further catogorize profile/web, add python-docs
This commit is contained in:
parent
71ac683efa
commit
181edd92e5
37
README.md
37
README.md
|
@ -1,17 +1,34 @@
|
||||||
# Initial setup
|
# Initial setup (old)
|
||||||
|
|
||||||
```
|
nixos-generate-config
|
||||||
nixos-generate-config
|
|
||||||
```
|
|
||||||
|
|
||||||
# TODO:
|
# Reading list
|
||||||
|
|
||||||
* [ ] Multiple user profiles, headless, nixpkgs-dev, desktop, hpc, pvv, etc
|
* https://nixos.wiki/wiki/Flakes
|
||||||
* [ ] Split stuff into multiple files
|
* https://teu5us.github.io/nix-lib.html
|
||||||
* [ ] Some system for multiple hosts with different configs
|
* https://ryantm.github.io/nixpkgs/builders/trivial-builders/
|
||||||
* [ ] Make a flake
|
|
||||||
|
# TODOs:
|
||||||
|
|
||||||
|
* [x] Split stuff into multiple files
|
||||||
|
* [x] Make a flake
|
||||||
|
* [ ] Setup some remote-development flow
|
||||||
|
* [ ] users/pbsds: Support multiple profiles, like headless, nixpkgs-dev, various desktops, hpc, pvv, etc
|
||||||
|
* [ ] nixos-generate-config instructions
|
||||||
|
* [ ] zfs
|
||||||
|
* [ ] secrets
|
||||||
|
* [ ] profiles/web: make ACME/nginx helper a function
|
||||||
|
* [ ] Support multiple tlds
|
||||||
|
* [ ] Support multiple acme accounts
|
||||||
|
* [ ] Support a per-account provider?
|
||||||
|
* [ ] Support DNS auth
|
||||||
|
* [ ] Setup aliases instead of a per-subdomain cert
|
||||||
|
|
||||||
|
|
||||||
# How to evaluate, checking if the drv hash is equal
|
# Cheatsheet
|
||||||
|
|
||||||
|
### How to evaluate nixos flake/configuration.nix, checking if the drv hash is equal
|
||||||
|
|
||||||
|
nix eval .#nixosConfigurations.noximilien.config.system.build.toplevel.outPath
|
||||||
|
# or
|
||||||
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|
nix-instantiate '<nixpkgs/nixos>' -A system -I nixos-config=./configuration.nix
|
||||||
|
|
43
base.nix
43
base.nix
|
@ -1,9 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./cachix.nix
|
./cachix.nix
|
||||||
(if builtins.pathExists ./hardware-configuration.nix
|
(if builtins.pathExists ./hardware-configuration.nix
|
||||||
then ./hardware-configuration.nix # results of hardware scan
|
then ./hardware-configuration.nix # results of ‘nixos-generate-config
|
||||||
else {}
|
else {}
|
||||||
)
|
)
|
||||||
];
|
];
|
||||||
|
@ -11,9 +11,32 @@
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
nixpkgs.config.allowUnfreePredicate = (pkg: true);
|
nixpkgs.config.allowUnfreePredicate = (pkg: true);
|
||||||
|
|
||||||
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
|
# 'nixos-rebuild switch --upgrade', by default daily with no reboot
|
||||||
|
#system.autoUpgrade.allowReboot = true; # reboot after a kernel (module) or initrd upgrade, consider also setting `rebootWindow`
|
||||||
|
# TODO: this check is not pure
|
||||||
|
system.autoUpgrade = if builtins.pathExists "/etc/nixos/flake.nix" then { #TODO: should i check for .git instead?
|
||||||
|
enable = true;
|
||||||
|
flake = "/etc/nixos";
|
||||||
|
flags = [
|
||||||
|
"--recreate-lock-file" # fetch new inputs
|
||||||
|
#"--commit-lock-file" # commit new lock to local git repo
|
||||||
|
# TODO: can i somehow first do a git pull --rebase --autostash with proper abort handling ?
|
||||||
|
"-L" # print build logs
|
||||||
|
];
|
||||||
|
} else {
|
||||||
|
enable = true;
|
||||||
|
flake = inputs.self.outPath; # a nix store path
|
||||||
|
flags = [
|
||||||
|
"--recreate-lock-file" # fetch new inputs
|
||||||
|
"--no-write-lock-file" # no write new flakelock, as the in-store flake is read-only
|
||||||
|
"-L" # print build logs
|
||||||
|
];
|
||||||
|
};
|
||||||
|
#assertions = [
|
||||||
|
# { assertion = builtins.pathExists "/etc/nixos/flake.nix"; message = "You have yet to test systems without a flake in /etc/nixos"; }
|
||||||
|
#];
|
||||||
|
|
||||||
nix.settings.trusted-users = [ "root" ];
|
nix.settings.trusted-users = [ "root" ]; # default, but will stick around after a mergins with ./users
|
||||||
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
nix.settings.auto-optimise-store = true; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||||
#nix.optimize.automatic = true; # periodic optimization
|
#nix.optimize.automatic = true; # periodic optimization
|
||||||
nix.gc.automatic = true;
|
nix.gc.automatic = true;
|
||||||
|
@ -37,7 +60,7 @@
|
||||||
networking.firewall.enable = true; # default
|
networking.firewall.enable = true; # default
|
||||||
|
|
||||||
# Time zone and internationalisation properties.
|
# Time zone and internationalisation properties.
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
i18n.defaultLocale = "en_US.utf8";
|
i18n.defaultLocale = "en_US.utf8";
|
||||||
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_ADDRESS = "nb_NO.utf8";
|
||||||
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
|
i18n.extraLocaleSettings.LC_IDENTIFICATION = "nb_NO.utf8";
|
||||||
|
@ -52,14 +75,4 @@
|
||||||
services.xserver.layout = "no";
|
services.xserver.layout = "no";
|
||||||
services.xserver.xkbVariant = "";
|
services.xserver.xkbVariant = "";
|
||||||
|
|
||||||
# System fonts
|
|
||||||
# Nice to have when X-forwading on headless machines
|
|
||||||
# TODO: move?
|
|
||||||
fonts.fonts = with pkgs; [
|
|
||||||
noto-fonts # includes Cousine
|
|
||||||
noto-fonts-cjk
|
|
||||||
noto-fonts-emoji
|
|
||||||
noto-fonts-extra
|
|
||||||
dejavu_fonts
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
import = [
|
|
||||||
./base.nix
|
|
||||||
./hosts/noximilien.nix
|
|
||||||
];
|
|
||||||
}
|
|
49
flake.lock
49
flake.lock
|
@ -21,6 +21,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixos-hardware": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677232326,
|
||||||
|
"narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixos-hardware",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1677249740,
|
"lastModified": 1677249740,
|
||||||
|
@ -37,10 +52,44 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nur": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677354372,
|
||||||
|
"narHash": "sha256-yJQeIxHkJO7GOvEK24hv9K59eorGTrEgfNWjlrpBfPU=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"rev": "4711c9bb1df2bf0fd103c46aa9465ebde8fd93c7",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "NUR",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pr-polaris14": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1672706949,
|
||||||
|
"narHash": "sha256-7w8ylNEmeWX7++E6vECZ4nY6I0AGA/irT7eWQ7c7aX0=",
|
||||||
|
"owner": "pbsds",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "8d4e5e6a87684b3035a94d0e7e7c19d342448f68",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "pbsds",
|
||||||
|
"ref": "polaris-14",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nur": "nur",
|
||||||
|
"pr-polaris14": "pr-polaris14",
|
||||||
"unstable": "unstable"
|
"unstable": "unstable"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
50
flake.nix
50
flake.nix
|
@ -1,16 +1,22 @@
|
||||||
{
|
{
|
||||||
description = "pbsds' nix system/home profile flake";
|
description = "pbsds' system/home flake";
|
||||||
|
|
||||||
# TODO: NUR
|
|
||||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
|
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
|
||||||
inputs.unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
inputs.unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||||
|
inputs.nur.url = "github:nix-community/NUR";
|
||||||
inputs.home-manager.url = "github:nix-community/home-manager";
|
inputs.home-manager.url = "github:nix-community/home-manager";
|
||||||
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
inputs.nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||||
|
|
||||||
# temp stuff
|
#TODO:
|
||||||
inputs.pbsds-polaris-pr = "github:pbsds/nixpkgs/polaris-14";
|
#sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
#sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
#matrix-next.url = "github:dali99/nixos-matrix-modules"; # see https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/flake.nix
|
||||||
|
|
||||||
outputs = { self, nixpkgs, unstable, home-manager, ... }@inputs:
|
# temp
|
||||||
|
inputs.pr-polaris14.url = "github:pbsds/nixpkgs/polaris-14";
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, unstable, nixos-hardware, nur, home-manager, ... }@inputs:
|
||||||
let
|
let
|
||||||
systems = [
|
systems = [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
|
@ -18,30 +24,42 @@
|
||||||
#"riscv64-linux"
|
#"riscv64-linux"
|
||||||
];
|
];
|
||||||
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
|
forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system);
|
||||||
nixosOverrides = {
|
tmpConfig = {
|
||||||
disabledModules = [ "services/misc/polaris.nix" ];
|
disabledModules = [ "services/misc/polaris.nix" ];
|
||||||
imports = [ inputs.pbsds-polaris-14 + "/nixos/modules/services/misc/polaris.nix" ];
|
imports = [ "${inputs.pr-polaris14}/nixos/modules/services/misc/polaris.nix" ];
|
||||||
nixpkgs.overlays = [(final: prev: {
|
nixpkgs.overlays = [(final: prev: { # TODO: nixpkgs.config.packageOverrides ?
|
||||||
polaris = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris) { };
|
polaris = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris" { };
|
||||||
polaris-web = prev.callPackage (inputs.pbsds-polaris-14 + /pkgs/servers/polaris/web.nix) { };
|
polaris-web = prev.callPackage "${inputs.pr-polaris14}/pkgs/servers/polaris/web.nix" { };
|
||||||
})];
|
})];
|
||||||
};
|
};
|
||||||
mkConfig = system: modules: nixpkgs.lib.nixosSystem {
|
mkConfig = hostname: system: modules: nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
specialArgs = { inherit unstable inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = modules ++ [ ./base.nix nixosOverrides ({
|
modules = modules ++ [ ./base.nix "${self}/hosts/${hostname}" tmpConfig ({
|
||||||
|
networking.hostName = hostname;
|
||||||
|
networking.domain = "pbsds.net";
|
||||||
|
networking.search = [ "pbsds.net" ];
|
||||||
|
nixpkgs.overlays = [ # TODO: consider nixpkgs.config.packageOverrides
|
||||||
|
#(final: prev: self.packages.${system})
|
||||||
|
(final: prev: {
|
||||||
|
unstable = unstable.legacyPackages.${final.system};
|
||||||
|
#unstable = import unstable { inherit system; };
|
||||||
|
nur = import nur { inherit (prev) pkgs; nurpkgs = prev.pkgs; };
|
||||||
|
#nur = import nur { inherit (prev) pkgs; nurpkgs = import nixpkgs { inherit final.system: }; }; # TODO: nurpkgs?
|
||||||
|
})
|
||||||
|
];
|
||||||
# This makes commandline tools like 'nix run nixpkgs#hello'
|
# This makes commandline tools like 'nix run nixpkgs#hello'
|
||||||
# and 'nix-shell -p hello' use the same channel the system was built with
|
# and 'nix-shell -p hello' use the same channel as system was built with
|
||||||
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
nix.registry.nixpkgs.flake = inputs.nixpkgs;
|
||||||
nix.registry.unstable.flake = inputs.unstable;
|
nix.registry.unstable.flake = inputs.unstable;
|
||||||
nix.nixPath = [
|
nix.nixPath = [
|
||||||
"nixpkgs=${inputs.nixpkgs}"
|
"nixpkgs=${inputs.nixpkgs}"
|
||||||
"unstable=${inputs.unstable}"
|
"unstable=${inputs.unstable}" # TODO: needed?
|
||||||
];
|
];
|
||||||
})];
|
})];
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
nixosConfigurations.noximilien = mkConfig "x86_64-linux" [ ./hosts/noximilien.nix ];
|
nixosConfigurations.noximilien = mkConfig "noximilien" "x86_64-linux" (with nixos-hardware.nixosModules; [ common-pc common-pc-ssd common-cpu-intel ]);
|
||||||
homeConfigurations = forAllSystems (system: {
|
homeConfigurations = forAllSystems (system: {
|
||||||
pbsds = home-manager.lib.homeManagerConfiguration {
|
pbsds = home-manager.lib.homeManagerConfiguration {
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
|
|
@ -5,5 +5,4 @@
|
||||||
hardware.opengl.enable = true;
|
hardware.opengl.enable = true;
|
||||||
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
||||||
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,2 @@
|
||||||
|
{}
|
||||||
|
# TODO: visionfive 2
|
|
@ -1,62 +1,66 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../users
|
./hardware-configuration.nix
|
||||||
../users/pbsds
|
|
||||||
../users/jornane
|
|
||||||
#../users/all.nix # TODO: does not work?
|
|
||||||
|
|
||||||
../hardware/opengl-intel.nix
|
../../users # home-manager
|
||||||
|
../../users/pbsds
|
||||||
|
../../users/jornane
|
||||||
|
#../../users/all.nix # TODO: does not work?
|
||||||
|
|
||||||
../profiles/web
|
../../hardware/opengl-intel.nix
|
||||||
../profiles/web/index
|
|
||||||
../profiles/web/cinny
|
|
||||||
../profiles/web/element
|
|
||||||
../profiles/web/flexget
|
|
||||||
../profiles/web/gitea
|
|
||||||
../profiles/web/hydra
|
|
||||||
../profiles/web/invidious
|
|
||||||
../profiles/web/jellyfin
|
|
||||||
../profiles/web/libreddit
|
|
||||||
../profiles/web/mattermost
|
|
||||||
../profiles/web/navidrome
|
|
||||||
../profiles/web/netdata
|
|
||||||
../profiles/web/nitter
|
|
||||||
../profiles/web/ntopng
|
|
||||||
../profiles/web/owncast
|
|
||||||
../profiles/web/paperless
|
|
||||||
../profiles/web/polaris
|
|
||||||
../profiles/web/resilio
|
|
||||||
../profiles/web/roundcube
|
|
||||||
../profiles/web/thelounge
|
|
||||||
../profiles/web/vaultwarden
|
|
||||||
../profiles/web/webdav-zotero
|
|
||||||
#../profiles/web/convos
|
|
||||||
#../profiles/web/cryptpad
|
|
||||||
#../profiles/web/galene
|
|
||||||
#../profiles/web/graphana
|
|
||||||
#../profiles/web/hedgedoc
|
|
||||||
#../profiles/web/home-assistant
|
|
||||||
#../profiles/web/jitsi-meet
|
|
||||||
#../profiles/web/kukkee
|
|
||||||
#../profiles/web/matrix-synapse
|
|
||||||
#../profiles/web/shlink
|
|
||||||
#../profiles/web/sourcegraph
|
|
||||||
|
|
||||||
../profiles/web/pdoc
|
../../profiles/web
|
||||||
../profiles/web/linktree-pbsds
|
../../profiles/web/index
|
||||||
../profiles/web/refleksjon-no
|
../../profiles/web/services/cinny
|
||||||
../profiles/web/roroslyd-no
|
../../profiles/web/services/element
|
||||||
#../profiles/web/trivial-gradios
|
../../profiles/web/services/flexget
|
||||||
#../profiles/web/censordodge
|
../../profiles/web/services/gitea
|
||||||
#../profiles/web/openspeedtest
|
../../profiles/web/services/hydra
|
||||||
|
../../profiles/web/services/invidious
|
||||||
|
../../profiles/web/services/jellyfin
|
||||||
|
../../profiles/web/services/libreddit
|
||||||
|
../../profiles/web/services/mattermost
|
||||||
|
../../profiles/web/services/navidrome
|
||||||
|
../../profiles/web/services/netdata
|
||||||
|
../../profiles/web/services/nitter
|
||||||
|
../../profiles/web/services/ntopng
|
||||||
|
../../profiles/web/services/owncast
|
||||||
|
../../profiles/web/services/paperless
|
||||||
|
../../profiles/web/services/polaris
|
||||||
|
../../profiles/web/services/resilio
|
||||||
|
../../profiles/web/services/roundcube
|
||||||
|
../../profiles/web/services/thelounge
|
||||||
|
../../profiles/web/services/vaultwarden
|
||||||
|
../../profiles/web/services/webdav-zotero
|
||||||
|
#../../profiles/web/services/convos
|
||||||
|
#../../profiles/web/services/cryptpad
|
||||||
|
#../../profiles/web/services/galene
|
||||||
|
#../../profiles/web/services/graphana
|
||||||
|
#../../profiles/web/services/hedgedoc
|
||||||
|
#../../profiles/web/services/home-assistant
|
||||||
|
#../../profiles/web/services/jitsi-meet
|
||||||
|
#../../profiles/web/services/kukkee
|
||||||
|
#../../profiles/web/services/matrix-synapse
|
||||||
|
#../../profiles/web/services/shlink
|
||||||
|
#../../profiles/web/services/sourcegraph
|
||||||
|
#../../profiles/web/services/censordodge
|
||||||
|
#../../profiles/web/services/openspeedtest
|
||||||
|
|
||||||
../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
../../profiles/web/docs/pdoc
|
||||||
../profiles/code-remote
|
../../profiles/web/docs/python-docs
|
||||||
../profiles/remote-builders #
|
../../profiles/web/sites/linktree-pbsds
|
||||||
../profiles/nfs/reidun.nix # NFS mounts
|
../../profiles/web/sites/refleksjon-no
|
||||||
../profiles/autossh-reverse-tunnels
|
../../profiles/web/sites/roroslyd-no
|
||||||
#../profiles/xrdp
|
|
||||||
|
#../../profiles/web/services/trivial-gradios
|
||||||
|
|
||||||
|
../../profiles/domeneshop-dyndns # TODO: olavtr is hardcoded...
|
||||||
|
../../profiles/code-remote
|
||||||
|
../../profiles/remote-builders #
|
||||||
|
../../profiles/nfs/reidun.nix # NFS mounts
|
||||||
|
../../profiles/autossh-reverse-tunnels
|
||||||
|
#../../profiles/xrdp
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: remove? Move to where relevant=
|
# TODO: remove? Move to where relevant=
|
||||||
|
@ -92,8 +96,6 @@
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
#networking.iwd.enable = true
|
#networking.iwd.enable = true
|
||||||
networking.hostName = "noximilien";
|
|
||||||
networking.domain = "pbsds.net";
|
|
||||||
networking.interfaces.eno1.ipv4.addresses = [
|
networking.interfaces.eno1.ipv4.addresses = [
|
||||||
{ address = "192.168.1.9"; prefixLength = 24; }
|
{ address = "192.168.1.9"; prefixLength = 24; }
|
||||||
];
|
];
|
||||||
|
@ -107,7 +109,7 @@
|
||||||
interface = "eno1";
|
interface = "eno1";
|
||||||
};
|
};
|
||||||
#networking.useDHCP = true;
|
#networking.useDHCP = true;
|
||||||
#TODO: avahi?
|
#TODO: avahi? resolved? https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/main/base.nix#L15-L18
|
||||||
|
|
||||||
# Installed system packages
|
# Installed system packages
|
||||||
# TODO: prune this, make home-manager deal with the majority
|
# TODO: prune this, make home-manager deal with the majority
|
||||||
|
@ -223,6 +225,18 @@
|
||||||
# User pederbs
|
# User pederbs
|
||||||
#'';
|
#'';
|
||||||
|
|
||||||
|
# System fonts
|
||||||
|
# Nice to have when X-forwading on headless machines
|
||||||
|
# TODO: move?
|
||||||
|
fonts.fonts = with pkgs; [
|
||||||
|
noto-fonts # includes Cousine
|
||||||
|
noto-fonts-cjk
|
||||||
|
noto-fonts-emoji
|
||||||
|
noto-fonts-extra
|
||||||
|
dejavu_fonts
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
@ -0,0 +1,33 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/fa5f2e24-ab42-4a5f-bf8c-be699b980457";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/disk/by-uuid/5b00f5ca-f7a8-4a69-a93b-8e68d9e369e7"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -2,6 +2,8 @@
|
||||||
{
|
{
|
||||||
# AutoSSH reverse tunnels
|
# AutoSSH reverse tunnels
|
||||||
|
|
||||||
|
# TODO: add noximilien to this list, deselect is using hostname
|
||||||
|
|
||||||
services.autossh.sessions = let
|
services.autossh.sessions = let
|
||||||
mkSshSession = {user, name, host, rport, monitoringPort}: {
|
mkSshSession = {user, name, host, rport, monitoringPort}: {
|
||||||
user = user; # local user
|
user = user; # local user
|
||||||
|
|
|
@ -4,8 +4,8 @@
|
||||||
|
|
||||||
systemd.services.domeneshop-updater = {
|
systemd.services.domeneshop-updater = {
|
||||||
description = "domene.shop domain updater";
|
description = "domene.shop domain updater";
|
||||||
#after = [ "something?.service" ];
|
after = [ "network-online.target" ]; # TODO: multi-user ?
|
||||||
#wants = [ "something?.service" ];
|
wants = [ "network-online.target" ]; # TODO: multi-user ?
|
||||||
serviceConfig = let
|
serviceConfig = let
|
||||||
prog = pkgs.writeShellApplication {
|
prog = pkgs.writeShellApplication {
|
||||||
name = "domeneshop-dyndns-updater.sh";
|
name = "domeneshop-dyndns-updater.sh";
|
||||||
|
|
|
@ -1,140 +0,0 @@
|
||||||
{ lib, pkgs, config, ... }:
|
|
||||||
|
|
||||||
#with builtins;
|
|
||||||
|
|
||||||
let
|
|
||||||
lib_ = lib;
|
|
||||||
in
|
|
||||||
let
|
|
||||||
cfg = config.services.webhook;
|
|
||||||
hooksFormat = pkgs.formats.json {};
|
|
||||||
lib = lib_ // { mdDoc = x: x; }; # HACK
|
|
||||||
|
|
||||||
in {
|
|
||||||
options.services.webhook = with lib; {
|
|
||||||
|
|
||||||
enable = mkEnableOption "webhook service";
|
|
||||||
|
|
||||||
package = mkPackageOption pkgs "webhook" { };
|
|
||||||
|
|
||||||
user = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "webhook";
|
|
||||||
description = lib.mdDoc "User under which Webhook runs.";
|
|
||||||
};
|
|
||||||
|
|
||||||
group = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "webhook";
|
|
||||||
description = lib.mdDoc "Group under which Webhook runs.";
|
|
||||||
};
|
|
||||||
|
|
||||||
listenHost = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "127.0.0.1";
|
|
||||||
description = lib.mdDoc "Which address Webhook should listen to for HTTP.";
|
|
||||||
};
|
|
||||||
|
|
||||||
listenPort = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 8080;
|
|
||||||
description = lib.mdDoc "Which port Webhook should listen to for HTTP.";
|
|
||||||
};
|
|
||||||
|
|
||||||
openFirewall = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Open the configured ports in the firewall for the Webhook server.
|
|
||||||
Preferably the Webhook server is instead put behind a reverse proxy.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
urlPrefix = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "hooks";
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Url prefix to use for served hooks.
|
|
||||||
`http://listen:port/PREFIX/:hook-id`
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
httpMethods = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = ["POST"];
|
|
||||||
defaultText = literalExpression ''["POST"]'';
|
|
||||||
description = lib.mdDoc "Default allowed HTTP methods";
|
|
||||||
};
|
|
||||||
|
|
||||||
verbose = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = true;
|
|
||||||
description = lib.mdDoc "Whether to log events or not.";
|
|
||||||
};
|
|
||||||
|
|
||||||
extraArgs = mkOption {
|
|
||||||
type = types.listOf types.str;
|
|
||||||
default = [];
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Extra command-line arguments.
|
|
||||||
If you want to set CORS headers, you can set [ "-header" "name=value" ]
|
|
||||||
to the appropriate CORS headers to passed along with each response.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = mkOption {
|
|
||||||
type = hooksFormat.type;
|
|
||||||
default = [];
|
|
||||||
example = lib.literalExpression ''
|
|
||||||
[
|
|
||||||
{
|
|
||||||
id = "my-webhook";
|
|
||||||
execute-command = pkgs.writeShellScript "handle-my-webhook.sh" '${""}'
|
|
||||||
echo "foobar"
|
|
||||||
'${""}';
|
|
||||||
}
|
|
||||||
]
|
|
||||||
'';
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
The configured hooks for Webhook to serve.
|
|
||||||
Here is a collection of hook examples:
|
|
||||||
<https://github.com/adnanh/webhook#examples>
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
|
|
||||||
systemd.services.webhook = {
|
|
||||||
description = lib.mdDoc "Webhook Server";
|
|
||||||
after = [ "network.target" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
serviceConfig = let
|
|
||||||
args = [
|
|
||||||
"-ip" cfg.listenHost
|
|
||||||
"-port" cfg.listenPort
|
|
||||||
"-http-methods" (lib.strings.concatStringsSep "," cfg.httpMethods)
|
|
||||||
"-urlprefix" cfg.urlPrefix
|
|
||||||
"-hooks" (hooksFormat.generate "hooks.json" cfg.settings)
|
|
||||||
] ++ lib.optional cfg.verbose "-verbose"
|
|
||||||
++ cfg.extraArgs;
|
|
||||||
in rec {
|
|
||||||
User = cfg.user;
|
|
||||||
Group = cfg.group;
|
|
||||||
DynamicUser = cfg.user == "webhook";
|
|
||||||
ExecStart = "${cfg.package}/bin/webhook " + (lib.strings.escapeShellArgs args);
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
|
||||||
allowedTCPPorts = [ cfg.listenPort ];
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
meta.maintainers = with lib.maintainers; [ pbsds ];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
* [ ] make ACME a function
|
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ config, pkgs, lib, mkDomain, ... }:
|
||||||
|
let
|
||||||
|
python-versions = (lib.attrNames pkgs.pythonDocs.html);
|
||||||
|
mkLinkFarmEntry = python-version: {
|
||||||
|
name = python-version;
|
||||||
|
path = "${builtins.toString pkgs.pythonDocs.html.${python-version}}/share/doc/${python-version}/html";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts.${mkDomain "python-docs"} = {
|
||||||
|
forceSSL = true; # addSSL = true;
|
||||||
|
enableACME = true; #useACMEHost = acmeDomain;
|
||||||
|
root = pkgs.linkFarm "python-docs" ([
|
||||||
|
{ name = "index.html"; path = pkgs.writeText "my-file" ''
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<ul>
|
||||||
|
${lib.concatStringsSep "\n" (
|
||||||
|
builtins.map (name: ''<li><a href="${name}/">${name}/</a>'') python-versions
|
||||||
|
)}
|
||||||
|
</ul>
|
||||||
|
''; }
|
||||||
|
] ++ (builtins.map mkLinkFarmEntry python-versions));
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,15 +1,13 @@
|
||||||
{ config, pkgs, lib, unstable, mkDomain, ... }:
|
{ config, pkgs, lib, inputs, mkDomain, ... }:
|
||||||
{
|
{
|
||||||
# Invidious
|
# Invidious
|
||||||
# An open source alternative front-end to YouTube
|
# An open source alternative front-end to YouTube
|
||||||
|
|
||||||
/**/
|
/**/
|
||||||
imports = [
|
disabledModules = [ "services/web-apps/invidious.nix" ];
|
||||||
({ disabledModules = [ "services/web-apps/invidious.nix" ]; })
|
#imports = [ <nixos-unstable/nixos/modules/services/web-apps/invidious.nix> ];
|
||||||
#<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
imports = [ ("${inputs.unstable}/nixos/modules/services/web-apps/invidious.nix") ];
|
||||||
(unstable + "/nixos/modules/services/web-apps/invidious.nix")
|
services.invidious.package = pkgs.unstable.invidious;
|
||||||
({ services.invidious.package = unstable.invidious; })
|
|
||||||
];
|
|
||||||
/**/
|
/**/
|
||||||
|
|
||||||
services.invidious = {
|
services.invidious = {
|
|
@ -1,14 +1,12 @@
|
||||||
{ config, pkgs, lib, unstable, mkDomain, ... }:
|
{ config, pkgs, lib, inputs, mkDomain, ... }:
|
||||||
{
|
{
|
||||||
# Jellyfin
|
# Jellyfin
|
||||||
|
|
||||||
/**/
|
/**/
|
||||||
imports = [
|
disabledModules = [ "services/misc/jellyfin.nix" ];
|
||||||
({ disabledModules = [ "services/misc/jellyfin.nix" ]; })
|
#imports = [<nixos-unstable/nixos/modules/services/misc/jellyfin.nix> ];
|
||||||
#<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
imports = [ "${inputs.unstable}/nixos/modules/services/misc/jellyfin.nix" ];
|
||||||
(unstable + "/nixos/modules/services/misc/jellyfin.nix")
|
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||||
({ services.jellyfin.package = unstable.jellyfin; })
|
|
||||||
];
|
|
||||||
/**/
|
/**/
|
||||||
|
|
||||||
services.jellyfin = {
|
services.jellyfin = {
|
|
@ -4,7 +4,7 @@
|
||||||
* configure stuff to send its shit here
|
* configure stuff to send its shit here
|
||||||
* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
* [ ] https://noted.lol/2-self-hosted-alternatives-to-doodle-meeting-scheduling/
|
||||||
* [ ] kukkee
|
* [ ] kukkee
|
||||||
* [ ] rallly - https://rallly.co/
|
* [ ] rallly
|
||||||
* [ ] Rocketchat - A self-hosted discord/slack alternative
|
* [ ] Rocketchat - A self-hosted discord/slack alternative
|
||||||
* [ ] upterm / tmate - Secure terminal-session sharing
|
* [ ] upterm / tmate - Secure terminal-session sharing
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
{
|
{
|
||||||
#imports = [ <home-manager/nixos> ];
|
#imports = [ <home-manager/nixos> ];
|
||||||
imports = [ inputs.home-manager.nixosModule ];
|
imports = [ inputs.home-manager.nixosModule ];
|
||||||
home-manager.useGlobalPkgs = true; # brrr
|
home-manager.useGlobalPkgs = true; # go brrr
|
||||||
#home-manager.useUserPackages = true # needed if VM
|
#home-manager.useUserPackages = true # needed if VM
|
||||||
|
|
||||||
# When adding a new user accounts: Don't forget to set a password with ‘passwd’!
|
# When adding a new user accounts: Don't forget to set a password with ‘passwd’!
|
||||||
|
|
Loading…
Reference in New Issue