diff --git a/flake.nix b/flake.nix index 4ec7e8f..f756bda 100644 --- a/flake.nix +++ b/flake.nix @@ -93,7 +93,25 @@ overlays = (if config?overlays then config.overlays else [ ]) ++ [ overlay ]; }); # this is actual config, it gets processed below - config = { + config = let + mkBpiR3 = storage: config: config // { + system = "aarch64-linux"; + modules = (config.modules or [ ]) ++ [ (import ./system/devices/bpi-r3-router.nix storage) ]; + }; + routerConfig = rec { + system = "aarch64-linux"; + specialArgs.server-config = nixosConfigurations.nixserver.config; + modules = [ + { + _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; + _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; + } + (if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default) + ]; + }; + in { + router-emmc = mkBpiR3 "emmc" routerConfig; + router-sd = mkBpiR3 "sd" routerConfig; nixserver = { modules = [ nixos-mailserver.nixosModules.default @@ -101,30 +119,6 @@ (if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default) ]; }; - router-emmc = rec { - system = "aarch64-linux"; - specialArgs.server-config = nixosConfigurations.nixserver.config; - modules = [ - { - _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; - _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; - } - (import ./system/devices/bpi-r3-router.nix "emmc") - (if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default) - ]; - }; - router-sd = rec { - system = "aarch64-linux"; - specialArgs.server-config = nixosConfigurations.nixserver.config; - modules = [ - { - _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; - _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; - } - (import ./system/devices/bpi-r3-router.nix "sd") - (if devNixRt then (import /${devPath}/nixos-router) else nixos-router.nixosModules.default) - ]; - }; nixmsi = rec { system = "x86_64-linux"; modules = [ @@ -274,7 +268,7 @@ hydraJobs = { server.${config.nixserver.system or "x86_64-linux"} = nixosConfigurations.nixserver; workstation.${config.nixmsi.system or "x86_64-linux"} = nixosConfigurations.nixmsi; - router.${config.router.system or "x86_64-linux"} = nixosConfigurations.router; + router.${config.router-emmc.system or "x86_64-linux"} = nixosConfigurations.router-emmc; workstation-home.${config.nixmsi.system or "x86_64-linux"} = homeConfigurations."user@nixmsi"; }; }; diff --git a/system/hosts/nixserver/home.nix b/system/hosts/nixserver/home.nix index 17463c2..d2a1cf1 100644 --- a/system/hosts/nixserver/home.nix +++ b/system/hosts/nixserver/home.nix @@ -52,6 +52,10 @@ in { proxyWebsockets = true; }; locations."/grafana/public/".alias = "${config.services.grafana.settings.server.static_root_path}/"; + locations."/printer/" = { + proxyPass = "http://127.0.0.1:631/"; + proxyWebsockets = true; + }; }; services.nginx.virtualHosts."hydra.${cfg.domainName}" = { quic = true; @@ -98,9 +102,19 @@ in { # smtpHost = "mail.${cfg.domainName}"; useSubstitutes = true; }; - systemd.services.nix-daemon = { - serviceConfig.CPUQuota = "50%"; - }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + nix.buildMachines = [ + { + hostName = "localhost"; + protocol = null; + supportedFeatures = [ "kvm" "local" "nixos-test" "benchmark" "big-parallel" ]; + systems = [ "builtin" "x86_64-linux" "i686-linux" "aarch64-linux" ]; + } + ]; + # limit CI CPU usage since I'm running everything else off this server too + # systemd.services.nix-daemon.serviceConfig.CPUQuota = "50%"; + systemd.services.hydra-evaluator.serviceConfig.CPUQuota = "50%"; + programs.ccache.enable = true; services.nginx.statusPage = true; services.gitea.settings.metrics.ENABLED = true; @@ -168,7 +182,7 @@ in { job_name = "local_medium_freq"; scrape_interval = "15m"; static_configs = [ { - targets = [ "127.0.0.1:9548" ]; + targets = [ "127.0.0.1:9548" "127.0.0.1:9198" ]; labels.machine = "server"; } ]; } @@ -279,7 +293,7 @@ in { }; };*/ - networking.firewall.allowedTCPPorts = [ 631 9100 ]; + networking.firewall.allowedTCPPorts = [ 631 ]; services.printing = { enable = true; allowFrom = [ cfg.lanCidrV4 cfg.lanCidrV6 ]; @@ -287,7 +301,7 @@ in { clientConf = '' ServerName home.${cfg.domainName} ''; - listenAddresses = [ "*:631" "*:9100" ]; + listenAddresses = [ "*:631" ]; defaultShared = true; drivers = [ pkgs.hplip ]; startWhenNeeded = false; diff --git a/system/modules/impermanence.nix b/system/modules/impermanence.nix index 9dad725..4be2403 100644 --- a/system/modules/impermanence.nix +++ b/system/modules/impermanence.nix @@ -98,6 +98,12 @@ in { { directory = /var/lib/pleroma; user = "pleroma"; group = "pleroma"; mode = "0700"; } ] ++ lib.optionals config.services.akkoma.enable [ { directory = /var/lib/akkoma; user = "akkoma"; group = "akkoma"; mode = "0700"; } + ] ++ lib.optionals config.services.hydra.enable [ + { directory = /var/lib/hydra; user = "hydra"; group = "hydra"; mode = "0755"; } + ] ++ lib.optionals config.services.grafana.enable [ + { directory = /var/lib/grafana; user = "grafana"; group = "grafana"; mode = "0755"; } + ] ++ lib.optionals config.services.prometheus.enable [ + { directory = /var/lib/${config.services.prometheus.stateDir}; user = "prometheus"; group = "prometheus"; mode = "0755"; } ] ++ lib.optionals config.services.postfix.enable [ { directory = /var/lib/postfix; user = "root"; group = "root"; mode = "0755"; } ] ++ lib.optionals config.services.postgresql.enable [