small cleanup
This commit is contained in:
parent
33b4fe95c2
commit
d5f9e87bc9
|
@ -4,7 +4,7 @@ To install, put `system` to `/etc/nixos`, put `home` to
|
||||||
`~/.config/home-manager` (and `overlays.nix` to `~/.config/nixpkgs`)
|
`~/.config/home-manager` (and `overlays.nix` to `~/.config/nixpkgs`)
|
||||||
|
|
||||||
The reason they are separate is because I want to be able to iterate
|
The reason they are separate is because I want to be able to iterate
|
||||||
home config quickly, and `nixos-rebuild`'ing the entire sytem for every
|
home config quickly, and `nixos-rebuild`'ing the entire system for every
|
||||||
little change is pretty annoying (not to mention the necessity of
|
little change is pretty annoying (not to mention the necessity of
|
||||||
`sudo`). I'll probably merge them later, especially after
|
`sudo`). I'll probably merge them later, especially after
|
||||||
[Tvix](https://tvl.fyi/blog/rewriting-nix) becomes feature-complete.
|
[Tvix](https://tvl.fyi/blog/rewriting-nix) becomes feature-complete.
|
||||||
|
|
|
@ -26,20 +26,32 @@
|
||||||
let
|
let
|
||||||
hw = nixos-hardware.nixosModules;
|
hw = nixos-hardware.nixosModules;
|
||||||
# IRL-related stuff I'd rather not put into git
|
# IRL-related stuff I'd rather not put into git
|
||||||
priv = if builtins.pathExists ./private/default.nix then (import ./private)
|
priv =
|
||||||
else if builtins.pathExists ./private.nix then (import ./private.nix)
|
if builtins.pathExists ./private.nix then (import ./private.nix)
|
||||||
else { };
|
else if builtins.pathExists ./private/default.nix then (import ./private)
|
||||||
|
else { };
|
||||||
getPriv = hostname: with builtins; if hasAttr hostname priv then getAttr hostname priv else { };
|
getPriv = hostname: with builtins; if hasAttr hostname priv then getAttr hostname priv else { };
|
||||||
common = hostname: [ (getPriv hostname) impermanence.nixosModule ];
|
common = hostname: [ (getPriv hostname) ];
|
||||||
extraArgs = {
|
extraArgs = {
|
||||||
inherit nixpkgs;
|
inherit nixpkgs;
|
||||||
};
|
};
|
||||||
|
lib = nixpkgs.lib // {
|
||||||
|
quotePotentialIpV6 = addr:
|
||||||
|
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
|
||||||
|
};
|
||||||
|
specialArgs = {
|
||||||
|
inherit lib;
|
||||||
|
};
|
||||||
|
mkHost = args @ { system ? "x86_64-linux", modules, ... }: {
|
||||||
|
inherit system extraArgs specialArgs;
|
||||||
|
} // args;
|
||||||
in utils.lib.mkFlake {
|
in utils.lib.mkFlake {
|
||||||
inherit self inputs;
|
inherit self inputs;
|
||||||
hostDefaults.modules = [
|
hostDefaults.modules = [
|
||||||
./modules/vfio.nix
|
./modules/vfio.nix
|
||||||
./modules/ccache.nix
|
./modules/ccache.nix
|
||||||
./modules/impermanence.nix
|
./modules/impermanence.nix
|
||||||
|
impermanence.nixosModule
|
||||||
{
|
{
|
||||||
# make this flake's nixpkgs available to the whole system
|
# make this flake's nixpkgs available to the whole system
|
||||||
nix = {
|
nix = {
|
||||||
|
@ -47,12 +59,11 @@
|
||||||
generateRegistryFromInputs = true;
|
generateRegistryFromInputs = true;
|
||||||
linkInputs = true;
|
linkInputs = true;
|
||||||
};
|
};
|
||||||
nixpkgs.overlays = [ (self: super: import ./pkgs { pkgs = super; }) ];
|
nixpkgs.overlays = [ (self: super: import ./pkgs { pkgs = super; inherit lib; }) ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
hosts = {
|
hosts = {
|
||||||
nixmsi = {
|
nixmsi = mkHost {
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/nixmsi.nix
|
./hosts/nixmsi.nix
|
||||||
nix-gaming.nixosModules.pipewireLowLatency
|
nix-gaming.nixosModules.pipewireLowLatency
|
||||||
|
@ -62,17 +73,14 @@
|
||||||
hw.common-gpu-amd # configures drivers
|
hw.common-gpu-amd # configures drivers
|
||||||
hw.common-pc-laptop # enables tlp
|
hw.common-pc-laptop # enables tlp
|
||||||
] ++ common "nixmsi";
|
] ++ common "nixmsi";
|
||||||
inherit extraArgs;
|
|
||||||
};
|
};
|
||||||
nixserver = {
|
nixserver = mkHost {
|
||||||
system = "x86_64-linux";
|
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/nixserver
|
./hosts/nixserver
|
||||||
nixos-mailserver.nixosModules.default
|
nixos-mailserver.nixosModules.default
|
||||||
hw.common-pc-hdd
|
hw.common-pc-hdd
|
||||||
hw.common-cpu-intel
|
hw.common-cpu-intel
|
||||||
] ++ common "nixserver";
|
] ++ common "nixserver";
|
||||||
inherit extraArgs;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,9 +5,6 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
# TODO: move to lib
|
|
||||||
quotePotentialIpV6 = addr:
|
|
||||||
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
|
|
||||||
efiPart = "/dev/disk/by-uuid/3E2A-A5CB";
|
efiPart = "/dev/disk/by-uuid/3E2A-A5CB";
|
||||||
rootUuid = "6aace237-9b48-4294-8e96-196759a5305b";
|
rootUuid = "6aace237-9b48-4294-8e96-196759a5305b";
|
||||||
|
@ -221,7 +218,7 @@ in {
|
||||||
# SSH
|
# SSH
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.PermitRootLogin = "no";
|
# settings.PermitRootLogin = "no";
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
listenAddresses = [{
|
listenAddresses = [{
|
||||||
addr = "0.0.0.0";
|
addr = "0.0.0.0";
|
||||||
|
@ -243,7 +240,7 @@ in {
|
||||||
});
|
});
|
||||||
services.searx.runInUwsgi = true;
|
services.searx.runInUwsgi = true;
|
||||||
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
|
services.searx.uwsgiConfig = let inherit (config.services.searx) settings; in {
|
||||||
socket = "${quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
socket = "${lib.quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
||||||
};
|
};
|
||||||
users.groups.searx.members = [ "nginx" ];
|
users.groups.searx.members = [ "nginx" ];
|
||||||
services.searx.environmentFile = "/etc/nixos/private/searx.env";
|
services.searx.environmentFile = "/etc/nixos/private/searx.env";
|
||||||
|
@ -284,9 +281,9 @@ in {
|
||||||
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
|
services.nginx.virtualHosts."search.${cfg.domainName}" = let inherit (config.services.searx) settings; in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
# locations."/".proxyPass = "http://${quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
# locations."/".proxyPass = "http://${lib.quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
uwsgi_pass "${quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
uwsgi_pass "${lib.quotePotentialIpV6 settings.server.bind_address}:${toString settings.server.port}";
|
||||||
include ${config.services.nginx.package}/conf/uwsgi_params;
|
include ${config.services.nginx.package}/conf/uwsgi_params;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -389,7 +386,7 @@ in {
|
||||||
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.gitea) settings; in {
|
services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.gitea) settings; in {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."/".proxyPass = "http://${quotePotentialIpV6 settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
|
locations."/".proxyPass = "http://${lib.quotePotentialIpV6 settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}";
|
||||||
};
|
};
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -449,6 +446,13 @@ in {
|
||||||
https = true;
|
https = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.pleroma = {
|
||||||
|
enable = true;
|
||||||
|
secretConfigFile = "/var/lib/pleroma/secrets.exs";
|
||||||
|
configs = [ ''
|
||||||
|
import Config
|
||||||
|
'' ];
|
||||||
|
};
|
||||||
systemd.services.pleroma.path = [ pkgs.exiftool pkgs.gawk ];
|
systemd.services.pleroma.path = [ pkgs.exiftool pkgs.gawk ];
|
||||||
services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
|
services.nginx.virtualHosts."pleroma.${cfg.domainName}" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
|
@ -1,12 +1,9 @@
|
||||||
{ config
|
{ config
|
||||||
, pkgs
|
, pkgs
|
||||||
, lib
|
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
quotePotentialIpV6 = addr:
|
|
||||||
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
in {
|
in {
|
||||||
services.nginx.virtualHosts."${cfg.domainName}" = {
|
services.nginx.virtualHosts."${cfg.domainName}" = {
|
||||||
locations."/fdroid/".alias = "/var/lib/fdroid/repo/";
|
locations."/fdroid/".alias = "/var/lib/fdroid/repo/";
|
||||||
|
|
|
@ -1,12 +1,9 @@
|
||||||
{ config
|
{ config
|
||||||
, pkgs
|
|
||||||
, lib
|
, lib
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
quotePotentialIpV6 = addr:
|
|
||||||
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
matrixServerJson = {
|
matrixServerJson = {
|
||||||
"m.server" = "matrix.${cfg.domainName}:443";
|
"m.server" = "matrix.${cfg.domainName}:443";
|
||||||
};
|
};
|
||||||
|
@ -42,7 +39,7 @@ in {
|
||||||
locations = {
|
locations = {
|
||||||
"= /.well-known/matrix/server".extraConfig = matrixServerConfigResponse;
|
"= /.well-known/matrix/server".extraConfig = matrixServerConfigResponse;
|
||||||
"= /.well-known/matrix/client".extraConfig = matrixClientConfigResponse;
|
"= /.well-known/matrix/client".extraConfig = matrixClientConfigResponse;
|
||||||
"/".proxyPass = "http://${quotePotentialIpV6 matrixAddr}:${toString matrixPort}";
|
"/".proxyPass = "http://${lib.quotePotentialIpV6 matrixAddr}:${toString matrixPort}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -50,7 +47,7 @@ in {
|
||||||
systemd.services.heisenbridge.after = [ "matrix-synapse.service" ];
|
systemd.services.heisenbridge.after = [ "matrix-synapse.service" ];
|
||||||
services.heisenbridge = {
|
services.heisenbridge = {
|
||||||
enable = true;
|
enable = true;
|
||||||
homeserver = "http://${quotePotentialIpV6 matrixAddr}:${toString matrixPort}/";
|
homeserver = "http://${lib.quotePotentialIpV6 matrixAddr}:${toString matrixPort}/";
|
||||||
};
|
};
|
||||||
# so synapse can read the registration
|
# so synapse can read the registration
|
||||||
users.groups.heisenbridge.members = [ "matrix-synapse" ];
|
users.groups.heisenbridge.members = [ "matrix-synapse" ];
|
||||||
|
@ -92,31 +89,4 @@ in {
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# maubot
|
|
||||||
users.users.maubot = {
|
|
||||||
home = "/var/lib/maubot";
|
|
||||||
group = "maubot";
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
users.groups.maubot = { };
|
|
||||||
systemd.services.maubot = {
|
|
||||||
description = "Maubot";
|
|
||||||
wants = [ "matrix-synapse.service" "nginx.service" ];
|
|
||||||
after = [ "matrix-synapse.service" "nginx.service" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
environment = {
|
|
||||||
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
User = "maubot";
|
|
||||||
Group = "maubot";
|
|
||||||
WorkingDirectory = "/var/lib/maubot/data";
|
|
||||||
};
|
|
||||||
script = "${pkgs.python3.withPackages (pks: with pks; [
|
|
||||||
pkgs.maubot (pkgs.pineapplebot.override {
|
|
||||||
magic = cfg.pizzabotMagic;
|
|
||||||
}) feedparser levenshtein python-dateutil pytz
|
|
||||||
])}/bin/python3 -m maubot";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,15 +5,13 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
quotePotentialIpV6 = addr:
|
|
||||||
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
# i've yet to create a maubot module so this is hardcoded
|
# i've yet to create a maubot module so this is hardcoded
|
||||||
maubotAddr = "127.0.0.1";
|
maubotAddr = "127.0.0.1";
|
||||||
maubotPort = 29316;
|
maubotPort = 29316;
|
||||||
in {
|
in {
|
||||||
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = {
|
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = {
|
||||||
"/_matrix/maubot/" = {
|
"/_matrix/maubot/" = {
|
||||||
proxyPass = "http://${quotePotentialIpV6 maubotAddr}:${toString maubotPort}";
|
proxyPass = "http://${lib.quotePotentialIpV6 maubotAddr}:${toString maubotPort}";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,8 +4,6 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
quotePotentialIpV6 = addr:
|
|
||||||
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
in {
|
in {
|
||||||
services.murmur = {
|
services.murmur = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -35,7 +33,7 @@ in {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
globalRedirect = cfg.domainName;
|
globalRedirect = cfg.domainName;
|
||||||
locations."/music".extraConfig = "return 301 https://mumble.${cfg.domainName}/music/;";
|
locations."/music".extraConfig = "return 301 https://mumble.${cfg.domainName}/music/;";
|
||||||
locations."/music/".proxyPass = "http://${quotePotentialIpV6 settings.webinterface.listening_addr}:${toString settings.webinterface.listening_port}/";
|
locations."/music/".proxyPass = "http://${lib.quotePotentialIpV6 settings.webinterface.listening_addr}:${toString settings.webinterface.listening_port}/";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.botamusique = {
|
services.botamusique = {
|
||||||
|
|
|
@ -1,5 +1,20 @@
|
||||||
{ pkgs, ... }: let inherit (pkgs) callPackage; in {
|
{ pkgs
|
||||||
|
, lib
|
||||||
|
, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (pkgs) callPackage;
|
||||||
|
in {
|
||||||
system76-scheduler = callPackage ./system76-scheduler.nix { };
|
system76-scheduler = callPackage ./system76-scheduler.nix { };
|
||||||
maubot = callPackage ./maubot.nix { };
|
maubot = callPackage ./maubot.nix { };
|
||||||
pineapplebot = callPackage ./pineapplebot.nix { };
|
pineapplebot = callPackage ./pineapplebot.nix { };
|
||||||
|
inherit lib;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
// (lib.optionalAttrs (pkgs.system == "...") {
|
||||||
|
fdroidserver = pkgs.fdroidserver.overridePythonAttrs (oldAttrs: {
|
||||||
|
# remove apksigner, since official Android SDK is unavailable on arm64
|
||||||
|
makeWrapperArgs = [ ];
|
||||||
|
});
|
||||||
|
})
|
||||||
|
*/
|
||||||
|
|
Loading…
Reference in a new issue