aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/acme/default.nix9
-rw-r--r--modules/default.nix1
-rw-r--r--modules/powerdns/default.nix69
-rw-r--r--modules/tlmp/default.nix21
4 files changed, 96 insertions, 4 deletions
diff --git a/modules/acme/default.nix b/modules/acme/default.nix
index 91f6aa0..0556710 100644
--- a/modules/acme/default.nix
+++ b/modules/acme/default.nix
@@ -9,4 +9,13 @@
credentialsFile = "/etc/secrets/pdns_api.env";
};
};
+
+ secrets = {
+ pdnsAPI = {
+ source = ../../secrets/pdns/pdns_api.env;
+ dest = "/etc/secrets/pdns_api.env";
+ };
+ };
+
+ users.users.nginx.extraGroups = [ "acme" ];
}
diff --git a/modules/default.nix b/modules/default.nix
index 0bd0349..6912276 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -17,4 +17,5 @@
postgresql = import ./postgresql;
quassel = import ./quassel;
powerdns = import ./powerdns;
+ tlmp = import ./tlmp;
}
diff --git a/modules/powerdns/default.nix b/modules/powerdns/default.nix
index cca6a03..d110875 100644
--- a/modules/powerdns/default.nix
+++ b/modules/powerdns/default.nix
@@ -64,11 +64,72 @@ in
secretFile = "/etc/secrets/pdns_api.env";
};
- secrets = {
- pdnsAPI = {
- source = ../../secrets/pdns/pdns_api.env;
- dest = "/etc/secrets/pdns_api.env";
+ services.powerdns-admin = {
+ enable = true;
+ secretKeyFile = "/var/lib/pdns/secret.key";
+ saltFile = "/var/lib/pdns/salt";
+ extraArgs = [ "-b" "10.10.0.1:8000" ];
+ config = ''
+ SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql'
+ # SAML_ENABLED = True
+ # SAML_DEBUG = True
+ # SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/'
+ # SAML_METADATA_CACHE_LIFETIME = 1
+ # SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/'
+ # SAML_SP_ENTITY_ID = 'pdns-admin'
+ # SAML_SP_CONTACT_NAME = 'me'
+ # SAML_SP_CONTACT_MAIL = 'me'
+ # SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
+ # SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username'
+ # SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
+ # SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
+ # SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group'
+ # SAML_GROUP_ADMIN_NAME = 'admin'
+ # SAML_SIGN_REQUEST = False
+ # SAML_ASSERTION_ENCRYPTED = False
+ # SAML_WANT_MESSAGE_SIGNED = False
+ # SAML_CERT = '/var/lib/pdns/saml.crt'
+ '';
+ };
+
+ security.acme.certs = {
+ "vapor.systems" = {
+ extraDomainNames = [ "*.vapor.systems" ];
};
};
+
+ services.nginx = {
+ enable = true;
+ defaultListenAddresses = [ "178.63.224.13" ];
+ virtualHosts."ns.vapor.systems" = {
+ addSSL = true;
+ useACMEHost = "vapor.systems";
+ locations."/" = {
+ proxyPass = "http://10.10.0.1:8000";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+ };
+
+ systemd.services.powerdns-admin.serviceConfig = {
+ BindPaths = [ "/run/postgresql" ];
+ };
+
+ services.postgresql = {
+ ensureDatabases = [ "pdns" ];
+ ensureUsers = [
+ {
+ name = "pdns";
+ ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
+ }
+ {
+ name = "powerdnsadmin";
+ ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
+ }
+ ];
+ };
};
}
diff --git a/modules/tlmp/default.nix b/modules/tlmp/default.nix
new file mode 100644
index 0000000..16f9ff5
--- /dev/null
+++ b/modules/tlmp/default.nix
@@ -0,0 +1,21 @@
+{ self, config, lib, pkgs, ... }:
+
+with self.lib.nginx;
+{
+ security.acme.certs = {
+ "media.cocaine.farm" = {
+ extraDomainNames = [ "*.media.cocaine.farm" ];
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "media.cocaine.farm" = (proxyDomain "media.cocaine.farm" "http://10.101.94.10:80");
+ "sonarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://10.101.73.6:80";
+ "radarr.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://10.101.22.234:80";
+ "jackett.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://10.101.20.23:80";
+ # "torrent.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://10.101.73.6:80";
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-15 11:18:02 +0000
2021-10-20add async docs to macro crate and bump versionMax Audron-9/+10 2021-10-20change hook errors to be logged as warningsMax Audron-3/+3 they in nearly all cases aren't critical enough to warrant an actual error messages 2021-10-20fix configuration not loading correctly on release buildsMax Audron-8/+23 2021-10-19replace sedregex crate8-rework-sedMax Audron-20/+358 This replaces the sedregex crate with our own implementation for multiple reasons: 1. We required to access the parsed regex, this required a patch to the sedregex crate which did not get merged due to an inactive dev, blocking us from publishing on crates.Io 2. We wanted to highlight the changes done in bold 3. We want to add execution of multiple chained sed commands in the future which would require more modification 2021-10-19add formatting trait for irc codesMax Audron-0/+129 add an impl off the formatting trait on String to format Strings with the typical irc formatting codes for bold, italic etc 2021-10-17fix links in readmeMax Audron-2/+2