further catogorize profile/web, add python-docs
This commit is contained in:
parent
71ac683efa
commit
181edd92e5
37
README.md
37
README.md
@ -1,17 +1,34 @@
|
||||
# Initial setup
|
||||
# Initial setup (old)
|
||||
|
||||
```
|
||||
nixos-generate-config
|
||||
```
|
||||
nixos-generate-config
|
||||
|
||||
# TODO:
|
||||
# Reading list
|
||||
|
||||
* [ ] Multiple user profiles, headless, nixpkgs-dev, desktop, hpc, pvv, etc
|
||||
* [ ] Split stuff into multiple files
|
||||
* [ ] Some system for multiple hosts with different configs
|
||||
* [ ] Make a flake
|
||||
* https://nixos.wiki/wiki/Flakes
|
||||
* https://teu5us.github.io/nix-lib.html
|
||||
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
|
||||
|
||||
# TODOs:
|
||||
|
||||
* [x] Split stuff into multiple files
|
||||
* [x] Make a flake
|
||||
* [ ] Setup some remote-development flow
|
||||
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
||||
* [ ] nixos-generate-config instructions
|
||||
* [ ] zfs
|
||||
* [ ] secrets
|
||||
* [ ] profiles/web: make ACME/nginx helper a function
|
||||
* [ ] Support multiple tlds
|
||||
* [ ] Support multiple acme accounts
|
||||
* [ ] Support a per-account provider?
|
||||
* [ ] Support DNS auth
|
||||
* [ ] Setup aliases instead of a per-subdomain cert
|
||||
|
||||
|
||||
# How to evaluate, checking if the drv hash is equal
|
||||
# Cheatsheet
|
||||
|
||||
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
|
||||
|
||||
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
|
||||
# or
|
||||
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|
||||
|
43
base.nix
43
base.nix
@ -1,9 +1,9 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./cachix.nix
|
||||
(if builtins.pathExists ./hardware-configuration.nix
|
||||
then ./hardware-configuration.nix # results of hardware scan
|
||||
then ./hardware-configuration.nix # results of ‘nixos-generate-config
|
||||
else {}
|
||||
)
|
||||
];
|
||||
@ -11,9 +11,32 @@
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nixpkgs.config.allowUnfreePredicate = (pkg: true);
|
||||
|
||||
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
|
||||
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
|
||||
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
|
||||
# TODO: this check is not pure
|
||||
system.autoUpgrade = if builtins.pathExists "/etc/nixos/flake.nix" then { #TODO: should i check for .git instead?
|
||||
enable = true;
|
||||
flake = "/etc/nixos";
|
||||
flags = [
|
||||
"--recreate-lock-file" # fetch new inputs
|
||||
#"--commit-lock-file" # commit new lock to local git repo
|
||||
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
|
||||
"-L" # print build logs
|
||||
];
|
||||
} else {
|
||||
enable = true;
|
||||
flake = inputs.self.outPath; # a nix store path
|
||||
flags = [
|
||||
"--recreate-lock-file" # fetch new inputs
|
||||
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
|
||||
"-L" # print build logs
|
||||
];
|
||||
};
|
||||
#assertions = [
|
||||
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
|
||||
#];
|
||||
|
||||
nix.settings.trusted-users = [ "root" ];
|
||||
nix.settings.trusted-users = [ "root" ]; # default, but will stick around after a mergins with ./users
|
||||
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||
#nix.optimize.automatic = true; # periodic optimization
|
||||
nix.gc.automatic = true;
|
||||
@ -37,7 +60,7 @@
|
||||
networking.firewall.enable = true; # default
|
||||
|
||||
# Time zone and internationalisation properties.
|
||||
time.timeZone = "Europe/Oslo";
|
||||
time.timeZone = "Europe/Oslo";
|
||||
i18n.defaultLocale = "en_US.utf8";
|
||||
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
|
||||
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
|
||||
@ -52,14 +75,4 @@
|
||||
services.xserver.layout = "no";
|
||||
services.xserver.xkbVariant = "";
|
||||
|
||||
# System fonts
|
||||
# Nice to have when X-forwading on headless machines
|
||||
# TODO: move?
|
||||
fonts.fonts = with pkgs; [
|
||||
noto-fonts # includes Cousine
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
noto-fonts-extra
|
||||
dejavu_fonts
|
||||
];
|
||||
}
|
||||
|
@ -1,6 +0,0 @@
|
||||
{
|
||||
import = [
|
||||
./base.nix
|
||||
./hosts/noximilien.nix
|
||||
];
|
||||
}
|
49
flake.lock
generated
49
flake.lock
generated
@ -21,6 +21,21 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1677232326,
|
||||
"narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1677249740,
|
||||
@ -37,10 +52,44 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1677354372,
|
||||
"narHash": "sha256-yJQeIxHkJO7GOvEK24hv9K59eorGTrEgfNWjlrpBfPU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "4711c9bb1df2bf0fd103c46aa9465ebde8fd93c7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pr-polaris14": {
|
||||
"locked": {
|
||||
"lastModified": 1672706949,
|
||||
"narHash": "sha256-7w8ylNEmeWX7++E6vECZ4nY6I0AGA/irT7eWQ7c7aX0=",
|
||||
"owner": "pbsds",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8d4e5e6a87684b3035a94d0e7e7c19d342448f68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "pbsds",
|
||||
"ref": "polaris-14",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"home-manager": "home-manager",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nur": "nur",
|
||||
"pr-polaris14": "pr-polaris14",
|
||||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
|
50
flake.nix
50
flake.nix
@ -1,16 +1,22 @@
|
||||
{
|
||||
description = "pbsds' nix system/home profile flake";
|
||||
description = "pbsds' system/home flake";
|
||||
|
||||
# TODO: NUR
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
|
||||
inputs.unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||
inputs.nur.url = "github:nix-community/NUR";
|
||||
inputs.home-manager.url = "github:nix-community/home-manager";
|
||||
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||
|
||||
# temp stuff
|
||||
inputs.pbsds-polaris-pr = "github:pbsds/nixpkgs/polaris-14";
|
||||
#TODO:
|
||||
#sops-nix.url = "github:Mic92/sops-nix";
|
||||
#sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
#matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
||||
|
||||
outputs = { self, nixpkgs, unstable, home-manager, ... }@inputs:
|
||||
# temp
|
||||
inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14";
|
||||
|
||||
outputs = { self, nixpkgs, unstable, nixos-hardware, nur, home-manager, ... }@inputs:
|
||||
let
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
@ -18,30 +24,42 @@
|
||||
#"riscv64-linux"
|
||||
];
|
||||
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
|
||||
nixosOverrides = {
|
||||
tmpConfig = {
|
||||
disabledModules = [ "services/misc/polaris.nix" ];
|
||||
imports = [ inputs.pbsds-polaris-14 + "/nixos/modules/services/misc/polaris.nix" ];
|
||||
nixpkgs.overlays = [(final: prev: {
|
||||
polaris = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris) { };
|
||||
polaris-web = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris/web.nix) { };
|
||||
imports = [ "${inputs.pr-polaris14}/nixos/modules/services/misc/polaris.nix" ];
|
||||
nixpkgs.overlays = [(final: prev: { # TODO: nixpkgs.config.packageOverrides ?
|
||||
polaris = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris" { };
|
||||
polaris-web = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris/web.nix" { };
|
||||
})];
|
||||
};
|
||||
mkConfig = system: modules: nixpkgs.lib.nixosSystem {
|
||||
mkConfig = hostname: system: modules: nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = { inherit unstable inputs; };
|
||||
modules = modules ++ [ ./base.nix nixosOverrides ({
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = modules ++ [ ./base.nix "${self}/hosts/${hostname}" tmpConfig ({
|
||||
networking.hostName = hostname;
|
||||
networking.domain = "pbsds.net";
|
||||
networking.search = [ "pbsds.net" ];
|
||||
nixpkgs.overlays = [ # TODO: consider nixpkgs.config.packageOverrides
|
||||
#(final: prev: self.packages.${system})
|
||||
(final: prev: {
|
||||
unstable = unstable.legacyPackages.${final.system};
|
||||
#unstable = import unstable { inherit system; };
|
||||
nur = import nur { inherit (prev) pkgs; nurpkgs = prev.pkgs; };
|
||||
#nur = import nur { inherit (prev) pkgs; nurpkgs = import nixpkgs { inherit final.system: }; }; # TODO: nurpkgs?
|
||||
})
|
||||
];
|
||||
# This makes commandline tools like 'nix run nixpkgs#hello'
|
||||
# and 'nix-shell -p hello' use the same channel the system was built with
|
||||
# and 'nix-shell -p hello' use the same channel as system was built with
|
||||
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||
nix.registry.unstable.flake = inputs.unstable;
|
||||
nix.nixPath = [
|
||||
"nixpkgs=${inputs.nixpkgs}"
|
||||
"unstable=${inputs.unstable}"
|
||||
"unstable=${inputs.unstable}" # TODO: needed?
|
||||
];
|
||||
})];
|
||||
};
|
||||
in {
|
||||
nixosConfigurations.noximilien = mkConfig "x86_64-linux" [ ./hosts/noximilien.nix ];
|
||||
nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||
homeConfigurations = forAllSystems (system: {
|
||||
pbsds = home-manager.lib.homeManagerConfiguration {
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
|
@ -5,5 +5,4 @@
|
||||
hardware.opengl.enable = true;
|
||||
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
||||
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
||||
|
||||
}
|
||||
|
2
hosts/asgaut/default.nix
Normal file
2
hosts/asgaut/default.nix
Normal file
@ -0,0 +1,2 @@
|
||||
{}
|
||||
# TODO: visionfive 2
|
@ -1,62 +1,66 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
../users
|
||||
../users/pbsds
|
||||
../users/jornane
|
||||
#../users/all.nix # TODO: does not work?
|
||||
./hardware-configuration.nix
|
||||
|
||||
../hardware/opengl-intel.nix
|
||||
../../users # home-manager
|
||||
../../users/pbsds
|
||||
../../users/jornane
|
||||
#../../users/all.nix # TODO: does not work?
|
||||
|
||||
../profiles/web
|
||||
../profiles/web/index
|
||||
../profiles/web/cinny
|
||||
../profiles/web/element
|
||||
../profiles/web/flexget
|
||||
../profiles/web/gitea
|
||||
../profiles/web/hydra
|
||||
../profiles/web/invidious
|
||||
../profiles/web/jellyfin
|
||||
../profiles/web/libreddit
|
||||
../profiles/web/mattermost
|
||||
../profiles/web/navidrome
|
||||
../profiles/web/netdata
|
||||
../profiles/web/nitter
|
||||
../profiles/web/ntopng
|
||||
../profiles/web/owncast
|
||||
../profiles/web/paperless
|
||||
../profiles/web/polaris
|
||||
../profiles/web/resilio
|
||||
../profiles/web/roundcube
|
||||
../profiles/web/thelounge
|
||||
../profiles/web/vaultwarden
|
||||
../profiles/web/webdav-zotero
|
||||
#../profiles/web/convos
|
||||
#../profiles/web/cryptpad
|
||||
#../profiles/web/galene
|
||||
#../profiles/web/graphana
|
||||
#../profiles/web/hedgedoc
|
||||
#../profiles/web/home-assistant
|
||||
#../profiles/web/jitsi-meet
|
||||
#../profiles/web/kukkee
|
||||
#../profiles/web/matrix-synapse
|
||||
#../profiles/web/shlink
|
||||
#../profiles/web/sourcegraph
|
||||
../../hardware/opengl-intel.nix
|
||||
|
||||
../profiles/web/pdoc
|
||||
../profiles/web/linktree-pbsds
|
||||
../profiles/web/refleksjon-no
|
||||
../profiles/web/roroslyd-no
|
||||
#../profiles/web/trivial-gradios
|
||||
#../profiles/web/censordodge
|
||||
#../profiles/web/openspeedtest
|
||||
../../profiles/web
|
||||
../../profiles/web/index
|
||||
../../profiles/web/services/cinny
|
||||
../../profiles/web/services/element
|
||||
../../profiles/web/services/flexget
|
||||
../../profiles/web/services/gitea
|
||||
../../profiles/web/services/hydra
|
||||
../../profiles/web/services/invidious
|
||||
../../profiles/web/services/jellyfin
|
||||
../../profiles/web/services/libreddit
|
||||
../../profiles/web/services/mattermost
|
||||
../../profiles/web/services/navidrome
|
||||
../../profiles/web/services/netdata
|
||||
../../profiles/web/services/nitter
|
||||
../../profiles/web/services/ntopng
|
||||
../../profiles/web/services/owncast
|
||||
../../profiles/web/services/paperless
|
||||
../../profiles/web/services/polaris
|
||||
../../profiles/web/services/resilio
|
||||
../../profiles/web/services/roundcube
|
||||
../../profiles/web/services/thelounge
|
||||
../../profiles/web/services/vaultwarden
|
||||
../../profiles/web/services/webdav-zotero
|
||||
#../../profiles/web/services/convos
|
||||
#../../profiles/web/services/cryptpad
|
||||
#../../profiles/web/services/galene
|
||||
#../../profiles/web/services/graphana
|
||||
#../../profiles/web/services/hedgedoc
|
||||
#../../profiles/web/services/home-assistant
|
||||
#../../profiles/web/services/jitsi-meet
|
||||
#../../profiles/web/services/kukkee
|
||||
#../../profiles/web/services/matrix-synapse
|
||||
#../../profiles/web/services/shlink
|
||||
#../../profiles/web/services/sourcegraph
|
||||
#../../profiles/web/services/censordodge
|
||||
#../../profiles/web/services/openspeedtest
|
||||
|
||||
../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
||||
../profiles/code-remote
|
||||
../profiles/remote-builders #
|
||||
../profiles/nfs/reidun.nix # NFS mounts
|
||||
../profiles/autossh-reverse-tunnels
|
||||
#../profiles/xrdp
|
||||
../../profiles/web/docs/pdoc
|
||||
../../profiles/web/docs/python-docs
|
||||
../../profiles/web/sites/linktree-pbsds
|
||||
../../profiles/web/sites/refleksjon-no
|
||||
../../profiles/web/sites/roroslyd-no
|
||||
|
||||
#../../profiles/web/services/trivial-gradios
|
||||
|
||||
../../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
||||
../../profiles/code-remote
|
||||
../../profiles/remote-builders #
|
||||
../../profiles/nfs/reidun.nix # NFS mounts
|
||||
../../profiles/autossh-reverse-tunnels
|
||||
#../../profiles/xrdp
|
||||
];
|
||||
|
||||
# TODO: remove? Move to where relevant=
|
||||
@ -92,8 +96,6 @@
|
||||
networking.networkmanager.enable = true;
|
||||
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
#networking.iwd.enable = true
|
||||
networking.hostName = "noximilien";
|
||||
networking.domain = "pbsds.net";
|
||||
networking.interfaces.eno1.ipv4.addresses = [
|
||||
{ address = "192.168.1.9"; prefixLength = 24; }
|
||||
];
|
||||
@ -107,7 +109,7 @@
|
||||
interface = "eno1";
|
||||
};
|
||||
#networking.useDHCP = true;
|
||||
#TODO: avahi?
|
||||
#TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18
|
||||
|
||||
# Installed system packages
|
||||
# TODO: prune this, make home-manager deal with the majority
|
||||
@ -223,6 +225,18 @@
|
||||
# User pederbs
|
||||
#'';
|
||||
|
||||
# System fonts
|
||||
# Nice to have when X-forwading on headless machines
|
||||
# TODO: move?
|
||||
fonts.fonts = with pkgs; [
|
||||
noto-fonts # includes Cousine
|
||||
noto-fonts-cjk
|
||||
noto-fonts-emoji
|
||||
noto-fonts-extra
|
||||
dejavu_fonts
|
||||
];
|
||||
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
33
hosts/noximilien/hardware-configuration.nix
Normal file
33
hosts/noximilien/hardware-configuration.nix
Normal file
@ -0,0 +1,33 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/fa5f2e24-ab42-4a5f-bf8c-be699b980457";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/5b00f5ca-f7a8-4a69-a93b-8e68d9e369e7"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
@ -2,6 +2,8 @@
|
||||
{
|
||||
# AutoSSH reverse tunnels
|
||||
|
||||
# TODO: add noximilien to this list, deselect is using hostname
|
||||
|
||||
services.autossh.sessions = let
|
||||
mkSshSession = {user, name, host, rport, monitoringPort}: {
|
||||
user = user; # local user
|
||||
|
@ -4,8 +4,8 @@
|
||||
|
||||
systemd.services.domeneshop-updater = {
|
||||
description = "domene.shop domain updater";
|
||||
#after = [ "something?.service" ];
|
||||
#wants = [ "something?.service" ];
|
||||
after = [ "network-online.target" ]; # TODO: multi-user ?
|
||||
wants = [ "network-online.target" ]; # TODO: multi-user ?
|
||||
serviceConfig = let
|
||||
prog = pkgs.writeShellApplication {
|
||||
name = "domeneshop-dyndns-updater.sh";
|
||||
|
@ -1,140 +0,0 @@
|
||||
{ lib, pkgs, config, ... }:
|
||||
|
||||
#with builtins;
|
||||
|
||||
let
|
||||
lib_ = lib;
|
||||
in
|
||||
let
|
||||
cfg = config.services.webhook;
|
||||
hooksFormat = pkgs.formats.json {};
|
||||
lib = lib_ // { mdDoc = x: x; }; # HACK
|
||||
|
||||
in {
|
||||
options.services.webhook = with lib; {
|
||||
|
||||
enable = mkEnableOption "webhook service";
|
||||
|
||||
package = mkPackageOption pkgs "webhook" { };
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "webhook";
|
||||
description = lib.mdDoc "User under which Webhook runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "webhook";
|
||||
description = lib.mdDoc "Group under which Webhook runs.";
|
||||
};
|
||||
|
||||
listenHost = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = lib.mdDoc "Which address Webhook should listen to for HTTP.";
|
||||
};
|
||||
|
||||
listenPort = mkOption {
|
||||
type = types.port;
|
||||
default = 8080;
|
||||
description = lib.mdDoc "Which port Webhook should listen to for HTTP.";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = lib.mdDoc ''
|
||||
Open the configured ports in the firewall for the Webhook server.
|
||||
Preferably the Webhook server is instead put behind a reverse proxy.
|
||||
'';
|
||||
};
|
||||
|
||||
urlPrefix = mkOption {
|
||||
type = types.str;
|
||||
default = "hooks";
|
||||
description = lib.mdDoc ''
|
||||
Url prefix to use for served hooks.
|
||||
`http://listen:port/PREFIX/:hook-id`
|
||||
'';
|
||||
};
|
||||
|
||||
httpMethods = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = ["POST"];
|
||||
defaultText = literalExpression ''["POST"]'';
|
||||
description = lib.mdDoc "Default allowed HTTP methods";
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = lib.mdDoc "Whether to log events or not.";
|
||||
};
|
||||
|
||||
extraArgs = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = lib.mdDoc ''
|
||||
Extra command-line arguments.
|
||||
If you want to set CORS headers, you can set [ "-header" "name=value" ]
|
||||
to the appropriate CORS headers to passed along with each response.
|
||||
'';
|
||||
};
|
||||
|
||||
settings = mkOption {
|
||||
type = hooksFormat.type;
|
||||
default = [];
|
||||
example = lib.literalExpression ''
|
||||
[
|
||||
{
|
||||
id = "my-webhook";
|
||||
execute-command = pkgs.writeShellScript "handle-my-webhook.sh" '${""}'
|
||||
echo "foobar"
|
||||
'${""}';
|
||||
}
|
||||
]
|
||||
'';
|
||||
description = lib.mdDoc ''
|
||||
The configured hooks for Webhook to serve.
|
||||
Here is a collection of hook examples:
|
||||
<https://github.com/adnanh/webhook#examples>
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
systemd.services.webhook = {
|
||||
description = lib.mdDoc "Webhook Server";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = let
|
||||
args = [
|
||||
"-ip" cfg.listenHost
|
||||
"-port" cfg.listenPort
|
||||
"-http-methods" (lib.strings.concatStringsSep "," cfg.httpMethods)
|
||||
"-urlprefix" cfg.urlPrefix
|
||||
"-hooks" (hooksFormat.generate "hooks.json" cfg.settings)
|
||||
] ++ lib.optional cfg.verbose "-verbose"
|
||||
++ cfg.extraArgs;
|
||||
in rec {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
DynamicUser = cfg.user == "webhook";
|
||||
ExecStart = "${cfg.package}/bin/webhook " + (lib.strings.escapeShellArgs args);
|
||||
Restart = "on-failure";
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.listenPort ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ pbsds ];
|
||||
}
|
||||
|
@ -1 +0,0 @@
|
||||
* [ ] make ACME a function
|
24
profiles/web/docs/python-docs/default.nix
Normal file
24
profiles/web/docs/python-docs/default.nix
Normal file
@ -0,0 +1,24 @@
|
||||
{ config, pkgs, lib, mkDomain, ... }:
|
||||
let
|
||||
python-versions = (lib.attrNames pkgs.pythonDocs.html);
|
||||
mkLinkFarmEntry = python-version: {
|
||||
name = python-version;
|
||||
path = "${builtins.toString pkgs.pythonDocs.html.${python-version}}/share/doc/${python-version}/html";
|
||||
};
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts.${mkDomain "python-docs"} = {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
root = pkgs.linkFarm "python-docs" ([
|
||||
{ name = "index.html"; path = pkgs.writeText "my-file" ''
|
||||
<!DOCTYPE html>
|
||||
<ul>
|
||||
${lib.concatStringsSep "\n" (
|
||||
builtins.map (name: ''<li><a href="${name}/">${name}/</a>'') python-versions
|
||||
)}
|
||||
</ul>
|
||||
''; }
|
||||
] ++ (builtins.map mkLinkFarmEntry python-versions));
|
||||
};
|
||||
}
|
@ -1,15 +1,13 @@
|
||||
{ config, pkgs, lib, unstable, mkDomain, ... }:
|
||||
{ config, pkgs, lib, inputs, mkDomain, ... }:
|
||||
{
|
||||
# Invidious
|
||||
# An open source alternative front-end to YouTube
|
||||
|
||||
/**/
|
||||
imports = [
|
||||
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
|
||||
#<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||
(unstable + "/nixos/modules/services/web-apps/invidious.nix")
|
||||
({ services.invidious.package = unstable.invidious; })
|
||||
];
|
||||
disabledModules = [ "services/web-apps/invidious.nix" ];
|
||||
#imports = [ <nixos-unstable/nixos/modules/services/web-apps/invidious.nix> ];
|
||||
imports = [ ("${inputs.unstable}/nixos/modules/services/web-apps/invidious.nix") ];
|
||||
services.invidious.package = pkgs.unstable.invidious;
|
||||
/**/
|
||||
|
||||
services.invidious = {
|
@ -1,14 +1,12 @@
|
||||
{ config, pkgs, lib, unstable, mkDomain, ... }:
|
||||
{ config, pkgs, lib, inputs, mkDomain, ... }:
|
||||
{
|
||||
# Jellyfin
|
||||
|
||||
/**/
|
||||
imports = [
|
||||
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
|
||||
#<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||
(unstable + "/nixos/modules/services/misc/jellyfin.nix")
|
||||
({ services.jellyfin.package = unstable.jellyfin; })
|
||||
];
|
||||
disabledModules = [ "services/misc/jellyfin.nix" ];
|
||||
#imports = [<nixos-unstable/nixos/modules/services/misc/jellyfin.nix> ];
|
||||
imports = [ "${inputs.unstable}/nixos/modules/services/misc/jellyfin.nix" ];
|
||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||
/**/
|
||||
|
||||
services.jellyfin = {
|
@ -4,7 +4,7 @@
|
||||
* configure stuff to send its shit here
|
||||
* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
||||
* [ ] kukkee
|
||||
* [ ] rallly - https://rallly.co/
|
||||
* [ ] rallly
|
||||
* [ ] Rocketchat - A self-hosted discord/slack alternative
|
||||
* [ ] upterm / tmate - Secure terminal-session sharing
|
||||
|
||||
|
@ -2,7 +2,7 @@
|
||||
{
|
||||
#imports = [ <home-manager/nixos> ];
|
||||
imports = [ inputs.home-manager.nixosModule ];
|
||||
home-manager.useGlobalPkgs = true; # brrr
|
||||
home-manager.useGlobalPkgs = true; # go brrr
|
||||
#home-manager.useUserPackages = true # needed if VM
|
||||
|
||||
# When adding a new user accounts: Don't forget to set a password with ‘passwd’!
|
||||
|
Loading…
Reference in New Issue
Block a user