stuff

2024-09-15 14:16:32 +02:00 · 2024-09-15 14:16:32 +02:00 · 290f2dadc3
parent be422948c7
commit 290f2dadc3
19 changed files with 203 additions and 130 deletions
--- a/common/default.nix
+++ b/common/default.nix
@ -1,22 +0,0 @@
-{
-  imports = [
-    ./bash.nix
-    ./boot.nix
-    ./bottom.nix
-    ./cnf.nix
-    ./dbus.nix
-    ./direnv.nix
-    ./fs.nix
-    ./fwupd.nix
-    ./gc.nix
-    ./git.nix
-    ./nix.nix
-    ./readline.nix
-    ./ssh.nix
-    ./starship.nix
-    ./sudo.nix
-    ./swap.nix
-    ./time.nix
-    ./users.nix
-  ];
-}
--- a/common/users.nix
+++ b/common/users.nix
@ -4,8 +4,6 @@
  users = {
    mutableUsers = false;

-    groups.lukas.gid = 1000;
-
    users = {
      root.hashedPassword = "!";
      lukas = {
@ -14,7 +12,6 @@
        hashedPasswordFile = config.age.secrets.user-lukas.path;
        openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users;
        extraGroups = ["wheel" "networkmanager" "gamemode"];
-        linger = true;
      };
    };
  };
--- a/flake.lock
+++ b/flake.lock
@ -48,11 +48,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1722555600,
-        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "lastModified": 1726153070,
+        "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
        "type": "github"
      },
      "original": {
@ -63,11 +63,11 @@
    },
    "hardware": {
      "locked": {
-        "lastModified": 1724067415,
-        "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=",
+        "lastModified": 1725885300,
+        "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2",
+        "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
        "type": "github"
      },
      "original": {
@ -115,23 +115,23 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1722555339,
-        "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
+        "lastModified": 1725233747,
+        "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1723991338,
-        "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=",
+        "lastModified": 1726062873,
+        "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8a3354191c0d7144db9756a74755672387b702ba",
+        "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -9,7 +9,6 @@
  };

  outputs = {
-    self,
    nixpkgs,
    flake-parts,
    ...
@ -19,28 +18,30 @@

      flake = {
        nixosConfigurations = let
-          hostsDir = "hosts";
+          lib = nixpkgs.lib.extend (import ./lib.nix);

          commonNixosSystem = name:
-            nixpkgs.lib.nixosSystem {
+            lib.nixosSystem {
              specialArgs = {
-                inherit inputs;
+                inherit inputs lib;
                attrName = name;
              };
-              modules = [
-                inputs.agenix.nixosModules.default

-                ./common
-                ./${hostsDir}/${name}
-
-                ({lib, ...}: {networking.hostName = lib.mkDefault name;})
-              ];
+              modules =
+                (lib.findModules [
+                  ./common
+                  ./hosts/${name}
+                ])
+                ++ [
+                  inputs.agenix.nixosModules.default
+                  {networking.hostName = lib.mkDefault name;}
+                ];
            };

-          genHosts = nixpkgs.lib.pipe (builtins.readDir ./${hostsDir}) [
-            (nixpkgs.lib.filterAttrs (name: type: type == "directory"))
+          genHosts = lib.pipe (builtins.readDir ./hosts) [
+            (lib.filterAttrs (name: type: type == "directory"))
            builtins.attrNames
-            nixpkgs.lib.genAttrs
+            lib.genAttrs
          ];
        in
          genHosts commonNixosSystem;
--- a/hosts/abacus/acme.nix
+++ b/hosts/abacus/acme.nix
@ -0,0 +1,6 @@
+{
+  security.acme = {
+    defaults.email = "lukas@wrz.one";
+    acceptTerms = true;
+  };
+}
--- a/hosts/abacus/fs.nix
+++ b/hosts/abacus/fs.nix
@ -0,0 +1,7 @@
+{config, ...}: {
+  fileSystems.${config.services.navidrome.settings.MusicFolder} = {
+    label = "music";
+    fsType = "ext4";
+    options = ["noatime"];
+  };
+}
--- a/hosts/abacus/hardware.nix
+++ b/hosts/abacus/hardware.nix
@ -1,15 +1,5 @@
 {modulesPath, ...}: {
-  imports = [
-    "${modulesPath}/profiles/qemu-guest.nix"
-
-    ./backup.nix
-    ./microbin.nix
-    ./miniflux.nix
-    ./nginx.nix
-    ./static
-    ./syncthing.nix
-    ./vaultwarden.nix
-  ];
+  imports = ["${modulesPath}/profiles/qemu-guest.nix"];

  nixpkgs.hostPlatform = "aarch64-linux";

@ -35,9 +25,4 @@
    };
    firewall.allowedTCPPorts = [80 443];
  };
-
-  security.acme = {
-    defaults.email = "lukas@wrz.one";
-    acceptTerms = true;
-  };
 }
--- a/hosts/abacus/microbin.nix
+++ b/hosts/abacus/microbin.nix
@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
  inherit (config.networking) domain;
  virtualHostName = "bin.${domain}";
 in {
@ -8,7 +12,7 @@ in {
    enable = true;
    passwordFile = config.age.secrets.microbin.path;
    settings = {
-      MICROBIN_BIND = "127.0.0.1";
+      MICROBIN_BIND = "localhost";
      MICROBIN_PORT = 8020;

      MICROBIN_READONLY = true;
@ -31,6 +35,9 @@ in {
    enableACME = true;
    forceSSL = true;

-    locations."/".proxyPass = "http://${config.services.microbin.settings.MICROBIN_BIND}:${builtins.toString config.services.microbin.settings.MICROBIN_PORT}";
+    locations."/".proxyPass = "http://${lib.formatHostPort {
+      host = config.services.microbin.settings.MICROBIN_BIND;
+      port = config.services.microbin.settings.MICROBIN_PORT;
+    }}";
  };
 }
--- a/hosts/abacus/navidrome.nix
+++ b/hosts/abacus/navidrome.nix
@ -0,0 +1,27 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+  virtualHostName = "navi.${domain}";
+in {
+  services.navidrome = {
+    enable = true;
+    settings = {
+      Address = "localhost";
+      Port = 8050;
+      MusicFolder = "/srv/music";
+    };
+  };
+
+  services.nginx.virtualHosts.${virtualHostName} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/".proxyPass = "http://${lib.formatHostPort {
+      host = config.services.navidrome.settings.Address;
+      port = config.services.navidrome.settings.Port;
+    }}";
+  };
+}
--- a/hosts/abacus/static.nix
+++ b/hosts/abacus/static.nix
@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+  parent = "/var/www";
+  sites = [
+    domain
+    "log.${domain}"
+  ];
+in
+  lib.mkMerge (map (
+      virtualHostName: let
+        root = "${parent}/${virtualHostName}";
+      in {
+        services.nginx.virtualHosts.${virtualHostName} = {
+          enableACME = true;
+          forceSSL = true;
+
+          inherit root;
+        };
+
+        systemd.tmpfiles.settings."10-static-sites".${root}.d = {
+          user = "lukas";
+          group = "users";
+          mode = "0755";
+        };
+      }
+    )
+    sites)
--- a/hosts/abacus/static/default.nix
+++ b/hosts/abacus/static/default.nix
@ -1,12 +0,0 @@
-{
-  imports = [
-    ./log.nix
-    ./main.nix
-  ];
-
-  systemd.tmpfiles.settings."10-static-sites"."/var/www".d = {
-    user = "root";
-    group = "root";
-    mode = "0755";
-  };
-}
--- a/hosts/abacus/static/log.nix
+++ b/hosts/abacus/static/log.nix
@ -1,18 +0,0 @@
-{config, ...}: let
-  inherit (config.networking) domain;
-  virtualHostName = "log.${domain}";
-  root = "/var/www/${virtualHostName}";
-in {
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    inherit root;
-  };
-
-  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-    user = "lukas";
-    group = "users";
-    mode = "0755";
-  };
-}
--- a/hosts/abacus/static/main.nix
+++ b/hosts/abacus/static/main.nix
@ -1,18 +0,0 @@
-{config, ...}: let
-  inherit (config.networking) domain;
-  virtualHostName = domain;
-  root = "/var/www/${virtualHostName}";
-in {
-  services.nginx.virtualHosts.${virtualHostName} = {
-    enableACME = true;
-    forceSSL = true;
-
-    inherit root;
-  };
-
-  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
-    user = "lukas";
-    group = "users";
-    mode = "0755";
-  };
-}
--- a/hosts/abacus/vaultwarden.nix
+++ b/hosts/abacus/vaultwarden.nix
@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
  inherit (config.networking) domain;
  virtualHostName = "vault.${domain}";
  backupDir = "/srv/backup/vaultwarden";
@ -20,7 +24,7 @@ in {

      ENABLE_WEBSOCKET = true;

-      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_ADDRESS = "localhost";
      ROCKET_PORT = 8000;
    };

@ -34,7 +38,10 @@ in {
    forceSSL = true;

    locations."/" = {
-      proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}";
+      proxyPass = "http://${lib.formatHostPort {
+        host = config.services.vaultwarden.config.ROCKET_ADDRESS;
+        port = config.services.vaultwarden.config.ROCKET_PORT;
+      }}";
      proxyWebsockets = true;
    };
  };
--- a/hosts/vessel/audiocomp.nix
+++ b/hosts/vessel/audiocomp.nix
@ -0,0 +1,52 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}: let
+  audiocomp = pkgs.writeShellApplication {
+    name = "audiocomp";
+    runtimeInputs = [
+      pkgs.parallel
+      pkgs.rsync
+    ];
+    text = let
+      remoteDir = inputs.self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder;
+      enc = pkgs.writeShellApplication {
+        name = "enc";
+        runtimeInputs = [
+          pkgs.opusTools
+        ];
+        text = ''
+          src="$1"
+          dst=''${src%.flac}.opus
+          dst=/srv/compmusic/''${dst#./}
+
+          if [[ -f "$dst" ]]; then
+            exit
+          fi
+
+          mkdir --parents -- "$(dirname -- "$dst")"
+          exec opusenc --quiet --bitrate 96.000 -- {} "$dst"
+        '';
+      };
+    in ''
+      cd /srv/music
+      find . -name '*.flac' -print0 | parallel --null -- '${lib.getExe enc} {}'
+
+      rsync --verbose --verbose --archive --update --delete --mkpath --exclude lost+found \
+        --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \
+        -- /srv/compmusic/ root@wrz.one:${remoteDir}
+    '';
+  };
+in {
+  # systemd.services.audiocomp = {
+  #   description = "Compress and sync music";
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     User = "root";
+  #     Group = "root";
+  #     ExecStart = lib.getExe audiocomp;
+  #   };
+  # };
+}
--- a/hosts/vessel/backup.nix
+++ b/hosts/vessel/backup.nix
@ -6,8 +6,9 @@
  ...
 }: let
  backups = {
-    storage = "/srv/storage";
+    music = "/srv/music";
    safe = "/srv/safe";
+    storage = "/srv/storage";
    sync = config.services.syncthing.dataDir;
  };
 in {
@ -33,7 +34,7 @@ in {
          Group = "root";
        };
        script = ''
-          ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} /srv/backup/${backupName}/
+          ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath -- ${backups.${backupName}}/ /srv/backup/${backupName}/
        '';
      };
    }
--- a/hosts/vessel/hardware.nix
+++ b/hosts/vessel/hardware.nix
@ -9,12 +9,6 @@
    inputs.hardware.nixosModules.common-cpu-intel
    inputs.hardware.nixosModules.common-gpu-intel
    inputs.hardware.nixosModules.common-pc-ssd
-
-    ./backup.nix
-    ./blocky.nix
-    ./fs.nix
-    ./storage.nix
-    ./syncthing.nix
  ];

  nixpkgs.hostPlatform = "x86_64-linux";
--- a/hosts/vessel/storage.nix
+++ b/hosts/vessel/storage.nix
@ -11,5 +11,17 @@
      group = "users";
      mode = "0755";
    };
+
+    "10-music"."/srv/music".d = {
+      user = "lukas";
+      group = "users";
+      mode = "0755";
+    };
+
+    "10-compmusic"."/srv/compmusic".d = {
+      user = "lukas";
+      group = "users";
+      mode = "0755";
+    };
  };
 }
--- a/lib.nix
+++ b/lib.nix
@ -0,0 +1,16 @@
+lib: _: {
+  findModules = dirs:
+    builtins.concatMap (dir:
+      lib.pipe dir [
+        (lib.fileset.fileFilter (
+          file: file.hasExt "nix" && file.name != "default.nix"
+        ))
+        lib.fileset.toList
+      ])
+    dirs;
+
+  formatHostPort = {
+    host,
+    port,
+  }: "${host}:${builtins.toString port}";
+}