diff --git a/flake.nix b/flake.nix index 7de194d2..f3e61abc 100644 --- a/flake.nix +++ b/flake.nix @@ -131,7 +131,7 @@ skinnyv = mkWorkstation nixpkgs-stable "x86_64-linux" "skinnyv"; thinky = mkWorkstation nixpkgs-stable "x86_64-linux" "thinky"; bolty = mkServer nixpkgs-stable "x86_64-linux" "bolty"; - vpsfree1 = mkServer nixpkgs-stable "x86_64-linux" "vpsfree1"; + vpsfree1 = mkServer nixpkgs-nixos-unstable "x86_64-linux" "vpsfree1"; mb1 = mkServer nixpkgs-stable "x86_64-linux" "mb1"; yoga = mkKiosk nixpkgs-stable "x86_64-linux" "yoga"; homescreen = mkRaspi nixpkgs-stable "homescreen"; diff --git a/nixos/boxes/vpsfree1/default.nix b/nixos/boxes/vpsfree1/default.nix index 05e1c966..9bf35aa4 100644 --- a/nixos/boxes/vpsfree1/default.nix +++ b/nixos/boxes/vpsfree1/default.nix @@ -8,7 +8,6 @@ ./backups.nix ./blog.cyplo.net.nix ./cryptpad.nix - ./fossil.nix ./foundryvtt.nix ./gitea.nix ./mastodon.nix @@ -17,7 +16,6 @@ ./search.nix ./ssh.nix ./syncthing-relay.nix - ./woodpecker.nix ]; systemd.extraConfig = '' diff --git a/nixos/boxes/vpsfree1/fossil.nix b/nixos/boxes/vpsfree1/fossil.nix index 4dfaa8e8..05fc4edc 100644 --- a/nixos/boxes/vpsfree1/fossil.nix +++ b/nixos/boxes/vpsfree1/fossil.nix @@ -1,85 +1,71 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let +{ config, pkgs, inputs, lib, ... }: +let port = 8081; domain = "fossil.cyplo.dev"; baseurl = "https://${domain}"; path = "/var/lib/fossil"; in { - imports = [../nginx.nix]; + imports = [ ../nginx.nix ]; services.nginx = { virtualHosts = { "${domain}" = { forceSSL = true; enableACME = true; - locations."/" = {proxyPass = "http://localhost:" + toString port;}; + locations."/" = { proxyPass = "http://localhost:" + toString port; }; }; }; }; containers.fossil = { autoStart = true; - forwardPorts = [ - { - containerPort = port; - hostPort = port; - } - ]; + forwardPorts = [{ + containerPort = port; + hostPort = port; + }]; bindMounts = { "${path}" = { hostPath = "${path}"; isReadOnly = false; }; }; - config = { - config, - pkgs, - ... - }: let - user = "fossil"; - group = "fossil"; - in { - system.stateVersion = "22.05"; - environment.systemPackages = [pkgs.fossil]; - users.groups = {"${group}" = {};}; - users.users = { - fossil = { - inherit group; - description = "Fossil Service"; - home = path; - useDefaultShell = true; - isSystemUser = true; + config = { config, pkgs, ... }: + let + user = "fossil"; + group = "fossil"; + in { + system.stateVersion = "22.11"; + environment.systemPackages = [ pkgs.fossil ]; + users.groups = { "${group}" = { }; }; + users.users = { + fossil = { + inherit group; + description = "Fossil Service"; + home = path; + useDefaultShell = true; + isSystemUser = true; + }; + }; + + systemd.tmpfiles.rules = [ "d '${path}' 0770 ${user} ${group} - -" ]; + systemd.services.fossil = { + description = "fossil server"; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.fossil pkgs.git ]; + + serviceConfig = { + User = user; + Group = group; + WorkingDirectory = path; + ReadWritePaths = [ path ]; + ExecStart = "${pkgs.fossil}/bin/fossil server" + " --localhost" + + " --https" + " --port ${toString port}" + + " --baseurl ${baseurl}" + " --repolist ${path}"; + Restart = "always"; + RestartSec = 3; + }; }; }; - - systemd.tmpfiles.rules = ["d '${path}' 0770 ${user} ${group} - -"]; - systemd.services.fossil = { - description = "fossil server"; - after = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - path = [pkgs.fossil pkgs.git]; - - serviceConfig = { - User = user; - Group = group; - WorkingDirectory = path; - ReadWritePaths = [path]; - ExecStart = - "${pkgs.fossil}/bin/fossil server" - + " --localhost" - + " --https" - + " --port ${toString port}" - + " --baseurl ${baseurl}" - + " --repolist ${path}"; - Restart = "always"; - RestartSec = 3; - }; - }; - }; }; } diff --git a/nixos/boxes/vpsfree1/mastodon.nix b/nixos/boxes/vpsfree1/mastodon.nix index c618f242..d30d3976 100644 --- a/nixos/boxes/vpsfree1/mastodon.nix +++ b/nixos/boxes/vpsfree1/mastodon.nix @@ -1,9 +1,11 @@ { config, pkgs, inputs, lib, ... }: let + unstablePkgs = inputs.nixpkgs-nixos-unstable.legacyPackages.${pkgs.system}; + package = unstablePkgs.mastodon; domain = "peninsula.industries"; streamingPort = 55000; webPort = 55001; - postgresPort = 5433; + postgresPort = 5432; path = "/var/lib/mastodon/"; mailgunSmtpSecretName = "mastodon-mailgun-smtp-password"; mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}"; @@ -30,9 +32,9 @@ let group = systemGroupName; }; publicPath = "${path}/public-system/"; - package = inputs.nixpkgs-stable.legacyPackages."${pkgs.system}".mastodon; in { imports = [ ../nginx.nix ]; + system.stateVersion = "22.11"; services.nginx = { virtualHosts = { @@ -109,18 +111,32 @@ in { }; }; config = { config, pkgs, lib, ... }: { - system.stateVersion = "22.05"; + system.stateVersion = "22.11"; services.postgresql.port = postgresPort; users = users // { mutableUsers = false; allowNoPasswordLogin = true; }; + systemd.services.mastodon-media-auto-remove = { + description = "Mastodon media auto remove"; + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = "/var/lib/mastodon/.secrets_env"; + }; + script = '' + /run/current-system/sw/bin/mastodon-tootctl media remove --days=8 --prune-profiles --include-follows -c1 + /run/current-system/sw/bin/mastodon-tootctl media remove --days=8 --remove-headers --include-follows -c1 + /run/current-system/sw/bin/mastodon-tootctl preview_cards remove --days=8 + ''; + startAt = "daily"; + }; services.mastodon = { enable = true; inherit package; localDomain = "${domain}"; user = systemUserName; group = systemGroupName; + mediaAutoRemove.enable = false; smtp = { host = "smtp.eu.mailgun.org"; port = 465; @@ -130,7 +146,7 @@ in { createLocally = false; passwordFile = "${mailgunSmtpPasswordPath}"; }; - sidekiqThreads = 32; + sidekiqThreads = 8; extraConfig = { SMTP_TLS = "true"; SMTP_ENABLE_STARTTLS_AUTO = "true"; diff --git a/nixos/boxes/vpsfree1/rss.nix b/nixos/boxes/vpsfree1/rss.nix index 082c0a38..0e4348ad 100644 --- a/nixos/boxes/vpsfree1/rss.nix +++ b/nixos/boxes/vpsfree1/rss.nix @@ -1,74 +1,65 @@ -{ - config, - pkgs, - inputs, - lib, - ... -}: let +{ config, pkgs, inputs, lib, ... }: +let port = 8080; domain = "news.cyplo.dev"; + postgresPort = 5435; in { - imports = [../nginx.nix]; + imports = [ ../nginx.nix ]; services.nginx = { virtualHosts = { "${domain}" = { forceSSL = true; enableACME = true; - locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;}; + locations."/" = { proxyPass = "http://127.0.0.1:" + toString port; }; }; }; }; containers.rss = { autoStart = true; - forwardPorts = [ - { - containerPort = port; - hostPort = port; - } - ]; - config = { - config, - pkgs, - ... - }: let - inherit (config.services.tt-rss) pool; - inherit (config.services.tt-rss) root; - in { - system.stateVersion = "22.05"; - services.tt-rss = { - enable = true; - selfUrlPath = "https://${domain}"; - virtualHost = null; - registration.enable = false; - simpleUpdateMode = true; - }; - services.nginx = { - enable = true; - virtualHosts = { - "${domain}" = { - listen = [ - { + forwardPorts = [{ + containerPort = port; + hostPort = port; + }]; + config = { config, pkgs, ... }: + let + inherit (config.services.tt-rss) pool; + inherit (config.services.tt-rss) root; + in { + system.stateVersion = "22.11"; + services.postgresql.port = postgresPort; + services.tt-rss = { + enable = true; + selfUrlPath = "https://${domain}"; + virtualHost = null; + registration.enable = false; + simpleUpdateMode = true; + database.port = postgresPort; + }; + services.nginx = { + enable = true; + virtualHosts = { + "${domain}" = { + listen = [{ inherit port; addr = "0.0.0.0"; - } - ]; - root = "${root}/www"; - locations."/" = {index = "index.php";}; - locations."^~ /feed-icons" = {root = "${root}";}; - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass unix:${ - config.services.phpfpm.pools.${pool}.socket - }; - fastcgi_index index.php; - ''; + }]; + root = "${root}/www"; + locations."/" = { index = "index.php"; }; + locations."^~ /feed-icons" = { root = "${root}"; }; + locations."~ \\.php$" = { + extraConfig = '' + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:${ + config.services.phpfpm.pools.${pool}.socket + }; + fastcgi_index index.php; + ''; + }; }; }; }; }; - }; }; }