🐛 few tweaks
- Rimgo is no longer running in a container - Forgejo: disabled registration - Readme, few changes about privacy respecting services added contact point
This commit is contained in:
parent
9216cbbf62
commit
30a1cb6481
|
@ -26,7 +26,7 @@
|
|||
|
||||
# privacy services
|
||||
|
||||
./services/privacy/libreddit.nix
|
||||
./services/privacy/redlib.nix
|
||||
./services/privacy/safetwitch.nix
|
||||
#./services/privacy/piped.nix
|
||||
./services/privacy/breezewiki.nix
|
||||
|
@ -41,7 +41,8 @@
|
|||
./services/privacy/librey.nix
|
||||
./services/privacy/dumb.nix
|
||||
./services/privacy/priviblur.nix
|
||||
#./services/privacy/biblioreads.nix
|
||||
|
||||
./services/privacy/biblioreads.nix
|
||||
#./services/privacy/proxitok.nix
|
||||
#./services/privacy/scribe.nix
|
||||
#./services/privacy/searxng.nix
|
||||
|
|
|
@ -6,9 +6,9 @@
|
|||
server = {
|
||||
DOMAIN = "git.4o1x5.dev";
|
||||
ROOT_URL = "https://git.${config.networking.domain}/";
|
||||
DISABLE_REGISTRATION = true;
|
||||
DISABLE_SSH = true;
|
||||
};
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
DEFAULT.APP_NAME = "2005's git server";
|
||||
actions.ENABLED = true;
|
||||
};
|
||||
|
@ -37,7 +37,7 @@
|
|||
services.gitea-actions-runner.instances = {
|
||||
root = {
|
||||
enable = true;
|
||||
url = "https://git.${config.networking.domain}";
|
||||
url = "http://127.0.0.1:3000";
|
||||
tokenFile = config.age.secrets.forgejo-runner.path;
|
||||
settings = {
|
||||
container = {
|
||||
|
@ -49,7 +49,7 @@
|
|||
labels = [
|
||||
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
];
|
||||
name = config.networking.domain;
|
||||
name = config.networking.hostname;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
# todo redlib instead of libreddit
|
||||
services.libreddit = {
|
||||
enable = true;
|
||||
address = "127.0.0.1";
|
||||
|
@ -10,6 +9,7 @@
|
|||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
|
||||
"libreddit.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -21,6 +21,20 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
"redlib.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:3672";
|
||||
extraConfig = ''
|
||||
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +1,28 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
rimgo = {
|
||||
image = "codeberg.org/rimgo/rimgo:latest";
|
||||
ports = [
|
||||
"4312:3000"
|
||||
];
|
||||
environment = {
|
||||
ADDRESS = "0.0.0.0";
|
||||
PORT = "3000";
|
||||
FIBER_PREFORK = "false";
|
||||
services.rimgo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
ADDRESS = "0.0.0.0";
|
||||
PORT = 4312;
|
||||
FIBER_PREFORK = "false";
|
||||
|
||||
# Link to a privacy policy (optional)
|
||||
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
||||
# Explain how this data is used/why it is collected (optional)
|
||||
PRIVACY_MESSAGE = "Read my privacy policy on my website";
|
||||
# Country where instance is located. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_COUNTRY = "HU";
|
||||
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_PROVIDER = "Telekom";
|
||||
# Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false)
|
||||
PRIVACY_CLOUDFLARE = "false";
|
||||
PRIVACY_NOT_COLLECTED = "false";
|
||||
# Link to a privacy policy (optional)
|
||||
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
||||
# Explain how this data is used/why it is collected (optional)
|
||||
PRIVACY_MESSAGE = "Read my privacy policy on my website";
|
||||
# Country where instance is located. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_COUNTRY = "HU";
|
||||
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_PROVIDER = "Telekom";
|
||||
PRIVACY_CLOUDFLARE = "false";
|
||||
PRIVACY_NOT_COLLECTED = "false";
|
||||
|
||||
# IP address
|
||||
PRIVACY_IP = "true";
|
||||
# Request URL
|
||||
PRIVACY_URL = "true";
|
||||
# Device Type (User agent)
|
||||
PRIVACY_DEVICE = "true";
|
||||
|
||||
PRIVACY_DIAGNOSTICS = "false";
|
||||
};
|
||||
PRIVACY_IP = "true";
|
||||
PRIVACY_URL = "true";
|
||||
PRIVACY_DEVICE = "true";
|
||||
PRIVACY_DIAGNOSTICS = "false";
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -43,7 +33,7 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:4312";
|
||||
proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}";
|
||||
extraConfig = ''
|
||||
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||
'';
|
||||
|
|
1
hosts/lime/services/penpot/docker-compose.yml
Normal file
1
hosts/lime/services/penpot/docker-compose.yml
Normal file
|
@ -0,0 +1 @@
|
|||
version: "3"
|
|
@ -20,6 +20,13 @@
|
|||
enable = true;
|
||||
};
|
||||
|
||||
services.i2pd.proto.socksProxy = {
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
};
|
||||
|
||||
|
||||
|
||||
# todo proxy
|
||||
# todo privacy respecting services
|
||||
# todo reseed export
|
||||
|
@ -28,7 +35,6 @@
|
|||
services.prometheus.exporters.i2pd = {
|
||||
enable = true;
|
||||
port = 3321;
|
||||
openFirewall = true;
|
||||
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
|
||||
routerPassword = "itoopie";
|
||||
};
|
||||
|
|
|
@ -29,11 +29,6 @@ in
|
|||
targets = [ "${lime}:9001" ];
|
||||
labels = { alias = "node.lime.local"; };
|
||||
}
|
||||
|
||||
{
|
||||
targets = [ "32.54.31.172:9001" ];
|
||||
labels = { alias = "node.strix.local"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
|
|
68
readme.md
68
readme.md
|
@ -2,6 +2,10 @@
|
|||
|
||||
Nix configs for all servers in my homelab. Including all services available for public and private use.
|
||||
|
||||
# Contact
|
||||
|
||||
https://matrix.to/#/#home:4o1x5.dev
|
||||
|
||||
## Setting up projects that don't have options in nixkpgs
|
||||
|
||||
Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy.
|
||||
|
@ -12,36 +16,34 @@ I will most likely deploy most of the services available in Libredirect. Since n
|
|||
Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong...
|
||||
Here is a list of services I plan on hosting and their statuses.
|
||||
|
||||
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
|
||||
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | ------------------------------------------------ |
|
||||
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
|
||||
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ (requires me to sign up for github (fuck no)) |
|
||||
| [libreddit](https://libreddit.4o1x5.dev) | ✅ | needs to be migrated to redlib | ❌ | ❌ | ❌ | ❌ (owner didn't respond) |
|
||||
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
|
||||
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
|
||||
| [quetre](https://quetre.4o1x5.dev) | ❓ | return 503 | ❌ | ❌ | ❌ | ❌ |
|
||||
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
|
||||
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose prioject & needs piped server | ❌ | ❌ | ❌ | ❌ |
|
||||
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
|
||||
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
|
||||
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
|
||||
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
|
||||
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
|
||||
I want to share my instances for public use, but most of these services code are hosted on github, meaning I would have to sign up and make a pull request there, which I will never do.
|
||||
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
|
||||
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | -------------------------- |
|
||||
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
|
||||
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [redlib](https://redlib.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
|
||||
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
|
||||
| [quetre](https://quetre.4o1x5.dev) | ❓ | returns 500 | ❌ | ❌ | ❌ | ❌ |
|
||||
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
|
||||
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose project & needs piped server | ❌ | ❌ | ❌ | ❌ |
|
||||
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
|
||||
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
|
||||
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
|
||||
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
|
||||
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||
|
|
4
root.nix
4
root.nix
|
@ -20,12 +20,8 @@
|
|||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Budapest";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "hu_HU.UTF-8";
|
||||
LC_IDENTIFICATION = "hu_HU.UTF-8";
|
||||
|
|
Reference in a new issue