- virtualisation.containers.enable = true;
- virtualisation.podman = {
- enable = true;
-
- # Create a `docker` alias for podman, to use it as a drop-in replacement
- dockerCompat = true;
-
- # Required for containers under podman-compose to be able to talk to each other.
- defaultNetwork.settings.dns_enabled = true;
- };
-
- services.gitea-actions-runner = {
- package = pkgs.forgejo-runner;
- instances.default = {
- enable = true;
- name = "dromadaire";
- url = "https://git.distrilab.fr";
- # Obtaining the path to the runner token file may differ
- tokenFile = "/etc/forgejo/runner.token";
- labels = [
- # provide a debian base with nodejs for actions
- "debian-latest:docker://node:20-bookworm"
- # fake the ubuntu name, because node provides no ubuntu builds
- "ubuntu-latest:docker://node:20-bookworm"
- # nixos
- "nixos:docker://nixos/nix:latest"
- # provide native execution on the host
- #"native:host"
- ];
- };
- };
-
-
-
- services.nginx = {
- virtualHosts.${cfg.settings.server.DOMAIN} = {
- forceSSL = true;
- enableACME = true;
- extraConfig = ''
- client_max_body_size 512M;
- '';
- locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
- };
- };
-
- services.forgejo = {
- enable = true;
- database.type = "postgres";
- # Enable support for Git Large File Storage
- lfs.enable = true;
- settings = {
- server = {
- DOMAIN = "git.example.com";
- # You need to specify this to remove the port from URLs in the web UI.
- ROOT_URL = "https://${srv.DOMAIN}/";
- HTTP_PORT = 3000;
- };
- # You can temporarily allow registration to create an admin user.
- service.DISABLE_REGISTRATION = true;
- # Add support for actions, based on act: https://github.com/nektos/act
- actions = {
- ENABLED = true;
- DEFAULT_ACTIONS_URL = "github";
- };
- # Sending emails is completely optional
- # You can send a test email from the web UI at:
- # Profile Picture > Site Administration > Configuration > Mailer Configuration
- mailer = {
- ENABLED = true;
- SMTP_ADDR = "mail.example.com";
- FROM = "noreply@${srv.DOMAIN}";
- USER = "noreply@${srv.DOMAIN}";
- };
- };
- mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
- };
-
+
}
-
-
diff --git a/components/DynamicComponent.vue b/components/DynamicComponent.vue
index 4093c92..e85414e 100644
--- a/components/DynamicComponent.vue
+++ b/components/DynamicComponent.vue
@@ -3,11 +3,28 @@
- nixcode {{ serviceName }}
+
+
diff --git a/components/NixForm.vue b/components/NixForm.vue
index 060e96d..ac1308b 100644
--- a/components/NixForm.vue
+++ b/components/NixForm.vue
@@ -3,9 +3,8 @@ import {provide} from 'vue';
import DynamicComponent from "./DynamicComponent.vue"
const props = defineProps(['service'])
-let serviceComponent = 'NixForm'+props.service.id
+let serviceComponent = 'form-'+props.service.id
provide('service', props.service)
-
diff --git a/components/all.js b/components/all.js
deleted file mode 100644
index f488af2..0000000
--- a/components/all.js
+++ /dev/null
@@ -1,8 +0,0 @@
-export { default as NixFormgotosocial } from './NixForm-gotosocial.vue'
-export { default as NixFormpeertube } from './NixForm-peertube.vue'
-export { default as NixFormlemmy } from './NixForm-lemmy.vue'
-export { default as NixFormnextcloud } from './NixForm-nextcloud.vue'
-export { default as NixFormhedgedoc } from './NixForm-hedgedoc.vue'
-export { default as NixFormforgejo } from './NixForm-forgejo.vue'
-export { default as NixFormforgejorunner } from './NixForm-forgejorunner.vue'
-export { default as NixFormnixin } from './NixForm-nixin.vue'
diff --git a/components/NixForm-forgejo.vue b/components/form/forgejo.vue
similarity index 100%
rename from components/NixForm-forgejo.vue
rename to components/form/forgejo.vue
diff --git a/components/NixForm-forgejorunner.vue b/components/form/forgejorunner.vue
similarity index 100%
rename from components/NixForm-forgejorunner.vue
rename to components/form/forgejorunner.vue
diff --git a/components/NixForm-gotosocial.vue b/components/form/gotosocial.vue
similarity index 100%
rename from components/NixForm-gotosocial.vue
rename to components/form/gotosocial.vue
diff --git a/components/NixForm-hedgedoc.vue b/components/form/hedgedoc.vue
similarity index 100%
rename from components/NixForm-hedgedoc.vue
rename to components/form/hedgedoc.vue
diff --git a/components/NixForm-lemmy.vue b/components/form/lemmy.vue
similarity index 100%
rename from components/NixForm-lemmy.vue
rename to components/form/lemmy.vue
diff --git a/components/NixForm-nextcloud.vue b/components/form/nextcloud.vue
similarity index 100%
rename from components/NixForm-nextcloud.vue
rename to components/form/nextcloud.vue
diff --git a/components/NixForm-nixin.vue b/components/form/nixin.vue
similarity index 100%
rename from components/NixForm-nixin.vue
rename to components/form/nixin.vue
diff --git a/components/NixForm-peertube.vue b/components/form/peertube.vue
similarity index 100%
rename from components/NixForm-peertube.vue
rename to components/form/peertube.vue
diff --git a/components/nix-code/forgejo.vue b/components/nix-code/forgejo.vue
new file mode 100644
index 0000000..4ea3254
--- /dev/null
+++ b/components/nix-code/forgejo.vue
@@ -0,0 +1,45 @@
+
+ services.nginx = {
+ virtualHosts.${cfg.settings.server.DOMAIN} = {
+ forceSSL = true;
+ enableACME = true;
+ extraConfig = ''
+ client_max_body_size 512M;
+ '';
+ locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+ };
+ };
+
+ services.forgejo = {
+ enable = true;
+ database.type = "postgres";
+ # Enable support for Git Large File Storage
+ lfs.enable = true;
+ settings = {
+ server = {
+ DOMAIN = "git.example.com";
+ # You need to specify this to remove the port from URLs in the web UI.
+ ROOT_URL = "https://${srv.DOMAIN}/";
+ HTTP_PORT = 3000;
+ };
+ # You can temporarily allow registration to create an admin user.
+ service.DISABLE_REGISTRATION = true;
+ # Add support for actions, based on act: https://github.com/nektos/act
+ actions = {
+ ENABLED = true;
+ DEFAULT_ACTIONS_URL = "github";
+ };
+ # Sending emails is completely optional
+ # You can send a test email from the web UI at:
+ # Profile Picture > Site Administration > Configuration > Mailer Configuration
+ mailer = {
+ ENABLED = true;
+ SMTP_ADDR = "mail.example.com";
+ FROM = "noreply@${srv.DOMAIN}";
+ USER = "noreply@${srv.DOMAIN}";
+ };
+ };
+ mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
+ };
+
+
diff --git a/components/nix-code/forgejorunner.vue b/components/nix-code/forgejorunner.vue
new file mode 100644
index 0000000..f4b0dd9
--- /dev/null
+++ b/components/nix-code/forgejorunner.vue
@@ -0,0 +1,34 @@
+
+ virtualisation.containers.enable = true;
+ virtualisation.podman = {
+ enable = true;
+
+ # Create a `docker` alias for podman, to use it as a drop-in replacement
+ dockerCompat = true;
+
+ # Required for containers under podman-compose to be able to talk to each other.
+ defaultNetwork.settings.dns_enabled = true;
+ };
+
+ services.gitea-actions-runner = {
+ package = pkgs.forgejo-runner;
+ instances.default = {
+ enable = true;
+ name = "dromadaire";
+ url = "https://git.distrilab.fr";
+ # Obtaining the path to the runner token file may differ
+ tokenFile = "/etc/forgejo/runner.token";
+ labels = [
+ # provide a debian base with nodejs for actions
+ "debian-latest:docker://node:20-bookworm"
+ # fake the ubuntu name, because node provides no ubuntu builds
+ "ubuntu-latest:docker://node:20-bookworm"
+ # nixos
+ "nixos:docker://nixos/nix:latest"
+ # provide native execution on the host
+ #"native:host"
+ ];
+ };
+ };
+
+
diff --git a/components/nix-code/gotosocial.vue b/components/nix-code/gotosocial.vue
new file mode 100644
index 0000000..b3800e3
--- /dev/null
+++ b/components/nix-code/gotosocial.vue
@@ -0,0 +1,36 @@
+
+{
+ services.gotosocial = {
+ enable = true;
+ setupPostgresqlDB = true;
+ settings = {
+ application-name = "My GoToSocial";
+ host = "gotosocial.example.com";
+ protocol = "https";
+ bind-address = "127.0.0.1";
+ port = 8080;
+ };
+ };
+}
+{
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ services.nginx = {
+ enable = true;
+ clientMaxBodySize = "40M";
+ virtualHosts = with config.services.gotosocial.settings; {
+ "${host}" = {
+ enableACME = true;
+ forceSSL = true;
+ locations = {
+ "/" = {
+ recommendedProxySettings = true;
+ proxyWebsockets = true;
+ proxyPass = "http://${bind-address}:${toString port}";
+ };
+ };
+ };
+ };
+ };
+}
+
+
diff --git a/components/nix-code/hedgedoc.vue b/components/nix-code/hedgedoc.vue
new file mode 100644
index 0000000..c304602
--- /dev/null
+++ b/components/nix-code/hedgedoc.vue
@@ -0,0 +1,18 @@
+
+ networking.firewall = {
+ allowedTCPPorts = [ 8001 ];
+ };
+ services.hedgedoc = {
+ enable = true;
+ settings.domain = "hedgedoc.nixin.local";
+ settings.port = 8001;
+ settings.host = "0.0.0.0";
+ settings.protocolUseSSL = false;
+ settings.allowOrigin = [
+ "localhost"
+ "hedgedoc.nixin.local"
+ ];
+ };
+
+
+
diff --git a/components/nix-code/lemmy.vue b/components/nix-code/lemmy.vue
new file mode 100644
index 0000000..9199583
--- /dev/null
+++ b/components/nix-code/lemmy.vue
@@ -0,0 +1,240 @@
+
+ let
+
+ # add nginx reverse proxy and ACME web certificate
+ add_nginx = true;
+ nginx_ports = [ 80 443 ];
+
+ lemmy = {
+ upstreamName = "lemmy";
+ dataDir = "/var/lib/lemmy";
+ ip = "127.0.0.1";
+ port = 1234;
+ # TODO: Change this domain to your own
+ domain = "lemmy.example.com";
+ };
+
+ lemmy-ui = {
+ upstreamName = "lemmy-ui";
+ ip = "127.0.0.1";
+ port = 8536;
+ };
+
+ pict-rs = {
+ ip = "127.0.0.1";
+ port = 8080;
+ };
+
+ acmeDomain = lemmy.domain;
+ nginxVhost = lemmy.domain;
+
+ in {
+
+ security.acme = lib.mkIf add_nginx {
+ # TODO: change this to true if you accept
+ acceptTerms = false;
+ defaults = {
+ # TODO: you will receive a notification if automatic certificate renewal fails
+ email = "postmaster@${lemmy.domain}";
+ # TODO: put your dns provider here: https://go-acme.github.io/lego/dns/
+ dnsProvider = "";
+ # TODO: this file should contain environment variables expected by your dns provider
+ credentialsFile = "";
+ };
+ certs."${acmeDomain}" = {
+ domain = "${acmeDomain}";
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = lib.mkIf add_nginx nginx_ports;
+
+ # is needed because of certificate file permissions
+ users.users.nginx.extraGroups = lib.mkIf add_nginx ["acme"];
+
+ services.nginx = lib.mkIf add_nginx {
+ upstreams."${lemmy.upstreamName}".servers."${lemmy.ip}:${builtins.toString lemmy.port}" = {};
+ upstreams."${lemmy-ui.upstreamName}".servers."${lemmy-ui.ip}:${builtins.toString lemmy-ui.port}" = {};
+
+ virtualHosts."${nginxVhost}" = {
+ useACMEHost = "${acmeDomain}";
+ # inherit from config.security.acme.acmeRoot;
+ acmeRoot = null;
+ # add redirects from http to https
+ forceSSL = true;
+ # this whole block was lifted from
+ https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L21 lines
+ 21-32
+ extraConfig = ''
+ # disables emitting nginx version on error pages and in the “Server” response header field
+ server_tokens off;
+
+ gzip on;
+ gzip_types text/css application/javascript image/svg+xml;
+ gzip_vary on;
+
+ # Upload limit, relevant for pictrs
+ client_max_body_size 20M;
+
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-Content-Type-Options nosniff;
+ add_header X-XSS-Protection "1; mode=block";
+ '';
+
+ locations = {
+ "/" = {
+ extraConfig = ''
+ # distinguish between ui requests and backend
+ # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
+ set $proxpass "http://${lemmy-ui.upstreamName}";
+
+ if ($http_accept = "application/activity+json") {
+ set $proxpass "http://${lemmy.upstreamName}";
+ }
+ if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
+ set $proxpass "http://${lemmy.upstreamName}";
+ }
+ if ($request_method = POST) {
+ set $proxpass "http://${lemmy.upstreamName}";
+ }
+ proxy_pass $proxpass;
+
+ # Cuts off the trailing slash on URLs to make them valid
+ rewrite ^(.+)/+$ $1 permanent;
+
+ # Send actual client IP upstream
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+
+ # again, lifted wholesale from
+ https://github.com/LemmyNet/lemmy/blob/ef1aa18fd20cc03d492a81cb70cc75cf3281649f/docker/nginx.conf#L60 lines
+ 60-69 (nice!)
+ "~ ^/(api|pictrs|feeds|nodeinfo|.well-known)" = {
+ proxyPass = "http://${lemmy.upstreamName}";
+ extraConfig = ''
+ # proxy common stuff
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ ## Send actual client IP upstream
+ #proxy_set_header X-Real-IP $remote_addr;
+ #proxy_set_header Host $host;
+ #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ '';
+ };
+ };
+ };
+ };
+
+ systemd.services.lemmy-ui = {
+ environment = {
+ LEMMY_UI_HOST = lib.mkForce "${lemmy-ui.ip}:${toString lemmy-ui.port}";
+ LEMMY_UI_LEMMY_INTERNAL_HOST = lib.mkForce "${lemmy.ip}:${toString lemmy.port}";
+ LEMMY_UI_LEMMY_EXTERNAL_HOST = lib.mkForce lemmy.domain ;
+ LEMMY_UI_HTTPS="true";
+ };
+ };
+
+ services.pict-rs = {
+ enable = true;
+ port = pict-rs.port;
+ dataDir = "${dataDir}/pict-rs";
+ address = pict-rs.ip;
+ };
+
+ systemd.services.lemmy = {
+ requires = ["postgresql.service"];
+ after = ["postgresql.service"];
+ environment = {
+ LEMMY_DATABASE_URL = lib.mkForce "postgresql://lemmy@127.0.0.1:${toString
+ config.services.postgresql.port}/lemmy";
+ };
+ };
+
+ services.lemmy = {
+ enable = true;
+ ui.port = lemmy-ui.port;
+ database.createLocally = true;
+ settings = {
+ # TODO: Enable this much later when you tested everything.
+ # N.B. you can't change your domain name after enabling this.
+ federation.enabled = false;
+ # settings related to the postgresql database
+ database = {
+ user = "lemmy";
+ password = "secretlemmypassword";
+ host = "127.0.0.1";
+ port = ${config.services.postgresql.port};
+ database = "lemmy";
+ pool_size = 5;
+ };
+ # Pictrs image server configuration.
+ pictrs = {
+ # Address where pictrs is available (for image hosting)
+ url = "http://${pict-rs.ip}:${toString pict-rs.port}/";
+ # TODO: Set a custom pictrs API key. ( Required for deleting images )
+ api_key = "";
+ };
+ # TODO: Email sending configuration. All options except login/password are mandatory
+ email = {
+ # Hostname and port of the smtp server
+ smtp_server = "";
+ # Login name for smtp server
+ smtp_login = "";
+ # Password to login to the smtp server
+ smtp_password = "";
+ # Address to send emails from, eg "noreply@your-instance.com";
+ smtp_from_address = "noreply@${lemmy.domain}";
+ # Whether or not smtp connections should use tls. Can be none, tls, or starttls
+ tls_type = "none";
+ };
+ # TODO: Parameters for automatic configuration of new instance (only used at first start)
+ setup = {
+ # Username for the admin user
+ admin_username = "superawesomeadmin";
+ # Password for the admin user. It must be at least 10 characters.
+ admin_password = "";
+ # Name of the site (can be changed later)
+ site_name = "Lemmy at ${lemmy.domain}";
+ # Email for the admin user (optional, can be omitted and set later through the website)
+ admin_email = "admin@${lemmy.domain}";
+ };
+ # the domain name of your instance (mandatory)
+ hostname = lemmy.domain;
+ # Address where lemmy should listen for incoming requests
+ bind = lemmy.ip;
+ # Port where lemmy should listen for incoming requests
+ port = lemmy.port;
+ # Whether the site is available over TLS. Needs to be true for federation to work.
+ tls_enabled = true;
+ };
+
+ };
+
+
+ # needed for now
+ nixpkgs.config.permittedInsecurePackages = [
+ "nodejs-14.21.3"
+ "openssl-1.1.1t"
+ ];
+
+ system.activationScripts."make_sure_lemmy_user_owns_files" = ''
+ uid='${config.users.users.lemmy.uid}';
+ gid='${config.users.groups.lemmy.gid}';
+ dir='${lemmy.dataDir}'
+
+ mkdir -p "''${dir}"
+
+ if [[ "$(${pkgs.toybox}/bin/stat "''${dir}" -c '%u:%g' | tee /dev/stderr )" != "''${uid}:''${gid}" ]]; then
+ chown -R "''${uid}:''${gid}" "''${dir}"
+ fi
+ '';
+ };
+ };
+ }
+
+
+
diff --git a/components/nix-code/nextcloud.vue b/components/nix-code/nextcloud.vue
new file mode 100644
index 0000000..9d95eac
--- /dev/null
+++ b/components/nix-code/nextcloud.vue
@@ -0,0 +1,14 @@
+
+ services.nextcloud = {
+ enable = true;
+ hostName = "nextcloud.tld";
+ database.createLocally = true;
+ config = {
+ dbtype = "pgsql";
+ adminpassFile = "/path/to/admin-pass-file";
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+
diff --git a/components/nix-code/peertube.vue b/components/nix-code/peertube.vue
new file mode 100644
index 0000000..9e4ce0c
--- /dev/null
+++ b/components/nix-code/peertube.vue
@@ -0,0 +1,60 @@
+
+ networking.extraHosts = ''
+ 127.0.0.1 peertube.local
+ '';
+
+ environment.etc = {
+ "peertube/password-posgressql-db".text = "test123";
+ "peertube/password-redis-db".text = "test123";
+ };
+
+ services = {
+
+ peertube = {
+ enable = true;
+ localDomain = "peertube.local";
+ enableWebHttps = false;
+ database = {
+ host = "127.0.0.1";
+ name = "peertube_local";
+ user = "peertube_test";
+ passwordFile = "/etc/peertube/password-posgressql-db";
+ };
+ redis = {
+ host = "127.0.0.1";
+ port = 31638;
+ passwordFile = "/etc/peertube/password-redis-db";
+ };
+ settings = {
+ listen.hostname = "0.0.0.0";
+ instance.name = "PeerTube Test Server";
+ };
+ };
+
+ postgresql = {
+ enable = true;
+ enableTCPIP = true;
+ authentication = ''
+ hostnossl peertube_local peertube_test 127.0.0.1/32 md5
+ '';
+ initialScript = pkgs.writeText "postgresql_init.sql" ''
+ CREATE ROLE peertube_test LOGIN PASSWORD 'test123';
+ CREATE DATABASE peertube_local TEMPLATE template0 ENCODING UTF8;
+ GRANT ALL PRIVILEGES ON DATABASE peertube_local TO peertube_test;
+ ALTER DATABASE peertube_local OWNER TO peertube_test;
+ \connect peertube_local
+ CREATE EXTENSION IF NOT EXISTS pg_trgm;
+ CREATE EXTENSION IF NOT EXISTS unaccent;
+ '';
+ };
+
+ redis.servers.peertube = {
+ enable = true;
+ bind = "0.0.0.0";
+ requirePass = "test123";
+ port = 31638;
+ };
+
+ };
+
+
diff --git a/custom/.gitkeep b/custom/.gitkeep
new file mode 100644
index 0000000..e69de29