dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

Upgrade to 23.05

Browse source
This commit is contained in:
Tim Schubert 2023-05-28 00:13:05 +02:00 committed by Tim Schubert
parent 5152b7c9bb
commit 7f1a46c0dd
12 changed files with 29 additions and 393 deletions
Download patch file Download diff file Expand all files Collapse all files

46
flake.lock generated
View file

@ -220,20 +220,19 @@
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"lastModified": 1685189510,
"narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
@ -340,11 +339,11 @@
]
},
"locked": {
"lastModified": 1683530131,
"narHash": "sha256-R0RSqj6JdZfru2x/cM19KJMHsU52OjtyxI5cccd+uFc=",
"lastModified": 1685000237,
"narHash": "sha256-pm+2xP9g9sh6wapk1ulg7/1DdENkTNDB7Kx+6lwGs/k=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "10079333313ff62446e6f2b0e7c5231c7431d269",
"rev": "05bef004794f352ea12475a89f3f55b4102c0728",
"type": "github"
},
"original": {
@ -355,11 +354,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1684169666,
"narHash": "sha256-N5jrykeSxLVgvm3Dd3hZ38/XwM/jU+dltqlXgrGlYxk=",
"lastModified": 1684899633,
"narHash": "sha256-NtwerXX8UFsoNy6k+DukJMriWtEjQtMU/Urbff2O2Dg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "71ce85372a614d418d5e303dd5702a79d1545c04",
"rev": "4cc688ee711159b9bcb5a367be44007934e1a49d",
"type": "github"
},
"original": {
@ -418,16 +417,16 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1684398685,
"narHash": "sha256-TRE62m91iZ5ArVMgA+uj22Yda8JoQuuhc9uwZ+NoX+0=",
"lastModified": 1685094109,
"narHash": "sha256-u+awry81RAVV+fJBCZt+GKWsISSLJKUNbVwKccHeaPU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "628d4bb6e9f4f0c30cfd9b23d3c1cdcec9d3cb5c",
"rev": "551a52bfdd02e7b75be5faf9b42f864112d88654",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
@ -569,21 +568,6 @@
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

4
flake.nix
View file

@ -2,10 +2,10 @@
description = "dadada's nix flake";
inputs = {
nixpkgs.url = github:NixOS/nixpkgs/nixos-22.11;
nixpkgs.url = github:NixOS/nixpkgs/nixos-23.05;
flake-utils.url = github:numtide/flake-utils;
home-manager = {
url = github:nix-community/home-manager/release-22.11;
url = github:nix-community/home-manager/release-23.05;
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = github:NixOS/nixos-hardware/master;

1
home/home/pkgs.nix
View file

@ -110,7 +110,6 @@ with pkgs; [
reptyr
ripgrep
ripgrep
rust-analyzer
rustup
saleae-logic-2
sd # search and displace like sed but with better syntax

1
nixos/agares/configuration.nix
View file

@ -26,7 +26,6 @@
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
boot.kernelParams = [

2
nixos/gorgon/configuration.nix
View file

@ -59,7 +59,6 @@ in
dadada = {
#headphones.enable = true;
steam.enable = true;
kanboard.enable = true;
#fido2 = {
# credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000";
# enablePam = true;
@ -151,7 +150,6 @@ in
virtualisation.podman = {
enable = true;
dockerCompat = true;
defaultNetwork.dnsname.enable = true;
};
users.users = {

1
nixos/ifrit/configuration.nix
View file

@ -26,7 +26,6 @@ in
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
# weird issues with crappy plastic router

2
nixos/modules/admin.nix
View file

@ -77,7 +77,7 @@ in
programs.zsh.enable = mkDefault true;
services.sshd.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.settings.PasswordAuthentication = false;
security.sudo.wheelNeedsPassword = false;
services.openssh.openFirewall = true;

1
nixos/modules/default.nix
View file

@ -9,7 +9,6 @@
gitea = import ./gitea.nix;
headphones = import ./headphones.nix;
homepage = import ./homepage.nix;
kanboard = import ./kanboard;
miniflux = import ./miniflux.nix;
networking = import ./networking.nix;
inputs = import ./inputs.nix;

17
nixos/modules/gitea.nix
View file

@ -14,20 +14,24 @@ in
services.gitea = {
enable = true;
appName = "dadada Gitea";
rootUrl = "https://git.dadada.li/";
log.level = "Error";
domain = config.networking.domain;
cookieSecure = true;
enableUnixSocket = true;
database = {
type = "postgres";
};
disableRegistration = true;
settings = {
service = {
DISABLE_REGISTRATION = true;
};
sessions = {
COOKIE_SECURE = true;
};
server = {
ROOT_URL = "https://git.dadada.li/";
PROTOCOL = "http+unix";
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
DOMAIN = "git.dadada.li";
};
picture = {
DISABLE_GRAVATAR = true;
@ -41,6 +45,7 @@ in
};
log = {
DISABLE_ROUTER_LOG = true;
LEVEL = "Error";
};
cache = {
ENABLE = true;

67
nixos/modules/kanboard/default.nix
View file

@ -1,67 +0,0 @@
# Source https://github.com/NixOS/nixpkgs/issues/113384
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.dadada.kanboard;
in
{
options = {
dadada.kanboard.enable = lib.mkEnableOption "Enable Kanboard";
};
config = lib.mkIf cfg.enable {
services.phpfpm.pools.kanboard = {
user = "kanboard";
group = "kanboard";
settings = {
"listen.group" = "nginx";
"pm" = "static";
"pm.max_children" = 4;
};
};
users.users.kanboard.isSystemUser = true;
users.users.kanboard.group = "kanboard";
users.groups.kanboard.members = [ "kanboard" ];
systemd.tmpfiles.rules = [
"d /var/lib/kanboard/data 0750 kanboard nginx - -"
];
services.nginx = {
enable = true;
virtualHosts."kanboard.dadada.li" = {
root = pkgs.buildEnv {
name = "kanboard-configured";
paths = [
(pkgs.runCommand "kanboard-over" { meta.priority = 0; } ''
mkdir -p $out
for f in index.php jsonrpc.php ; do
echo "<?php require('$out/config.php');" > $out/$f
tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
| sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
done
ln -s /var/lib/kanboard $out/data
ln -s ${./kanboard-config.php} $out/config.php
'')
{
outPath = "${pkgs.kanboard}/share/kanboard";
meta.priority = 10;
}
];
};
locations = {
"/".index = "index.php";
"~ \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
'';
};
};
};
};
};
}

279
nixos/modules/kanboard/kanboard-config.php
View file

@ -1,279 +0,0 @@
<?php
/*******************************************************************/
/* Rename this file to config.php if you want to change the values */
/* */
/* Make sure all paths are absolute by using __DIR__ where needed */
/*******************************************************************/
// Data folder (must be writeable by the web server user and absolute)
define('DATA_DIR', '/var/lib/kanboard/data');
// Enable/Disable debug
define('DEBUG', false);
// Available log drivers: syslog, stderr, stdout, system or file
define('LOG_DRIVER', 'system');
// Log filename if the log driver is "file"
define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
// Plugins directory
define('PLUGINS_DIR', __DIR__.DIRECTORY_SEPARATOR.'plugins');
// Plugins directory URL
define('PLUGIN_API_URL', 'https://kanboard.org/plugins.json');
// Enable/Disable plugin installer (Disabled by default for security reasons)
// There is no code review or any approval process to submit a plugin.
// This is up to the Kanboard instance owner to validate if a plugin is legit.
define('PLUGIN_INSTALLER', false);
// Available cache drivers are "file" and "memory"
define('CACHE_DRIVER', 'memory');
// Cache folder to use if cache driver is "file" (must be writeable by the web server user)
define('CACHE_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'cache');
// Folder for uploaded files (must be writeable by the web server user)
define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
// Enable/disable email configuration from the user interface
define('MAIL_CONFIGURATION', true);
// E-mail address used for the "From" header (notifications)
define('MAIL_FROM', 'replace-me@kanboard.local');
// E-mail address used for the "Bcc" header to send a copy of all notifications
define('MAIL_BCC', '');
// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'mail');
// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', '');
define('MAIL_SMTP_PORT', 25);
define('MAIL_SMTP_USERNAME', '');
define('MAIL_SMTP_PASSWORD', '');
define('MAIL_SMTP_HELO_NAME', null); // valid: null (default), or FQDN
define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
// Sendmail command to use when the transport is "sendmail"
define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
// Run automatically database migrations
// If set to false, you will have to run manually the SQL migrations from the CLI during the next Kanboard upgrade
// Do not run the migrations from multiple processes at the same time (example: web page + background worker)
define('DB_RUN_MIGRATIONS', true);
// Database driver: sqlite, mysql or postgres (sqlite by default)
define('DB_DRIVER', 'sqlite');
// Mysql/Postgres username
define('DB_USERNAME', 'root');
// Mysql/Postgres password
define('DB_PASSWORD', '');
// Mysql/Postgres hostname
define('DB_HOSTNAME', 'localhost');
// Mysql/Postgres database name
define('DB_NAME', 'kanboard');
// Mysql/Postgres custom port (null = default port)
define('DB_PORT', null);
// Mysql SSL key
define('DB_SSL_KEY', null);
// Mysql SSL certificate
define('DB_SSL_CERT', null);
// Mysql SSL CA
define('DB_SSL_CA', null);
// Mysql SSL server verification, set to false if you don't want the Mysql driver to validate the certificate CN
define('DB_VERIFY_SERVER_CERT', null);
// Timeout value for PDO attribute
define('DB_TIMEOUT', null);
// Enable LDAP authentication (false by default)
define('LDAP_AUTH', false);
// LDAP server protocol, hostname and port URL (ldap[s]://hostname:port)
define('LDAP_SERVER', '');
// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', true);
// Enable LDAP START_TLS
define('LDAP_START_TLS', false);
// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);
// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'anonymous');
// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', null);
// LDAP password to use for proxy mode
define('LDAP_PASSWORD', null);
// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', '');
// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', '');
// LDAP attribute for username
// Example for ActiveDirectory: 'sAMAccountName'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'uid');
// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'cn');
// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
// LDAP attribute for user avatar image: thumbnailPhoto or jpegPhoto
define('LDAP_USER_ATTRIBUTE_PHOTO', '');
// LDAP attribute for user language, example: 'preferredlanguage'
// Put an empty string to disable language sync
define('LDAP_USER_ATTRIBUTE_LANGUAGE', '');
// Automatically create a user profile when a user authenticates via LDAP.
// If set to false, only LDAP users can log in for whom a Kanboard profile already exists.
define('LDAP_USER_CREATION', true);
// Set new user as Manager
define('LDAP_USER_DEFAULT_ROLE_MANAGER', false);
// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', '');
// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', '');
// Enable LDAP group provider for project permissions
// The end-user will be able to browse LDAP groups from the user interface and allow access to specified projects
define('LDAP_GROUP_PROVIDER', false);
// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', '');
// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '');
// LDAP user group filter
// If this filter is configured, Kanboard will search user groups in LDAP_GROUP_BASE_DN with this filter
// Example for OpenLDAP: (&(objectClass=posixGroup)(memberUid=%s))
define('LDAP_GROUP_USER_FILTER', '');
// LDAP attribute for the user in the group filter
// 'username' or 'dn'
define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
// LDAP attribute for the group name
define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
// Enable/Disable groups synchronization when external authentication is used.
define('LDAP_GROUP_SYNC', true);
// Enable/disable the reverse proxy authentication
define('REVERSE_PROXY_AUTH', false);
// Header name to use for the username
define('REVERSE_PROXY_USER_HEADER', 'REMOTE_USER');
// Username of the admin, by default blank
define('REVERSE_PROXY_DEFAULT_ADMIN', '');
// Header name to use for the username
define('REVERSE_PROXY_EMAIL_HEADER', 'REMOTE_EMAIL');
// Default domain to use for setting the email address
define('REVERSE_PROXY_DEFAULT_DOMAIN', '');
// Enable/disable remember me authentication
define('REMEMBER_ME_AUTH', true);
// Enable or disable "Strict-Transport-Security" HTTP header
define('ENABLE_HSTS', true);
// Enable or disable "X-Frame-Options: DENY" HTTP header
define('ENABLE_XFRAME', true);
// Escape html inside markdown text
define('MARKDOWN_ESCAPE_HTML', true);
// API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
define('API_AUTHENTICATION_HEADER', '');
// Enable/disable url rewrite
define('ENABLE_URL_REWRITE', false);
// Hide login form, useful if all your users use Google/Github/ReverseProxy authentication
define('HIDE_LOGIN_FORM', false);
// Disabling logout (useful for external SSO authentication)
define('DISABLE_LOGOUT', false);
// Enable captcha after 3 authentication failure
define('BRUTEFORCE_CAPTCHA', 3);
// Lock the account after 6 authentication failure
define('BRUTEFORCE_LOCKDOWN', 6);
// Lock account duration in minute
define('BRUTEFORCE_LOCKDOWN_DURATION', 15);
// Session duration in second (0 = until the browser is closed)
// See http://php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
define('SESSION_DURATION', 0);
// Session handler: db or php
define('SESSION_HANDLER', 'db');
// HTTP client proxy
define('HTTP_PROXY_HOSTNAME', '');
define('HTTP_PROXY_PORT', '3128');
define('HTTP_PROXY_USERNAME', '');
define('HTTP_PROXY_PASSWORD', '');
define('HTTP_PROXY_EXCLUDE', 'localhost');
// Set to false to allow self-signed certificates
define('HTTP_VERIFY_SSL_CERTIFICATE', true);
// TOTP (2FA) issuer name
define('TOTP_ISSUER', 'Kanboard');
// Comma separated list of fields to not synchronize when using external authentication providers
define('EXTERNAL_AUTH_EXCLUDE_FIELDS', 'username');
// Enable or disable displaying group-memberships in userlist (true by default)
define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST', true);
// Limit number of groups to display in userlist (The full list of group-memberships is always shown, ...
// ... when hovering the mouse over the group-icon of a given user!)
// If set to 0 ALL group-memberships will be listed (7 by default)
define('SHOW_GROUP_MEMBERSHIPS_IN_USERLIST_WITH_LIMIT', 7);

1
nixos/surgat/configuration.nix
View file

@ -72,7 +72,6 @@ in
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.interfaces."ens3".ipv6.addresses = [