nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Started to move to flakes

This commit is contained in:
Niten 2021-07-28 12:01:06 -07:00
parent b4ce03333a
commit b1330e94ec
10 changed files with 163 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
config/host-config/lambda.nix
View File

@ -96,77 +96,78 @@ in {
Defaults lecture = never
'';
# virtualisation = {
# docker = {
# enable = true;
# enableOnBoot = true;
# autoPrune = { enable = true; };
# };
virtualisation = {
docker = {
enable = true;
enableOnBoot = true;
autoPrune = { enable = true; };
};
# oci-containers = {
# containers = {
# shinobi = {
# image = "shinobisystems/shinobi:latest";
# ports = [ "${shinobi-port}:8080" ];
# volumes = [
# "/state/shinobi/plugins:/home/Shinobi/plugins"
# "/state/shinobi/config:/home/Shinobi/config"
# "/state/shinobi/videos:/home/Shinobi/videos"
# "/state/shinobi/db-data:/var/lib/mysql"
# "/etc/localtime:/etc/localtime:ro"
# ];
# };
oci-containers = {
containers = {
shinobi = {
image = "shinobisystems/shinobi:latest";
ports = [ "${shinobi-port}:8080" ];
volumes = [
"/state/shinobi/plugins:/home/Shinobi/plugins"
"/state/shinobi/config:/home/Shinobi/config"
"/state/shinobi/videos:/home/Shinobi/videos"
"/state/shinobi/db-data:/var/lib/mysql"
"/etc/localtime:/etc/localtime:ro"
];
};
# # shinobi-od = {
# # image = "shinobisystems/shinobi-tensorflow:latest";
# # volumes =
# # [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
# # ports = [ "${shinobi-od-port}:8082" ];
# # environment = {
# # PLUGIN_HOST = "panopticon.sea.fudo.org";
# # PLUGIN_PORT = shinobi-port;
# # PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
# # };
# # };
# # photoprism = { image = "photoprism/photoprism"; };
# };
# shinobi-od = {
# image = "shinobisystems/shinobi-tensorflow:latest";
# volumes =
# [ "/srv/shinobi/od-config:/home/Shinobi/docker-plugins/tensorflow" ];
# ports = [ "${shinobi-od-port}:8082" ];
# environment = {
# PLUGIN_HOST = "panopticon.sea.fudo.org";
# PLUGIN_PORT = shinobi-port;
# PLUGIN_KEY = "30sWllylOxsDcE4vQXEPaXNfe5DiB3";
# };
# };
# services.nginx = {
# enable = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# photoprism = { image = "photoprism/photoprism"; };
};
};
};
# virtualHosts = {
# "panopticon.sea.fudo.org" = {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts = {
"panopticon.sea.fudo.org" = {
locations."/" = {
# localhost defaults to IPv6
proxyPass = "http://127.0.0.1:${shinobi-port}/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
# "panopticon-od.sea.fudo.org" = {
# locations."/" = {
# proxyPass = "http://localhost:${shinobi-port}";
# proxyPass = "http://localhost:${shinobi-od-port}";
# extraConfig = ''
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "Upgrade";
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-By $server_addr:$server_port;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# '';
# };
# };
# # "panopticon-od.sea.fudo.org" = {
# # locations."/" = {
# # proxyPass = "http://localhost:${shinobi-od-port}";
# # extraConfig = ''
# # proxy_http_version 1.1;
# # proxy_set_header Upgrade $http_upgrade;
# # proxy_set_header Connection "Upgrade";
# # '';
# # };
# # };
# };
# };
};
};
}

6
config/host-config/limina.nix
View File

@ -170,6 +170,8 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.requires = [ "bind.service" ];
services = {
nginx = {
enable = true;
@ -197,13 +199,15 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://panopticon.sea.fudo.org";
proxyPass = "http://panopticon.sea.fudo.org/";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
resolver 10.0.0.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;

2
config/hosts/lambda.nix
View File

@ -1,6 +1,6 @@
{
description = "sea.fudo.org experiment server.";
docker-server = false;
docker-server = true;
ssh-fingerprints = [
"1 1 01c67478e2cc7a386a2468adb9d4627a53d69af5"
"1 2 750bc70f88a6c774077f20603a143b9f07436d9d074af78875850ae4df8971eb"

8
config/profile-config/common.nix
View File

@ -25,10 +25,16 @@ in {
# '';
};
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# TODO: remove?
nixpkgs.config.permittedInsecurePackages = [
"openssh-with-gssapi-8.4p1" # CVE-2021-28041
"zfs-kernel"
];
nixpkgs.config.allowUnfree = true;

29
flake.nix Normal file
View File

@ -0,0 +1,29 @@
{
description = "A very basic flake";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
home-manager.url = "github:nix-community/home-manager/release-21.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { nixpkgs, home-manager, ... }:
with nixpkgs.lib;
let
is-nix-file = filename: type: (builtins.match ".+.nix$" filename) != null;
is-regular-file = filename: type: type == "regular" || type == "link";
hostname-from-file = filename:
builtins.replaceStrings [ ".nix" ] [ "" ] filename;
hosts = map hostname-from-file (attrNames (filterAttrs is-nix-file
(filterAttrs is-regular-file (builtins.readDir ./config/hosts))));
pkgs = import nixpkgs { config = { allowUnfree = true; }; };
lib = nixpkgs.lib;
in {
nixConfigurations = mapAttrs (host: hostOpts:
lib.nixosSystem {
}) host-configs;
};
}

59
home-manager/niten.nix
View File

@ -10,16 +10,26 @@ let
enable-gui = host-config.enable-gui;
doom-emacs-minus-deps = pkgs.callPackage (pkgs.fetchgit {
doom-emacs-config = pkgs.fetchgit {
url = "https://git.fudo.org/niten/doom-emacs.git";
rev = "272271650db3abd911923a12442f5e8ce4c6eb6c";
sha256 = "1iw2layh7gh7r5zshdznnnpxwhik2nl7432s7m66yb33prg78h9w";
};
doom-emacs = pkgs.callPackage (pkgs.fetchgit {
url = "https://github.com/vlaci/nix-doom-emacs.git";
rev = "3893c50877a9d2d5d4aeee524ba1539f22115f1f";
sha256 = "1jz8mxh143a4470mq303ng6dh3bxi6mcppqli4z0m13qhqssh4fx";
}) { doomPrivateDir = "${pkgs.doom-emacs-config}/"; };
doom-emacs = doom-emacs-minus-deps.overrideAttrs (old:
{
#buildInputs = old.buildInputs ++ [ pkgs.clang pkgs.cmake pkgs.libclang ];
}) {
doomPrivateDir = "${doom-emacs-config}/";
emacsPackagesOverlay = self: super: {
irony = super.irony.overrideAttrs (esuper: {
buildInputs = esuper.buildInputs
++ [ pkgs.cmake pkgs.libclang pkgs.clang ];
});
spinner = super.spinner.overrideAttrs (esuper: { version = "1.7.4"; });
};
};
gui-packages = with pkgs;
let
@ -34,8 +44,8 @@ let
redshift
signal-desktop
spotify
steam-with-pipewire
steam-with-pipewire.run
# steam-with-pipewire
# steam-with-pipewire.run
xclip
];
@ -52,7 +62,7 @@ let
clojure
cmake
curl
# doom-emacs-minus-deps
# doom-emacs
doom-emacs-config
doomEmacsInit
enca
@ -144,25 +154,30 @@ in {
".local/share/openttd/baseset" =
mkIf enable-gui { source = "${pkgs.openttd-data}/data"; };
".doom.d" = {
source = pkgs.doom-emacs-config;
onChange = "${pkgs.doomEmacsInit}/bin/doom-emacs-init.sh";
};
# For nixified emacs
# ".emacs.d/init.el".text = ''
# (load "default.el")
# '';
# ".xsessions" = {
# mode = "0554";
# text = ''
# # -*-bash-*-
# gdmauth=$XAUTHORITY
# unset XAUTHORITY
# export XAUTHORITY
# xauth merge "$gdmauth"
".xsessions" = {
executable = true;
text = ''
# -*-bash-*-
gdmauth=$XAUTHORITY
unset XAUTHORITY
export XAUTHORITY
xauth merge "$gdmauth"
# if [ -f $HOME/.xinitrc ]; then
# bash --login -i $HOME/.xinitrc
# fi
# '';
# };
if [ -f $HOME/.xinitrc ]; then
bash --login -i $HOME/.xinitrc
fi
'';
};
".fonts.conf" = { source = ../static/fonts.conf; };
};

6
lib/fudo/hosts.nix
View File

@ -137,6 +137,12 @@ let
description = "A host that tends to overheat. Try to keep it cooler.";
default = false;
};
platform = mkOption {
type = str;
description = "System platform of the host.";
default = "x86_64";
};
};
};

7
lib/fudo/mail/clamav.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.fudo.mail-server;
let cfg = config.fudo.mail-server;
in {
options.fudo.mail-server.clamav = {
@ -18,9 +17,7 @@ in {
services.clamav = {
daemon = {
enable = true;
extraConfig = ''
PhishingScanURLs no
'';
settings = { PhishingScanURLs = "no"; };
};
updater.enable = true;
};

4
lib/fudo/users.nix
View File

@ -157,6 +157,9 @@ let
ensure-group-dirs-script = group: dirs:
concatStringsSep "\n" (map (ensure-group-directory group) dirs);
hostname = config.instance.hostname;
host-cfg = config.fudo.hosts.${hostname};
in {
options.fudo = {
users = mkOption {
@ -228,6 +231,7 @@ in {
members = filterExistingUsers sys.local-users groupOpts.members;
}) sys.local-groups) // {
wheel = { members = sys.local-admins; };
docker = mkIf (host-cfg.docker-server) { members = sys.local-admins; };
};
};

6
packages/default.nix
View File

@ -157,10 +157,10 @@ in {
pkgs = unstablePkgs;
};
doom-emacs-config = pkgs.fetchgit {
doom-emacs-config = builtins.fetchGit {
url = "https://git.fudo.org/niten/doom-emacs.git";
rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f";
sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj";
# rev = "42f747cdf232718a6ebaccb9ab10ee3e1d33e10f";
# sha256 = "1mpmbb4xqgiqhxrdl6pbds6z8riwqszr61vxfdxlxsyzkks71zgj";
};
vanilla-forum = import ./vanilla-forum.nix { pkgs = pkgs; };