4o1x5/infrastructure
4o1x5/infrastructure
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

🐛 few tweaks

Browse source 
- Rimgo is no longer running in a container
- Forgejo: disabled registration
- Readme, few changes about privacy respecting services
added contact point
This commit is contained in:
2005 2024-06-04 04:45:44 +02:00
parent 9216cbbf62
commit 30a1cb6481
9 changed files with 85 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/carbon/root.nix
View file

@ -26,7 +26,7 @@
# privacy services # privacy services
./services/privacy/libreddit.nix ./services/privacy/redlib.nix
./services/privacy/safetwitch.nix ./services/privacy/safetwitch.nix
#./services/privacy/piped.nix #./services/privacy/piped.nix
./services/privacy/breezewiki.nix ./services/privacy/breezewiki.nix
@ -41,7 +41,8 @@
./services/privacy/librey.nix ./services/privacy/librey.nix
./services/privacy/dumb.nix ./services/privacy/dumb.nix
./services/privacy/priviblur.nix ./services/privacy/priviblur.nix
#./services/privacy/biblioreads.nix
./services/privacy/biblioreads.nix
#./services/privacy/proxitok.nix #./services/privacy/proxitok.nix
#./services/privacy/scribe.nix #./services/privacy/scribe.nix
#./services/privacy/searxng.nix #./services/privacy/searxng.nix

6
hosts/carbon/services/forgejo.nix
View file

@ -6,9 +6,9 @@
server = { server = {
DOMAIN = "git.4o1x5.dev"; DOMAIN = "git.4o1x5.dev";
ROOT_URL = "https://git.${config.networking.domain}/"; ROOT_URL = "https://git.${config.networking.domain}/";
DISABLE_REGISTRATION = true;
DISABLE_SSH = true; DISABLE_SSH = true;
}; };
service.DISABLE_REGISTRATION = true;
DEFAULT.APP_NAME = "2005's git server"; DEFAULT.APP_NAME = "2005's git server";
actions.ENABLED = true; actions.ENABLED = true;
}; };
@ -37,7 +37,7 @@
services.gitea-actions-runner.instances = { services.gitea-actions-runner.instances = {
root = { root = {
enable = true; enable = true;
url = "https://git.${config.networking.domain}"; url = "http://127.0.0.1:3000";
tokenFile = config.age.secrets.forgejo-runner.path; tokenFile = config.age.secrets.forgejo-runner.path;
settings = { settings = {
container = { container = {
@ -49,7 +49,7 @@
labels = [ labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
]; ];
name = config.networking.domain; name = config.networking.hostname;
}; };
}; };
} }

16
hosts/carbon/services/privacy/libreddit.nix → hosts/carbon/services/privacy/redlib.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, ... }: { { pkgs, config, ... }: {
# todo redlib instead of libreddit
services.libreddit = { services.libreddit = {
enable = true; enable = true;
address = "127.0.0.1"; address = "127.0.0.1";
@ -10,6 +9,7 @@
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"libreddit.${config.networking.domain}" = { "libreddit.${config.networking.domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -21,6 +21,20 @@
''; '';
}; };
}; };
"redlib.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:3672";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
}; };
}; };
} }

52
hosts/carbon/services/privacy/rimgo.nix
View file

@ -1,38 +1,28 @@
{ pkgs, config, ... }: { { pkgs, config, ... }: {
virtualisation.oci-containers.containers = {
rimgo = { services.rimgo = {
image = "codeberg.org/rimgo/rimgo:latest"; enable = true;
ports = [ settings = {
"4312:3000" ADDRESS = "0.0.0.0";
]; PORT = 4312;
environment = { FIBER_PREFORK = "false";
ADDRESS = "0.0.0.0";
PORT = "3000";
FIBER_PREFORK = "false";
# Link to a privacy policy (optional) # Link to a privacy policy (optional)
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy"; PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
# Explain how this data is used/why it is collected (optional) # Explain how this data is used/why it is collected (optional)
PRIVACY_MESSAGE = "Read my privacy policy on my website"; PRIVACY_MESSAGE = "Read my privacy policy on my website";
# Country where instance is located. Leave blank if running on Tor without clearnet. # Country where instance is located. Leave blank if running on Tor without clearnet.
PRIVACY_COUNTRY = "HU"; PRIVACY_COUNTRY = "HU";
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet. # Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
PRIVACY_PROVIDER = "Telekom"; PRIVACY_PROVIDER = "Telekom";
# Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false) PRIVACY_CLOUDFLARE = "false";
PRIVACY_CLOUDFLARE = "false"; PRIVACY_NOT_COLLECTED = "false";
PRIVACY_NOT_COLLECTED = "false";
# IP address PRIVACY_IP = "true";
PRIVACY_IP = "true"; PRIVACY_URL = "true";
# Request URL PRIVACY_DEVICE = "true";
PRIVACY_URL = "true"; PRIVACY_DIAGNOSTICS = "false";
# Device Type (User agent)
PRIVACY_DEVICE = "true";
PRIVACY_DIAGNOSTICS = "false";
};
}; };
}; };
@ -43,7 +33,7 @@
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = " http://127.0.0.1:4312"; proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}";
extraConfig = '' extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics; access_log /var/log/nginx/$server_name-access.log json_analytics;
''; '';

1
hosts/lime/services/penpot/docker-compose.yml Normal file
View file

@ -0,0 +1 @@
version: "3"

8
hosts/pink/services/i2pd.nix
View file

@ -20,6 +20,13 @@
enable = true; enable = true;
}; };
services.i2pd.proto.socksProxy = {
enable = true;
address = "0.0.0.0";
};
# todo proxy # todo proxy
# todo privacy respecting services # todo privacy respecting services
# todo reseed export # todo reseed export
@ -28,7 +35,6 @@
services.prometheus.exporters.i2pd = { services.prometheus.exporters.i2pd = {
enable = true; enable = true;
port = 3321; port = 3321;
openFirewall = true;
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}"; routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
routerPassword = "itoopie"; routerPassword = "itoopie";
}; };

5
hosts/pink/services/monitoring/prometheus.nix
View file

@ -29,11 +29,6 @@ in
targets = [ "${lime}:9001" ]; targets = [ "${lime}:9001" ];
labels = { alias = "node.lime.local"; }; labels = { alias = "node.lime.local"; };
} }
{
targets = [ "32.54.31.172:9001" ];
labels = { alias = "node.strix.local"; };
}
]; ];
} }
{ {

68
readme.md
View file

@ -2,6 +2,10 @@
Nix configs for all servers in my homelab. Including all services available for public and private use. Nix configs for all servers in my homelab. Including all services available for public and private use.
# Contact
https://matrix.to/#/#home:4o1x5.dev
## Setting up projects that don't have options in nixkpgs ## Setting up projects that don't have options in nixkpgs
Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy. Using compose2nix projects can be converted into `oci-container` definitions which we can use to deploy.
@ -12,36 +16,34 @@ I will most likely deploy most of the services available in Libredirect. Since n
Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong... Most projects don't even have a docker container, let alone a guide to deploy them. Some have nix flakes, but are missing crucial features or they are configured all wrong...
Here is a list of services I plan on hosting and their statuses. Here is a list of services I plan on hosting and their statuses.
| name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list | | name | deployed? | info | I2P | Tor | Lokinet | Announced to instance list |
| -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | ------------------------------------------------ | | -------------------------------------------------------- | --------- | ------------------------------------------------------------------------ | --- | --- | ------- | -------------------------- |
| [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ | | [anonymousoverflow](https://anonymousoverflow.4o1x5.dev) | ✅ | works, but secret needs work | ❌ | ❌ | ❌ | ❌ |
| [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | | [binternet](https://binternet.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [breezewiki](https://breezewiki.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [dumb](https://dumb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ (requires me to sign up for github (fuck no)) | | [gothub](https://gothub.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [libreddit](https://libreddit.4o1x5.dev) | ✅ | needs to be migrated to redlib | ❌ | ❌ | ❌ | ❌ (owner didn't respond) | | [redlib](https://redlib.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [libremdb](https://libremdb.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [librey](https://librey.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ | | [piped](https://piped.4o1x5.dev) | ❌ | piped-nix deploys the database wrong | ❌ | ❌ | ❌ | ❌ |
| [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ | | [priviblur](https://priviblur.4o1x5.dev) | ❌ | need config file defined (impure) | ❌ | ❌ | ❌ | ❌ |
| [quetre](https://quetre.4o1x5.dev) | ❓ | return 503 | ❌ | ❌ | ❌ | ❌ | | [quetre](https://quetre.4o1x5.dev) | ❓ | returns 500 | ❌ | ❌ | ❌ | ❌ |
| [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [rimgo](https://rimgo.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ | | [safetwitch](https://safetwitch.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ✅ |
| [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ | | [searxng](https://searxng.4o1x5.dev) | ❌ | no config option in nixpkgs | ❌ | ❌ | ❌ | ❌ |
| [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose prioject & needs piped server | ❌ | ❌ | ❌ | ❌ | | [hyperpipe](https://hyperpipe.4o1x5.dev) | ❌ | no docker compose project & needs piped server | ❌ | ❌ | ❌ | ❌ |
| [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ | | [proxitok](https://proxitok.4o1x5.dev) | ❌ | complicated to setup | ❌ | ❌ | ❌ | ❌ |
| [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ | | [proxigram](https://proxigram.4o1x5.dev) | ❌ | deprecated | ❌ | ❌ | ❌ | ❌ |
| pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ | | pixivfe | ❌ | [csam platform](https://www.bbc.com/news/uk-65932372), will never deploy | ❌ | ❌ | ❌ | ❌ |
| [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ | | [scribe](https://scribe.4o1x5.dev) | ❌ | flake has no secret for variables | ❌ | ❌ | ❌ | ❌ |
| [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | | [laboratory](https://laboratory.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | | [reuter](https://reuters.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ | | [snopes](https://snopes.4o1x5.dev) | ❌ | todo | ❌ | ❌ | ❌ | ❌ |
| [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [ifunny](https://ifunny.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [tenor](https://tenor.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [knowyourmeme](https://knowyourmeme.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [urbandictionary](https://urbandictionary.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ | | [biblioreads](https://biblioreads.4o1x5.dev) | ✅ | works | ❌ | ❌ | ❌ | ❌ |
| [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [wolframalpha](https://wolframalpha.4o1x5.dev) | ❌ | no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
| [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ | | [wikiless](https://wikiless.4o1x5.dev) | ❌ | todo no nixpkgs/docker | ❌ | ❌ | ❌ | ❌ |
I want to share my instances for public use, but most of these services code are hosted on github, meaning I would have to sign up and make a pull request there, which I will never do.

4
root.nix
View file

@ -20,12 +20,8 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Budapest"; time.timeZone = "Europe/Budapest";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "hu_HU.UTF-8"; LC_ADDRESS = "hu_HU.UTF-8";
LC_IDENTIFICATION = "hu_HU.UTF-8"; LC_IDENTIFICATION = "hu_HU.UTF-8";