small cleanup

2023-07-20 11:56:08 +03:00 · 2023-07-20 11:56:08 +03:00 · 16a8eff543
parent 0f1d12cb34
commit 16a8eff543
3 changed files with 54 additions and 110 deletions
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@ -8,38 +8,12 @@
 }: let
  turn_cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt";
  gitea_uidgid = 995;
-
-  # functions
-  mountLatest = (
-    {
-      mountpoint,
-      zfs_name,
-    }: ''
-      set -euo pipefail
-      ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest &>/dev/null || :
-      mkdir -p ${mountpoint}/.snapshot-latest
-      ${pkgs.util-linux}/bin/mount -t zfs $(${pkgs.zfs}/bin/zfs list -H -t snapshot -o name ${zfs_name} | sort | tail -1) ${mountpoint}/.snapshot-latest
-    ''
-  );
-
-  umountLatest = (
-    {mountpoint, ...}: ''exec ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest''
-  );
 in {
  imports = [
    ./hardware-configuration.nix
    ./zfs.nix
  ];

-  boot.initrd.network = {
-    enable = true;
-    ssh = {
-      enable = true;
-      authorizedKeys = builtins.attrValues myData.ssh_pubkeys;
-      hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
-    };
-  };
-
  mj = {
    stateVersion = "22.11";
    timeZone = "UTC";
@ -82,7 +56,6 @@ in {
      unitstatus = {
        enable = true;
        email = "motiejus+alerts@jakstys.lt";
-        # see TODO in base/unitstatus/default.nix
        units = ["zfs-scrub" "nixos-upgrade"];
      };
    };
@ -101,30 +74,12 @@ in {
    groups.gitea.gid = gitea_uidgid;
  };

-  environment = {
-    systemPackages = with pkgs; [
-      git
-      tmux
-      htop
-      #ncdu
-      nmap
-      ipset
-      ngrep
-      p7zip
-      pwgen
-      parted
-      sqlite
-      direnv
-      tcpdump
-      vimv-rs
-      openssl
-      bsdgames
-      headscale
-      mailutils
-      nixos-option
-      graphicsmagick
-    ];
-  };
+  environment.systemPackages = with pkgs; [
+    headscale
+    mailutils
+    nixos-option
+    graphicsmagick
+  ];

  services = {
    tailscale.enable = true;
@ -228,9 +183,6 @@ in {
      virtualHosts."recordrecap.jakstys.lt".extraConfig = ''
        reverse_proxy vno1-oh2.servers.jakst:8080
      '';
-      virtualHosts."www.recordrecap.jakstys.lt".extraConfig = ''
-        redir https://recordrecap.jakstys.lt
-      '';
      virtualHosts."vpn.jakstys.lt".extraConfig = ''
        reverse_proxy 127.0.0.1:8080
      '';
@ -479,31 +431,6 @@ in {
    };
  };

-  system = {
-    # TODO: run the upgrades after the backup service is complete
-    autoUpgrade.enable = true;
-    autoUpgrade = {
-      allowReboot = true;
-      dates = "01:00";
-      rebootWindow = {
-        lower = "01:00";
-        upper = "03:00";
-      };
-    };
-  };
-
-  nix = {
-    gc = {
-      automatic = true;
-      dates = "daily";
-      options = "--delete-older-than 14d";
-    };
-    extraOptions = ''
-      experimental-features = nix-command flakes
-      trusted-users = motiejus
-    '';
-  };
-
  systemd.tmpfiles.rules = [
    "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
  ];
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -42,7 +42,17 @@
      ];
    };

-    nix.settings.experimental-features = ["nix-command" "flakes"];
+    nix = {
+      gc = {
+        automatic = true;
+        dates = "daily";
+        options = "--delete-older-than 14d";
+      };
+      settings = {
+        experimental-features = ["nix-command" "flakes"];
+        trusted-users = ["motiejus"];
+      };
+    };

    system.stateVersion = config.mj.stateVersion;

@ -87,18 +97,23 @@
        pv # pipe viewer for progressbars in pipes
        bat # "bat - cat with wings", cat|less with language highlight
        duf # nice disk usage output
+        git
+        tmux
+        htop
        file # file duh
        host # look up host info
        tree # tree duh
        lsof # lsof yay
        rage # encrypt-decrypt
-        #ncdu # disk usage navigator
+        ncdu # disk usage navigator
        pwgen
+        parted
        sqlite
        direnv
        ripgrep
        vimv-rs
        nix-top # nix-top is a top for what nix is doing
+        bsdgames
        binutils
        moreutils
        unixtools.xxd
@ -106,10 +121,13 @@
        # networking
        dig
        nmap
+        ngrep
        wget
        curl
        whois
        ipset
+        openssl
+        tcpdump
        testssl
        dnsutils
        speedtest-cli
--- a/modules/base/zfsborg/default.nix
+++ b/modules/base/zfsborg/default.nix
@ -59,36 +59,35 @@ in {
    in
      assert fs.fsType == "zfs";
      assert lib.assertMsg
-          config.mj.base.unitstatus.enable
-          "config.mj.base.unitstatus.enable must be true";
-        {
-          name = lib.strings.sanitizeDerivationName mountpoint;
-          value =
-            {
-              doInit = true;
-              repo = config.mj.base.zfsborg.repo;
-              encryption = {
-                mode = "repokey-blake2";
-                passCommand = "cat ${config.mj.base.zfsborg.passwdPath}";
-              };
-              paths = attrs.paths;
-              extraArgs = "--remote-path=borg1";
-              compression = "auto,lzma";
-              startAt = attrs.backup_at;
-              readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p];
-              preHook = mountLatest mountpoint fs.device;
-              postHook = umountLatest mountpoint;
-              prune.keep = {
-                within = "1d";
-                daily = 7;
-                weekly = 4;
-                monthly = 3;
-              };
-            }
-            // lib.optionalAttrs (attrs ? patterns) {
-              patterns = attrs.patterns;
+      config.mj.base.unitstatus.enable
+      "config.mj.base.unitstatus.enable must be true"; {
+        name = lib.strings.sanitizeDerivationName mountpoint;
+        value =
+          {
+            doInit = true;
+            repo = config.mj.base.zfsborg.repo;
+            encryption = {
+              mode = "repokey-blake2";
+              passCommand = "cat ${config.mj.base.zfsborg.passwdPath}";
            };
-        })
+            paths = attrs.paths;
+            extraArgs = "--remote-path=borg1";
+            compression = "auto,lzma";
+            startAt = attrs.backup_at;
+            readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p];
+            preHook = mountLatest mountpoint fs.device;
+            postHook = umountLatest mountpoint;
+            prune.keep = {
+              within = "1d";
+              daily = 7;
+              weekly = 4;
+              monthly = 3;
+            };
+          }
+          // lib.optionalAttrs (attrs ? patterns) {
+            patterns = attrs.patterns;
+          };
+      })
    config.mj.base.zfsborg.mountpoints;

    mj.base.unitstatus.units = let