diff --git a/sys/platforms/vps/srv/authentik.nix b/sys/platforms/vps/srv/authentik.nix deleted file mode 100644 index 8b68fe3..0000000 --- a/sys/platforms/vps/srv/authentik.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - lib, - pkgs, - flakes, - ... -}: -with lib; { - imports = [flakes.authentik-nix.nixosModules.default]; - - options = { - services.nginx.virtualHosts = mkOption { - type = with lib.types; - attrsOf ( - submodule - ( - {config, ...}: { - options = { - enableAuthentik = mkOption { - default = false; - type = bool; - }; - locations = mkOption { - type = attrsOf ( - submodule { - config = mkIf config.enableAuthentik { - extraConfig = '' - auth_request /outpost.goauthentik.io/auth/nginx; - error_page 401 = @goauthentik_proxy_signin; - auth_request_set $auth_cookie $upstream_http_set_cookie; - add_header Set-Cookie $auth_cookie; - - # translate headers from the outposts back to the actual upstream - auth_request_set $authentik_username $upstream_http_x_authentik_username; - auth_request_set $authentik_groups $upstream_http_x_authentik_groups; - auth_request_set $authentik_email $upstream_http_x_authentik_email; - auth_request_set $authentik_name $upstream_http_x_authentik_name; - auth_request_set $authentik_uid $upstream_http_x_authentik_uid; - - proxy_set_header X-authentik-username $authentik_username; - proxy_set_header X-authentik-groups $authentik_groups; - proxy_set_header X-authentik-email $authentik_email; - proxy_set_header X-authentik-name $authentik_name; - proxy_set_header X-authentik-uid $authentik_uid; - ''; - }; - } - ); - }; - }; - config = mkIf config.enableAuthentik { - extraConfig = '' - proxy_buffers 8 16k; - proxy_buffer_size 32k; - - location /outpost.goauthentik.io { - proxy_pass http://localhost:9000/outpost.goauthentik.io; - # ensure the host of this vserver matches your external URL you've configured - # in authentik - proxy_set_header Host $host; - proxy_redirect http://localhost:9000 https://auth.posixlycorrect.com; - proxy_set_header X-Original-URL $scheme://$http_host$request_uri; - add_header Set-Cookie $auth_cookie; - auth_request_set $auth_cookie $upstream_http_set_cookie; - - # required for POST requests to work - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - } - - location @goauthentik_proxy_signin { - internal; - add_header Set-Cookie $auth_cookie; - return 302 /outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; - # For domain level, use the below error_page to redirect to your authentik server with the full redirect path - # return 302 https://authentik.company/outpost.goauthentik.io/start?rd=$scheme://$http_host$request_uri; - } - ''; - }; - } - ) - ); - }; - }; - - config = { - services = { - authentik = { - enable = true; - environmentFile = "/var/trust/authentik/authentik-env"; - nginx = { - enable = true; - enableACME = true; - host = "auth.posixlycorrect.com"; - }; - settings = { - email = { - host = "smtp.fastmail.com"; - port = 587; - username = "fabianmontero@fastmail.com"; - use_tls = true; - use_ssl = false; - from = "auth@posixlycorrect.com"; - }; - disable_startup_analytics = true; - avatars = "initials"; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/bepasty.nix b/sys/platforms/vps/srv/bepasty.nix deleted file mode 100644 index 964dbec..0000000 --- a/sys/platforms/vps/srv/bepasty.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."send.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:8989"; - }; - }; - }; - - bepasty = { - enable = true; - servers = { - "send" = { - bind = "127.0.0.1:8989"; - secretKeyFile = "/var/trust/bepasty/secretKeyFile"; - dataDir = "/mnt/export2011/data"; - defaultPermissions = "read,create,delete"; - extraConfig = '' - SITENAME = 'send.posixlycorrect.com' - MAX_ALLOWED_FILE_SIZE = 4 * 1000 * 1000 * 1000 - SESSION_COOKIE_SECURE = True - ASCIINEMA_THEME = 'asciinema' - ''; - }; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix index 5fedff9..9a43916 100644 --- a/sys/platforms/vps/srv/default.nix +++ b/sys/platforms/vps/srv/default.nix @@ -9,18 +9,11 @@ with lib; { imports = [ ./net.nix ./mediawiki.nix - # ./jitsi.nix ./forgejo.nix ./vaultwarden.nix - # ./bepasty.nix - # ./jellyfin.nix ./msmtp.nix - ./kuma.nix - # ./authentik.nix consumes too much RAM and serves no purpose for now ./paperless.nix ./trilium.nix - # ./firefly.nix gnucash is better - ./roundcube.nix ./syncthing.nix ]; } diff --git a/sys/platforms/vps/srv/firefly.nix b/sys/platforms/vps/srv/firefly.nix deleted file mode 100644 index e187e3c..0000000 --- a/sys/platforms/vps/srv/firefly.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."firefly.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - }; - }; - - firefly-iii = { - enable = true; - user = "firefly-iii"; - dataDir = "/var/lib/firefly-iii"; - enableNginx = true; - virtualHost = "firefly.posixlycorrect.com"; - settings = { - SITE_OWNER = "fabian@posixlycorrect.com"; - DB_CONNECTION = "sqlite"; - APP_ENV = "local"; - APP_KEY_FILE = "/var/trust/firefly/key_file"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/jellyfin.nix b/sys/platforms/vps/srv/jellyfin.nix deleted file mode 100644 index 07c8896..0000000 --- a/sys/platforms/vps/srv/jellyfin.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."stream.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://localhost:8096"; - }; - }; - }; - - jellyfin = { - enable = true; - user = "jellyfin"; - group = "jellyfin"; - dataDir = "/mnt/export2008/jellyfin/dataDir"; - cacheDir = "/mnt/export2008/jellyfin/cacheDir"; - }; - }; -} diff --git a/sys/platforms/vps/srv/jitsi.nix b/sys/platforms/vps/srv/jitsi.nix deleted file mode 100644 index 8fa1ccb..0000000 --- a/sys/platforms/vps/srv/jitsi.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."meet.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - }; - }; - - jitsi-meet = { - enable = true; - hostName = "meet.posixlycorrect.com"; - nginx.enable = true; - config = { - enableWelcomePage = true; - prejoinPageEnabled = true; - defaultLang = "en"; - }; - interfaceConfig = { - SHOW_JITSI_WATERMARK = false; - SHOW_WATERMARK_FOR_GUESTS = false; - }; - }; - jitsi-videobridge.openFirewall = true; - }; -} diff --git a/sys/platforms/vps/srv/kuma.nix b/sys/platforms/vps/srv/kuma.nix deleted file mode 100644 index e698c04..0000000 --- a/sys/platforms/vps/srv/kuma.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."status.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:4456"; - }; - }; - }; - uptime-kuma = { - enable = true; - settings = { - HOST = "127.0.0.1"; - PORT = "4456"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/roundcube.nix b/sys/platforms/vps/srv/roundcube.nix deleted file mode 100644 index db156bb..0000000 --- a/sys/platforms/vps/srv/roundcube.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - lib, - pkgs, - ... -}: -with lib; { - services = { - nginx = { - virtualHosts."mail.posixlycorrect.com" = { - enableACME = true; - forceSSL = true; - extraConfig = '' - proxy_headers_hash_max_size 512; - proxy_headers_hash_bucket_size 128; - ''; - }; - }; - - roundcube = { - enable = true; - hostName = "mail.posixlycorrect.com"; - configureNginx = true; - maxAttachmentSize = 2048; #MB - package = pkgs.roundcube.withPlugins (plugins: [ - #plugins.carddav - plugins.contextmenu - plugins.custom_from - plugins.persistent_login - ]); - plugins = [ - "archive" - "attachment_reminder" - #"carddav" - "contextmenu" - "custom_from" - "emoticons" - #"enigma" - "hide_blockquote" - "managesieve" - "markasjunk" - "newmail_notifier" - "password" - "persistent_login" - "reconnect" - "show_additional_headers" - "userinfo" - "vcard_attachments" - "zipdownload" - ]; - dicts = with pkgs.aspellDicts; [ - es - en - ]; - extraConfig = '' - $config['smtp_host'] = "ssl://smtp.fastmail.com:465"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - $config['imap_host'] = "ssl://imap.fastmail.com:993"; - ''; - }; - }; -}