v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

fix statix

Browse source
This commit is contained in:
Vivian 2022-12-01 22:13:05 +01:00
parent dae1a5da92
commit a446437874
14 changed files with 106 additions and 101 deletions
Download patch file Download diff file Expand all files Collapse all files

43
nixos/hosts/hades/mastodon/configuration.nix
View file

@ -2,8 +2,7 @@
let
vs = config.vault-secrets.secrets;
cfg = config.services.mastodon;
in
{
in {
system.stateVersion = "21.05";
# Use DHCP with static leases
networking.interfaces.eth0.useDHCP = true;
@ -19,8 +18,7 @@ in
vault-secrets.secrets.mastodon = {
services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ];
user = cfg.user;
group = cfg.group;
inherit (cfg) user group;
};
# Append the init-dirs script to add AWS/Minio secrets
@ -47,7 +45,7 @@ in
elasticsearch = {
host = "127.0.0.1";
port = config.services.elasticsearch.port;
inherit (config.services.elasticsearch) port;
};
database = {
@ -98,23 +96,21 @@ in
};
# https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120
systemd.services.mastodon-media-prune =
let
cfg = config.services.mastodon;
in
{
description = "Mastodon media prune";
environment = lib.filterAttrs (n: _: n != "PATH") config.systemd.services.mastodon-web.environment;
serviceConfig = {
Type = "oneshot";
# Remove remote media attachments older than one month.
ExecStart = "${cfg.package}/bin/tootctl media remove --days=30";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true;
};
systemd.services.mastodon-media-prune = let cfg = config.services.mastodon;
in {
description = "Mastodon media prune";
environment = lib.filterAttrs (n: _: n != "PATH")
config.systemd.services.mastodon-web.environment;
serviceConfig = {
Type = "oneshot";
# Remove remote media attachments older than one month.
ExecStart = "${cfg.package}/bin/tootctl media remove --days=30";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
PrivateTmp = true;
};
};
systemd.timers.mastodon-media-prune = {
description = "Mastodon media prune";
@ -126,7 +122,6 @@ in
};
};
networking.firewall =
let cfg = config.services.mastodon;
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
networking.firewall = let cfg = config.services.mastodon;
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
}

32
nixos/hosts/hades/rtorrent/configuration.nix
View file

@ -1,9 +1,7 @@
{ config, pkgs, ... }:
let vs = config.vault-secrets.secrets; in
{
imports = [
./rtorrent.nix
];
let vs = config.vault-secrets.secrets;
in {
imports = [ ./rtorrent.nix ];
networking.interfaces.eth0.useDHCP = true;
system.stateVersion = "22.05";
@ -17,35 +15,31 @@ let vs = config.vault-secrets.secrets; in
enable = true;
host = "0.0.0.0";
openFirewall = true;
downloadDir = config.services.rtorrent.downloadDir;
inherit (config.services.rtorrent) downloadDir;
};
vault-secrets.secrets.rtorrent = {
services = [ "wg-quick-wg0" ];
};
vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; };
# Mullvad VPN
networking.wg-quick.interfaces = let
networking.wg-quick.interfaces = let
postUpScript = pkgs.writeScriptBin "post_up" ''
#!${pkgs.stdenv.shell}
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
'';
in{
in {
wg0 = {
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
dns = [ "193.138.218.74" ];
privateKeyFile = "${vs.rtorrent}/wireguardKey";
postUp = "${postUpScript}/bin/post_up || true";
peers = [
{
publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "185.65.134.223:51820";
persistentKeepalive = 25;
}
];
peers = [{
publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "185.65.134.223:51820";
persistentKeepalive = 25;
}];
};
};
}