aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-03-15 09:13:05 +0100
committerKarel Kočí <cynerd@email.cz>2024-03-15 16:57:21 +0100
commita48d057700c636666a5e835cbcb0b667848008c2 (patch)
tree6e6dc0b9fcf2e85415c2f66b2beb567403be73ca
parent422ef34e58bc8a187594779d95ef8d74e8332a47 (diff)
downloadnixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.gz
nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.bz2
nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.zip
nixos: rework configurations management
-rw-r--r--flake.lock6
-rw-r--r--flake.nix65
-rw-r--r--nixos/configurations.nix117
-rw-r--r--nixos/configurations/adm-mpd.nix (renamed from nixos/machine/adm-mpd.nix)2
-rw-r--r--nixos/configurations/adm-omnia.nix (renamed from nixos/machine/adm-omnia.nix)2
-rw-r--r--nixos/configurations/adm-omnia2.nix (renamed from nixos/machine/adm-omnia2.nix)1
-rw-r--r--nixos/configurations/albert.nix (renamed from nixos/machine/albert.nix)2
-rw-r--r--nixos/configurations/binky.nix (renamed from nixos/machine/binky.nix)1
-rw-r--r--nixos/configurations/dean.nix (renamed from nixos/machine/dean.nix)2
-rw-r--r--nixos/configurations/default.nix42
-rw-r--r--nixos/configurations/errol.nix (renamed from nixos/machine/errol.nix)1
-rw-r--r--nixos/configurations/gaspode.nix (renamed from nixos/machine/gaspode.nix)2
-rw-r--r--nixos/configurations/lipwig.nix237
-rw-r--r--nixos/configurations/ridcully.nix (renamed from nixos/machine/ridcully.nix)1
-rw-r--r--nixos/configurations/spt-mox.nix (renamed from nixos/machine/spt-mox.nix)1
-rw-r--r--nixos/configurations/spt-mox2.nix (renamed from nixos/machine/spt-mox2.nix)1
-rw-r--r--nixos/configurations/spt-mpd.nix15
-rw-r--r--nixos/configurations/spt-omnia.nix (renamed from nixos/machine/spt-omnia.nix)1
-rw-r--r--nixos/configurations/spt-omniax.nix (renamed from nixos/machine/spt-omniax.nix)2
-rw-r--r--nixos/default.nix18
-rw-r--r--nixos/machine/default.nix9
-rw-r--r--nixos/machine/lipwig.nix228
-rw-r--r--nixos/machine/spt-mpd.nix9
-rw-r--r--nixos/modules/default.nix13
24 files changed, 366 insertions, 412 deletions
diff --git a/flake.lock b/flake.lock
index 02137f2..f439301 100644
--- a/flake.lock
+++ b/flake.lock
@@ -745,11 +745,11 @@
},
"vpsadminos": {
"locked": {
- "lastModified": 1710366851,
- "narHash": "sha256-/Qhjx2mM87tc0ip+aJUeCYbdUQ5a0eb9GmxeAQvM+bA=",
+ "lastModified": 1710509949,
+ "narHash": "sha256-U4rYEcV40x7VpZfeOw21cZFIZrh+bjxx2iYRtnCRfTc=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
- "rev": "0cb872bfbf463f38c611e5c6d8ec28ee69ed48c2",
+ "rev": "d61fad3eedeaae209870f3f8f4e65e996e778ad0",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 33b647d..945f722 100644
--- a/flake.nix
+++ b/flake.nix
@@ -6,62 +6,83 @@
nixos-hardware.url = "nixos-hardware";
nixdeploy.url = "gitlab:cynerd/nixdeploy";
personal-secret.url = "git+ssh://git@cynerd.cz/nixos-personal-secret";
+ shellrc.url = "git+https://git.cynerd.cz/shellrc";
agenix.url = "github:ryantm/agenix";
shvspy.url = "git+https://github.com/silicon-heaven/shvspy.git?submodules=1";
shvcli.url = "github:silicon-heaven/shvcli";
+ usbkey.url = "gitlab:cynerd/usbkey";
+
nixturris.url = "gitlab:cynerd/nixturris";
nixbigclown.url = "github:cynerd/nixbigclown";
vpsadminos.url = "github:vpsfreecz/vpsadminos";
-
- shellrc.url = "git+https://git.cynerd.cz/shellrc";
- usbkey.url = "gitlab:cynerd/usbkey";
};
outputs = {
self,
- nixpkgs,
flake-utils,
+ nixpkgs,
+ nixdeploy,
+ personal-secret,
+ shellrc,
agenix,
shvspy,
shvcli,
- nixdeploy,
- shellrc,
usbkey,
+ nixturris,
+ nixbigclown,
...
}: let
inherit (flake-utils.lib) eachDefaultSystem filterPackages;
- inherit (nixpkgs.lib) mapAttrs' nameValuePair filterAttrs;
+ inherit (nixpkgs.lib) attrValues;
+ revision = self.shortRev or self.dirtyShortRev or "unknown";
in
{
- lib = import ./lib nixpkgs.lib;
overlays = {
- noInherit = final: prev: import ./pkgs final prev;
+ lib = final: prev: import ./lib prev;
+ pkgs = final: prev: import ./pkgs final prev;
default = nixpkgs.lib.composeManyExtensions [
agenix.overlays.default
- shvspy.overlays.default
- shvcli.overlays.default
nixdeploy.overlays.default
+ self.overlays.pkgs
shellrc.overlays.default
+ shvcli.overlays.default
+ shvspy.overlays.default
usbkey.overlays.default
- self.overlays.noInherit
];
};
- nixosModules = import ./nixos self;
- nixosConfigurations = import ./nixos/configurations.nix self;
+
+ nixosModules = let
+ modules = import ./nixos/modules {inherit (nixpkgs) lib;};
+ in
+ modules
+ // {
+ default = {
+ imports =
+ attrValues modules
+ ++ [
+ nixbigclown.nixosModules.default
+ nixdeploy.nixosModules.default
+ nixturris.nixosModules.default
+ personal-secret.nixosModules.default
+ shellrc.nixosModules.default
+ usbkey.nixosModules.default
+ ];
+ config = {
+ nixpkgs.overlays = [self.overlays.default];
+ system.configurationRevision = revision;
+ };
+ };
+ };
+
+ nixosConfigurations = import ./nixos/configurations self;
+ lib = import ./lib nixpkgs.lib;
}
// eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default;
in {
- packages =
- {default = pkgs.nixdeploy;}
- // mapAttrs' (n: v:
- nameValuePair
- "tarball-${n}"
- v.buildPlatform.${system}.config.system.build.tarball) (filterAttrs
- (n: v: v.config.system.build ? tarball)
- self.nixosConfigurations);
+ packages.default = pkgs.nixdeploy;
legacyPackages = pkgs;
devShells = filterPackages system (import ./devShells pkgs);
formatter = pkgs.alejandra;
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
deleted file mode 100644
index 0e6a4d5..0000000
--- a/nixos/configurations.nix
+++ /dev/null
@@ -1,117 +0,0 @@
-self: let
- inherit (self.inputs) nixpkgs nixos-hardware nixturris vpsadminos;
- inherit (nixpkgs.lib) optional hasAttr composeManyExtensions;
-
- modules = hostname:
- [
- self.nixosModules.default
- self.inputs.personal-secret.nixosModules.default
- {
- networking.hostName = hostname;
- nixpkgs.overlays = [self.overlays.default];
- system.configurationRevision = self.rev or "dirty";
- }
- ]
- ++ (optional (hasAttr "machine-${hostname}" self.nixosModules) self.nixosModules."machine-${hostname}");
- specialArgs = {
- lib = nixpkgs.lib.extend (composeManyExtensions [
- nixturris.overlays.lib
- (prev: final: import ../lib prev)
- ]);
- };
-
- genericSystem = {
- platform ? {system = "x86_64-linux";},
- extra_modules ? [],
- }: hostname: {
- ${hostname} = nixturris.lib.addBuildPlatform (nixpkgs.lib.nixosSystem {
- inherit specialArgs;
- modules = (modules hostname) ++ extra_modules ++ [{nixpkgs.hostPlatform = platform;}];
- });
- };
- amd64System = genericSystem {};
- vpsSystem = genericSystem {
- extra_modules = [
- vpsadminos.nixosConfigurations.container
- {boot.loader.systemd-boot.enable = false;}
- ];
- };
- raspi2System = genericSystem {
- platform.system = "armv7l-linux";
- extra_modules = [
- nixos-hardware.nixosModules.raspberry-pi-2
- ({pkgs, ...}: {
- boot.loader.systemd-boot.enable = false;
- boot.initrd.includeDefaultModules = false;
- })
- ];
- };
- raspi3System = genericSystem {
- platform.system = "aarch64-linux";
- extra_modules = [
- ({pkgs, ...}: {
- boot = {
- kernelPackages = pkgs.linuxPackages_rpi3;
- initrd.includeDefaultModules = false;
- loader = {
- grub.enable = false;
- systemd-boot.enable = false;
- generic-extlinux-compatible.enable = true;
- };
- };
- })
- ];
- };
- beagleboneSystem = genericSystem {
- platform.system = "armv7l-linux";
- extra_modules = [
- {
- boot.loader = {
- grub.enable = false;
- systemd-boot.enable = false;
- generic-extlinux-compatible.enable = true;
- };
- }
- ];
- };
-
- vmSystem = system: hostSystem:
- genericSystem {
- platform.system = system;
- extra_modules = [
- {
- boot.loader.systemd-boot.enable = false;
- virtualisation.qemu.package = self.nixosConfigurations."${hostSystem}".pkgs.qemu;
- }
- ];
- };
- amd64vmSystem = vmSystem "x86_64-linux";
- armv7lvmSystem = vmSystem "armv7l-linux";
- aarch64vmSystem = vmSystem "aarch64-linux";
-
- turrisSystem = board:
- genericSystem {
- platform = nixturris.lib.boardPlatform.${board};
- extra_modules = [
- nixturris.nixosModules.default
- {turris.board = board;}
- ];
- };
- turrisMoxSystem = turrisSystem "mox";
- turrisOmniaSystem = turrisSystem "omnia";
-in
- amd64System "albert"
- // amd64System "binky"
- // amd64System "errol"
- // amd64System "ridcully"
- // vpsSystem "lipwig"
- // raspi2System "spt-mpd"
- // raspi3System "adm-mpd"
- // beagleboneSystem "gaspode"
- // turrisMoxSystem "dean"
- // turrisOmniaSystem "spt-omnia"
- // turrisOmniaSystem "spt-omniax"
- // turrisMoxSystem "spt-mox"
- // turrisMoxSystem "spt-mox2"
- // turrisOmniaSystem "adm-omnia"
- // turrisOmniaSystem "adm-omnia2"
diff --git a/nixos/machine/adm-mpd.nix b/nixos/configurations/adm-mpd.nix
index ae2ea01..ac3b4de 100644
--- a/nixos/machine/adm-mpd.nix
+++ b/nixos/configurations/adm-mpd.nix
@@ -5,6 +5,8 @@
}: let
inherit (lib) filterAttrs;
in {
+ nixpkgs.hostPlatform.system = "aarch64-linux";
+
fileSystems = {
"/" = {
device = "/dev/mmcblk0p2";
diff --git a/nixos/machine/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 08db3fd..3f857ee 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -1,4 +1,6 @@
{config, ...}: {
+ turris.board = "omnia";
+
cynerd = {
router = {
enable = true;
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix
index 6a9831a..19ee446 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/configurations/adm-omnia2.nix
@@ -1,4 +1,5 @@
{config, ...}: {
+ turris.board = "omnia";
deploy = {
enable = true;
ssh.host = "omnia2.adm";
diff --git a/nixos/machine/albert.nix b/nixos/configurations/albert.nix
index b9a2c8e..a6a4ee1 100644
--- a/nixos/machine/albert.nix
+++ b/nixos/configurations/albert.nix
@@ -1,4 +1,6 @@
{
+ nixpkgs.hostPlatform.system = "x86_64-linux";
+
cynerd = {
desktop = {
enable = true;
diff --git a/nixos/machine/binky.nix b/nixos/configurations/binky.nix
index 569fccb..c51f95b 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -1,6 +1,7 @@
{lib, ...}: let
inherit (lib) mkDefault;
in {
+ nixpkgs.hostPlatform.system = "x86_64-linux";
deploy = {
enable = true;
default = false;
diff --git a/nixos/machine/dean.nix b/nixos/configurations/dean.nix
index 0a97e33..b91083c 100644
--- a/nixos/machine/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,4 +1,6 @@
{pkgs, ...}: {
+ nixpkgs.hostPlatform.system = "aarch64-linux";
+
cynerd = {
openvpn = {
oldpersonal = true;
diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix
new file mode 100644
index 0000000..497c0fb
--- /dev/null
+++ b/nixos/configurations/default.nix
@@ -0,0 +1,42 @@
+self: let
+ inherit (builtins) readDir;
+ inherit (self.inputs) nixpkgs nixturris;
+ inherit
+ (nixpkgs.lib)
+ filterAttrs
+ composeManyExtensions
+ hasSuffix
+ nameValuePair
+ nixosSystem
+ removeSuffix
+ mapAttrs
+ mapAttrs'
+ ;
+in
+ mapAttrs' (
+ fname: _: let
+ name = removeSuffix ".nix" fname;
+ in
+ nameValuePair name (nixosSystem {
+ modules = [
+ (./. + ("/" + fname))
+ {networking.hostName = name;}
+ self.nixosModules.default
+ ];
+ specialArgs = {
+ inputModules =
+ mapAttrs (v: v.nixosModules) self.inputs
+ // {
+ vpsadminos = self.inputs.vpsadminos.nixosConfigurations.container;
+ };
+ lib = nixpkgs.lib.extend (composeManyExtensions [
+ nixturris.overlays.lib
+ self.overlays.lib
+ ]);
+ };
+ })
+ )
+ (filterAttrs (
+ n: v:
+ v == "regular" && n != "default.nix" && hasSuffix ".nix" n
+ ) (readDir ./.))
diff --git a/nixos/machine/errol.nix b/nixos/configurations/errol.nix
index 6f48a17..a9475ef 100644
--- a/nixos/machine/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -6,6 +6,7 @@
}: let
inherit (lib) mkDefault;
in {
+ nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
cynerd = {
diff --git a/nixos/machine/gaspode.nix b/nixos/configurations/gaspode.nix
index 5e57456..78d8277 100644
--- a/nixos/machine/gaspode.nix
+++ b/nixos/configurations/gaspode.nix
@@ -1,4 +1,6 @@
{
+ nixpkgs.hostPlatform.system = "armv7l-linux";
+
fileSystems = {
"/" = {
device = "/dev/mmcblk0p2";
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
new file mode 100644
index 0000000..c484541
--- /dev/null
+++ b/nixos/configurations/lipwig.nix
@@ -0,0 +1,237 @@
+{
+ config,
+ pkgs,
+ inputModules,
+ ...
+}: {
+ imports = [inputModules.vpsadminos];
+
+ config = {
+ nixpkgs.hostPlatform.system = "x86_64-linux";
+
+ deploy = {
+ enable = true;
+ ssh.host = "cynerd.cz";
+ };
+
+ cynerd = {
+ syncthing = {
+ enable = false;
+ baseDir = "/nas";
+ };
+ openvpn.oldpersonal = true;
+ };
+
+ boot.loader.systemd-boot.enable = false;
+
+ fileSystems."/nas" = {
+ device = "172.16.128.63:/nas/2682";
+ fsType = "nfs";
+ };
+
+ networking.firewall = {
+ allowedTCPPorts = [80 443];
+ allowedUDPPorts = [1194];
+ };
+
+ # Web ######################################################################
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "cynerd.cz" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/".root = ../../web;
+ "/radicale/" = {
+ proxyPass = "http://127.0.0.1:5232/";
+ extraConfig = ''
+ proxy_set_header X-Script-Name /radicale;
+ proxy_pass_header Authorization;
+ '';
+ };
+ };
+ };
+ "git.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ root = "${pkgs.cgit}/cgit";
+ locations."/".tryFiles = "$uri @cgit";
+ locations."@cgit".extraConfig = ''
+ fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ '';
+ };
+ "cloud.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ };
+ "grafana.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+ extraConfig = "proxy_set_header Host $host;";
+ proxyWebsockets = true;
+ };
+ };
+ };
+ };
+ services.fcgiwrap = {
+ enable = true;
+ inherit (config.services.nginx) group;
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ certs."cynerd.cz".extraDomainNames = [
+ "git.cynerd.cz"
+ "cloud.cynerd.cz"
+ "grafana.cynerd.cz"
+ ];
+ };
+
+ # Git ######################################################################
+ services.gitolite = {
+ enable = true;
+ user = "git";
+ group = "git";
+ dataDir = "/var/lib/git";
+ adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
+ };
+ services.gitDaemon = {
+ enable = false;
+ user = "gitdemon";
+ group = "gitdaemon";
+ basePath = "/var/lib/git/repositories";
+ };
+ environment.etc."cgitrc".text = ''
+ root-title=Cynerd's git repository
+ root-desc=All my projects (at least those released to public)
+ #logo=cynerd.cz/wolf.svg
+ virtual-root=/
+
+ # Allow download of tar.gz, tar.bz2 and zip-files
+ snapshots=tar.gz tar.bz2 zip
+ ## List of common mimetypes
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
+
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+ readme=:README.md
+ readme=:README.adoc
+
+ enable-index-owner=0
+ enable-index-links=1
+ enable-http-clone=1
+ clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+ enable-commit-graph=1
+ branch-sort=age
+
+ remove-suffix=1
+ enable-git-config=1
+ project-list=/var/lib/git/projects.list
+ scan-path=/var/lib/git/repositories/
+ '';
+
+ # Nextcloud ################################################################
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud28;
+ https = true;
+ hostName = "cloud.cynerd.cz";
+ datadir = "/nas/nextcloud";
+ config = {
+ adminuser = "cynerd";
+ adminpassFile = "/run/secrets/nextcloud.admin.pass";
+ dbtype = "pgsql";
+ dbhost = "/run/postgresql";
+ dbtableprefix = "oc_";
+ };
+ settings = {
+ #log_type = "systemd";
+ default_phone_region = "CZ";
+ };
+ phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
+ phpOptions = {
+ "opcache.interned_strings_buffer" = "16";
+ };
+ maxUploadSize = "1G";
+ appstoreEnable = false;
+ extraApps = {
+ inherit
+ (config.services.nextcloud.package.packages.apps)
+ bookmarks
+ calendar
+ contacts
+ cookbook
+ deck
+ forms
+ groupfolders
+ impersonate
+ maps
+ memories
+ notes
+ phonetrack
+ previewgenerator
+ spreed
+ tasks
+ twofactor_nextcloud_notification
+ twofactor_webauthn
+ ;
+ # Additional modules can be fetched with:
+ # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
+ passwords = pkgs.fetchNextcloudApp {
+ url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
+ sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
+ license = "agpl3";
+ };
+ integration_github = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
+ sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
+ license = "agpl3";
+ };
+ integration_gitlab = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
+ sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
+ license = "agpl3";
+ };
+ };
+ };
+ environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
+
+ # Postgresql ###############################################################
+ services.postgresql = {
+ enable = true;
+ ensureUsers = [
+ {
+ name = "nextcloud";
+ ensureDBOwnership = true;
+ }
+ ];
+ ensureDatabases = ["nextcloud"];
+ };
+
+ # Old Syncthing ############################################################
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
+
+ overrideDevices = false;
+ overrideFolders = false;
+
+ dataDir = "/nas/sync";
+ configDir = "/nas/sync/.syncthing";
+ };
+ };
+}
diff --git a/nixos/machine/ridcully.nix b/nixos/configurations/ridcully.nix
index f4af643..3e2b474 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -1,6 +1,7 @@
{lib, ...}: let
inherit (lib) mkDefault;
in {
+ nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
cynerd = {
diff --git a/nixos/machine/spt-mox.nix b/nixos/configurations/spt-mox.nix
index edeae8a..7b1ffb8 100644
--- a/nixos/machine/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -1,4 +1,5 @@
{config, ...}: {
+ turris.board = "mox";
deploy = {
enable = true;
ssh.host = "mox.spt";
diff --git a/nixos/machine/spt-mox2.nix b/nixos/configurations/spt-mox2.nix
index 45035d4..612e85e 100644
--- a/nixos/machine/spt-mox2.nix
+++ b/nixos/configurations/spt-mox2.nix
@@ -1,4 +1,5 @@
{config, ...}: {
+ turris.board = "mox";
deploy = {
enable = true;
ssh.host = "mox2.spt";
diff --git a/nixos/configurations/spt-mpd.nix b/nixos/configurations/spt-mpd.nix
new file mode 100644
index 0000000..b212932
--- /dev/null
+++ b/nixos/configurations/spt-mpd.nix
@@ -0,0 +1,15 @@
+{inputModules, ...}: {
+ imports = [inputModules.nixos-hardware.raspberry-pi-2];
+
+ config = {
+ nixpkgs.hostPlatform.system = "armv7l-linux";
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/mmcblk0p1";
+ fsType = "btrfs";
+ options = ["compress=lzo"];
+ };
+ };
+ };
+}
diff --git a/nixos/machine/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index ea5b4e1..ca4d211 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -5,6 +5,7 @@
}: let
hosts = config.cynerd.hosts.spt;
in {
+ turris.board = "omnia";
deploy = {
enable = true;
ssh.host = "omnia.spt";
diff --git a/nixos/machine/spt-omniax.nix b/nixos/configurations/spt-omniax.nix
index 8edef49..4f9e0e0 100644
--- a/nixos/machine/spt-omniax.nix
+++ b/nixos/configurations/spt-omniax.nix
@@ -1,4 +1,6 @@
{
+ turris.board = "omnia";
+
cynerd = {
router = {
enable = true;
diff --git a/nixos/default.nix b/nixos/default.nix
deleted file mode 100644
index b740024..0000000
--- a/nixos/default.nix
+++ /dev/null
@@ -1,18 +0,0 @@
-self: let
- machines = import ./machine self;
- modules = import ./modules self;
-in
- modules
- // machines
- // {
- default = {
- imports = with self.inputs;
- [
- nixdeploy.nixosModules.default
- shellrc.nixosModules.default
- usbkey.nixosModules.default
- nixbigclown.nixosModules.default
- ]
- ++ builtins.attrValues modules;
- };
- }
diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix
deleted file mode 100644
index 4aa05ba..0000000
--- a/nixos/machine/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-self: let
- inherit (builtins) readDir;
- inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix;
-in
- mapAttrs'
- (n: v: nameValuePair "machine-${removeSuffix ".nix" n}" (import (./. + "/${n}")))
- (filterAttrs
- (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix")
- (readDir ./.))
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
deleted file mode 100644
index ac868f5..0000000
--- a/nixos/machine/lipwig.nix
+++ /dev/null
@@ -1,228 +0,0 @@
-{
- config,
- pkgs,
- ...
-}: {
- deploy = {
- enable = true;
- ssh.host = "cynerd.cz";
- };
-
- cynerd = {
- syncthing = {
- enable = false;
- baseDir = "/nas";
- };
- openvpn.oldpersonal = true;
- };
-
- fileSystems."/nas" = {
- device = "172.16.128.63:/nas/2682";
- fsType = "nfs";
- };
-
- networking.firewall = {
- allowedTCPPorts = [80 443];
- allowedUDPPorts = [1194];
- };
-
- # Web ######################################################################
- services.nginx = {
- enable = true;
- virtualHosts = {
- "cynerd.cz" = {
- forceSSL = true;
- enableACME = true;
- locations = {
- "/".root = ../../web;
- "/radicale/" = {
- proxyPass = "http://127.0.0.1:5232/";
- extraConfig = ''
- proxy_set_header X-Script-Name /radicale;
- proxy_pass_header Authorization;
- '';
- };
- };
- };
- "git.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- root = "${pkgs.cgit}/cgit";
- locations."/".tryFiles = "$uri @cgit";
- locations."@cgit".extraConfig = ''
- fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
- fastcgi_param PATH_INFO $uri;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- '';
- };
- "cloud.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- };
- "grafana.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- locations."/" = {
- proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
- extraConfig = "proxy_set_header Host $host;";
- proxyWebsockets = true;
- };
- };
- };
- };
- services.fcgiwrap = {
- enable = true;
- inherit (config.services.nginx) group;
- };
- security.acme = {
- acceptTerms = true;
- defaults.email = "cynerd+acme@email.cz";
- certs."cynerd.cz".extraDomainNames = [
- "git.cynerd.cz"
- "cloud.cynerd.cz"
- "grafana.cynerd.cz"
- ];
- };
-
- # Git ######################################################################
- services.gitolite = {
- enable = true;
- user = "git";
- group = "git";
- dataDir = "/var/lib/git";
- adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
- };
- services.gitDaemon = {
- enable = false;
- user = "gitdemon";
- group = "gitdaemon";
- basePath = "/var/lib/git/repositories";
- };
- environment.etc."cgitrc".text = ''
- root-title=Cynerd's git repository
- root-desc=All my projects (at least those released to public)
- #logo=cynerd.cz/wolf.svg
- virtual-root=/
-
- # Allow download of tar.gz, tar.bz2 and zip-files
- snapshots=tar.gz tar.bz2 zip
- ## List of common mimetypes
- mimetype.gif=image/gif
- mimetype.html=text/html
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
-
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
-
- readme=:README.md
- readme=:README.adoc
-
- enable-index-owner=0
- enable-index-links=1
- enable-http-clone=1
- clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
- enable-commit-graph=1
- branch-sort=age
-
- remove-suffix=1
- enable-git-config=1
- project-list=/var/lib/git/projects.list
- scan-path=/var/lib/git/repositories/
- '';
-
- # Nextcloud ################################################################
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud28;
- https = true;
- hostName = "cloud.cynerd.cz";
- datadir = "/nas/nextcloud";
- config = {
- adminuser = "cynerd";
- adminpassFile = "/run/secrets/nextcloud.admin.pass";
- dbtype = "pgsql";
- dbhost = "/run/postgresql";
- dbtableprefix = "oc_";
- };
- settings = {
- #log_type = "systemd";
- default_phone_region = "CZ";
- };
- phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
- phpOptions = {
- "opcache.interned_strings_buffer" = "16";
- };
- maxUploadSize = "1G";
- appstoreEnable = false;
- extraApps = {
- inherit
- (config.services.nextcloud.package.packages.apps)
- bookmarks
- calendar
- contacts
- cookbook
- deck
- forms
- groupfolders
- impersonate
- maps
- memories
- notes
- phonetrack
- previewgenerator
- spreed
- tasks
- twofactor_nextcloud_notification
- twofactor_webauthn
- ;
- # Additional modules can be fetched with:
- # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
- passwords = pkgs.fetchNextcloudApp {
- url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
- sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
- license = "agpl3";
- };
- integration_github = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
- sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
- license = "agpl3";
- };
- integration_gitlab = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
- sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
- license = "agpl3";
- };
- };
- };
- environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
-
- # Postgresql ###############################################################
- services.postgresql = {
- enable = true;
- ensureUsers = [
- {
- name = "nextcloud";
- ensureDBOwnership = true;
- }
- ];
- ensureDatabases = ["nextcloud"];
- };
-
- # Old Syncthing ############################################################
- services.syncthing = {
- enable = true;
- openDefaultPorts = true;
-
- overrideDevices = false;
- overrideFolders = false;
-
- dataDir = "/nas/sync";
- configDir = "/nas/sync/.syncthing";
- };
-}
diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix
deleted file mode 100644
index 28f5f99..0000000
--- a/nixos/machine/spt-mpd.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- fileSystems = {
- "/" = {
- device = "/dev/mmcblk0p1";
- fsType = "btrfs";
- options = ["compress=lzo"];
- };
- };
-}
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index 7afdc95..ea2acb3 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,9 +1,10 @@
-self: let
+{lib}: let
inherit (builtins) readDir;
- inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix;
+ inherit (lib) filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix;
in
mapAttrs'
- (n: v: nameValuePair "cynerd-${removeSuffix ".nix" n}" (./. + "/${n}"))
- (filterAttrs
- (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix")
- (readDir ./.))
+ (fname: _: nameValuePair (removeSuffix ".nix" fname) (./. + ("/" + fname)))
+ (filterAttrs (
+ n: v:
+ v == "regular" && n != "default.nix" && hasSuffix ".nix" n
+ ) (readDir ./.))