Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
This commit is contained in:
commit
6443527ba1
|
@ -5,4 +5,5 @@ pipeline:
|
|||
- NIX_CONFIG=experimental-features = nix-command flakes
|
||||
commands:
|
||||
- nix run 'nixpkgs#statix' check
|
||||
- nix run 'nixpkgs#deadnix' -- -f
|
||||
- nix run 'nixpkgs#yamllint' .
|
||||
|
|
36
flake.lock
36
flake.lock
|
@ -502,11 +502,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682977601,
|
||||
"narHash": "sha256-F1Va/Uiw2tVNn27FLqWyBkiqDyIm/eCamw9wA/GK8Fw=",
|
||||
"lastModified": 1683221986,
|
||||
"narHash": "sha256-n688GK4wO2pZpI4gHOxj/PF85bzUMPEJ8B3Wd3cHSjk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "0e4c33d76006c9080d2f228ba1c2308e3e4d7be6",
|
||||
"rev": "f3824311a16cbe70dbaeedc17a97dfcd11901c3f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -671,11 +671,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682946851,
|
||||
"narHash": "sha256-YoEtcS8oRurXdrYW1ceF3LaqBeJDp33+NqyqsQAh96c=",
|
||||
"lastModified": 1683189539,
|
||||
"narHash": "sha256-dqeE6PM1SSNCB9BSBgh/9dJPLn3sf7P4uay8/CymMlQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "8e981bbc0f146e87ac5e8cc98a84dd6702648adb",
|
||||
"rev": "104ca15b0019bf461639050daeaa18e25642ccee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -799,11 +799,11 @@
|
|||
},
|
||||
"nixpkgs_22-11": {
|
||||
"locked": {
|
||||
"lastModified": 1683028696,
|
||||
"narHash": "sha256-saPKTDj+HB9aPvB59wGcJ64CifRuiIt2CHvSbh7UHz8=",
|
||||
"lastModified": 1683103914,
|
||||
"narHash": "sha256-Mbrst3sLaiL55eOlZOEL8kB+XTWffaQVfcI03YWiryg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5dab6490fe6d72b3f120ae8660181e20f396fbdf",
|
||||
"rev": "54495a4eafe99c537695a87fe04cb50bf17e651d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -815,11 +815,11 @@
|
|||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1683109436,
|
||||
"narHash": "sha256-m66inegZHyF28OHFosKL/7F9YPflspVa9oZpKueMqj8=",
|
||||
"lastModified": 1683237598,
|
||||
"narHash": "sha256-RQrAydX9mQIJYBtOe0kEGHjHV6tSx+a0LOI0LZ/Mus4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ba63ea9268f8e1f14a57fbc5516dbd257f5349fa",
|
||||
"rev": "0ba02ba5e7a068d334fb04c8349d7654d1a9a230",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -931,11 +931,11 @@
|
|||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682714854,
|
||||
"narHash": "sha256-7vFHIUeaZ47REJopzzY6bX5wb0qmn6fNsQCKOQ8G3Mg=",
|
||||
"lastModified": 1683202852,
|
||||
"narHash": "sha256-AN4PZAtkiA4ATi9MwCMpU7WvAoQ642Hol8K8/n0477M=",
|
||||
"owner": "pta2002",
|
||||
"repo": "nixvim",
|
||||
"rev": "d0383da7f8579610f49b99b982b662ad197d97d1",
|
||||
"rev": "8a637fc91fd670626a3e182a781a2e82615bbcc2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -946,11 +946,11 @@
|
|||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1683106140,
|
||||
"narHash": "sha256-kteCzvc9+6t46PTbTruP5r+FXqnJl/xoCfteV4CQmGE=",
|
||||
"lastModified": 1683236736,
|
||||
"narHash": "sha256-ruEH8oO2WLlZI8CSrKPmMbIFNO4/oEGeBwyTyszhw5Y=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "9b5b623552610c800cfeb24a5b818de77f12e575",
|
||||
"rev": "ee7b5b05842c7db8688a3a21f7c10e2eb8762882",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
12
flake.nix
12
flake.nix
|
@ -46,14 +46,9 @@
|
|||
inherit (nixpkgs) lib;
|
||||
|
||||
util = import ./nixos/util.nix inputs;
|
||||
inherit (util) hosts flat_hosts nixHosts;
|
||||
|
||||
system = "x86_64-linux";
|
||||
# import and add realm to list of tags
|
||||
hosts = util.add_realm_to_tags (import ./nixos/hosts);
|
||||
# flatten hosts to single list
|
||||
flat_hosts = util.flatten_hosts hosts;
|
||||
# Filter out all non-nixos hosts
|
||||
nixHosts = util.filter_nix_hosts flat_hosts;
|
||||
|
||||
pkgs = import nixpkgs {
|
||||
inherit system;
|
||||
|
@ -105,13 +100,13 @@
|
|||
|
||||
iso = nixos-generators.nixosGenerate {
|
||||
inherit system pkgs;
|
||||
format = "iso";
|
||||
format = "install-iso";
|
||||
modules = [ (import ./nixos/templates/iso.nix) ];
|
||||
};
|
||||
|
||||
iso-graphical = nixos-generators.nixosGenerate {
|
||||
inherit system pkgs;
|
||||
format = "iso";
|
||||
format = "install-iso";
|
||||
modules = [ (import ./nixos/templates/iso-graphical.nix) ];
|
||||
};
|
||||
|
||||
|
@ -137,6 +132,7 @@
|
|||
apply-local
|
||||
colmena.packages.${system}.colmena
|
||||
cachix
|
||||
deadnix
|
||||
fluxcd
|
||||
k9s
|
||||
kubectl
|
||||
|
|
|
@ -1,8 +1,5 @@
|
|||
{ config, lib, pkgs, ... }: {
|
||||
imports = [
|
||||
./users
|
||||
./modules
|
||||
];
|
||||
imports = [ ./users ./modules ];
|
||||
|
||||
# Clean /tmp on boot.
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
|
|
@ -2,7 +2,11 @@ _: {
|
|||
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
|
||||
|
||||
# Supress systemd services that don't work (correctly) on LXC
|
||||
systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ];
|
||||
systemd.suppressedSystemUnits = [
|
||||
"dev-mqueue.mount"
|
||||
"sys-kernel-debug.mount"
|
||||
"sys-fs-fuse-connections.mount"
|
||||
];
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/157449#issuecomment-1459299764
|
||||
boot.specialFileSystems."/run".options = [ "rshared" ];
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }: {
|
||||
_: {
|
||||
networking.useDHCP = true;
|
||||
|
||||
# Enable qemu guest agent
|
||||
|
|
|
@ -2,9 +2,7 @@
|
|||
with lib;
|
||||
let cfg = config.themes.v.catppuccin;
|
||||
in {
|
||||
options.themes.v.catppuccin = {
|
||||
enable = mkEnableOption "catppuccin";
|
||||
};
|
||||
options.themes.v.catppuccin = { enable = mkEnableOption "catppuccin"; };
|
||||
config = let
|
||||
theme = "Catppuccin-Pink-Dark";
|
||||
cursorTheme = config.home.pointerCursor.name;
|
||||
|
|
|
@ -1,8 +1 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
./catppuccin.nix
|
||||
./nvim.nix
|
||||
./riff.nix
|
||||
./vscode.nix
|
||||
];
|
||||
}
|
||||
{ ... }: { imports = [ ./catppuccin.nix ./nvim.nix ./riff.nix ./vscode.nix ]; }
|
||||
|
|
|
@ -2,9 +2,7 @@
|
|||
with lib;
|
||||
let cfg = config.programs.v.nvim;
|
||||
in {
|
||||
options.programs.v.nvim = {
|
||||
enable = mkEnableOption "nvim";
|
||||
};
|
||||
options.programs.v.nvim = { enable = mkEnableOption "nvim"; };
|
||||
config = mkIf cfg.enable {
|
||||
programs.nixvim = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,9 +1,3 @@
|
|||
{ ... }: {
|
||||
imports = [
|
||||
./dns.nix
|
||||
./flood.nix
|
||||
./gnome
|
||||
./unpackerr.nix
|
||||
./vault.nix
|
||||
];
|
||||
imports = [ ./meta.nix ./nginx.nix ./dns.nix ./flood.nix ./gnome ./unpackerr.nix ./vault.nix ];
|
||||
}
|
||||
|
|
|
@ -9,13 +9,13 @@ let
|
|||
ipv6Hosts = filter (hasAttr "ip6") flat_hosts;
|
||||
|
||||
localData = { hostname, realm, ip, ... }: ''"${hostname}.${realm}. A ${ip}"'';
|
||||
local6Data = { hostname, realm, ip6, ... }: ''"${hostname}.${realm}. AAAA ${ip6}"'';
|
||||
local6Data = { hostname, realm, ip6, ... }:
|
||||
''"${hostname}.${realm}. AAAA ${ip6}"'';
|
||||
ptrData = { hostname, realm, ip, ... }: ''"${ip} ${hostname}.${realm}"'';
|
||||
ptr6Data = { hostname, realm, ip6, ... }: ''"${ip6} ${hostname}.${realm}"'';
|
||||
|
||||
cfg = config.services.v.dns;
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.services.v.dns = {
|
||||
enable = mkEnableOption "v.dns";
|
||||
|
||||
|
@ -50,7 +50,8 @@ in
|
|||
use-syslog = "yes";
|
||||
module-config = ''"validator iterator"'';
|
||||
|
||||
local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
|
||||
local-zone =
|
||||
map (localdomain: ''"${localdomain}}." transparent'') domains;
|
||||
local-data = (map localData ipv4Host) ++ (map local6Data ipv6Hosts);
|
||||
local-data-ptr = (map ptrData ipv4Host) ++ (map ptr6Data ipv6Hosts);
|
||||
|
||||
|
@ -83,10 +84,7 @@ in
|
|||
})
|
||||
(mkIf (cfg.mode == "laptop") {
|
||||
interface = [ "127.0.0.1" "::1" ];
|
||||
access-control = [
|
||||
"127.0.0.1/32 allow_snoop"
|
||||
"::1 allow_snoop"
|
||||
];
|
||||
access-control = [ "127.0.0.1/32 allow_snoop" "::1 allow_snoop" ];
|
||||
})
|
||||
];
|
||||
};
|
||||
|
|
|
@ -147,6 +147,7 @@ in {
|
|||
};
|
||||
|
||||
# This is needed to create the dataDir with the correct permissions.
|
||||
systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
|
||||
systemd.tmpfiles.rules =
|
||||
[ "d '${cfg.dataDir}' 0755 ${cfg.user} ${cfg.group} -" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -48,8 +48,6 @@ in {
|
|||
"image/x-icns" = "org.gnome.eog.desktop";
|
||||
};
|
||||
|
||||
|
||||
|
||||
dconf.settings = {
|
||||
"org/gnome/desktop/input-sources" = {
|
||||
sources = [ (mkTuple [ "xkb" "us+altgr-intl" ]) ];
|
||||
|
|
43
nixos/common/modules/meta.nix
Normal file
43
nixos/common/modules/meta.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
exposesOpts = {
|
||||
options = {
|
||||
domain = mkOption {
|
||||
type = types.str;
|
||||
example = "<name>.example.com";
|
||||
description = ''
|
||||
The domain under which this service should be available
|
||||
'';
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.int;
|
||||
default = 80;
|
||||
example = 4242;
|
||||
description = ''
|
||||
The port under which the service runs on the host
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
in {
|
||||
options.meta = {
|
||||
|
||||
exposes = mkOption {
|
||||
type = with types; attrsOf (submodule exposesOpts);
|
||||
description = ''
|
||||
Exposed services
|
||||
'';
|
||||
};
|
||||
|
||||
ipv4 = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
Own IPv4 Address
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
};
|
||||
}
|
32
nixos/common/modules/nginx.nix
Normal file
32
nixos/common/modules/nginx.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{ lib, hosts, config, ... }:
|
||||
with lib;
|
||||
let cfg = config.services.v.nginx;
|
||||
in {
|
||||
options.services.v.nginx.generateVirtualHosts =
|
||||
mkEnableOption "generate vhosts";
|
||||
|
||||
config = let
|
||||
|
||||
proxy = url: {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
hosts' =
|
||||
filter (hasAttr "exposes") (attrValues hosts.${config.networking.domain});
|
||||
exposes = { ip, exposes, ... }:
|
||||
map ({ domain, port ? 80}: { inherit ip domain port; }) (attrValues exposes);
|
||||
mkVhost = { ip, domain, port}: {
|
||||
"${domain}" = proxy "http://${ip}:${toString port}";
|
||||
};
|
||||
vhosts = foldr (el: acc: acc // mkVhost el) { } (concatMap exposes hosts');
|
||||
in mkIf cfg.generateVirtualHosts {
|
||||
|
||||
services.nginx.virtualHosts = vhosts;
|
||||
|
||||
};
|
||||
}
|
|
@ -57,8 +57,7 @@ let
|
|||
'';
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
options.services.unpackerr = {
|
||||
enable = mkEnableOption "unpackerr";
|
||||
|
||||
|
@ -258,62 +257,61 @@ in
|
|||
after = [ "network.target" ];
|
||||
description = "unpackerr system service";
|
||||
# Filter out all unset variables else unpackerr complains
|
||||
environment = filterAttrs (n: v: stringLength v > 0)
|
||||
{
|
||||
# General options
|
||||
UN_DEBUG = "${toString cfg.debug}";
|
||||
UN_INTERVAL = "${cfg.interval}";
|
||||
UN_START_DELAY = "${cfg.startDelay}";
|
||||
UN_RETRY_DELAY = "${cfg.retryDelay}";
|
||||
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
|
||||
UN_PARALLEL = "${toString cfg.parallel}";
|
||||
UN_FILE_MODE = "${cfg.fileMode}";
|
||||
UN_DIR_MODE = "${cfg.dirMode}";
|
||||
environment = filterAttrs (_n: v: stringLength v > 0) {
|
||||
# General options
|
||||
UN_DEBUG = "${toString cfg.debug}";
|
||||
UN_INTERVAL = "${cfg.interval}";
|
||||
UN_START_DELAY = "${cfg.startDelay}";
|
||||
UN_RETRY_DELAY = "${cfg.retryDelay}";
|
||||
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
|
||||
UN_PARALLEL = "${toString cfg.parallel}";
|
||||
UN_FILE_MODE = "${cfg.fileMode}";
|
||||
UN_DIR_MODE = "${cfg.dirMode}";
|
||||
|
||||
# Sonarr
|
||||
UN_SONARR_0_URL = "${cfg.sonarr.url}";
|
||||
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
|
||||
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
|
||||
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
|
||||
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
|
||||
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
|
||||
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
|
||||
# Sonarr
|
||||
UN_SONARR_0_URL = "${cfg.sonarr.url}";
|
||||
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
|
||||
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
|
||||
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
|
||||
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
|
||||
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
|
||||
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
|
||||
|
||||
# Radarr
|
||||
UN_RADARR_0_URL = "${cfg.radarr.url}";
|
||||
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
|
||||
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
|
||||
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
|
||||
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
|
||||
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
|
||||
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
|
||||
# Radarr
|
||||
UN_RADARR_0_URL = "${cfg.radarr.url}";
|
||||
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
|
||||
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
|
||||
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
|
||||
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
|
||||
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
|
||||
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
|
||||
|
||||
# Lidarr
|
||||
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
|
||||
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
|
||||
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
|
||||
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
|
||||
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
|
||||
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
|
||||
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
|
||||
# Lidarr
|
||||
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
|
||||
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
|
||||
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
|
||||
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
|
||||
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
|
||||
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
|
||||
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
|
||||
|
||||
# Readarr
|
||||
UN_READARR_0_URL = "${cfg.readarr.url}";
|
||||
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
|
||||
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
|
||||
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
|
||||
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
|
||||
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
|
||||
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
|
||||
# Readarr
|
||||
UN_READARR_0_URL = "${cfg.readarr.url}";
|
||||
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
|
||||
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
|
||||
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
|
||||
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
|
||||
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
|
||||
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
|
||||
|
||||
# Folder
|
||||
UN_FOLDER_0_PATH = "${cfg.folder.path}";
|
||||
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
|
||||
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
|
||||
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
|
||||
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
|
||||
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
|
||||
} // cfg.extraConfig;
|
||||
# Folder
|
||||
UN_FOLDER_0_PATH = "${cfg.folder.path}";
|
||||
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
|
||||
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
|
||||
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
|
||||
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
|
||||
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
|
||||
} // cfg.extraConfig;
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
with lib;
|
||||
let
|
||||
cfg = config.services.v.vault;
|
||||
hostIP = config.deployment.targetHost;
|
||||
hostIP = config.meta.ipv4;
|
||||
|
||||
# Find all vault hosts that do not have the same IP as the current host
|
||||
vault_hosts =
|
||||
|
|
|
@ -1,9 +1,5 @@
|
|||
{ config, pkgs, lib, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./laura.nix
|
||||
./victor.nix
|
||||
];
|
||||
{ config, pkgs, lib, ... }: {
|
||||
imports = [ ./laura.nix ./victor.nix ];
|
||||
|
||||
# Setup ZSH to use grml config
|
||||
programs.zsh = {
|
||||
|
@ -35,7 +31,8 @@
|
|||
# Configure the root account
|
||||
users.extraUsers.root = {
|
||||
# Allow my SSH keys for logging in as root.
|
||||
openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.extraUsers.victor.openssh.authorizedKeys.keys;
|
||||
# Also use zsh for root
|
||||
shell = pkgs.zsh;
|
||||
};
|
||||
|
@ -50,5 +47,6 @@
|
|||
ripgrep
|
||||
rsync
|
||||
zoxide
|
||||
tmux
|
||||
];
|
||||
}
|
||||
|
|
|
@ -11,3 +11,4 @@
|
|||
extraGroups = [ ];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
# The block that specifies my user account.
|
||||
# The block that specifies my user account.
|
||||
users.extraUsers.victor = {
|
||||
# This account is intended for a non-system user.
|
||||
isNormalUser = true;
|
||||
|
@ -18,6 +18,7 @@
|
|||
];
|
||||
|
||||
# Make me admin
|
||||
extraGroups = [ "systemd-journal" "wheel" "networkmanager" "libvirtd" "dialout" ];
|
||||
extraGroups =
|
||||
[ "systemd-journal" "wheel" "networkmanager" "libvirtd" "dialout" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
{ pkgs, lib, ... }: {
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
# mosh ssh
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
_: {
|
||||
system.stateVersion = "22.11";
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let vs = config.vault-secrets.secrets; in
|
||||
{
|
||||
{ config, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
# the registry port and metrics port
|
||||
networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[ config.services.dockerRegistry.port 5001 ];
|
||||
|
||||
vault-secrets.secrets.docker-registry = { };
|
||||
|
||||
# Sets the minio user and password
|
||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
|
||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
|
||||
"${vs.docker-registry}/environment";
|
||||
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let vs = config.vault-secrets.secrets; in
|
||||
{
|
||||
{ config, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
# the registry port and metrics port
|
||||
networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[ config.services.dockerRegistry.port 5001 ];
|
||||
|
||||
vault-secrets.secrets.docker-registry = { };
|
||||
|
||||
# Sets the minio user and password
|
||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
|
||||
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
|
||||
"${vs.docker-registry}/environment";
|
||||
|
||||
services.dockerRegistry = {
|
||||
enable = true;
|
||||
|
@ -34,15 +36,13 @@ let vs = config.vault-secrets.secrets; in
|
|||
http.debug.prometheus.enabled = true;
|
||||
|
||||
# Webhooks
|
||||
notifications.endpoints = [
|
||||
{
|
||||
name = "keel";
|
||||
url = "http://10.10.10.17:9300/v1/webhooks/registry";
|
||||
timeout = "500ms";
|
||||
treshold = 5;
|
||||
backoff = "1s";
|
||||
}
|
||||
];
|
||||
notifications.endpoints = [{
|
||||
name = "keel";
|
||||
url = "http://10.10.10.17:9300/v1/webhooks/registry";
|
||||
timeout = "500ms";
|
||||
treshold = 5;
|
||||
backoff = "1s";
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
_: {
|
||||
system.stateVersion = "21.05";
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
|
|
|
@ -3,8 +3,28 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
# Redefining the package instead of overriding as overriding GoModules seems broken
|
||||
# see: https://github.com/NixOS/nixpkgs/issues/86349
|
||||
nuclei-latest = pkgs.buildGoModule rec {
|
||||
pname = "nuclei";
|
||||
version = "2.9.2";
|
||||
|
||||
{
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "projectdiscovery";
|
||||
repo = pname;
|
||||
rev = "1f9a065713924b28b203e2108fc76d7a1ec49068";
|
||||
hash = "sha256-QiegMoBy0gZMyQl2MRAwR14zXeh8wvVonyETdAzHbj0=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-0JNwoBqLKH1F/0Tr8o35gCSNT/2plIjIQvZRuzAZ5P8=";
|
||||
|
||||
modRoot = "./v2";
|
||||
subPackages = [ "cmd/nuclei/" ];
|
||||
|
||||
doCheck = false;
|
||||
};
|
||||
in {
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -16,12 +36,7 @@
|
|||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
gcc
|
||||
jq
|
||||
nuclei
|
||||
rustup
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ gcc go jq rustup nuclei-latest ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ ];
|
||||
|
||||
|
|
|
@ -1,27 +1,33 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.availableKernelModules = [
|
||||
"uhci_hcd"
|
||||
"ehci_pci"
|
||||
"ahci"
|
||||
"virtio_pci"
|
||||
"virtio_scsi"
|
||||
"sd_mod"
|
||||
"sr_mod"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/749c02fd-209d-4974-917e-38b749d10ec2";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/D021-72EB";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/D021-72EB";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
{ config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
|
|
|
@ -28,7 +28,6 @@ in {
|
|||
security.acme.acceptTerms = true;
|
||||
security.acme.preliminarySelfsigned = true;
|
||||
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
@ -31,9 +31,7 @@
|
|||
# LOG_LEVEL = "debug";
|
||||
TZ = "Europe/Amsterdam";
|
||||
};
|
||||
ports = [
|
||||
"5055:5055"
|
||||
];
|
||||
ports = [ "5055:5055" ];
|
||||
volumes = [ "/var/lib/overseerr/config:/app/config" ];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
datadir = "/var/lib/pmm/config";
|
||||
container = "meisnate12/plex-meta-manager:latest";
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
_: {
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
|
@ -15,9 +14,7 @@
|
|||
containers = {
|
||||
flaresolverr = {
|
||||
image = "flaresolverr/flaresolverr:v3.1.2";
|
||||
ports = [
|
||||
"8191:8191"
|
||||
];
|
||||
ports = [ "8191:8191" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
_: {
|
||||
system.stateVersion = "21.05";
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
|
|
|
@ -1,116 +1,115 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
{ config, lib, pkgs, ... }: {
|
||||
services.rtorrent = {
|
||||
enable = true;
|
||||
port = 54945; # Port Forwarded in mullvad
|
||||
downloadDir = "/mnt/storage/torrents/r";
|
||||
package = pkgs.jesec-rtorrent;
|
||||
configText = let cfg = config.services.rtorrent; in
|
||||
pkgs.lib.mkForce ''
|
||||
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
|
||||
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
|
||||
configText = let cfg = config.services.rtorrent;
|
||||
in pkgs.lib.mkForce ''
|
||||
# rTorrent runtime directory (cfg.basedir) [default: "$HOME/.local/share/rtorrent"]
|
||||
method.insert = cfg.basedir, private|const|string, (cat,"${cfg.dataDir}/")
|
||||
|
||||
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
|
||||
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
|
||||
# Default download directory (cfg.download) [default: "$(cfg.basedir)/download"]
|
||||
method.insert = cfg.download, private|const|string, (cat,"${cfg.downloadDir}")
|
||||
|
||||
# RPC Socket
|
||||
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
|
||||
# RPC Socket
|
||||
method.insert = cfg.rpcsock, private|const|string, (cat,"${cfg.rpcSocket}")
|
||||
|
||||
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
|
||||
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
|
||||
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
|
||||
# Log directory (cfg.logs) [default: "$(cfg.basedir)/log"]
|
||||
method.insert = cfg.logs, private|const|string, (cat,(cfg.basedir),"log/")
|
||||
method.insert = cfg.logfile, private|const|string, (cat,(cfg.logs),"rtorrent-",(system.time),".log")
|
||||
|
||||
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
|
||||
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
|
||||
# Torrent session directory (cfg.session) [default: "$(cfg.basedir)/.session"]
|
||||
method.insert = cfg.session, private|const|string, (cat,(cfg.basedir),".session/")
|
||||
|
||||
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
|
||||
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
|
||||
# Watch (drop to add) directories (cfg.watch) [default: "$(cfg.basedir)/watch"]
|
||||
method.insert = cfg.watch, private|const|string, (cat,(cfg.basedir),"watch/")
|
||||
|
||||
# Create directories
|
||||
fs.mkdir.recursive = (cat,(cfg.basedir))
|
||||
# Create directories
|
||||
fs.mkdir.recursive = (cat,(cfg.basedir))
|
||||
|
||||
fs.mkdir = (cat,(cfg.download))
|
||||
fs.mkdir = (cat,(cfg.logs))
|
||||
fs.mkdir = (cat,(cfg.session))
|
||||
fs.mkdir = (cat,(cfg.download))
|
||||
fs.mkdir = (cat,(cfg.logs))
|
||||
fs.mkdir = (cat,(cfg.session))
|
||||
|
||||
fs.mkdir = (cat,(cfg.watch))
|
||||
fs.mkdir = (cat,(cfg.watch),"/load")
|
||||
fs.mkdir = (cat,(cfg.watch),"/start")
|
||||
fs.mkdir = (cat,(cfg.watch))
|
||||
fs.mkdir = (cat,(cfg.watch),"/load")
|
||||
fs.mkdir = (cat,(cfg.watch),"/start")
|
||||
|
||||
# Drop to "$(cfg.watch)/load" to add torrent
|
||||
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
|
||||
# Drop to "$(cfg.watch)/load" to add torrent
|
||||
schedule2 = watch_load, 11, 10, ((load.verbose, (cat, (cfg.watch), "load/*.torrent")))
|
||||
|
||||
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
|
||||
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
|
||||
# Drop to "$(cfg.watch)/start" to add torrent and start downloading
|
||||
schedule2 = watch_start, 10, 10, ((load.start_verbose, (cat, (cfg.watch), "start/*.torrent")))
|
||||
|
||||
# Listening port for incoming peer traffic
|
||||
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
|
||||
network.port_random.set = no
|
||||
# Listening port for incoming peer traffic
|
||||
network.port_range.set = ${toString cfg.port}-${toString cfg.port}
|
||||
network.port_random.set = no
|
||||
|
||||
# Distributed Hash Table and Peer EXchange
|
||||
dht.mode.set = disable
|
||||
dht.port.set = 6881
|
||||
protocol.pex.set = yes
|
||||
# Distributed Hash Table and Peer EXchange
|
||||
dht.mode.set = disable
|
||||
dht.port.set = 6881
|
||||
protocol.pex.set = yes
|
||||
|
||||
# UDP tracker support
|
||||
trackers.use_udp.set = yes
|
||||
# UDP tracker support
|
||||
trackers.use_udp.set = yes
|
||||
|
||||
# Peer settings
|
||||
throttle.max_uploads.set = 100
|
||||
throttle.max_uploads.global.set = 250
|
||||
throttle.min_peers.normal.set = 20
|
||||
throttle.max_peers.normal.set = 60
|
||||
throttle.min_peers.seed.set = 30
|
||||
throttle.max_peers.seed.set = 80
|
||||
trackers.numwant.set = 80
|
||||
# Peer settings
|
||||
throttle.max_uploads.set = 100
|
||||
throttle.max_uploads.global.set = 250
|
||||
throttle.min_peers.normal.set = 20
|
||||
throttle.max_peers.normal.set = 60
|
||||
throttle.min_peers.seed.set = 30
|
||||
throttle.max_peers.seed.set = 80
|
||||
trackers.numwant.set = 80
|
||||
|
||||
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
|
||||
protocol.encryption.set = allow_incoming,try_outgoing,enable_retry
|
||||
|
||||
# Limits for file handle resources, this is optimized for
|
||||
# an `ulimit` of 1024 (a common default). You MUST leave
|
||||
# a ceiling of handles reserved for rTorrent's internal needs!
|
||||
network.max_open_files.set = 600
|
||||
network.max_open_sockets.set = 300
|
||||
# Limits for file handle resources, this is optimized for
|
||||
# an `ulimit` of 1024 (a common default). You MUST leave
|
||||
# a ceiling of handles reserved for rTorrent's internal needs!
|
||||
network.max_open_files.set = 600
|
||||
network.max_open_sockets.set = 300
|
||||
|
||||
# Memory resource usage (increase if you have a large number of items loaded,
|
||||
# and/or the available resources to spend)
|
||||
pieces.memory.max.set = 1800M
|
||||
network.xmlrpc.size_limit.set = 32M
|
||||
# Memory resource usage (increase if you have a large number of items loaded,
|
||||
# and/or the available resources to spend)
|
||||
pieces.memory.max.set = 1800M
|
||||
network.xmlrpc.size_limit.set = 32M
|
||||
|
||||
# Basic operational settings
|
||||
session.path.set = (cat, (cfg.session))
|
||||
directory.default.set = (cat, (cfg.download))
|
||||
log.execute = (cat, (cfg.logs), "execute.log")
|
||||
# Basic operational settings
|
||||
session.path.set = (cat, (cfg.session))
|
||||
directory.default.set = (cat, (cfg.download))
|
||||
log.execute = (cat, (cfg.logs), "execute.log")
|
||||
|
||||
# Other operational settings
|
||||
encoding.add = utf8
|
||||
system.umask.set = 0027
|
||||
system.cwd.set = (directory.default)
|
||||
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
|
||||
#pieces.hash.on_completion.set = no
|
||||
# Other operational settings
|
||||
encoding.add = utf8
|
||||
system.umask.set = 0027
|
||||
system.cwd.set = (directory.default)
|
||||
#schedule2 = low_diskspace, 5, 60, ((close_low_diskspace, 500M))
|
||||
#pieces.hash.on_completion.set = no
|
||||
|
||||
# HTTP and SSL
|
||||
network.http.max_open.set = 50
|
||||
network.http.dns_cache_timeout.set = 25
|
||||
# HTTP and SSL
|
||||
network.http.max_open.set = 50
|
||||
network.http.dns_cache_timeout.set = 25
|
||||
|
||||
#network.http.ssl_verify_peer.set = 1
|
||||
#network.http.ssl_verify_host.set = 1
|
||||
#network.http.ssl_verify_peer.set = 1
|
||||
#network.http.ssl_verify_host.set = 1
|
||||
|
||||
# Run the rTorrent process as a daemon in the background
|
||||
system.daemon.set = true
|
||||
# Run the rTorrent process as a daemon in the background
|
||||
system.daemon.set = true
|
||||
|
||||
# XML-RPC interface
|
||||
network.scgi.open_local = (cat,(cfg.rpcsock))
|
||||
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
|
||||
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
|
||||
# XML-RPC interface
|
||||
network.scgi.open_local = (cat,(cfg.rpcsock))
|
||||
schedule = scgi_group,0,0,"execute.nothrow=chown,\":rtorrent\",(cfg.rpcsock)"
|
||||
schedule = scgi_permission,0,0,"execute.nothrow=chmod,\"g+w,o=\",(cfg.rpcsock)"
|
||||
|
||||
# Logging:
|
||||
# Levels = critical error warn notice info debug
|
||||
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
|
||||
print = (cat, "Logging to ", (cfg.logfile))
|
||||
log.open_file = "log", (cfg.logfile)
|
||||
log.add_output = "debug", "log"
|
||||
'';
|
||||
# Logging:
|
||||
# Levels = critical error warn notice info debug
|
||||
# Groups = connection_* dht_* peer_* rpc_* storage_* thread_* tracker_* torrent_*
|
||||
print = (cat, "Logging to ", (cfg.logfile))
|
||||
log.open_file = "log", (cfg.logfile)
|
||||
log.add_output = "debug", "log"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
_: {
|
||||
system.stateVersion = "21.05";
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
{ pkgs, lib, ... }: {
|
||||
system.stateVersion = "21.05";
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in
|
||||
{
|
||||
in {
|
||||
networking.interfaces.eth0.useDHCP = true;
|
||||
|
||||
fileSystems."/mnt/storage" = {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ pkgs, lib, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
fix-vscode = pkgs.writeScriptBin "fix-vscode" ''
|
||||
#!${pkgs.stdenv.shell}
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
@ -16,6 +17,7 @@
|
|||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
|
||||
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
_: {
|
||||
programs.home-manager.enable = true;
|
||||
home.username = "victor";
|
||||
home.homeDirectory = "/home/victor";
|
||||
|
|
|
@ -36,6 +36,10 @@
|
|||
ip6 = "2001:41f0:9639:1:bfe7:3fd9:75de:cbee";
|
||||
mac = "9E:60:78:ED:81:B4";
|
||||
nix = false;
|
||||
exposes.ha = {
|
||||
domain = "ha.0x76.dev";
|
||||
port = 8123;
|
||||
};
|
||||
};
|
||||
"nginx" = {
|
||||
ip = "10.42.42.9";
|
||||
|
@ -46,10 +50,19 @@
|
|||
"kubernetes" = {
|
||||
ip = "10.42.42.10";
|
||||
mac = "6E:A5:25:99:FE:68";
|
||||
exposes = {
|
||||
www.domain = "0x76.dev";
|
||||
internal.domain = "internal.xirion.net";
|
||||
blog.domain = "blog.xirion.net";
|
||||
};
|
||||
};
|
||||
"dex" = {
|
||||
ip = "10.42.42.11";
|
||||
mac = "AE:66:7B:FA:15:72";
|
||||
exposes.dex = {
|
||||
domain = "dex.0x76.dev";
|
||||
port = 5556;
|
||||
};
|
||||
};
|
||||
"WoolooTV" = {
|
||||
ip = "10.42.42.13";
|
||||
|
@ -59,6 +72,10 @@
|
|||
"outline" = {
|
||||
ip = "10.42.42.14";
|
||||
mac = "52:13:EB:FD:87:F0";
|
||||
exposes.outline = {
|
||||
domain = "outline.0x76.dev";
|
||||
port = 3000;
|
||||
};
|
||||
};
|
||||
"dns-1" = {
|
||||
profile = "dns";
|
||||
|
@ -75,6 +92,10 @@
|
|||
"minio" = {
|
||||
ip = "10.42.42.17";
|
||||
mac = "0A:06:5E:E7:9A:0C";
|
||||
exposes.minio = {
|
||||
domain = "o.0x76.dev";
|
||||
port = 9000;
|
||||
};
|
||||
};
|
||||
"mailserver" = {
|
||||
ip = "10.42.42.18";
|
||||
|
@ -83,6 +104,12 @@
|
|||
"victoriametrics" = {
|
||||
ip = "10.42.42.19";
|
||||
mac = "9E:91:61:35:84:1F";
|
||||
exposes = {
|
||||
grafana = {
|
||||
domain = "grafana.0x76.dev";
|
||||
port = 2342;
|
||||
};
|
||||
};
|
||||
};
|
||||
"unifi" = {
|
||||
ip = "10.42.42.20";
|
||||
|
@ -96,15 +123,27 @@
|
|||
"gitea" = {
|
||||
ip = "10.42.42.22";
|
||||
mac = "DE:5F:B0:83:6F:34";
|
||||
exposes.git = {
|
||||
domain = "git.0x76.dev";
|
||||
port = 3000;
|
||||
};
|
||||
};
|
||||
"hedgedoc" = {
|
||||
ip = "10.42.42.23";
|
||||
mac = "86:BC:0C:18:BC:9B";
|
||||
exposes.md = {
|
||||
domain = "md.0x76.dev";
|
||||
port = 3000;
|
||||
};
|
||||
};
|
||||
"zmeura" = {
|
||||
ip = "10.42.42.24";
|
||||
mac = "b8:27:eb:d5:e0:f5";
|
||||
nix = false;
|
||||
exposes.andreea = {
|
||||
domain = "andreea.redshifts.xyz";
|
||||
port = 8008;
|
||||
};
|
||||
};
|
||||
"wireguard" = {
|
||||
ip = "10.42.42.25";
|
||||
|
@ -115,6 +154,10 @@
|
|||
ip = "10.42.42.27";
|
||||
mac = "9E:8A:6C:39:27:DE";
|
||||
nix = false;
|
||||
exposes.books = {
|
||||
domain = "books.meowy.tech";
|
||||
port = 8001;
|
||||
};
|
||||
};
|
||||
"synapse" = {
|
||||
ip = "10.42.42.28";
|
||||
|
@ -134,10 +177,15 @@
|
|||
"ntfy" = {
|
||||
ip = "10.42.42.32";
|
||||
mac = "7A:17:9E:80:72:01";
|
||||
exposes.ntfy.domain = "ntfy.0x76.dev";
|
||||
};
|
||||
"woodpecker" = {
|
||||
ip = "10.42.42.33";
|
||||
mac = "1E:24:DA:DB:4A:1A";
|
||||
exposes.ci = {
|
||||
domain = "ci.0x76.dev";
|
||||
port = 8000;
|
||||
};
|
||||
};
|
||||
"nuc" = {
|
||||
ip = "10.42.42.42";
|
||||
|
|
|
@ -7,6 +7,7 @@ let
|
|||
vs = config.vault-secrets.secrets;
|
||||
db_user = "dex";
|
||||
db_name = "dex";
|
||||
inherit (config.meta.exposes.dex) port;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
|
@ -18,7 +19,7 @@ in {
|
|||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 5556 ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
|
@ -47,7 +48,7 @@ in {
|
|||
database = db_name;
|
||||
};
|
||||
};
|
||||
web.http = "0.0.0.0:5556";
|
||||
web.http = "0.0.0.0:${toString port}";
|
||||
|
||||
connectors = [{
|
||||
type = "gitea";
|
||||
|
@ -61,12 +62,26 @@ in {
|
|||
};
|
||||
}];
|
||||
|
||||
staticClients = [{
|
||||
id = "outline";
|
||||
name = "Outline";
|
||||
redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
|
||||
secretEnv = "OUTLINE_CLIENT_SECRET";
|
||||
}];
|
||||
staticClients = [
|
||||
{
|
||||
id = "outline";
|
||||
name = "Outline";
|
||||
redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
|
||||
secretEnv = "OUTLINE_CLIENT_SECRET";
|
||||
}
|
||||
{
|
||||
id = "grafana";
|
||||
name = "Grafana";
|
||||
redirectURIs = [ "https://grafana.0x76.dev/login/generic_oauth" ];
|
||||
secretEnv = "GRAFANA_CLIENT_SECRET";
|
||||
}
|
||||
{
|
||||
id = "hedgedoc";
|
||||
name = "Hedgedoc";
|
||||
redirectURIs = [ "https://md.0x76.dev/auth/oauth2/callback" ];
|
||||
secretEnv = "HEDGEDOC_CLIENT_SECRET";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
environmentFile = "${vs.dex}/environment";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, flat_hosts, ... }:
|
||||
{ config, flat_hosts, ... }:
|
||||
let
|
||||
inherit (builtins) filter hasAttr;
|
||||
hostToKea = { hostname, mac, ip, ... }: {
|
||||
|
@ -33,6 +33,12 @@ in {
|
|||
|
||||
networking.firewall.allowedUDPPorts = [ 67 ];
|
||||
|
||||
services.prometheus.exporters.kea = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
controlSocketPaths = [ "/run/kea/kea-dhcp4.socket" ];
|
||||
};
|
||||
|
||||
services.kea.dhcp4 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -43,6 +49,11 @@ in {
|
|||
|
||||
interfaces-config.interfaces = [ "eth0" ];
|
||||
|
||||
control-socket = {
|
||||
socket-type = "unix";
|
||||
socket-name = "/run/kea/kea-dhcp4.socket";
|
||||
};
|
||||
|
||||
lease-database = {
|
||||
name = "/var/lib/kea/dhcp4.leases";
|
||||
persist = true;
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
{ pkgs, ... }: {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -5,8 +5,8 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
in
|
||||
{
|
||||
inherit (config.meta.exposes.git) port;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -22,7 +22,7 @@ in
|
|||
|
||||
environment.noXlibs = lib.mkForce false;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ config.services.gitea.settings.server.HTTP_PORT ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
services.openssh.startWhenNeeded = false;
|
||||
|
||||
|
@ -37,10 +37,8 @@ in
|
|||
};
|
||||
|
||||
system.activationScripts.gitea-theme =
|
||||
let
|
||||
target_dir = "${config.services.gitea.stateDir}/custom/public/css/";
|
||||
in
|
||||
lib.stringAfter [ "var" ] ''
|
||||
let target_dir = "${config.services.gitea.stateDir}/custom/public/css/";
|
||||
in lib.stringAfter [ "var" ] ''
|
||||
mkdir -p ${target_dir}
|
||||
ln -sf ${pkgs.v.gitea-agatheme} "${target_dir}/theme-agatheme.css"
|
||||
'';
|
||||
|
@ -54,9 +52,7 @@ in
|
|||
mailerPasswordFile = "${vs.gitea}/mailPassword";
|
||||
|
||||
settings = {
|
||||
actions = {
|
||||
"ENABLED" = true;
|
||||
};
|
||||
actions = { "ENABLED" = true; };
|
||||
repository = {
|
||||
"ENABLE_PUSH_CREATE_USER" = true;
|
||||
"DEFAULT_PUSH_CREATE_PRIVATE" = false;
|
||||
|
@ -82,6 +78,7 @@ in
|
|||
SSH_PORT = 42;
|
||||
DOMAIN = "git.0x76.dev";
|
||||
ROOT_URL = "https://git.0x76.dev";
|
||||
HTTP_PORT = port;
|
||||
};
|
||||
session = {
|
||||
"PROVIDER" = "db";
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
let
|
||||
db_name = "hedgedoc";
|
||||
db_user = "hedgedoc";
|
||||
inherit (config.meta.exposes.md) port;
|
||||
vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
@ -20,8 +21,7 @@ in {
|
|||
|
||||
environment.noXlibs = lib.mkForce false;
|
||||
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[ config.services.hedgedoc.settings.port ];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
vault-secrets.secrets.hedgedoc = { };
|
||||
|
||||
|
@ -40,7 +40,7 @@ in {
|
|||
environmentFile = "${vs.hedgedoc}/environment";
|
||||
settings = {
|
||||
host = "0.0.0.0";
|
||||
port = 3000;
|
||||
inherit port;
|
||||
sessionSecret = "$SESSION_SECRET";
|
||||
domain = "md.0x76.dev";
|
||||
protocolUseSSL = true;
|
||||
|
@ -66,7 +66,20 @@ in {
|
|||
accessKey = "$MINIO_ACCESS_KEY";
|
||||
secretKey = "$MINIO_SECRET_KEY";
|
||||
};
|
||||
email = true;
|
||||
email = false;
|
||||
oauth2 = let url = "https://dex.0x76.dev";
|
||||
in {
|
||||
providerName = "Dex";
|
||||
clientID = "hedgedoc";
|
||||
clientSecret = "$DEX_CLIENT_SECRET";
|
||||
scope = "openid email profile";
|
||||
authorizationURL = "${url}/auth";
|
||||
tokenURL = "${url}/token";
|
||||
userProfileURL = "${url}/userinfo";
|
||||
userProfileUsernameAttr = "preferred_username";
|
||||
userProfileDisplayNameAttr = "name";
|
||||
userProfileEmailAttr = "email";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, hosts, ... }: {
|
||||
{ pkgs, ... }: {
|
||||
# packages for administration tasks
|
||||
environment.systemPackages = with pkgs; [ kompose kubectl k9s k3s ];
|
||||
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets; in
|
||||
{
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -22,9 +22,7 @@ let vs = config.vault-secrets.secrets; in
|
|||
10.42.42.6 vault.olympus
|
||||
'';
|
||||
|
||||
vault-secrets.secrets.mailserver = {
|
||||
services = [ "dovecot2" "postfix" ];
|
||||
};
|
||||
vault-secrets.secrets.mailserver = { services = [ "dovecot2" "postfix" ]; };
|
||||
|
||||
mailserver = {
|
||||
enable = true;
|
||||
|
@ -36,7 +34,8 @@ let vs = config.vault-secrets.secrets; in
|
|||
# People
|
||||
"v@0x76.dev" = {
|
||||
hashedPasswordFile = "${vs.mailserver}/v@0x76.dev";
|
||||
aliases = [ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
|
||||
aliases =
|
||||
[ "v@meowy.tech" "postmaster@0x76.dev" "postmaster@meowy.tech" ];
|
||||
};
|
||||
"laura@meowy.tech" = {
|
||||
hashedPasswordFile = "${vs.mailserver}/laura@meowy.tech";
|
||||
|
@ -79,7 +78,8 @@ let vs = config.vault-secrets.secrets; in
|
|||
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
||||
package =
|
||||
pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]);
|
||||
plugins = [
|
||||
"archive"
|
||||
# "enigma"
|
||||
|
@ -98,9 +98,7 @@ let vs = config.vault-secrets.secrets; in
|
|||
'';
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
};
|
||||
services.nginx = { enable = true; };
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "v@0x76.dev";
|
||||
|
|
|
@ -2,8 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ lib, config, pkgs, inputs, ... }:
|
||||
{
|
||||
{ lib, pkgs, ... }: {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -2,11 +2,11 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
listenPort = 9000;
|
||||
consolePort = 9001;
|
||||
listenPort = config.meta.exposes.minio.port;
|
||||
consolePort = listenPort + 1;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
|
|
|
@ -4,8 +4,7 @@
|
|||
|
||||
{ config, pkgs, ... }:
|
||||
let mosquittoPort = 1883;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -1,14 +1,5 @@
|
|||
{ config, pkgs, nodes, ... }:
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
proxy = url: {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = url;
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
k8s_proxy = proxy "http://kubernetes.olympus:80/";
|
||||
clientConfig = {
|
||||
"m.homeserver" = {
|
||||
base_url = "https://chat.meowy.tech";
|
||||
|
@ -33,6 +24,9 @@ in {
|
|||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
# Generates vhosts for all hosts that have an `exposes` section
|
||||
services.v.nginx.generateVirtualHosts = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
|
@ -44,106 +38,89 @@ in {
|
|||
|
||||
package = pkgs.nginxMainline;
|
||||
|
||||
# 0x76.dev
|
||||
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
|
||||
virtualHosts."md.0x76.dev" = proxy "http://hedgedoc.olympus:3000/";
|
||||
virtualHosts."git.0x76.dev" = proxy "http://gitea.olympus:3000";
|
||||
virtualHosts."o.0x76.dev" = proxy "http://minio.olympus:9000";
|
||||
virtualHosts."grafana.0x76.dev" =
|
||||
proxy "http://victoriametrics.olympus:2342";
|
||||
virtualHosts."outline.0x76.dev" = proxy "http://outline.olympus:3000";
|
||||
virtualHosts."ntfy.0x76.dev" = proxy "http://ntfy.olympus:80";
|
||||
virtualHosts."ci.0x76.dev" = proxy "http://woodpecker.olympus:8000";
|
||||
virtualHosts."dex.0x76.dev" = proxy "http://dex.olympus:5556";
|
||||
virtualHosts."pass.0x76.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
# Templated
|
||||
virtualHosts = {
|
||||
"pass.0x76.dev" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://vaultwarden.olympus:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://vaultwarden.olympus:8222";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://vaultwarden.olympus:3012";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Redshifts
|
||||
virtualHosts."andreea.redshifts.xyz" = proxy "http://zmeura.olympus:8008";
|
||||
|
||||
# Meow
|
||||
virtualHosts."meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
add_header Content-Type 'text/html; charset=UTF-8';
|
||||
return 200 '<h1>meow</h1>';
|
||||
'';
|
||||
locations."= /.well-known/matrix/client".extraConfig =
|
||||
mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
mkWellKnown serverConfig;
|
||||
};
|
||||
virtualHosts."chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
return 307 https://element.chat.meowy.tech;
|
||||
'';
|
||||
locations."/_matrix".proxyPass = "http://synapse.olympus:8008";
|
||||
locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008";
|
||||
locations."/_synapse/admin" = {
|
||||
# Allow only local and my own IPs
|
||||
extraConfig = ''
|
||||
allow 127.0.0.1;
|
||||
allow 10.42.42.0/23;
|
||||
allow 192.168.0.0/23;
|
||||
allow 80.60.83.220;
|
||||
allow 195.85.167.32/29;
|
||||
deny all;
|
||||
# Meow
|
||||
"meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
add_header Content-Type 'text/html; charset=UTF-8';
|
||||
return 200 '<h1>meow</h1>';
|
||||
'';
|
||||
proxyPass = "http://synapse.olympus:8008";
|
||||
locations."= /.well-known/matrix/client".extraConfig =
|
||||
mkWellKnown clientConfig;
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
mkWellKnown serverConfig;
|
||||
};
|
||||
};
|
||||
virtualHosts."element.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
default_server_config = clientConfig;
|
||||
show_labs_settings = true;
|
||||
brand = "chat.meowy.tech";
|
||||
"chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".extraConfig = ''
|
||||
return 307 https://element.chat.meowy.tech;
|
||||
'';
|
||||
locations."/_matrix".proxyPass = "http://synapse.olympus:8008";
|
||||
locations."/_synapse/client".proxyPass = "http://synapse.olympus:8008";
|
||||
locations."/_synapse/admin" = {
|
||||
# Allow only local and my own IPs
|
||||
extraConfig = ''
|
||||
allow 127.0.0.1;
|
||||
allow 10.42.42.0/23;
|
||||
allow 192.168.0.0/23;
|
||||
allow 80.60.83.220;
|
||||
allow 195.85.167.32/29;
|
||||
deny all;
|
||||
'';
|
||||
proxyPass = "http://synapse.olympus:8008";
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."cinny.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
"element.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = pkgs.cinny.override {
|
||||
conf = {
|
||||
defaultHomeserver = 0;
|
||||
allowCustomHomeservers = false;
|
||||
homeserverList = [ "chat.meowy.tech" ];
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
default_server_config = clientConfig;
|
||||
show_labs_settings = true;
|
||||
brand = "chat.meowy.tech";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHosts."admin.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = pkgs.synapse-admin;
|
||||
};
|
||||
virtualHosts."books.meowy.tech" = proxy "http://bookwyrm.olympus:8001";
|
||||
"cinny.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
# Kubernetes endpoints
|
||||
virtualHosts."0x76.dev" = k8s_proxy;
|
||||
virtualHosts."internal.xirion.net" = k8s_proxy;
|
||||
virtualHosts."blog.xirion.net" = k8s_proxy;
|
||||
root = pkgs.cinny.override {
|
||||
conf = {
|
||||
defaultHomeserver = 0;
|
||||
allowCustomHomeservers = false;
|
||||
homeserverList = [ "chat.meowy.tech" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
"admin.chat.meowy.tech" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = pkgs.synapse-admin;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.defaults.email = "victorheld12@gmail.com";
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
@ -20,7 +20,8 @@
|
|||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ];
|
||||
|
||||
services.ntfy-sh = let datadir = "/var/lib/ntfy"; in {
|
||||
services.ntfy-sh = let datadir = "/var/lib/ntfy";
|
||||
in {
|
||||
enable = true;
|
||||
settings = {
|
||||
base-url = "https://ntfy.0x76.dev";
|
||||
|
|
|
@ -2,9 +2,11 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets; in
|
||||
{
|
||||
{ config, ... }:
|
||||
let
|
||||
vs = config.vault-secrets.secrets;
|
||||
inherit (config.meta.exposes.outline) port;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -16,18 +18,17 @@ let vs = config.vault-secrets.secrets; in
|
|||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
config.services.outline.port
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [ port ];
|
||||
|
||||
vault-secrets.secrets.outline = {
|
||||
inherit (config.services.outline) user group;
|
||||
};
|
||||
|
||||
services.outline = {
|
||||
inherit port;
|
||||
|
||||
enable = true;
|
||||
concurrency = 1;
|
||||
port = 3000;
|
||||
redisUrl = "local";
|
||||
databaseUrl = "local";
|
||||
publicUrl = "https://outline.0x76.dev";
|
||||
|
@ -40,7 +41,7 @@ let vs = config.vault-secrets.secrets; in
|
|||
uploadBucketName = "outline";
|
||||
region = "us-east-1"; # fake
|
||||
};
|
||||
oidcAuthentication = {
|
||||
oidcAuthentication = {
|
||||
displayName = "Dex";
|
||||
userinfoUrl = "https://dex.0x76.dev/userinfo";
|
||||
tokenUrl = "https://dex.0x76.dev/token";
|
||||
|
|
|
@ -7,8 +7,7 @@ let
|
|||
vs = config.vault-secrets.secrets;
|
||||
port = 8008;
|
||||
metricsPort = 9000;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -53,66 +52,60 @@ in
|
|||
"${vs.synapse}/email_password" # Also contains the rest of the email config
|
||||
];
|
||||
|
||||
settings =
|
||||
let log_file = pkgs.writeText "log.yml" ''
|
||||
version: 1
|
||||
settings = let
|
||||
log_file = pkgs.writeText "log.yml" ''
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
structured:
|
||||
class: synapse.logging.TerseJsonFormatter
|
||||
formatters:
|
||||
structured:
|
||||
class: synapse.logging.TerseJsonFormatter
|
||||
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.TimedRotatingFileHandler
|
||||
formatter: structured
|
||||
filename: /var/lib/matrix-synapse/synapse.log
|
||||
when: midnight
|
||||
backupCount: 3 # Does not include the current log file.
|
||||
encoding: utf8
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.TimedRotatingFileHandler
|
||||
formatter: structured
|
||||
filename: /var/lib/matrix-synapse/synapse.log
|
||||
when: midnight
|
||||
backupCount: 3 # Does not include the current log file.
|
||||
encoding: utf8
|
||||
|
||||
loggers:
|
||||
synapse:
|
||||
level: INFO
|
||||
handlers: [file]
|
||||
''; in
|
||||
{
|
||||
server_name = "meowy.tech";
|
||||
enable_registration = true;
|
||||
public_baseurl = "https://chat.meowy.tech";
|
||||
enable_metrics = true;
|
||||
max_upload_size = "100M";
|
||||
registration_requires_token = true;
|
||||
media_retention = {
|
||||
remote_media_lifetime = "90d";
|
||||
};
|
||||
log_config = "${log_file}";
|
||||
listeners = [
|
||||
{
|
||||
inherit port;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [
|
||||
{
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
port = metricsPort;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "metrics";
|
||||
tls = false;
|
||||
resources = [
|
||||
{
|
||||
names = [ "metrics" ];
|
||||
compress = false;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
loggers:
|
||||
synapse:
|
||||
level: INFO
|
||||
handlers: [file]
|
||||
'';
|
||||
in {
|
||||
server_name = "meowy.tech";
|
||||
enable_registration = true;
|
||||
public_baseurl = "https://chat.meowy.tech";
|
||||
enable_metrics = true;
|
||||
max_upload_size = "100M";
|
||||
registration_requires_token = true;
|
||||
media_retention = { remote_media_lifetime = "90d"; };
|
||||
log_config = "${log_file}";
|
||||
listeners = [
|
||||
{
|
||||
inherit port;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
}];
|
||||
}
|
||||
{
|
||||
port = metricsPort;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "metrics";
|
||||
tls = false;
|
||||
resources = [{
|
||||
names = [ "metrics" ];
|
||||
compress = false;
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, hosts, ... }: {
|
||||
_: {
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
|
|
@ -2,12 +2,13 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
{ config, ... }:
|
||||
let
|
||||
vmPort = 8428;
|
||||
grafanaDomain = config.meta.exposes.grafana.domain;
|
||||
grafanaPort = config.meta.exposes.grafana.port;
|
||||
vs = config.vault-secrets.secrets;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
@ -17,11 +18,7 @@ in
|
|||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ vmPort config.services.grafana.settings.server.http_port ];
|
||||
networking.firewall.allowedTCPPorts = [ vmPort grafanaPort ];
|
||||
networking.firewall.allowedUDPPorts = [ vmPort ];
|
||||
|
||||
services.victoriametrics = {
|
||||
|
@ -40,14 +37,19 @@ in
|
|||
scrape_timeout = "30s";
|
||||
};
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "kea";
|
||||
static_configs = [{
|
||||
targets = [ "dhcp.olympus:9547" ];
|
||||
labels.app = "dhcp";
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "nginx";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "nginx.olympus:9113" ];
|
||||
labels.app = "nginx";
|
||||
}
|
||||
];
|
||||
static_configs = [{
|
||||
targets = [ "nginx.olympus:9113" ];
|
||||
labels.app = "nginx";
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "synapse";
|
||||
|
@ -77,12 +79,28 @@ in
|
|||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
domain = "grafana.0x76.dev";
|
||||
root_url = "https://grafana.0x76.dev";
|
||||
domain = grafanaDomain;
|
||||
root_url = "https://${grafanaDomain}";
|
||||
http_addr = "0.0.0.0";
|
||||
http_port = 2342;
|
||||
http_port = grafanaPort;
|
||||
};
|
||||
security.admin_password = "$__file{${vs.grafana}/password}";
|
||||
|
||||
"auth.generic_oauth" = {
|
||||
name = "Dex";
|
||||
icon = "signin";
|
||||
enabled = true;
|
||||
allow_sign_up = true;
|
||||
client_id = "grafana";
|
||||
client_secret = "$__file{${vs.grafana}/dex_client_secret}";
|
||||
scopes = toString [ "openid" "profile" "email" "groups" ];
|
||||
auth_url = "https://dex.0x76.dev/auth";
|
||||
token_url = "https://dex.0x76.dev/token";
|
||||
api_url = "https://dex.0x76.dev/userinfo";
|
||||
skip_org_role_sync = true;
|
||||
auto_login = true;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ lib, config, pkgs, inputs, ... }:
|
||||
{ lib, config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
let
|
||||
inherit (config.meta.exposes.ci) port;
|
||||
vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
|
@ -18,7 +20,7 @@ in {
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8000 9000 ];
|
||||
networking.firewall.allowedTCPPorts = [ port 9000 ];
|
||||
|
||||
vault-secrets.secrets.woodpecker = {
|
||||
services = [ "woodpecker-server" "woodpecker-agent-docker" ];
|
||||
|
@ -46,7 +48,7 @@ in {
|
|||
WOODPECKER_GITEA_URL = "https://git.0x76.dev";
|
||||
WOODPECKER_ADMIN = "v";
|
||||
WOODPECKER_AUTHENTICATE_PUBLIC_REPOS = "true";
|
||||
WOODPECKER_SERVER_ADDR = "10.42.42.33:8000";
|
||||
WOODPECKER_SERVER_ADDR = "10.42.42.33:${toString port}";
|
||||
};
|
||||
environmentFile = "${vs.woodpecker}/environment";
|
||||
};
|
||||
|
|
|
@ -2,9 +2,8 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ pkgs, inputs, ... }: {
|
||||
{ inputs, ... }: {
|
||||
imports = [
|
||||
../../../common/desktop
|
||||
./hardware-configuration.nix
|
||||
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-z
|
||||
./hardware.nix
|
||||
|
@ -26,6 +25,8 @@
|
|||
# Enable Ozone rendering for Chromium and Electron apps.
|
||||
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||
|
||||
# environment.sessionVariables.INFRA_INFO = self; # hosts.${config.networking.domain}.${config.networking.hostName};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
|
|
@ -1,32 +1,30 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/c184866a-9a53-4a9f-9a1f-493792af7ea9";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/c184866a-9a53-4a9f-9a1f-493792af7ea9";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/5BB8-7503";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/5BB8-7503";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/bedb5b75-578e-441f-a9eb-2ecff1f4cfca"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/bedb5b75-578e-441f-a9eb-2ecff1f4cfca"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
|
@ -36,6 +34,7 @@
|
|||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.amd.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
services.hardware.bolt.enable = true;
|
||||
|
||||
hardware.trackpoint.enable = true;
|
||||
# hardware.trackpoint.enable = true;
|
||||
|
||||
# FS
|
||||
fileSystems."/".options = [ "compress=zstd" ];
|
||||
|
|
|
@ -1,5 +1,7 @@
|
|||
{
|
||||
# "null" = { type = "local"; };
|
||||
"aoife" = { type = "local"; };
|
||||
"aoife" = {
|
||||
type = "local";
|
||||
mac = "04:7b:cb:b6:2d:88";
|
||||
};
|
||||
"eevee" = { type = "local"; };
|
||||
}
|
||||
|
|
|
@ -2,18 +2,14 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, inputs, ... }: {
|
||||
imports = [
|
||||
../../../common/desktop
|
||||
./hardware-configuration.nix
|
||||
./hardware.nix
|
||||
];
|
||||
{ pkgs, inputs, ... }: {
|
||||
imports = [ ./hardware-configuration.nix ./hardware.nix ];
|
||||
|
||||
# Bootloader.
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
initrd = {
|
||||
kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
|
||||
kernelModules = [ "nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,32 +1,30 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/947a98af-9a4e-4811-a2ca-9aa00b319e9c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/D883-F146";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/D883-F146";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }
|
||||
];
|
||||
[{ device = "/dev/disk/by-uuid/a99402e1-6f2a-4c4b-b69f-aae2fd13ffc0"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
|
@ -37,5 +35,6 @@
|
|||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -1,10 +1,4 @@
|
|||
{ lib, config, pkgs, inputs, ... }:
|
||||
let
|
||||
tex = pkgs.texlive.combine {
|
||||
inherit (pkgs.texlive) scheme-full;
|
||||
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
|
||||
};
|
||||
in {
|
||||
_: {
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
home.username = "victor";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
let
|
||||
theme = "Catppuccin-Pink-Dark";
|
||||
cursorTheme = config.home.pointerCursor.name;
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, lib, inputs, ... }:
|
||||
{ pkgs, inputs, ... }:
|
||||
let
|
||||
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
|
||||
export __NV_PRIME_RENDER_OFFLOAD=1
|
||||
|
|
|
@ -1,40 +1,39 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
{ config, lib, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "nvme" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
|
||||
fileSystems."/nix" =
|
||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@/nix" ];
|
||||
};
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@/nix" ];
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@home" ];
|
||||
};
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/disk/by-uuid/d4f56e5b-2509-4e63-8324-65a35c71e90c";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@home" ];
|
||||
};
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/D478-6F66";
|
||||
fsType = "vfat";
|
||||
};
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/D478-6F66";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
|
@ -48,5 +47,6 @@
|
|||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, inputs, texlive, ... }:
|
||||
{ config, pkgs, inputs, texlive, ... }:
|
||||
let
|
||||
tex = pkgs.texlive.combine {
|
||||
inherit (pkgs.texlive) scheme-full;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, inputs, config, ... }: {
|
||||
{ pkgs, config, ... }: {
|
||||
home.file.".config/hypr/hyprpaper.conf".text = ''
|
||||
ipc = off
|
||||
preload = ~/cloud/Pictures/Wallpapers-Laptop/wallpaper-nix-pink.png
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ inputs, pkgs, lib, ... }: {
|
||||
{ inputs, pkgs, ... }: {
|
||||
imports = [ inputs.nixvim.homeManagerModules.nixvim ];
|
||||
programs.nixvim = {
|
||||
enable = true;
|
||||
|
@ -13,7 +13,7 @@
|
|||
treesitter = {
|
||||
enable = true;
|
||||
nixGrammars = false;
|
||||
ensureInstalled = [];
|
||||
ensureInstalled = [ ];
|
||||
};
|
||||
surround.enable = true;
|
||||
fugitive.enable = true;
|
||||
|
|
|
@ -32,7 +32,7 @@ let
|
|||
mantle = "292c3c";
|
||||
crust = "232634";
|
||||
|
||||
hex = mapAttrs (name: value: "#${value}") colour;
|
||||
hex = mapAttrs (_name: value: "#${value}") colour;
|
||||
};
|
||||
in {
|
||||
home.file.".xsettingsd".text = ''
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
_:
|
||||
{
|
||||
_: {
|
||||
services.v.dns = {
|
||||
enable = true;
|
||||
openFirewall = false;
|
||||
|
@ -30,21 +29,11 @@ _:
|
|||
ca_cert="/etc/ssl/certs/ca-bundle.crt"
|
||||
'';
|
||||
};
|
||||
"Pikachu 5G" = {
|
||||
psk = "@PIKACHU_PASSWORD@";
|
||||
};
|
||||
"sha256('yeet')" = {
|
||||
psk = "@SHA256_PASSWORD@";
|
||||
};
|
||||
"wired" = {
|
||||
psk = "@WIRED_PASSWORD@";
|
||||
};
|
||||
"meowy hotspot" = {
|
||||
psk = "@HOTSPOT_PASSWORD@";
|
||||
};
|
||||
"WiFi Roest" = {
|
||||
psk = "@WIFI_ROEST_PASSWORD@";
|
||||
};
|
||||
"Pikachu 5G" = { psk = "@PIKACHU_PASSWORD@"; };
|
||||
"sha256('yeet')" = { psk = "@SHA256_PASSWORD@"; };
|
||||
"wired" = { psk = "@WIRED_PASSWORD@"; };
|
||||
"meowy hotspot" = { psk = "@HOTSPOT_PASSWORD@"; };
|
||||
"WiFi Roest" = { psk = "@WIFI_ROEST_PASSWORD@"; };
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -11,9 +11,7 @@ let
|
|||
module = {
|
||||
system.stateVersion = "22.11";
|
||||
boot.supportedFilesystems = [ "btrfs" "ext4" ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ git ];
|
||||
};
|
||||
in {
|
||||
boot.loader.systemd-boot = {
|
||||
|
@ -22,7 +20,9 @@ in {
|
|||
title Rescue Boot
|
||||
linux /rescue-kernel
|
||||
initrd /rescue-initrd
|
||||
options init=${netboot.config.system.build.toplevel}/init ${toString netboot.config.boot.kernelParams}
|
||||
options init=${netboot.config.system.build.toplevel}/init ${
|
||||
toString netboot.config.boot.kernelParams
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
# nix-build -E 'with import <nixpkgs> {}; callPackage ./default.nix {}'
|
||||
final: prev: {
|
||||
_final: prev: {
|
||||
v = {
|
||||
glitch-soc = prev.callPackage ./glitch-soc { };
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ lib, stdenvNoCC, fetchFromGitHub }: stdenvNoCC.mkDerivation rec {
|
||||
{ stdenvNoCC, fetchFromGitHub }:
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "dnd-5e-latex-template";
|
||||
version = "0.8.0";
|
||||
tlType = "run";
|
||||
|
@ -13,16 +14,14 @@
|
|||
phases = [ "installPhase" ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
runHook preInstall
|
||||
|
||||
path="$out/tex/latex/${pname}"
|
||||
mkdir -p "$path"
|
||||
cp -r $src/* $path
|
||||
path="$out/tex/latex/${pname}"
|
||||
mkdir -p "$path"
|
||||
cp -r $src/* $path
|
||||
|
||||
runHook postInstall
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "DnD 5e latex template";
|
||||
};
|
||||
meta = { description = "DnD 5e latex template"; };
|
||||
}
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
{ lib, stdenvNoCC, fetchurl }: stdenvNoCC.mkDerivation {
|
||||
{ stdenvNoCC, fetchurl }:
|
||||
stdenvNoCC.mkDerivation {
|
||||
pname = "gitea-agatheme";
|
||||
version = "1.2";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://git.lain.faith/attachments/290e2304-92a3-4991-8703-fbbf52f31340";
|
||||
url =
|
||||
"https://git.lain.faith/attachments/290e2304-92a3-4991-8703-fbbf52f31340";
|
||||
sha256 = "424f4e232c7d759485cdf1bcde9edde50f2992cf6bde61c21f71eae03a905543";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,12 +1,10 @@
|
|||
{ lib, stdenv, nodejs-slim, mkYarnPackage, fetchFromGitHub, bundlerEnv, nixosTests
|
||||
, yarn, callPackage, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript
|
||||
, fetchYarnDeps, fixup_yarn_lock
|
||||
{ lib, stdenv, nodejs-slim, bundlerEnv, nixosTests, yarn, callPackage
|
||||
, imagemagick, ffmpeg, file, ruby_3_0, writeShellScript, fetchYarnDeps
|
||||
, fixup_yarn_lock
|
||||
|
||||
# Allow building a fork or custom version of Mastodon:
|
||||
, pname ? "mastodon"
|
||||
, version ? import ./version.nix
|
||||
, srcOverride ? null
|
||||
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
|
||||
# Allow building a fork or custom version of Mastodon:
|
||||
, pname ? "mastodon", version ? import ./version.nix, srcOverride ? null
|
||||
, dependenciesDir ? ./. # Should contain gemset.nix, yarn.nix and package.json.
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
|
@ -14,7 +12,8 @@ stdenv.mkDerivation rec {
|
|||
|
||||
# Using overrideAttrs on src does not build the gems and modules with the overridden src.
|
||||
# Putting the callPackage up in the arguments list also does not work.
|
||||
src = if srcOverride != null then srcOverride else callPackage ./source.nix {};
|
||||
src =
|
||||
if srcOverride != null then srcOverride else callPackage ./source.nix { };
|
||||
|
||||
mastodon-gems = bundlerEnv {
|
||||
name = "${pname}-gems-${version}";
|
||||
|
@ -42,11 +41,17 @@ stdenv.mkDerivation rec {
|
|||
|
||||
yarnOfflineCache = fetchYarnDeps {
|
||||
yarnLock = "${src}/yarn.lock";
|
||||
# sha256 = lib.fakeSha256;
|
||||
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
|
||||
# sha256 = lib.fakeSha256;
|
||||
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ fixup_yarn_lock nodejs-slim yarn mastodon-gems mastodon-gems.wrappedRuby ];
|
||||
nativeBuildInputs = [
|
||||
fixup_yarn_lock
|
||||
nodejs-slim
|
||||
yarn
|
||||
mastodon-gems
|
||||
mastodon-gems.wrappedRuby
|
||||
];
|
||||
|
||||
RAILS_ENV = "production";
|
||||
NODE_ENV = "production";
|
||||
|
@ -114,11 +119,12 @@ stdenv.mkDerivation rec {
|
|||
|
||||
passthru = {
|
||||
tests.mastodon = nixosTests.mastodon;
|
||||
updateScript = callPackage ./update.nix {};
|
||||
updateScript = callPackage ./update.nix { };
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
||||
description =
|
||||
"Self-hosted, globally interconnected microblogging software based on ActivityPub";
|
||||
homepage = "https://joinmastodon.org";
|
||||
license = licenses.agpl3Plus;
|
||||
platforms = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,5 +1,6 @@
|
|||
# This file was generated by pkgs.mastodon.updateScript.
|
||||
{ fetchgit, applyPatches }: let
|
||||
{ fetchgit, applyPatches }:
|
||||
let
|
||||
src = fetchgit {
|
||||
url = "https://github.com/glitch-soc/mastodon.git";
|
||||
rev = "c18884de32b60152600ec95ed42cdf9c00fdab7a";
|
||||
|
@ -7,5 +8,5 @@
|
|||
};
|
||||
in applyPatches {
|
||||
inherit src;
|
||||
patches = [];
|
||||
patches = [ ];
|
||||
}
|
||||
|
|
|
@ -1,25 +1,22 @@
|
|||
{ pkgs
|
||||
, runCommand
|
||||
, lib
|
||||
, makeWrapper
|
||||
, yarn2nix
|
||||
, bundix
|
||||
, coreutils
|
||||
, diffutils
|
||||
, nix-prefetch-git
|
||||
, gnused
|
||||
, jq
|
||||
}:
|
||||
{ runCommand, lib, makeWrapper, yarn2nix, bundix, coreutils, diffutils
|
||||
, nix-prefetch-git, gnused, jq }:
|
||||
let
|
||||
binPath = lib.makeBinPath [ yarn2nix bundix coreutils diffutils nix-prefetch-git gnused jq ];
|
||||
in
|
||||
runCommand "mastodon-update-script"
|
||||
{
|
||||
binPath = lib.makeBinPath [
|
||||
yarn2nix
|
||||
bundix
|
||||
coreutils
|
||||
diffutils
|
||||
nix-prefetch-git
|
||||
gnused
|
||||
jq
|
||||
];
|
||||
in runCommand "mastodon-update-script" {
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
meta = {
|
||||
maintainers = with lib.maintainers; [ happy-river ];
|
||||
description = "Utility to generate Nix expressions for Mastodon's dependencies";
|
||||
description =
|
||||
"Utility to generate Nix expressions for Mastodon's dependencies";
|
||||
platforms = lib.platforms.unix;
|
||||
};
|
||||
} ''
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ vscode-utils, lib }:
|
||||
{ vscode-utils }:
|
||||
let inherit (vscode-utils) buildVscodeMarketplaceExtension;
|
||||
in buildVscodeMarketplaceExtension {
|
||||
mktplcRef = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, modulesPath, lib, config, ... }: {
|
||||
{ pkgs, modulesPath, lib, ... }: {
|
||||
imports = [
|
||||
"${modulesPath}/installer/cd-dvd/installation-cd-graphical-calamares-gnome.nix"
|
||||
];
|
||||
|
@ -6,9 +6,7 @@
|
|||
# use the latest Linux kernel
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ git ];
|
||||
|
||||
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
||||
boot.supportedFilesystems = lib.mkForce [ "btrfs" "ext4" ];
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
{ pkgs, modulesPath, lib, ... }: {
|
||||
imports = [
|
||||
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
|
||||
];
|
||||
imports = [ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ];
|
||||
|
||||
# use the latest Linux kernel
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git
|
||||
];
|
||||
environment.systemPackages = with pkgs; [ git ];
|
||||
|
||||
# Needed for https://github.com/NixOS/nixpkgs/issues/58959
|
||||
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
|
||||
boot.supportedFilesystems =
|
||||
lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
{ lib, ... }: {
|
||||
imports = [ ../common/common.nix ../common/generic-lxc.nix ];
|
||||
|
||||
proxmoxLXC = {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
{ lib, ... }: {
|
||||
imports = [ ../common/common.nix ../common/generic-vm.nix ];
|
||||
|
||||
proxmox.qemuConf = {
|
||||
|
|
|
@ -2,7 +2,6 @@
|
|||
let
|
||||
inherit (builtins) filter attrValues concatMap mapAttrs;
|
||||
inherit (nixpkgs.lib.attrsets) mapAttrsToList;
|
||||
inherit (nixpkgs.lib) nixosSystem;
|
||||
base_imports = [
|
||||
home-manager.nixosModules.home-manager
|
||||
mailserver.nixosModules.mailserver
|
||||
|
@ -14,7 +13,7 @@ let
|
|||
./common/generic-lxc.nix
|
||||
];
|
||||
"vm" = [ ./common/generic-vm.nix ];
|
||||
"local" = [ ];
|
||||
"local" = [ ./common/desktop ];
|
||||
};
|
||||
in type: import_cases.${type} ++ base_imports;
|
||||
# Helper function to resolve what should be imported depending on the type of config (lxc, vm, bare metal)
|
||||
|
@ -22,11 +21,9 @@ let
|
|||
type_import type
|
||||
++ [ ./common "${./.}/hosts/${realm}/${profile}/configuration.nix" ];
|
||||
|
||||
in {
|
||||
inherit base_imports type_import resolve_imports;
|
||||
# Add to whatever realm a host belong to its list of tags
|
||||
add_realm_to_tags = mapAttrs (realm:
|
||||
mapAttrs (hostname:
|
||||
mapAttrs (_hostname:
|
||||
{ tags ? [ ], ... }@host:
|
||||
host // {
|
||||
tags = [ realm ] ++ tags;
|
||||
|
@ -41,8 +38,10 @@ in {
|
|||
# Filter out all hosts which aren't nixos
|
||||
filter_nix_hosts = filter ({ nix ? true, ... }: nix);
|
||||
|
||||
# outputs
|
||||
|
||||
# Helper function to build a colmena host definition
|
||||
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
||||
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
||||
let
|
||||
# this makes local apply work a bit nicer
|
||||
name = if type == "local" then hostname else "${hostname}.${realm}";
|
||||
|
@ -53,6 +52,10 @@ in {
|
|||
hostName = hostname;
|
||||
domain = realm;
|
||||
};
|
||||
meta = {
|
||||
inherit exposes;
|
||||
ipv4 = ip;
|
||||
};
|
||||
deployment = {
|
||||
inherit tags;
|
||||
targetHost = ip;
|
||||
|
@ -61,4 +64,9 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
hosts = add_realm_to_tags (import ./hosts);
|
||||
flat_hosts = flatten_hosts hosts;
|
||||
nixHosts = filter_nix_hosts flat_hosts;
|
||||
in {
|
||||
inherit base_imports mkColmenaHost hosts flat_hosts nixHosts;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue