clara/nix-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: clara:f7599b510a51bf5f0dbe1141f6794f3d6d505877
Branches Tags
clara:master
...
compare: clara:682aff159ff19823598100316c65f55b30ced8ea
Branches Tags
clara:master

4 commits
f7599b510a ... 682aff159f

Author SHA1 Message Date
Clara Dautermann
682aff159f
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0?narHash=sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/%2BG0lKfv4kk/5Izdg%3D' (2025-09-10)
  → 'github:NixOS/nixpkgs/8eaee110344796db060382e15d3af0a9fc396e0e?narHash=sha256-iCGWf/LTy%2BaY0zFu8q12lK8KuZp7yvdhStehhyX1v8w%3D' (2025-09-19)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/0bf793823386187dff101ee2a9d4ed26de8bbf8c?narHash=sha256-S9F6bHUBh%2BCFEUalv/qxNImRapCxvSnOzWBUZgK1zDU%3D' (2025-09-10)
  → 'github:Mic92/sops-nix/e0fdaea3c31646e252a60b42d0ed8eafdb289762?narHash=sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ%2BY%3D' (2025-09-21)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/ca77296380960cd497a765102eeb1356eb80fed0?narHash=sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao%3D' (2025-09-05)
  → 'github:NixOS/nixpkgs/12bd230118a1901a4a5d393f9f56b6ad7e571d01?narHash=sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8%3D' (2025-09-19)
 2025-09-22 20:56:04 +02:00
Clara Dautermann
437e954072
disable old mc server and paperless 2025-09-12 14:35:31 +02:00
Clara Dautermann
9cf0afe3e4
flake.lock: Update 
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1?narHash=sha256-rw/PHa1cqiePdBxhF66V7R%2BWAP8WekQ0mCDG4CFqT8Y%3D' (2025-09-02)
  → 'github:NixOS/nixpkgs/ab0f3607a6c7486ea22229b92ed2d355f1482ee0?narHash=sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/%2BG0lKfv4kk/5Izdg%3D' (2025-09-10)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/3223c7a92724b5d804e9988c6b447a0d09017d48?narHash=sha256-t%2Bvoe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U%3D' (2025-08-12)
  → 'github:Mic92/sops-nix/0bf793823386187dff101ee2a9d4ed26de8bbf8c?narHash=sha256-S9F6bHUBh%2BCFEUalv/qxNImRapCxvSnOzWBUZgK1zDU%3D' (2025-09-10)
• Updated input 'sops-nix/nixpkgs':
    'github:NixOS/nixpkgs/ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c?narHash=sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs%3D' (2025-04-17)
  → 'github:NixOS/nixpkgs/ca77296380960cd497a765102eeb1356eb80fed0?narHash=sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao%3D' (2025-09-05)
 2025-09-12 14:24:31 +02:00
Clara Dautermann
96363ea213
setup mastodon 2025-09-12 14:24:10 +02:00
6 changed files with 126 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -28,3 +28,7 @@ creation_rules:
key_groups: key_groups:
- pgp: [*clara] - pgp: [*clara]
age: [*vikunja] age: [*vikunja]
- path_regex: secrets\/mastodon\/*
key_groups:
- pgp: [*clara]
age: [*mastodon]

68
configs/services/mastodon.nix
View file

@ -1,44 +1,36 @@
{ lib, pkgs, config, ... }: { lib, pkgs, config, ... }:
let
http_port = 3000;
dbuname = "misskey";
dbport = 5432;
in
{ {
services = { security.acme = {
misskey = { acceptTerms = true;
enable = true; defaults.email = "fedi@cdaut.de";
settings = { };
url = "https://puppyplaypissparty.de";
port = http_port;
};
settings = {
db = {
user = dbuname;
port = dbport;
};
setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
};
};
postgresql = { # set up smtp pass
enable = true; sops = {
ensureUsers = [ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
{ secrets.smtp_pass = {
name = dbuname; sopsFile = ../../secrets/mastodon/secrets.yaml;
ensureDBOwnership = true;
}
];
ensureDatabases = [
dbuname
];
settings.port = dbport;
};
redis = {
servers."" = {
enable = true;
};
}; };
}; };
networking.firewall.allowedTCPPorts = [ http_port ];
services.mastodon = {
enable = true;
streamingProcesses = 1;
localDomain = "puppyplaypissparty.de";
configureNginx = true;
smtp = {
fromAddress = "fedi@cdaut.de";
host = "mail.cdaut.de";
user = "fedi@cdaut.de";
port = 587;
authenticate = true;
passwordFile = config.sops.secrets.smtp_pass.path;
};
database = {
createLocally = true;
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

44
configs/services/misskey.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, pkgs, config, ... }:
let
http_port = 3000;
dbuname = "misskey";
dbport = 5432;
in
{
services = {
misskey = {
enable = true;
settings = {
url = "https://puppyplaypissparty.de";
port = http_port;
};
settings = {
db = {
user = dbuname;
port = dbport;
};
setupPassword = "VMoV33ov$C6JxVVXHffuVxHaqf^Cbmr9V1GSNgkyF6pq939Wr@c1hgfN7iD9%$De";
};
};
postgresql = {
enable = true;
ensureUsers = [
{
name = dbuname;
ensureDBOwnership = true;
}
];
ensureDatabases = [
dbuname
];
settings.port = dbport;
};
redis = {
servers."" = {
enable = true;
};
};
};
networking.firewall.allowedTCPPorts = [ http_port ];
}

18
flake.lock generated
View file

@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1756787288, "lastModified": 1758277210,
"narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "narHash": "sha256-iCGWf/LTy+aY0zFu8q12lK8KuZp7yvdhStehhyX1v8w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -18,11 +18,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1744868846, "lastModified": 1758262103,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", "narHash": "sha256-aBGl3XEOsjWw6W3AHiKibN7FeoG73dutQQEqnd/etR8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", "rev": "12bd230118a1901a4a5d393f9f56b6ad7e571d01",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -43,11 +43,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1754988908, "lastModified": 1758425756,
"narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "narHash": "sha256-L3N8zV6wsViXiD8i3WFyrvjDdz76g3tXKEdZ4FkgQ+Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -12,7 +12,7 @@
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
}; };
mcserver = import ./configs/containers/mc_container.nix; #mcserver = import ./configs/containers/mc_container.nix;
wireguard = import ./configs/containers/wg_container.nix; wireguard = import ./configs/containers/wg_container.nix;
@ -22,7 +22,7 @@
mastodon = import ./configs/containers/mastodon_container.nix; mastodon = import ./configs/containers/mastodon_container.nix;
paperless = import ./configs/containers/paperless_container.nix; #paperless = import ./configs/containers/paperless_container.nix;
vikunja = import ./configs/containers/vikunja_container.nix; vikunja = import ./configs/containers/vikunja_container.nix;
}; };

37
secrets/mastodon/secrets.yaml Normal file
View file

@ -0,0 +1,37 @@
smtp_pass: ENC[AES256_GCM,data:S1vB0GIb9c0Yov/wkGiqpt6goN/XmIWPFx0TYMvqhJUXtGgjKNtkmijYBsT0,iv:xnKh4edcHRDjxHRo84KxQKx6OrZlErla3yvLIZyqeUo=,tag:ftVNoc0qnRru+Z8TF3E0wQ==,type:str]
sops:
age:
- recipient: age19efecaur72d92g452zpe4uxjtwev2ktjtaezascxg9l2p8544s8s05d93r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bkMvTUZKbkpCeFg2Z3I4
L095TkFhVUNSWmNxWERicGdrZXF3dFFTcTFBCnhNTGxYSitrcGlYY2ZpTXNlQUhW
MmVocHFENmNGWXZ1QWxabG8xSTNWSmcKLS0tIFBkY1JXd3JuTVE4NEVFL2lLeUZT
YUdTMTk2V3QvN2NXWXlqbDh1SkNBZVUKI7aHgopbId8rjAKVXYstsXa36mLm1j4f
nknPOngq++hMoY/v3P2ipV+Ml0lgJt+Nk0BlA9RTBQ2FYg4cJhiOuA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-12T11:36:49Z"
mac: ENC[AES256_GCM,data:VWTDVy7Eoe71XNfKPcNUTZbfxH6BBkS+hHOCRImnZZnu8bEvdmrbvDFtKgvsmolijg870G4YVgdKiZc9REJAD2Egcq4rX6XXZi4F5AQISlU/vkQ5amUdvHAjbW9U+O67c1qxDsSOP489x3zDlR4LeoWALCXpnFNFCjBQwIIjKzM=,iv:uedmYsLS5TIMPprREzn5aRGXXJj8xKtr1mEocugiokA=,tag:jqXp8DCzqywu18gvfm5Qtw==,type:str]
pgp:
- created_at: "2025-09-12T10:53:07Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAzwtBoBqH5ZOAQ//ePQhgxIhAoV0FXav0+Z8i9I+hri/OAvN0Isrjohss1uj
TRruFq0fxVQuvlbA1qXixPL/7bxE5dV2YGQbw+SmzD+joAo0VMvKzQzxd2cM4XUy
+S4T97lH8MlziGOTTi82Uw31PCvMy7HfgTS5ftIVPbsJ7VegDcs2OtWyqXDmNR/q
96gSGGGb0sIirVrv1mtSlmd2vKqN7pO72DNUsnJ8wTQ3h4ntH4LB3i859q1mwLSz
OSc7BQYY2GmtdFfhHrLT0b8abF19lD/JZEGRLgfOngPlR3aDJgtoh06x3zBcQ0Hp
aqLWr1HttJNEAET80zO38cdHUPe11G+3Vw7+7EgbRjOMKKORVpby0GSjZLWJJI3M
fR3er4CgVXSeCKkNuIQx/prwEMm5iHouKMN0fruy5R4eg07mZhIuGg7RsZs1T4Sr
ekPXHtK6HCD2XmXHM2dteWbO+DMOMKsF/lihM/ct5KAGHd+cLyHk98n3extmworv
PVzOTLE5xzGmAK87OtGL7DOlpxOfhgHYf1x9idLJorJMbg5MyAK/b8fjYtibN+nJ
sSQruHhBoc0ekyeyqIWY5vgd+oRf5Rma3CcJSMTEk09SlVYSN9n7ys+lSaD4DL3z
rck2N2FG+/L5cv3FfON3yJ+c4NUydehUzihWVGTE5LLSrwCMi8Lhp87Kse3vFmTS
XAFkdKenVseFcCGk271PCSThphSKdZYGJIuoRuyrVSFbhL/L7dTAHXRu6VHuXBTP
TfeUEyRqY6zaCOAEbS4K5NhcGbhVdXATWOgTSdLYGYVXPCtTYKrwEQPtzxyN
=cTu+
-----END PGP MESSAGE-----
fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
unencrypted_suffix: _unencrypted
version: 3.10.2