fix statix
This commit is contained in:
parent
dae1a5da92
commit
a446437874
|
@ -1,4 +1,4 @@
|
||||||
{ ... }: {
|
{ _ }: {
|
||||||
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
|
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
|
||||||
|
|
||||||
# Supress systemd services that don't work (correctly) on LXC
|
# Supress systemd services that don't work (correctly) on LXC
|
||||||
|
|
|
@ -37,7 +37,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
networking.firewall = mkIf (cfg.openFirewall) {
|
networking.firewall = mkIf cfg.openFirewall {
|
||||||
allowedTCPPorts = [ 53 ];
|
allowedTCPPorts = [ 53 ];
|
||||||
allowedUDPPorts = [ 53 ];
|
allowedUDPPorts = [ 53 ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -115,7 +115,7 @@ in {
|
||||||
# Create user if set to default
|
# Create user if set to default
|
||||||
users.users = mkIf (cfg.user == "flood") {
|
users.users = mkIf (cfg.user == "flood") {
|
||||||
flood = {
|
flood = {
|
||||||
group = cfg.group;
|
inherit (cfg) group;
|
||||||
shell = pkgs.bashInteractive;
|
shell = pkgs.bashInteractive;
|
||||||
home = cfg.dataDir;
|
home = cfg.dataDir;
|
||||||
description = "flood Daemon user";
|
description = "flood Daemon user";
|
||||||
|
@ -124,7 +124,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# Open firewall if option is set to do so.
|
# Open firewall if option is set to do so.
|
||||||
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ cfg.port ];
|
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||||
|
|
||||||
# The actual service
|
# The actual service
|
||||||
systemd.services.flood = {
|
systemd.services.flood = {
|
||||||
|
|
|
@ -244,7 +244,7 @@ in
|
||||||
# Create user if set to default
|
# Create user if set to default
|
||||||
users.users = mkIf (cfg.user == "unpackerr") {
|
users.users = mkIf (cfg.user == "unpackerr") {
|
||||||
unpackerr = {
|
unpackerr = {
|
||||||
group = cfg.group;
|
inherit (cfg) group;
|
||||||
shell = pkgs.bashInteractive;
|
shell = pkgs.bashInteractive;
|
||||||
createHome = false;
|
createHome = false;
|
||||||
description = "unpackerr Daemon user";
|
description = "unpackerr Daemon user";
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
let
|
let
|
||||||
vs = config.vault-secrets.secrets;
|
vs = config.vault-secrets.secrets;
|
||||||
cfg = config.services.mastodon;
|
cfg = config.services.mastodon;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
# Use DHCP with static leases
|
# Use DHCP with static leases
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
@ -19,8 +18,7 @@ in
|
||||||
|
|
||||||
vault-secrets.secrets.mastodon = {
|
vault-secrets.secrets.mastodon = {
|
||||||
services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ];
|
services = [ "mastodon-init-dirs" "mastodon" "mastodon-media-prune" ];
|
||||||
user = cfg.user;
|
inherit (cfg) user group;
|
||||||
group = cfg.group;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Append the init-dirs script to add AWS/Minio secrets
|
# Append the init-dirs script to add AWS/Minio secrets
|
||||||
|
@ -47,7 +45,7 @@ in
|
||||||
|
|
||||||
elasticsearch = {
|
elasticsearch = {
|
||||||
host = "127.0.0.1";
|
host = "127.0.0.1";
|
||||||
port = config.services.elasticsearch.port;
|
inherit (config.services.elasticsearch) port;
|
||||||
};
|
};
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
|
@ -98,23 +96,21 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
# https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120
|
# https://github.com/NixOS/nixpkgs/issues/116418#issuecomment-799517120
|
||||||
systemd.services.mastodon-media-prune =
|
systemd.services.mastodon-media-prune = let cfg = config.services.mastodon;
|
||||||
let
|
in {
|
||||||
cfg = config.services.mastodon;
|
description = "Mastodon media prune";
|
||||||
in
|
environment = lib.filterAttrs (n: _: n != "PATH")
|
||||||
{
|
config.systemd.services.mastodon-web.environment;
|
||||||
description = "Mastodon media prune";
|
serviceConfig = {
|
||||||
environment = lib.filterAttrs (n: _: n != "PATH") config.systemd.services.mastodon-web.environment;
|
Type = "oneshot";
|
||||||
serviceConfig = {
|
# Remove remote media attachments older than one month.
|
||||||
Type = "oneshot";
|
ExecStart = "${cfg.package}/bin/tootctl media remove --days=30";
|
||||||
# Remove remote media attachments older than one month.
|
User = cfg.user;
|
||||||
ExecStart = "${cfg.package}/bin/tootctl media remove --days=30";
|
Group = cfg.group;
|
||||||
User = cfg.user;
|
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
|
||||||
Group = cfg.group;
|
PrivateTmp = true;
|
||||||
EnvironmentFile = "/var/lib/mastodon/.secrets_env";
|
|
||||||
PrivateTmp = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
};
|
||||||
|
|
||||||
systemd.timers.mastodon-media-prune = {
|
systemd.timers.mastodon-media-prune = {
|
||||||
description = "Mastodon media prune";
|
description = "Mastodon media prune";
|
||||||
|
@ -126,7 +122,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall =
|
networking.firewall = let cfg = config.services.mastodon;
|
||||||
let cfg = config.services.mastodon;
|
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
|
||||||
in { allowedTCPPorts = [ cfg.streamingPort cfg.webPort ]; };
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let vs = config.vault-secrets.secrets; in
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
imports = [
|
imports = [ ./rtorrent.nix ];
|
||||||
./rtorrent.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.interfaces.eth0.useDHCP = true;
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
system.stateVersion = "22.05";
|
system.stateVersion = "22.05";
|
||||||
|
@ -17,35 +15,31 @@ let vs = config.vault-secrets.secrets; in
|
||||||
enable = true;
|
enable = true;
|
||||||
host = "0.0.0.0";
|
host = "0.0.0.0";
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
downloadDir = config.services.rtorrent.downloadDir;
|
inherit (config.services.rtorrent) downloadDir;
|
||||||
};
|
};
|
||||||
|
|
||||||
vault-secrets.secrets.rtorrent = {
|
vault-secrets.secrets.rtorrent = { services = [ "wg-quick-wg0" ]; };
|
||||||
services = [ "wg-quick-wg0" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Mullvad VPN
|
# Mullvad VPN
|
||||||
networking.wg-quick.interfaces = let
|
networking.wg-quick.interfaces = let
|
||||||
postUpScript = pkgs.writeScriptBin "post_up" ''
|
postUpScript = pkgs.writeScriptBin "post_up" ''
|
||||||
#!${pkgs.stdenv.shell}
|
#!${pkgs.stdenv.shell}
|
||||||
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
|
${pkgs.iproute2}/bin/ip route add 10.42.42.0/23 via 192.168.0.1
|
||||||
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
|
${pkgs.iproute2}/bin/ip route add 10.100.0.0/24 via 192.168.0.1
|
||||||
'';
|
'';
|
||||||
in{
|
in {
|
||||||
wg0 = {
|
wg0 = {
|
||||||
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
|
address = [ "10.66.153.191/32" "fc00:bbbb:bbbb:bb01::3:99be/128" ];
|
||||||
dns = [ "193.138.218.74" ];
|
dns = [ "193.138.218.74" ];
|
||||||
privateKeyFile = "${vs.rtorrent}/wireguardKey";
|
privateKeyFile = "${vs.rtorrent}/wireguardKey";
|
||||||
postUp = "${postUpScript}/bin/post_up || true";
|
postUp = "${postUpScript}/bin/post_up || true";
|
||||||
|
|
||||||
peers = [
|
peers = [{
|
||||||
{
|
publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c=";
|
||||||
publicKey = "hnRorSW0YHlHAzGb4Uc/sjOqQIrqDnpJnTQi/n7Rp1c=";
|
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
||||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
endpoint = "185.65.134.223:51820";
|
||||||
endpoint = "185.65.134.223:51820";
|
persistentKeepalive = 25;
|
||||||
persistentKeepalive = 25;
|
}];
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,8 +23,7 @@ let vs = config.vault-secrets.secrets; in
|
||||||
];
|
];
|
||||||
|
|
||||||
vault-secrets.secrets.outline = {
|
vault-secrets.secrets.outline = {
|
||||||
user = config.services.outline.user;
|
inherit (config.services.outline) user group;
|
||||||
group = config.services.outline.group;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.outline = {
|
services.outline = {
|
||||||
|
|
|
@ -46,11 +46,33 @@
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
|
services.xserver.excludePackages = [ pkgs.xterm ];
|
||||||
|
|
||||||
# Enable the GNOME Desktop Environment.
|
# Enable the GNOME Desktop Environment.
|
||||||
services.xserver.displayManager.gdm.enable = true;
|
services.xserver.displayManager.gdm.enable = true;
|
||||||
services.xserver.desktopManager.gnome.enable = true;
|
services.xserver.desktopManager.gnome.enable = true;
|
||||||
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
|
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
|
||||||
|
environment.gnome.excludePackages =
|
||||||
|
(with pkgs; [ gnome-photos gnome-tour gnome-connections ])
|
||||||
|
++ (with pkgs.gnome; [
|
||||||
|
atomix # puzzle game
|
||||||
|
epiphany # web browser
|
||||||
|
geary # email reader
|
||||||
|
gedit # text editor
|
||||||
|
gnome-calendar
|
||||||
|
gnome-clocks
|
||||||
|
gnome-contacts
|
||||||
|
gnome-maps
|
||||||
|
gnome-music
|
||||||
|
gnome-notes
|
||||||
|
gnome-terminal
|
||||||
|
gnome-weather
|
||||||
|
hitori # sudoku game
|
||||||
|
iagno # go game
|
||||||
|
simple-scan # document scanner
|
||||||
|
tali # poker game
|
||||||
|
totem # video player
|
||||||
|
]);
|
||||||
|
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
services.udisks2.enable = true;
|
services.udisks2.enable = true;
|
||||||
|
@ -84,8 +106,8 @@
|
||||||
#media-session.enable = true;
|
#media-session.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
gnome3.gnome-tweaks
|
gnome3.gnome-tweaks
|
||||||
wireguard-tools
|
wireguard-tools
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{ lib, config, pkgs, inputs, ... }:
|
{ lib, config, pkgs, inputs, ... }:
|
||||||
let
|
let
|
||||||
tex = (pkgs.texlive.combine {
|
tex = pkgs.texlive.combine {
|
||||||
inherit (pkgs.texlive) scheme-full;
|
inherit (pkgs.texlive) scheme-full;
|
||||||
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
|
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
|
||||||
});
|
};
|
||||||
in {
|
in {
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,7 @@ in {
|
||||||
};
|
};
|
||||||
cursorTheme = {
|
cursorTheme = {
|
||||||
name = cursorTheme;
|
name = cursorTheme;
|
||||||
package = config.home.pointerCursor.package;
|
inherit (config.home.pointerCursor) package size;
|
||||||
size = config.home.pointerCursor.size;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
{ config, pkgs, lib, inputs, texlive, ... }:
|
{ config, pkgs, lib, inputs, texlive, ... }:
|
||||||
let
|
let
|
||||||
tex = (pkgs.texlive.combine {
|
tex = pkgs.texlive.combine {
|
||||||
inherit (pkgs.texlive) scheme-full;
|
inherit (pkgs.texlive) scheme-full;
|
||||||
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
|
dnd-5e-latex-template = { pkgs = [ pkgs.v.dnd-5e-latex-template ]; };
|
||||||
});
|
};
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
home.username = "victor";
|
home.username = "victor";
|
||||||
home.homeDirectory = "/home/victor";
|
home.homeDirectory = "/home/victor";
|
||||||
|
@ -62,29 +61,28 @@ in
|
||||||
|
|
||||||
xdg.mimeApps = {
|
xdg.mimeApps = {
|
||||||
enable = true;
|
enable = true;
|
||||||
defaultApplications =
|
defaultApplications = let browser = [ "firefox.desktop" ];
|
||||||
let browser = [ "firefox.desktop" ];
|
in {
|
||||||
in {
|
"image/*" = "org.gnome.eog.desktop";
|
||||||
"image/*" = "org.gnome.eog.desktop";
|
"text/html" = browser;
|
||||||
"text/html" = browser;
|
"x-scheme-handler/http" = browser;
|
||||||
"x-scheme-handler/http" = browser;
|
"x-scheme-handler/https" = browser;
|
||||||
"x-scheme-handler/https" = browser;
|
"x-scheme-handler/ftp" = browser;
|
||||||
"x-scheme-handler/ftp" = browser;
|
"x-scheme-handler/about" = browser;
|
||||||
"x-scheme-handler/about" = browser;
|
"x-scheme-handler/unknown" = browser;
|
||||||
"x-scheme-handler/unknown" = browser;
|
"application/x-extension-htm" = browser;
|
||||||
"application/x-extension-htm" = browser;
|
"application/x-extension-html" = browser;
|
||||||
"application/x-extension-html" = browser;
|
"application/x-extension-shtml" = browser;
|
||||||
"application/x-extension-shtml" = browser;
|
"application/xhtml+xml" = browser;
|
||||||
"application/xhtml+xml" = browser;
|
"application/x-extension-xhtml" = browser;
|
||||||
"application/x-extension-xhtml" = browser;
|
"application/x-extension-xht" = browser;
|
||||||
"application/x-extension-xht" = browser;
|
|
||||||
|
|
||||||
"application/json" = browser;
|
"application/json" = browser;
|
||||||
"application/pdf" = browser;
|
"application/pdf" = browser;
|
||||||
|
|
||||||
"x-scheme-handler/vscode" = "code-url-handler.desktop";
|
"x-scheme-handler/vscode" = "code-url-handler.desktop";
|
||||||
"x-scheme-handler/discord" = "webcord.desktop";
|
"x-scheme-handler/discord" = "webcord.desktop";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.foot = { enable = true; };
|
programs.foot = { enable = true; };
|
||||||
|
@ -185,20 +183,19 @@ in
|
||||||
sessionVariables = { DIRENV_LOG_FORMAT = ""; };
|
sessionVariables = { DIRENV_LOG_FORMAT = ""; };
|
||||||
};
|
};
|
||||||
|
|
||||||
xdg.userDirs =
|
xdg.userDirs = let home = config.home.homeDirectory;
|
||||||
let home = config.home.homeDirectory;
|
in {
|
||||||
in {
|
enable = true;
|
||||||
enable = true;
|
createDirectories = true;
|
||||||
createDirectories = true;
|
desktop = "${home}/.desktop";
|
||||||
desktop = "${home}/.desktop";
|
documents = "${home}/cloud/Documents";
|
||||||
documents = "${home}/cloud/Documents";
|
download = "${home}/dl";
|
||||||
download = "${home}/dl";
|
music = "${home}/cloud/Music";
|
||||||
music = "${home}/cloud/Music";
|
pictures = "${home}/cloud/Pictures";
|
||||||
pictures = "${home}/cloud/Pictures";
|
publicShare = "${home}/.publicShare";
|
||||||
publicShare = "${home}/.publicShare";
|
templates = "${home}/.templates";
|
||||||
templates = "${home}/.templates";
|
videos = "${home}/cloud/Videos";
|
||||||
videos = "${home}/cloud/Videos";
|
};
|
||||||
};
|
|
||||||
|
|
||||||
services.syncthing.enable = true;
|
services.syncthing.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -58,8 +58,7 @@ in {
|
||||||
};
|
};
|
||||||
cursorTheme = {
|
cursorTheme = {
|
||||||
name = cursorTheme;
|
name = cursorTheme;
|
||||||
package = config.home.pointerCursor.package;
|
inherit (config.home.pointerCursor) size package;
|
||||||
size = config.home.pointerCursor.size;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ ... }:
|
{ _ }:
|
||||||
{
|
{
|
||||||
services.v.dns = {
|
services.v.dns = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -28,11 +28,11 @@ let
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# Add to whatever realm a host belong to its list of tags
|
# Add to whatever realm a host belong to its list of tags
|
||||||
add_realm_to_tags = realm: hosts: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; }) hosts;
|
add_realm_to_tags = realm: map ({ tags ? [ ], ... }@host: host // { tags = [ realm ] ++ tags; inherit realm; });
|
||||||
# Flatten all hosts to a single list
|
# Flatten all hosts to a single list
|
||||||
flatten_hosts = hosts: concatLists (attrValues hosts);
|
flatten_hosts = hosts: concatLists (attrValues hosts);
|
||||||
# Filter out all hosts which aren't nixos
|
# Filter out all hosts which aren't nixos
|
||||||
filter_nix_hosts = hosts: filter ({ nix ? true, ... }: nix) hosts;
|
filter_nix_hosts = filter ({ nix ? true, ... }: nix);
|
||||||
|
|
||||||
# Helper function to build a colmena host definition
|
# Helper function to build a colmena host definition
|
||||||
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
||||||
|
@ -50,7 +50,7 @@ in
|
||||||
deployment = {
|
deployment = {
|
||||||
inherit tags;
|
inherit tags;
|
||||||
targetHost = ip;
|
targetHost = ip;
|
||||||
allowLocalDeployment = (type == "local");
|
allowLocalDeployment = type == "local";
|
||||||
targetUser = null; # Defaults to $USER
|
targetUser = null; # Defaults to $USER
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue