darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request 'enable nextcloud appstore' (#33) from enable-nextcloud-appstore into main

Browse source 
Reviewed-on: #33
This commit is contained in:
Charlotte 🦝 Delenk 2023-04-23 17:42:22 +00:00
commit c80bdb1a39
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
4 changed files with 108 additions and 107 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/services/nextcloud.nix
View file

@ -4,6 +4,7 @@
... ...
}: { }: {
services.nextcloud = { services.nextcloud = {
appstoreEnable = true;
caching.redis = true; caching.redis = true;
config = { config = {
adminpassFile = config.sops.secrets."services/nextcloud/adminpass".path; adminpassFile = config.sops.secrets."services/nextcloud/adminpass".path;

2
flake.nix
View file

@ -69,7 +69,7 @@ rec {
inputs.attic.follows = "attic"; inputs.attic.follows = "attic";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
# inputs.hydra.follows = "hydra"; # inputs.hydra.follows = "hydra";
}; };
nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8"; nixos-config-for-netboot.url = "github:DarkKirb/nixos-config/c9c3d16b23042a25f504a6d71e7075318f1137f8";
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";

101
modules/gitea.nix
View file

@ -58,57 +58,58 @@ in {
lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET
internalToken = "${cfg.customDir}/conf/internal_token"; internalToken = "${cfg.customDir}/conf/internal_token";
replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
in lib.mkForce '' in
# copy custom configuration and generate random secrets if needed lib.mkForce ''
${optionalString (!cfg.useWizard) '' # copy custom configuration and generate random secrets if needed
function gitea_setup { ${optionalString (!cfg.useWizard) ''
cp -f '${configFile}' '${runConfig}' function gitea_setup {
if [ ! -s '${secretKey}' ]; then cp -f '${configFile}' '${runConfig}'
${exe} generate secret SECRET_KEY > '${secretKey}' if [ ! -s '${secretKey}' ]; then
fi ${exe} generate secret SECRET_KEY > '${secretKey}'
# Migrate LFS_JWT_SECRET filename fi
if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then # Migrate LFS_JWT_SECRET filename
mv '${oldLfsJwtSecret}' '${lfsJwtSecret}' if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then
fi mv '${oldLfsJwtSecret}' '${lfsJwtSecret}'
if [ ! -s '${oauth2JwtSecret}' ]; then fi
${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}' if [ ! -s '${oauth2JwtSecret}' ]; then
fi ${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}'
${lib.optionalString cfg.lfs.enable '' fi
if [ ! -s '${lfsJwtSecret}' ]; then ${lib.optionalString cfg.lfs.enable ''
${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}' if [ ! -s '${lfsJwtSecret}' ]; then
fi ${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}'
fi
''}
if [ ! -s '${internalToken}' ]; then
${exe} generate secret INTERNAL_TOKEN > '${internalToken}'
fi
chmod u+w '${runConfig}'
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}'
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}'
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}'
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}'
${lib.optionalString cfg.lfs.enable ''
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'
''}
${lib.optionalString (cfg.mailerPasswordFile != null) ''
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
''}
${lib.optionalString (cfg.storageSecretFile != null) ''
${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}'
''}
chmod u-w '${runConfig}'
}
(umask 027; gitea_setup)
''} ''}
if [ ! -s '${internalToken}' ]; then # run migrations/init the database
${exe} generate secret INTERNAL_TOKEN > '${internalToken}' ${exe} migrate
fi # update all hooks' binary paths
chmod u+w '${runConfig}' ${exe} admin regenerate hooks
${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}' # update command option in authorized_keys
${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}' if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}' then
${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}' ${exe} admin regenerate keys
${lib.optionalString cfg.lfs.enable '' fi
${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}' '';
''}
${lib.optionalString (cfg.mailerPasswordFile != null) ''
${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}'
''}
${lib.optionalString (cfg.storageSecretFile != null) ''
${replaceSecretBin} '#storageSecret#' '${cfg.storageSecretFile}' '${runConfig}'
''}
chmod u-w '${runConfig}'
}
(umask 027; gitea_setup)
''}
# run migrations/init the database
${exe} migrate
# update all hooks' binary paths
${exe} admin regenerate hooks
# update command option in authorized_keys
if [ -r ${cfg.stateDir}/.ssh/authorized_keys ]
then
${exe} admin regenerate keys
fi
'';
}; };
}; };
} }

111
overlays/default.nix
View file

@ -2,63 +2,62 @@ inputs: system: self: prev: let
inherit (inputs) nixpkgs nixpkgs-noto-variable nix-packages; inherit (inputs) nixpkgs nixpkgs-noto-variable nix-packages;
noto-variable = import nixpkgs-noto-variable {inherit system;}; noto-variable = import nixpkgs-noto-variable {inherit system;};
in in
with nixpkgs.legacyPackages.${system}; with nixpkgs.legacyPackages.${system}; {
{ mosh = prev.mosh.overrideAttrs (old: {
mosh = prev.mosh.overrideAttrs (old: { patches = [
patches = [ ./mosh/ssh_path.patch
./mosh/ssh_path.patch ./mosh/mosh-client_path.patch
./mosh/mosh-client_path.patch ./mosh/utempter_path.patch
./mosh/utempter_path.patch ./mosh/bash_completion_datadir.patch
./mosh/bash_completion_datadir.patch ];
]; postPatch = ''
postPatch = '' substituteInPlace scripts/mosh.pl \
substituteInPlace scripts/mosh.pl \ --subst-var-by ssh "${openssh}/bin/ssh" \
--subst-var-by ssh "${openssh}/bin/ssh" \ --subst-var-by mosh-client "$out/bin/mosh-client"
--subst-var-by mosh-client "$out/bin/mosh-client" '';
''; version = "2022-02-04";
version = "2022-02-04"; src = prev.fetchFromGitHub {
src = prev.fetchFromGitHub { owner = "mobile-shell";
owner = "mobile-shell"; repo = "mosh";
repo = "mosh"; rev = "dbe419d0e069df3fedc212d456449f64d0280c76";
rev = "dbe419d0e069df3fedc212d456449f64d0280c76"; sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1";
sha256 = "09mvk9zxclkf4wrkkfzg0p2hx1f74gpymr0a0l3pckmk6za2n3d1"; };
});
inherit (noto-variable) noto-fonts-cjk;
nix = prev.nix.overrideAttrs (old: {
postPatchPhase = ''
sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc
'';
checkPhase = "true";
installCheckPhase = "true";
});
rnix-lsp = with prev;
rustPlatform.buildRustPackage {
pname = "rnix-lsp";
version = "0.3.0-alejandra";
src = fetchFromGitHub {
owner = "nix-community";
repo = "rnix-lsp";
# https://github.com/nix-community/rnix-lsp/pull/89
rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7";
sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg=";
}; };
});
inherit (noto-variable) noto-fonts-cjk; cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s=";
nix = prev.nix.overrideAttrs (old: { cargoBuildFlags = ["--no-default-features" "--features" "alejandra"];
postPatchPhase = ''
sed 's/getBoolAttr."allowSubstitutes", true./true/' src/libstore/parsed-derivations.cc
'';
checkPhase = "true"; checkPhase = "true";
installCheckPhase = "true";
});
rnix-lsp = with prev;
rustPlatform.buildRustPackage {
pname = "rnix-lsp";
version = "0.3.0-alejandra";
src = fetchFromGitHub { meta = with lib; {
owner = "nix-community"; description = "A work-in-progress language server for Nix, with syntax checking and basic completion";
repo = "rnix-lsp"; license = licenses.mit;
# https://github.com/nix-community/rnix-lsp/pull/89 maintainers = with maintainers; [ma27];
rev = "9189b50b34285b2a9de36a439f6c990fd283c9c7";
sha256 = "sha256-ZnUtvwkcz7QlAiqQxhI4qVUhtVR+thLhG3wQlle7oZg=";
};
cargoSha256 = "sha256-VhE+DspQ0IZKf7rNkERA/gD7iMzjW4TnRSnYy1gdV0s=";
cargoBuildFlags = ["--no-default-features" "--features" "alejandra"];
checkPhase = "true";
meta = with lib; {
description = "A work-in-progress language server for Nix, with syntax checking and basic completion";
license = licenses.mit;
maintainers = with maintainers; [ma27];
};
}; };
hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: { };
doCheck = false; hydra-unsstable = nix-packages.packages.${system}.hydra.overrideAttrs (super: {
checkPhase = ""; doCheck = false;
installCheckPhase = ""; checkPhase = "";
}); installCheckPhase = "";
} });
}