This commit is contained in:
parent
3dfe40e4e2
commit
2c16870d66
53 changed files with 1671 additions and 1559 deletions
|
@ -1,8 +1,5 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
{ config, lib, pkgs, ... }: {
|
||||||
imports = [
|
imports = [ ./users ./modules ];
|
||||||
./users
|
|
||||||
./modules
|
|
||||||
];
|
|
||||||
|
|
||||||
# Clean /tmp on boot.
|
# Clean /tmp on boot.
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
|
|
|
@ -2,7 +2,11 @@ _: {
|
||||||
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
|
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
|
||||||
|
|
||||||
# Supress systemd services that don't work (correctly) on LXC
|
# Supress systemd services that don't work (correctly) on LXC
|
||||||
systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ];
|
systemd.suppressedSystemUnits = [
|
||||||
|
"dev-mqueue.mount"
|
||||||
|
"sys-kernel-debug.mount"
|
||||||
|
"sys-fs-fuse-connections.mount"
|
||||||
|
];
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764
|
# https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764
|
||||||
boot.specialFileSystems."/run".options = [ "rshared" ];
|
boot.specialFileSystems."/run".options = [ "rshared" ];
|
||||||
|
|
|
@ -2,9 +2,7 @@
|
||||||
with lib;
|
with lib;
|
||||||
let cfg = config.themes.v.catppuccin;
|
let cfg = config.themes.v.catppuccin;
|
||||||
in {
|
in {
|
||||||
options.themes.v.catppuccin = {
|
options.themes.v.catppuccin = { enable = mkEnableOption "catppuccin"; };
|
||||||
enable = mkEnableOption "catppuccin";
|
|
||||||
};
|
|
||||||
config = let
|
config = let
|
||||||
theme = "Catppuccin-Pink-Dark";
|
theme = "Catppuccin-Pink-Dark";
|
||||||
cursorTheme = config.home.pointerCursor.name;
|
cursorTheme = config.home.pointerCursor.name;
|
||||||
|
|
|
@ -1,8 +1 @@
|
||||||
{ ... }: {
|
{ ... }: { imports = [ ./catppuccin.nix ./nvim.nix ./riff.nix ./vscode.nix ]; }
|
||||||
imports = [
|
|
||||||
./catppuccin.nix
|
|
||||||
./nvim.nix
|
|
||||||
./riff.nix
|
|
||||||
./vscode.nix
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
|
@ -2,9 +2,7 @@
|
||||||
with lib;
|
with lib;
|
||||||
let cfg = config.programs.v.nvim;
|
let cfg = config.programs.v.nvim;
|
||||||
in {
|
in {
|
||||||
options.programs.v.nvim = {
|
options.programs.v.nvim = { enable = mkEnableOption "nvim"; };
|
||||||
enable = mkEnableOption "nvim";
|
|
||||||
};
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
programs.nixvim = {
|
programs.nixvim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,9 +1,3 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
imports = [
|
imports = [ ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ];
|
||||||
./dns.nix
|
|
||||||
./flood.nix
|
|
||||||
./gnome
|
|
||||||
./unpackerr.nix
|
|
||||||
./vault.nix
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,13 +9,13 @@ let
|
||||||
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
|
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
|
||||||
|
|
||||||
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
|
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
|
||||||
local6Data = { hostname, realm, ip6, ... }: ''"${hostname}.${realm}. AAAA ${ip6}"'';
|
local6Data = { hostname, realm, ip6, ... }:
|
||||||
|
''"${hostname}.${realm}. AAAA ${ip6}"'';
|
||||||
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
|
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
|
||||||
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
|
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
|
||||||
|
|
||||||
cfg = config.services.v.dns;
|
cfg = config.services.v.dns;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.services.v.dns = {
|
options.services.v.dns = {
|
||||||
enable = mkEnableOption "v.dns";
|
enable = mkEnableOption "v.dns";
|
||||||
|
|
||||||
|
@ -50,7 +50,8 @@ in
|
||||||
use-syslog = "yes";
|
use-syslog = "yes";
|
||||||
module-config = ''"validator iterator"'';
|
module-config = ''"validator iterator"'';
|
||||||
|
|
||||||
local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
|
local-zone =
|
||||||
|
map (localdomain: ''"${localdomain}}." transparent'') domains;
|
||||||
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
|
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
|
||||||
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
|
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
|
||||||
|
|
||||||
|
@ -83,10 +84,7 @@ in
|
||||||
})
|
})
|
||||||
(mkIf (cfg.mode == "laptop") {
|
(mkIf (cfg.mode == "laptop") {
|
||||||
interface = [ "127.0.0.1" "::1" ];
|
interface = [ "127.0.0.1" "::1" ];
|
||||||
access-control = [
|
access-control = [ "127.0.0.1/32 allow_snoop" "::1 allow_snoop" ];
|
||||||
"127.0.0.1/32 allow_snoop"
|
|
||||||
"::1 allow_snoop"
|
|
||||||
];
|
|
||||||
})
|
})
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
@ -147,6 +147,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# This is needed to create the dataDir with the correct permissions.
|
# This is needed to create the dataDir with the correct permissions.
|
||||||
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
|
systemd.tmpfiles.rules =
|
||||||
|
[ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,8 +48,6 @@ in {
|
||||||
"image/x-icns" = "org.gnome.eog.desktop";
|
"image/x-icns" = "org.gnome.eog.desktop";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
dconf.settings = {
|
dconf.settings = {
|
||||||
"org/gnome/desktop/input-sources" = {
|
"org/gnome/desktop/input-sources" = {
|
||||||
sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ];
|
sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ];
|
||||||
|
|
|
@ -57,8 +57,7 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options.services.unpackerr = {
|
options.services.unpackerr = {
|
||||||
enable = mkEnableOption "unpackerr";
|
enable = mkEnableOption "unpackerr";
|
||||||
|
|
||||||
|
@ -258,62 +257,61 @@ in
|
||||||
after = [ "network.target" ];
|
after = [ "network.target" ];
|
||||||
description = "unpackerr system service";
|
description = "unpackerr system service";
|
||||||
# Filter out all unset variables else unpackerr complains
|
# Filter out all unset variables else unpackerr complains
|
||||||
environment = filterAttrs (_n: v: stringLength v > 0)
|
environment = filterAttrs (_n: v: stringLength v > 0) {
|
||||||
{
|
# General options
|
||||||
# General options
|
UN_DEBUG = "${toString cfg.debug}";
|
||||||
UN_DEBUG = "${toString cfg.debug}";
|
UN_INTERVAL = "${cfg.interval}";
|
||||||
UN_INTERVAL = "${cfg.interval}";
|
UN_START_DELAY = "${cfg.startDelay}";
|
||||||
UN_START_DELAY = "${cfg.startDelay}";
|
UN_RETRY_DELAY = "${cfg.retryDelay}";
|
||||||
UN_RETRY_DELAY = "${cfg.retryDelay}";
|
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
|
||||||
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
|
UN_PARALLEL = "${toString cfg.parallel}";
|
||||||
UN_PARALLEL = "${toString cfg.parallel}";
|
UN_FILE_MODE = "${cfg.fileMode}";
|
||||||
UN_FILE_MODE = "${cfg.fileMode}";
|
UN_DIR_MODE = "${cfg.dirMode}";
|
||||||
UN_DIR_MODE = "${cfg.dirMode}";
|
|
||||||
|
|
||||||
# Sonarr
|
# Sonarr
|
||||||
UN_SONARR_0_URL = "${cfg.sonarr.url}";
|
UN_SONARR_0_URL = "${cfg.sonarr.url}";
|
||||||
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
|
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
|
||||||
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
|
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
|
||||||
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
|
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
|
||||||
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
|
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
|
||||||
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
|
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
|
||||||
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
|
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
|
||||||
|
|
||||||
# Radarr
|
# Radarr
|
||||||
UN_RADARR_0_URL = "${cfg.radarr.url}";
|
UN_RADARR_0_URL = "${cfg.radarr.url}";
|
||||||
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
|
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
|
||||||
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
|
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
|
||||||
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
|
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
|
||||||
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
|
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
|
||||||
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
|
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
|
||||||
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
|
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
|
||||||
|
|
||||||
# Lidarr
|
# Lidarr
|
||||||
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
|
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
|
||||||
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
|
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
|
||||||
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
|
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
|
||||||
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
|
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
|
||||||
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
|
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
|
||||||
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
|
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
|
||||||
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
|
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
|
||||||
|
|
||||||
# Readarr
|
# Readarr
|
||||||
UN_READARR_0_URL = "${cfg.readarr.url}";
|
UN_READARR_0_URL = "${cfg.readarr.url}";
|
||||||
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
|
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
|
||||||
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
|
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
|
||||||
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
|
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
|
||||||
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
|
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
|
||||||
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
|
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
|
||||||
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
|
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
|
||||||
|
|
||||||
# Folder
|
# Folder
|
||||||
UN_FOLDER_0_PATH = "${cfg.folder.path}";
|
UN_FOLDER_0_PATH = "${cfg.folder.path}";
|
||||||
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
|
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
|
||||||
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
|
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
|
||||||
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
|
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
|
||||||
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
|
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
|
||||||
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
|
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
|
||||||
} // cfg.extraConfig;
|
} // cfg.extraConfig;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
|
|
|
@ -1,9 +1,5 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }: {
|
||||||
{
|
imports = [ ./laura.nix ./victor.nix ];
|
||||||
imports = [
|
|
||||||
./laura.nix
|
|
||||||
./victor.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Setup ZSH to use grml config
|
# Setup ZSH to use grml config
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
|
@ -35,7 +31,8 @@
|
||||||
# Configure the root account
|
# Configure the root account
|
||||||
users.extraUsers.root = {
|
users.extraUsers.root = {
|
||||||
# Allow my SSH keys for logging in as root.
|
# Allow my SSH keys for logging in as root.
|
||||||
openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys =
|
||||||
|
config.users.extraUsers.victor.openssh.authorizedKeys.keys;
|
||||||
# Also use zsh for root
|
# Also use zsh for root
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
# The block that specifies my user account.
|
# The block that specifies my user account.
|
||||||
users.extraUsers.victor = {
|
users.extraUsers.victor = {
|
||||||
# This account is intended for a non-system user.
|
# This account is intended for a non-system user.
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -18,6 +18,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# Make me admin
|
# Make me admin
|
||||||
extraGroups = [ "systemd-journal" "wheel" "networkmanager" "libvirtd" "dialout" ];
|
extraGroups =
|
||||||
|
[ "systemd-journal" "wheel" "networkmanager" "libvirtd" "dialout" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }: {
|
||||||
{
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
# mosh ssh
|
# mosh ssh
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
_:
|
_: {
|
||||||
{
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }: {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -1,17 +1,19 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let vs = config.vault-secrets.secrets; in
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
# the registry port and metrics port
|
# the registry port and metrics port
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ config.services.dockerRegistry.port 5001 ];
|
||||||
|
|
||||||
vault-secrets.secrets.docker-registry = { };
|
vault-secrets.secrets.docker-registry = { };
|
||||||
|
|
||||||
# Sets the minio user and password
|
# Sets the minio user and password
|
||||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
|
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
|
||||||
|
"${vs.docker-registry}/environment";
|
||||||
|
|
||||||
services.dockerRegistry = {
|
services.dockerRegistry = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,17 +1,19 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let vs = config.vault-secrets.secrets; in
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
# the registry port and metrics port
|
# the registry port and metrics port
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ config.services.dockerRegistry.port 5001 ];
|
||||||
|
|
||||||
vault-secrets.secrets.docker-registry = { };
|
vault-secrets.secrets.docker-registry = { };
|
||||||
|
|
||||||
# Sets the minio user and password
|
# Sets the minio user and password
|
||||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
|
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
|
||||||
|
"${vs.docker-registry}/environment";
|
||||||
|
|
||||||
services.dockerRegistry = {
|
services.dockerRegistry = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -34,15 +36,13 @@ let vs = config.vault-secrets.secrets; in
|
||||||
http.debug.prometheus.enabled = true;
|
http.debug.prometheus.enabled = true;
|
||||||
|
|
||||||
# Webhooks
|
# Webhooks
|
||||||
notifications.endpoints = [
|
notifications.endpoints = [{
|
||||||
{
|
name = "keel";
|
||||||
name = "keel";
|
url = "http://10.10.10.17:9300/v1/webhooks/registry";
|
||||||
url = "http://10.10.10.17:9300/v1/webhooks/registry";
|
timeout = "500ms";
|
||||||
timeout = "500ms";
|
treshold = 5;
|
||||||
treshold = 5;
|
backoff = "1s";
|
||||||
backoff = "1s";
|
}];
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
_:
|
_: {
|
||||||
{
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
|
|
@ -4,24 +4,30 @@
|
||||||
{ lib, modulesPath, ... }:
|
{ lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules = [
|
||||||
|
"uhci_hcd"
|
||||||
|
"ehci_pci"
|
||||||
|
"ahci"
|
||||||
|
"virtio_pci"
|
||||||
|
"virtio_scsi"
|
||||||
|
"sd_mod"
|
||||||
|
"sr_mod"
|
||||||
|
];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
|
device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" = {
|
||||||
{ device = "/dev/disk/by-uuid/D021-72EB";
|
device = "/dev/disk/by-uuid/D021-72EB";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let vs = config.vault-secrets.secrets;
|
||||||
vs = config.vault-secrets.secrets;
|
|
||||||
in {
|
in {
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,6 @@ in {
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.preliminarySelfsigned = true;
|
security.acme.preliminarySelfsigned = true;
|
||||||
|
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
|
@ -31,9 +31,7 @@
|
||||||
# LOG_LEVEL = "debug";
|
# LOG_LEVEL = "debug";
|
||||||
TZ = "Europe/Amsterdam";
|
TZ = "Europe/Amsterdam";
|
||||||
};
|
};
|
||||||
ports = [
|
ports = [ "5055:5055" ];
|
||||||
"5055:5055"
|
|
||||||
];
|
|
||||||
volumes = [ "/var/lib/overseerr/config:/app/config" ];
|
volumes = [ "/var/lib/overseerr/config:/app/config" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
_:
|
_: {
|
||||||
{
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
|
@ -15,9 +14,7 @@ _:
|
||||||
containers = {
|
containers = {
|
||||||
flaresolverr = {
|
flaresolverr = {
|
||||||
image = "flaresolverr/flaresolverr:v3.1.2";
|
image = "flaresolverr/flaresolverr:v3.1.2";
|
||||||
ports = [
|
ports = [ "8191:8191" ];
|
||||||
"8191:8191"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,116 +1,115 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }: {
|
||||||
{
|
|
||||||
services.rtorrent = {
|
services.rtorrent = {
|
||||||
enable = true;
|
enable = true;
|
||||||
port = 54945; # Port Forwarded in mullvad
|
port = 54945; # Port Forwarded in mullvad
|
||||||
downloadDir = "/mnt/storage/torrents/r";
|
downloadDir = "/mnt/storage/torrents/r";
|
||||||
package = pkgs.jesec-rtorrent;
|
package = pkgs.jesec-rtorrent;
|
||||||
configText = let cfg = config.services.rtorrent; in
|
configText = let cfg = config.services.rtorrent;
|
||||||
pkgs.lib.mkForce ''
|
in pkgs.lib.mkForce ''
|
||||||
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
|
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
|
||||||
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
|
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
|
||||||
|
|
||||||
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
|
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
|
||||||
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
|
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
|
||||||
|
|
||||||
# RPC Socket
|
# RPC Socket
|
||||||
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
|
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
|
||||||
|
|
||||||
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
|
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
|
||||||
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
|
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
|
||||||
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
|
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
|
||||||
|
|
||||||
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
|
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
|
||||||
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
|
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
|
||||||
|
|
||||||
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
|
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
|
||||||
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
|
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
|
||||||
|
|
||||||
# Create directories
|
# Create directories
|
||||||
fs.mkdir.recursive = (cat,(cfg.basedir))
|
fs.mkdir.recursive = (cat,(cfg.basedir))
|
||||||
|
|
||||||
fs.mkdir = (cat,(cfg.download))
|
fs.mkdir = (cat,(cfg.download))
|
||||||
fs.mkdir = (cat,(cfg.logs))
|
fs.mkdir = (cat,(cfg.logs))
|
||||||
fs.mkdir = (cat,(cfg.session))
|
fs.mkdir = (cat,(cfg.session))
|
||||||
|
|
||||||
fs.mkdir = (cat,(cfg.watch))
|
fs.mkdir = (cat,(cfg.watch))
|
||||||
fs.mkdir = (cat,(cfg.watch),"/load")
|
fs.mkdir = (cat,(cfg.watch),"/load")
|
||||||
fs.mkdir = (cat,(cfg.watch),"/start")
|
fs.mkdir = (cat,(cfg.watch),"/start")
|
||||||
|
|
||||||
# Drop to "$(cfg.watch)/load" to add torrent
|
# Drop to "$(cfg.watch)/load" to add torrent
|
||||||
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
|
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
|
||||||
|
|
||||||
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
|
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
|
||||||
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
|
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
|
||||||
|
|
||||||
# Listening port for incoming peer traffic
|
# Listening port for incoming peer traffic
|
||||||
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
|
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
|
||||||
network.port_random.set = no
|
network.port_random.set = no
|
||||||
|
|
||||||
# Distributed Hash Table and Peer EXchange
|
# Distributed Hash Table and Peer EXchange
|
||||||
dht.mode.set = disable
|
dht.mode.set = disable
|
||||||
dht.port.set = 6881
|
dht.port.set = 6881
|
||||||
protocol.pex.set = yes
|
protocol.pex.set = yes
|
||||||
|
|
||||||
# UDP tracker support
|
# UDP tracker support
|
||||||
trackers.use_udp.set = yes
|
trackers.use_udp.set = yes
|
||||||
|
|
||||||
# Peer settings
|
# Peer settings
|
||||||
throttle.max_uploads.set = 100
|
throttle.max_uploads.set = 100
|
||||||
throttle.max_uploads.global.set = 250
|
throttle.max_uploads.global.set = 250
|
||||||
throttle.min_peers.normal.set = 20
|
throttle.min_peers.normal.set = 20
|
||||||
throttle.max_peers.normal.set = 60
|
throttle.max_peers.normal.set = 60
|
||||||
throttle.min_peers.seed.set = 30
|
throttle.min_peers.seed.set = 30
|
||||||
throttle.max_peers.seed.set = 80
|
throttle.max_peers.seed.set = 80
|
||||||
trackers.numwant.set = 80
|
trackers.numwant.set = 80
|
||||||
|
|
||||||
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
|
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
|
||||||
|
|
||||||
# Limits for file handle resources, this is optimized for
|
# Limits for file handle resources, this is optimized for
|
||||||
# an `ulimit` of 1024 (a common default). You MUST leave
|
# an `ulimit` of 1024 (a common default). You MUST leave
|
||||||
# a ceiling of handles reserved for rTorrent's internal needs!
|
# a ceiling of handles reserved for rTorrent's internal needs!
|
||||||
network.max_open_files.set = 600
|
network.max_open_files.set = 600
|
||||||
network.max_open_sockets.set = 300
|
network.max_open_sockets.set = 300
|
||||||
|
|
||||||
# Memory resource usage (increase if you have a large number of items loaded,
|
# Memory resource usage (increase if you have a large number of items loaded,
|
||||||
# and/or the available resources to spend)
|
# and/or the available resources to spend)
|
||||||
pieces.memory.max.set = 1800M
|
pieces.memory.max.set = 1800M
|
||||||
network.xmlrpc.size_limit.set = 32M
|
network.xmlrpc.size_limit.set = 32M
|
||||||
|
|
||||||
# Basic operational settings
|
# Basic operational settings
|
||||||
session.path.set = (cat, (cfg.session))
|
session.path.set = (cat, (cfg.session))
|
||||||
directory.default.set = (cat, (cfg.download))
|
directory.default.set = (cat, (cfg.download))
|
||||||
log.execute = (cat, (cfg.logs), "execute.log")
|
log.execute = (cat, (cfg.logs), "execute.log")
|
||||||
|
|
||||||
# Other operational settings
|
# Other operational settings
|
||||||
encoding.add = utf8
|
encoding.add = utf8
|
||||||
system.umask.set = 0027
|
system.umask.set = 0027
|
||||||
system.cwd.set = (directory.default)
|
system.cwd.set = (directory.default)
|
||||||
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
|
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
|
||||||
#pieces.hash.on_completion.set = no
|
#pieces.hash.on_completion.set = no
|
||||||
|
|
||||||
# HTTP and SSL
|
# HTTP and SSL
|
||||||
network.http.max_open.set = 50
|
network.http.max_open.set = 50
|
||||||
network.http.dns_cache_timeout.set = 25
|
network.http.dns_cache_timeout.set = 25
|
||||||
|
|
||||||
#network.http.ssl_verify_peer.set = 1
|
#network.http.ssl_verify_peer.set = 1
|
||||||
#network.http.ssl_verify_host.set = 1
|
#network.http.ssl_verify_host.set = 1
|
||||||
|
|
||||||
# Run the rTorrent process as a daemon in the background
|
# Run the rTorrent process as a daemon in the background
|
||||||
system.daemon.set = true
|
system.daemon.set = true
|
||||||
|
|
||||||
# XML-RPC interface
|
# XML-RPC interface
|
||||||
network.scgi.open_local = (cat,(cfg.rpcsock))
|
network.scgi.open_local = (cat,(cfg.rpcsock))
|
||||||
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
|
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
|
||||||
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
|
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
|
||||||
|
|
||||||
# Logging:
|
# Logging:
|
||||||
# Levels = critical error warn notice info debug
|
# Levels = critical error warn notice info debug
|
||||||
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
|
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
|
||||||
print = (cat, "Logging to ", (cfg.logfile))
|
print = (cat, "Logging to ", (cfg.logfile))
|
||||||
log.open_file = "log", (cfg.logfile)
|
log.open_file = "log", (cfg.logfile)
|
||||||
log.add_output = "debug", "log"
|
log.add_output = "debug", "log"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
_:
|
_: {
|
||||||
{
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }: {
|
||||||
{
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let vs = config.vault-secrets.secrets;
|
let vs = config.vault-secrets.secrets;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
fileSystems."/mnt/storage" = {
|
fileSystems."/mnt/storage" = {
|
||||||
|
|
|
@ -6,7 +6,8 @@
|
||||||
{
|
{
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
@ -16,6 +17,7 @@
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
|
swapDevices =
|
||||||
|
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }: {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -3,10 +3,8 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ lib, config, pkgs, ... }:
|
{ lib, config, pkgs, ... }:
|
||||||
let
|
let vs = config.vault-secrets.secrets;
|
||||||
vs = config.vault-secrets.secrets;
|
in {
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -22,7 +20,8 @@ in
|
||||||
|
|
||||||
environment.noXlibs = lib.mkForce false;
|
environment.noXlibs = lib.mkForce false;
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.gitea.settings.server.HTTP_PORT ];
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ config.services.gitea.settings.server.HTTP_PORT ];
|
||||||
|
|
||||||
services.openssh.startWhenNeeded = false;
|
services.openssh.startWhenNeeded = false;
|
||||||
|
|
||||||
|
@ -37,10 +36,8 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
system.activationScripts.gitea-theme =
|
system.activationScripts.gitea-theme =
|
||||||
let
|
let target_dir = "${config.services.gitea.stateDir}/custom/public/css/";
|
||||||
target_dir = "${config.services.gitea.stateDir}/custom/public/css/";
|
in lib.stringAfter [ "var" ] ''
|
||||||
in
|
|
||||||
lib.stringAfter [ "var" ] ''
|
|
||||||
mkdir -p ${target_dir}
|
mkdir -p ${target_dir}
|
||||||
ln -sf ${pkgs.v.gitea-agatheme} "${target_dir}/theme-agatheme.css"
|
ln -sf ${pkgs.v.gitea-agatheme} "${target_dir}/theme-agatheme.css"
|
||||||
'';
|
'';
|
||||||
|
@ -54,9 +51,7 @@ in
|
||||||
mailerPasswordFile = "${vs.gitea}/mailPassword";
|
mailerPasswordFile = "${vs.gitea}/mailPassword";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
actions = {
|
actions = { "ENABLED" = true; };
|
||||||
"ENABLED" = true;
|
|
||||||
};
|
|
||||||
repository = {
|
repository = {
|
||||||
"ENABLE_PUSH_CREATE_USER" = true;
|
"ENABLE_PUSH_CREATE_USER" = true;
|
||||||
"DEFAULT_PUSH_CREATE_PRIVATE" = false;
|
"DEFAULT_PUSH_CREATE_PRIVATE" = false;
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let vs = config.vault-secrets.secrets; in
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -22,9 +22,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
10.42.42.6 vault.olympus
|
10.42.42.6 vault.olympus
|
||||||
'';
|
'';
|
||||||
|
|
||||||
vault-secrets.secrets.mailserver = {
|
vault-secrets.secrets.mailserver = { services = [ "dovecot2" "postfix" ]; };
|
||||||
services = [ "dovecot2" "postfix" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
mailserver = {
|
mailserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -36,7 +34,8 @@ let vs = config.vault-secrets.secrets; in
|
||||||
# People
|
# People
|
||||||
"v@0x76.dev" = {
|
"v@0x76.dev" = {
|
||||||
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
||||||
aliases = [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
|
aliases =
|
||||||
|
[ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
|
||||||
};
|
};
|
||||||
"laura@meowy.tech" = {
|
"laura@meowy.tech" = {
|
||||||
hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
|
hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
|
||||||
|
@ -79,7 +78,8 @@ let vs = config.vault-secrets.secrets; in
|
||||||
|
|
||||||
services.roundcube = {
|
services.roundcube = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
package =
|
||||||
|
pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
||||||
plugins = [
|
plugins = [
|
||||||
"archive"
|
"archive"
|
||||||
# "enigma"
|
# "enigma"
|
||||||
|
@ -98,9 +98,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "v@0x76.dev";
|
security.acme.defaults.email = "v@0x76.dev";
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ lib, pkgs, ... }:
|
{ lib, pkgs, ... }: {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -4,8 +4,7 @@
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let mosquittoPort = 1883;
|
let mosquittoPort = 1883;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
@ -20,7 +20,8 @@
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||||
|
|
||||||
services.ntfy-sh = let datadir = "/var/lib/ntfy"; in {
|
services.ntfy-sh = let datadir = "/var/lib/ntfy";
|
||||||
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
base-url = "https://ntfy.0x76.dev";
|
base-url = "https://ntfy.0x76.dev";
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
let vs = config.vault-secrets.secrets; in
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -16,9 +16,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
system.stateVersion = "22.11"; # Did you read the comment?
|
system.stateVersion = "22.11"; # Did you read the comment?
|
||||||
|
|
||||||
# Additional packages
|
# Additional packages
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [ config.services.outline.port ];
|
||||||
config.services.outline.port
|
|
||||||
];
|
|
||||||
|
|
||||||
vault-secrets.secrets.outline = {
|
vault-secrets.secrets.outline = {
|
||||||
inherit (config.services.outline) user group;
|
inherit (config.services.outline) user group;
|
||||||
|
@ -40,7 +38,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
uploadBucketName = "outline";
|
uploadBucketName = "outline";
|
||||||
region = "us-east-1"; # fake
|
region = "us-east-1"; # fake
|
||||||
};
|
};
|
||||||
oidcAuthentication = {
|
oidcAuthentication = {
|
||||||
displayName = "Dex";
|
displayName = "Dex";
|
||||||
userinfoUrl = "https://dex.0x76.dev/userinfo";
|
userinfoUrl = "https://dex.0x76.dev/userinfo";
|
||||||
tokenUrl = "https://dex.0x76.dev/token";
|
tokenUrl = "https://dex.0x76.dev/token";
|
||||||
|
|
|
@ -7,8 +7,7 @@ let
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
port = 8008;
|
port = 8008;
|
||||||
metricsPort = 9000;
|
metricsPort = 9000;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -53,66 +52,60 @@ in
|
||||||
"${vs.synapse}/email_password" # Also contains the rest of the email config
|
"${vs.synapse}/email_password" # Also contains the rest of the email config
|
||||||
];
|
];
|
||||||
|
|
||||||
settings =
|
settings = let
|
||||||
let log_file = pkgs.writeText "log.yml" ''
|
log_file = pkgs.writeText "log.yml" ''
|
||||||
version: 1
|
version: 1
|
||||||
|
|
||||||
formatters:
|
formatters:
|
||||||
structured:
|
structured:
|
||||||
class: synapse.logging.TerseJsonFormatter
|
class: synapse.logging.TerseJsonFormatter
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
file:
|
file:
|
||||||
class: logging.handlers.TimedRotatingFileHandler
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
formatter: structured
|
formatter: structured
|
||||||
filename: /var/lib/matrix-synapse/synapse.log
|
filename: /var/lib/matrix-synapse/synapse.log
|
||||||
when: midnight
|
when: midnight
|
||||||
backupCount: 3 # Does not include the current log file.
|
backupCount: 3 # Does not include the current log file.
|
||||||
encoding: utf8
|
encoding: utf8
|
||||||
|
|
||||||
loggers:
|
loggers:
|
||||||
synapse:
|
synapse:
|
||||||
level: INFO
|
level: INFO
|
||||||
handlers: [file]
|
handlers: [file]
|
||||||
''; in
|
'';
|
||||||
{
|
in {
|
||||||
server_name = "meowy.tech";
|
server_name = "meowy.tech";
|
||||||
enable_registration = true;
|
enable_registration = true;
|
||||||
public_baseurl = "https://chat.meowy.tech";
|
public_baseurl = "https://chat.meowy.tech";
|
||||||
enable_metrics = true;
|
enable_metrics = true;
|
||||||
max_upload_size = "100M";
|
max_upload_size = "100M";
|
||||||
registration_requires_token = true;
|
registration_requires_token = true;
|
||||||
media_retention = {
|
media_retention = { remote_media_lifetime = "90d"; };
|
||||||
remote_media_lifetime = "90d";
|
log_config = "${log_file}";
|
||||||
};
|
listeners = [
|
||||||
log_config = "${log_file}";
|
{
|
||||||
listeners = [
|
inherit port;
|
||||||
{
|
bind_addresses = [ "0.0.0.0" ];
|
||||||
inherit port;
|
type = "http";
|
||||||
bind_addresses = [ "0.0.0.0" ];
|
tls = false;
|
||||||
type = "http";
|
x_forwarded = true;
|
||||||
tls = false;
|
resources = [{
|
||||||
x_forwarded = true;
|
names = [ "client" "federation" ];
|
||||||
resources = [
|
compress = true;
|
||||||
{
|
}];
|
||||||
names = [ "client" "federation" ];
|
}
|
||||||
compress = true;
|
{
|
||||||
}
|
port = metricsPort;
|
||||||
];
|
bind_addresses = [ "0.0.0.0" ];
|
||||||
}
|
type = "metrics";
|
||||||
{
|
tls = false;
|
||||||
port = metricsPort;
|
resources = [{
|
||||||
bind_addresses = [ "0.0.0.0" ];
|
names = [ "metrics" ];
|
||||||
type = "metrics";
|
compress = false;
|
||||||
tls = false;
|
}];
|
||||||
resources = [
|
}
|
||||||
{
|
];
|
||||||
names = [ "metrics" ];
|
};
|
||||||
compress = false;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
services.unifi = {
|
services.unifi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
unifiPackage = pkgs.unifi;
|
unifiPackage = pkgs.unifi;
|
||||||
mongodbPackage = pkgs.mongodb-4_2;
|
mongodbPackage = pkgs.mongodb-4_2;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,8 +6,7 @@
|
||||||
let
|
let
|
||||||
vmPort = 8428;
|
vmPort = 8428;
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -21,7 +20,8 @@ in
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [ ];
|
environment.systemPackages = with pkgs; [ ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ vmPort config.services.grafana.settings.server.http_port ];
|
networking.firewall.allowedTCPPorts =
|
||||||
|
[ vmPort config.services.grafana.settings.server.http_port ];
|
||||||
networking.firewall.allowedUDPPorts = [ vmPort ];
|
networking.firewall.allowedUDPPorts = [ vmPort ];
|
||||||
|
|
||||||
services.victoriametrics = {
|
services.victoriametrics = {
|
||||||
|
@ -42,12 +42,10 @@ in
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
{
|
{
|
||||||
job_name = "nginx";
|
job_name = "nginx";
|
||||||
static_configs = [
|
static_configs = [{
|
||||||
{
|
targets = [ "nginx.olympus:9113" ];
|
||||||
targets = [ "nginx.olympus:9113" ];
|
labels.app = "nginx";
|
||||||
labels.app = "nginx";
|
}];
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
job_name = "synapse";
|
job_name = "synapse";
|
||||||
|
|
|
@ -4,29 +4,27 @@
|
||||||
{ config, lib, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/c184866a-9a53-4a9f-9a1f-493792af7ea9";
|
device = "/dev/disk/by-uuid/c184866a-9a53-4a9f-9a1f-493792af7ea9";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@" ];
|
options = [ "subvol=@" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot/efi" =
|
fileSystems."/boot/efi" = {
|
||||||
{ device = "/dev/disk/by-uuid/5BB8-7503";
|
device = "/dev/disk/by-uuid/5BB8-7503";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/bedb5b75-578e-441f-a9eb-2ecff1f4cfca"; }
|
[{ device = "/dev/disk/by-uuid/bedb5b75-578e-441f-a9eb-2ecff1f4cfca"; }];
|
||||||
];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
@ -36,6 +34,7 @@
|
||||||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.amd.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
# high-resolution display
|
# high-resolution display
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,17 +3,14 @@
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ pkgs, inputs, ... }: {
|
{ pkgs, inputs, ... }: {
|
||||||
imports = [
|
imports =
|
||||||
../../../common/desktop
|
[ ../../../common/desktop ./hardware-configuration.nix ./hardware.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
./hardware.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
initrd = {
|
initrd = {
|
||||||
kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
|
kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -4,29 +4,27 @@
|
||||||
{ config, lib, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
|
device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@" ];
|
options = [ "subvol=@" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot/efi" =
|
fileSystems."/boot/efi" = {
|
||||||
{ device = "/dev/disk/by-uuid/D883-F146";
|
device = "/dev/disk/by-uuid/D883-F146";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[ { device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }
|
[{ device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }];
|
||||||
];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
@ -37,5 +35,6 @@
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,37 +4,36 @@
|
||||||
{ config, lib, modulesPath, ... }:
|
{ config, lib, modulesPath, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ];
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" = {
|
||||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@" ];
|
options = [ "subvol=@" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nix" =
|
fileSystems."/nix" = {
|
||||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@/nix" ];
|
options = [ "subvol=@/nix" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/home" =
|
fileSystems."/home" = {
|
||||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=@home" ];
|
options = [ "subvol=@home" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot/efi" =
|
fileSystems."/boot/efi" = {
|
||||||
{ device = "/dev/disk/by-uuid/D478-6F66";
|
device = "/dev/disk/by-uuid/D478-6F66";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
@ -48,5 +47,6 @@
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,10 +10,10 @@
|
||||||
|
|
||||||
plugins = {
|
plugins = {
|
||||||
nix.enable = true;
|
nix.enable = true;
|
||||||
treesitter = {
|
treesitter = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nixGrammars = false;
|
nixGrammars = false;
|
||||||
ensureInstalled = [];
|
ensureInstalled = [ ];
|
||||||
};
|
};
|
||||||
surround.enable = true;
|
surround.enable = true;
|
||||||
fugitive.enable = true;
|
fugitive.enable = true;
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
_:
|
_: {
|
||||||
{
|
|
||||||
services.v.dns = {
|
services.v.dns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = false;
|
openFirewall = false;
|
||||||
|
@ -30,21 +29,11 @@ _:
|
||||||
ca_cert="/etc/ssl/certs/ca-bundle.crt"
|
ca_cert="/etc/ssl/certs/ca-bundle.crt"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"Pikachu 5G" = {
|
"Pikachu 5G" = { psk = "@PIKACHU_PASSWORD@"; };
|
||||||
psk = "@PIKACHU_PASSWORD@";
|
"sha256('yeet')" = { psk = "@SHA256_PASSWORD@"; };
|
||||||
};
|
"wired" = { psk = "@WIRED_PASSWORD@"; };
|
||||||
"sha256('yeet')" = {
|
"meowy hotspot" = { psk = "@HOTSPOT_PASSWORD@"; };
|
||||||
psk = "@SHA256_PASSWORD@";
|
"WiFi Roest" = { psk = "@WIFI_ROEST_PASSWORD@"; };
|
||||||
};
|
|
||||||
"wired" = {
|
|
||||||
psk = "@WIRED_PASSWORD@";
|
|
||||||
};
|
|
||||||
"meowy hotspot" = {
|
|
||||||
psk = "@HOTSPOT_PASSWORD@";
|
|
||||||
};
|
|
||||||
"WiFi Roest" = {
|
|
||||||
psk = "@WIFI_ROEST_PASSWORD@";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -11,9 +11,7 @@ let
|
||||||
module = {
|
module = {
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
boot.supportedFilesystems = [ "btrfs" "ext4" ];
|
boot.supportedFilesystems = [ "btrfs" "ext4" ];
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ git ];
|
||||||
git
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
boot.loader.systemd-boot = {
|
boot.loader.systemd-boot = {
|
||||||
|
@ -22,7 +20,9 @@ in {
|
||||||
title Rescue Boot
|
title Rescue Boot
|
||||||
linux /rescue-kernel
|
linux /rescue-kernel
|
||||||
initrd /rescue-initrd
|
initrd /rescue-initrd
|
||||||
options init=${netboot.config.system.build.toplevel}/init ${toString netboot.config.boot.kernelParams}
|
options init=${netboot.config.system.build.toplevel}/init ${
|
||||||
|
toString netboot.config.boot.kernelParams
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ stdenvNoCC, fetchFromGitHub }: stdenvNoCC.mkDerivation rec {
|
{ stdenvNoCC, fetchFromGitHub }:
|
||||||
|
stdenvNoCC.mkDerivation rec {
|
||||||
pname = "dnd-5e-latex-template";
|
pname = "dnd-5e-latex-template";
|
||||||
version = "0.8.0";
|
version = "0.8.0";
|
||||||
tlType = "run";
|
tlType = "run";
|
||||||
|
@ -13,16 +14,14 @@
|
||||||
phases = [ "installPhase" ];
|
phases = [ "installPhase" ];
|
||||||
|
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
runHook preInstall
|
runHook preInstall
|
||||||
|
|
||||||
path="$out/tex/latex/${pname}"
|
path="$out/tex/latex/${pname}"
|
||||||
mkdir -p "$path"
|
mkdir -p "$path"
|
||||||
cp -r $src/* $path
|
cp -r $src/* $path
|
||||||
|
|
||||||
runHook postInstall
|
runHook postInstall
|
||||||
'';
|
'';
|
||||||
|
|
||||||
meta = {
|
meta = { description = "DnD 5e latex template"; };
|
||||||
description = "DnD 5e latex template";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
{ stdenvNoCC, fetchurl }: stdenvNoCC.mkDerivation {
|
{ stdenvNoCC, fetchurl }:
|
||||||
|
stdenvNoCC.mkDerivation {
|
||||||
pname = "gitea-agatheme";
|
pname = "gitea-agatheme";
|
||||||
version = "1.2";
|
version = "1.2";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://git.lain.faith/attachments/290e2304-92a3-4991-8703-fbbf52f31340";
|
url =
|
||||||
|
"https://git.lain.faith/attachments/290e2304-92a3-4991-8703-fbbf52f31340";
|
||||||
sha256 = "424f4e232c7d759485cdf1bcde9edde50f2992cf6bde61c21f71eae03a905543";
|
sha256 = "424f4e232c7d759485cdf1bcde9edde50f2992cf6bde61c21f71eae03a905543";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,10 @@
|
||||||
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests
|
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn, callPackage
|
||||||
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
|
, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript, fetchYarnDeps
|
||||||
, fetchYarnDeps, fixup_yarn_lock
|
, fixup_yarn_lock
|
||||||
|
|
||||||
# Allow building a fork or custom version of Mastodon:
|
# Allow building a fork or custom version of Mastodon:
|
||||||
, pname ? "mastodon"
|
, pname ? "mastodon", version ? import ./version.nix, srcOverride ? null
|
||||||
, version ? import ./version.nix
|
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
|
||||||
, srcOverride ? null
|
|
||||||
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
|
|
||||||
}:
|
}:
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
|
@ -14,7 +12,8 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
# Using overrideAttrs on src does not build the gems and modules with the overridden src.
|
# Using overrideAttrs on src does not build the gems and modules with the overridden src.
|
||||||
# Putting the callPackage up in the arguments list also does not work.
|
# Putting the callPackage up in the arguments list also does not work.
|
||||||
src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
|
src =
|
||||||
|
if srcOverride != null then srcOverride else callPackage ./source.nix { };
|
||||||
|
|
||||||
mastodon-gems = bundlerEnv {
|
mastodon-gems = bundlerEnv {
|
||||||
name = "${pname}-gems-${version}";
|
name = "${pname}-gems-${version}";
|
||||||
|
@ -42,11 +41,17 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
yarnOfflineCache = fetchYarnDeps {
|
yarnOfflineCache = fetchYarnDeps {
|
||||||
yarnLock = "${src}/yarn.lock";
|
yarnLock = "${src}/yarn.lock";
|
||||||
# sha256 = lib.fakeSha256;
|
# sha256 = lib.fakeSha256;
|
||||||
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
|
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodon-gems mastodon-gems.wrappedRuby ];
|
nativeBuildInputs = [
|
||||||
|
fixup_yarn_lock
|
||||||
|
nodejs-slim
|
||||||
|
yarn
|
||||||
|
mastodon-gems
|
||||||
|
mastodon-gems.wrappedRuby
|
||||||
|
];
|
||||||
|
|
||||||
RAILS_ENV = "production";
|
RAILS_ENV = "production";
|
||||||
NODE_ENV = "production";
|
NODE_ENV = "production";
|
||||||
|
@ -114,11 +119,12 @@ stdenv.mkDerivation rec {
|
||||||
|
|
||||||
passthru = {
|
passthru = {
|
||||||
tests.mastodon = nixosTests.mastodon;
|
tests.mastodon = nixosTests.mastodon;
|
||||||
updateScript = callPackage ./update.nix {};
|
updateScript = callPackage ./update.nix { };
|
||||||
};
|
};
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
description =
|
||||||
|
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
||||||
homepage = "https://joinmastodon.org";
|
homepage = "https://joinmastodon.org";
|
||||||
license = licenses.agpl3Plus;
|
license = licenses.agpl3Plus;
|
||||||
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,5 +1,6 @@
|
||||||
# This file was generated by pkgs.mastodon.updateScript.
|
# This file was generated by pkgs.mastodon.updateScript.
|
||||||
{ fetchgit, applyPatches }: let
|
{ fetchgit, applyPatches }:
|
||||||
|
let
|
||||||
src = fetchgit {
|
src = fetchgit {
|
||||||
url = "https://github.com/glitch-soc/mastodon.git";
|
url = "https://github.com/glitch-soc/mastodon.git";
|
||||||
rev = "c18884de32b60152600ec95ed42cdf9c00fdab7a";
|
rev = "c18884de32b60152600ec95ed42cdf9c00fdab7a";
|
||||||
|
@ -7,5 +8,5 @@
|
||||||
};
|
};
|
||||||
in applyPatches {
|
in applyPatches {
|
||||||
inherit src;
|
inherit src;
|
||||||
patches = [];
|
patches = [ ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,24 +1,22 @@
|
||||||
{ runCommand
|
{ runCommand, lib, makeWrapper, yarn2nix, bundix, coreutils, diffutils
|
||||||
, lib
|
, nix-prefetch-git, gnused, jq }:
|
||||||
, makeWrapper
|
|
||||||
, yarn2nix
|
|
||||||
, bundix
|
|
||||||
, coreutils
|
|
||||||
, diffutils
|
|
||||||
, nix-prefetch-git
|
|
||||||
, gnused
|
|
||||||
, jq
|
|
||||||
}:
|
|
||||||
let
|
let
|
||||||
binPath = lib.makeBinPath [ yarn2nix bundix coreutils diffutils nix-prefetch-git gnused jq ];
|
binPath = lib.makeBinPath [
|
||||||
in
|
yarn2nix
|
||||||
runCommand "mastodon-update-script"
|
bundix
|
||||||
{
|
coreutils
|
||||||
|
diffutils
|
||||||
|
nix-prefetch-git
|
||||||
|
gnused
|
||||||
|
jq
|
||||||
|
];
|
||||||
|
in runCommand "mastodon-update-script" {
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
meta = {
|
meta = {
|
||||||
maintainers = with lib.maintainers; [ happy-river ];
|
maintainers = with lib.maintainers; [ happy-river ];
|
||||||
description = "Utility to generate Nix expressions for Mastodon's dependencies";
|
description =
|
||||||
|
"Utility to generate Nix expressions for Mastodon's dependencies";
|
||||||
platforms = lib.platforms.unix;
|
platforms = lib.platforms.unix;
|
||||||
};
|
};
|
||||||
} ''
|
} ''
|
||||||
|
|
|
@ -6,9 +6,7 @@
|
||||||
# use the latest Linux kernel
|
# use the latest Linux kernel
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ git ];
|
||||||
git
|
|
||||||
];
|
|
||||||
|
|
||||||
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
||||||
boot.supportedFilesystems = lib.mkForce [ "btrfs" "ext4" ];
|
boot.supportedFilesystems = lib.mkForce [ "btrfs" "ext4" ];
|
||||||
|
|
|
@ -1,15 +1,12 @@
|
||||||
{ pkgs, modulesPath, lib, ... }: {
|
{ pkgs, modulesPath, lib, ... }: {
|
||||||
imports = [
|
imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ];
|
||||||
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
|
|
||||||
];
|
|
||||||
|
|
||||||
# use the latest Linux kernel
|
# use the latest Linux kernel
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [ git ];
|
||||||
git
|
|
||||||
];
|
|
||||||
|
|
||||||
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
||||||
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
|
boot.supportedFilesystems =
|
||||||
|
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue