kb01/aux-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added senfnvp Stack (development)
All checks were successful
/ Check Nix Flake (push) Successful in 2m1s
Details

Browse source
This commit is contained in:
Kaybee 2025-05-07 00:34:49 +02:00
parent 084d54dc03
commit 4c88455552
Signed by: kb01
SSH key fingerprint: SHA256:kv2GYUy1MZEqusYnS+Y9nMgrpv77jhm+3kknl3UGV1k
4 changed files with 218 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
modules/nixos/suites/senfnvp/README.md Normal file
View file

@ -0,0 +1,39 @@
# Senfnvp Stack
The Senfnvp Stack contains Web Infra-structure.
## Notes
``` nix
senfnvp = {
enable = true;
hostname = "senfnvp.kb-one.de";
# Defaults
proxy.enable = true;
website.enable = true;
forgejo.enable = true;
forgejo.initializeDatabase = false; # Only use once!
forgejo.enableFail2Ban = true;
keycloak.enable = true;
keycloak.initializeDatabase = false; # Only use once!
docker-compose.enable = true; # Configuration for Docker-Compose support for Mailcow
};
```
### The Database
The Database Server is enabled when when you enable the Stack itself.
When you Activate a Service you might want to Edit the File at `./database/init-servicename.template.sql`. If you have a Database-Dump, place it there with the Naming-Sheme `./database/init-servicename.sql`. When creating a new Setup you can just run `cp init-servicename.template.sql init-servicename.sql` to use the template. The template only creates the Database, User and Password and lets it to the Service create its Tables.
Basically the order is like this:
- Create Secrets `sops ./secrets.yaml`
- Apply Template `cp ./database/init-forgejo.template.sql ./database/init-forgejo.sql`
- Initialize ´forgejo.enable = true; forgejo.initializeDatabase = true;`
- Apply config `nixos-rebuild switch --flake .`
- Wait for Initialisation
- Wait! Dumps will take time!
- Enable Production `forgejo.enable = true; forgejo.initializeDatabase = false;`
- Apply config `nixos-rebuild switch --flake .`
-

84
modules/nixos/suites/senfnvp/default.nix Normal file
View file

@ -0,0 +1,84 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.senfnvp;
in
{
imports = [
./website.nix
./forgejo.nix
];
options.suites.senfnvp.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = false;
description = "Enables the senfnvp Stack";
};
options.suites.senfnvp.hostname = lib.mkOption {
type = with lib.types; string;
default = "kb-one.de";
description = "Hostname of senfnvp Stack";
};
options.suites.senfnvp.database.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable senfnvp Database";
};
options.suites.senfnvp.proxy.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable senfnvp Proxy";
};
config = lib.mkIf (cfg.enable) {
containers.proxy = lib.mkIf (cfg.enable && cfg.proxy.enable) {
autoStart = true;
config = { config, pkgs, lib, ... }: {
services.traefik = {
enable = true;
staticConfigOptions = {
entryPoints = {
web = {
address = ":80";
asDefault = true;
http.redirections.entrypoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {
address = ":443";
asDefault = true;
http.tls.certResolver = "letsencrypt";
};
git-ssh.address = ":9522";
};
certificatesResolvers.letsencrypt.acme = {
tlsChallenge = {};
storage = "/var/secrets/traefik/acme.json";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 9522];
};
};
# Core Container
# A Guide to Nix Containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
containers.core = {
autoStart = true;
privateNetwork = true;
config = { config, pkgs, lib, ... }: {
};
};
};
}

54
modules/nixos/suites/senfnvp/forgejo.nix Normal file
View file

@ -0,0 +1,54 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.senfnvp;
in
{
options.suites.senfnvp.forgejo.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable Forgejo";
};
options.suites.senfnvp.forgejo.sshPort = lib.mkOption {
type = with lib.types; port;
default = 9522;
description = "Forgejo SSH Port";
};
options.suites.senfnvp.forgejo.httpPort = lib.mkOption {
type = with lib.types; port;
default = 3000;
description = "Forgejo http Port";
};
config = lib.mkIf (cfg.enable && cfg.forgejo.enable) {
containers.forgejo = {
autoStart = true;
config = {
services.forgejo = {
enable = !cfg.forgejo.initializeDatabase;
settings.server = {
ROOT_URL = "git.${cfg.hostname}";
SSH_PORT = cfg.forgejo.sshPort;
HTTP_PORT = cfg.forgejo.httpPort;
};
database = {
type = "postgres";
#host = "127.0.0.1"; # default Value
port = cfg.database.port;
#name = "forgejo"; # default Value
#user = "forgejo"; # default Value
passwordFile = "";
};
};
};
};
};
}

41
modules/nixos/suites/senfnvp/website.nix Normal file
View file

@ -0,0 +1,41 @@
{
inputs,
config,
lib,
pkgs,
system,
...
}:
let
cfg = config.suites.senfnvp;
in
{
options.suites.senfnvp.website.enable = lib.mkOption {
type = with lib.types; uniq bool;
default = true;
description = "Enable senfnvp Website (kb-one.de)";
};
options.suites.senfnvp.website.httpPort = lib.mkOption {
type = with lib.types; port;
default = 8080;
description = "Website HTTP Port";
};
config = lib.mkIf (cfg.enable && cfg.website.enable) {
containers.website = {
autoStart = true;
config = {
services.nginx.enable = true;
services.nginx.virtualHosts."${cfg.hostname}" = {
root = "/var/www/${cfg.hostname}";
listen = [{
addr = "127.0.0.1";
port = cfg.website.httpPort;
}];
};
};
};
};
}