bingen
/
ogc-nixos
Obserwuj 1
Polub 0
Forkuj 0
Kod Zgłoszenia 0 Oczekujące zmiany 0 Wydania 0 Wiki Aktywność
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
1 Commit
1 Gałąź
Drzewo: a123bb28e8
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'a123bb28e8'
${ noResults }
ogc-nixos/flake.nix

170 lines
5.3KB
Czysty Wina Historia 

  1. {

  2.   description = "OpenGardenCloud";

  3. 

  4.   inputs = {

  5.     nixpkgs.url = "nixpkgs/nixos-25.11";

  6.     sops-nix = {

  7.       url = "github:Mic92/sops-nix";

  8.       inputs.nixpkgs.follows = "nixpkgs";

  9.     };

  10.     openldap-server = {

  11.       url = "./services/openldap/";

  12.       inputs.nixpkgs.follows = "nixpkgs";

  13.     };

  14.     nginx-server = {

  15.       url = "./services/nginx/";

  16.       inputs.nixpkgs.follows = "nixpkgs";

  17.     };

  18.     nextcloud-server = {

  19.       url = "./services/nextcloud/";

  20.       inputs.nixpkgs.follows = "nixpkgs";

  21.     };

  22.     mail-server = {

  23.       url = "./services/mail/";

  24.       inputs.nixpkgs.follows = "nixpkgs";

  25.     };

  26.     gitea-server = {

  27.       url = "./services/gitea/";

  28.       inputs.nixpkgs.follows = "nixpkgs";

  29.     };

  30.     immich-server = {

  31.       url = "./services/immich/";

  32.       inputs.nixpkgs.follows = "nixpkgs";

  33.     };

  34.   };

  35. 

  36.   outputs = {

  37.     self, nixpkgs, sops-nix,

  38.     openldap-server, nginx-server, nextcloud-server, mail-server, gitea-server, immich-server, ...

  39.   }: {

  40.     # Re-export individual modules

  41.     nixosModules = {

  42.       openldap = openldap-server.nixosModules.openldap;

  43.       nginx = nginx-server.nixosModules.nginx;

  44.       nextcloud = nextcloud-server.nixosModules.nextcloud;

  45.       mail = mail-server.nixosModules.mail;

  46.       gitea = gitea-server.nixosModules.gitea;

  47.       immich = immich-server.nixosModules.immich;

  48.     };

  49. 

  50.     # Convenience module: imports all service modules + sets default config

  51.     nixosModules.ogc = {config, lib, ...}:

  52.     let

  53.       cfg = config.ogc;

  54.     in {

  55.       imports = [

  56.         openldap-server.nixosModules.openldap

  57.         nginx-server.nixosModules.nextcloud

  58.         nextcloud-server.nixosModules.nextcloud

  59.         mail-server.nixosModules.mail

  60.         gitea-server.nixosModules.gitea

  61.         immich-server.nixosModules.immich

  62.         sops-nix.nixosModules.sops

  63.       ];

  64. 

  65.       options.ogc = {

  66.         organization = lib.mkOption {type = lib.types.str;};

  67.         extension = lib.mkOption {type = lib.types.str;};

  68.         domain = lib.mkOption {type = lib.types.str;};

  69.       };

  70. 

  71.       config = {

  72.         networking.firewall = {

  73.           enable = true;

  74.           allowedTCPPorts = [ 80 443 2022 ];

  75.           #allowedUDPPortRanges = [

  76.             #{ from = 4000; to = 4007; }

  77.           #];

  78.         };

  79. 

  80.         ogc = {

  81.           organization = lib.mkDefault "opengardencloud";

  82.           extension = lib.mkDefault "com";

  83.           domain = lib.mkDefault "opengardencloud.com";

  84.         };

  85.         sops = {

  86.           defaultSopsFile = ./secrets/ogc.yaml;

  87.           # This will automatically import SSH keys as age keys

  88.           age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  89.           # This is using an age key that is expected to already be in the filesystem

  90.           age.keyFile = "~/.config/sops/age/keys.txt";

  91.           # This will generate a new key if the key specified above does not exist

  92.           age.generateKey = true;

  93.           secrets."openldap/admin" = {};

  94.           secrets."openldap/nextcloud" = {};

  95.           secrets."openldap/mail" = {};

  96.           secrets."openldap/gitea" = {};

  97.           secrets."openldap/hauk" = {};

  98.           secrets."nextcloud/admin" = {};

  99.         };

  100. 

  101.         # ── Default configuration for OpenLDAP ─────────────────────

  102.         # All values use mkDefault so any machine flake can override them.

  103.         openldap = {

  104.           enable = lib.mkDefault true;

  105.           #enable = false;

  106.           organization = lib.mkDefault cfg.organization;

  107.           extension = lib.mkDefault cfg.extension;

  108.           domain = lib.mkDefault cfg.domain;

  109.           urlList = lib.mkDefault [ "ldap:///" "ldapi:///" ];

  110.           adminPasswordFile = lib.mkDefault "/run/secrets/openldap/admin";

  111.           services = {

  112.             nextcloud = {

  113.               uid = lib.mkDefault "nextcloud";

  114.               passwordFile = lib.mkDefault "/run/secrets/openldap/nextcloud";

  115.             };

  116.             mail = {

  117.               uid = lib.mkDefault "mail";

  118.               passwordFile = lib.mkDefault "/run/secrets/openldap/mail";

  119.             };

  120.             gitea = {

  121.               uid = lib.mkDefault "gitea";

  122.               passwordFile = lib.mkDefault "/run/secrets/openldap/gitea";

  123.             };

  124.             hauk = {

  125.               uid = lib.mkDefault "hauk";

  126.               passwordFile = lib.mkDefault "/run/secrets/openldap/hauk";

  127.             };

  128.           };

  129.         };

  130. 

  131.         # Nginx

  132.         nginx = {

  133.           enable = lib.mkDefault true;

  134.         };

  135. 

  136.         # Nextcloud

  137.         nextcloud = {

  138.           enable = lib.mkDefault true;

  139.           adminPasswordFile = lib.mkDefault "/run/secrets/nextcloud/admin";

  140.           domain = lib.mkDefault cfg.domain;

  141.           hostName = lib.mkDefault "nextcloud";

  142.           port = lib.mkDefault 8080;

  143.         };

  144. 

  145.         mail = {

  146.           enable = lib.mkDefault true;

  147.           domain = lib.mkDefault cfg.domain;

  148.           fqdn = lib.mkDefault "mail.${cfg.domain}";

  149.         };

  150. 

  151.         gitea = {

  152.           enable = lib.mkDefault true;

  153.           hostName = lib.mkDefault "gitea";

  154.           sshPort = lib.mkDefault 2022;

  155.           httpPort = lib.mkDefault 2080;

  156.         };

  157. 

  158.         # TODO: OpenLDAP

  159.         immich = {

  160.           enable = lib.mkDefault false;

  161.           hostName = lib.mkDefault "immich";

  162.           port = lib.mkDefault 543;

  163.         };

  164.       };

  165.     };

  166. 

  167.     nixosModules.default = self.nixosModules.ogc;

  168.   };

  169. }