diff options
author | Karel Kočí <cynerd@email.cz> | 2024-03-15 09:13:05 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2024-03-15 16:57:21 +0100 |
commit | a48d057700c636666a5e835cbcb0b667848008c2 (patch) | |
tree | 6e6dc0b9fcf2e85415c2f66b2beb567403be73ca | |
parent | 422ef34e58bc8a187594779d95ef8d74e8332a47 (diff) | |
download | nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.gz nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.bz2 nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.zip |
nixos: rework configurations management
-rw-r--r-- | flake.lock | 6 | ||||
-rw-r--r-- | flake.nix | 65 | ||||
-rw-r--r-- | nixos/configurations.nix | 117 | ||||
-rw-r--r-- | nixos/configurations/adm-mpd.nix (renamed from nixos/machine/adm-mpd.nix) | 2 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia.nix (renamed from nixos/machine/adm-omnia.nix) | 2 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia2.nix (renamed from nixos/machine/adm-omnia2.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/albert.nix (renamed from nixos/machine/albert.nix) | 2 | ||||
-rw-r--r-- | nixos/configurations/binky.nix (renamed from nixos/machine/binky.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/dean.nix (renamed from nixos/machine/dean.nix) | 2 | ||||
-rw-r--r-- | nixos/configurations/default.nix | 42 | ||||
-rw-r--r-- | nixos/configurations/errol.nix (renamed from nixos/machine/errol.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/gaspode.nix (renamed from nixos/machine/gaspode.nix) | 2 | ||||
-rw-r--r-- | nixos/configurations/lipwig.nix | 237 | ||||
-rw-r--r-- | nixos/configurations/ridcully.nix (renamed from nixos/machine/ridcully.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/spt-mox.nix (renamed from nixos/machine/spt-mox.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/spt-mox2.nix (renamed from nixos/machine/spt-mox2.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/spt-mpd.nix | 15 | ||||
-rw-r--r-- | nixos/configurations/spt-omnia.nix (renamed from nixos/machine/spt-omnia.nix) | 1 | ||||
-rw-r--r-- | nixos/configurations/spt-omniax.nix (renamed from nixos/machine/spt-omniax.nix) | 2 | ||||
-rw-r--r-- | nixos/default.nix | 18 | ||||
-rw-r--r-- | nixos/machine/default.nix | 9 | ||||
-rw-r--r-- | nixos/machine/lipwig.nix | 228 | ||||
-rw-r--r-- | nixos/machine/spt-mpd.nix | 9 | ||||
-rw-r--r-- | nixos/modules/default.nix | 13 |
24 files changed, 366 insertions, 412 deletions
@@ -745,11 +745,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1710366851, - "narHash": "sha256-/Qhjx2mM87tc0ip+aJUeCYbdUQ5a0eb9GmxeAQvM+bA=", + "lastModified": 1710509949, + "narHash": "sha256-U4rYEcV40x7VpZfeOw21cZFIZrh+bjxx2iYRtnCRfTc=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "0cb872bfbf463f38c611e5c6d8ec28ee69ed48c2", + "rev": "d61fad3eedeaae209870f3f8f4e65e996e778ad0", "type": "github" }, "original": { @@ -6,62 +6,83 @@ nixos-hardware.url = "nixos-hardware"; nixdeploy.url = "gitlab:cynerd/nixdeploy"; personal-secret.url = "git+ssh://git@cynerd.cz/nixos-personal-secret"; + shellrc.url = "git+https://git.cynerd.cz/shellrc"; agenix.url = "github:ryantm/agenix"; shvspy.url = "git+https://github.com/silicon-heaven/shvspy.git?submodules=1"; shvcli.url = "github:silicon-heaven/shvcli"; + usbkey.url = "gitlab:cynerd/usbkey"; + nixturris.url = "gitlab:cynerd/nixturris"; nixbigclown.url = "github:cynerd/nixbigclown"; vpsadminos.url = "github:vpsfreecz/vpsadminos"; - - shellrc.url = "git+https://git.cynerd.cz/shellrc"; - usbkey.url = "gitlab:cynerd/usbkey"; }; outputs = { self, - nixpkgs, flake-utils, + nixpkgs, + nixdeploy, + personal-secret, + shellrc, agenix, shvspy, shvcli, - nixdeploy, - shellrc, usbkey, + nixturris, + nixbigclown, ... }: let inherit (flake-utils.lib) eachDefaultSystem filterPackages; - inherit (nixpkgs.lib) mapAttrs' nameValuePair filterAttrs; + inherit (nixpkgs.lib) attrValues; + revision = self.shortRev or self.dirtyShortRev or "unknown"; in { - lib = import ./lib nixpkgs.lib; overlays = { - noInherit = final: prev: import ./pkgs final prev; + lib = final: prev: import ./lib prev; + pkgs = final: prev: import ./pkgs final prev; default = nixpkgs.lib.composeManyExtensions [ agenix.overlays.default - shvspy.overlays.default - shvcli.overlays.default nixdeploy.overlays.default + self.overlays.pkgs shellrc.overlays.default + shvcli.overlays.default + shvspy.overlays.default usbkey.overlays.default - self.overlays.noInherit ]; }; - nixosModules = import ./nixos self; - nixosConfigurations = import ./nixos/configurations.nix self; + + nixosModules = let + modules = import ./nixos/modules {inherit (nixpkgs) lib;}; + in + modules + // { + default = { + imports = + attrValues modules + ++ [ + nixbigclown.nixosModules.default + nixdeploy.nixosModules.default + nixturris.nixosModules.default + personal-secret.nixosModules.default + shellrc.nixosModules.default + usbkey.nixosModules.default + ]; + config = { + nixpkgs.overlays = [self.overlays.default]; + system.configurationRevision = revision; + }; + }; + }; + + nixosConfigurations = import ./nixos/configurations self; + lib = import ./lib nixpkgs.lib; } // eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages."${system}".extend self.overlays.default; in { - packages = - {default = pkgs.nixdeploy;} - // mapAttrs' (n: v: - nameValuePair - "tarball-${n}" - v.buildPlatform.${system}.config.system.build.tarball) (filterAttrs - (n: v: v.config.system.build ? tarball) - self.nixosConfigurations); + packages.default = pkgs.nixdeploy; legacyPackages = pkgs; devShells = filterPackages system (import ./devShells pkgs); formatter = pkgs.alejandra; diff --git a/nixos/configurations.nix b/nixos/configurations.nix deleted file mode 100644 index 0e6a4d5..0000000 --- a/nixos/configurations.nix +++ /dev/null @@ -1,117 +0,0 @@ -self: let - inherit (self.inputs) nixpkgs nixos-hardware nixturris vpsadminos; - inherit (nixpkgs.lib) optional hasAttr composeManyExtensions; - - modules = hostname: - [ - self.nixosModules.default - self.inputs.personal-secret.nixosModules.default - { - networking.hostName = hostname; - nixpkgs.overlays = [self.overlays.default]; - system.configurationRevision = self.rev or "dirty"; - } - ] - ++ (optional (hasAttr "machine-${hostname}" self.nixosModules) self.nixosModules."machine-${hostname}"); - specialArgs = { - lib = nixpkgs.lib.extend (composeManyExtensions [ - nixturris.overlays.lib - (prev: final: import ../lib prev) - ]); - }; - - genericSystem = { - platform ? {system = "x86_64-linux";}, - extra_modules ? [], - }: hostname: { - ${hostname} = nixturris.lib.addBuildPlatform (nixpkgs.lib.nixosSystem { - inherit specialArgs; - modules = (modules hostname) ++ extra_modules ++ [{nixpkgs.hostPlatform = platform;}]; - }); - }; - amd64System = genericSystem {}; - vpsSystem = genericSystem { - extra_modules = [ - vpsadminos.nixosConfigurations.container - {boot.loader.systemd-boot.enable = false;} - ]; - }; - raspi2System = genericSystem { - platform.system = "armv7l-linux"; - extra_modules = [ - nixos-hardware.nixosModules.raspberry-pi-2 - ({pkgs, ...}: { - boot.loader.systemd-boot.enable = false; - boot.initrd.includeDefaultModules = false; - }) - ]; - }; - raspi3System = genericSystem { - platform.system = "aarch64-linux"; - extra_modules = [ - ({pkgs, ...}: { - boot = { - kernelPackages = pkgs.linuxPackages_rpi3; - initrd.includeDefaultModules = false; - loader = { - grub.enable = false; - systemd-boot.enable = false; - generic-extlinux-compatible.enable = true; - }; - }; - }) - ]; - }; - beagleboneSystem = genericSystem { - platform.system = "armv7l-linux"; - extra_modules = [ - { - boot.loader = { - grub.enable = false; - systemd-boot.enable = false; - generic-extlinux-compatible.enable = true; - }; - } - ]; - }; - - vmSystem = system: hostSystem: - genericSystem { - platform.system = system; - extra_modules = [ - { - boot.loader.systemd-boot.enable = false; - virtualisation.qemu.package = self.nixosConfigurations."${hostSystem}".pkgs.qemu; - } - ]; - }; - amd64vmSystem = vmSystem "x86_64-linux"; - armv7lvmSystem = vmSystem "armv7l-linux"; - aarch64vmSystem = vmSystem "aarch64-linux"; - - turrisSystem = board: - genericSystem { - platform = nixturris.lib.boardPlatform.${board}; - extra_modules = [ - nixturris.nixosModules.default - {turris.board = board;} - ]; - }; - turrisMoxSystem = turrisSystem "mox"; - turrisOmniaSystem = turrisSystem "omnia"; -in - amd64System "albert" - // amd64System "binky" - // amd64System "errol" - // amd64System "ridcully" - // vpsSystem "lipwig" - // raspi2System "spt-mpd" - // raspi3System "adm-mpd" - // beagleboneSystem "gaspode" - // turrisMoxSystem "dean" - // turrisOmniaSystem "spt-omnia" - // turrisOmniaSystem "spt-omniax" - // turrisMoxSystem "spt-mox" - // turrisMoxSystem "spt-mox2" - // turrisOmniaSystem "adm-omnia" - // turrisOmniaSystem "adm-omnia2" diff --git a/nixos/machine/adm-mpd.nix b/nixos/configurations/adm-mpd.nix index ae2ea01..ac3b4de 100644 --- a/nixos/machine/adm-mpd.nix +++ b/nixos/configurations/adm-mpd.nix @@ -5,6 +5,8 @@ }: let inherit (lib) filterAttrs; in { + nixpkgs.hostPlatform.system = "aarch64-linux"; + fileSystems = { "/" = { device = "/dev/mmcblk0p2"; diff --git a/nixos/machine/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 08db3fd..3f857ee 100644 --- a/nixos/machine/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -1,4 +1,6 @@ {config, ...}: { + turris.board = "omnia"; + cynerd = { router = { enable = true; diff --git a/nixos/machine/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 6a9831a..19ee446 100644 --- a/nixos/machine/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -1,4 +1,5 @@ {config, ...}: { + turris.board = "omnia"; deploy = { enable = true; ssh.host = "omnia2.adm"; diff --git a/nixos/machine/albert.nix b/nixos/configurations/albert.nix index b9a2c8e..a6a4ee1 100644 --- a/nixos/machine/albert.nix +++ b/nixos/configurations/albert.nix @@ -1,4 +1,6 @@ { + nixpkgs.hostPlatform.system = "x86_64-linux"; + cynerd = { desktop = { enable = true; diff --git a/nixos/machine/binky.nix b/nixos/configurations/binky.nix index 569fccb..c51f95b 100644 --- a/nixos/machine/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,6 +1,7 @@ {lib, ...}: let inherit (lib) mkDefault; in { + nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { enable = true; default = false; diff --git a/nixos/machine/dean.nix b/nixos/configurations/dean.nix index 0a97e33..b91083c 100644 --- a/nixos/machine/dean.nix +++ b/nixos/configurations/dean.nix @@ -1,4 +1,6 @@ {pkgs, ...}: { + nixpkgs.hostPlatform.system = "aarch64-linux"; + cynerd = { openvpn = { oldpersonal = true; diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix new file mode 100644 index 0000000..497c0fb --- /dev/null +++ b/nixos/configurations/default.nix @@ -0,0 +1,42 @@ +self: let + inherit (builtins) readDir; + inherit (self.inputs) nixpkgs nixturris; + inherit + (nixpkgs.lib) + filterAttrs + composeManyExtensions + hasSuffix + nameValuePair + nixosSystem + removeSuffix + mapAttrs + mapAttrs' + ; +in + mapAttrs' ( + fname: _: let + name = removeSuffix ".nix" fname; + in + nameValuePair name (nixosSystem { + modules = [ + (./. + ("/" + fname)) + {networking.hostName = name;} + self.nixosModules.default + ]; + specialArgs = { + inputModules = + mapAttrs (v: v.nixosModules) self.inputs + // { + vpsadminos = self.inputs.vpsadminos.nixosConfigurations.container; + }; + lib = nixpkgs.lib.extend (composeManyExtensions [ + nixturris.overlays.lib + self.overlays.lib + ]); + }; + }) + ) + (filterAttrs ( + n: v: + v == "regular" && n != "default.nix" && hasSuffix ".nix" n + ) (readDir ./.)) diff --git a/nixos/machine/errol.nix b/nixos/configurations/errol.nix index 6f48a17..a9475ef 100644 --- a/nixos/machine/errol.nix +++ b/nixos/configurations/errol.nix @@ -6,6 +6,7 @@ }: let inherit (lib) mkDefault; in { + nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; cynerd = { diff --git a/nixos/machine/gaspode.nix b/nixos/configurations/gaspode.nix index 5e57456..78d8277 100644 --- a/nixos/machine/gaspode.nix +++ b/nixos/configurations/gaspode.nix @@ -1,4 +1,6 @@ { + nixpkgs.hostPlatform.system = "armv7l-linux"; + fileSystems = { "/" = { device = "/dev/mmcblk0p2"; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix new file mode 100644 index 0000000..c484541 --- /dev/null +++ b/nixos/configurations/lipwig.nix @@ -0,0 +1,237 @@ +{ + config, + pkgs, + inputModules, + ... +}: { + imports = [inputModules.vpsadminos]; + + config = { + nixpkgs.hostPlatform.system = "x86_64-linux"; + + deploy = { + enable = true; + ssh.host = "cynerd.cz"; + }; + + cynerd = { + syncthing = { + enable = false; + baseDir = "/nas"; + }; + openvpn.oldpersonal = true; + }; + + boot.loader.systemd-boot.enable = false; + + fileSystems."/nas" = { + device = "172.16.128.63:/nas/2682"; + fsType = "nfs"; + }; + + networking.firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + }; + + # Web ###################################################################### + services.nginx = { + enable = true; + virtualHosts = { + "cynerd.cz" = { + forceSSL = true; + enableACME = true; + locations = { + "/".root = ../../web; + "/radicale/" = { + proxyPass = "http://127.0.0.1:5232/"; + extraConfig = '' + proxy_set_header X-Script-Name /radicale; + proxy_pass_header Authorization; + ''; + }; + }; + }; + "git.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + root = "${pkgs.cgit}/cgit"; + locations."/".tryFiles = "$uri @cgit"; + locations."@cgit".extraConfig = '' + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + }; + "cloud.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + }; + "grafana.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; + extraConfig = "proxy_set_header Host $host;"; + proxyWebsockets = true; + }; + }; + }; + }; + services.fcgiwrap = { + enable = true; + inherit (config.services.nginx) group; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."cynerd.cz".extraDomainNames = [ + "git.cynerd.cz" + "cloud.cynerd.cz" + "grafana.cynerd.cz" + ]; + }; + + # Git ###################################################################### + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + dataDir = "/var/lib/git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; + }; + services.gitDaemon = { + enable = false; + user = "gitdemon"; + group = "gitdaemon"; + basePath = "/var/lib/git/repositories"; + }; + environment.etc."cgitrc".text = '' + root-title=Cynerd's git repository + root-desc=All my projects (at least those released to public) + #logo=cynerd.cz/wolf.svg + virtual-root=/ + + # Allow download of tar.gz, tar.bz2 and zip-files + snapshots=tar.gz tar.bz2 zip + ## List of common mimetypes + mimetype.gif=image/gif + mimetype.html=text/html + mimetype.jpg=image/jpeg + mimetype.jpeg=image/jpeg + mimetype.pdf=application/pdf + mimetype.png=image/png + mimetype.svg=image/svg+xml + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + readme=:README.md + readme=:README.adoc + + enable-index-owner=0 + enable-index-links=1 + enable-http-clone=1 + clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL + enable-commit-graph=1 + branch-sort=age + + remove-suffix=1 + enable-git-config=1 + project-list=/var/lib/git/projects.list + scan-path=/var/lib/git/repositories/ + ''; + + # Nextcloud ################################################################ + services.nextcloud = { + enable = true; + package = pkgs.nextcloud28; + https = true; + hostName = "cloud.cynerd.cz"; + datadir = "/nas/nextcloud"; + config = { + adminuser = "cynerd"; + adminpassFile = "/run/secrets/nextcloud.admin.pass"; + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbtableprefix = "oc_"; + }; + settings = { + #log_type = "systemd"; + default_phone_region = "CZ"; + }; + phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; + phpOptions = { + "opcache.interned_strings_buffer" = "16"; + }; + maxUploadSize = "1G"; + appstoreEnable = false; + extraApps = { + inherit + (config.services.nextcloud.package.packages.apps) + bookmarks + calendar + contacts + cookbook + deck + forms + groupfolders + impersonate + maps + memories + notes + phonetrack + previewgenerator + spreed + tasks + twofactor_nextcloud_notification + twofactor_webauthn + ; + # Additional modules can be fetched with: + # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" + passwords = pkgs.fetchNextcloudApp { + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; + sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; + license = "agpl3"; + }; + integration_github = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; + sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; + license = "agpl3"; + }; + integration_gitlab = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; + sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; + license = "agpl3"; + }; + }; + }; + environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; + + # Postgresql ############################################################### + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "nextcloud"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = ["nextcloud"]; + }; + + # Old Syncthing ############################################################ + services.syncthing = { + enable = true; + openDefaultPorts = true; + + overrideDevices = false; + overrideFolders = false; + + dataDir = "/nas/sync"; + configDir = "/nas/sync/.syncthing"; + }; + }; +} diff --git a/nixos/machine/ridcully.nix b/nixos/configurations/ridcully.nix index f4af643..3e2b474 100644 --- a/nixos/machine/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -1,6 +1,7 @@ {lib, ...}: let inherit (lib) mkDefault; in { + nixpkgs.hostPlatform.system = "x86_64-linux"; deploy.enable = true; cynerd = { diff --git a/nixos/machine/spt-mox.nix b/nixos/configurations/spt-mox.nix index edeae8a..7b1ffb8 100644 --- a/nixos/machine/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -1,4 +1,5 @@ {config, ...}: { + turris.board = "mox"; deploy = { enable = true; ssh.host = "mox.spt"; diff --git a/nixos/machine/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index 45035d4..612e85e 100644 --- a/nixos/machine/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -1,4 +1,5 @@ {config, ...}: { + turris.board = "mox"; deploy = { enable = true; ssh.host = "mox2.spt"; diff --git a/nixos/configurations/spt-mpd.nix b/nixos/configurations/spt-mpd.nix new file mode 100644 index 0000000..b212932 --- /dev/null +++ b/nixos/configurations/spt-mpd.nix @@ -0,0 +1,15 @@ +{inputModules, ...}: { + imports = [inputModules.nixos-hardware.raspberry-pi-2]; + + config = { + nixpkgs.hostPlatform.system = "armv7l-linux"; + + fileSystems = { + "/" = { + device = "/dev/mmcblk0p1"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; + }; + }; +} diff --git a/nixos/machine/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index ea5b4e1..ca4d211 100644 --- a/nixos/machine/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -5,6 +5,7 @@ }: let hosts = config.cynerd.hosts.spt; in { + turris.board = "omnia"; deploy = { enable = true; ssh.host = "omnia.spt"; diff --git a/nixos/machine/spt-omniax.nix b/nixos/configurations/spt-omniax.nix index 8edef49..4f9e0e0 100644 --- a/nixos/machine/spt-omniax.nix +++ b/nixos/configurations/spt-omniax.nix @@ -1,4 +1,6 @@ { + turris.board = "omnia"; + cynerd = { router = { enable = true; diff --git a/nixos/default.nix b/nixos/default.nix deleted file mode 100644 index b740024..0000000 --- a/nixos/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -self: let - machines = import ./machine self; - modules = import ./modules self; -in - modules - // machines - // { - default = { - imports = with self.inputs; - [ - nixdeploy.nixosModules.default - shellrc.nixosModules.default - usbkey.nixosModules.default - nixbigclown.nixosModules.default - ] - ++ builtins.attrValues modules; - }; - } diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix deleted file mode 100644 index 4aa05ba..0000000 --- a/nixos/machine/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: let - inherit (builtins) readDir; - inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix; -in - mapAttrs' - (n: v: nameValuePair "machine-${removeSuffix ".nix" n}" (import (./. + "/${n}"))) - (filterAttrs - (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix") - (readDir ./.)) diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix deleted file mode 100644 index ac868f5..0000000 --- a/nixos/machine/lipwig.nix +++ /dev/null @@ -1,228 +0,0 @@ -{ - config, - pkgs, - ... -}: { - deploy = { - enable = true; - ssh.host = "cynerd.cz"; - }; - - cynerd = { - syncthing = { - enable = false; - baseDir = "/nas"; - }; - openvpn.oldpersonal = true; - }; - - fileSystems."/nas" = { - device = "172.16.128.63:/nas/2682"; - fsType = "nfs"; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - allowedUDPPorts = [1194]; - }; - - # Web ###################################################################### - services.nginx = { - enable = true; - virtualHosts = { - "cynerd.cz" = { - forceSSL = true; - enableACME = true; - locations = { - "/".root = ../../web; - "/radicale/" = { - proxyPass = "http://127.0.0.1:5232/"; - extraConfig = '' - proxy_set_header X-Script-Name /radicale; - proxy_pass_header Authorization; - ''; - }; - }; - }; - "git.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - root = "${pkgs.cgit}/cgit"; - locations."/".tryFiles = "$uri @cgit"; - locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - }; - "cloud.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - }; - "grafana.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; - extraConfig = "proxy_set_header Host $host;"; - proxyWebsockets = true; - }; - }; - }; - }; - services.fcgiwrap = { - enable = true; - inherit (config.services.nginx) group; - }; - security.acme = { - acceptTerms = true; - defaults.email = "cynerd+acme@email.cz"; - certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" - "cloud.cynerd.cz" - "grafana.cynerd.cz" - ]; - }; - - # Git ###################################################################### - services.gitolite = { - enable = true; - user = "git"; - group = "git"; - dataDir = "/var/lib/git"; - adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; - }; - services.gitDaemon = { - enable = false; - user = "gitdemon"; - group = "gitdaemon"; - basePath = "/var/lib/git/repositories"; - }; - environment.etc."cgitrc".text = '' - root-title=Cynerd's git repository - root-desc=All my projects (at least those released to public) - #logo=cynerd.cz/wolf.svg - virtual-root=/ - - # Allow download of tar.gz, tar.bz2 and zip-files - snapshots=tar.gz tar.bz2 zip - ## List of common mimetypes - mimetype.gif=image/gif - mimetype.html=text/html - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml - - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - - readme=:README.md - readme=:README.adoc - - enable-index-owner=0 - enable-index-links=1 - enable-http-clone=1 - clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL - enable-commit-graph=1 - branch-sort=age - - remove-suffix=1 - enable-git-config=1 - project-list=/var/lib/git/projects.list - scan-path=/var/lib/git/repositories/ - ''; - - # Nextcloud ################################################################ - services.nextcloud = { - enable = true; - package = pkgs.nextcloud28; - https = true; - hostName = "cloud.cynerd.cz"; - datadir = "/nas/nextcloud"; - config = { - adminuser = "cynerd"; - adminpassFile = "/run/secrets/nextcloud.admin.pass"; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; - }; - settings = { - #log_type = "systemd"; - default_phone_region = "CZ"; - }; - phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - maxUploadSize = "1G"; - appstoreEnable = false; - extraApps = { - inherit - (config.services.nextcloud.package.packages.apps) - bookmarks - calendar - contacts - cookbook - deck - forms - groupfolders - impersonate - maps - memories - notes - phonetrack - previewgenerator - spreed - tasks - twofactor_nextcloud_notification - twofactor_webauthn - ; - # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" - passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; - sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; - license = "agpl3"; - }; - integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; - sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; - license = "agpl3"; - }; - integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; - sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; - license = "agpl3"; - }; - }; - }; - environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; - - # Postgresql ############################################################### - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = ["nextcloud"]; - }; - - # Old Syncthing ############################################################ - services.syncthing = { - enable = true; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/nas/sync"; - configDir = "/nas/sync/.syncthing"; - }; -} diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix deleted file mode 100644 index 28f5f99..0000000 --- a/nixos/machine/spt-mpd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - fileSystems = { - "/" = { - device = "/dev/mmcblk0p1"; - fsType = "btrfs"; - options = ["compress=lzo"]; - }; - }; -} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 7afdc95..ea2acb3 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,9 +1,10 @@ -self: let +{lib}: let inherit (builtins) readDir; - inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix; + inherit (lib) filterAttrs hasSuffix mapAttrs' nameValuePair removeSuffix; in mapAttrs' - (n: v: nameValuePair "cynerd-${removeSuffix ".nix" n}" (./. + "/${n}")) - (filterAttrs - (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix") - (readDir ./.)) + (fname: _: nameValuePair (removeSuffix ".nix" fname) (./. + ("/" + fname))) + (filterAttrs ( + n: v: + v == "regular" && n != "default.nix" && hasSuffix ".nix" n + ) (readDir ./.)) |