Compare commits

..

No commits in common. "b429b2c8117fded9ac52b0d5d442ea26b65470a5" and "23bafdca728fe70a42c9137a960fe9d2a4ec1846" have entirely different histories.

12 changed files with 68 additions and 46 deletions

View file

@ -398,11 +398,11 @@
]
},
"locked": {
"lastModified": 1711391819,
"narHash": "sha256-sNI0PLFXvFM5M6h9PYrbF+IfL199OYLRz875lNZ9Y0Q=",
"lastModified": 1709309729,
"narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=",
"owner": "rouven0",
"repo": "purge",
"rev": "e82088390a446b6ad1f4df92d62478ea557d98de",
"rev": "0d083d35316101755d2ecb9bba32fefc42df914d",
"type": "github"
},
"original": {
@ -414,11 +414,11 @@
"river": {
"flake": false,
"locked": {
"lastModified": 1711393006,
"narHash": "sha256-vwOJIc2gUUa8MuiEzV/phB2sAl5pWdC6mnivNimmXqk=",
"lastModified": 1711277167,
"narHash": "sha256-i+5wQkGsiyN/LaGfuj306tdiv+7vcbgahL9JvscM4iw=",
"ref": "refs/heads/master",
"rev": "4d0315b56596868d5ae39d18fe74d8be5c4ac50d",
"revCount": 1220,
"rev": "12de175e115f08d1a77b438910ba6dc58a3d80af",
"revCount": 1216,
"submodules": true,
"type": "git",
"url": "https://github.com/riverwm/river"
@ -507,11 +507,11 @@
]
},
"locked": {
"lastModified": 1711395032,
"narHash": "sha256-2fH6TXdPKZaTx6NXucFn7HaFDZ9vC1ebTql5XkdkWTI=",
"lastModified": 1710096282,
"narHash": "sha256-t4190TfQUJoqaFEUX4DNGMDaQ+rJJxffwir0EEwnfDY=",
"owner": "rouven0",
"repo": "TruckSimulatorBot",
"rev": "4776a2235fffb96aa8fcc8e33d39af17907754ae",
"rev": "da4e4e1908aebc93744cbbe9a7867a9b60da02e9",
"type": "github"
},
"original": {

View file

@ -39,6 +39,8 @@
};
};
nginx.virtualHosts."rspamd.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:11334";

View file

@ -5,8 +5,6 @@
services.nginx.virtualHosts = mkOption {
type = types.attrsOf (types.submodule
({ name, ... }: {
enableACME = true;
forceSSL = true;
# enable http3 for all hosts
quic = true;
http3 = true;
@ -52,6 +50,8 @@
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts."${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/web/${config.networking.domain}";
locations = {
"/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;

View file

@ -7,7 +7,6 @@ in
file = ../../../../secrets/falkenstein/purge.age;
};
services.purge = {
inherit domain;
enable = true;
discord = {
clientId = "941041925216157746";
@ -15,4 +14,11 @@ in
tokenFile = config.age.secrets.purge.path;
};
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.purge.listenPort}";
};
};
}

View file

@ -1,10 +1,9 @@
{ config, pkgs, ... }:
{ config, pkgs, trucksimulatorbot, ... }:
let
domain = "trucks.${config.networking.domain}";
in
{
services.trucksimulatorbot = {
inherit domain;
enable = true;
discord = {
clientId = "831052837353816066";
@ -24,4 +23,20 @@ in
];
ensureDatabases = [ "trucksimulator" ];
};
services.nginx.virtualHosts = {
"${domain}" = {
enableACME = true;
forceSSL = true;
locations."/invite".return = "301 https://discord.com/api/oauth2/authorize?client_id=831052837353816066&permissions=262144&scope=bot%20applications.commands";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.listenPort}";
};
locations."/images/" = {
proxyPass = "http://127.0.0.1:${toString config.services.trucksimulatorbot.images.listenPort}/";
};
locations."/docs" = {
root = "${trucksimulatorbot.packages.x86_64-linux.docs}";
};
};
};
}

View file

@ -11,6 +11,8 @@ in
secretKeyFile = config.age.secrets.cache.path;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}";
};

View file

@ -67,6 +67,10 @@ in
virtualHosts = {
# synapse
"${domain}" = {
enableACME = true;
forceSSL = true;
# locations."/".extraConfig = "return 404;";
# # proxy to synapse
@ -79,6 +83,9 @@ in
# element
"${domainClient}" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web.override {
conf = {
default_server_config = {

View file

@ -6,8 +6,6 @@
type = types.attrsOf (types.submodule
({ name, ... }: {
# split up nginx access logs per vhost
enableACME = true;
forceSSL = true;
extraConfig = ''
access_log /var/log/nginx/${name}_access.log;
error_log /var/log/nginx/${name}_error.log;

View file

@ -12,6 +12,8 @@ in
seafileSettings.fileserver.port = 8083;
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:/run/seahub/gunicorn.sock";
};

View file

@ -30,6 +30,8 @@ in
ensureDatabases = [ "vaultwarden" ];
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
};

View file

@ -9,7 +9,6 @@
environment.systemPackages = with pkgs; [
nvme-cli
intel-gpu-tools
nvtopPackages.intel
lm_sensors
pciutils
];
@ -36,47 +35,43 @@
};
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
# fsType = "btrfs";
# options = [ "subvol=root" ];
# };
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
# fsType = "btrfs";
# options = [ "subvol=root" ];
# };
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
options = [ "subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/var/log" =
{
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
};
fileSystems."/var/lib" =
{
device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
{ device = "/dev/disk/by-uuid/43e42607-bc44-45de-a2c1-a09a4e34daf1";
fsType = "btrfs";
options = [ "subvol=lib" "compress=zstd" ];
};
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
options = [ "mode=755" ];
};
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
options = [ "mode=755" ];
};
fileSystems."/boot" =
{

View file

@ -1,16 +1,9 @@
{ pkgs, config, ... }:
{ config, ... }:
{
system.activationScripts.report-nixos-changes = ''
if [ -e /run/current-system ] && [ -e $systemConfig ]; then
echo System package diff:
${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
fi
NO_FORMAT="\033[0m"
F_BOLD="\033[1m"
C_RED="\033[38;5;9m"
${pkgs.diffutils}/bin/cmp --silent \
<(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
<(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
|| echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
'';
}