rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-04-04 13:56:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

refactor: cleanup

Browse source
This commit is contained in:
Rouven Seifert 2023-12-29 19:47:57 +01:00
parent 3aa45471d8
commit ec6fefe59c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
9 changed files with 13 additions and 66 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock generated
View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703674883, "lastModified": 1703787578,
"narHash": "sha256-Jna6MOmLdfgot+AopHv28L+wpwVDfaiafLtO7E4bkj0=", "narHash": "sha256-YanYMRry0uvExeCZYbM7yEp3H0gct9SocfFWvsYtyfs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "458544594ba7f0333cf5718045ee7a8eaf5de433", "rev": "f8a4a5c18f4fee53ac3016a52a97df2aaeede65b",
"type": "github" "type": "github"
}, },
"original": { "original": {

41
hosts/falkenstein/modules/nginx/default.nix
View file

@ -38,32 +38,8 @@
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}'; return 200 '${builtins.toJSON data}';
''; '';
user = "rfive-web";
group = "rfive-web";
in in
{ {
users.users.${user} = {
group = group;
isSystemUser = true;
};
users.groups.${group} = { };
services.phpfpm.pools.rfivede = {
user = user;
group = group;
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services.nginx = { services.nginx = {
@ -77,24 +53,7 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
root = "/srv/web/${config.networking.domain}"; root = "/srv/web/${config.networking.domain}";
extraConfig = ''
index index.html index.php;
'';
locations = { locations = {
"/" = {
tryFiles = "$uri $uri/ /index.php?$query_string";
};
"~ \.php$" = {
extraConfig = ''
try_files $uri =404;
fastcgi_pass unix:${config.services.phpfpm.pools.rfivede.socket};
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
'';
};
"/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
"/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
}; };

2
hosts/thinkpad/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, ... }:
{ {
imports = imports =

5
hosts/thinkpad/modules/backup/default.nix
View file

@ -32,8 +32,9 @@
"/home/*/.wine*" "/home/*/.wine*"
"/home/*/.mypy_cache*" "/home/*/.mypy_cache*"
"/home/*/.local/share" "/home/*/.local/share"
"/home/*/.local/share" # contains very big files that don't need to clutter up the backup
"/home/*/Linux/Isos" # if I ever happen to have important data in virtual machines, this can be reconsidered
"/var/lib/libvirt"
]; ];
encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}"; encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}";
compression = "lz4"; compression = "lz4";

1
hosts/thinkpad/modules/sound/default.nix
View file

@ -10,5 +10,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
helvum helvum
easyeffects easyeffects
pavucontrol
]; ];
} }

2
hosts/thinkpad/modules/virtualisation/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { pkgs, ... }:
{ {
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {

18
users/rouven/modules/packages.nix
View file

@ -5,7 +5,6 @@
# essentials # essentials
htop-vim htop-vim
lsof lsof
killall
zip zip
unzip unzip
man-pages man-pages
@ -21,10 +20,6 @@
imv imv
remmina remmina
# sound
pavucontrol
spotify
# bluetooth # bluetooth
blueman blueman
@ -33,11 +28,7 @@
filezilla filezilla
dbeaver dbeaver
# totp
numberstation
# messaging # messaging
discord
tdesktop tdesktop
gajim gajim
gomuks gomuks
@ -47,10 +38,9 @@
prismlauncher prismlauncher
superTuxKart superTuxKart
# yubikey and password stuff # cryptography
yubikey-manager yubikey-manager
yubikey-manager-qt python311Packages.pyhanko
# yubioath-flutter # broken (again...)
# misc # misc
neofetch # obligatory neofetch # obligatory
@ -71,10 +61,6 @@
gnumake gnumake
go go
# libs
libyubikey
libfido2
python311Packages.pyhanko
]; ];

2
users/rouven/modules/spotify/default.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
home.packages = [ pkgs.spotify-tui ]; home.packages = with pkgs;[ spotify spotify-tui ];
age.secrets.spotify = { age.secrets.spotify = {
file = ../../../../secrets/rouven/spotify.age; file = ../../../../secrets/rouven/spotify.age;
}; };

2
users/rouven/modules/wayland/breaktimer.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, ... }:
{ {
systemd.user = { systemd.user = {
services.ianny = { services.ianny = {