diff options
author | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
---|---|---|
committer | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
commit | 2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch) | |
tree | a72905fad73089b7ab295a948eda837bad013362 /krebs/2configs | |
parent | 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff) | |
parent | 0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff) |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/cache.nsupdate.info.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/matterbridge.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/reaktor2.nix | 18 | ||||
-rw-r--r-- | krebs/2configs/secret-passwords.nix | 4 | ||||
-rw-r--r-- | krebs/2configs/shack/gitlab-runner.nix | 4 | ||||
-rw-r--r-- | krebs/2configs/shack/grafana.nix | 5 | ||||
-rw-r--r-- | krebs/2configs/shack/muell_caller.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/muell_mail.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/prometheus/unifi.nix | 2 | ||||
-rw-r--r-- | krebs/2configs/shack/s3-power.nix | 2 |
10 files changed, 30 insertions, 13 deletions
diff --git a/krebs/2configs/cache.nsupdate.info.nix b/krebs/2configs/cache.nsupdate.info.nix index 74f345614..1ac63eaf5 100644 --- a/krebs/2configs/cache.nsupdate.info.nix +++ b/krebs/2configs/cache.nsupdate.info.nix @@ -9,7 +9,7 @@ in { enable = true; server = "ipv4.nsupdate.info"; username = domain; - password = import ((toString <secrets>) + "/nsupdate-cache.nix"); + password = import "${config.krebs.secret.directory}/nsupdate-cache.nix"; domains = [ domain ]; use= "if, if=et0"; # use = "web, web=http://ipv4.nsupdate.info/myip"; diff --git a/krebs/2configs/matterbridge.nix b/krebs/2configs/matterbridge.nix index b96dea300..f42921824 100644 --- a/krebs/2configs/matterbridge.nix +++ b/krebs/2configs/matterbridge.nix @@ -2,7 +2,7 @@ services.matterbridge = { enable = true; configPath = let - bridgeBotToken = lib.strings.fileContents <secrets/telegram.token>; + bridgeBotToken = lib.strings.fileContents "${config.krebs.secret.directory}/telegram.token"; in toString ((pkgs.formats.toml {}).generate "config.toml" { general = { diff --git a/krebs/2configs/reaktor2.nix b/krebs/2configs/reaktor2.nix index bc5bfc0fb..db7b794f4 100644 --- a/krebs/2configs/reaktor2.nix +++ b/krebs/2configs/reaktor2.nix @@ -528,6 +528,24 @@ in { ''; }; + services.nginx.virtualHosts."bedge.r" = { + locations."/".extraConfig = '' + proxy_set_header Host $host; + proxy_pass http://localhost:${toString config.services.hledger-web.port}; + ''; + locations."/bedger.json".extraConfig = '' + proxy_set_header Host $host; + proxy_pass http://localhost:8011; + ''; + extraConfig = '' + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + ''; + }; + services.hledger-web = { + enable = true; + }; + systemd.services.reaktor2-r.serviceConfig.DynamicUser = mkForce false; systemd.services.reaktor2-hackint.serviceConfig.DynamicUser = mkForce false; krebs.reaktor2 = { diff --git a/krebs/2configs/secret-passwords.nix b/krebs/2configs/secret-passwords.nix index 0f0d068aa..531d570cc 100644 --- a/krebs/2configs/secret-passwords.nix +++ b/krebs/2configs/secret-passwords.nix @@ -1,7 +1,7 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; { users.extraUsers = mapAttrs (_: h: { hashedPassword = h; }) - (import <secrets/hashedPasswords.nix>); + (import "${config.krebs.secret.directory}/hashedPasswords.nix"); } diff --git a/krebs/2configs/shack/gitlab-runner.nix b/krebs/2configs/shack/gitlab-runner.nix index d525e7987..a27fe29ae 100644 --- a/krebs/2configs/shack/gitlab-runner.nix +++ b/krebs/2configs/shack/gitlab-runner.nix @@ -1,4 +1,4 @@ -{ pkgs,lib, ... }: +{ config, lib, pkgs, ... }: { boot.kernel.sysctl."net.ipv4.ip_forward" = true; services.gitlab-runner = { @@ -10,7 +10,7 @@ # File should contain at least these two variables: # `CI_SERVER_URL` # `REGISTRATION_TOKEN` - registrationConfigFile = toString <secrets/shackspace-gitlab-ci>; + registrationConfigFile = "${config.krebs.secret.directory}/shackspace-gitlab-ci"; dockerImage = "alpine"; dockerVolumes = [ "/nix/store:/nix/store:ro" diff --git a/krebs/2configs/shack/grafana.nix b/krebs/2configs/shack/grafana.nix index f42f1c4af..78ef29f97 100644 --- a/krebs/2configs/shack/grafana.nix +++ b/krebs/2configs/shack/grafana.nix @@ -1,7 +1,6 @@ -let +{ config, ... }: let port = 3000; in { - networking.firewall.allowedTCPPorts = [ port ]; # legacy services.nginx.virtualHosts."grafana.shack" = { locations."/" = { @@ -25,6 +24,6 @@ in { users.allowOrgCreate = true; users.autoAssignOrg = true; auth.anonymous.enable = true; - security = import <secrets/grafana_security.nix>; + security = import "${config.krebs.secret.directory}/grafana_security.nix"; }; } diff --git a/krebs/2configs/shack/muell_caller.nix b/krebs/2configs/shack/muell_caller.nix index f3007dd1d..ea335f233 100644 --- a/krebs/2configs/shack/muell_caller.nix +++ b/krebs/2configs/shack/muell_caller.nix @@ -21,7 +21,7 @@ let install -m755 -D call.py $out/bin/call-muell ''; }; - cfg = "${toString <secrets>}/tell.json"; + cfg = "${config.krebs.secret.directory}/tell.json"; in { systemd.services.call_muell = { description = "call muell"; diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix index 2a8c92e46..69bc33e46 100644 --- a/krebs/2configs/shack/muell_mail.nix +++ b/krebs/2configs/shack/muell_mail.nix @@ -9,7 +9,7 @@ let sha256 = "0hgchwam5ma96s2v6mx2jfkh833psadmisjbm3k3153rlxp46frx"; }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/muell_mail"; - cfg = toString <secrets/shack/muell_mail.js>; + cfg = "${config.krebs.secret.directory}/shack/muell_mail.js"; in { users.users.muell_mail = { inherit home; diff --git a/krebs/2configs/shack/prometheus/unifi.nix b/krebs/2configs/shack/prometheus/unifi.nix index 34e47add9..1e42779f0 100644 --- a/krebs/2configs/shack/prometheus/unifi.nix +++ b/krebs/2configs/shack/prometheus/unifi.nix @@ -5,6 +5,6 @@ unifiAddress = "https://unifi.shack:8443/"; unifiInsecure = true; unifiUsername = "prometheus"; # needed manual login after setup to confirm the password - unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile <secrets/shack/unifi-prometheus-pw>); + unifiPassword = lib.replaceStrings ["\n"] [""] (builtins.readFile "${config.krebs.secret.directory}/shack/unifi-prometheus-pw"); }; } diff --git a/krebs/2configs/shack/s3-power.nix b/krebs/2configs/shack/s3-power.nix index d8033f1e2..e79d15d73 100644 --- a/krebs/2configs/shack/s3-power.nix +++ b/krebs/2configs/shack/s3-power.nix @@ -10,7 +10,7 @@ let }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; }; home = "/var/lib/s3-power"; - cfg = toString <secrets/shack/s3-power.json>; + cfg = "${config.krebs.secret.directory}/shack/s3-power.json"; in { users.users.s3_power = { inherit home; |