diff --git a/config/host-config/lambda.nix b/config/host-config/lambda.nix index 454e0ad..7a0fae0 100644 --- a/config/host-config/lambda.nix +++ b/config/host-config/lambda.nix @@ -96,77 +96,78 @@ in { Defaults lecture = never ''; - # virtualisation = { - # docker = { - # enable = true; - # enableOnBoot = true; - # autoPrune = { enable = true; }; - # }; + virtualisation = { + docker = { + enable = true; + enableOnBoot = true; + autoPrune = { enable = true; }; + }; - # oci-containers = { - # containers = { - # shinobi = { - # image = "shinobisystems/shinobi:latest"; - # ports = [ "${shinobi-port}:8080" ]; - # volumes = [ - # "/state/shinobi/plugins:/home/Shinobi/plugins" - # "/state/shinobi/config:/home/Shinobi/config" - # "/state/shinobi/videos:/home/Shinobi/videos" - # "/state/shinobi/db-data:/var/lib/mysql" - # "/etc/localtime:/etc/localtime:ro" - # ]; - # }; + oci-containers = { + containers = { + shinobi = { + image = "shinobisystems/shinobi:latest"; + ports = [ "${shinobi-port}:8080" ]; + volumes = [ + "/state/shinobi/plugins:/home/Shinobi/plugins" + "/state/shinobi/config:/home/Shinobi/config" + "/state/shinobi/videos:/home/Shinobi/videos" + "/state/shinobi/db-data:/var/lib/mysql" + "/etc/localtime:/etc/localtime:ro" + ]; + }; - # # shinobi-od = { - # # image = "shinobisystems/shinobi-tensorflow:latest"; - # # volumes = - # # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ]; - # # ports = [ "${shinobi-od-port}:8082" ]; - # # environment = { - # # PLUGIN_HOST = "panopticon.sea.fudo.org"; - # # PLUGIN_PORT = shinobi-port; - # # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3"; - # # }; - # # }; + # shinobi-od = { + # image = "shinobisystems/shinobi-tensorflow:latest"; + # volumes = + # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ]; + # ports = [ "${shinobi-od-port}:8082" ]; + # environment = { + # PLUGIN_HOST = "panopticon.sea.fudo.org"; + # PLUGIN_PORT = shinobi-port; + # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3"; + # }; + # }; - # # photoprism = { image = "photoprism/photoprism"; }; - # }; - # }; - # }; + # photoprism = { image = "photoprism/photoprism"; }; + }; + }; + }; - # services.nginx = { - # enable = true; - # recommendedGzipSettings = true; - # recommendedOptimisation = true; - # recommendedProxySettings = true; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; - # virtualHosts = { - # "panopticon.sea.fudo.org" = { - # locations."/" = { - # proxyPass = "http://localhost:${shinobi-port}"; - # extraConfig = '' - # proxy_http_version 1.1; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection "Upgrade"; + virtualHosts = { + "panopticon.sea.fudo.org" = { + locations."/" = { + # localhost defaults to IPv6 + proxyPass = "http://127.0.0.1:${shinobi-port}/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; - # proxy_set_header Host $host; - # proxy_set_header X-Real-IP $remote_addr; - # proxy_set_header X-Forwarded-By $server_addr:$server_port; - # proxy_set_header X-Forwarded-For $remote_addr; - # proxy_set_header X-Forwarded-Proto $scheme; - # ''; - # }; - # }; - # # "panopticon-od.sea.fudo.org" = { - # # locations."/" = { - # # proxyPass = "http://localhost:${shinobi-od-port}"; - # # extraConfig = '' - # # proxy_http_version 1.1; - # # proxy_set_header Upgrade $http_upgrade; - # # proxy_set_header Connection "Upgrade"; - # # ''; - # # }; - # # }; - # }; - # }; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-By $server_addr:$server_port; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; + # "panopticon-od.sea.fudo.org" = { + # locations."/" = { + # proxyPass = "http://localhost:${shinobi-od-port}"; + # extraConfig = '' + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + # ''; + # }; + # }; + }; + }; } diff --git a/config/host-config/limina.nix b/config/host-config/limina.nix index a6c078e..3819a37 100644 --- a/config/host-config/limina.nix +++ b/config/host-config/limina.nix @@ -170,6 +170,8 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; + systemd.services.nginx.requires = [ "bind.service" ]; + services = { nginx = { enable = true; @@ -197,13 +199,15 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://panopticon.sea.fudo.org"; + proxyPass = "http://panopticon.sea.fudo.org/"; extraConfig = '' proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; + resolver 10.0.0.1; + proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-By $server_addr:$server_port; diff --git a/config/hosts/lambda.nix b/config/hosts/lambda.nix index c73e0ae..502594a 100644 --- a/config/hosts/lambda.nix +++ b/config/hosts/lambda.nix @@ -1,6 +1,6 @@ { description = "sea.fudo.org experiment server."; - docker-server = false; + docker-server = true; ssh-fingerprints = [ "1 1 01c67478e2cc7a386a2468adb9d4627a53d69af5" "1 2 750bc70f88a6c774077f20603a143b9f07436d9d074af78875850ae4df8971eb" diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index 9bc8c3d..ed8a4e4 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -25,10 +25,16 @@ in { # ''; }; + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + # TODO: remove? nixpkgs.config.permittedInsecurePackages = [ "openssh-with-gssapi-8.4p1" # CVE-2021-28041 - "zfs-kernel" ]; nixpkgs.config.allowUnfree = true; diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..aacdcb3 --- /dev/null +++ b/flake.nix @@ -0,0 +1,29 @@ +{ + description = "A very basic flake"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-21.05"; + home-manager.url = "github:nix-community/home-manager/release-21.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { nixpkgs, home-manager, ... }: + with nixpkgs.lib; + let + is-nix-file = filename: type: (builtins.match ".+.nix$" filename) != null; + is-regular-file = filename: type: type == "regular" || type == "link"; + hostname-from-file = filename: + builtins.replaceStrings [ ".nix" ] [ "" ] filename; + hosts = map hostname-from-file (attrNames (filterAttrs is-nix-file + (filterAttrs is-regular-file (builtins.readDir ./config/hosts)))); + + pkgs = import nixpkgs { config = { allowUnfree = true; }; }; + lib = nixpkgs.lib; + + in { + nixConfigurations = mapAttrs (host: hostOpts: + lib.nixosSystem { + + }) host-configs; + }; +} diff --git a/home-manager/niten.nix b/home-manager/niten.nix index bcbaadd..2b34d95 100644 --- a/home-manager/niten.nix +++ b/home-manager/niten.nix @@ -10,16 +10,26 @@ let enable-gui = host-config.enable-gui; - doom-emacs-minus-deps = pkgs.callPackage (pkgs.fetchgit { + doom-emacs-config = pkgs.fetchgit { + url = "https://git.fudo.org/niten/doom-emacs.git"; + rev = "272271650db3abd911923a12442f5e8ce4c6eb6c"; + sha256 = "1iw2layh7gh7r5zshdznnnpxwhik2nl7432s7m66yb33prg78h9w"; + }; + + doom-emacs = pkgs.callPackage (pkgs.fetchgit { url = "https://github.com/vlaci/nix-doom-emacs.git"; rev = "3893c50877a9d2d5d4aeee524ba1539f22115f1f"; sha256 = "1jz8mxh143a4470mq303ng6dh3bxi6mcppqli4z0m13qhqssh4fx"; - }) { doomPrivateDir = "${pkgs.doom-emacs-config}/"; }; - - doom-emacs = doom-emacs-minus-deps.overrideAttrs (old: - { - #buildInputs = old.buildInputs ++ [ pkgs.clang pkgs.cmake pkgs.libclang ]; - }); + }) { + doomPrivateDir = "${doom-emacs-config}/"; + emacsPackagesOverlay = self: super: { + irony = super.irony.overrideAttrs (esuper: { + buildInputs = esuper.buildInputs + ++ [ pkgs.cmake pkgs.libclang pkgs.clang ]; + }); + spinner = super.spinner.overrideAttrs (esuper: { version = "1.7.4"; }); + }; + }; gui-packages = with pkgs; let @@ -34,8 +44,8 @@ let redshift signal-desktop spotify - steam-with-pipewire - steam-with-pipewire.run + # steam-with-pipewire + # steam-with-pipewire.run xclip ]; @@ -52,7 +62,7 @@ let clojure cmake curl - # doom-emacs-minus-deps + # doom-emacs doom-emacs-config doomEmacsInit enca @@ -144,25 +154,30 @@ in { ".local/share/openttd/baseset" = mkIf enable-gui { source = "${pkgs.openttd-data}/data"; }; + ".doom.d" = { + source = pkgs.doom-emacs-config; + onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh"; + }; + # For nixified emacs # ".emacs.d/init.el".text = '' # (load "default.el") # ''; - # ".xsessions" = { - # mode = "0554"; - # text = '' - # # -*-bash-*- - # gdmauth=$XAUTHORITY - # unset XAUTHORITY - # export XAUTHORITY - # xauth merge "$gdmauth" + ".xsessions" = { + executable = true; + text = '' + # -*-bash-*- + gdmauth=$XAUTHORITY + unset XAUTHORITY + export XAUTHORITY + xauth merge "$gdmauth" - # if [ -f $HOME/.xinitrc ]; then - # bash --login -i $HOME/.xinitrc - # fi - # ''; - # }; + if [ -f $HOME/.xinitrc ]; then + bash --login -i $HOME/.xinitrc + fi + ''; + }; ".fonts.conf" = { source = ../static/fonts.conf; }; }; diff --git a/lib/fudo/hosts.nix b/lib/fudo/hosts.nix index bd0e205..31bdc7d 100644 --- a/lib/fudo/hosts.nix +++ b/lib/fudo/hosts.nix @@ -137,6 +137,12 @@ let description = "A host that tends to overheat. Try to keep it cooler."; default = false; }; + + platform = mkOption { + type = str; + description = "System platform of the host."; + default = "x86_64"; + }; }; }; diff --git a/lib/fudo/mail/clamav.nix b/lib/fudo/mail/clamav.nix index 4dd2a74..455548c 100644 --- a/lib/fudo/mail/clamav.nix +++ b/lib/fudo/mail/clamav.nix @@ -1,8 +1,7 @@ { config, pkgs, lib, ... }: with lib; -let - cfg = config.fudo.mail-server; +let cfg = config.fudo.mail-server; in { options.fudo.mail-server.clamav = { @@ -18,9 +17,7 @@ in { services.clamav = { daemon = { enable = true; - extraConfig = '' - PhishingScanURLs no - ''; + settings = { PhishingScanURLs = "no"; }; }; updater.enable = true; }; diff --git a/lib/fudo/users.nix b/lib/fudo/users.nix index 0cb7160..dfb5ec9 100644 --- a/lib/fudo/users.nix +++ b/lib/fudo/users.nix @@ -157,6 +157,9 @@ let ensure-group-dirs-script = group: dirs: concatStringsSep "\n" (map (ensure-group-directory group) dirs); + hostname = config.instance.hostname; + host-cfg = config.fudo.hosts.${hostname}; + in { options.fudo = { users = mkOption { @@ -228,6 +231,7 @@ in { members = filterExistingUsers sys.local-users groupOpts.members; }) sys.local-groups) // { wheel = { members = sys.local-admins; }; + docker = mkIf (host-cfg.docker-server) { members = sys.local-admins; }; }; }; diff --git a/packages/default.nix b/packages/default.nix index 8e4c23f..12aa5c0 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -157,10 +157,10 @@ in { pkgs = unstablePkgs; }; - doom-emacs-config = pkgs.fetchgit { + doom-emacs-config = builtins.fetchGit { url = "https://git.fudo.org/niten/doom-emacs.git"; - rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f"; - sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj"; + # rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f"; + # sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj"; }; vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; };