gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Further nixfmting.

Browse source
This commit is contained in:
kat witch 2020-12-08 15:10:03 +00:00 committed by kat
parent 0b4801cfcc
commit 6934230103
12 changed files with 307 additions and 301 deletions
Download patch file Download diff file Expand all files Collapse all files

23
configuration/hosts/beltane/services/bitwarden.nix
View file

@ -1,14 +1,15 @@
{ config, pkgs, ... }:
let secrets = ( import ../secrets.nix ); in {
bitwarden_rs = {
enable = true;
config = {
rocketPort = 4000;
websocketEnabled = true;
signupsAllowed = false;
adminToken = secrets.bitwarden.token;
domain = "https://pw.dork.dev";
};
let secrets = (import ../secrets.nix);
in {
bitwarden_rs = {
enable = true;
config = {
rocketPort = 4000;
websocketEnabled = true;
signupsAllowed = false;
adminToken = secrets.bitwarden.token;
domain = "https://pw.dork.dev";
};
}
};
}

14
configuration/hosts/beltane/services/gitea.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, ... }:
{
gitea = {
enable = true;
disableRegistration = true; # TODO change for initial setup
domain = "git.dork.dev";
rootUrl = "https://git.dork.dev";
};
}
gitea = {
enable = true;
disableRegistration = true; # TODO change for initial setup
domain = "git.dork.dev";
rootUrl = "https://git.dork.dev";
};
}

41
configuration/hosts/beltane/services/matrix.nix
View file

@ -1,24 +1,21 @@
{ config, pkgs, ... }:
let secrets = ( import ../secrets.nix ); in {
matrix-synapse = {
enable = true;
registration_shared_secret = secrets.matrix.secret;
server_name = "dork.dev";
listeners = [
{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
};
}
let secrets = (import ../secrets.nix);
in {
matrix-synapse = {
enable = true;
registration_shared_secret = secrets.matrix.secret;
server_name = "dork.dev";
listeners = [{
port = 8008;
bind_address = "::1";
type = "http";
tls = false;
x_forwarded = true;
resources = [{
names = [ "client" "federation" ];
compress = false;
}];
}];
};
}

37
configuration/hosts/beltane/services/nextcloud.nix
View file

@ -1,23 +1,24 @@
{ config, pkgs, ... }:
{
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.nextcloud = {
enable = true;
hostName = "fs.dork.dev";
https = true;
nginx.enable = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminpassFile = "/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management
adminuser = "root";
};
services.nextcloud = {
enable = true;
hostName = "fs.dork.dev";
https = true;
nginx.enable = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminpassFile =
"/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management
adminuser = "root";
};
}
};
}

161
configuration/hosts/beltane/services/nginx.nix
View file

@ -1,87 +1,86 @@
{ config, pkgs, ... }:
let common = {
let
common = {
enableACME = true;
forceSSL = true;
}; secrets = import ../secrets.nix; in {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
};
secrets = import ../secrets.nix;
in {
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
virtualHosts = {
"beltane.dork.dev" = {
root = "/var/www/beltane";
} // common;
"dork.dev" = {
root = "/var/www/dork";
/*locations = {
"/_matrix" = {
proxyPass = "http://[::1]:8008";
};
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "dork.dev:443"; }; in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let client = {
"m.homeserver" = { "base_url" = "https://dork.dev"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
}; in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};*/
} // common;
/*"pw.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:4000";
"/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
};
} // common;
"git.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:3000";
};
} // common;*/
"znc.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:5000";
};
} // common;
"irc.dork.dev" = {
locations = {
"/" = {
root = pkgs.glowing-bear;
};
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
};
} // common;
} // secrets.beltane-protected;
};
virtualHosts = {
"beltane.dork.dev" = { root = "/var/www/beltane"; } // common;
"dork.dev" = {
root = "/var/www/dork";
/* locations = {
"/_matrix" = {
proxyPass = "http://[::1]:8008";
};
"= /.well-known/matrix/server".extraConfig =
let server = { "m.server" = "dork.dev:443"; }; in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
"= /.well-known/matrix/client".extraConfig =
let client = {
"m.homeserver" = { "base_url" = "https://dork.dev"; };
"m.identity_server" = { "base_url" = "https://vector.im"; };
}; in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
*/
} // common;
/* "pw.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:4000";
"/notifications/hub".proxyPass = "http://127.0.0.1:3012";
"/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80";
};
} // common;
"git.dork.dev" = {
locations = {
"/".proxyPass = "http://127.0.0.1:3000";
};
} // common;
*/
"znc.dork.dev" = {
locations = { "/".proxyPass = "http://127.0.0.1:5000"; };
} // common;
"irc.dork.dev" = {
locations = {
"/" = { root = pkgs.glowing-bear; };
"^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
};
} // common;
} // secrets.beltane-protected;
};
security.acme = {
email = secrets.acme.email;
acceptTerms = true;
};
}
security.acme = {
email = secrets.acme.email;
acceptTerms = true;
};
}

30
configuration/hosts/beltane/services/postgres.nix
View file

@ -1,19 +1,17 @@
{ config, pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
}
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}];
}

33
configuration/hosts/beltane/services/weechat.nix
View file

@ -1,17 +1,24 @@
{ config, pkgs, ... }:
{
services.weechat = {
binary = let new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
scripts = [ pkgs.weechatScripts.weechat-matrix ];
plugins = [ availablePlugins.perl ( availablePlugins.python.withPackages (ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ])) ]; };
}; in "${new-weechat}/bin/weechat";
enable = true;
};
services.weechat = {
binary = let
new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped {
configure = { availablePlugins, ... }: {
scripts = [ pkgs.weechatScripts.weechat-matrix ];
plugins = [
availablePlugins.perl
(availablePlugins.python.withPackages
(ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ]))
];
};
};
in "${new-weechat}/bin/weechat";
enable = true;
};
programs.screen.screenrc = ''
multiuser on
acladd kat
'';
}
programs.screen.screenrc = ''
multiuser on
acladd kat
'';
}

89
configuration/hosts/beltane/services/znc.nix
View file

@ -1,50 +1,45 @@
{ config, pkgs, ... }:
let secrets = import ../secrets.nix; in {
services.znc = {
enable = true;
mutable = false;
useLegacyConfig = false;
openFirewall = false;
config = {
Listener.l = {
Port = 5000;
SSL = false;
AllowWeb = true;
};
modules = [ "webadmin" "adminlog" ];
User.kat = {
Admin = true;
Nick = secrets.znc.nick;
AltNick = secrets.znc.altNick;
Network.freenode = {
Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}";
Chan = secrets.znc.freenode.channels;
Nick = secrets.znc.freenode.nick;
AltNick = secrets.znc.freenode.altNick;
JoinDelay = 2;
LoadModule = [
"simple_away"
"nickserv"
];
};
Network.espernet = {
Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}";
Chan = secrets.znc.espernet.channels;
Nick = secrets.znc.espernet.nick;
AltNick = secrets.znc.espernet.altNick;
JoinDelay = 2;
LoadModule = [
"simple_away"
"nickserv"
];
};
Pass.password = {
Method = secrets.znc.password.method;
Hash = secrets.znc.password.hash;
Salt = secrets.znc.password.salt;
};
};
let secrets = import ../secrets.nix;
in {
services.znc = {
enable = true;
mutable = false;
useLegacyConfig = false;
openFirewall = false;
config = {
Listener.l = {
Port = 5000;
SSL = false;
AllowWeb = true;
};
modules = [ "webadmin" "adminlog" ];
User.kat = {
Admin = true;
Nick = secrets.znc.nick;
AltNick = secrets.znc.altNick;
Network.freenode = {
Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}";
Chan = secrets.znc.freenode.channels;
Nick = secrets.znc.freenode.nick;
AltNick = secrets.znc.freenode.altNick;
JoinDelay = 2;
LoadModule = [ "simple_away" "nickserv" ];
};
};
}
Network.espernet = {
Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}";
Chan = secrets.znc.espernet.channels;
Nick = secrets.znc.espernet.nick;
AltNick = secrets.znc.espernet.altNick;
JoinDelay = 2;
LoadModule = [ "simple_away" "nickserv" ];
};
Pass.password = {
Method = secrets.znc.password.method;
Hash = secrets.znc.password.hash;
Salt = secrets.znc.password.salt;
};
};
};
};
}

40
configuration/hosts/samhain/services/nginx.nix
View file

@ -1,23 +1,23 @@
{ config, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
};
}
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'origin-when-cross-origin';
#add_header X-Frame-Options DENY;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
};
}

80
configuration/hosts/samhain/services/thermal/thermal.nix
View file

@ -1,42 +1,50 @@
{ config, pkgs, ... }:
{
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
powerManagement = {
enable = true;
cpuFreqGovernor = "conservative";
};
systemd = {
services = {
kaede-thermals = let kaede-thermals-script = pkgs.writeScriptBin "script" (builtins.readFile ./kaede-thermals.sh); in {
wantedBy = [ "multi-user.target" ];
path = [pkgs.bash pkgs.coreutils-full];
serviceConfig = {
RemainAfterExit = "no";
Type = "simple";
ExecStart = "${kaede-thermals-script}/bin/script start";
ExecStop = "${kaede-thermals-script}/bin/script stop";
User = "root";
};
};
kaede-power = let kaede-power-script = pkgs.writeScriptBin "script" (builtins.readFile ./kaede-power.sh); in {
wantedBy = [ "multi-user.target" ];
path = [pkgs.bash pkgs.linuxPackages.cpupower];
serviceConfig = {
RemainAfterExit = "yes";
Type = "oneshot";
ExecStart = "${kaede-power-script}/bin/script start";
ExecStop = "${kaede-power-script}/bin/script stop";
User = "root";
};
};
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
powerManagement = {
enable = true;
cpuFreqGovernor = "conservative";
};
systemd = {
services = {
kaede-thermals = let
kaede-thermals-script =
pkgs.writeScriptBin "script" (builtins.readFile ./kaede-thermals.sh);
in {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.coreutils-full ];
serviceConfig = {
RemainAfterExit = "no";
Type = "simple";
ExecStart = "${kaede-thermals-script}/bin/script start";
ExecStop = "${kaede-thermals-script}/bin/script stop";
User = "root";
};
};
kaede-power = let
kaede-power-script =
pkgs.writeScriptBin "script" (builtins.readFile ./kaede-power.sh);
in {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.linuxPackages.cpupower ];
serviceConfig = {
RemainAfterExit = "yes";
Type = "oneshot";
ExecStart = "${kaede-power-script}/bin/script start";
ExecStop = "${kaede-power-script}/bin/script stop";
User = "root";
};
};
};
services.thermald = let cfg_file = pkgs.writeTextFile {
name = "cfg";
text = (builtins.readFile ./kaede-thermald.xml);
}; in {
enable = true;
configFile = "${cfg_file}";
};
services.thermald = let
cfg_file = pkgs.writeTextFile {
name = "cfg";
text = (builtins.readFile ./kaede-thermald.xml);
};
}
in {
enable = true;
configFile = "${cfg_file}";
};
}

37
configuration/hosts/samhain/services/torrenting.nix
View file

@ -1,17 +1,18 @@
{ config, lib, pkgs, ... }:
{
services.transmission = let transmission-done-script = pkgs.writeScriptBin "script" ''
#!${pkgs.bash}/bin/bash
set -e
if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
if [ ! -z "*.rar" ]; then
${pkgs.unrar}/bin/unrar x "*.rar"
fi
chmod ugo=rwX .
fi'';
in {
services.transmission = let
transmission-done-script = pkgs.writeScriptBin "script" ''
#!${pkgs.bash}/bin/bash
set -e
if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
if [ ! -z "*.rar" ]; then
${pkgs.unrar}/bin/unrar x "*.rar"
fi
chmod ugo=rwX .
fi'';
in {
enable = true;
home = "/disks/pool-raw/transmission";
downloadDirPermissions = "777";
@ -57,11 +58,11 @@
};
services.nginx.virtualHosts = {
"192.168.1.135" = {
locations."/share/" = {
alias = "/disks/pool-raw/Public/Media/";
extraConfig = "autoindex on;";
};
"192.168.1.135" = {
locations."/share/" = {
alias = "/disks/pool-raw/Public/Media/";
extraConfig = "autoindex on;";
};
};
}
};
};
}

23
configuration/profiles/development/default.nix
View file

@ -1,16 +1,15 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
environment.systemPackages = let python-env = python-packages: with pkgs.python38Packages; [
pip
setuptools
psutil
]; python-with-env = pkgs.python3.withPackages python-env;
in [
pkgs.php
pkgs.php74Packages.composer2
python-with-env
];
{
environment.systemPackages = let
python-env = python-packages:
with pkgs.python38Packages; [
pip
setuptools
psutil
];
python-with-env = pkgs.python3.withPackages python-env;
in [ pkgs.php pkgs.php74Packages.composer2 python-with-env ];
home-manager.users.kat = {
programs.go.enable = true;