From 181edd92e5dec85b8320d45c138af4318bc3a90f Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Sun, 26 Feb 2023 02:46:35 +0100 Subject: [PATCH] further catogorize profile/web, add python-docs --- README.md | 37 +++-- base.nix | 43 ++++-- configuration.nix | 6 - flake.lock | 49 ++++++ flake.nix | 50 +++++-- hardware/opengl-intel.nix | 1 - hosts/asgaut.nix | 0 hosts/asgaut/default.nix | 2 + .../default.nix} | 124 +++++++++------- hosts/noximilien/hardware-configuration.nix | 33 +++++ profiles/autossh-reverse-tunnels/default.nix | 2 + profiles/domeneshop-dyndns/default.nix | 4 +- profiles/nas/modules/webhook.nix | 140 ------------------ profiles/todos.md | 1 - profiles/web/{ => docs}/pdoc/default.nix | 0 profiles/web/docs/python-docs/default.nix | 24 +++ .../{ => services}/censordodge/default.nix | 0 profiles/web/{ => services}/cinny/default.nix | 0 .../web/{ => services}/convos/default.nix | 0 .../web/{ => services}/cryptpad/default.nix | 0 .../web/{ => services}/element/default.nix | 0 .../web/{ => services}/flexget/default.nix | 0 .../web/{ => services}/galene/default.nix | 0 profiles/web/{ => services}/gitea/default.nix | 0 .../web/{ => services}/graphana/default.nix | 0 .../web/{ => services}/hedgedoc/default.nix | 0 .../{ => services}/home-assistant/default.nix | 0 profiles/web/{ => services}/hydra/default.nix | 0 .../web/{ => services}/invidious/default.nix | 12 +- .../web/{ => services}/jellyfin/default.nix | 12 +- .../web/{ => services}/jitsi-meet/default.nix | 0 .../web/{ => services}/kukkee/default.nix | 0 .../{ => services}/kukkee/module/default.nix | 0 .../web/{ => services}/kukkee/pkg/default.nix | 0 .../kukkee/pkg/node-composition.nix | 0 .../{ => services}/kukkee/pkg/node-env.nix | 0 .../kukkee/pkg/node-packages.nix | 0 .../kukkee/pkg/update-node-deps.sh | 0 .../kukkee/pkg/update-version.sh | 0 .../web/{ => services}/kukkee/pkg/update.sh | 0 .../web/{ => services}/libreddit/default.nix | 0 .../{ => services}/matrix-synapse/default.nix | 0 .../web/{ => services}/mattermost/default.nix | 0 .../web/{ => services}/navidrome/default.nix | 0 .../web/{ => services}/netdata/default.nix | 0 .../web/{ => services}/nitter/default.nix | 0 .../web/{ => services}/ntopng/default.nix | 0 .../{ => services}/openspeedtest/default.nix | 0 .../web/{ => services}/owncast/default.nix | 0 .../web/{ => services}/paperless/default.nix | 0 .../web/{ => services}/polaris/default.nix | 0 .../web/{ => services}/resilio/default.nix | 0 .../web/{ => services}/roundcube/default.nix | 0 .../web/{ => services}/shlink/default.nix | 0 .../{ => services}/sourcegraph/default.nix | 0 .../web/{ => services}/thelounge/default.nix | 0 .../trivial-gradios/default.nix | 0 .../trivial-gradios/pkg/default.nix | 0 .../{ => services}/vaultwarden/default.nix | 0 .../{ => services}/webdav-zotero/default.nix | 0 .../{ => sites}/linktree-pbsds/default.nix | 0 .../web/{ => sites}/refleksjon-no/default.nix | 0 .../web/{ => sites}/roroslyd-no/default.nix | 0 profiles/web/todos.md | 2 +- users/default.nix | 2 +- 65 files changed, 282 insertions(+), 262 deletions(-) delete mode 100644 configuration.nix delete mode 100644 hosts/asgaut.nix create mode 100644 hosts/asgaut/default.nix rename hosts/{noximilien.nix => noximilien/default.nix} (59%) create mode 100644 hosts/noximilien/hardware-configuration.nix delete mode 100644 profiles/nas/modules/webhook.nix delete mode 100644 profiles/todos.md rename profiles/web/{ => docs}/pdoc/default.nix (100%) create mode 100644 profiles/web/docs/python-docs/default.nix rename profiles/web/{ => services}/censordodge/default.nix (100%) rename profiles/web/{ => services}/cinny/default.nix (100%) rename profiles/web/{ => services}/convos/default.nix (100%) rename profiles/web/{ => services}/cryptpad/default.nix (100%) rename profiles/web/{ => services}/element/default.nix (100%) rename profiles/web/{ => services}/flexget/default.nix (100%) rename profiles/web/{ => services}/galene/default.nix (100%) rename profiles/web/{ => services}/gitea/default.nix (100%) rename profiles/web/{ => services}/graphana/default.nix (100%) rename profiles/web/{ => services}/hedgedoc/default.nix (100%) rename profiles/web/{ => services}/home-assistant/default.nix (100%) rename profiles/web/{ => services}/hydra/default.nix (100%) rename profiles/web/{ => services}/invidious/default.nix (76%) rename profiles/web/{ => services}/jellyfin/default.nix (86%) rename profiles/web/{ => services}/jitsi-meet/default.nix (100%) rename profiles/web/{ => services}/kukkee/default.nix (100%) rename profiles/web/{ => services}/kukkee/module/default.nix (100%) rename profiles/web/{ => services}/kukkee/pkg/default.nix (100%) rename profiles/web/{ => services}/kukkee/pkg/node-composition.nix (100%) rename profiles/web/{ => services}/kukkee/pkg/node-env.nix (100%) rename profiles/web/{ => services}/kukkee/pkg/node-packages.nix (100%) rename profiles/web/{ => services}/kukkee/pkg/update-node-deps.sh (100%) rename profiles/web/{ => services}/kukkee/pkg/update-version.sh (100%) rename profiles/web/{ => services}/kukkee/pkg/update.sh (100%) rename profiles/web/{ => services}/libreddit/default.nix (100%) rename profiles/web/{ => services}/matrix-synapse/default.nix (100%) rename profiles/web/{ => services}/mattermost/default.nix (100%) rename profiles/web/{ => services}/navidrome/default.nix (100%) rename profiles/web/{ => services}/netdata/default.nix (100%) rename profiles/web/{ => services}/nitter/default.nix (100%) rename profiles/web/{ => services}/ntopng/default.nix (100%) rename profiles/web/{ => services}/openspeedtest/default.nix (100%) rename profiles/web/{ => services}/owncast/default.nix (100%) rename profiles/web/{ => services}/paperless/default.nix (100%) rename profiles/web/{ => services}/polaris/default.nix (100%) rename profiles/web/{ => services}/resilio/default.nix (100%) rename profiles/web/{ => services}/roundcube/default.nix (100%) rename profiles/web/{ => services}/shlink/default.nix (100%) rename profiles/web/{ => services}/sourcegraph/default.nix (100%) rename profiles/web/{ => services}/thelounge/default.nix (100%) rename profiles/web/{ => services}/trivial-gradios/default.nix (100%) rename profiles/web/{ => services}/trivial-gradios/pkg/default.nix (100%) rename profiles/web/{ => services}/vaultwarden/default.nix (100%) rename profiles/web/{ => services}/webdav-zotero/default.nix (100%) rename profiles/web/{ => sites}/linktree-pbsds/default.nix (100%) rename profiles/web/{ => sites}/refleksjon-no/default.nix (100%) rename profiles/web/{ => sites}/roroslyd-no/default.nix (100%) diff --git a/README.md b/README.md index 21aafec..6e69256 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,34 @@ -# Initial setup +# Initial setup (old) -``` -nixos-generate-config -``` + nixos-generate-config -# TODO: +# Reading list -* [ ] Multiple user profiles, headless, nixpkgs-dev, desktop, hpc, pvv, etc -* [ ] Split stuff into multiple files -* [ ] Some system for multiple hosts with different configs -* [ ] Make a flake +* https://nixos.wiki/wiki/Flakes +* https://teu5us.github.io/nix-lib.html +* https://ryantm.github.io/nixpkgs/builders/trivial-builders/ + +# TODOs: + +* [x] Split stuff into multiple files +* [x] Make a flake +* [ ] Setup some remote-development flow +* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc +* [ ] nixos-generate-config instructions +* [ ] zfs +* [ ] secrets +* [ ] profiles/web: make ACME/nginx helper a function + * [ ] Support multiple tlds + * [ ] Support multiple acme accounts + * [ ] Support a per-account provider? + * [ ] Support DNS auth + * [ ] Setup aliases instead of a per-subdomain cert -# How to evaluate, checking if the drv hash is equal +# Cheatsheet +### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal + + nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath + # or nix-instantiate '' -A system -I nixos-config=./configuration.nix diff --git a/base.nix b/base.nix index 597d6d1..2bc32eb 100644 --- a/base.nix +++ b/base.nix @@ -1,9 +1,9 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, inputs, ... }: { imports = [ ./cachix.nix (if builtins.pathExists ./hardware-configuration.nix - then ./hardware-configuration.nix # results of hardware scan + then ./hardware-configuration.nix # results of ‘nixos-generate-config else {} ) ]; @@ -11,9 +11,32 @@ nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfreePredicate = (pkg: true); - system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default + # 'nixos-rebuild switch --upgrade', by default daily with no reboot + #system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow` + # TODO: this check is not pure + system.autoUpgrade = if builtins.pathExists "/etc/nixos/flake.nix" then { #TODO: should i check for .git instead? + enable = true; + flake = "/etc/nixos"; + flags = [ + "--recreate-lock-file" # fetch new inputs + #"--commit-lock-file" # commit new lock to local git repo + # TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ? + "-L" # print build logs + ]; + } else { + enable = true; + flake = inputs.self.outPath; # a nix store path + flags = [ + "--recreate-lock-file" # fetch new inputs + "--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only + "-L" # print build logs + ]; + }; + #assertions = [ + # { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; } + #]; - nix.settings.trusted-users = [ "root" ]; + nix.settings.trusted-users = [ "root" ]; # default, but will stick around after a mergins with ./users nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise #nix.optimize.automatic = true; # periodic optimization nix.gc.automatic = true; @@ -37,7 +60,7 @@ networking.firewall.enable = true; # default # Time zone and internationalisation properties. - time.timeZone = "Europe/Oslo"; + time.timeZone = "Europe/Oslo"; i18n.defaultLocale = "en_US.utf8"; i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8"; i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8"; @@ -52,14 +75,4 @@ services.xserver.layout = "no"; services.xserver.xkbVariant = ""; - # System fonts - # Nice to have when X-forwading on headless machines - # TODO: move? - fonts.fonts = with pkgs; [ - noto-fonts # includes Cousine - noto-fonts-cjk - noto-fonts-emoji - noto-fonts-extra - dejavu_fonts - ]; } diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index a83be05..0000000 --- a/configuration.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - import = [ - ./base.nix - ./hosts/noximilien.nix - ]; -} diff --git a/flake.lock b/flake.lock index f4b722c..bcf5cdd 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,21 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1677232326, + "narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1677249740, @@ -37,10 +52,44 @@ "type": "github" } }, + "nur": { + "locked": { + "lastModified": 1677354372, + "narHash": "sha256-yJQeIxHkJO7GOvEK24hv9K59eorGTrEgfNWjlrpBfPU=", + "owner": "nix-community", + "repo": "NUR", + "rev": "4711c9bb1df2bf0fd103c46aa9465ebde8fd93c7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "pr-polaris14": { + "locked": { + "lastModified": 1672706949, + "narHash": "sha256-7w8ylNEmeWX7++E6vECZ4nY6I0AGA/irT7eWQ7c7aX0=", + "owner": "pbsds", + "repo": "nixpkgs", + "rev": "8d4e5e6a87684b3035a94d0e7e7c19d342448f68", + "type": "github" + }, + "original": { + "owner": "pbsds", + "ref": "polaris-14", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nur": "nur", + "pr-polaris14": "pr-polaris14", "unstable": "unstable" } }, diff --git a/flake.nix b/flake.nix index 1352695..167a806 100644 --- a/flake.nix +++ b/flake.nix @@ -1,16 +1,22 @@ { - description = "pbsds' nix system/home profile flake"; + description = "pbsds' system/home flake"; - # TODO: NUR inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; inputs.unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + inputs.nur.url = "github:nix-community/NUR"; inputs.home-manager.url = "github:nix-community/home-manager"; inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixos-hardware.url = "github:NixOS/nixos-hardware"; - # temp stuff - inputs.pbsds-polaris-pr = "github:pbsds/nixpkgs/polaris-14"; + #TODO: + #sops-nix.url = "github:Mic92/sops-nix"; + #sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + #matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix - outputs = { self, nixpkgs, unstable, home-manager, ... }@inputs: + # temp + inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14"; + + outputs = { self, nixpkgs, unstable, nixos-hardware, nur, home-manager, ... }@inputs: let systems = [ "x86_64-linux" @@ -18,30 +24,42 @@ #"riscv64-linux" ]; forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); - nixosOverrides = { + tmpConfig = { disabledModules = [ "services/misc/polaris.nix" ]; - imports = [ inputs.pbsds-polaris-14 + "/nixos/modules/services/misc/polaris.nix" ]; - nixpkgs.overlays = [(final: prev: { - polaris = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris) { }; - polaris-web = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris/web.nix) { }; + imports = [ "${inputs.pr-polaris14}/nixos/modules/services/misc/polaris.nix" ]; + nixpkgs.overlays = [(final: prev: { # TODO: nixpkgs.config.packageOverrides ? + polaris = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris" { }; + polaris-web = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris/web.nix" { }; })]; }; - mkConfig = system: modules: nixpkgs.lib.nixosSystem { + mkConfig = hostname: system: modules: nixpkgs.lib.nixosSystem { inherit system; - specialArgs = { inherit unstable inputs; }; - modules = modules ++ [ ./base.nix nixosOverrides ({ + specialArgs = { inherit inputs; }; + modules = modules ++ [ ./base.nix "${self}/hosts/${hostname}" tmpConfig ({ + networking.hostName = hostname; + networking.domain = "pbsds.net"; + networking.search = [ "pbsds.net" ]; + nixpkgs.overlays = [ # TODO: consider nixpkgs.config.packageOverrides + #(final: prev: self.packages.${system}) + (final: prev: { + unstable = unstable.legacyPackages.${final.system}; + #unstable = import unstable { inherit system; }; + nur = import nur { inherit (prev) pkgs; nurpkgs = prev.pkgs; }; + #nur = import nur { inherit (prev) pkgs; nurpkgs = import nixpkgs { inherit final.system: }; }; # TODO: nurpkgs? + }) + ]; # This makes commandline tools like 'nix run nixpkgs#hello' - # and 'nix-shell -p hello' use the same channel the system was built with + # and 'nix-shell -p hello' use the same channel as system was built with nix.registry.nixpkgs.flake = inputs.nixpkgs; nix.registry.unstable.flake = inputs.unstable; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" - "unstable=${inputs.unstable}" + "unstable=${inputs.unstable}" # TODO: needed? ]; })]; }; in { - nixosConfigurations.noximilien = mkConfig "x86_64-linux" [ ./hosts/noximilien.nix ]; + nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]); homeConfigurations = forAllSystems (system: { pbsds = home-manager.lib.homeManagerConfiguration { pkgs = nixpkgs.legacyPackages.${system}; diff --git a/hardware/opengl-intel.nix b/hardware/opengl-intel.nix index ab9d282..7736384 100644 --- a/hardware/opengl-intel.nix +++ b/hardware/opengl-intel.nix @@ -5,5 +5,4 @@ hardware.opengl.enable = true; #hardware.opengl.extraPackages = [ pkgs.mesa.drivers ]; hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]; - } diff --git a/hosts/asgaut.nix b/hosts/asgaut.nix deleted file mode 100644 index e69de29..0000000 diff --git a/hosts/asgaut/default.nix b/hosts/asgaut/default.nix new file mode 100644 index 0000000..9ef2d30 --- /dev/null +++ b/hosts/asgaut/default.nix @@ -0,0 +1,2 @@ +{} +# TODO: visionfive 2 diff --git a/hosts/noximilien.nix b/hosts/noximilien/default.nix similarity index 59% rename from hosts/noximilien.nix rename to hosts/noximilien/default.nix index 3591472..bdd6319 100644 --- a/hosts/noximilien.nix +++ b/hosts/noximilien/default.nix @@ -1,62 +1,66 @@ { config, pkgs, lib, ... }: { imports = [ - ../users - ../users/pbsds - ../users/jornane - #../users/all.nix # TODO: does not work? + ./hardware-configuration.nix - ../hardware/opengl-intel.nix + ../../users # home-manager + ../../users/pbsds + ../../users/jornane + #../../users/all.nix # TODO: does not work? - ../profiles/web - ../profiles/web/index - ../profiles/web/cinny - ../profiles/web/element - ../profiles/web/flexget - ../profiles/web/gitea - ../profiles/web/hydra - ../profiles/web/invidious - ../profiles/web/jellyfin - ../profiles/web/libreddit - ../profiles/web/mattermost - ../profiles/web/navidrome - ../profiles/web/netdata - ../profiles/web/nitter - ../profiles/web/ntopng - ../profiles/web/owncast - ../profiles/web/paperless - ../profiles/web/polaris - ../profiles/web/resilio - ../profiles/web/roundcube - ../profiles/web/thelounge - ../profiles/web/vaultwarden - ../profiles/web/webdav-zotero - #../profiles/web/convos - #../profiles/web/cryptpad - #../profiles/web/galene - #../profiles/web/graphana - #../profiles/web/hedgedoc - #../profiles/web/home-assistant - #../profiles/web/jitsi-meet - #../profiles/web/kukkee - #../profiles/web/matrix-synapse - #../profiles/web/shlink - #../profiles/web/sourcegraph + ../../hardware/opengl-intel.nix - ../profiles/web/pdoc - ../profiles/web/linktree-pbsds - ../profiles/web/refleksjon-no - ../profiles/web/roroslyd-no - #../profiles/web/trivial-gradios - #../profiles/web/censordodge - #../profiles/web/openspeedtest + ../../profiles/web + ../../profiles/web/index + ../../profiles/web/services/cinny + ../../profiles/web/services/element + ../../profiles/web/services/flexget + ../../profiles/web/services/gitea + ../../profiles/web/services/hydra + ../../profiles/web/services/invidious + ../../profiles/web/services/jellyfin + ../../profiles/web/services/libreddit + ../../profiles/web/services/mattermost + ../../profiles/web/services/navidrome + ../../profiles/web/services/netdata + ../../profiles/web/services/nitter + ../../profiles/web/services/ntopng + ../../profiles/web/services/owncast + ../../profiles/web/services/paperless + ../../profiles/web/services/polaris + ../../profiles/web/services/resilio + ../../profiles/web/services/roundcube + ../../profiles/web/services/thelounge + ../../profiles/web/services/vaultwarden + ../../profiles/web/services/webdav-zotero + #../../profiles/web/services/convos + #../../profiles/web/services/cryptpad + #../../profiles/web/services/galene + #../../profiles/web/services/graphana + #../../profiles/web/services/hedgedoc + #../../profiles/web/services/home-assistant + #../../profiles/web/services/jitsi-meet + #../../profiles/web/services/kukkee + #../../profiles/web/services/matrix-synapse + #../../profiles/web/services/shlink + #../../profiles/web/services/sourcegraph + #../../profiles/web/services/censordodge + #../../profiles/web/services/openspeedtest - ../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded... - ../profiles/code-remote - ../profiles/remote-builders # - ../profiles/nfs/reidun.nix # NFS mounts - ../profiles/autossh-reverse-tunnels - #../profiles/xrdp + ../../profiles/web/docs/pdoc + ../../profiles/web/docs/python-docs + ../../profiles/web/sites/linktree-pbsds + ../../profiles/web/sites/refleksjon-no + ../../profiles/web/sites/roroslyd-no + + #../../profiles/web/services/trivial-gradios + + ../../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded... + ../../profiles/code-remote + ../../profiles/remote-builders # + ../../profiles/nfs/reidun.nix # NFS mounts + ../../profiles/autossh-reverse-tunnels + #../../profiles/xrdp ]; # TODO: remove? Move to where relevant= @@ -92,8 +96,6 @@ networking.networkmanager.enable = true; #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. #networking.iwd.enable = true - networking.hostName = "noximilien"; - networking.domain = "pbsds.net"; networking.interfaces.eno1.ipv4.addresses = [ { address = "192.168.1.9"; prefixLength = 24; } ]; @@ -107,7 +109,7 @@ interface = "eno1"; }; #networking.useDHCP = true; - #TODO: avahi? + #TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18 # Installed system packages # TODO: prune this, make home-manager deal with the majority @@ -223,6 +225,18 @@ # User pederbs #''; + # System fonts + # Nice to have when X-forwading on headless machines + # TODO: move? + fonts.fonts = with pkgs; [ + noto-fonts # includes Cousine + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + dejavu_fonts + ]; + + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/hosts/noximilien/hardware-configuration.nix b/hosts/noximilien/hardware-configuration.nix new file mode 100644 index 0000000..9beaa22 --- /dev/null +++ b/hosts/noximilien/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/fa5f2e24-ab42-4a5f-bf8c-be699b980457"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5b00f5ca-f7a8-4a69-a93b-8e68d9e369e7"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/profiles/autossh-reverse-tunnels/default.nix b/profiles/autossh-reverse-tunnels/default.nix index c557fab..155ed63 100644 --- a/profiles/autossh-reverse-tunnels/default.nix +++ b/profiles/autossh-reverse-tunnels/default.nix @@ -2,6 +2,8 @@ { # AutoSSH reverse tunnels + # TODO: add noximilien to this list, deselect is using hostname + services.autossh.sessions = let mkSshSession = {user, name, host, rport, monitoringPort}: { user = user; # local user diff --git a/profiles/domeneshop-dyndns/default.nix b/profiles/domeneshop-dyndns/default.nix index 08d0be1..d090da6 100644 --- a/profiles/domeneshop-dyndns/default.nix +++ b/profiles/domeneshop-dyndns/default.nix @@ -4,8 +4,8 @@ systemd.services.domeneshop-updater = { description = "domene.shop domain updater"; - #after = [ "something?.service" ]; - #wants = [ "something?.service" ]; + after = [ "network-online.target" ]; # TODO: multi-user ? + wants = [ "network-online.target" ]; # TODO: multi-user ? serviceConfig = let prog = pkgs.writeShellApplication { name = "domeneshop-dyndns-updater.sh"; diff --git a/profiles/nas/modules/webhook.nix b/profiles/nas/modules/webhook.nix deleted file mode 100644 index 70052e2..0000000 --- a/profiles/nas/modules/webhook.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ lib, pkgs, config, ... }: - -#with builtins; - -let - lib_ = lib; -in -let - cfg = config.services.webhook; - hooksFormat = pkgs.formats.json {}; - lib = lib_ // { mdDoc = x: x; }; # HACK - -in { - options.services.webhook = with lib; { - - enable = mkEnableOption "webhook service"; - - package = mkPackageOption pkgs "webhook" { }; - - user = mkOption { - type = types.str; - default = "webhook"; - description = lib.mdDoc "User under which Webhook runs."; - }; - - group = mkOption { - type = types.str; - default = "webhook"; - description = lib.mdDoc "Group under which Webhook runs."; - }; - - listenHost = mkOption { - type = types.str; - default = "127.0.0.1"; - description = lib.mdDoc "Which address Webhook should listen to for HTTP."; - }; - - listenPort = mkOption { - type = types.port; - default = 8080; - description = lib.mdDoc "Which port Webhook should listen to for HTTP."; - }; - - openFirewall = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc '' - Open the configured ports in the firewall for the Webhook server. - Preferably the Webhook server is instead put behind a reverse proxy. - ''; - }; - - urlPrefix = mkOption { - type = types.str; - default = "hooks"; - description = lib.mdDoc '' - Url prefix to use for served hooks. - `http://listen:port/PREFIX/:hook-id` - ''; - }; - - httpMethods = mkOption { - type = types.listOf types.str; - default = ["POST"]; - defaultText = literalExpression ''["POST"]''; - description = lib.mdDoc "Default allowed HTTP methods"; - }; - - verbose = mkOption { - type = types.bool; - default = true; - description = lib.mdDoc "Whether to log events or not."; - }; - - extraArgs = mkOption { - type = types.listOf types.str; - default = []; - description = lib.mdDoc '' - Extra command-line arguments. - If you want to set CORS headers, you can set [ "-header" "name=value" ] - to the appropriate CORS headers to passed along with each response. - ''; - }; - - settings = mkOption { - type = hooksFormat.type; - default = []; - example = lib.literalExpression '' - [ - { - id = "my-webhook"; - execute-command = pkgs.writeShellScript "handle-my-webhook.sh" '${""}' - echo "foobar" - '${""}'; - } - ] - ''; - description = lib.mdDoc '' - The configured hooks for Webhook to serve. - Here is a collection of hook examples: - - ''; - }; - - }; - - config = lib.mkIf cfg.enable { - - systemd.services.webhook = { - description = lib.mdDoc "Webhook Server"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = let - args = [ - "-ip" cfg.listenHost - "-port" cfg.listenPort - "-http-methods" (lib.strings.concatStringsSep "," cfg.httpMethods) - "-urlprefix" cfg.urlPrefix - "-hooks" (hooksFormat.generate "hooks.json" cfg.settings) - ] ++ lib.optional cfg.verbose "-verbose" - ++ cfg.extraArgs; - in rec { - User = cfg.user; - Group = cfg.group; - DynamicUser = cfg.user == "webhook"; - ExecStart = "${cfg.package}/bin/webhook " + (lib.strings.escapeShellArgs args); - Restart = "on-failure"; - }; - }; - - networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [ cfg.listenPort ]; - }; - - }; - - meta.maintainers = with lib.maintainers; [ pbsds ]; -} - diff --git a/profiles/todos.md b/profiles/todos.md deleted file mode 100644 index 52523c2..0000000 --- a/profiles/todos.md +++ /dev/null @@ -1 +0,0 @@ -* [ ] make ACME a function diff --git a/profiles/web/pdoc/default.nix b/profiles/web/docs/pdoc/default.nix similarity index 100% rename from profiles/web/pdoc/default.nix rename to profiles/web/docs/pdoc/default.nix diff --git a/profiles/web/docs/python-docs/default.nix b/profiles/web/docs/python-docs/default.nix new file mode 100644 index 0000000..56c5853 --- /dev/null +++ b/profiles/web/docs/python-docs/default.nix @@ -0,0 +1,24 @@ +{ config, pkgs, lib, mkDomain, ... }: +let + python-versions = (lib.attrNames pkgs.pythonDocs.html); + mkLinkFarmEntry = python-version: { + name = python-version; + path = "${builtins.toString pkgs.pythonDocs.html.${python-version}}/share/doc/${python-version}/html"; + }; +in +{ + services.nginx.virtualHosts.${mkDomain "python-docs"} = { + forceSSL = true; # addSSL = true; + enableACME = true; #useACMEHost = acmeDomain; + root = pkgs.linkFarm "python-docs" ([ + { name = "index.html"; path = pkgs.writeText "my-file" '' + +
    + ${lib.concatStringsSep "\n" ( + builtins.map (name: ''
  • ${name}/'') python-versions + )} +
+ ''; } + ] ++ (builtins.map mkLinkFarmEntry python-versions)); + }; +} diff --git a/profiles/web/censordodge/default.nix b/profiles/web/services/censordodge/default.nix similarity index 100% rename from profiles/web/censordodge/default.nix rename to profiles/web/services/censordodge/default.nix diff --git a/profiles/web/cinny/default.nix b/profiles/web/services/cinny/default.nix similarity index 100% rename from profiles/web/cinny/default.nix rename to profiles/web/services/cinny/default.nix diff --git a/profiles/web/convos/default.nix b/profiles/web/services/convos/default.nix similarity index 100% rename from profiles/web/convos/default.nix rename to profiles/web/services/convos/default.nix diff --git a/profiles/web/cryptpad/default.nix b/profiles/web/services/cryptpad/default.nix similarity index 100% rename from profiles/web/cryptpad/default.nix rename to profiles/web/services/cryptpad/default.nix diff --git a/profiles/web/element/default.nix b/profiles/web/services/element/default.nix similarity index 100% rename from profiles/web/element/default.nix rename to profiles/web/services/element/default.nix diff --git a/profiles/web/flexget/default.nix b/profiles/web/services/flexget/default.nix similarity index 100% rename from profiles/web/flexget/default.nix rename to profiles/web/services/flexget/default.nix diff --git a/profiles/web/galene/default.nix b/profiles/web/services/galene/default.nix similarity index 100% rename from profiles/web/galene/default.nix rename to profiles/web/services/galene/default.nix diff --git a/profiles/web/gitea/default.nix b/profiles/web/services/gitea/default.nix similarity index 100% rename from profiles/web/gitea/default.nix rename to profiles/web/services/gitea/default.nix diff --git a/profiles/web/graphana/default.nix b/profiles/web/services/graphana/default.nix similarity index 100% rename from profiles/web/graphana/default.nix rename to profiles/web/services/graphana/default.nix diff --git a/profiles/web/hedgedoc/default.nix b/profiles/web/services/hedgedoc/default.nix similarity index 100% rename from profiles/web/hedgedoc/default.nix rename to profiles/web/services/hedgedoc/default.nix diff --git a/profiles/web/home-assistant/default.nix b/profiles/web/services/home-assistant/default.nix similarity index 100% rename from profiles/web/home-assistant/default.nix rename to profiles/web/services/home-assistant/default.nix diff --git a/profiles/web/hydra/default.nix b/profiles/web/services/hydra/default.nix similarity index 100% rename from profiles/web/hydra/default.nix rename to profiles/web/services/hydra/default.nix diff --git a/profiles/web/invidious/default.nix b/profiles/web/services/invidious/default.nix similarity index 76% rename from profiles/web/invidious/default.nix rename to profiles/web/services/invidious/default.nix index d2fe43e..c06f353 100644 --- a/profiles/web/invidious/default.nix +++ b/profiles/web/services/invidious/default.nix @@ -1,15 +1,13 @@ -{ config, pkgs, lib, unstable, mkDomain, ... }: +{ config, pkgs, lib, inputs, mkDomain, ... }: { # Invidious # An open source alternative front-end to YouTube /**/ - imports = [ - ({ disabledModules = [ "services/web-apps/invidious.nix" ]; }) - # - (unstable + "/nixos/modules/services/web-apps/invidious.nix") - ({ services.invidious.package = unstable.invidious; }) - ]; + disabledModules = [ "services/web-apps/invidious.nix" ]; + #imports = [ ]; + imports = [ ("${inputs.unstable}/nixos/modules/services/web-apps/invidious.nix") ]; + services.invidious.package = pkgs.unstable.invidious; /**/ services.invidious = { diff --git a/profiles/web/jellyfin/default.nix b/profiles/web/services/jellyfin/default.nix similarity index 86% rename from profiles/web/jellyfin/default.nix rename to profiles/web/services/jellyfin/default.nix index ef676c8..ec51524 100644 --- a/profiles/web/jellyfin/default.nix +++ b/profiles/web/services/jellyfin/default.nix @@ -1,14 +1,12 @@ -{ config, pkgs, lib, unstable, mkDomain, ... }: +{ config, pkgs, lib, inputs, mkDomain, ... }: { # Jellyfin /**/ - imports = [ - ({ disabledModules = [ "services/misc/jellyfin.nix" ]; }) - # - (unstable + "/nixos/modules/services/misc/jellyfin.nix") - ({ services.jellyfin.package = unstable.jellyfin; }) - ]; + disabledModules = [ "services/misc/jellyfin.nix" ]; + #imports = [ ]; + imports = [ "${inputs.unstable}/nixos/modules/services/misc/jellyfin.nix" ]; + services.jellyfin.package = pkgs.unstable.jellyfin; /**/ services.jellyfin = { diff --git a/profiles/web/jitsi-meet/default.nix b/profiles/web/services/jitsi-meet/default.nix similarity index 100% rename from profiles/web/jitsi-meet/default.nix rename to profiles/web/services/jitsi-meet/default.nix diff --git a/profiles/web/kukkee/default.nix b/profiles/web/services/kukkee/default.nix similarity index 100% rename from profiles/web/kukkee/default.nix rename to profiles/web/services/kukkee/default.nix diff --git a/profiles/web/kukkee/module/default.nix b/profiles/web/services/kukkee/module/default.nix similarity index 100% rename from profiles/web/kukkee/module/default.nix rename to profiles/web/services/kukkee/module/default.nix diff --git a/profiles/web/kukkee/pkg/default.nix b/profiles/web/services/kukkee/pkg/default.nix similarity index 100% rename from profiles/web/kukkee/pkg/default.nix rename to profiles/web/services/kukkee/pkg/default.nix diff --git a/profiles/web/kukkee/pkg/node-composition.nix b/profiles/web/services/kukkee/pkg/node-composition.nix similarity index 100% rename from profiles/web/kukkee/pkg/node-composition.nix rename to profiles/web/services/kukkee/pkg/node-composition.nix diff --git a/profiles/web/kukkee/pkg/node-env.nix b/profiles/web/services/kukkee/pkg/node-env.nix similarity index 100% rename from profiles/web/kukkee/pkg/node-env.nix rename to profiles/web/services/kukkee/pkg/node-env.nix diff --git a/profiles/web/kukkee/pkg/node-packages.nix b/profiles/web/services/kukkee/pkg/node-packages.nix similarity index 100% rename from profiles/web/kukkee/pkg/node-packages.nix rename to profiles/web/services/kukkee/pkg/node-packages.nix diff --git a/profiles/web/kukkee/pkg/update-node-deps.sh b/profiles/web/services/kukkee/pkg/update-node-deps.sh similarity index 100% rename from profiles/web/kukkee/pkg/update-node-deps.sh rename to profiles/web/services/kukkee/pkg/update-node-deps.sh diff --git a/profiles/web/kukkee/pkg/update-version.sh b/profiles/web/services/kukkee/pkg/update-version.sh similarity index 100% rename from profiles/web/kukkee/pkg/update-version.sh rename to profiles/web/services/kukkee/pkg/update-version.sh diff --git a/profiles/web/kukkee/pkg/update.sh b/profiles/web/services/kukkee/pkg/update.sh similarity index 100% rename from profiles/web/kukkee/pkg/update.sh rename to profiles/web/services/kukkee/pkg/update.sh diff --git a/profiles/web/libreddit/default.nix b/profiles/web/services/libreddit/default.nix similarity index 100% rename from profiles/web/libreddit/default.nix rename to profiles/web/services/libreddit/default.nix diff --git a/profiles/web/matrix-synapse/default.nix b/profiles/web/services/matrix-synapse/default.nix similarity index 100% rename from profiles/web/matrix-synapse/default.nix rename to profiles/web/services/matrix-synapse/default.nix diff --git a/profiles/web/mattermost/default.nix b/profiles/web/services/mattermost/default.nix similarity index 100% rename from profiles/web/mattermost/default.nix rename to profiles/web/services/mattermost/default.nix diff --git a/profiles/web/navidrome/default.nix b/profiles/web/services/navidrome/default.nix similarity index 100% rename from profiles/web/navidrome/default.nix rename to profiles/web/services/navidrome/default.nix diff --git a/profiles/web/netdata/default.nix b/profiles/web/services/netdata/default.nix similarity index 100% rename from profiles/web/netdata/default.nix rename to profiles/web/services/netdata/default.nix diff --git a/profiles/web/nitter/default.nix b/profiles/web/services/nitter/default.nix similarity index 100% rename from profiles/web/nitter/default.nix rename to profiles/web/services/nitter/default.nix diff --git a/profiles/web/ntopng/default.nix b/profiles/web/services/ntopng/default.nix similarity index 100% rename from profiles/web/ntopng/default.nix rename to profiles/web/services/ntopng/default.nix diff --git a/profiles/web/openspeedtest/default.nix b/profiles/web/services/openspeedtest/default.nix similarity index 100% rename from profiles/web/openspeedtest/default.nix rename to profiles/web/services/openspeedtest/default.nix diff --git a/profiles/web/owncast/default.nix b/profiles/web/services/owncast/default.nix similarity index 100% rename from profiles/web/owncast/default.nix rename to profiles/web/services/owncast/default.nix diff --git a/profiles/web/paperless/default.nix b/profiles/web/services/paperless/default.nix similarity index 100% rename from profiles/web/paperless/default.nix rename to profiles/web/services/paperless/default.nix diff --git a/profiles/web/polaris/default.nix b/profiles/web/services/polaris/default.nix similarity index 100% rename from profiles/web/polaris/default.nix rename to profiles/web/services/polaris/default.nix diff --git a/profiles/web/resilio/default.nix b/profiles/web/services/resilio/default.nix similarity index 100% rename from profiles/web/resilio/default.nix rename to profiles/web/services/resilio/default.nix diff --git a/profiles/web/roundcube/default.nix b/profiles/web/services/roundcube/default.nix similarity index 100% rename from profiles/web/roundcube/default.nix rename to profiles/web/services/roundcube/default.nix diff --git a/profiles/web/shlink/default.nix b/profiles/web/services/shlink/default.nix similarity index 100% rename from profiles/web/shlink/default.nix rename to profiles/web/services/shlink/default.nix diff --git a/profiles/web/sourcegraph/default.nix b/profiles/web/services/sourcegraph/default.nix similarity index 100% rename from profiles/web/sourcegraph/default.nix rename to profiles/web/services/sourcegraph/default.nix diff --git a/profiles/web/thelounge/default.nix b/profiles/web/services/thelounge/default.nix similarity index 100% rename from profiles/web/thelounge/default.nix rename to profiles/web/services/thelounge/default.nix diff --git a/profiles/web/trivial-gradios/default.nix b/profiles/web/services/trivial-gradios/default.nix similarity index 100% rename from profiles/web/trivial-gradios/default.nix rename to profiles/web/services/trivial-gradios/default.nix diff --git a/profiles/web/trivial-gradios/pkg/default.nix b/profiles/web/services/trivial-gradios/pkg/default.nix similarity index 100% rename from profiles/web/trivial-gradios/pkg/default.nix rename to profiles/web/services/trivial-gradios/pkg/default.nix diff --git a/profiles/web/vaultwarden/default.nix b/profiles/web/services/vaultwarden/default.nix similarity index 100% rename from profiles/web/vaultwarden/default.nix rename to profiles/web/services/vaultwarden/default.nix diff --git a/profiles/web/webdav-zotero/default.nix b/profiles/web/services/webdav-zotero/default.nix similarity index 100% rename from profiles/web/webdav-zotero/default.nix rename to profiles/web/services/webdav-zotero/default.nix diff --git a/profiles/web/linktree-pbsds/default.nix b/profiles/web/sites/linktree-pbsds/default.nix similarity index 100% rename from profiles/web/linktree-pbsds/default.nix rename to profiles/web/sites/linktree-pbsds/default.nix diff --git a/profiles/web/refleksjon-no/default.nix b/profiles/web/sites/refleksjon-no/default.nix similarity index 100% rename from profiles/web/refleksjon-no/default.nix rename to profiles/web/sites/refleksjon-no/default.nix diff --git a/profiles/web/roroslyd-no/default.nix b/profiles/web/sites/roroslyd-no/default.nix similarity index 100% rename from profiles/web/roroslyd-no/default.nix rename to profiles/web/sites/roroslyd-no/default.nix diff --git a/profiles/web/todos.md b/profiles/web/todos.md index a840b88..311b774 100644 --- a/profiles/web/todos.md +++ b/profiles/web/todos.md @@ -4,7 +4,7 @@ * configure stuff to send its shit here * [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/ * [ ] kukkee - * [ ] rallly - https://rallly.co/ + * [ ] rallly * [ ] Rocketchat - A self-hosted discord/slack alternative * [ ] upterm / tmate - Secure terminal-session sharing diff --git a/users/default.nix b/users/default.nix index 07775bd..1143242 100644 --- a/users/default.nix +++ b/users/default.nix @@ -2,7 +2,7 @@ { #imports = [ ]; imports = [ inputs.home-manager.nixosModule ]; - home-manager.useGlobalPkgs = true; # brrr + home-manager.useGlobalPkgs = true; # go brrr #home-manager.useUserPackages = true # needed if VM # When adding a new user accounts: Don't forget to set a password with ‘passwd’!