🐛 few tweaks
- Rimgo is no longer running in a container - Forgejo: disabled registration - Readme, few changes about privacy respecting services added contact point
This commit is contained in:
parent
9216cbbf62
commit
30a1cb6481
|
@ -26,7 +26,7 @@
|
||||||
|
|
||||||
# privacy services
|
# privacy services
|
||||||
|
|
||||||
./services/privacy/libreddit.nix
|
./services/privacy/redlib.nix
|
||||||
./services/privacy/safetwitch.nix
|
./services/privacy/safetwitch.nix
|
||||||
#./services/privacy/piped.nix
|
#./services/privacy/piped.nix
|
||||||
./services/privacy/breezewiki.nix
|
./services/privacy/breezewiki.nix
|
||||||
|
@ -41,7 +41,8 @@
|
||||||
./services/privacy/librey.nix
|
./services/privacy/librey.nix
|
||||||
./services/privacy/dumb.nix
|
./services/privacy/dumb.nix
|
||||||
./services/privacy/priviblur.nix
|
./services/privacy/priviblur.nix
|
||||||
#./services/privacy/biblioreads.nix
|
|
||||||
|
./services/privacy/biblioreads.nix
|
||||||
#./services/privacy/proxitok.nix
|
#./services/privacy/proxitok.nix
|
||||||
#./services/privacy/scribe.nix
|
#./services/privacy/scribe.nix
|
||||||
#./services/privacy/searxng.nix
|
#./services/privacy/searxng.nix
|
||||||
|
|
|
@ -6,9 +6,9 @@
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "git.4o1x5.dev";
|
DOMAIN = "git.4o1x5.dev";
|
||||||
ROOT_URL = "https://git.${config.networking.domain}/";
|
ROOT_URL = "https://git.${config.networking.domain}/";
|
||||||
DISABLE_REGISTRATION = true;
|
|
||||||
DISABLE_SSH = true;
|
DISABLE_SSH = true;
|
||||||
};
|
};
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
DEFAULT.APP_NAME = "2005's git server";
|
DEFAULT.APP_NAME = "2005's git server";
|
||||||
actions.ENABLED = true;
|
actions.ENABLED = true;
|
||||||
};
|
};
|
||||||
|
@ -37,7 +37,7 @@
|
||||||
services.gitea-actions-runner.instances = {
|
services.gitea-actions-runner.instances = {
|
||||||
root = {
|
root = {
|
||||||
enable = true;
|
enable = true;
|
||||||
url = "https://git.${config.networking.domain}";
|
url = "http://127.0.0.1:3000";
|
||||||
tokenFile = config.age.secrets.forgejo-runner.path;
|
tokenFile = config.age.secrets.forgejo-runner.path;
|
||||||
settings = {
|
settings = {
|
||||||
container = {
|
container = {
|
||||||
|
@ -49,7 +49,7 @@
|
||||||
labels = [
|
labels = [
|
||||||
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||||
];
|
];
|
||||||
name = config.networking.domain;
|
name = config.networking.hostname;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ pkgs, config, ... }: {
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
# todo redlib instead of libreddit
|
|
||||||
services.libreddit = {
|
services.libreddit = {
|
||||||
enable = true;
|
enable = true;
|
||||||
address = "127.0.0.1";
|
address = "127.0.0.1";
|
||||||
|
@ -10,6 +9,7 @@
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
|
||||||
"libreddit.${config.networking.domain}" = {
|
"libreddit.${config.networking.domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -21,6 +21,20 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
"redlib.${config.networking.domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = " http://127.0.0.1:3672";
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
|
@ -1,38 +1,28 @@
|
||||||
{ pkgs, config, ... }: {
|
{ pkgs, config, ... }: {
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
|
|
||||||
rimgo = {
|
services.rimgo = {
|
||||||
image = "codeberg.org/rimgo/rimgo:latest";
|
enable = true;
|
||||||
ports = [
|
settings = {
|
||||||
"4312:3000"
|
ADDRESS = "0.0.0.0";
|
||||||
];
|
PORT = 4312;
|
||||||
environment = {
|
FIBER_PREFORK = "false";
|
||||||
ADDRESS = "0.0.0.0";
|
|
||||||
PORT = "3000";
|
|
||||||
FIBER_PREFORK = "false";
|
|
||||||
|
|
||||||
# Link to a privacy policy (optional)
|
# Link to a privacy policy (optional)
|
||||||
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
||||||
# Explain how this data is used/why it is collected (optional)
|
# Explain how this data is used/why it is collected (optional)
|
||||||
PRIVACY_MESSAGE = "Read my privacy policy on my website";
|
PRIVACY_MESSAGE = "Read my privacy policy on my website";
|
||||||
# Country where instance is located. Leave blank if running on Tor without clearnet.
|
# Country where instance is located. Leave blank if running on Tor without clearnet.
|
||||||
PRIVACY_COUNTRY = "HU";
|
PRIVACY_COUNTRY = "HU";
|
||||||
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
|
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
|
||||||
PRIVACY_PROVIDER = "Telekom";
|
PRIVACY_PROVIDER = "Telekom";
|
||||||
# Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false)
|
PRIVACY_CLOUDFLARE = "false";
|
||||||
PRIVACY_CLOUDFLARE = "false";
|
PRIVACY_NOT_COLLECTED = "false";
|
||||||
PRIVACY_NOT_COLLECTED = "false";
|
|
||||||
|
|
||||||
# IP address
|
PRIVACY_IP = "true";
|
||||||
PRIVACY_IP = "true";
|
PRIVACY_URL = "true";
|
||||||
# Request URL
|
PRIVACY_DEVICE = "true";
|
||||||
PRIVACY_URL = "true";
|
PRIVACY_DIAGNOSTICS = "false";
|
||||||
# Device Type (User agent)
|
|
||||||
PRIVACY_DEVICE = "true";
|
|
||||||
|
|
||||||
PRIVACY_DIAGNOSTICS = "false";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -43,7 +33,7 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = " http://127.0.0.1:4312";
|
proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
access_log /var/log/nginx/$server_name-access.log json_analytics;
|
||||||
'';
|
'';
|
||||||
|
|
1
hosts/lime/services/penpot/docker-compose.yml
Normal file
1
hosts/lime/services/penpot/docker-compose.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
version: "3"
|
|
@ -20,6 +20,13 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.i2pd.proto.socksProxy = {
|
||||||
|
enable = true;
|
||||||
|
address = "0.0.0.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# todo proxy
|
# todo proxy
|
||||||
# todo privacy respecting services
|
# todo privacy respecting services
|
||||||
# todo reseed export
|
# todo reseed export
|
||||||
|
@ -28,7 +35,6 @@
|
||||||
services.prometheus.exporters.i2pd = {
|
services.prometheus.exporters.i2pd = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 3321;
|
port = 3321;
|
||||||
openFirewall = true;
|
|
||||||
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
|
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
|
||||||
routerPassword = "itoopie";
|
routerPassword = "itoopie";
|
||||||
};
|
};
|
||||||
|
|
|
@ -29,11 +29,6 @@ in
|
||||||
targets = [ "${lime}:9001" ];
|
targets = [ "${lime}:9001" ];
|
||||||
labels = { alias = "node.lime.local"; };
|
labels = { alias = "node.lime.local"; };
|
||||||
}
|
}
|
||||||
|
|
||||||
{
|
|
||||||
targets = [ "32.54.31.172:9001" ];
|
|
||||||
labels = { alias = "node.strix.local"; };
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
68
readme.md
68
readme.md
|
@ -2,6 +2,10 @@
|
||||||
|
|
||||||
Nix configs for all servers in my homelab. Including all services available for public and private use.
|
Nix configs for all servers in my homelab. Including all services available for public and private use.
|
||||||
|
|
||||||
|
# Contact
|
||||||
|
|
||||||
|
https://matrix.to/#/#home:4o1x5.dev
|
||||||
|
|
||||||
## Setting up projects that don't have options in nixkpgs
|
## Setting up projects that don't have options in nixkpgs
|
||||||
|
|
||||||
Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy.
|
Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy.
|
||||||
|
@ -12,36 +16,34 @@ I will most likely deploy most of the services available in Libredirect. Since n
|
||||||
Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong...
|
Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong...
|
||||||
Here is a list of services I plan on hosting and their statuses.
|
Here is a list of services I plan on hosting and their statuses.
|
||||||
|
|
||||||
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
|
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
|
||||||
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | ------------------------------------------------ |
|
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | -------------------------- |
|
||||||
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
|
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||||
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||||
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ (requires me to sign up for github (fuck no)) |
|
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [libreddit](https://libreddit.4o1x5.dev) | ✅ | needs to be migrated to redlib | ❌ | ❌ | ❌ | ❌ (owner didn't respond) |
|
| [redlib](https://redlib.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||||
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
|
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
|
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [quetre](https://quetre.4o1x5.dev) | ❓ | return 503 | ❌ | ❌ | ❌ | ❌ |
|
| [quetre](https://quetre.4o1x5.dev) | ❓ | returns 500 | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||||
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
|
||||||
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
|
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose prioject & needs piped server | ❌ | ❌ | ❌ | ❌ |
|
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose project & needs piped server | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
|
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
|
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
|
||||||
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
|
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
|
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
|
||||||
|
|
||||||
I want to share my instances for public use, but most of these services code are hosted on github, meaning I would have to sign up and make a pull request there, which I will never do.
|
|
||||||
|
|
4
root.nix
4
root.nix
|
@ -20,12 +20,8 @@
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Budapest";
|
time.timeZone = "Europe/Budapest";
|
||||||
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
i18n.extraLocaleSettings = {
|
i18n.extraLocaleSettings = {
|
||||||
LC_ADDRESS = "hu_HU.UTF-8";
|
LC_ADDRESS = "hu_HU.UTF-8";
|
||||||
LC_IDENTIFICATION = "hu_HU.UTF-8";
|
LC_IDENTIFICATION = "hu_HU.UTF-8";
|
||||||
|
|
Reference in a new issue