Started to move to flakes

2021-07-28 12:01:06 -07:00 · 2021-07-28 12:01:06 -07:00 · b1330e94ec
parent b4ce03333a
commit b1330e94ec
10 changed files with 163 additions and 101 deletions
--- a/config/host-config/lambda.nix
+++ b/config/host-config/lambda.nix
@ -96,77 +96,78 @@ in {
    Defaults lecture = never
  '';
-  # virtualisation = {
+  virtualisation = {
-  #   docker = {
+    docker = {
-  #     enable = true;
+      enable = true;
-  #     enableOnBoot = true;
+      enableOnBoot = true;
-  #     autoPrune = { enable = true; };
+      autoPrune = { enable = true; };
-  #   };
+    };
-  #   oci-containers = {
+    oci-containers = {
-  #     containers = {
+      containers = {
-  #       shinobi = {
+        shinobi = {
-  #         image = "shinobisystems/shinobi:latest";
+          image = "shinobisystems/shinobi:latest";
-  #         ports = [ "${shinobi-port}:8080" ];
+          ports = [ "${shinobi-port}:8080" ];
-  #         volumes = [
+          volumes = [
-  #           "/state/shinobi/plugins:/home/Shinobi/plugins"
+            "/state/shinobi/plugins:/home/Shinobi/plugins"
-  #           "/state/shinobi/config:/home/Shinobi/config"
+            "/state/shinobi/config:/home/Shinobi/config"
-  #           "/state/shinobi/videos:/home/Shinobi/videos"
+            "/state/shinobi/videos:/home/Shinobi/videos"
-  #           "/state/shinobi/db-data:/var/lib/mysql"
+            "/state/shinobi/db-data:/var/lib/mysql"
-  #           "/etc/localtime:/etc/localtime:ro"
+            "/etc/localtime:/etc/localtime:ro"
-  #         ];
+          ];
-  #       };
+        };
-  #       # shinobi-od = {
+        # shinobi-od = {
-  #       #   image = "shinobisystems/shinobi-tensorflow:latest";
+        #   image = "shinobisystems/shinobi-tensorflow:latest";
-  #       #   volumes =
+        #   volumes =
-  #       #     [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
+        #     [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
-  #       #   ports = [ "${shinobi-od-port}:8082" ];
+        #   ports = [ "${shinobi-od-port}:8082" ];
-  #       #   environment = {
+        #   environment = {
-  #       #     PLUGIN_HOST = "panopticon.sea.fudo.org";
+        #     PLUGIN_HOST = "panopticon.sea.fudo.org";
-  #       #     PLUGIN_PORT = shinobi-port;
+        #     PLUGIN_PORT = shinobi-port;
-  #       #     PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
+        #     PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
-  #       #   };
+        #   };
-  #       # };
+        # };
-  #       # photoprism = { image = "photoprism/photoprism"; };
+        # photoprism = { image = "photoprism/photoprism"; };
-  #     };
+      };
-  #   };
+    };
-  # };
+  };
-  # services.nginx = {
+  services.nginx = {
-  #   enable = true;
+    enable = true;
-  #   recommendedGzipSettings = true;
+    recommendedGzipSettings = true;
-  #   recommendedOptimisation = true;
+    recommendedOptimisation = true;
-  #   recommendedProxySettings = true;
+    recommendedProxySettings = true;
-  #   virtualHosts = {
+    virtualHosts = {
-  #     "panopticon.sea.fudo.org" = {
+      "panopticon.sea.fudo.org" = {
-  #       locations."/" = {
+        locations."/" = {
-  #         proxyPass = "http://localhost:${shinobi-port}";
+          # localhost defaults to IPv6
-  #         extraConfig = ''
+          proxyPass = "http://127.0.0.1:${shinobi-port}/";
-  #           proxy_http_version 1.1;
+          extraConfig = ''
-  #           proxy_set_header Upgrade $http_upgrade;
+            proxy_http_version 1.1;
-  #           proxy_set_header Connection "Upgrade";
+            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
-  #           proxy_set_header Host $host;
+            proxy_set_header Host $host;
-  #           proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Real-IP $remote_addr;
-  #           proxy_set_header X-Forwarded-By $server_addr:$server_port;
+            proxy_set_header X-Forwarded-By $server_addr:$server_port;
-  #           proxy_set_header X-Forwarded-For $remote_addr;
+            proxy_set_header X-Forwarded-For $remote_addr;
-  #           proxy_set_header X-Forwarded-Proto $scheme;
+            proxy_set_header X-Forwarded-Proto $scheme;
-  #         '';
+          '';
-  #       };
+        };
-  #     };
+      };
-  #     # "panopticon-od.sea.fudo.org" = {
+      # "panopticon-od.sea.fudo.org" = {
-  #     #   locations."/" = {
+      #   locations."/" = {
-  #     #     proxyPass = "http://localhost:${shinobi-od-port}";
+      #     proxyPass = "http://localhost:${shinobi-od-port}";
-  #     #     extraConfig = ''
+      #     extraConfig = ''
-  #     #       proxy_http_version 1.1;
+      #       proxy_http_version 1.1;
-  #     #       proxy_set_header Upgrade $http_upgrade;
+      #       proxy_set_header Upgrade $http_upgrade;
-  #     #       proxy_set_header Connection "Upgrade";
+      #       proxy_set_header Connection "Upgrade";
-  #     #     '';
+      #     '';
-  #     #   };
+      #   };
-  #     # };
+      # };
-  #   };
+    };
-  # };
+  };
 }
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@ -170,6 +170,8 @@ in {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    systemd.services.nginx.requires = [ "bind.service" ];
    services = {
      nginx = {
        enable = true;
@ -197,13 +199,15 @@ in {
            forceSSL = true;
            locations."/" = {
-              proxyPass = "http://panopticon.sea.fudo.org";
+              proxyPass = "http://panopticon.sea.fudo.org/";
              extraConfig = ''
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
                resolver 10.0.0.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-By $server_addr:$server_port;
--- a/config/hosts/lambda.nix
+++ b/config/hosts/lambda.nix
@ -1,6 +1,6 @@
 {
  description = "sea.fudo.org experiment server.";
-  docker-server = false;
+  docker-server = true;
  ssh-fingerprints = [
    "1 1 01c67478e2cc7a386a2468adb9d4627a53d69af5"
    "1 2 750bc70f88a6c774077f20603a143b9f07436d9d074af78875850ae4df8971eb"
--- a/config/profile-config/common.nix
+++ b/config/profile-config/common.nix
@ -25,10 +25,16 @@ in {
    # '';
  };
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = ''
      experimental-features = nix-command flakes
    '';
  };
  # TODO: remove?
  nixpkgs.config.permittedInsecurePackages = [
    "openssh-with-gssapi-8.4p1" # CVE-2021-28041
    "zfs-kernel"
  ];
  nixpkgs.config.allowUnfree = true;
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,29 @@
 {
  description = "A very basic flake";
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-21.05";
    home-manager.url = "github:nix-community/home-manager/release-21.05";
    home-manager.inputs.nixpkgs.follows = "nixpkgs";
  };
  outputs = { nixpkgs, home-manager, ... }:
    with nixpkgs.lib;
    let
      is-nix-file = filename: type: (builtins.match ".+.nix$" filename) != null;
      is-regular-file = filename: type: type == "regular" || type == "link";
      hostname-from-file = filename:
        builtins.replaceStrings [ ".nix" ] [ "" ] filename;
      hosts = map hostname-from-file (attrNames (filterAttrs is-nix-file
        (filterAttrs is-regular-file (builtins.readDir ./config/hosts))));
      pkgs = import nixpkgs { config = { allowUnfree = true; }; };
      lib = nixpkgs.lib;
    in {
      nixConfigurations = mapAttrs (host: hostOpts:
        lib.nixosSystem {
        }) host-configs;
    };
 }
--- a/home-manager/niten.nix
+++ b/home-manager/niten.nix
@ -10,16 +10,26 @@ let
  enable-gui = host-config.enable-gui;
-  doom-emacs-minus-deps = pkgs.callPackage (pkgs.fetchgit {
+  doom-emacs-config = pkgs.fetchgit {
    url = "https://git.fudo.org/niten/doom-emacs.git";
    rev = "272271650db3abd911923a12442f5e8ce4c6eb6c";
    sha256 = "1iw2layh7gh7r5zshdznnnpxwhik2nl7432s7m66yb33prg78h9w";
  };
  doom-emacs = pkgs.callPackage (pkgs.fetchgit {
    url = "https://github.com/vlaci/nix-doom-emacs.git";
    rev = "3893c50877a9d2d5d4aeee524ba1539f22115f1f";
    sha256 = "1jz8mxh143a4470mq303ng6dh3bxi6mcppqli4z0m13qhqssh4fx";
-  }) { doomPrivateDir = "${pkgs.doom-emacs-config}/"; };
+  }) {
-
+    doomPrivateDir = "${doom-emacs-config}/";
-  doom-emacs = doom-emacs-minus-deps.overrideAttrs (old:
+    emacsPackagesOverlay = self: super: {
-    {
+      irony = super.irony.overrideAttrs (esuper: {
-      #buildInputs = old.buildInputs ++ [ pkgs.clang pkgs.cmake pkgs.libclang ];
+        buildInputs = esuper.buildInputs
-    });
+          ++ [ pkgs.cmake pkgs.libclang pkgs.clang ];
      });
      spinner = super.spinner.overrideAttrs (esuper: { version = "1.7.4"; });
    };
  };
  gui-packages = with pkgs;
    let
@ -34,8 +44,8 @@ let
      redshift
      signal-desktop
      spotify
-      steam-with-pipewire
+      # steam-with-pipewire
-      steam-with-pipewire.run
+      # steam-with-pipewire.run
      xclip
    ];
@ -52,7 +62,7 @@ let
    clojure
    cmake
    curl
-    # doom-emacs-minus-deps
+    # doom-emacs
    doom-emacs-config
    doomEmacsInit
    enca
@ -144,25 +154,30 @@ in {
      ".local/share/openttd/baseset" =
        mkIf enable-gui { source = "${pkgs.openttd-data}/data"; };
      ".doom.d" = {
        source = pkgs.doom-emacs-config;
        onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
      };
      # For nixified emacs
      # ".emacs.d/init.el".text = ''
      #   (load "default.el")
      # '';
-      # ".xsessions" = {
+      ".xsessions" = {
-      #   mode = "0554";
+        executable = true;
-      #   text = ''
+        text = ''
-      #     # -*-bash-*-
+          # -*-bash-*-
-      #     gdmauth=$XAUTHORITY
+          gdmauth=$XAUTHORITY
-      #     unset XAUTHORITY
+          unset  XAUTHORITY
-      #     export XAUTHORITY
+          export XAUTHORITY
-      #     xauth merge "$gdmauth"
+          xauth merge "$gdmauth"
-      #     if [ -f $HOME/.xinitrc ]; then
+          if [ -f $HOME/.xinitrc ]; then
-      #       bash --login -i $HOME/.xinitrc
+            bash --login -i $HOME/.xinitrc
-      #     fi
+          fi
-      #   '';
+        '';
-      # };
+      };
      ".fonts.conf" = { source = ../static/fonts.conf; };
    };
--- a/lib/fudo/hosts.nix
+++ b/lib/fudo/hosts.nix
@ -137,6 +137,12 @@ let
        description = "A host that tends to overheat. Try to keep it cooler.";
        default = false;
      };
      platform = mkOption {
        type = str;
        description = "System platform of the host.";
        default = "x86_64";
      };
    };
  };
--- a/lib/fudo/mail/clamav.nix
+++ b/lib/fudo/mail/clamav.nix
@ -1,8 +1,7 @@
 { config, pkgs, lib, ... }:
 with lib;
-let
+let cfg = config.fudo.mail-server;
  cfg = config.fudo.mail-server;
 in {
  options.fudo.mail-server.clamav = {
@ -18,9 +17,7 @@ in {
    services.clamav = {
      daemon = {
        enable = true;
-        extraConfig = ''
+        settings = { PhishingScanURLs = "no"; };
          PhishingScanURLs no
        '';
      };
      updater.enable = true;
    };
--- a/lib/fudo/users.nix
+++ b/lib/fudo/users.nix
@ -157,6 +157,9 @@ let
  ensure-group-dirs-script = group: dirs:
    concatStringsSep "\n" (map (ensure-group-directory group) dirs);
  hostname = config.instance.hostname;
  host-cfg = config.fudo.hosts.${hostname};
 in {
  options.fudo = {
    users = mkOption {
@ -228,6 +231,7 @@ in {
        members = filterExistingUsers sys.local-users groupOpts.members;
      }) sys.local-groups) // {
        wheel = { members = sys.local-admins; };
        docker = mkIf (host-cfg.docker-server) { members = sys.local-admins; };
      };
    };
--- a/packages/default.nix
+++ b/packages/default.nix
@ -157,10 +157,10 @@ in {
      pkgs = unstablePkgs;
    };
-    doom-emacs-config = pkgs.fetchgit {
+    doom-emacs-config = builtins.fetchGit {
      url = "https://git.fudo.org/niten/doom-emacs.git";
-      rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f";
+      # rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f";
-      sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj";
+      # sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj";
    };
    vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; };