diff --git a/flake.lock b/flake.lock index 4229ce9..402ce88 100644 --- a/flake.lock +++ b/flake.lock @@ -398,11 +398,11 @@ ] }, "locked": { - "lastModified": 1709309729, - "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=", + "lastModified": 1711391819, + "narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=", "owner": "rouven0", "repo": "purge", - "rev": "0d083d35316101755d2ecb9bba32fefc42df914d", + "rev": "e82088390a446b6ad1f4df92d62478ea557d98de", "type": "github" }, "original": { @@ -414,11 +414,11 @@ "river": { "flake": false, "locked": { - "lastModified": 1711277167, - "narHash": "sha256-i+5wQkGsiyN/LaGfuj306tdiv+7vcbgahL9JvscM4iw=", + "lastModified": 1711393006, + "narHash": "sha256-vwOJIc2gUUa8MuiEzV/phB2sAl5pWdC6mnivNimmXqk=", "ref": "refs/heads/master", - "rev": "12de175e115f08d1a77b438910ba6dc58a3d80af", - "revCount": 1216, + "rev": "4d0315b56596868d5ae39d18fe74d8be5c4ac50d", + "revCount": 1220, "submodules": true, "type": "git", "url": "https://github.com/riverwm/river" @@ -507,11 +507,11 @@ ] }, "locked": { - "lastModified": 1710096282, - "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=", + "lastModified": 1711395032, + "narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=", "owner": "rouven0", "repo": "TruckSimulatorBot", - "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9", + "rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae", "type": "github" }, "original": { diff --git a/hosts/falkenstein/modules/mail/rspamd.nix b/hosts/falkenstein/modules/mail/rspamd.nix index d914cc0..1d119c0 100644 --- a/hosts/falkenstein/modules/mail/rspamd.nix +++ b/hosts/falkenstein/modules/mail/rspamd.nix @@ -39,8 +39,6 @@ }; }; nginx.virtualHosts."rspamd.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; locations = { "/" = { proxyPass = "http://127.0.0.1:11334"; diff --git a/hosts/falkenstein/modules/nginx/default.nix b/hosts/falkenstein/modules/nginx/default.nix index 109ff2e..25c6c8d 100644 --- a/hosts/falkenstein/modules/nginx/default.nix +++ b/hosts/falkenstein/modules/nginx/default.nix @@ -5,6 +5,8 @@ services.nginx.virtualHosts = mkOption { type = types.attrsOf (types.submodule ({ name, ... }: { + enableACME = true; + forceSSL = true; # enable http3 for all hosts quic = true; http3 = true; @@ -50,8 +52,6 @@ recommendedGzipSettings = true; recommendedOptimisation = true; virtualHosts."${config.networking.domain}" = { - enableACME = true; - forceSSL = true; root = "/srv/web/${config.networking.domain}"; locations = { "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; diff --git a/hosts/falkenstein/modules/purge/default.nix b/hosts/falkenstein/modules/purge/default.nix index 5650a65..c2c264a 100644 --- a/hosts/falkenstein/modules/purge/default.nix +++ b/hosts/falkenstein/modules/purge/default.nix @@ -7,6 +7,7 @@ in file = ../../../../secrets/falkenstein/purge.age; }; services.purge = { + inherit domain; enable = true; discord = { clientId = "941041925216157746"; @@ -14,11 +15,4 @@ in tokenFile = config.age.secrets.purge.path; }; }; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.purge.listenPort}"; - }; - }; } diff --git a/hosts/falkenstein/modules/trucksimulatorbot/default.nix b/hosts/falkenstein/modules/trucksimulatorbot/default.nix index 26bf38a..54cf707 100644 --- a/hosts/falkenstein/modules/trucksimulatorbot/default.nix +++ b/hosts/falkenstein/modules/trucksimulatorbot/default.nix @@ -1,9 +1,10 @@ -{ config, pkgs, trucksimulatorbot, ... }: +{ config, pkgs, ... }: let domain = "trucks.${config.networking.domain}"; in { services.trucksimulatorbot = { + inherit domain; enable = true; discord = { clientId = "831052837353816066"; @@ -23,20 +24,4 @@ in ]; ensureDatabases = [ "trucksimulator" ]; }; - services.nginx.virtualHosts = { - "${domain}" = { - enableACME = true; - forceSSL = true; - locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}"; - }; - locations."/images/" = { - proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/"; - }; - locations."/docs" = { - root = "${trucksimulatorbot.packages.x86_64-linux.docs}"; - }; - }; - }; } diff --git a/hosts/nuc/modules/cache/default.nix b/hosts/nuc/modules/cache/default.nix index 049d0b2..7d50632 100644 --- a/hosts/nuc/modules/cache/default.nix +++ b/hosts/nuc/modules/cache/default.nix @@ -11,8 +11,6 @@ in secretKeyFile = config.age.secrets.cache.path; }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; }; diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index 895fc8b..3f7c639 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -67,10 +67,6 @@ in virtualHosts = { # synapse "${domain}" = { - enableACME = true; - forceSSL = true; - - # locations."/".extraConfig = "return 404;"; # # proxy to synapse @@ -83,9 +79,6 @@ in # element "${domainClient}" = { - enableACME = true; - forceSSL = true; - root = pkgs.element-web.override { conf = { default_server_config = { diff --git a/hosts/nuc/modules/nginx/default.nix b/hosts/nuc/modules/nginx/default.nix index 56dd53a..fda795c 100644 --- a/hosts/nuc/modules/nginx/default.nix +++ b/hosts/nuc/modules/nginx/default.nix @@ -6,6 +6,8 @@ type = types.attrsOf (types.submodule ({ name, ... }: { # split up nginx access logs per vhost + enableACME = true; + forceSSL = true; extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; diff --git a/hosts/nuc/modules/seafile/default.nix b/hosts/nuc/modules/seafile/default.nix index d2608c8..fb8dca0 100644 --- a/hosts/nuc/modules/seafile/default.nix +++ b/hosts/nuc/modules/seafile/default.nix @@ -12,8 +12,6 @@ in seafileSettings.fileserver.port = 8083; }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://unix:/run/seahub/gunicorn.sock"; }; diff --git a/hosts/nuc/modules/vaultwarden/default.nix b/hosts/nuc/modules/vaultwarden/default.nix index 0f88ae0..fe0ac59 100644 --- a/hosts/nuc/modules/vaultwarden/default.nix +++ b/hosts/nuc/modules/vaultwarden/default.nix @@ -30,8 +30,6 @@ in ensureDatabases = [ "vaultwarden" ]; }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; }; diff --git a/hosts/thinkpad/hardware-configuration.nix b/hosts/thinkpad/hardware-configuration.nix index aa17f98..25e0625 100644 --- a/hosts/thinkpad/hardware-configuration.nix +++ b/hosts/thinkpad/hardware-configuration.nix @@ -9,6 +9,7 @@ environment.systemPackages = with pkgs; [ nvme-cli intel-gpu-tools + nvtopPackages.intel lm_sensors pciutils ]; @@ -35,43 +36,47 @@ }; -# fileSystems."/" = -# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; -# fsType = "btrfs"; -# options = [ "subvol=root" ]; - # }; + # fileSystems."/" = + # { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + # fsType = "btrfs"; + # options = [ "subvol=root" ]; + # }; fileSystems."/home" = - { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + { + device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; fsType = "btrfs"; options = [ "subvol=home" "compress=zstd" ]; }; fileSystems."/nix" = - { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + { + device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; fsType = "btrfs"; - options = [ "subvol=nix" "compress=zstd" "noatime"]; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; }; fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + { + device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; fsType = "btrfs"; options = [ "subvol=log" "compress=zstd" ]; }; fileSystems."/var/lib" = - { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; + { + device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; fsType = "btrfs"; options = [ "subvol=lib" "compress=zstd" ]; }; - fileSystems."/" = - { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "mode=755" ]; - }; + fileSystems."/" = + { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; fileSystems."/boot" = { diff --git a/shared/activation.nix b/shared/activation.nix index b6c6530..3971674 100644 --- a/shared/activation.nix +++ b/shared/activation.nix @@ -1,9 +1,16 @@ -{ config, ... }: +{ pkgs, config, ... }: { system.activationScripts.report-nixos-changes = '' if [ -e /run/current-system ] && [ -e $systemConfig ]; then echo System package diff: ${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true fi + NO_FORMAT="\033[0m" + F_BOLD="\033[1m" + C_RED="\033[38;5;9m" + ${pkgs.diffutils}/bin/cmp --silent \ + <(readlink /run/current-system/{initrd,kernel,kernel-modules}) \ + <(readlink $systemConfig/{initrd,kernel,kernel-modules}) \ + || echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}" ''; }