rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-25 08:06:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

v4l2, printing and website

Browse source
This commit is contained in:
Rouven Seifert 2023-12-01 15:07:47 +01:00
parent 82ca5d6146
commit 0ac9348fd2
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
7 changed files with 91 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/falkenstein/default.nix
View file

@ -40,6 +40,8 @@
helix
lsof
python3
php
phpPackages.composer
];
programs.git = {
enable = true;

49
hosts/falkenstein/modules/nginx/default.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, pkgs, ... }:
{
# set default options for virtualHosts
options = with lib; {
@ -35,8 +35,32 @@
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
user = "rfive-web";
group = "rfive-web";
in
{
users.users.${user} = {
group = group;
isSystemUser = true;
};
users.groups.${group} = { };
services.phpfpm.pools.rfivede = {
user = user;
group = group;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
@ -49,8 +73,27 @@
enableACME = true;
forceSSL = true;
root = "/srv/web/${config.networking.domain}";
locations."/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
extraConfig = ''
index index.html index.php;
'';
locations = {
"/" = {
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \.php$" = {
extraConfig = ''
try_files $uri =404;
fastcgi_pass unix:${config.services.phpfpm.pools.rfivede.socket};
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
'';
};
"/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
"/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
};
};
};
security.acme = {

8
hosts/thinkpad/default.nix
View file

@ -8,6 +8,7 @@
./modules/graphics
./modules/greetd
./modules/networks
./modules/printing
./modules/security
./modules/sound
./modules/virtualisation
@ -15,7 +16,14 @@
# Use the systemd-boot EFI boot loader.
boot = {
kernelModules = [ "v4l2loopback" ];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
tmp.useTmpfs = true;
};
systemd.package = pkgs.systemd.override { withHomed = false; };

1
hosts/thinkpad/modules/backup/default.nix
View file

@ -2,6 +2,7 @@
{
age.secrets."borg/passphrase" = {
file = ../../../../secrets/thinkpad/borg/passphrase.age;
owner = "rouven";
};
environment.systemPackages = [ pkgs.borgbackup ];
services.borgmatic = {

12
hosts/thinkpad/modules/printing/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
services.printing = {
enable = true;
stateless = true;
browsedConf = ''
BrowsePoll cups.agdsn.network
LocalQueueNamingRemoteCUPS RemoteName
'';
drivers = with pkgs; [ cups-kyocera ];
};
}

2
hosts/thinkpad/modules/sound/default.nix
View file

@ -8,7 +8,7 @@
pulse.enable = true;
};
environment.systemPackages = with pkgs; [
qpwgraph
helvum
easyeffects
];
}