Grimmauld/grimm-nix-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Grimmauld:6c537bb6641be4ee03498b7e2b6f6f2e9d9ea215
Branches Tags
Grimmauld:main
Grimmauld:security_patching
Grimmauld:grafana
Grimmauld:config_split
Grimmauld:matrix_testing
...
compare: Grimmauld:c3a7c463fe2327c172e6c7185ec199b9f08b97f5
Branches Tags
Grimmauld:main
Grimmauld:security_patching
Grimmauld:grafana
Grimmauld:config_split
Grimmauld:matrix_testing

4 Commits
6c537bb664 ... c3a7c463fe

Author SHA1 Message Date
Grimmauld
c3a7c463fe cli utils to interact with artisan 2024-01-30 22:09:45 +01:00
Grimmauld
24b26bf4a3 secure database 2024-01-30 22:00:49 +01:00
Grimmauld
30bdaa6e9f ITS ALIVE 2024-01-30 21:30:49 +01:00
Grimmauld
4c950c9577 ptero docker with borked networking 2024-01-30 18:43:58 +01:00
7 changed files with 144 additions and 12 deletions
Show Stats Expand all files Collapse all files

1
configuration.nix
View File

@ -56,6 +56,7 @@ in {
(writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@") (writeShellScriptBin "pufferpanel-nix" "pufferpanel --workDir /var/lib/pufferpanel $@")
(writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@") (writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
(writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@") (writeShellScriptBin "silent-add" "git add --intent-to-add $@ ; git update-index --assume-unchanged $@")
(writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@")
]; ];
environment.sessionVariables = { environment.sessionVariables = {

12
flake.lock
View File

@ -202,11 +202,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1706098335, "lastModified": 1706373441,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=", "narHash": "sha256-S1hbgNbVYhuY2L05OANWqmRzj4cElcbLuIkXTb69xkk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651", "rev": "56911ef3403a9318b7621ce745f5452fb9ef6867",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -233,11 +233,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1706191920, "lastModified": 1706371002,
"narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=", "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ae5c332cbb5827f6b1f02572496b141021de335f", "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View File

@ -41,6 +41,7 @@
./modules/discord-matrix-bridge.nix ./modules/discord-matrix-bridge.nix
./modules/mastodon.nix ./modules/mastodon.nix
./modules/folding.nix ./modules/folding.nix
./modules/ptero.nix
agenix.nixosModules.default agenix.nixosModules.default
nixos-mailserver.nixosModules.default nixos-mailserver.nixosModules.default
nixos-matrix-modules.nixosModules.default nixos-matrix-modules.nixosModules.default

11
modules/nextcloud.nix
View File

@ -55,20 +55,19 @@ in {
dbhost= "localhost:${builtins.toString config.services.postgresql.port}"; dbhost= "localhost:${builtins.toString config.services.postgresql.port}";
dbtype = "pgsql"; dbtype = "pgsql";
}; };
extraOptions = { settings = {
overwriteProtocol = "https"; overwriteProtocol = "https";
defaultPhoneRegion = "DE"; defaultPhoneRegion = "DE";
};
phpOptions = {
"opcache.interned_strings_buffer" = "12";
};
extraOptions = {
filelocking.enabled = true; filelocking.enabled = true;
redis = { redis = {
host = "localhost"; host = "localhost";
port = 6379; port = 6379;
timeout = 0.0; timeout = 0.0;
}; };
};
phpOptions = {
"opcache.interned_strings_buffer" = "12";
}; };
}; };

130
modules/ptero.nix Normal file
View File

@ -0,0 +1,130 @@
{config, pkgs, ...}: let
root_host = "grimmauld.de";
root_email = "contact@${root_host}";
ptero_host = "ptero.${root_host}";
DATA_DIR = "/var/lib/pterodactylpanel";
panel_user = "pterodactyl";
local_bridge = "ptero-local-br";
ptero_ver = "1.11.5";
ptero_port = "8042";
in {
users.users.${panel_user} = {
isSystemUser = true;
extraGroups = ["docker"];
group = panel_user;
};
users.groups.${panel_user} = {};
age.secrets.ptero_env = {
file = ../secrets/ptero_env.age;
};
systemd.services.init-ptero-data-dir = {
description = "Create the pterodactyl panel data dir";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =''
mkdir -p ${DATA_DIR}/database
mkdir -p ${DATA_DIR}/cache
mkdir -p ${DATA_DIR}/panel/var
mkdir -p ${DATA_DIR}/panel/logs
mkdir -p ${DATA_DIR}/panel/nginx
chown ${panel_user}:${panel_user} -R ${DATA_DIR}
chmod +777 -R ${DATA_DIR}
'';
};
virtualisation.oci-containers.backend = "podman";
systemd.services.init-ptero-local-network = {
description = "Create the network bridge ${local_bridge} for ptero.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = let podmancli = "${config.virtualisation.podman.package}/bin/podman";
in ''
check=$(${podmancli} pod ls | grep "ptero" || true)
if [ -z "$check" ]; then
${podmancli} pod create -p "${ptero_port}:80" ptero
else
echo "ptero pod already exists"
fi
'';
};
virtualisation.oci-containers.containers."ptero-mysql" = {
image = "library/mysql:8.0";
workdir = "${DATA_DIR}/database";
extraOptions = [ "--pod=ptero" ];
environment = {
"MYSQL_USER" = "pterodactyl";
"MYSQL_DATABASE" = "panel";
};
environmentFiles = [ config.age.secrets.ptero_env.path ];
volumes = ["${DATA_DIR}/database:/var/lib/mysql" "${DATA_DIR}/database:${DATA_DIR}/database"];
cmd=["--default-authentication-plugin=mysql_native_password"];
};
virtualisation.oci-containers.containers."ptero-cache" = {
image = "redis:alpine";
workdir = "${DATA_DIR}/cache";
volumes = ["${DATA_DIR}/cache:${DATA_DIR}/cache"];
extraOptions = [ "--pod=ptero" ];
};
virtualisation.oci-containers.containers."ptero-panel" = {
image = "ghcr.io/pterodactyl/panel:v${ptero_ver}";
volumes = [
"${DATA_DIR}/panel/var/:/app/var/"
"${DATA_DIR}/panel/logs/:/app/storage/logs"
"${DATA_DIR}/panel/nginx/:/etc/nginx/conf.d/"
];
extraOptions = [ "--pod=ptero" ];
environment = {
"APP_URL" = "https://${ptero_host}";
"APP_TIMEZONE" = "Europe/Berlin";
"APP_SERVICE_AUTHOR" = root_email;
"MAIL_FROM" = "noreply@${root_host}";
"MAIL_DRIVER" = "smtp";
"MAIL_HOST" = "mail";
"MAIL_PORT" = "25";
"MAIL_USERNAME" = "";
"MAIL_PASSWORD" = "";
"MAIL_ENCRYPTION" = "true";
"APP_ENV"= "production";
"APP_ENVIRONMENT_ONLY"= "false";
"CACHE_DRIVER" = "redis";
"SESSION_DRIVER" = "redis";
"QUEUE_DRIVER" = "redis";
"REDIS_HOST" = "127.0.0.1";
"DB_HOST" = "127.0.0.1";
"TRUSTED_PROXIES" = "*";
};
labels = {
"traefik.http.routers.pterodactyl_panel.entrypoints"="web";
};
environmentFiles = [ config.age.secrets.ptero_env.path ];
};
security.acme.certs."${root_host}".extraDomainNames = [ ptero_host ];
services.nginx = {
enable = true;
virtualHosts."${ptero_host}" = {
serverName = ptero_host;
forceSSL = true;
useACMEHost = root_host;
locations."/" = {
proxyPass = "http://127.0.0.1:${ptero_port}";
};
};
};
environment.systemPackages = with pkgs; [
(writeShellScriptBin "ptero-nix" "${config.virtualisation.podman.package}/bin/podman exec -it ptero-panel php artisan $@")
];
}

BIN
secrets/ptero_env.age Normal file
View File

Binary file not shown.

1
secrets/secrets.nix
View File

@ -14,4 +14,5 @@ in
"matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ]; "matrix_mjolnir_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ]; "matrix_mjolnir_tle_pass.age".publicKeys = [ contabo_nix_pub ];
"matrix_discord_bridge_token.age".publicKeys = [ contabo_nix_pub ]; "matrix_discord_bridge_token.age".publicKeys = [ contabo_nix_pub ];
"ptero_env.age".publicKeys = [ contabo_nix_pub ];
} }