summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-09-28 23:22:59 +0200
committermakefu <github@syntax-fehler.de>2023-09-28 23:22:59 +0200
commit2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch)
treea72905fad73089b7ab295a948eda837bad013362 /krebs/2configs
parent29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff)
parent0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/cache.nsupdate.info.nix2
-rw-r--r--krebs/2configs/matterbridge.nix2
-rw-r--r--krebs/2configs/reaktor2.nix18
-rw-r--r--krebs/2configs/secret-passwords.nix4
-rw-r--r--krebs/2configs/shack/gitlab-runner.nix4
-rw-r--r--krebs/2configs/shack/grafana.nix5
-rw-r--r--krebs/2configs/shack/muell_caller.nix2
-rw-r--r--krebs/2configs/shack/muell_mail.nix2
-rw-r--r--krebs/2configs/shack/prometheus/unifi.nix2
-rw-r--r--krebs/2configs/shack/s3-power.nix2
10 files changed, 30 insertions, 13 deletions
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix
index 74f345614..1ac63eaf5 100644
--- a/krebs/2configs/cache.nsupdate.info.nix
+++ b/krebs/2configs/cache.nsupdate.info.nix
@@ -9,7 +9,7 @@ in {
enable = true;
server = "ipv4.nsupdate.info";
username = domain;
- password = import ((toString <secrets>) + "/nsupdate-cache.nix");
+ password = import "${config.krebs.secret.directory}/nsupdate-cache.nix";
domains = [ domain ];
use= "if, if=et0";
# use = "web, web=http://ipv4.nsupdate.info/myip";
diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix
index b96dea300..f42921824 100644
--- a/krebs/2configs/matterbridge.nix
+++ b/krebs/2configs/matterbridge.nix
@@ -2,7 +2,7 @@
services.matterbridge = {
enable = true;
configPath = let
- bridgeBotToken = lib.strings.fileContents <secrets/telegram.token>;
+ bridgeBotToken = lib.strings.fileContents "${config.krebs.secret.directory}/telegram.token";
in
toString ((pkgs.formats.toml {}).generate "config.toml" {
general = {
diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix
index bc5bfc0fb..db7b794f4 100644
--- a/krebs/2configs/reaktor2.nix
+++ b/krebs/2configs/reaktor2.nix
@@ -528,6 +528,24 @@ in {
'';
};
+ services.nginx.virtualHosts."bedge.r" = {
+ locations."/".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:${toString config.services.hledger-web.port};
+ '';
+ locations."/bedger.json".extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_pass http://localhost:8011;
+ '';
+ extraConfig = ''
+ add_header 'Access-Control-Allow-Origin' '*';
+ add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+ '';
+ };
+ services.hledger-web = {
+ enable = true;
+ };
+
systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false;
systemd.services.reaktor2-hackint.serviceConfig.DynamicUser = mkForce false;
krebs.reaktor2 = {
diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix
index 0f0d068aa..531d570cc 100644
--- a/krebs/2configs/secret-passwords.nix
+++ b/krebs/2configs/secret-passwords.nix
@@ -1,7 +1,7 @@
-{ lib, ... }:
+{ config, lib, ... }:
with lib;
{
users.extraUsers =
mapAttrs (_: h: { hashedPassword = h; })
- (import <secrets/hashedPasswords.nix>);
+ (import "${config.krebs.secret.directory}/hashedPasswords.nix");
}
diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix
index d525e7987..a27fe29ae 100644
--- a/krebs/2configs/shack/gitlab-runner.nix
+++ b/krebs/2configs/shack/gitlab-runner.nix
@@ -1,4 +1,4 @@
-{ pkgs,lib, ... }:
+{ config, lib, pkgs, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
services.gitlab-runner = {
@@ -10,7 +10,7 @@
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `REGISTRATION_TOKEN`
- registrationConfigFile = toString <secrets/shackspace-gitlab-ci>;
+ registrationConfigFile = "${config.krebs.secret.directory}/shackspace-gitlab-ci";
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix
index f42f1c4af..78ef29f97 100644
--- a/krebs/2configs/shack/grafana.nix
+++ b/krebs/2configs/shack/grafana.nix
@@ -1,7 +1,6 @@
-let
+{ config, ... }: let
port = 3000;
in {
-
networking.firewall.allowedTCPPorts = [ port ]; # legacy
services.nginx.virtualHosts."grafana.shack" = {
locations."/" = {
@@ -25,6 +24,6 @@ in {
users.allowOrgCreate = true;
users.autoAssignOrg = true;
auth.anonymous.enable = true;
- security = import <secrets/grafana_security.nix>;
+ security = import "${config.krebs.secret.directory}/grafana_security.nix";
};
}
diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix
index f3007dd1d..ea335f233 100644
--- a/krebs/2configs/shack/muell_caller.nix
+++ b/krebs/2configs/shack/muell_caller.nix
@@ -21,7 +21,7 @@ let
install -m755 -D call.py $out/bin/call-muell
'';
};
- cfg = "${toString <secrets>}/tell.json";
+ cfg = "${config.krebs.secret.directory}/tell.json";
in {
systemd.services.call_muell = {
description = "call muell";
diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index 2a8c92e46..69bc33e46 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -9,7 +9,7 @@ let
sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx";
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muell_mail";
- cfg = toString <secrets/shack/muell_mail.js>;
+ cfg = "${config.krebs.secret.directory}/shack/muell_mail.js";
in {
users.users.muell_mail = {
inherit home;
diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix
index 34e47add9..1e42779f0 100644
--- a/krebs/2configs/shack/prometheus/unifi.nix
+++ b/krebs/2configs/shack/prometheus/unifi.nix
@@ -5,6 +5,6 @@
unifiAddress = "https://unifi.shack:8443/";
unifiInsecure = true;
unifiUsername = "prometheus"; # needed manual login after setup to confirm the password
- unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>);
+ unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile "${config.krebs.secret.directory}/shack/unifi-prometheus-pw");
};
}
diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix
index d8033f1e2..e79d15d73 100644
--- a/krebs/2configs/shack/s3-power.nix
+++ b/krebs/2configs/shack/s3-power.nix
@@ -10,7 +10,7 @@ let
}) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/s3-power";
- cfg = toString <secrets/shack/s3-power.json>;
+ cfg = "${config.krebs.secret.directory}/shack/s3-power.json";
in {
users.users.s3_power = {
inherit home;