v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

fix statix

Browse source
This commit is contained in:
Vivian 2022-12-01 22:13:05 +01:00
parent dae1a5da92
commit a446437874
14 changed files with 106 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/common/generic-lxc.nix
View file

@ -1,4 +1,4 @@
{ ... }: { { _ }: {
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
# Supress systemd services that don't work (correctly) on LXC # Supress systemd services that don't work (correctly) on LXC

2
nixos/common/modules/dns.nix
View file

@ -37,7 +37,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall = mkIf (cfg.openFirewall) { networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 53 ]; allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ]; allowedUDPPorts = [ 53 ];
}; };

4
nixos/common/modules/flood.nix
View file

@ -115,7 +115,7 @@ in {
# Create user if set to default # Create user if set to default
users.users = mkIf (cfg.user == "flood") { users.users = mkIf (cfg.user == "flood") {
flood = { flood = {
group = cfg.group; inherit (cfg) group;
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
home = cfg.dataDir; home = cfg.dataDir;
description = "flood Daemon user"; description = "flood Daemon user";
@ -124,7 +124,7 @@ in {
}; };
# Open firewall if option is set to do so. # Open firewall if option is set to do so.
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ]; networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
# The actual service # The actual service
systemd.services.flood = { systemd.services.flood = {

2
nixos/common/modules/unpackerr.nix
View file

@ -244,7 +244,7 @@ in
# Create user if set to default # Create user if set to default
users.users = mkIf (cfg.user == "unpackerr") { users.users = mkIf (cfg.user == "unpackerr") {
unpackerr = { unpackerr = {
group = cfg.group; inherit (cfg) group;
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
createHome = false; createHome = false;
description = "unpackerr Daemon user"; description = "unpackerr Daemon user";

21
nixos/hosts/hades/mastodon/configuration.nix
View file

@ -2,8 +2,7 @@
let let
vs = config.vault-secrets.secrets; vs = config.vault-secrets.secrets;
cfg = config.services.mastodon; cfg = config.services.mastodon;
in in {
{
system.stateVersion = "21.05"; system.stateVersion = "21.05";
# Use DHCP with static leases # Use DHCP with static leases
networking.interfaces.eth0.useDHCP = true; networking.interfaces.eth0.useDHCP = true;
@ -19,8 +18,7 @@ in
vault-secrets.secrets.mastodon = { vault-secrets.secrets.mastodon = {
services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ]; services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ];
user = cfg.user; inherit (cfg) user group;
group = cfg.group;
}; };
# Append the init-dirs script to add AWS/Minio secrets # Append the init-dirs script to add AWS/Minio secrets
@ -47,7 +45,7 @@ in
elasticsearch = { elasticsearch = {
host = "127.0.0.1"; host = "127.0.0.1";
port = config.services.elasticsearch.port; inherit (config.services.elasticsearch) port;
}; };
database = { database = {
@ -98,13 +96,11 @@ in
}; };
# https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120 # https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120
systemd.services.mastodon-media-prune = systemd.services.mastodon-media-prune = let cfg = config.services.mastodon;
let in {
cfg = config.services.mastodon;
in
{
description = "Mastodon media prune"; description = "Mastodon media prune";
environment = lib.filterAttrs (n: _: n != "PATH") config.systemd.services.mastodon-web.environment; environment = lib.filterAttrs (n: _: n != "PATH")
config.systemd.services.mastodon-web.environment;
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
# Remove remote media attachments older than one month. # Remove remote media attachments older than one month.
@ -126,7 +122,6 @@ in
}; };
}; };
networking.firewall = networking.firewall = let cfg = config.services.mastodon;
let cfg = config.services.mastodon;
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; }; in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
} }

22
nixos/hosts/hades/rtorrent/configuration.nix
View file

@ -1,9 +1,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let vs = config.vault-secrets.secrets; in let vs = config.vault-secrets.secrets;
{ in {
imports = [ imports = [ ./rtorrent.nix ];
./rtorrent.nix
];
networking.interfaces.eth0.useDHCP = true; networking.interfaces.eth0.useDHCP = true;
system.stateVersion = "22.05"; system.stateVersion = "22.05";
@ -17,12 +15,10 @@ let vs = config.vault-secrets.secrets; in
enable = true; enable = true;
host = "0.0.0.0"; host = "0.0.0.0";
openFirewall = true; openFirewall = true;
downloadDir = config.services.rtorrent.downloadDir; inherit (config.services.rtorrent) downloadDir;
}; };
vault-secrets.secrets.rtorrent = { vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; };
services = [ "wg-quick-wg0" ];
};
# Mullvad VPN # Mullvad VPN
networking.wg-quick.interfaces = let networking.wg-quick.interfaces = let
@ -31,21 +27,19 @@ let vs = config.vault-secrets.secrets; in
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1 ${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1 ${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
''; '';
in{ in {
wg0 = { wg0 = {
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ]; address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
dns = [ "193.138.218.74" ]; dns = [ "193.138.218.74" ];
privateKeyFile = "${vs.rtorrent}/wireguardKey"; privateKeyFile = "${vs.rtorrent}/wireguardKey";
postUp = "${postUpScript}/bin/post_up || true"; postUp = "${postUpScript}/bin/post_up || true";
peers = [ peers = [{
{
publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c="; publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c=";
allowedIPs = [ "0.0.0.0/0" "::/0" ]; allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "185.65.134.223:51820"; endpoint = "185.65.134.223:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
} }];
];
}; };
}; };
} }

3
nixos/hosts/olympus/outline/configuration.nix
View file

@ -23,8 +23,7 @@ let vs = config.vault-secrets.secrets; in
]; ];
vault-secrets.secrets.outline = { vault-secrets.secrets.outline = {
user = config.services.outline.user; inherit (config.services.outline) user group;
group = config.services.outline.group;
}; };
services.outline = { services.outline = {

22
nixos/hosts/thalassa/aoife/configuration.nix
View file

@ -46,11 +46,33 @@
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.excludePackages = [ pkgs.xterm ];
# Enable the GNOME Desktop Environment. # Enable the GNOME Desktop Environment.
services.xserver.displayManager.gdm.enable = true; services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
environment.gnome.excludePackages =
(with pkgs; [ gnome-photos gnome-tour gnome-connections ])
++ (with pkgs.gnome; [
atomix # puzzle game
epiphany # web browser
geary # email reader
gedit # text editor
gnome-calendar
gnome-clocks
gnome-contacts
gnome-maps
gnome-music
gnome-notes
gnome-terminal
gnome-weather
hitori # sudoku game
iagno # go game
simple-scan # document scanner
tali # poker game
totem # video player
]);
programs.dconf.enable = true; programs.dconf.enable = true;
services.udisks2.enable = true; services.udisks2.enable = true;

4
nixos/hosts/thalassa/aoife/home/default.nix
View file

@ -1,9 +1,9 @@
{ lib, config, pkgs, inputs, ... }: { lib, config, pkgs, inputs, ... }:
let let
tex = (pkgs.texlive.combine { tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full; inherit (pkgs.texlive) scheme-full;
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
}); };
in { in {
programs.home-manager.enable = true; programs.home-manager.enable = true;

3
nixos/hosts/thalassa/aoife/home/theme.nix
View file

@ -21,8 +21,7 @@ in {
}; };
cursorTheme = { cursorTheme = {
name = cursorTheme; name = cursorTheme;
package = config.home.pointerCursor.package; inherit (config.home.pointerCursor) package size;
size = config.home.pointerCursor.size;
}; };
}; };

13
nixos/hosts/thalassa/null/home/default.nix
View file

@ -1,11 +1,10 @@
{ config, pkgs, lib, inputs, texlive, ... }: { config, pkgs, lib, inputs, texlive, ... }:
let let
tex = (pkgs.texlive.combine { tex = pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-full; inherit (pkgs.texlive) scheme-full;
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; }; dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
}); };
in in {
{
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.username = "victor"; home.username = "victor";
home.homeDirectory = "/home/victor"; home.homeDirectory = "/home/victor";
@ -62,8 +61,7 @@ in
xdg.mimeApps = { xdg.mimeApps = {
enable = true; enable = true;
defaultApplications = defaultApplications = let browser = [ "firefox.desktop" ];
let browser = [ "firefox.desktop" ];
in { in {
"image/*" = "org.gnome.eog.desktop"; "image/*" = "org.gnome.eog.desktop";
"text/html" = browser; "text/html" = browser;
@ -185,8 +183,7 @@ in
sessionVariables = { DIRENV_LOG_FORMAT = ""; }; sessionVariables = { DIRENV_LOG_FORMAT = ""; };
}; };
xdg.userDirs = xdg.userDirs = let home = config.home.homeDirectory;
let home = config.home.homeDirectory;
in { in {
enable = true; enable = true;
createDirectories = true; createDirectories = true;

3
nixos/hosts/thalassa/null/home/theme.nix
View file

@ -58,8 +58,7 @@ in {
}; };
cursorTheme = { cursorTheme = {
name = cursorTheme; name = cursorTheme;
package = config.home.pointerCursor.package; inherit (config.home.pointerCursor) size package;
size = config.home.pointerCursor.size;
}; };
}; };

2
nixos/hosts/thalassa/null/networking.nix
View file

@ -1,4 +1,4 @@
{ ... }: { _ }:
{ {
services.v.dns = { services.v.dns = {
enable = true; enable = true;

6
nixos/util.nix
View file

@ -28,11 +28,11 @@ let
in in
{ {
# Add to whatever realm a host belong to its list of tags # Add to whatever realm a host belong to its list of tags
add_realm_to_tags = realm: hosts: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }) hosts; add_realm_to_tags = realm: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; });
# Flatten all hosts to a single list # Flatten all hosts to a single list
flatten_hosts = hosts: concatLists (attrValues hosts); flatten_hosts = hosts: concatLists (attrValues hosts);
# Filter out all hosts which aren't nixos # Filter out all hosts which aren't nixos
filter_nix_hosts = hosts: filter ({ nix ? true, ... }: nix) hosts; filter_nix_hosts = filter ({ nix ? true, ... }: nix);
# Helper function to build a colmena host definition # Helper function to build a colmena host definition
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host: mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
@ -50,7 +50,7 @@ in
deployment = { deployment = {
inherit tags; inherit tags;
targetHost = ip; targetHost = ip;
allowLocalDeployment = (type == "local"); allowLocalDeployment = type == "local";
targetUser = null; # Defaults to $USER targetUser = null; # Defaults to $USER
}; };
}; };