nrabulinski/settei
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

treewide: alejandra -> nixfmt-rfc-style

Browse source
This commit is contained in:
Nikodem Rabuliński 2024-02-25 19:09:09 +01:00
parent d64c02e3da
commit 6558fdb739
51 changed files with 1108 additions and 928 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/kazuki/attic.nix
View file

@ -1,10 +1,8 @@
{
config,
lib,
...
}: let
{ config, lib, ... }:
let
atticPort = 9476;
in {
in
{
age.secrets.attic-creds = {
file = ../../secrets/attic-creds.age;
owner = config.services.atticd.user;
@ -48,7 +46,7 @@ in {
};
systemd.services.atticd = {
after = ["storage\\x2dbox.mount"];
after = [ "storage\\x2dbox.mount" ];
serviceConfig.DynamicUser = lib.mkForce false;
};
@ -57,8 +55,11 @@ in {
defaults.email = "nikodem@rabulinski.com";
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
@ -94,7 +95,7 @@ in {
};
upstreams."attic".servers = {
"localhost:${toString atticPort}" = {};
"localhost:${toString atticPort}" = { };
};
appendHttpConfig = ''

23
hosts/kazuki/conduit.nix
View file

@ -3,10 +3,12 @@
pkgs,
inputs',
...
}: let
formatJson = pkgs.formats.json {};
}:
let
formatJson = pkgs.formats.json { };
serverDomain = "matrix.nrab.lol";
in {
in
{
services.matrix-conduit = {
enable = true;
package = inputs'.settei.packages.conduit-next;
@ -23,8 +25,13 @@ in {
defaults.email = "nikodem@rabulinski.com";
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;
@ -35,9 +42,7 @@ in {
enableACME = true;
locations."=/.well-known/matrix/server" = {
alias = formatJson.generate "well-known-matrix-server" {
"m.server" = serverDomain;
};
alias = formatJson.generate "well-known-matrix-server" { "m.server" = serverDomain; };
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
@ -95,7 +100,7 @@ in {
};
upstreams."backend_conduit".servers = {
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = {};
"localhost:${toString config.services.matrix-conduit.settings.global.port}" = { };
};
};
}

80
hosts/kazuki/default.nix
View file

@ -1,47 +1,49 @@
{
configurations.nixos.kazuki = {
config,
modulesPath,
lib,
...
}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
configurations.nixos.kazuki =
{
config,
modulesPath,
lib,
...
}:
{
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./disks.nix
./conduit.nix
./mail.nix
./vault.nix
./storage.nix
./attic.nix
./ntfy.nix
];
./conduit.nix
./mail.nix
./vault.nix
./storage.nix
./attic.nix
./ntfy.nix
];
nixpkgs.hostPlatform = "aarch64-linux";
# Not intended for interactive use
settei.user.enable = false;
nixpkgs.hostPlatform = "aarch64-linux";
# Not intended for interactive use
settei.user.enable = false;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = ["2a01:4f8:c012:e5c::/64"];
routes = [{routeConfig.Gateway = "fe80::1";}];
};
networking.useNetworkd = true;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.configurationLimit = 1;
loader.efi.canTouchEfiVariables = true;
};
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp1s0";
networkConfig.DHCP = "ipv4";
address = [ "2a01:4f8:c012:e5c::/64" ];
routes = [ { routeConfig.Gateway = "fe80::1"; } ];
};
networking.useNetworkd = true;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 2;
common.hercules.enable = true;
common.github-runner = {
enable = true;
runners.settei = {
url = "https://github.com/nrabulinski/settei";
instances = 2;
};
};
};
};
}

35
hosts/kazuki/disks.nix
View file

@ -1,6 +1,8 @@
args: let
args:
let
bootDevice = args.bootDevice or "/dev/sda";
in {
in
{
disko.devices.disk.bootDisk = {
type = "disk";
device = bootDevice;
@ -26,19 +28,24 @@ in {
end = "-4G";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = let
mountOptions = ["compress=zstd" "noatime"];
in {
"/root" = {
inherit mountOptions;
mountpoint = "/";
extraArgs = [ "-f" ];
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"/root" = {
inherit mountOptions;
mountpoint = "/";
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
"/nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
};
};
}
{

16
hosts/kazuki/mail.nix
View file

@ -1,12 +1,18 @@
{config, ...}: {
{ config, ... }:
{
# nix shell nixpkgs#apacheHttpd -c htpasswd -nbB "" "super secret password" | cut -d: -f2
age.secrets = {
leet-nrab-lol.file = ../../secrets/leet-nrab-lol-pass.age;
alert-nrab-lol.file = ../../secrets/alert-nrab-lol-pass.age;
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
mailserver = {
enable = true;
@ -21,7 +27,7 @@
loginAccounts = {
"1337@nrab.lol" = {
hashedPasswordFile = config.age.secrets.leet-nrab-lol.path;
aliases = ["n@rab.lol"];
aliases = [ "n@rab.lol" ];
};
"alert@nrab.lol" = {
hashedPasswordFile = config.age.secrets.alert-nrab-lol.path;
@ -34,5 +40,5 @@
};
# TODO: Remove once SNM gets their shit together
services.dovecot2.sieve.extensions = ["fileinto"];
services.dovecot2.sieve.extensions = [ "fileinto" ];
}

12
hosts/kazuki/ntfy.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.nrab-lol-cf = {
file = ../../secrets/nrab-lol-cf.age;
owner = config.services.nginx.user;
@ -15,8 +16,11 @@
};
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
];
services.nginx = {
enable = true;
@ -35,7 +39,7 @@
};
upstreams.ntfy.servers = {
"localhost:9800" = {};
"localhost:9800" = { };
};
};

3
hosts/kazuki/storage.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.storage-box-webdav = {
file = ../../secrets/storage-box-webdav.age;
};

14
hosts/kazuki/vault.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
age.secrets.vault-cert-env = {
file = ../../secrets/vault-cert-env.age;
owner = config.services.nginx.user;
@ -11,8 +12,13 @@
};
};
users.users.nginx.extraGroups = ["acme"];
networking.firewall.allowedTCPPorts = [80 443 8448 2222];
users.users.nginx.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [
80
443
8448
2222
];
services.nginx = {
enable = true;
@ -31,7 +37,7 @@
};
upstreams.vaultwarden.servers = {
"localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = {};
"localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}" = { };
};
};