small cleanup
This commit is contained in:
parent
0f1d12cb34
commit
16a8eff543
@ -8,38 +8,12 @@
|
||||
}: let
|
||||
turn_cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt";
|
||||
gitea_uidgid = 995;
|
||||
|
||||
# functions
|
||||
mountLatest = (
|
||||
{
|
||||
mountpoint,
|
||||
zfs_name,
|
||||
}: ''
|
||||
set -euo pipefail
|
||||
${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest &>/dev/null || :
|
||||
mkdir -p ${mountpoint}/.snapshot-latest
|
||||
${pkgs.util-linux}/bin/mount -t zfs $(${pkgs.zfs}/bin/zfs list -H -t snapshot -o name ${zfs_name} | sort | tail -1) ${mountpoint}/.snapshot-latest
|
||||
''
|
||||
);
|
||||
|
||||
umountLatest = (
|
||||
{mountpoint, ...}: ''exec ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest''
|
||||
);
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./zfs.nix
|
||||
];
|
||||
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = builtins.attrValues myData.ssh_pubkeys;
|
||||
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
};
|
||||
};
|
||||
|
||||
mj = {
|
||||
stateVersion = "22.11";
|
||||
timeZone = "UTC";
|
||||
@ -82,7 +56,6 @@ in {
|
||||
unitstatus = {
|
||||
enable = true;
|
||||
email = "motiejus+alerts@jakstys.lt";
|
||||
# see TODO in base/unitstatus/default.nix
|
||||
units = ["zfs-scrub" "nixos-upgrade"];
|
||||
};
|
||||
};
|
||||
@ -101,30 +74,12 @@ in {
|
||||
groups.gitea.gid = gitea_uidgid;
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
git
|
||||
tmux
|
||||
htop
|
||||
#ncdu
|
||||
nmap
|
||||
ipset
|
||||
ngrep
|
||||
p7zip
|
||||
pwgen
|
||||
parted
|
||||
sqlite
|
||||
direnv
|
||||
tcpdump
|
||||
vimv-rs
|
||||
openssl
|
||||
bsdgames
|
||||
headscale
|
||||
mailutils
|
||||
nixos-option
|
||||
graphicsmagick
|
||||
];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
headscale
|
||||
mailutils
|
||||
nixos-option
|
||||
graphicsmagick
|
||||
];
|
||||
|
||||
services = {
|
||||
tailscale.enable = true;
|
||||
@ -228,9 +183,6 @@ in {
|
||||
virtualHosts."recordrecap.jakstys.lt".extraConfig = ''
|
||||
reverse_proxy vno1-oh2.servers.jakst:8080
|
||||
'';
|
||||
virtualHosts."www.recordrecap.jakstys.lt".extraConfig = ''
|
||||
redir https://recordrecap.jakstys.lt
|
||||
'';
|
||||
virtualHosts."vpn.jakstys.lt".extraConfig = ''
|
||||
reverse_proxy 127.0.0.1:8080
|
||||
'';
|
||||
@ -479,31 +431,6 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
system = {
|
||||
# TODO: run the upgrades after the backup service is complete
|
||||
autoUpgrade.enable = true;
|
||||
autoUpgrade = {
|
||||
allowReboot = true;
|
||||
dates = "01:00";
|
||||
rebootWindow = {
|
||||
lower = "01:00";
|
||||
upper = "03:00";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
trusted-users = motiejus
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
|
||||
];
|
||||
|
@ -42,7 +42,17 @@
|
||||
];
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 14d";
|
||||
};
|
||||
settings = {
|
||||
experimental-features = ["nix-command" "flakes"];
|
||||
trusted-users = ["motiejus"];
|
||||
};
|
||||
};
|
||||
|
||||
system.stateVersion = config.mj.stateVersion;
|
||||
|
||||
@ -87,18 +97,23 @@
|
||||
pv # pipe viewer for progressbars in pipes
|
||||
bat # "bat - cat with wings", cat|less with language highlight
|
||||
duf # nice disk usage output
|
||||
git
|
||||
tmux
|
||||
htop
|
||||
file # file duh
|
||||
host # look up host info
|
||||
tree # tree duh
|
||||
lsof # lsof yay
|
||||
rage # encrypt-decrypt
|
||||
#ncdu # disk usage navigator
|
||||
ncdu # disk usage navigator
|
||||
pwgen
|
||||
parted
|
||||
sqlite
|
||||
direnv
|
||||
ripgrep
|
||||
vimv-rs
|
||||
nix-top # nix-top is a top for what nix is doing
|
||||
bsdgames
|
||||
binutils
|
||||
moreutils
|
||||
unixtools.xxd
|
||||
@ -106,10 +121,13 @@
|
||||
# networking
|
||||
dig
|
||||
nmap
|
||||
ngrep
|
||||
wget
|
||||
curl
|
||||
whois
|
||||
ipset
|
||||
openssl
|
||||
tcpdump
|
||||
testssl
|
||||
dnsutils
|
||||
speedtest-cli
|
||||
|
@ -59,36 +59,35 @@ in {
|
||||
in
|
||||
assert fs.fsType == "zfs";
|
||||
assert lib.assertMsg
|
||||
config.mj.base.unitstatus.enable
|
||||
"config.mj.base.unitstatus.enable must be true";
|
||||
{
|
||||
name = lib.strings.sanitizeDerivationName mountpoint;
|
||||
value =
|
||||
{
|
||||
doInit = true;
|
||||
repo = config.mj.base.zfsborg.repo;
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.mj.base.zfsborg.passwdPath}";
|
||||
};
|
||||
paths = attrs.paths;
|
||||
extraArgs = "--remote-path=borg1";
|
||||
compression = "auto,lzma";
|
||||
startAt = attrs.backup_at;
|
||||
readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p];
|
||||
preHook = mountLatest mountpoint fs.device;
|
||||
postHook = umountLatest mountpoint;
|
||||
prune.keep = {
|
||||
within = "1d";
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 3;
|
||||
};
|
||||
}
|
||||
// lib.optionalAttrs (attrs ? patterns) {
|
||||
patterns = attrs.patterns;
|
||||
config.mj.base.unitstatus.enable
|
||||
"config.mj.base.unitstatus.enable must be true"; {
|
||||
name = lib.strings.sanitizeDerivationName mountpoint;
|
||||
value =
|
||||
{
|
||||
doInit = true;
|
||||
repo = config.mj.base.zfsborg.repo;
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passCommand = "cat ${config.mj.base.zfsborg.passwdPath}";
|
||||
};
|
||||
})
|
||||
paths = attrs.paths;
|
||||
extraArgs = "--remote-path=borg1";
|
||||
compression = "auto,lzma";
|
||||
startAt = attrs.backup_at;
|
||||
readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p];
|
||||
preHook = mountLatest mountpoint fs.device;
|
||||
postHook = umountLatest mountpoint;
|
||||
prune.keep = {
|
||||
within = "1d";
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 3;
|
||||
};
|
||||
}
|
||||
// lib.optionalAttrs (attrs ? patterns) {
|
||||
patterns = attrs.patterns;
|
||||
};
|
||||
})
|
||||
config.mj.base.zfsborg.mountpoints;
|
||||
|
||||
mj.base.unitstatus.units = let
|
||||
|
Loading…
Reference in New Issue
Block a user