Add tsuki host config, and several pluggable services
This commit is contained in:
parent
9feae67e9d
commit
9bd47fba1f
14
nixpkgs/flake.lock
generated
14
nixpkgs/flake.lock
generated
@ -23,11 +23,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1640077788,
|
||||
"narHash": "sha256-YMSDk3hlucJTTARaHNOeQEF6zEW3A/x4sXgrz94VbS0=",
|
||||
"lastModified": 1640798027,
|
||||
"narHash": "sha256-1e7bsxWJW0ugkA95AMGL3Da9sHugkz+J4kfYB9fTWZc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9ab7d12287ced0e1b4c03b61c781901f178d9d77",
|
||||
"rev": "8588b14a397e045692d0a87192810b6dddf53003",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -50,11 +50,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1640231944,
|
||||
"narHash": "sha256-nb743xTN5n7LRmiTzfKgknTe+R68FKXIQX/8ERU5JS4=",
|
||||
"lastModified": 1640831004,
|
||||
"narHash": "sha256-3so6H4ZRaDWM156t/3OctRcsPkV80hPewmZNwevbA48=",
|
||||
"ref": "main",
|
||||
"rev": "a489b4a3b5ec636da65886226102a8372c40dcc4",
|
||||
"revCount": 1,
|
||||
"rev": "eb04c0aac6d7d8aaf55fc63e6da58c373b401eb9",
|
||||
"revCount": 7,
|
||||
"type": "git",
|
||||
"url": "file:///home/h7x4/git/nix-secrets"
|
||||
},
|
||||
|
@ -75,12 +75,12 @@
|
||||
inherit specialArgs;
|
||||
|
||||
modules = [
|
||||
./hosts/${name}
|
||||
./hosts/${name}/configuration.nix
|
||||
];
|
||||
} // extraOpts;
|
||||
|
||||
in {
|
||||
# Tsuki = nixSys "tsuki" {};
|
||||
Tsuki = nixSys "tsuki" {};
|
||||
Eisei = nixSys "eisei" {};
|
||||
};
|
||||
|
||||
|
@ -1,6 +1,8 @@
|
||||
{ pkgs, config, ... }: let
|
||||
# FIXME: lib should be imported directly as a module argument.
|
||||
inherit (pkgs) lib;
|
||||
|
||||
# TODO: Split this file
|
||||
in {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
243
nixpkgs/hosts/tsuki/configuration.nix
Normal file
243
nixpkgs/hosts/tsuki/configuration.nix
Normal file
@ -0,0 +1,243 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./services/nginx.nix
|
||||
|
||||
../../pluggables/server/dokuwiki.nix
|
||||
../../pluggables/server/gitlab
|
||||
# ../../pluggables/server/minecraft.nix
|
||||
../../pluggables/server/plex.nix
|
||||
../../pluggables/server/hydra.nix
|
||||
# ../../pluggables/server/matrix.nix
|
||||
# ../../pluggables/server/libvirt.nix
|
||||
# ../../pluggables/server/grafana.nix
|
||||
# ../../pluggables/server/discord-bot.nix
|
||||
# ../../pluggables/server/calibre.nix
|
||||
# ../../pluggables/server/openvpn.nix
|
||||
# ../../pluggables/server/samba.nix
|
||||
# ../../pluggables/server/searx.nix
|
||||
# ../../pluggables/server/syncthing.nix
|
||||
];
|
||||
|
||||
systemd.targets = {
|
||||
sleep.enable = false;
|
||||
suspend.enable = false;
|
||||
hibernate.enable = false;
|
||||
hybrid-sleep.enable = false;
|
||||
};
|
||||
|
||||
nix.package = pkgs.nixFlakes;
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
|
||||
boot.loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
version = 2;
|
||||
efiSupport = true;
|
||||
fsIdentifier = "label";
|
||||
device = "nodev";
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
# efi.efiSysMountPoint = "/boot/efi";
|
||||
# efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Oslo";
|
||||
|
||||
networking = {
|
||||
hostName = "Tsuki";
|
||||
networkmanager.enable = true;
|
||||
useDHCP = false;
|
||||
interfaces.ens18.useDHCP = true;
|
||||
# firewall = {
|
||||
# allowedTCPPorts = [ ... ];
|
||||
# allowedUDPPorts = [ ... ];
|
||||
# enable = false;
|
||||
# };
|
||||
};
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
keyMap = "us";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh.enable = true;
|
||||
printing.enable = true;
|
||||
cron = {
|
||||
enable = true;
|
||||
systemCronJobs = [
|
||||
# "*/5 * * * * root date >> /tmp/cron.log"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
users.users.h7x4 = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"docker"
|
||||
"disk"
|
||||
"libvirtd"
|
||||
"input"
|
||||
];
|
||||
shell = pkgs.zsh;
|
||||
};
|
||||
|
||||
environment = {
|
||||
variables = {
|
||||
EDITOR = "nvim";
|
||||
VISUAL = "nvim";
|
||||
};
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
wget
|
||||
];
|
||||
|
||||
shells = with pkgs; [
|
||||
bashInteractive
|
||||
zsh
|
||||
dash
|
||||
];
|
||||
|
||||
etc = {
|
||||
sudoLecture = {
|
||||
target = "sudo.lecture";
|
||||
text = "[31mBe careful or something, idk...[m\n";
|
||||
};
|
||||
|
||||
currentSystemPackages = {
|
||||
target = "current-system-packages";
|
||||
text = let
|
||||
inherit (lib.strings) concatStringsSep;
|
||||
inherit (lib.lists) sort;
|
||||
inherit (lib.trivial) lessThan;
|
||||
packages = map (p: "${p.name}") config.environment.systemPackages;
|
||||
sortedUnique = sort lessThan (lib.unique packages);
|
||||
in concatStringsSep "\n" sortedUnique;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fonts = {
|
||||
enableDefaultFonts = true;
|
||||
|
||||
fonts = with pkgs; [
|
||||
cm_unicode
|
||||
dejavu_fonts
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
powerline-fonts
|
||||
iosevka
|
||||
symbola
|
||||
corefonts
|
||||
ipaexfont
|
||||
ipafont
|
||||
liberation_ttf
|
||||
migmix
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
open-sans
|
||||
source-han-sans
|
||||
source-sans
|
||||
ubuntu_font_family
|
||||
victor-mono
|
||||
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; })
|
||||
];
|
||||
|
||||
fontconfig = {
|
||||
defaultFonts = {
|
||||
serif = [ "Droid Sans Serif" "Ubuntu" ];
|
||||
sansSerif = [ "Droid Sans" "Ubuntu" ];
|
||||
monospace = [ "Fira Code" "Ubuntu" ];
|
||||
emoji = [ "Noto Sans Emoji" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
git.enable = true;
|
||||
npm.enable = true;
|
||||
tmux.enable = true;
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
configure = {
|
||||
packages.myVimPackage = with pkgs.vimPlugins; {
|
||||
start = [
|
||||
direnv-vim
|
||||
vim-nix
|
||||
vim-polyglot
|
||||
];
|
||||
|
||||
opt = [
|
||||
vim-monokai
|
||||
];
|
||||
};
|
||||
|
||||
customRC = ''
|
||||
set number relativenumber
|
||||
set undofile
|
||||
set undodir=~/.cache/vim/undodir
|
||||
|
||||
packadd! vim-monokai
|
||||
colorscheme monokai
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults lecture = always
|
||||
Defaults lecture_file = /etc/${config.environment.etc.sudoLecture.target}
|
||||
'';
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
# system.extraDependencies = with pkgs; [
|
||||
# asciidoc
|
||||
# asciidoctor
|
||||
# cabal2nix
|
||||
# clang
|
||||
# dart
|
||||
# dotnet-sdk
|
||||
# dotnet-sdk_3
|
||||
# dotnet-sdk_5
|
||||
# dotnetPackages.Nuget
|
||||
# elm2nix
|
||||
# elmPackages.elm
|
||||
# flutter
|
||||
# gcc
|
||||
# ghc
|
||||
# ghcid
|
||||
# haskellPackages.Cabal_3_6_2_0
|
||||
# maven
|
||||
# nodePackages.node2nix
|
||||
# nodePackages.npm
|
||||
# nodePackages.sass
|
||||
# nodePackages.typescript
|
||||
# nodePackages.yarn
|
||||
# nodejs
|
||||
# plantuml
|
||||
# python3
|
||||
# rustc
|
||||
# rustc
|
||||
# rustup
|
||||
# ];
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
}
|
||||
|
||||
|
36
nixpkgs/hosts/tsuki/hardware-configuration.nix
Normal file
36
nixpkgs/hosts/tsuki/hardware-configuration.nix
Normal file
@ -0,0 +1,36 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/54b9fd58-0df5-410c-ab87-766860967653";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/0A60-2885";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/data" =
|
||||
{ device = "/dev/disk/by-uuid/87354b26-4f7f-4b94-96fd-4bbeb834a03b";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/92a1a33f-89a8-45de-a45e-6c303172cd7f"; }
|
||||
];
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
79
nixpkgs/hosts/tsuki/services/nginx.nix
Normal file
79
nixpkgs/hosts/tsuki/services/nginx.nix
Normal file
@ -0,0 +1,79 @@
|
||||
{ pkgs, config, secrets, ... }:
|
||||
# TODO: fix lib
|
||||
let lib = pkgs.lib; in
|
||||
{
|
||||
services.nginx = let
|
||||
generateServerAliases =
|
||||
domains: subdomains:
|
||||
lib.lists.flatten (map (s: map (d: "${s}.${d}") domains) subdomains);
|
||||
in {
|
||||
enable = true;
|
||||
|
||||
recommendedGzipSettings = true; recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts = let
|
||||
inherit (lib.attrsets) nameValuePair listToAttrs;
|
||||
inherit (lib.lists) head drop;
|
||||
inherit (secrets) domains ips ports keys;
|
||||
|
||||
makeHost =
|
||||
subdomains: extraSettings:
|
||||
nameValuePair "${head subdomains}.${head domains}" ({
|
||||
serverAliases = drop 1 (generateServerAliases domains subdomains);
|
||||
|
||||
# TODO: fix ACME
|
||||
# enableACME = true;
|
||||
forceSSL = true;
|
||||
sslCertificate = keys.certificates.default.cert;
|
||||
sslCertificateKey = keys.certificates.default.key;
|
||||
|
||||
} // extraSettings);
|
||||
|
||||
makePassHost =
|
||||
subdomains: extraSettings:
|
||||
makeHost subdomains ({ basicAuthFile = keys.htpasswds.default; } // extraSettings);
|
||||
|
||||
makeProxy =
|
||||
subdomains: url: extraSettings:
|
||||
makeHost subdomains ({ locations."/".proxyPass = url; } // extraSettings);
|
||||
|
||||
makePassProxy =
|
||||
subdomains: url: extraSettings:
|
||||
makeProxy subdomains url ({basicAuthFile = keys.htpasswds.default;} // extraSettings);
|
||||
|
||||
s = toString;
|
||||
|
||||
in listToAttrs [
|
||||
(makeProxy ["git" "gitlab"] "http://unix:/run/gitlab/gitlab-workhorse.socket" {})
|
||||
(makePassProxy ["plex"] "http://localhost:${s ports.plex}" {})
|
||||
(makeHost ["www"] { root = "/var/www/blog"; })
|
||||
(makePassHost ["cache"] { root = "/var/lib/nix-cache"; })
|
||||
(makePassProxy ["px1"] "https://${ips.px1}:${s ports.proxmox}" {})
|
||||
(makePassProxy ["idrac"] "https://${ips.idrac}" {})
|
||||
# (makePassProxy ["log"] "https://localhost:${s ports.grafana}" { proxyWebsockets = true; })
|
||||
# (makeProxy ["wiki"] "" {})
|
||||
# (makeHost ["vpn"] "" {})
|
||||
(makePassProxy ["hydra"] "http://localhost:${s ports.hydra}" {})
|
||||
# (makePassProxy ["sync" "drive"] "" {})
|
||||
# (makePassProxy ["music" "mpd"] "" {})
|
||||
];
|
||||
|
||||
upstreams = {};
|
||||
|
||||
streamConfig = ''
|
||||
upstream minecraft {
|
||||
server 10.0.0.206:25565;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 0.0.0.0:25565;
|
||||
listen [::0]:25565;
|
||||
proxy_pass minecraft;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 25565 ];
|
||||
}
|
12
nixpkgs/pluggables/server/calibre.nix
Normal file
12
nixpkgs/pluggables/server/calibre.nix
Normal file
@ -0,0 +1,12 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.calibre-server = {
|
||||
# user = ""
|
||||
# group = ""
|
||||
enable = true;
|
||||
# libraries = [
|
||||
# /etc/abc
|
||||
# ];
|
||||
# libraryDir = ????
|
||||
};
|
||||
}
|
0
nixpkgs/pluggables/server/discord-bot.nix
Normal file
0
nixpkgs/pluggables/server/discord-bot.nix
Normal file
9
nixpkgs/pluggables/server/dokuwiki.nix
Normal file
9
nixpkgs/pluggables/server/dokuwiki.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.dokuwiki.sites = {
|
||||
# TODO: research?
|
||||
wiki = {
|
||||
enable = false;
|
||||
};
|
||||
};
|
||||
}
|
87
nixpkgs/pluggables/server/gitlab/default.nix
Normal file
87
nixpkgs/pluggables/server/gitlab/default.nix
Normal file
@ -0,0 +1,87 @@
|
||||
{ pkgs, lib, config, secrets, ... }:
|
||||
let
|
||||
gitlab-port = secrets.ports.gitlab;
|
||||
gitlab-host = "git.nani.wtf";
|
||||
|
||||
# TODO: this should optimally be extracted out to nix-secrets completely.
|
||||
gitlab-keydir = secrets.hosts.${config.networking.hostName}.keydir + "/gitlab";
|
||||
in
|
||||
{
|
||||
# TODO: Set up gitlab-runner
|
||||
# imports = [ ./runner.nix ];
|
||||
|
||||
services.gitlab = {
|
||||
enable = true;
|
||||
|
||||
host = "git.nani.wtf";
|
||||
port = gitlab-port + 1;
|
||||
|
||||
user = "git";
|
||||
group = "git";
|
||||
|
||||
databaseUsername = "git";
|
||||
|
||||
statePath = "${secrets.hosts.${config.networking.hostName}.dataStatePath}/gitlab";
|
||||
|
||||
# A file containing the initial password of the root gitlab-account.
|
||||
# This file should be readable to the user defined in `services.gitlab.user`,
|
||||
# optimally having only read write permissions for that user.
|
||||
initialRootPasswordFile = secrets.keys.gitlab.root_password;
|
||||
|
||||
secrets = { inherit (secrets.keys.gitlab) secretFile dbFile otpFile jwsFile; };
|
||||
|
||||
smtp = {
|
||||
tls = true;
|
||||
# address = gitlab-host;
|
||||
port = gitlab-port + 2;
|
||||
};
|
||||
|
||||
# TODO: Set up registry
|
||||
# registry = {
|
||||
# enable = true;
|
||||
# # host = gitlab-host;
|
||||
# port = gitlab-port + 3;
|
||||
# externalPort = gitlab-port + 3;
|
||||
# certFile = /var/cert.pem;
|
||||
# keyFile = /var/key.pem;
|
||||
# };
|
||||
|
||||
pagesExtraArgs = [
|
||||
"-gitlab-server" "http://${gitlab-host}"
|
||||
"-listen-proxy" "127.0.0.1:8090"
|
||||
"-log-format" "text"
|
||||
];
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/gitlab.nix
|
||||
# https://gitlab.com/gitlab-org/gitlab/blob/master/config/gitlab.yml.example
|
||||
extraConfig = {
|
||||
# gitlab = {};
|
||||
gravatar.enabled = false;
|
||||
|
||||
# TODO: Fix pages API connection
|
||||
# pages = {
|
||||
# enabled = true;
|
||||
# host = gitlab-host;
|
||||
# secret_file = "${toString gitlab-keydir}/pages_secret";
|
||||
# local_store.enabled = true;
|
||||
# };
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# TODO: Set up registry
|
||||
# services.dockerRegistry = {
|
||||
# enable = true;
|
||||
# };
|
||||
|
||||
# TODO: Connect plantuml to gitlab
|
||||
services.plantuml-server = {
|
||||
enable = true;
|
||||
listenPort = gitlab-port + 4;
|
||||
};
|
||||
|
||||
# TODO: Make module for kroki, and connect to gitlab
|
||||
# services.kroki = {
|
||||
#
|
||||
# };
|
||||
}
|
25
nixpkgs/pluggables/server/gitlab/genfiles.sh
Executable file
25
nixpkgs/pluggables/server/gitlab/genfiles.sh
Executable file
@ -0,0 +1,25 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
if [ "$EUID" -ne 0 ]; then
|
||||
echo "Please run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
KEYDIR='/var/keys/gitlab'
|
||||
|
||||
umask u=rwx,g=,o=
|
||||
|
||||
mkdir -p $KEYDIR
|
||||
chmod 755 '/var/keys'
|
||||
|
||||
for FILE in secretFile dbFile otpFile pages_secret; do
|
||||
tr -dc A-Za-z0-9 < /dev/random | head -c 128 > $KEYDIR/$FILE
|
||||
done
|
||||
|
||||
nix-shell -p openssl --run "openssl genrsa 2048 > $KEYDIR/jwsFile"
|
||||
chmod 600 $KEYDIR/jwsFile
|
||||
|
||||
read -s -p "Root password: " ROOTPASS
|
||||
echo $ROOTPASS > $KEYDIR/root_password
|
||||
|
||||
chown -R git:git $KEYDIR
|
51
nixpkgs/pluggables/server/gitlab/runner.nix
Normal file
51
nixpkgs/pluggables/server/gitlab/runner.nix
Normal file
@ -0,0 +1,51 @@
|
||||
{ ... }:
|
||||
{
|
||||
|
||||
# See https://nixos.wiki/wiki/Gitlab_runner
|
||||
# boot.kernel.sysctl."net.ipv4.ip_forward" = true; # 1
|
||||
# virtualisation.docker.enable = true;
|
||||
# services.gitlab-runner = {
|
||||
# enable = true;
|
||||
# services= {
|
||||
# # runner for building in docker via host's nix-daemon
|
||||
# # nix store will be readable in runner, might be insecure
|
||||
# nix = with lib;{
|
||||
# # File should contain at least these two variables:
|
||||
# # `CI_SERVER_URL`
|
||||
# # `REGISTRATION_TOKEN`
|
||||
# registrationConfigFile = toString ./path/to/ci-env; # 2
|
||||
# dockerImage = "alpine";
|
||||
# dockerVolumes = [
|
||||
# "/nix/store:/nix/store:ro"
|
||||
# "/nix/var/nix/db:/nix/var/nix/db:ro"
|
||||
# "/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
|
||||
# ];
|
||||
# dockerDisableCache = true;
|
||||
# preBuildScript = pkgs.writeScript "setup-container" ''
|
||||
# mkdir -p -m 0755 /nix/var/log/nix/drvs
|
||||
# mkdir -p -m 0755 /nix/var/nix/gcroots
|
||||
# mkdir -p -m 0755 /nix/var/nix/profiles
|
||||
# mkdir -p -m 0755 /nix/var/nix/temproots
|
||||
# mkdir -p -m 0755 /nix/var/nix/userpool
|
||||
# mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
|
||||
# mkdir -p -m 1777 /nix/var/nix/profiles/per-user
|
||||
# mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
|
||||
# mkdir -p -m 0700 "$HOME/.nix-defexpr"
|
||||
# . ${pkgs.nix}/etc/profile.d/nix.sh
|
||||
# ${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs # 3
|
||||
# ${pkgs.nix}/bin/nix-channel --update nixpkgs
|
||||
# ${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [ nix cacert git openssh ])}
|
||||
# '';
|
||||
# environmentVariables = {
|
||||
# ENV = "/etc/profile";
|
||||
# USER = "root";
|
||||
# NIX_REMOTE = "daemon";
|
||||
# PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
|
||||
# NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
|
||||
# };
|
||||
# tagList = [ "nix" ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
}
|
24
nixpkgs/pluggables/server/grafana.nix
Normal file
24
nixpkgs/pluggables/server/grafana.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
domain = "log.nani.wtf";
|
||||
port = 9000;
|
||||
addr = "127.0.0.1";
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
port = 9001;
|
||||
|
||||
exporters = {
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
services.loki = {
|
||||
enable = true;
|
||||
# configFile = ./loki-local-config.yaml;
|
||||
};
|
||||
|
||||
}
|
9
nixpkgs/pluggables/server/hydra.nix
Normal file
9
nixpkgs/pluggables/server/hydra.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ secrets, ... }:
|
||||
{
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "http://hydra.nani.wtf";
|
||||
notificationSender = "hydra@nani.wtf";
|
||||
port = secrets.ports.hydra;
|
||||
};
|
||||
}
|
0
nixpkgs/pluggables/server/libvirt.nix
Normal file
0
nixpkgs/pluggables/server/libvirt.nix
Normal file
0
nixpkgs/pluggables/server/matrix.nix
Normal file
0
nixpkgs/pluggables/server/matrix.nix
Normal file
64
nixpkgs/pluggables/server/minecraft.nix
Normal file
64
nixpkgs/pluggables/server/minecraft.nix
Normal file
@ -0,0 +1,64 @@
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
# See https://github.com/InfinityGhost/nixos-workstation/blob/master/minecraft-server.nix
|
||||
|
||||
let
|
||||
allocatedMemory = "4096M";
|
||||
in {
|
||||
services.minecraft-server = let
|
||||
version = "1.18.1";
|
||||
|
||||
spigot = pkgs.minecraft-server.overrideAttrs (old: {
|
||||
src = pkgs.fetchurl {
|
||||
url = "https://hub.spigotmc.org/jenkins/job/BuildTools/141/artifact/target/BuildTools.jar";
|
||||
sha1 = "?";
|
||||
};
|
||||
|
||||
buildPhase = ''
|
||||
cat > minecraft-server << EOF
|
||||
|
||||
#!${pkgs.bash}/bin/sh
|
||||
exec ${pkgs.adoptopenjdk-jre-hotspot-bin-17}/bin/java \$@ -jar $out/bin/spigot-${version}.jar nogui
|
||||
|
||||
java -jar $src --rev ${version}
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/bin $out/lib/minecraft
|
||||
cp -v spigot-${version}.jar $out/lib/minecraft
|
||||
cp -v minecraft-server $out/bin
|
||||
|
||||
chmod +x $out/bin/minecraft-server
|
||||
'';
|
||||
});
|
||||
in {
|
||||
enable = true;
|
||||
eula = true;
|
||||
package = pkgs.spigot;
|
||||
declarative = true;
|
||||
dataDir = "/home/h7x4/minecraft";
|
||||
openFirewall = true;
|
||||
|
||||
jvmOpts = lib.concatStringsSep " " [
|
||||
"-Xmx${allocatedMemory}"
|
||||
"-Xms${allocatedMemory}"
|
||||
"-XX:+UseG1GC"
|
||||
"-XX:ParallelGCThreads=2"
|
||||
"-XX:MinHeapFreeRatio=5"
|
||||
"-XX:MaxHeapFreeRatio=10"
|
||||
];
|
||||
|
||||
serverProperties = {
|
||||
motd = "NixOS Minecraft Server";
|
||||
server-port = 25565;
|
||||
difficulty = 2;
|
||||
gamemode = 0;
|
||||
max-players = 5;
|
||||
white-list = false;
|
||||
enable-rcon = false;
|
||||
allow-flight = true;
|
||||
};
|
||||
|
||||
# whitelist = {};
|
||||
};
|
||||
}
|
0
nixpkgs/pluggables/server/openvpn.nix
Normal file
0
nixpkgs/pluggables/server/openvpn.nix
Normal file
20
nixpkgs/pluggables/server/plex.nix
Normal file
20
nixpkgs/pluggables/server/plex.nix
Normal file
@ -0,0 +1,20 @@
|
||||
{ services, ... }:
|
||||
{
|
||||
services.plex = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
dataDir = "/data/var/plex";
|
||||
};
|
||||
|
||||
# TODO: make default directories.
|
||||
services.samba.shares.plex = {
|
||||
path = "/data/media";
|
||||
browseable = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mode" = 0664;
|
||||
"directory mode" = 2775;
|
||||
comment = "Movies, Series and other stuff for Plex";
|
||||
};
|
||||
|
||||
}
|
0
nixpkgs/pluggables/server/reverse-proxy.nix
Normal file
0
nixpkgs/pluggables/server/reverse-proxy.nix
Normal file
2
nixpkgs/pluggables/server/samba.nix
Normal file
2
nixpkgs/pluggables/server/samba.nix
Normal file
@ -0,0 +1,2 @@
|
||||
{}:
|
||||
{}
|
28
nixpkgs/pluggables/server/searx.nix
Normal file
28
nixpkgs/pluggables/server/searx.nix
Normal file
@ -0,0 +1,28 @@
|
||||
{ ... }:
|
||||
{
|
||||
# TODO: Make secret keys.
|
||||
services.searx = {
|
||||
enable = false;
|
||||
settings = {
|
||||
server.port = 8080;
|
||||
server.bind_address = "0.0.0.0";
|
||||
server.secret_key = "@SEARX_SECRET_KEY@";
|
||||
|
||||
engines = [
|
||||
{
|
||||
name = "wolframalpha";
|
||||
shortcut = "wa";
|
||||
api_key = "@WOLFRAM_API_KEY@";
|
||||
engine = "wolframalpha_api";
|
||||
};
|
||||
];
|
||||
};
|
||||
|
||||
# runInUwsgi = true;
|
||||
# uwsgiConfig = {
|
||||
# disable-logging = false;
|
||||
# http = ":11000";
|
||||
# socket = "/run/searx/searx.sock";
|
||||
# };
|
||||
};
|
||||
}
|
0
nixpkgs/pluggables/server/syncthing.nix
Normal file
0
nixpkgs/pluggables/server/syncthing.nix
Normal file
@ -133,10 +133,14 @@ in rec {
|
||||
# Nix related aliases
|
||||
|
||||
"Nix Stuff" = {
|
||||
# This for some reason uses an outdated version of hm
|
||||
|
||||
# FIXME: This for some reason uses an outdated version of home-manager and nixos-rebuild
|
||||
# hs = "${pkgs.home-manager}/bin/home-manager switch";
|
||||
# nxr = "sudo ${nixos-rebuild}/bin/nixos-rebuild switch";
|
||||
|
||||
hms = "home-manager switch";
|
||||
nxr = "sudo ${nixos-rebuild}/bin/nixos-rebuild switch";
|
||||
nxr = "sudo nixos-rebuild switch";
|
||||
|
||||
nxc = "sudoedit /etc/nixos/configuration.nix";
|
||||
nxh = "vim ~/.config/nixpkgs/home.nix";
|
||||
ns = "nix-shell";
|
||||
|
Loading…
Reference in New Issue
Block a user