diff --git a/hosts/falkenstein/default.nix b/hosts/falkenstein/default.nix index a79bf04..6be1e20 100644 --- a/hosts/falkenstein/default.nix +++ b/hosts/falkenstein/default.nix @@ -5,6 +5,7 @@ # Include the results of the hardware scan. ./hardware-configuration.nix ./modules/backup + ./modules/logging ./modules/dns ./modules/fail2ban ./modules/mail diff --git a/hosts/falkenstein/modules/logging/default.nix b/hosts/falkenstein/modules/logging/default.nix new file mode 100644 index 0000000..fc5d53a --- /dev/null +++ b/hosts/falkenstein/modules/logging/default.nix @@ -0,0 +1,36 @@ +{ pkgs, ... }: +{ + services.rsyslogd = { + enable = true; + defaultConfig = '' + :programname, isequal, "postfix" /var/log/postfix.log + + auth.* -/var/log/auth.log + ''; + }; + services.logrotate.configFile = pkgs.writeText "logrotate.conf" '' + weekly + missingok + notifempty + rotate 4 + "/var/log/postfix.log" { + compress + delaycompress + weekly + rotate 156 + dateext + dateformat .%Y-%m-%d + extension log + } + "/var/log/nginx/*.log" { + compress + delaycompress + weekly + postrotate + [ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid` + endscript + rotate 26 + su nginx nginx + } + ''; +} diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 2d3316d..9ddc15f 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -24,13 +24,13 @@ # Use the systemd-boot EFI boot loader. boot = { kernelModules = [ "v4l2loopback" ]; - kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; - extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" - ''; + kernelPackages = pkgs.linuxPackages_latest; + # extraModulePackages = [ + # config.boot.kernelPackages.v4l2loopback + # ]; + # extraModprobeConfig = '' + # options v4l2loopback exclusive_caps=1 card_label="Virtual Camera" + # ''; tmp.useTmpfs = true; }; @@ -59,7 +59,7 @@ devmon.enable = true; # automount stuff upower.enable = true; fwupd.enable = true; # firmware updates - zfs.autoScrub.enable = true; + btrfs.autoScrub.enable = true; }; hardware.bluetooth = { enable = true; diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index 44466b0..aa17f98 100644 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -35,39 +35,47 @@ }; - fileSystems."/nix" = - { - device = "rpool/nixos/nix"; - fsType = "zfs"; +# fileSystems."/" = +# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; +# fsType = "btrfs"; +# options = [ "subvol=root" ]; + # }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; }; - fileSystems."/var/lib" = - { - device = "rpool/nixos/var/lib"; - fsType = "zfs"; + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime"]; }; fileSystems."/var/log" = - { - device = "rpool/nixos/var/log"; - fsType = "zfs"; + { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" ]; }; - fileSystems."/home" = - { - device = "rpool/nixos/home"; - fsType = "zfs"; - }; - fileSystems."/" = - { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "mode=755" ]; + fileSystems."/var/lib" = + { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + fsType = "btrfs"; + options = [ "subvol=lib" "compress=zstd" ]; }; + + fileSystems."/" = + { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; + fileSystems."/boot" = { - device = "/dev/disk/by-uuid/DF86-7611"; + device = "/dev/disk/by-uuid/12CE-A600"; fsType = "vfat"; }; diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index 4db693e..39b4dce 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -1,7 +1,10 @@ { pkgs, ... }: { virtualisation = { - docker.enable = true; + docker = { + enable = true; + extraOptions = "--iptables=false"; + }; libvirtd = { enable = true; qemu = { @@ -15,7 +18,7 @@ spiceUSBRedirection.enable = true; }; # allow libvirts internal network stuff - networking.firewall.trustedInterfaces = [ "virbr0" "br0" ]; + networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ]; programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ virt-viewer diff --git a/overlays/default.nix b/overlays/default.nix index cf0a521..10286f4 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -15,6 +15,30 @@ in # freeimage is broken withBackends = [ "libtiff" "libjpeg" "libpng" "librsvg" "libheif" ]; }; + # don't compile the bloat + rsyslog = prev.rsyslog.override { + withMysql = false; + withJemalloc = false; + withPostgres = false; + withUuid = false; + withCurl = false; + withDbi = false; + withNetSnmp = false; + withGnutls = false; + withGcrypt = false; + withLognorm = false; + withMaxminddb = false; + withOpenssl = false; + withRelp = false; + withKsi = false; + withLogging = false; + withHadoop = false; + withRdkafka = false; + withMongo = false; + withCzmq = false; + withRabbitmq = false; + withHiredis = false; + }; gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; diff --git a/users/rouven/modules/default.nix b/users/rouven/modules/default.nix index 83d4337..efddb7d 100644 --- a/users/rouven/modules/default.nix +++ b/users/rouven/modules/default.nix @@ -8,7 +8,6 @@ ./helix ./wayland ./mpv - ./qutebrowser ./ssh ./theme ./tex diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index ac6a6f4..f4629b5 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -27,7 +27,6 @@ # messaging tdesktop - gajim gomuks profanity fractal diff --git a/users/rouven/modules/qutebrowser/default.nix b/users/rouven/modules/qutebrowser/default.nix deleted file mode 100644 index 3a63291..0000000 --- a/users/rouven/modules/qutebrowser/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ ... }: -{ - programs.qutebrowser = { - enable = true; - searchEngines = { - DEFAULT = "https://duckduckgo.com/?q={}"; - aw = "https://wiki.archlinux.org/?search={}"; - nw = "https://nixos.wiki/index.php?search={}"; - ns = "https://search.nixos.org/packages?query={}"; - nso = "https://search.nixos.org/options?query={}"; - wp = "https://en.wikipedia.org/wiki/Special:Search?search={}"; - y = "http://localhost:8090/yacysearch.html?query={}"; - yt = "https://www.youtube.com/results?search_query={}"; - g = "https://www.google.com/search?hl=en&q={}"; - }; - quickmarks = { - nix-search = "https://search.nixos.org/options?"; - home-search = "https://mipmip.github.io/home-manager-option-search/"; - jexam = "https://jexam.inf.tu-dresden.de"; - opal = "https://bildungsportal.sachsen.de/opal/home?2"; - fruitbasket = "https://github.com/fsr/fruitbasket"; - }; - keyBindings = { - normal = { - "" = "hint links spawn mpv {hint-url}"; - }; - }; - settings = { - colors.webpage = { - darkmode.enabled = false; - preferred_color_scheme = "dark"; - }; - content.blocking = { - enabled = true; - method = "both"; - }; - statusbar.show = "in-mode"; - tabs.show = "switching"; - }; - }; -}