Updated systems

Added senfnvp Stack (development)
2025-12-05 18:28:53 +00:00 · 2025-05-07 00:50:00 +02:00 · 2025-05-07 00:34:49 +02:00
5 changed files with 233 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -127,11 +127,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745256380,
+        "lastModified": 1746413188,
-        "narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
+        "narHash": "sha256-i6BoiQP0PasExESQHszC0reQHfO6D4aI2GzOwZMOI20=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
+        "rev": "8a318641ac13d3bc0a53651feaee9560f9b2d89a",
        "type": "github"
      },
      "original": {
@ -182,11 +182,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1745114634,
+        "lastModified": 1746324578,
-        "narHash": "sha256-gB63YTgfrX2zH2zFIruRrOrLltjSBoYm2L56yaGo5XM=",
+        "narHash": "sha256-VUSIQ2W1Q3YgGvX3M4jPwIi3iIApdPHabhdrVjVgnwE=",
        "owner": "Infinidoge",
        "repo": "nix-minecraft",
-        "rev": "92120cad3f2b7c1c326b6ca0b9beda171d6ee6a3",
+        "rev": "9e7fd83ba3b25b6f03561a5b7f8ea74b70296816",
        "type": "github"
      },
      "original": {
@ -233,11 +233,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1744633460,
+        "lastModified": 1746468201,
-        "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=",
+        "narHash": "sha256-hSOSlrvMJwGr8hX/gc0mnhUf5UIClMDUAadfXlSXzfc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9a049b4a421076d27fee3eec664a18b2066824cb",
+        "rev": "6aabf68429c0a414221d1790945babfb6a0bd068",
        "type": "github"
      },
      "original": {
@ -265,11 +265,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1744932701,
+        "lastModified": 1746461020,
-        "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
+        "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
+        "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
        "type": "github"
      },
      "original": {
@ -320,11 +320,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1744669848,
+        "lastModified": 1746485181,
-        "narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
+        "narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "61154300d945f0b147b30d24ddcafa159148026a",
+        "rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
        "type": "github"
      },
      "original": {
--- a/modules/nixos/suites/senfnvp/README.md
+++ b/modules/nixos/suites/senfnvp/README.md
@ -0,0 +1,39 @@
 # Senfnvp Stack
 The Senfnvp Stack contains Web Infra-structure.
 ## Notes
 ``` nix
 senfnvp = {
  enable = true;
  hostname = "senfnvp.kb-one.de";
  # Defaults
  proxy.enable = true;
  website.enable = true;
  forgejo.enable = true;
  forgejo.initializeDatabase = false; # Only use once!
  forgejo.enableFail2Ban = true;
  keycloak.enable = true;
  keycloak.initializeDatabase = false; # Only use once!
  docker-compose.enable = true; # Configuration for Docker-Compose support for Mailcow
 };
 ```
 ### The Database
 The Database Server is enabled when when you enable the Stack itself. 
 When you Activate a Service you might want to Edit the File at `./database/init-servicename.template.sql`. If you have a Database-Dump, place it there with the Naming-Sheme `./database/init-servicename.sql`. When creating a new Setup you can just run `cp init-servicename.template.sql init-servicename.sql` to use the template. The template only creates the Database, User and Password and lets it to the Service create its Tables.
 Basically the order is like this:
 - Create Secrets `sops ./secrets.yaml`
 - Apply Template `cp ./database/init-forgejo.template.sql ./database/init-forgejo.sql`
 - Initialize ´forgejo.enable = true; forgejo.initializeDatabase = true;`
 - Apply config `nixos-rebuild switch --flake .`
 - Wait for Initialisation
 - Wait! Dumps will take time!
 - Enable Production `forgejo.enable = true; forgejo.initializeDatabase = false;`
 - Apply config `nixos-rebuild switch --flake .`
 - 
--- a/modules/nixos/suites/senfnvp/default.nix
+++ b/modules/nixos/suites/senfnvp/default.nix
@ -0,0 +1,84 @@
 {
  inputs,
  config,
  lib,
  pkgs,
  system,
  ...
 }:
 let
  cfg = config.suites.senfnvp;
 in
 {
  imports = [
    ./website.nix
    ./forgejo.nix
  ];
  options.suites.senfnvp.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = false;
    description = "Enables the senfnvp Stack";
  };
  options.suites.senfnvp.hostname = lib.mkOption {
    type = with lib.types; string;
    default = "kb-one.de";
    description = "Hostname of senfnvp Stack";
  };
  options.suites.senfnvp.database.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable senfnvp Database";
  };
  options.suites.senfnvp.proxy.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable senfnvp Proxy";
  };
  config = lib.mkIf (cfg.enable) {
    containers.proxy = lib.mkIf (cfg.enable && cfg.proxy.enable) {
      autoStart = true;
      config = { config, pkgs, lib, ... }: {
        services.traefik = {
          enable = true;
          staticConfigOptions = {
            entryPoints = {
              web = {
                address = ":80";
                asDefault = true;
                http.redirections.entrypoint = {
                  to = "websecure";
                  scheme = "https";
                };
              };
              websecure = {
                address = ":443";
                asDefault = true;
                http.tls.certResolver = "letsencrypt";
              };
              git-ssh.address = ":9522";
            };
            certificatesResolvers.letsencrypt.acme = {
              tlsChallenge = {};
              storage = "/var/secrets/traefik/acme.json";
            };
          };
        };
        networking.firewall.allowedTCPPorts = [ 80 443 9522];
      };
    };
    # Core Container
    # A Guide to Nix Containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
    containers.core = {
      autoStart = true;
      privateNetwork = true;
      config = { config, pkgs, lib, ... }: {
      };
    };
  };
 }
--- a/modules/nixos/suites/senfnvp/forgejo.nix
+++ b/modules/nixos/suites/senfnvp/forgejo.nix
@ -0,0 +1,54 @@
 {
  inputs,
  config,
  lib,
  pkgs,
  system,
  ...
 }:
 let
  cfg = config.suites.senfnvp;
 in
 {
  options.suites.senfnvp.forgejo.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable Forgejo";
  };
  options.suites.senfnvp.forgejo.sshPort = lib.mkOption {
    type = with lib.types; port;
    default = 9522;
    description = "Forgejo SSH Port";
  };
  options.suites.senfnvp.forgejo.httpPort = lib.mkOption {
    type = with lib.types; port;
    default = 3000;
    description = "Forgejo http Port";
  };
  config = lib.mkIf (cfg.enable && cfg.forgejo.enable) {
    containers.forgejo = {
      autoStart = true;
      config = {
        services.forgejo = {
          enable = !cfg.forgejo.initializeDatabase;
          settings.server = {
            ROOT_URL = "git.${cfg.hostname}";
            SSH_PORT = cfg.forgejo.sshPort;
            HTTP_PORT = cfg.forgejo.httpPort;
          };
          database = {
            type = "postgres";
            #host = "127.0.0.1"; # default Value
            port = cfg.database.port;
            #name = "forgejo"; # default Value
            #user = "forgejo"; # default Value
            passwordFile = "";
          };
        };
      };
    };
  };
 }
--- a/modules/nixos/suites/senfnvp/website.nix
+++ b/modules/nixos/suites/senfnvp/website.nix
@ -0,0 +1,41 @@
 {
  inputs,
  config,
  lib,
  pkgs,
  system,
  ...
 }:
 let
  cfg = config.suites.senfnvp;
 in
 {
  options.suites.senfnvp.website.enable = lib.mkOption {
    type = with lib.types; uniq bool;
    default = true;
    description = "Enable senfnvp Website (kb-one.de)";
  };
  options.suites.senfnvp.website.httpPort = lib.mkOption {
    type = with lib.types; port;
    default = 8080;
    description = "Website HTTP Port";
  };
  config = lib.mkIf (cfg.enable && cfg.website.enable) {
    containers.website = {
      autoStart = true;
      config = {
        services.nginx.enable = true;
        services.nginx.virtualHosts."${cfg.hostname}" = {
          root = "/var/www/${cfg.hostname}";
          listen = [{
            addr = "127.0.0.1";
            port = cfg.website.httpPort;
          }];
        };
      };
    };
  };
 }
Author	SHA1	Message	Date
kB01	183f721612	Updated systems Some checks failed / Check Nix Flake (push) Has been cancelled Details	2025-05-07 00:50:00 +02:00
kB01	4c88455552	Added senfnvp Stack (development)	2025-05-07 00:34:49 +02:00