation.docker = {
enable = true;
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.rgit = {
image = "ghcr.io/w4/rgit:main";
ports = [
"8000:8000"
];
volumes = [
"/var/lib/git-server:/git:ro"
];
cmd = [
"[::]:8000"
"/git"
"-d /tmp/rgit-cache.db"
];
environment = {
REFRESH_INTERVAL = "5m";
{rgit, ...}: {
systemd.services.rgit = {
serviceConfig = {
Type = "simple";
ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:8000 /var/lib/git-server";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelay = "1m";
RestartSec = "100ms";
RestartSteps = 9;
User = "git";
Group = "git";
};
wantedBy = ["multi-user.target"];
};
}

23
services/rgit.nix.bak Executable file
View file

@ -0,0 +1,23 @@
{
virtualisation.docker = {
enable = true;
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers.rgit = {
image = "ghcr.io/w4/rgit:main";
ports = [
"8000:8000"
];
volumes = [
"/var/lib/git-server:/git:ro"
];
cmd = [
"[::]:8000"
"/git"
"-d /tmp/rgit-cache.db"
];
environment = {
REFRESH_INTERVAL = "5m";
};
};
}

5
services/spacebar.nix
View file

@ -45,7 +45,12 @@ in {
RemainAfterExit = true;
User = "spacebar";
Group = "spacebar";
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
};
wantedBy = ["multi-user.target"];
environment = {
DATABASE = "/var/lib/spacebar-server/database.db";
STORAGE_LOCATION = "/var/lib/spacebar-server/files/";

7
services/translate.nix
View file

@ -41,8 +41,13 @@ in {
systemd.services.translate = {
serviceConfig = {
Type = "simple";
ExecStart = "${lib.getExe pkgs.libretranslate}";
ExecStart = "${lib.getExe pkgs.libretranslate} --port 8108";
RemainAfterExit = true;
Restart = "always";
RestartMaxDelaySec = "1m";
RestartSec = "100ms";
RestartSteps = 9;
};
wantedBy = ["multi-user.target"];
};
}