Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
commit
6322f2236a
|
@ -54,7 +54,6 @@
|
|||
, nixos-generators
|
||||
, nur
|
||||
, attic
|
||||
, microvm
|
||||
, ...
|
||||
}@inputs:
|
||||
let
|
||||
|
|
|
@ -34,6 +34,8 @@
|
|||
enableUserServices = true;
|
||||
};
|
||||
|
||||
security.polkit.enable = lib.mkDefault true;
|
||||
|
||||
# Nix Settings
|
||||
nix = {
|
||||
registry.nixpkgs.flake = inputs.nixpkgs;
|
||||
|
@ -74,9 +76,6 @@
|
|||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages =
|
||||
[ "nodejs-16.20.2" "nodejs-14.21.3" "openssl-1.1.1w" ];
|
||||
|
||||
# Limit the systemd journal to 100 MB of disk or the
|
||||
# last 7 days of logs, whichever happens first.
|
||||
services.journald.extraConfig = ''
|
||||
|
|
|
@ -70,6 +70,7 @@ in {
|
|||
sumneko.lua
|
||||
davidlday.languagetool-linter
|
||||
serayuzgur.crates
|
||||
skellock.just
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,32 +1,35 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ./laura.nix ./vivian.nix ./jonathan.nix ];
|
||||
programs = {
|
||||
|
||||
# Setup ZSH to use grml config
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
interactiveShellInit = ''
|
||||
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
|
||||
export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow"
|
||||
source "${pkgs.fzf}/share/fzf/key-bindings.zsh"
|
||||
source "${pkgs.fzf}/share/fzf/completion.zsh"
|
||||
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
|
||||
'';
|
||||
# otherwise it'll override the grml prompt
|
||||
promptInit = "";
|
||||
# Setup ZSH to use grml config
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
autosuggestions.enable = true;
|
||||
interactiveShellInit = ''
|
||||
source "${pkgs.grml-zsh-config}/etc/zsh/zshrc"
|
||||
export FZF_DEFAULT_COMMAND="${pkgs.ripgrep}/bin/rg --files --follow"
|
||||
source "${pkgs.fzf}/share/fzf/key-bindings.zsh"
|
||||
source "${pkgs.fzf}/share/fzf/completion.zsh"
|
||||
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
|
||||
'';
|
||||
# otherwise it'll override the grml prompt
|
||||
promptInit = "";
|
||||
};
|
||||
|
||||
# Install Neovim and set it as alias for vi(m)
|
||||
neovim = {
|
||||
enable = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
};
|
||||
|
||||
environment.pathsToLink = [ "/share/zsh" ];
|
||||
|
||||
# Install Neovim and set it as alias for vi(m)
|
||||
programs.neovim = {
|
||||
enable = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
|
||||
# Disable sudo prompt for `wheel` users.
|
||||
security.sudo.wheelNeedsPassword = lib.mkDefault false;
|
||||
|
||||
|
@ -41,11 +44,13 @@
|
|||
|
||||
# Setup packages available everywhere
|
||||
environment.systemPackages = with pkgs; [
|
||||
file
|
||||
fzf
|
||||
git
|
||||
htop
|
||||
ncdu
|
||||
psmisc
|
||||
helix
|
||||
ripgrep
|
||||
rsync
|
||||
zoxide
|
||||
|
|
|
@ -26,10 +26,7 @@ in {
|
|||
ensureDatabases = [ "atticd" ];
|
||||
ensureUsers = [{
|
||||
name = "atticd";
|
||||
ensurePermissions = {
|
||||
"DATABASE atticd" = "ALL PRIVILEGES";
|
||||
"schema public" = "ALL";
|
||||
};
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
|
||||
};
|
||||
|
|
|
@ -5,16 +5,7 @@
|
|||
programs.mosh.enable = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
cachix
|
||||
clang
|
||||
direnv
|
||||
git-crypt
|
||||
nix-update
|
||||
pinentry-curses
|
||||
ripgrep
|
||||
rsync
|
||||
rustup
|
||||
tmux
|
||||
vault
|
||||
];
|
||||
|
||||
|
|
|
@ -18,11 +18,7 @@
|
|||
ip = "192.168.0.101";
|
||||
mac = "5a:00:b7:6c:d1:e2";
|
||||
};
|
||||
"plex" = {
|
||||
ip = "192.168.0.102";
|
||||
mac = "00:0c:29:a1:4e:28";
|
||||
nix = false;
|
||||
};
|
||||
# ip = "192.168.0.102";
|
||||
"vault-0" = {
|
||||
ip = "192.168.0.103";
|
||||
mac = "7A:14:15:ED:D1:E6";
|
||||
|
@ -60,16 +56,8 @@
|
|||
profile = "dns";
|
||||
tags = [ "networking" ];
|
||||
};
|
||||
"MariaDB" = {
|
||||
ip = "192.168.0.109";
|
||||
mac = "00:0c:29:23:4f:12";
|
||||
nix = false;
|
||||
};
|
||||
"bitwarden_rs" = {
|
||||
ip = "192.168.0.110";
|
||||
mac = "00:0c:29:f5:98:00";
|
||||
nix = false;
|
||||
};
|
||||
# ip = "192.168.0.109";
|
||||
# ip = "192.168.0.110";
|
||||
"rtorrent" = {
|
||||
ip = "192.168.0.111";
|
||||
mac = "7a:5f:9b:62:49:91";
|
||||
|
@ -139,15 +127,8 @@
|
|||
mac = "5E:36:04:2D:38:DF";
|
||||
type = "vm";
|
||||
};
|
||||
"database" = {
|
||||
ip = "192.168.0.126";
|
||||
mac = "82:e8:71:7f:37:b4";
|
||||
};
|
||||
"dn42" = {
|
||||
ip = "192.168.0.127";
|
||||
mac = "12:fa:24:02:65:e6";
|
||||
nix = false;
|
||||
};
|
||||
# ip = "192.168.0.126";
|
||||
# ip = "192.168.0.127";
|
||||
"attic" = {
|
||||
ip = "192.168.0.128";
|
||||
mac = "9E:AF:E9:FE:D4:D9";
|
||||
|
@ -165,15 +146,8 @@
|
|||
};
|
||||
nix = false;
|
||||
};
|
||||
# "docker-registry" = {
|
||||
# ip = "192.168.0.130"attic, ;
|
||||
# mac = "5e:0e:a6:cf:64:70";
|
||||
# };
|
||||
"minecraft" = {
|
||||
ip = "192.168.0.131";
|
||||
mac = "00:0c:29:9b:e1:c4";
|
||||
nix = false;
|
||||
};
|
||||
# ip = "192.168.0.130";
|
||||
# ip = "192.168.0.131";
|
||||
"tudelft" = {
|
||||
ip = "192.168.0.132";
|
||||
mac = "AE:B3:93:4B:04:76";
|
||||
|
|
|
@ -7,8 +7,7 @@ let
|
|||
# https://github.com/immich-app/immich/releases
|
||||
# version = "1.55.1";
|
||||
dataDir = "/var/lib/immich";
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -22,31 +21,32 @@ in
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
|
||||
|
||||
# TODO: https://github.com/suderman/nixos/tree/main/modules/nixos/immich
|
||||
|
||||
fileSystems."/mnt/storage" = {
|
||||
device = "storage:/mnt/storage";
|
||||
fsType = "nfs";
|
||||
};
|
||||
|
||||
# Unused uid/gid snagged from this list:
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
|
||||
ids.uids.immich = 911;
|
||||
ids.gids.immich = 911;
|
||||
|
||||
users.groups.photos = {};
|
||||
|
||||
users.users.immich = {
|
||||
isSystemUser = true;
|
||||
group = "photos";
|
||||
description = "Immich daemon user";
|
||||
home = dataDir;
|
||||
uid = config.ids.uids.immich;
|
||||
ids = {
|
||||
# Unused uid/gid snagged from this list:
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix
|
||||
uids.immich = 911;
|
||||
gids.immich = 911;
|
||||
};
|
||||
users = {
|
||||
groups = {
|
||||
photos = { };
|
||||
immich = { gid = config.ids.gids.immich; };
|
||||
};
|
||||
|
||||
users.groups.immich = { gid = config.ids.gids.immich; };
|
||||
users.immich = {
|
||||
isSystemUser = true;
|
||||
group = "photos";
|
||||
description = "Immich daemon user";
|
||||
home = dataDir;
|
||||
uid = config.ids.uids.immich;
|
||||
};
|
||||
};
|
||||
|
||||
# Postgres database configuration
|
||||
services.postgresql = {
|
||||
|
@ -56,7 +56,7 @@ in
|
|||
|
||||
ensureUsers = [{
|
||||
name = "immich";
|
||||
ensurePermissions = { "DATABASE immich" = "ALL PRIVILEGES"; };
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
ensureDatabases = [ "immich" ];
|
||||
|
||||
|
|
|
@ -49,17 +49,17 @@ in {
|
|||
allowedTCPPorts = [ 25565 ];
|
||||
};
|
||||
|
||||
users.groups.mc = { };
|
||||
users.extraUsers.laura.extraGroups = [ "wheel" ];
|
||||
users.extraUsers.vivian.extraGroups = [ "mc" ];
|
||||
users.extraUsers.vivian.extraGroups = [ "wheel" ];
|
||||
users.groups.mc = { };
|
||||
|
||||
users.extraUsers.julia = {
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvqk+CJG4VwN8wg3H1ZdbUVj1JuX7RYKH1ewRKfCPv julia@juliadijkstraarch"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvqk+CJG4VwN8wg3H1ZdbUVj1JuX7RYKH1ewRKfCPv julia@juliadijkstraarch"
|
||||
];
|
||||
|
||||
extraGroups = [ "mc" "wheel" ];
|
||||
};
|
||||
|
|
|
@ -2,19 +2,94 @@
|
|||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
cfg = config.services.mastodon;
|
||||
in
|
||||
{
|
||||
in {
|
||||
system.stateVersion = "21.05";
|
||||
# Use DHCP with static leases
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
# Better cache hits
|
||||
environment.noXlibs = lib.mkForce false;
|
||||
services = {
|
||||
elasticsearch = {
|
||||
enable = true;
|
||||
cluster_name = "mastodon-es";
|
||||
package = pkgs.elasticsearch7;
|
||||
};
|
||||
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
cluster_name = "mastodon-es";
|
||||
package = pkgs.elasticsearch7;
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_16;
|
||||
settings = {
|
||||
shared_preload_libraries = "pg_stat_statements";
|
||||
"pg_stat_statements.track" = "all";
|
||||
"pg_stat_statements.max" = 10000;
|
||||
track_activity_query_size = 2048;
|
||||
};
|
||||
# The rest of the database setup is handled by mastodon
|
||||
};
|
||||
|
||||
mastodon = {
|
||||
enable = true;
|
||||
package = pkgs.v.glitch-soc;
|
||||
streamingProcesses = 3;
|
||||
webPort = 55001;
|
||||
enableUnixSocket = false;
|
||||
localDomain = "xirion.net";
|
||||
trustedProxy = "192.168.0.122";
|
||||
mediaAutoRemove = {
|
||||
enable = true;
|
||||
olderThanDays = 30;
|
||||
startAt = "daily";
|
||||
};
|
||||
|
||||
configureNginx = false;
|
||||
|
||||
redis.createLocally = true;
|
||||
|
||||
elasticsearch = {
|
||||
host = "127.0.0.1";
|
||||
inherit (config.services.elasticsearch) port;
|
||||
};
|
||||
|
||||
database.createLocally = true;
|
||||
|
||||
smtp = {
|
||||
createLocally = false;
|
||||
fromAddress = "mastodon@xirion.net";
|
||||
host = "mail.0x76.dev";
|
||||
user = "mastodon@xirion.net";
|
||||
authenticate = true;
|
||||
port = 587;
|
||||
passwordFile = "${vs.mastodon}/smtp-password";
|
||||
};
|
||||
|
||||
extraConfig = {
|
||||
BIND = "0.0.0.0";
|
||||
SINGLE_USER_MODE = "false";
|
||||
EMAIL_DOMAIN_ALLOWLIST = "xirion.net";
|
||||
DEFAULT_LOCALE = "en";
|
||||
|
||||
WEB_DOMAIN = "fedi.xirion.net";
|
||||
ALTERNATE_DOMAINS = "meowy.tech";
|
||||
|
||||
SMTP_AUTH_METHOD = "plain";
|
||||
SMTP_OPENSSL_VERIFY_MODE = "none";
|
||||
|
||||
RAILS_SERVE_STATIC_FILES = "false";
|
||||
|
||||
AUTHORIZED_FETCH = "true";
|
||||
|
||||
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
||||
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
||||
S3_ENABLED = "true";
|
||||
S3_REGION = "hades";
|
||||
S3_BUCKET = "mastodon";
|
||||
S3_ENDPOINT = "http://garage.hades:3900";
|
||||
S3_ALIAS_HOST = "fedi-media.xirion.net";
|
||||
|
||||
DEEPL_PLAN = "free";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
vault-secrets.secrets.mastodon = {
|
||||
|
@ -31,77 +106,6 @@ in
|
|||
EOF
|
||||
'';
|
||||
|
||||
services.mastodon = {
|
||||
enable = true;
|
||||
package = pkgs.v.glitch-soc;
|
||||
streamingProcesses = 3;
|
||||
webPort = 55001;
|
||||
enableUnixSocket = false;
|
||||
localDomain = "xirion.net";
|
||||
trustedProxy = "192.168.0.122";
|
||||
mediaAutoRemove = {
|
||||
enable = true;
|
||||
olderThanDays = 30;
|
||||
startAt = "daily";
|
||||
};
|
||||
|
||||
configureNginx = false;
|
||||
|
||||
redis.createLocally = true;
|
||||
|
||||
elasticsearch = {
|
||||
host = "127.0.0.1";
|
||||
inherit (config.services.elasticsearch) port;
|
||||
};
|
||||
|
||||
database = {
|
||||
createLocally = false;
|
||||
user = "mastodon";
|
||||
passwordFile = "${vs.mastodon}/db-password";
|
||||
port = 5432;
|
||||
name = "mastodon";
|
||||
host = "192.168.0.126";
|
||||
};
|
||||
|
||||
smtp = {
|
||||
createLocally = false;
|
||||
fromAddress = "mastodon@xirion.net";
|
||||
host = "mail.0x76.dev";
|
||||
user = "mastodon@xirion.net";
|
||||
authenticate = true;
|
||||
port = 587;
|
||||
passwordFile = "${vs.mastodon}/smtp-password";
|
||||
};
|
||||
|
||||
extraConfig = {
|
||||
BIND = "0.0.0.0";
|
||||
SINGLE_USER_MODE = "false";
|
||||
EMAIL_DOMAIN_ALLOWLIST = "xirion.net";
|
||||
DEFAULT_LOCALE = "en";
|
||||
|
||||
WEB_DOMAIN = "fedi.xirion.net";
|
||||
ALTERNATE_DOMAINS = "meowy.tech";
|
||||
|
||||
SMTP_AUTH_METHOD = "plain";
|
||||
SMTP_OPENSSL_VERIFY_MODE = "none";
|
||||
|
||||
RAILS_SERVE_STATIC_FILES = "false";
|
||||
|
||||
AUTHORIZED_FETCH = "true";
|
||||
|
||||
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
||||
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
||||
S3_ENABLED = "true";
|
||||
S3_REGION = "hades";
|
||||
S3_BUCKET = "mastodon";
|
||||
S3_ENDPOINT = "http://garage.hades:3900";
|
||||
S3_ALIAS_HOST = "fedi-media.xirion.net";
|
||||
|
||||
DEEPL_PLAN = "free";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall =
|
||||
let cfg = config.services.mastodon;
|
||||
in { allowedTCPPorts = [ cfg.webPort ]; };
|
||||
networking.firewall = let cfg = config.services.mastodon;
|
||||
in { allowedTCPPorts = [ cfg.webPort ]; };
|
||||
}
|
||||
|
|
|
@ -12,8 +12,7 @@ let
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -46,22 +45,25 @@ in
|
|||
"xirion.net" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
add_header Content-Type 'text/html; charset=UTF-8';
|
||||
return 200 'Hello, World!';
|
||||
'';
|
||||
locations = {
|
||||
"/".extraConfig = ''
|
||||
add_header Content-Type 'text/html; charset=UTF-8';
|
||||
return 200 'Hello, World!';
|
||||
'';
|
||||
|
||||
# Mastodon federation
|
||||
locations."= /.well-known/host-meta".extraConfig = ''
|
||||
return 301 https://fedi.xirion.net$request_uri;
|
||||
'';
|
||||
locations."/.well-known/webfinger".extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 301 https://fedi.xirion.net$request_uri;
|
||||
'';
|
||||
# Mastodon federation
|
||||
"= /.well-known/host-meta".extraConfig = ''
|
||||
return 301 https://fedi.xirion.net$request_uri;
|
||||
'';
|
||||
"/.well-known/webfinger".extraConfig = ''
|
||||
add_header Access-Control-Allow-Origin '*';
|
||||
return 301 https://fedi.xirion.net$request_uri;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
"peepeepoopoo.xirion.net" = proxy "http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already!
|
||||
"peepeepoopoo.xirion.net" = proxy
|
||||
"http://tautulli.hades:8080"; # Deprecated but Ricardo has it bookmarked already!
|
||||
|
||||
"plex.xirion.net" = {
|
||||
# Since we want a secure connection, we force SSL
|
||||
|
|
|
@ -2,13 +2,40 @@
|
|||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ./rtorrent.nix ];
|
||||
networking = {
|
||||
interfaces.eth0.useDHCP = true;
|
||||
firewall = {
|
||||
allowedTCPPorts = [ config.services.rtorrent.port ];
|
||||
allowedUDPPorts = [ config.services.rtorrent.port ];
|
||||
};
|
||||
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
wg-quick.interfaces = let
|
||||
postUpScript = pkgs.writeScriptBin "post_up" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
|
||||
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
|
||||
'';
|
||||
in {
|
||||
wg0 = {
|
||||
address =
|
||||
[ "10.129.112.89/32, fd7d:76ee:e68f:a993:edd1:668b:49f7:b7c3/128" ];
|
||||
mtu = 1320;
|
||||
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
|
||||
privateKeyFile = "${vs.rtorrent}/wireguardKey";
|
||||
postUp = "${postUpScript}/bin/post_up || true";
|
||||
|
||||
peers = [{
|
||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
endpoint = "europe3.vpn.airdns.org:1637";
|
||||
presharedKeyFile = "${vs.rtorrent}/presharedKey";
|
||||
persistentKeepalive = 15;
|
||||
}];
|
||||
};
|
||||
};
|
||||
};
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ config.services.rtorrent.port ];
|
||||
networking.firewall.allowedUDPPorts = [ config.services.rtorrent.port ];
|
||||
|
||||
fileSystems."/mnt/storage" = {
|
||||
device = "storage:/mnt/storage";
|
||||
fsType = "nfs";
|
||||
|
@ -22,32 +49,4 @@ in {
|
|||
};
|
||||
|
||||
vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; };
|
||||
|
||||
networking.wg-quick.interfaces =
|
||||
let
|
||||
postUpScript = pkgs.writeScriptBin "post_up" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
|
||||
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
|
||||
'';
|
||||
in
|
||||
{
|
||||
wg0 = {
|
||||
address = [ "10.129.112.89/32, fd7d:76ee:e68f:a993:edd1:668b:49f7:b7c3/128" ];
|
||||
mtu = 1320;
|
||||
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
|
||||
privateKeyFile = "${vs.rtorrent}/wireguardKey";
|
||||
postUp = "${postUpScript}/bin/post_up || true";
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||
endpoint = "europe3.vpn.airdns.org:1637";
|
||||
presharedKeyFile = "${vs.rtorrent}/presharedKey";
|
||||
persistentKeepalive = 15;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,36 +2,13 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
fix-vscode = pkgs.writeScriptBin "fix-vscode" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
# Check if vscode-server dir exists
|
||||
if [[ -d "$HOME/.vscode-server/bin" ]]; then
|
||||
# For every bin folder within
|
||||
for versiondir in "$HOME"/.vscode-server/bin/*; do
|
||||
# Remove bundled node (dynamic links are borked for nix)
|
||||
rm "$versiondir/node"
|
||||
# symlink node form the nixpkg
|
||||
ln -s "${pkgs.nodejs-16_x}/bin/node" "$versiondir/node"
|
||||
done
|
||||
fi
|
||||
'';
|
||||
in
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
# This _should_ fix vscode errors as well
|
||||
programs.nix-ld.enable = true;
|
||||
# environment.variables = {
|
||||
# NIX_LD_LIBRARY_PATH = lib.makeLibraryPath [
|
||||
# pkgs.stdenv.cc.cc
|
||||
# ];
|
||||
# # NIX_LD = lib.fileContents "${pkgs.stdenv.cc}/nix-support/dynamic-linker";
|
||||
# };
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
|
@ -48,22 +25,7 @@ in
|
|||
virtualisation.podman.enable = true;
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
binutils
|
||||
fix-vscode
|
||||
fluxcd
|
||||
k9s
|
||||
kubectl
|
||||
kubectx
|
||||
nix-prefetch-git
|
||||
nixpkgs-fmt
|
||||
nixpkgs-review
|
||||
ripgrep
|
||||
rsync
|
||||
tmux
|
||||
vault
|
||||
vim
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ vault ];
|
||||
|
||||
programs.gnupg.agent = {
|
||||
enable = true;
|
||||
|
|
|
@ -33,10 +33,7 @@ in {
|
|||
ensureDatabases = [ db_name ];
|
||||
ensureUsers = [{
|
||||
name = db_user;
|
||||
ensurePermissions = {
|
||||
"DATABASE ${db_name}" = "ALL PRIVILEGES";
|
||||
"schema public" = "ALL";
|
||||
};
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
};
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ in
|
|||
ensureDatabases = [ db_name ];
|
||||
ensureUsers = [{
|
||||
name = db_user;
|
||||
ensurePermissions = { "DATABASE ${db_name}" = "ALL PRIVILEGES"; };
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
};
|
||||
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
rev = "v${version}";
|
||||
hash = "sha256-fZH3zPEU5jnYFhLx8OKDNrvsSVT46Peu92L84Fg5YpQ=";
|
||||
};
|
||||
patches = patches ++ [];
|
||||
inherit patches;
|
||||
}) // {
|
||||
inherit version;
|
||||
yarnHash = "sha256-P7KswzsCusyiS4MxUFnC1HYMTQ6fLpIwd97AglCukIk=";
|
||||
|
|
Loading…
Reference in New Issue