From 30a1cb64812250e39cdde0fc992e7178afab2712 Mon Sep 17 00:00:00 2001 From: 4o1x5 <4o1x5@4o1x5.dev> Date: Tue, 4 Jun 2024 04:45:44 +0200 Subject: [PATCH] =?UTF-8?q?=20=F0=9F=90=9B=20few=20tweaks=20-=20Rimgo=20is?= =?UTF-8?q?=20no=20longer=20running=20in=20a=20container=20-=20Forgejo:=20?= =?UTF-8?q?disabled=20registration=20-=20Readme,=20few=20changes=20about?= =?UTF-8?q?=20privacy=20respecting=20services=20added=20contact=20point?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/carbon/root.nix | 5 +- hosts/carbon/services/forgejo.nix | 6 +- .../privacy/{libreddit.nix => redlib.nix} | 16 ++++- hosts/carbon/services/privacy/rimgo.nix | 52 ++++++-------- hosts/lime/services/penpot/docker-compose.yml | 1 + hosts/pink/services/i2pd.nix | 8 ++- hosts/pink/services/monitoring/prometheus.nix | 5 -- readme.md | 68 ++++++++++--------- root.nix | 4 -- 9 files changed, 85 insertions(+), 80 deletions(-) rename hosts/carbon/services/privacy/{libreddit.nix => redlib.nix} (62%) create mode 100644 hosts/lime/services/penpot/docker-compose.yml diff --git a/hosts/carbon/root.nix b/hosts/carbon/root.nix index 94e2ff6..47c9def 100644 --- a/hosts/carbon/root.nix +++ b/hosts/carbon/root.nix @@ -26,7 +26,7 @@ # privacy services - ./services/privacy/libreddit.nix + ./services/privacy/redlib.nix ./services/privacy/safetwitch.nix #./services/privacy/piped.nix ./services/privacy/breezewiki.nix @@ -41,7 +41,8 @@ ./services/privacy/librey.nix ./services/privacy/dumb.nix ./services/privacy/priviblur.nix - #./services/privacy/biblioreads.nix + + ./services/privacy/biblioreads.nix #./services/privacy/proxitok.nix #./services/privacy/scribe.nix #./services/privacy/searxng.nix diff --git a/hosts/carbon/services/forgejo.nix b/hosts/carbon/services/forgejo.nix index 797accd..a73dd34 100644 --- a/hosts/carbon/services/forgejo.nix +++ b/hosts/carbon/services/forgejo.nix @@ -6,9 +6,9 @@ server = { DOMAIN = "git.4o1x5.dev"; ROOT_URL = "https://git.${config.networking.domain}/"; - DISABLE_REGISTRATION = true; DISABLE_SSH = true; }; + service.DISABLE_REGISTRATION = true; DEFAULT.APP_NAME = "2005's git server"; actions.ENABLED = true; }; @@ -37,7 +37,7 @@ services.gitea-actions-runner.instances = { root = { enable = true; - url = "https://git.${config.networking.domain}"; + url = "http://127.0.0.1:3000"; tokenFile = config.age.secrets.forgejo-runner.path; settings = { container = { @@ -49,7 +49,7 @@ labels = [ "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" ]; - name = config.networking.domain; + name = config.networking.hostname; }; }; } diff --git a/hosts/carbon/services/privacy/libreddit.nix b/hosts/carbon/services/privacy/redlib.nix similarity index 62% rename from hosts/carbon/services/privacy/libreddit.nix rename to hosts/carbon/services/privacy/redlib.nix index d4cb970..1533211 100644 --- a/hosts/carbon/services/privacy/libreddit.nix +++ b/hosts/carbon/services/privacy/redlib.nix @@ -1,6 +1,5 @@ { pkgs, config, ... }: { - # todo redlib instead of libreddit services.libreddit = { enable = true; address = "127.0.0.1"; @@ -10,6 +9,7 @@ services.nginx = { virtualHosts = { + "libreddit.${config.networking.domain}" = { forceSSL = true; enableACME = true; @@ -21,6 +21,20 @@ ''; }; }; + "redlib.${config.networking.domain}" = { + forceSSL = true; + enableACME = true; + + locations."/" = { + proxyPass = " http://127.0.0.1:3672"; + extraConfig = '' + access_log /var/log/nginx/$server_name-access.log json_analytics; + ''; + }; + }; + + + }; }; } diff --git a/hosts/carbon/services/privacy/rimgo.nix b/hosts/carbon/services/privacy/rimgo.nix index 7279ce4..0f9f135 100644 --- a/hosts/carbon/services/privacy/rimgo.nix +++ b/hosts/carbon/services/privacy/rimgo.nix @@ -1,38 +1,28 @@ { pkgs, config, ... }: { - virtualisation.oci-containers.containers = { - rimgo = { - image = "codeberg.org/rimgo/rimgo:latest"; - ports = [ - "4312:3000" - ]; - environment = { - ADDRESS = "0.0.0.0"; - PORT = "3000"; - FIBER_PREFORK = "false"; + services.rimgo = { + enable = true; + settings = { + ADDRESS = "0.0.0.0"; + PORT = 4312; + FIBER_PREFORK = "false"; - # Link to a privacy policy (optional) - PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy"; - # Explain how this data is used/why it is collected (optional) - PRIVACY_MESSAGE = "Read my privacy policy on my website"; - # Country where instance is located. Leave blank if running on Tor without clearnet. - PRIVACY_COUNTRY = "HU"; - # Hosting provider or ISP name. Leave blank if running on Tor without clearnet. - PRIVACY_PROVIDER = "Telekom"; - # Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false) - PRIVACY_CLOUDFLARE = "false"; - PRIVACY_NOT_COLLECTED = "false"; + # Link to a privacy policy (optional) + PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy"; + # Explain how this data is used/why it is collected (optional) + PRIVACY_MESSAGE = "Read my privacy policy on my website"; + # Country where instance is located. Leave blank if running on Tor without clearnet. + PRIVACY_COUNTRY = "HU"; + # Hosting provider or ISP name. Leave blank if running on Tor without clearnet. + PRIVACY_PROVIDER = "Telekom"; + PRIVACY_CLOUDFLARE = "false"; + PRIVACY_NOT_COLLECTED = "false"; - # IP address - PRIVACY_IP = "true"; - # Request URL - PRIVACY_URL = "true"; - # Device Type (User agent) - PRIVACY_DEVICE = "true"; - - PRIVACY_DIAGNOSTICS = "false"; - }; + PRIVACY_IP = "true"; + PRIVACY_URL = "true"; + PRIVACY_DEVICE = "true"; + PRIVACY_DIAGNOSTICS = "false"; }; }; @@ -43,7 +33,7 @@ forceSSL = true; enableACME = true; locations."/" = { - proxyPass = " http://127.0.0.1:4312"; + proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}"; extraConfig = '' access_log /var/log/nginx/$server_name-access.log json_analytics; ''; diff --git a/hosts/lime/services/penpot/docker-compose.yml b/hosts/lime/services/penpot/docker-compose.yml new file mode 100644 index 0000000..5db6fe9 --- /dev/null +++ b/hosts/lime/services/penpot/docker-compose.yml @@ -0,0 +1 @@ +version: "3" diff --git a/hosts/pink/services/i2pd.nix b/hosts/pink/services/i2pd.nix index 9683331..87478c4 100644 --- a/hosts/pink/services/i2pd.nix +++ b/hosts/pink/services/i2pd.nix @@ -20,6 +20,13 @@ enable = true; }; + services.i2pd.proto.socksProxy = { + enable = true; + address = "0.0.0.0"; + }; + + + # todo proxy # todo privacy respecting services # todo reseed export @@ -28,7 +35,6 @@ services.prometheus.exporters.i2pd = { enable = true; port = 3321; - openFirewall = true; routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}"; routerPassword = "itoopie"; }; diff --git a/hosts/pink/services/monitoring/prometheus.nix b/hosts/pink/services/monitoring/prometheus.nix index 1ed5256..af770df 100644 --- a/hosts/pink/services/monitoring/prometheus.nix +++ b/hosts/pink/services/monitoring/prometheus.nix @@ -29,11 +29,6 @@ in targets = [ "${lime}:9001" ]; labels = { alias = "node.lime.local"; }; } - - { - targets = [ "32.54.31.172:9001" ]; - labels = { alias = "node.strix.local"; }; - } ]; } { diff --git a/readme.md b/readme.md index 0a355f8..e0da85c 100644 --- a/readme.md +++ b/readme.md @@ -2,6 +2,10 @@ Nix configs for all servers in my homelab. Including all services available for public and private use. +# Contact + +https://matrix.to/#/#home:4o1x5.dev + ## Setting up projects that don't have options in nixkpgs Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy. @@ -12,36 +16,34 @@ I will most likely deploy most of the services available in Libredirect. Since n Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong... Here is a list of services I plan on hosting and their statuses. -| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list | -| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | ------------------------------------------------ | -| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ | -| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | -| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ (requires me to sign up for github (fuck no)) | -| [libreddit](https://libreddit.4o1x5.dev) | ✅ | needs to be migrated to redlib | ❌ | ❌ | ❌ | ❌ (owner didn't respond) | -| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ | -| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ | -| [quetre](https://quetre.4o1x5.dev) | ❓ | return 503 | ❌ | ❌ | ❌ | ❌ | -| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | -| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ | -| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose prioject & needs piped server | ❌ | ❌ | ❌ | ❌ | -| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ | -| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ | -| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ | -| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ | -| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | -| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | -| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | -| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | -| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | -| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | -| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | -| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | -| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | -| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | - -I want to share my instances for public use, but most of these services code are hosted on github, meaning I would have to sign up and make a pull request there, which I will never do. +| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list | +| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | -------------------------- | +| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ | +| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | +| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | +| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | +| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | +| [redlib](https://redlib.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | +| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | +| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | +| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ | +| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ | +| [quetre](https://quetre.4o1x5.dev) | ❓ | returns 500 | ❌ | ❌ | ❌ | ❌ | +| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | +| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | +| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ | +| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose project & needs piped server | ❌ | ❌ | ❌ | ❌ | +| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ | +| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ | +| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ | +| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ | +| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | +| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | +| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | +| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | +| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | +| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | +| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | +| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | +| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | +| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | diff --git a/root.nix b/root.nix index 052a14c..3a7c0f5 100644 --- a/root.nix +++ b/root.nix @@ -20,12 +20,8 @@ networking.networkmanager.enable = true; - # Set your time zone. time.timeZone = "Europe/Budapest"; - - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "hu_HU.UTF-8"; LC_IDENTIFICATION = "hu_HU.UTF-8";