motiejus/config
1
Fork 0
Code Packages Releases Activity

small cleanup

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-07-20 11:56:08 +03:00
parent 0f1d12cb34
commit 16a8eff543
3 changed files with 54 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
hosts/hel1-a/configuration.nix
View File

@ -8,38 +8,12 @@
}: let }: let
turn_cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt"; turn_cert_dir = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/turn.jakstys.lt";
gitea_uidgid = 995; gitea_uidgid = 995;
# functions
mountLatest = (
{
mountpoint,
zfs_name,
}: ''
set -euo pipefail
${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest &>/dev/null || :
mkdir -p ${mountpoint}/.snapshot-latest
${pkgs.util-linux}/bin/mount -t zfs $(${pkgs.zfs}/bin/zfs list -H -t snapshot -o name ${zfs_name} | sort | tail -1) ${mountpoint}/.snapshot-latest
''
);
umountLatest = (
{mountpoint, ...}: ''exec ${pkgs.util-linux}/bin/umount ${mountpoint}/.snapshot-latest''
);
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./zfs.nix ./zfs.nix
]; ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = builtins.attrValues myData.ssh_pubkeys;
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
};
};
mj = { mj = {
stateVersion = "22.11"; stateVersion = "22.11";
timeZone = "UTC"; timeZone = "UTC";
@ -82,7 +56,6 @@ in {
unitstatus = { unitstatus = {
enable = true; enable = true;
email = "motiejus+alerts@jakstys.lt"; email = "motiejus+alerts@jakstys.lt";
# see TODO in base/unitstatus/default.nix
units = ["zfs-scrub" "nixos-upgrade"]; units = ["zfs-scrub" "nixos-upgrade"];
}; };
}; };
@ -101,30 +74,12 @@ in {
groups.gitea.gid = gitea_uidgid; groups.gitea.gid = gitea_uidgid;
}; };
environment = { environment.systemPackages = with pkgs; [
systemPackages = with pkgs; [
git
tmux
htop
#ncdu
nmap
ipset
ngrep
p7zip
pwgen
parted
sqlite
direnv
tcpdump
vimv-rs
openssl
bsdgames
headscale headscale
mailutils mailutils
nixos-option nixos-option
graphicsmagick graphicsmagick
]; ];
};
services = { services = {
tailscale.enable = true; tailscale.enable = true;
@ -228,9 +183,6 @@ in {
virtualHosts."recordrecap.jakstys.lt".extraConfig = '' virtualHosts."recordrecap.jakstys.lt".extraConfig = ''
reverse_proxy vno1-oh2.servers.jakst:8080 reverse_proxy vno1-oh2.servers.jakst:8080
''; '';
virtualHosts."www.recordrecap.jakstys.lt".extraConfig = ''
redir https://recordrecap.jakstys.lt
'';
virtualHosts."vpn.jakstys.lt".extraConfig = '' virtualHosts."vpn.jakstys.lt".extraConfig = ''
reverse_proxy 127.0.0.1:8080 reverse_proxy 127.0.0.1:8080
''; '';
@ -479,31 +431,6 @@ in {
}; };
}; };
system = {
# TODO: run the upgrades after the backup service is complete
autoUpgrade.enable = true;
autoUpgrade = {
allowReboot = true;
dates = "01:00";
rebootWindow = {
lower = "01:00";
upper = "03:00";
};
};
};
nix = {
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 14d";
};
extraOptions = ''
experimental-features = nix-command flakes
trusted-users = motiejus
'';
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -" "d /run/matrix-synapse 0700 matrix-synapse matrix-synapse -"
]; ];

22
modules/base/default.nix
View File

@ -42,7 +42,17 @@
]; ];
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix = {
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 14d";
};
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["motiejus"];
};
};
system.stateVersion = config.mj.stateVersion; system.stateVersion = config.mj.stateVersion;
@ -87,18 +97,23 @@
pv # pipe viewer for progressbars in pipes pv # pipe viewer for progressbars in pipes
bat # "bat - cat with wings", cat|less with language highlight bat # "bat - cat with wings", cat|less with language highlight
duf # nice disk usage output duf # nice disk usage output
git
tmux
htop
file # file duh file # file duh
host # look up host info host # look up host info
tree # tree duh tree # tree duh
lsof # lsof yay lsof # lsof yay
rage # encrypt-decrypt rage # encrypt-decrypt
#ncdu # disk usage navigator ncdu # disk usage navigator
pwgen pwgen
parted
sqlite sqlite
direnv direnv
ripgrep ripgrep
vimv-rs vimv-rs
nix-top # nix-top is a top for what nix is doing nix-top # nix-top is a top for what nix is doing
bsdgames
binutils binutils
moreutils moreutils
unixtools.xxd unixtools.xxd
@ -106,10 +121,13 @@
# networking # networking
dig dig
nmap nmap
ngrep
wget wget
curl curl
whois whois
ipset ipset
openssl
tcpdump
testssl testssl
dnsutils dnsutils
speedtest-cli speedtest-cli

3
modules/base/zfsborg/default.nix
View File

@ -60,8 +60,7 @@ in {
assert fs.fsType == "zfs"; assert fs.fsType == "zfs";
assert lib.assertMsg assert lib.assertMsg
config.mj.base.unitstatus.enable config.mj.base.unitstatus.enable
"config.mj.base.unitstatus.enable must be true"; "config.mj.base.unitstatus.enable must be true"; {
{
name = lib.strings.sanitizeDerivationName mountpoint; name = lib.strings.sanitizeDerivationName mountpoint;
value = value =
{ {