diff --git a/hosts/common.nix b/hosts/common.nix index 4f11b34..d8e02e2 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -2,8 +2,8 @@ let inherit (pkgs) lib; # inherit (specialArgs) machineVars; - inherit (config) machineVars; - has_graphics = !config.machineVars.headless; + # inherit (config) machineVars; + # has_graphics = !config.machineVars.headless; in { time.timeZone = "Europe/Oslo"; @@ -63,7 +63,7 @@ in { systemPackages = with pkgs; ([ wget - ] ++ (lib.optionals (!machineVars.headless) [ + ] ++ (lib.optionals (!config.machineVars.headless) [ haskellPackages.xmobar ])); @@ -199,7 +199,7 @@ in { # makes it so that other software can not be activated at the same time # and that those asserts triggers some kind of evaluation chain that # recurses infinitely. - # enable = !config.machineVars.headless; + # enable = true; layout = "us"; xkbOptions = "caps:escape"; @@ -220,7 +220,7 @@ in { # displayManager.startx.enable = true; # displayManager.gdm.enable = true; - # displayManager.lightdm.enable = !config.machineVars.headless; + # displayManager.lightdm.enable = true; displayManager.defaultSession = "none+xmonad"; }; diff --git a/hosts/kasei/configuration.nix b/hosts/kasei/configuration.nix index babae57..2008149 100644 --- a/hosts/kasei/configuration.nix +++ b/hosts/kasei/configuration.nix @@ -8,6 +8,25 @@ services.xserver.enable = true; services.xserver.displayManager.lightdm.enable = true; + machineVars = { + headless = false; + gaming = true; + development = true; + creative = true; + + dataDrives = let + main = "/data"; + in { + drives = { inherit main; }; + default = main; + }; + + screens = { + "DP-1" = {}; + "HDMI-1" = {}; + }; + }; + systemd.targets = { sleep.enable = false; suspend.enable = false; diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix index 79e0e5a..d03cdf3 100644 --- a/hosts/tsuki/configuration.nix +++ b/hosts/tsuki/configuration.nix @@ -1,27 +1,27 @@ -{ config, lib, pkgs, ... }: { imports = [ - ./hardware-configuration.nix + ./hardware-configuration.nix # ./services/calibre.nix - # ./services/dokuwiki.nix + # ./services/dokuwiki.nix ./services/gitea - # ./services/gitlab + # ./services/gitlab ./services/grafana.nix ./services/hydra.nix - ./services/jitsi.nix + ./services/jitsi.nix # ./services/keycloak.nix # ./services/libvirt.nix - ./services/matrix.nix + ./services/matrix ./services/nginx.nix - # ./services/openldap.nix - ./services/openvpn.nix + # ./services/openldap.nix + # ./services/openvpn.nix ./services/plex.nix - # ./services/samba.nix - ./services/searx.nix - # ./services/syncthing.nix + ./services/postgres.nix + ./services/samba.nix + ./services/searx.nix + # ./services/syncthing.nix ./services/vscode-server.nix - ]; + ]; # TODO: See ../common.nix services.xserver.enable = false; @@ -29,6 +29,15 @@ machineVars = { headless = true; + dataDrives = let + momiji = "/data2"; + in { + drives = { + cirno = "/data"; + inherit momiji; + }; + default = momiji; + }; }; systemd.targets = { @@ -74,6 +83,7 @@ users.groups.media = {}; users.users = { + h7x4.extraGroups = [ "media" ]; media = { isSystemUser = true; group = "media"; diff --git a/hosts/tsuki/services/hydra.nix b/hosts/tsuki/services/hydra.nix index 37c6b8a..1af50dd 100644 --- a/hosts/tsuki/services/hydra.nix +++ b/hosts/tsuki/services/hydra.nix @@ -1,9 +1,12 @@ { secrets, ... }: { + # Follow instructions for setup: + # https://gist.github.com/joepie91/c26f01a787af87a96f967219234a8723 services.hydra = { enable = true; hydraURL = "http://hydra.nani.wtf"; notificationSender = "hydra@nani.wtf"; + useSubstitutes = true; port = secrets.ports.hydra; }; } diff --git a/hosts/tsuki/services/nginx.nix b/hosts/tsuki/services/nginx.nix index 06f7da6..88209fd 100644 --- a/hosts/tsuki/services/nginx.nix +++ b/hosts/tsuki/services/nginx.nix @@ -111,10 +111,10 @@ (makeClientCertProxy ["log"] "http://localhost:${s ports.grafana}" { locations."/".proxyWebsockets = true; }) - (makeClientCertProxy ["pg"] "http://localhost:${s ports.postgres}" {}) + (makeClientCertProxy ["pg"] "http://localhost:${s ports.pgadmin}" {}) # (makeProxy ["wiki"] "" {}) # (makeHost ["vpn"] "" {}) - (makeClientCertProxy ["hydra"] "http://localhost:${s ports.hydra}" {}) + (makeACMEProxy ["hydra"] "http://localhost:${s ports.hydra}" {}) (makeClientCertProxy ["air"] "https://${ips.kansei}:${s ports.kansei}" {}) # (makePassProxy ["sync" "drive"] "" {}) diff --git a/hosts/tsuki/services/openldap.todo.nix b/hosts/tsuki/services/openldap.todo.nix index ca6b591..a177155 100644 --- a/hosts/tsuki/services/openldap.todo.nix +++ b/hosts/tsuki/services/openldap.todo.nix @@ -2,7 +2,7 @@ { services.openldap = { enable = true; - # dataDir = "/data/var/openldap"; + # dataDir = "${config.machineVars.dataDrives.default}/var/openldap"; urlList = [ "ldap:///" "ldapi:///" ]; # Add ldaps to this list to listen with SSL (requires configured certificates) # suffix = "dc=nixos,dc=org"; # rootdn = "cn=admin,dc=nixos,dc=org"; diff --git a/hosts/tsuki/services/plex.nix b/hosts/tsuki/services/plex.nix index 3771ffa..1eb511a 100644 --- a/hosts/tsuki/services/plex.nix +++ b/hosts/tsuki/services/plex.nix @@ -1,21 +1,10 @@ -{ secrets, ... }: +{ config, secrets, ... }: { services.plex = { enable = true; openFirewall = true; - dataDir = "/data/var/plex"; + dataDir = "${config.machineVars.dataDrives.default}/var/plex"; }; - # TODO: make default directories. - services.samba.shares.plex = { - path = "/data/media"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - "create mode" = 0664; - "directory mode" = 2775; - comment = "Movies, Series and other stuff for Plex"; - }; - - networking.firewall.allowedTCPPorts = [ secrets.ports.plex ]; + # networking.firewall.allowedTCPPorts = [ secrets.ports.plex ]; } diff --git a/hosts/tsuki/services/postgres.nix b/hosts/tsuki/services/postgres.nix index d4e2cea..bb29dc7 100644 --- a/hosts/tsuki/services/postgres.nix +++ b/hosts/tsuki/services/postgres.nix @@ -2,16 +2,26 @@ services.postgresql = { enable = true; - # port = secrets.ports.postgres - # dataDir = + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + local all all trust + local hydra all ident map=hydra-users + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + ''; + port = secrets.ports.postgres; + dataDir = "${config.machineVars.dataDrives.default}/db/postgres/${config.services.postgresql.package.psqlSchema}"; # settings = {}; }; services.pgadmin = { enable = true; openFirewall = true; - # port = secrets.ports.pgadmin - # settings = { - # }; + initialEmail = "h7x4abk3g@protonmail.com"; + initialPasswordFile = "${config.machineVars.dataDrives.default}/var/pgadmin_pass"; + port = secrets.ports.pgadmin; + settings = { + DATA_DIR = "${config.machineVars.dataDrives.default}/var/pgadmin"; + }; }; } diff --git a/modules/machineVars.nix b/modules/machineVars.nix index ce1e968..2bbe3c6 100644 --- a/modules/machineVars.nix +++ b/modules/machineVars.nix @@ -46,6 +46,31 @@ t tools preinstalled."; type = types.nullOr types.str; default = null; }; + + dataDrives = let + driveType = + types.addCheck types.path (path: builtins.elem path (builtins.attrNames config.fileSystems)); + in { + drives = mkOption { + type = types.attrsOf driveType; + default = { }; + example = { + dataDrive1 = "/data/data1"; + dataDrive2 = "/another/location"; + }; + description = '' + Drives that should act as data drives. + These need to be registered in `fileSystems` + ''; + }; + + default = mkOption { + type = types.nullOr driveType; + description = '' + Data drive that should be used for most purposes. + ''; + }; + }; }; config = { diff --git a/programs/xmobar/default.nix b/programs/xmobar/default.nix index 4a3e2c0..fe51d89 100644 --- a/programs/xmobar/default.nix +++ b/programs/xmobar/default.nix @@ -4,10 +4,11 @@ in { programs.xmobar = let networkCard = "wlp2s0f0u7u4"; + # TODO: loop over dataDrives disks = [ "/" - "/data" - "/data/disks/data2" + "${config.machineVars.dataDrives.default}" + "${config.machineVars.dataDrives.default}/disks/data2" ]; mpd_status_script = pkgs.writeShellScript "mpd-status" ''