From 409b5778182111685985de48636b591a5a1d7485 Mon Sep 17 00:00:00 2001 From: goeranh Date: Fri, 24 Oct 2025 16:37:57 +0200 Subject: [PATCH] misc --- README.md | 15 +++++++ hosts/authentik/authentik.nix | 5 +++ hosts/authentik/default.nix | 15 ------- hosts/git/default.nix | 22 ++++++++++ hosts/redmine/default.nix | 35 +++++++++++++++ hosts/redmine/hardware-configuration.nix | 38 ++++++++++++++++ hosts/redmine/hetzner-disk.nix | 56 ++++++++++++++++++++++++ 7 files changed, 171 insertions(+), 15 deletions(-) create mode 100644 hosts/redmine/default.nix create mode 100644 hosts/redmine/hardware-configuration.nix create mode 100644 hosts/redmine/hetzner-disk.nix diff --git a/README.md b/README.md index e4d3b04..02b17dd 100644 --- a/README.md +++ b/README.md @@ -2,3 +2,18 @@ neue mailserver config, ersetzt von Hand konfiguriertes FreeBSD Relay System ohne Mailkonten. Ziel ist es den Identity-Provider goauthentik mit ldap an simple-nixos-mailserver anzubinden. + +# Ordner Hosts +jeder ornder ist ein system +- authentik +- mail +- git + +Datei hosts//default.nix wird evaluiert und muss die alle weiteren z.B. authentik.nix importieren. + +# Todo +- mailverteiler mitgliedschaft aus ldap gruppen? +- aliase aus ldap attributen? +- forgejo an authentik via oauth + +- demo mäßg redmine in container copieren diff --git a/hosts/authentik/authentik.nix b/hosts/authentik/authentik.nix index 0a74073..48734e7 100644 --- a/hosts/authentik/authentik.nix +++ b/hosts/authentik/authentik.nix @@ -11,6 +11,11 @@ extraGroups = [ "docker" ]; group = "authentik"; }; + systemd.services = { + authentik-secrets-setup = { + enable = true; + }; + }; services.authentik-ldap = { enable = true; environmentFile = "/var/lib/authentik-ldap-env"; diff --git a/hosts/authentik/default.nix b/hosts/authentik/default.nix index afe6f6a..0bb95a3 100644 --- a/hosts/authentik/default.nix +++ b/hosts/authentik/default.nix @@ -4,13 +4,6 @@ pkgs, ... }: -let - keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" - ]; - -in { imports = [ ./hardware-configuration.nix @@ -40,14 +33,6 @@ in "1.1.1.1" ]; - services.nginx.virtualHosts."lists.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - # locations."/" = { - # proxyPass = "http://127.0.0.1:18507"; - # }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 diff --git a/hosts/git/default.nix b/hosts/git/default.nix index 1f9912e..88c398e 100644 --- a/hosts/git/default.nix +++ b/hosts/git/default.nix @@ -50,6 +50,28 @@ in ]; services.openssh.enable = true; + services.forgejo = { + enable = true; + settings = { + + server = { + PROTOCOL = "http+unix"; + HTTP_ADDR = "/var/run/forgejo.sock"; + ROOT_URL = "https://${config.networking.fqdn}"; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts."git.htw.stura-dresden.de" = { + locations."/" = { + recommendedProxySettings = true; + proxyWebsockets = true; + proxyPass = "http://unix:/var/run/forgejo.sock"; + }; + }; + }; # virtualisation.docker.enable = true; security.acme.acceptTerms = true; diff --git a/hosts/redmine/default.nix b/hosts/redmine/default.nix new file mode 100644 index 0000000..e6ada93 --- /dev/null +++ b/hosts/redmine/default.nix @@ -0,0 +1,35 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + imports = [ + ./hardware-configuration.nix + ]; + + networking.hostName = "redmine"; + networking.domain = "test.htw.stura-dresden.de"; + networking.interfaces.ens18.ipv4.addresses = [ + { + address = "141.56.51.1235"; + prefixLength = 24; + } + ]; + networking.defaultGateway.address = "141.56.51.254"; + + + security.acme.acceptTerms = true; + security.acme.defaults.email = "cert@stura.htw-dresden.de"; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + 443 + 597 + ]; + + system.stateVersion = "24.11"; + +} diff --git a/hosts/redmine/hardware-configuration.nix b/hosts/redmine/hardware-configuration.nix new file mode 100644 index 0000000..b92ae55 --- /dev/null +++ b/hosts/redmine/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/redmine/hetzner-disk.nix b/hosts/redmine/hetzner-disk.nix new file mode 100644 index 0000000..a679e7c --- /dev/null +++ b/hosts/redmine/hetzner-disk.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +}