diaz/nix_config_fabian
1
0
Fork 0
forked from fabian/nix_config
Code Pull requests Activity

vps: remove unused modues

Browse source 
authentik
bepasty
firefly
jellyfin
jitsi
kuma
roundcube
This commit is contained in:
Fabian Montero 2025-01-23 07:40:49 -06:00
parent 4e63a64248
commit 9db5b156dd
Signed by untrusted user: fabian
GPG key ID: 1FFAC35E1798174F
8 changed files with 0 additions and 346 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
sys/platforms/vps/srv/authentik.nix
View file

@ -1,110 +0,0 @@
{
lib,
pkgs,
flakes,
...
}:
with lib; {
imports = [flakes.authentik-nix.nixosModules.default];
options = {
services.nginx.virtualHosts = mkOption {
type = with lib.types;
attrsOf (
submodule
(
{config, ...}: {
options = {
enableAuthentik = mkOption {
default = false;
type = bool;
};
locations = mkOption {
type = attrsOf (
submodule {
config = mkIf config.enableAuthentik {
extraConfig = ''
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
'';
};
}
);
};
};
config = mkIf config.enableAuthentik {
extraConfig = ''
proxy_buffers 8 16k;
proxy_buffer_size 32k;
location /outpost.goauthentik.io {
proxy_pass http://localhost:9000/outpost.goauthentik.io;
# ensure the host of this vserver matches your external URL you've configured
# in authentik
proxy_set_header Host $host;
proxy_redirect http://localhost:9000 https://auth.posixlycorrect.com;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
# required for POST requests to work
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location @goauthentik_proxy_signin {
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
# For domain level, use the below error_page to redirect to your authentik server with the full redirect path
# return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri;
}
'';
};
}
)
);
};
};
config = {
services = {
authentik = {
enable = true;
environmentFile = "/var/trust/authentik/authentik-env";
nginx = {
enable = true;
enableACME = true;
host = "auth.posixlycorrect.com";
};
settings = {
email = {
host = "smtp.fastmail.com";
port = 587;
username = "fabianmontero@fastmail.com";
use_tls = true;
use_ssl = false;
from = "auth@posixlycorrect.com";
};
disable_startup_analytics = true;
avatars = "initials";
};
};
};
};
}

40
sys/platforms/vps/srv/bepasty.nix
View file

@ -1,40 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."send.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:8989";
};
};
};
bepasty = {
enable = true;
servers = {
"send" = {
bind = "127.0.0.1:8989";
secretKeyFile = "/var/trust/bepasty/secretKeyFile";
dataDir = "/mnt/export2011/data";
defaultPermissions = "read,create,delete";
extraConfig = ''
SITENAME = 'send.posixlycorrect.com'
MAX_ALLOWED_FILE_SIZE = 4 * 1000 * 1000 * 1000
SESSION_COOKIE_SECURE = True
ASCIINEMA_THEME = 'asciinema'
'';
};
};
};
};
}

7
sys/platforms/vps/srv/default.nix
View file

@ -9,18 +9,11 @@ with lib; {
imports = [
./net.nix
./mediawiki.nix
# ./jitsi.nix
./forgejo.nix
./vaultwarden.nix
# ./bepasty.nix
# ./jellyfin.nix
./msmtp.nix
./kuma.nix
# ./authentik.nix consumes too much RAM and serves no purpose for now
./paperless.nix
./trilium.nix
# ./firefly.nix gnucash is better
./roundcube.nix
./syncthing.nix
];
}

33
sys/platforms/vps/srv/firefly.nix
View file

@ -1,33 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."firefly.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
firefly-iii = {
enable = true;
user = "firefly-iii";
dataDir = "/var/lib/firefly-iii";
enableNginx = true;
virtualHost = "firefly.posixlycorrect.com";
settings = {
SITE_OWNER = "fabian@posixlycorrect.com";
DB_CONNECTION = "sqlite";
APP_ENV = "local";
APP_KEY_FILE = "/var/trust/firefly/key_file";
};
};
};
}

30
sys/platforms/vps/srv/jellyfin.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."stream.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://localhost:8096";
};
};
};
jellyfin = {
enable = true;
user = "jellyfin";
group = "jellyfin";
dataDir = "/mnt/export2008/jellyfin/dataDir";
cacheDir = "/mnt/export2008/jellyfin/cacheDir";
};
};
}

35
sys/platforms/vps/srv/jitsi.nix
View file

@ -1,35 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."meet.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
jitsi-meet = {
enable = true;
hostName = "meet.posixlycorrect.com";
nginx.enable = true;
config = {
enableWelcomePage = true;
prejoinPageEnabled = true;
defaultLang = "en";
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
jitsi-videobridge.openFirewall = true;
};
}

29
sys/platforms/vps/srv/kuma.nix
View file

@ -1,29 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."status.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
locations."/" = {
proxyPass = "http://127.0.0.1:4456";
};
};
};
uptime-kuma = {
enable = true;
settings = {
HOST = "127.0.0.1";
PORT = "4456";
};
};
};
}

62
sys/platforms/vps/srv/roundcube.nix
View file

@ -1,62 +0,0 @@
{
lib,
pkgs,
...
}:
with lib; {
services = {
nginx = {
virtualHosts."mail.posixlycorrect.com" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_headers_hash_max_size 512;
proxy_headers_hash_bucket_size 128;
'';
};
};
roundcube = {
enable = true;
hostName = "mail.posixlycorrect.com";
configureNginx = true;
maxAttachmentSize = 2048; #MB
package = pkgs.roundcube.withPlugins (plugins: [
#plugins.carddav
plugins.contextmenu
plugins.custom_from
plugins.persistent_login
]);
plugins = [
"archive"
"attachment_reminder"
#"carddav"
"contextmenu"
"custom_from"
"emoticons"
#"enigma"
"hide_blockquote"
"managesieve"
"markasjunk"
"newmail_notifier"
"password"
"persistent_login"
"reconnect"
"show_additional_headers"
"userinfo"
"vcard_attachments"
"zipdownload"
];
dicts = with pkgs.aspellDicts; [
es
en
];
extraConfig = ''
$config['smtp_host'] = "ssl://smtp.fastmail.com:465";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
$config['imap_host'] = "ssl://imap.fastmail.com:993";
'';
};
};
}