helvetica/puter
1
0
Fork 0
Code Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2024-08-18 14:54:44 +02:00
parent 7b2a024010
commit 6375d98a74
53 changed files with 112 additions and 852 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/abacus/backup.nix
View file

@ -8,7 +8,11 @@
services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true;
paths = [config.services.syncthing.dataDir];
paths = [
config.services.vaultwarden.backupDir
# TODO
# config.services.syncthing.dataDir
];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = {

77
hosts/abacus/conduit.nix
View file

@ -1,77 +0,0 @@
{
config,
pkgs,
...
}: let
inherit (config.networking) domain;
subdomain = "matrix";
jsonFormat = pkgs.formats.json {};
wellKnownServer = jsonFormat.generate "well-known-matrix-server" {
"m.server" = "${subdomain}.${domain}:443";
};
wellKnownClient = jsonFormat.generate "well-known-matrix-client" {
"m.homeserver".base_url = "https://${subdomain}.${domain}";
};
in {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = domain;
address = "127.0.0.1";
port = 8010;
database_backend = "rocksdb";
allow_registration = false;
};
};
systemd.services.conduit.serviceConfig.LimitNOFILE = 8192;
services.nginx.virtualHosts = {
${domain}.locations = {
"=/.well-known/matrix/server" = {
alias = wellKnownServer;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
"=/.well-known/matrix/client" = {
alias = wellKnownClient;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
"${subdomain}.${domain}" = {
enableACME = true;
forceSSL = true;
quic = true;
locations = {
"/".return = "404";
"/_matrix/" = {
proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
extraConfig = ''
merge_slashes off;
'';
};
};
}

2
hosts/abacus/default.nix
View file

@ -12,7 +12,7 @@
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
system.stateVersion = "24.05";
system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "performance";

2
hosts/abacus/microbin.nix
View file

@ -11,8 +11,6 @@ in {
MICROBIN_BIND = "localhost";
MICROBIN_PORT = 8020;
MICROBIN_ADMIN_USERNAME = "lukas";
MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/";
MICROBIN_QR = true;

14
hosts/abacus/miniflux.nix
View file

@ -1,15 +1,21 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
virtualHostName = "flux.${domain}";
in {
age.secrets.miniflux = {
file = ../../secrets/miniflux.age;
owner = config.systemd.services.miniflux.serviceConfig.User;
};
services.miniflux = {
enable = true;
createDatabaseLocally = true;
adminCredentialsFile = "";
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
LISTEN_ADDR = "localhost:8040";
LISTEN_ADDR = "localhost:8030";
BASE_URL = "https://${virtualHostName}";
WEBAUTHN = true;
CREATE_ADMIN = 1;
WEBAUTHN = 1;
};
};

7
hosts/abacus/vaultwarden.nix
View file

@ -1,6 +1,7 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "vault.${domain}";
backupDir = "/srv/backup/vaultwarden";
in {
age.secrets.vaultwarden = {
file = ../../secrets/vaultwarden.age;
@ -11,6 +12,10 @@ in {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
inherit backupDir;
config = {
DOMAIN = "https://${virtualHostName}";
@ -24,6 +29,8 @@ in {
environmentFile = config.age.secrets.vaultwarden.path;
};
systemd.timers.backup-vaultwarden.timerConfig.OnCalendar = "*-*-* 02:00:00";
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;

25
hosts/flamingo/default.nix
View file

@ -1,25 +0,0 @@
{
inputs,
modulesPath,
...
}: {
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
inputs.hardware.nixosModules.lenovo-thinkpad-t480
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
kernelModules = ["kvm-intel"];
};
system.stateVersion = "24.05";
powerManagement.cpuFreqGovernor = "powersave";
console.keyMap = "de";
services.xserver.layout = "de";
}

30
hosts/glacier/default.nix
View file

@ -1,30 +0,0 @@
{
inputs,
modulesPath,
...
}: {
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
inputs.hardware.nixosModules.common-pc-ssd
./printing.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd = {
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = ["amdgpu"];
};
kernelModules = ["kvm-amd"];
binfmt.emulatedSystems = ["aarch64-linux"];
};
system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "performance";
}

6
hosts/glacier/printing.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
services.printing.drivers = with pkgs; [
epson-escpr
epson-escpr2
];
}

61
hosts/vessel/backup.nix
View file

@ -6,39 +6,39 @@
...
}: let
backupPath = "/srv/backup";
backups = {
storage = "/srv/storage";
safe = "/srv/safe";
sync = config.services.syncthing.dataDir;
};
backups = {
storage = "/srv/storage";
safe = "/srv/safe";
sync = config.services.syncthing.dataDir;
};
in {
systemd = lib.mkMerge (map (
backupName: let
systemdName = "${backupName}-backup";
in {
timers.${systemdName} = {
description = "Local rsync Backup ${backupName}";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
Unit = "${systemdName}.service";
};
backupName: let
systemdName = "${backupName}-backup";
in {
timers.${systemdName} = {
description = "Local rsync Backup ${backupName}";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
Unit = "${systemdName}.service";
};
};
services.${systemdName} = {
description = "Local rsync Backup ${backupName}";
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
};
script = ''
${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/
'';
services.${systemdName} = {
description = "Local rsync Backup ${backupName}";
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
};
}
) (lib.attrNames backups));
script = ''
${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/
'';
};
}
) (lib.attrNames backups));
fileSystems.${backupPath} = {
label = "backup";
@ -51,7 +51,10 @@ in {
services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true;
paths = [backups.safe backups.sync];
paths = [
backups.safe
backups.sync
];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = {

2
hosts/vessel/default.nix
View file

@ -23,7 +23,7 @@
kernelModules = ["kvm-intel"];
};
system.stateVersion = "24.05";
system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "powersave";
}

8
hosts/vessel/storage.nix
View file

@ -1,14 +1,14 @@
{
systemd.tmpfiles.settings = {
"10-safe"."/srv/safe".d = {
user = "root";
group = "root";
user = "lukas";
group = "users";
mode = "0755";
};
"10-storage"."/srv/storage".d = {
user = "root";
group = "root";
user = "lukas";
group = "users";
mode = "0755";
};
};