Compare commits

...

4 commits

Author SHA1 Message Date
Rouven Seifert b429b2c811
update truck simulator 2024-03-25 20:35:26 +01:00
Rouven Seifert 00a670cbf5
nginx: remove useless enableACME options 2024-03-25 19:09:28 +01:00
Rouven Seifert 4fcf655dc4
purge: update 2024-03-25 19:06:38 +01:00
Rouven Seifert dcb384b1cd
formatting 2024-03-25 19:06:25 +01:00
12 changed files with 46 additions and 68 deletions

View file

@ -398,11 +398,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709309729, "lastModified": 1711391819,
"narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=", "narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=",
"owner": "rouven0", "owner": "rouven0",
"repo": "purge", "repo": "purge",
"rev": "0d083d35316101755d2ecb9bba32fefc42df914d", "rev": "e82088390a446b6ad1f4df92d62478ea557d98de",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,11 +414,11 @@
"river": { "river": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1711277167, "lastModified": 1711393006,
"narHash": "sha256-i+5wQkGsiyN/LaGfuj306tdiv+7vcbgahL9JvscM4iw=", "narHash": "sha256-vwOJIc2gUUa8MuiEzV/phB2sAl5pWdC6mnivNimmXqk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "12de175e115f08d1a77b438910ba6dc58a3d80af", "rev": "4d0315b56596868d5ae39d18fe74d8be5c4ac50d",
"revCount": 1216, "revCount": 1220,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/riverwm/river" "url": "https://github.com/riverwm/river"
@ -507,11 +507,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1710096282, "lastModified": 1711395032,
"narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=", "narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=",
"owner": "rouven0", "owner": "rouven0",
"repo": "TruckSimulatorBot", "repo": "TruckSimulatorBot",
"rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9", "rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -39,8 +39,6 @@
}; };
}; };
nginx.virtualHosts."rspamd.${config.networking.domain}" = { nginx.virtualHosts."rspamd.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:11334"; proxyPass = "http://127.0.0.1:11334";

View file

@ -5,6 +5,8 @@
services.nginx.virtualHosts = mkOption { services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule type = types.attrsOf (types.submodule
({ name, ... }: { ({ name, ... }: {
enableACME = true;
forceSSL = true;
# enable http3 for all hosts # enable http3 for all hosts
quic = true; quic = true;
http3 = true; http3 = true;
@ -50,8 +52,6 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."${config.networking.domain}" = { virtualHosts."${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/web/${config.networking.domain}"; root = "/srv/web/${config.networking.domain}";
locations = { locations = {
"/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;

View file

@ -7,6 +7,7 @@ in
file = ../../../../secrets/falkenstein/purge.age; file = ../../../../secrets/falkenstein/purge.age;
}; };
services.purge = { services.purge = {
inherit domain;
enable = true; enable = true;
discord = { discord = {
clientId = "941041925216157746"; clientId = "941041925216157746";
@ -14,11 +15,4 @@ in
tokenFile = config.age.secrets.purge.path; tokenFile = config.age.secrets.purge.path;
}; };
}; };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.purge.listenPort}";
};
};
} }

View file

@ -1,9 +1,10 @@
{ config, pkgs, trucksimulatorbot, ... }: { config, pkgs, ... }:
let let
domain = "trucks.${config.networking.domain}"; domain = "trucks.${config.networking.domain}";
in in
{ {
services.trucksimulatorbot = { services.trucksimulatorbot = {
inherit domain;
enable = true; enable = true;
discord = { discord = {
clientId = "831052837353816066"; clientId = "831052837353816066";
@ -23,20 +24,4 @@ in
]; ];
ensureDatabases = [ "trucksimulator" ]; ensureDatabases = [ "trucksimulator" ];
}; };
services.nginx.virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
};
locations."/images/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
};
locations."/docs" = {
root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
};
};
};
} }

View file

@ -11,8 +11,6 @@ in
secretKeyFile = config.age.secrets.cache.path; secretKeyFile = config.age.secrets.cache.path;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
}; };

View file

@ -67,10 +67,6 @@ in
virtualHosts = { virtualHosts = {
# synapse # synapse
"${domain}" = { "${domain}" = {
enableACME = true;
forceSSL = true;
# locations."/".extraConfig = "return 404;"; # locations."/".extraConfig = "return 404;";
# # proxy to synapse # # proxy to synapse
@ -83,9 +79,6 @@ in
# element # element
"${domainClient}" = { "${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = {

View file

@ -6,6 +6,8 @@
type = types.attrsOf (types.submodule type = types.attrsOf (types.submodule
({ name, ... }: { ({ name, ... }: {
# split up nginx access logs per vhost # split up nginx access logs per vhost
enableACME = true;
forceSSL = true;
extraConfig = '' extraConfig = ''
access_log /var/log/nginx/${name}_access.log; access_log /var/log/nginx/${name}_access.log;
error_log /var/log/nginx/${name}_error.log; error_log /var/log/nginx/${name}_error.log;

View file

@ -12,8 +12,6 @@ in
seafileSettings.fileserver.port = 8083; seafileSettings.fileserver.port = 8083;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://unix:/run/seahub/gunicorn.sock"; proxyPass = "http://unix:/run/seahub/gunicorn.sock";
}; };

View file

@ -30,8 +30,6 @@ in
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
}; };

View file

@ -9,6 +9,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nvme-cli nvme-cli
intel-gpu-tools intel-gpu-tools
nvtopPackages.intel
lm_sensors lm_sensors
pciutils pciutils
]; ];
@ -35,43 +36,47 @@
}; };
# fileSystems."/" = # fileSystems."/" =
# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; # { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
# fsType = "btrfs"; # fsType = "btrfs";
# options = [ "subvol=root" ]; # options = [ "subvol=root" ];
# }; # };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; {
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ]; options = [ "subvol=home" "compress=zstd" ];
}; };
fileSystems."/nix" = fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; {
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime"]; options = [ "subvol=nix" "compress=zstd" "noatime" ];
}; };
fileSystems."/var/log" = fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; {
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ]; options = [ "subvol=log" "compress=zstd" ];
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; {
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=lib" "compress=zstd" ]; options = [ "subvol=lib" "compress=zstd" ];
}; };
fileSystems."/" = fileSystems."/" =
{ {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "mode=755" ]; options = [ "mode=755" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ {

View file

@ -1,9 +1,16 @@
{ config, ... }: { pkgs, config, ... }:
{ {
system.activationScripts.report-nixos-changes = '' system.activationScripts.report-nixos-changes = ''
if [ -e /run/current-system ] && [ -e $systemConfig ]; then if [ -e /run/current-system ] && [ -e $systemConfig ]; then
echo System package diff: echo System package diff:
${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true ${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
fi fi
NO_FORMAT="\033[0m"
F_BOLD="\033[1m"
C_RED="\033[38;5;9m"
${pkgs.diffutils}/bin/cmp --silent \
<(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
<(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
|| echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
''; '';
} }