From 16a8eff5435a2a944488024e704872facc78fe3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Thu, 20 Jul 2023 11:56:08 +0300 Subject: [PATCH] small cleanup --- hosts/hel1-a/configuration.nix | 85 +++----------------------------- modules/base/default.nix | 22 ++++++++- modules/base/zfsborg/default.nix | 57 +++++++++++---------- 3 files changed, 54 insertions(+), 110 deletions(-) diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix index 1ed30ce..f6ea992 100644 --- a/hosts/hel1-a/configuration.nix +++ b/hosts/hel1-a/configuration.nix @@ -8,38 +8,12 @@ }: let turn_cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt"; gitea_uidgid = 995; - - # functions - mountLatest = ( - { - mountpoint, - zfs_name, - }: '' - set -euo pipefail - ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest &>/dev/null || : - mkdir -p ${mountpoint}/.snapshot-latest - ${pkgs.util-linux}/bin/mount -t zfs $(${pkgs.zfs}/bin/zfs list -H -t snapshot -o name ${zfs_name} | sort | tail -1) ${mountpoint}/.snapshot-latest - '' - ); - - umountLatest = ( - {mountpoint, ...}: ''exec ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest'' - ); in { imports = [ ./hardware-configuration.nix ./zfs.nix ]; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - authorizedKeys = builtins.attrValues myData.ssh_pubkeys; - hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"]; - }; - }; - mj = { stateVersion = "22.11"; timeZone = "UTC"; @@ -82,7 +56,6 @@ in { unitstatus = { enable = true; email = "motiejus+alerts@jakstys.lt"; - # see TODO in base/unitstatus/default.nix units = ["zfs-scrub" "nixos-upgrade"]; }; }; @@ -101,30 +74,12 @@ in { groups.gitea.gid = gitea_uidgid; }; - environment = { - systemPackages = with pkgs; [ - git - tmux - htop - #ncdu - nmap - ipset - ngrep - p7zip - pwgen - parted - sqlite - direnv - tcpdump - vimv-rs - openssl - bsdgames - headscale - mailutils - nixos-option - graphicsmagick - ]; - }; + environment.systemPackages = with pkgs; [ + headscale + mailutils + nixos-option + graphicsmagick + ]; services = { tailscale.enable = true; @@ -228,9 +183,6 @@ in { virtualHosts."recordrecap.jakstys.lt".extraConfig = '' reverse_proxy vno1-oh2.servers.jakst:8080 ''; - virtualHosts."www.recordrecap.jakstys.lt".extraConfig = '' - redir https://recordrecap.jakstys.lt - ''; virtualHosts."vpn.jakstys.lt".extraConfig = '' reverse_proxy 127.0.0.1:8080 ''; @@ -479,31 +431,6 @@ in { }; }; - system = { - # TODO: run the upgrades after the backup service is complete - autoUpgrade.enable = true; - autoUpgrade = { - allowReboot = true; - dates = "01:00"; - rebootWindow = { - lower = "01:00"; - upper = "03:00"; - }; - }; - }; - - nix = { - gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 14d"; - }; - extraOptions = '' - experimental-features = nix-command flakes - trusted-users = motiejus - ''; - }; - systemd.tmpfiles.rules = [ "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" ]; diff --git a/modules/base/default.nix b/modules/base/default.nix index e53de03..ca57d1e 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -42,7 +42,17 @@ ]; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix = { + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 14d"; + }; + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["motiejus"]; + }; + }; system.stateVersion = config.mj.stateVersion; @@ -87,18 +97,23 @@ pv # pipe viewer for progressbars in pipes bat # "bat - cat with wings", cat|less with language highlight duf # nice disk usage output + git + tmux + htop file # file duh host # look up host info tree # tree duh lsof # lsof yay rage # encrypt-decrypt - #ncdu # disk usage navigator + ncdu # disk usage navigator pwgen + parted sqlite direnv ripgrep vimv-rs nix-top # nix-top is a top for what nix is doing + bsdgames binutils moreutils unixtools.xxd @@ -106,10 +121,13 @@ # networking dig nmap + ngrep wget curl whois ipset + openssl + tcpdump testssl dnsutils speedtest-cli diff --git a/modules/base/zfsborg/default.nix b/modules/base/zfsborg/default.nix index 3c41bff..c9c6bb3 100644 --- a/modules/base/zfsborg/default.nix +++ b/modules/base/zfsborg/default.nix @@ -59,36 +59,35 @@ in { in assert fs.fsType == "zfs"; assert lib.assertMsg - config.mj.base.unitstatus.enable - "config.mj.base.unitstatus.enable must be true"; - { - name = lib.strings.sanitizeDerivationName mountpoint; - value = - { - doInit = true; - repo = config.mj.base.zfsborg.repo; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.mj.base.zfsborg.passwdPath}"; - }; - paths = attrs.paths; - extraArgs = "--remote-path=borg1"; - compression = "auto,lzma"; - startAt = attrs.backup_at; - readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p]; - preHook = mountLatest mountpoint fs.device; - postHook = umountLatest mountpoint; - prune.keep = { - within = "1d"; - daily = 7; - weekly = 4; - monthly = 3; - }; - } - // lib.optionalAttrs (attrs ? patterns) { - patterns = attrs.patterns; + config.mj.base.unitstatus.enable + "config.mj.base.unitstatus.enable must be true"; { + name = lib.strings.sanitizeDerivationName mountpoint; + value = + { + doInit = true; + repo = config.mj.base.zfsborg.repo; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.mj.base.zfsborg.passwdPath}"; }; - }) + paths = attrs.paths; + extraArgs = "--remote-path=borg1"; + compression = "auto,lzma"; + startAt = attrs.backup_at; + readWritePaths = let p = mountpoint + "/.snapshot-latest"; in [p]; + preHook = mountLatest mountpoint fs.device; + postHook = umountLatest mountpoint; + prune.keep = { + within = "1d"; + daily = 7; + weekly = 4; + monthly = 3; + }; + } + // lib.optionalAttrs (attrs ? patterns) { + patterns = attrs.patterns; + }; + }) config.mj.base.zfsborg.mountpoints; mj.base.unitstatus.units = let