4o1x5/infrastructure
4o1x5/infrastructure
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

🐛 few tweaks

Browse source 
- Rimgo is no longer running in a container
- Forgejo: disabled registration
- Readme, few changes about privacy respecting services
added contact point
This commit is contained in:
2005 2024-06-04 04:45:44 +02:00
parent 9216cbbf62
commit 30a1cb6481
9 changed files with 85 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/carbon/root.nix
View file

@ -26,7 +26,7 @@
# privacy services
./services/privacy/libreddit.nix
./services/privacy/redlib.nix
./services/privacy/safetwitch.nix
#./services/privacy/piped.nix
./services/privacy/breezewiki.nix
@ -41,7 +41,8 @@
./services/privacy/librey.nix
./services/privacy/dumb.nix
./services/privacy/priviblur.nix
#./services/privacy/biblioreads.nix
./services/privacy/biblioreads.nix
#./services/privacy/proxitok.nix
#./services/privacy/scribe.nix
#./services/privacy/searxng.nix

6
hosts/carbon/services/forgejo.nix
View file

@ -6,9 +6,9 @@
server = {
DOMAIN = "git.4o1x5.dev";
ROOT_URL = "https://git.${config.networking.domain}/";
DISABLE_REGISTRATION = true;
DISABLE_SSH = true;
};
service.DISABLE_REGISTRATION = true;
DEFAULT.APP_NAME = "2005's git server";
actions.ENABLED = true;
};
@ -37,7 +37,7 @@
services.gitea-actions-runner.instances = {
root = {
enable = true;
url = "https://git.${config.networking.domain}";
url = "http://127.0.0.1:3000";
tokenFile = config.age.secrets.forgejo-runner.path;
settings = {
container = {
@ -49,7 +49,7 @@
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
];
name = config.networking.domain;
name = config.networking.hostname;
};
};
}

16
hosts/carbon/services/privacy/libreddit.nix → hosts/carbon/services/privacy/redlib.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, ... }: {
# todo redlib instead of libreddit
services.libreddit = {
enable = true;
address = "127.0.0.1";
@ -10,6 +9,7 @@
services.nginx = {
virtualHosts = {
"libreddit.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
@ -21,6 +21,20 @@
'';
};
};
"redlib.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:3672";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
}

52
hosts/carbon/services/privacy/rimgo.nix
View file

@ -1,38 +1,28 @@
{ pkgs, config, ... }: {
virtualisation.oci-containers.containers = {
rimgo = {
image = "codeberg.org/rimgo/rimgo:latest";
ports = [
"4312:3000"
];
environment = {
ADDRESS = "0.0.0.0";
PORT = "3000";
FIBER_PREFORK = "false";
services.rimgo = {
enable = true;
settings = {
ADDRESS = "0.0.0.0";
PORT = 4312;
FIBER_PREFORK = "false";
# Link to a privacy policy (optional)
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
# Explain how this data is used/why it is collected (optional)
PRIVACY_MESSAGE = "Read my privacy policy on my website";
# Country where instance is located. Leave blank if running on Tor without clearnet.
PRIVACY_COUNTRY = "HU";
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
PRIVACY_PROVIDER = "Telekom";
# Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false)
PRIVACY_CLOUDFLARE = "false";
PRIVACY_NOT_COLLECTED = "false";
# Link to a privacy policy (optional)
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
# Explain how this data is used/why it is collected (optional)
PRIVACY_MESSAGE = "Read my privacy policy on my website";
# Country where instance is located. Leave blank if running on Tor without clearnet.
PRIVACY_COUNTRY = "HU";
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
PRIVACY_PROVIDER = "Telekom";
PRIVACY_CLOUDFLARE = "false";
PRIVACY_NOT_COLLECTED = "false";
# IP address
PRIVACY_IP = "true";
# Request URL
PRIVACY_URL = "true";
# Device Type (User agent)
PRIVACY_DEVICE = "true";
PRIVACY_DIAGNOSTICS = "false";
};
PRIVACY_IP = "true";
PRIVACY_URL = "true";
PRIVACY_DEVICE = "true";
PRIVACY_DIAGNOSTICS = "false";
};
};
@ -43,7 +33,7 @@
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:4312";
proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';

1
hosts/lime/services/penpot/docker-compose.yml Normal file
View file

@ -0,0 +1 @@
version: "3"

8
hosts/pink/services/i2pd.nix
View file

@ -20,6 +20,13 @@
enable = true;
};
services.i2pd.proto.socksProxy = {
enable = true;
address = "0.0.0.0";
};
# todo proxy
# todo privacy respecting services
# todo reseed export
@ -28,7 +35,6 @@
services.prometheus.exporters.i2pd = {
enable = true;
port = 3321;
openFirewall = true;
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
routerPassword = "itoopie";
};

5
hosts/pink/services/monitoring/prometheus.nix
View file

@ -29,11 +29,6 @@ in
targets = [ "${lime}:9001" ];
labels = { alias = "node.lime.local"; };
}
{
targets = [ "32.54.31.172:9001" ];
labels = { alias = "node.strix.local"; };
}
];
}
{

68
readme.md
View file

@ -2,6 +2,10 @@
Nix configs for all servers in my homelab. Including all services available for public and private use.
# Contact
https://matrix.to/#/#home:4o1x5.dev
## Setting up projects that don't have options in nixkpgs
Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy.
@ -12,36 +16,34 @@ I will most likely deploy most of the services available in Libredirect. Since n
Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong...
Here is a list of services I plan on hosting and their statuses.
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | ------------------------------------------------ |
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ (requires me to sign up for github (fuck no)) |
| [libreddit](https://libreddit.4o1x5.dev) | ✅ | needs to be migrated to redlib | ❌ | ❌ | ❌ | ❌ (owner didn't respond) |
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
| [quetre](https://quetre.4o1x5.dev) | ❓ | return 503 | ❌ | ❌ | ❌ | ❌ |
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose prioject & needs piped server | ❌ | ❌ | ❌ | ❌ |
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
I want to share my instances for public use, but most of these services code are hosted on github, meaning I would have to sign up and make a pull request there, which I will never do.
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | -------------------------- |
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [redlib](https://redlib.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
| [quetre](https://quetre.4o1x5.dev) | ❓ | returns 500 | ❌ | ❌ | ❌ | ❌ |
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose project & needs piped server | ❌ | ❌ | ❌ | ❌ |
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |

4
root.nix
View file

@ -20,12 +20,8 @@
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Budapest";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "hu_HU.UTF-8";
LC_IDENTIFICATION = "hu_HU.UTF-8";