rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: rouven.seifert:b429b2c8117fded9ac52b0d5d442ea26b65470a5
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy
..
compare: rouven.seifert:23bafdca728fe70a42c9137a960fe9d2a4ec1846
Branches Tags
rouven.seifert:main
rouven.seifert:push-vxnoqsltyuxy

No commits in common. "b429b2c8117fded9ac52b0d5d442ea26b65470a5" and "23bafdca728fe70a42c9137a960fe9d2a4ec1846" have entirely different histories.
b429b2c811 ... 23bafdca72

12 changed files with 68 additions and 46 deletions
Show stats Expand all files Collapse all files

20
flake.lock
View file

@ -398,11 +398,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711391819, "lastModified": 1709309729,
"narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=", "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=",
"owner": "rouven0", "owner": "rouven0",
"repo": "purge", "repo": "purge",
"rev": "e82088390a446b6ad1f4df92d62478ea557d98de", "rev": "0d083d35316101755d2ecb9bba32fefc42df914d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,11 +414,11 @@
"river": { "river": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1711393006, "lastModified": 1711277167,
"narHash": "sha256-vwOJIc2gUUa8MuiEzV/phB2sAl5pWdC6mnivNimmXqk=", "narHash": "sha256-i+5wQkGsiyN/LaGfuj306tdiv+7vcbgahL9JvscM4iw=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "4d0315b56596868d5ae39d18fe74d8be5c4ac50d", "rev": "12de175e115f08d1a77b438910ba6dc58a3d80af",
"revCount": 1220, "revCount": 1216,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/riverwm/river" "url": "https://github.com/riverwm/river"
@ -507,11 +507,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711395032, "lastModified": 1710096282,
"narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=", "narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
"owner": "rouven0", "owner": "rouven0",
"repo": "TruckSimulatorBot", "repo": "TruckSimulatorBot",
"rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae", "rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/falkenstein/modules/mail/rspamd.nix
View file

@ -39,6 +39,8 @@
}; };
}; };
nginx.virtualHosts."rspamd.${config.networking.domain}" = { nginx.virtualHosts."rspamd.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:11334"; proxyPass = "http://127.0.0.1:11334";

4
hosts/falkenstein/modules/nginx/default.nix
View file

@ -5,8 +5,6 @@
services.nginx.virtualHosts = mkOption { services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule type = types.attrsOf (types.submodule
({ name, ... }: { ({ name, ... }: {
enableACME = true;
forceSSL = true;
# enable http3 for all hosts # enable http3 for all hosts
quic = true; quic = true;
http3 = true; http3 = true;
@ -52,6 +50,8 @@
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."${config.networking.domain}" = { virtualHosts."${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/web/${config.networking.domain}"; root = "/srv/web/${config.networking.domain}";
locations = { locations = {
"/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;

8
hosts/falkenstein/modules/purge/default.nix
View file

@ -7,7 +7,6 @@ in
file = ../../../../secrets/falkenstein/purge.age; file = ../../../../secrets/falkenstein/purge.age;
}; };
services.purge = { services.purge = {
inherit domain;
enable = true; enable = true;
discord = { discord = {
clientId = "941041925216157746"; clientId = "941041925216157746";
@ -15,4 +14,11 @@ in
tokenFile = config.age.secrets.purge.path; tokenFile = config.age.secrets.purge.path;
}; };
}; };
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.purge.listenPort}";
};
};
} }

19
hosts/falkenstein/modules/trucksimulatorbot/default.nix
View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }: { config, pkgs, trucksimulatorbot, ... }:
let let
domain = "trucks.${config.networking.domain}"; domain = "trucks.${config.networking.domain}";
in in
{ {
services.trucksimulatorbot = { services.trucksimulatorbot = {
inherit domain;
enable = true; enable = true;
discord = { discord = {
clientId = "831052837353816066"; clientId = "831052837353816066";
@ -24,4 +23,20 @@ in
]; ];
ensureDatabases = [ "trucksimulator" ]; ensureDatabases = [ "trucksimulator" ];
}; };
services.nginx.virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
};
locations."/images/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
};
locations."/docs" = {
root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
};
};
};
} }

2
hosts/nuc/modules/cache/default.nix vendored
View file

@ -11,6 +11,8 @@ in
secretKeyFile = config.age.secrets.cache.path; secretKeyFile = config.age.secrets.cache.path;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
}; };

7
hosts/nuc/modules/matrix/default.nix
View file

@ -67,6 +67,10 @@ in
virtualHosts = { virtualHosts = {
# synapse # synapse
"${domain}" = { "${domain}" = {
enableACME = true;
forceSSL = true;
# locations."/".extraConfig = "return 404;"; # locations."/".extraConfig = "return 404;";
# # proxy to synapse # # proxy to synapse
@ -79,6 +83,9 @@ in
# element # element
"${domainClient}" = { "${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override { root = pkgs.element-web.override {
conf = { conf = {
default_server_config = { default_server_config = {

2
hosts/nuc/modules/nginx/default.nix
View file

@ -6,8 +6,6 @@
type = types.attrsOf (types.submodule type = types.attrsOf (types.submodule
({ name, ... }: { ({ name, ... }: {
# split up nginx access logs per vhost # split up nginx access logs per vhost
enableACME = true;
forceSSL = true;
extraConfig = '' extraConfig = ''
access_log /var/log/nginx/${name}_access.log; access_log /var/log/nginx/${name}_access.log;
error_log /var/log/nginx/${name}_error.log; error_log /var/log/nginx/${name}_error.log;

2
hosts/nuc/modules/seafile/default.nix
View file

@ -12,6 +12,8 @@ in
seafileSettings.fileserver.port = 8083; seafileSettings.fileserver.port = 8083;
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://unix:/run/seahub/gunicorn.sock"; proxyPass = "http://unix:/run/seahub/gunicorn.sock";
}; };

2
hosts/nuc/modules/vaultwarden/default.nix
View file

@ -30,6 +30,8 @@ in
ensureDatabases = [ "vaultwarden" ]; ensureDatabases = [ "vaultwarden" ];
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
}; };

37
hosts/thinkpad/hardware-configuration.nix
View file

@ -9,7 +9,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nvme-cli nvme-cli
intel-gpu-tools intel-gpu-tools
nvtopPackages.intel
lm_sensors lm_sensors
pciutils pciutils
]; ];
@ -36,47 +35,43 @@
}; };
# fileSystems."/" = # fileSystems."/" =
# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1"; # { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
# fsType = "btrfs"; # fsType = "btrfs";
# options = [ "subvol=root" ]; # options = [ "subvol=root" ];
# }; # };
fileSystems."/home" = fileSystems."/home" =
{ { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ]; options = [ "subvol=home" "compress=zstd" ];
}; };
fileSystems."/nix" = fileSystems."/nix" =
{ { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ]; options = [ "subvol=nix" "compress=zstd" "noatime"];
}; };
fileSystems."/var/log" = fileSystems."/var/log" =
{ { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ]; options = [ "subvol=log" "compress=zstd" ];
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=lib" "compress=zstd" ]; options = [ "subvol=lib" "compress=zstd" ];
}; };
fileSystems."/" = fileSystems."/" =
{ {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ "mode=755" ]; options = [ "mode=755" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ {

9
shared/activation.nix
View file

@ -1,16 +1,9 @@
{ pkgs, config, ... }: { config, ... }:
{ {
system.activationScripts.report-nixos-changes = '' system.activationScripts.report-nixos-changes = ''
if [ -e /run/current-system ] && [ -e $systemConfig ]; then if [ -e /run/current-system ] && [ -e $systemConfig ]; then
echo System package diff: echo System package diff:
${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true ${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
fi fi
NO_FORMAT="\033[0m"
F_BOLD="\033[1m"
C_RED="\033[38;5;9m"
${pkgs.diffutils}/bin/cmp --silent \
<(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
<(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
|| echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
''; '';
} }