From 290f2dadc3b9065ea2a0f91947c22d46eae7faa7 Mon Sep 17 00:00:00 2001 From: Lukas Wurzinger Date: Sun, 15 Sep 2024 14:16:32 +0200 Subject: [PATCH] stuff --- common/default.nix | 22 --------- common/users.nix | 3 -- flake.lock | 26 +++++------ flake.nix | 29 ++++++------ hosts/abacus/acme.nix | 6 +++ hosts/abacus/fs.nix | 7 +++ hosts/abacus/{default.nix => hardware.nix} | 17 +------ hosts/abacus/microbin.nix | 13 ++++-- hosts/abacus/navidrome.nix | 27 +++++++++++ hosts/abacus/static.nix | 31 +++++++++++++ hosts/abacus/static/default.nix | 12 ----- hosts/abacus/static/log.nix | 18 -------- hosts/abacus/static/main.nix | 18 -------- hosts/abacus/vaultwarden.nix | 13 ++++-- hosts/vessel/audiocomp.nix | 52 ++++++++++++++++++++++ hosts/vessel/backup.nix | 5 ++- hosts/vessel/{default.nix => hardware.nix} | 6 --- hosts/vessel/storage.nix | 12 +++++ lib.nix | 16 +++++++ 19 files changed, 203 insertions(+), 130 deletions(-) delete mode 100644 common/default.nix create mode 100644 hosts/abacus/acme.nix create mode 100644 hosts/abacus/fs.nix rename hosts/abacus/{default.nix => hardware.nix} (68%) create mode 100644 hosts/abacus/navidrome.nix create mode 100644 hosts/abacus/static.nix delete mode 100644 hosts/abacus/static/default.nix delete mode 100644 hosts/abacus/static/log.nix delete mode 100644 hosts/abacus/static/main.nix create mode 100644 hosts/vessel/audiocomp.nix rename hosts/vessel/{default.nix => hardware.nix} (86%) create mode 100644 lib.nix diff --git a/common/default.nix b/common/default.nix deleted file mode 100644 index 851858f..0000000 --- a/common/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - imports = [ - ./bash.nix - ./boot.nix - ./bottom.nix - ./cnf.nix - ./dbus.nix - ./direnv.nix - ./fs.nix - ./fwupd.nix - ./gc.nix - ./git.nix - ./nix.nix - ./readline.nix - ./ssh.nix - ./starship.nix - ./sudo.nix - ./swap.nix - ./time.nix - ./users.nix - ]; -} diff --git a/common/users.nix b/common/users.nix index e562aea..ba9079c 100644 --- a/common/users.nix +++ b/common/users.nix @@ -4,8 +4,6 @@ users = { mutableUsers = false; - groups.lukas.gid = 1000; - users = { root.hashedPassword = "!"; lukas = { @@ -14,7 +12,6 @@ hashedPasswordFile = config.age.secrets.user-lukas.path; openssh.authorizedKeys.keys = builtins.attrValues (import ../pubkeys.nix).users; extraGroups = ["wheel" "networkmanager" "gamemode"]; - linger = true; }; }; }; diff --git a/flake.lock b/flake.lock index 4102d73..3a8e218 100644 --- a/flake.lock +++ b/flake.lock @@ -48,11 +48,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -63,11 +63,11 @@ }, "hardware": { "locked": { - "lastModified": 1724067415, - "narHash": "sha256-WJBAEFXAtA41RMpK8mvw0cQ62CJkNMBtzcEeNIJV7b0=", + "lastModified": 1725885300, + "narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b09c46430ffcf18d575acf5c339b38ac4e1db5d2", + "rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e", "type": "github" }, "original": { @@ -115,23 +115,23 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", + "lastModified": 1725233747, + "narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" } }, "nixpkgs_2": { "locked": { - "lastModified": 1723991338, - "narHash": "sha256-Grh5PF0+gootJfOJFenTTxDTYPidA3V28dqJ/WV7iis=", + "lastModified": 1726062873, + "narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a3354191c0d7144db9756a74755672387b702ba", + "rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d3813ea..35ed357 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,6 @@ }; outputs = { - self, nixpkgs, flake-parts, ... @@ -19,28 +18,30 @@ flake = { nixosConfigurations = let - hostsDir = "hosts"; + lib = nixpkgs.lib.extend (import ./lib.nix); commonNixosSystem = name: - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { - inherit inputs; + inherit inputs lib; attrName = name; }; - modules = [ - inputs.agenix.nixosModules.default - ./common - ./${hostsDir}/${name} - - ({lib, ...}: {networking.hostName = lib.mkDefault name;}) - ]; + modules = + (lib.findModules [ + ./common + ./hosts/${name} + ]) + ++ [ + inputs.agenix.nixosModules.default + {networking.hostName = lib.mkDefault name;} + ]; }; - genHosts = nixpkgs.lib.pipe (builtins.readDir ./${hostsDir}) [ - (nixpkgs.lib.filterAttrs (name: type: type == "directory")) + genHosts = lib.pipe (builtins.readDir ./hosts) [ + (lib.filterAttrs (name: type: type == "directory")) builtins.attrNames - nixpkgs.lib.genAttrs + lib.genAttrs ]; in genHosts commonNixosSystem; diff --git a/hosts/abacus/acme.nix b/hosts/abacus/acme.nix new file mode 100644 index 0000000..ea5d8ed --- /dev/null +++ b/hosts/abacus/acme.nix @@ -0,0 +1,6 @@ +{ + security.acme = { + defaults.email = "lukas@wrz.one"; + acceptTerms = true; + }; +} diff --git a/hosts/abacus/fs.nix b/hosts/abacus/fs.nix new file mode 100644 index 0000000..0a1531b --- /dev/null +++ b/hosts/abacus/fs.nix @@ -0,0 +1,7 @@ +{config, ...}: { + fileSystems.${config.services.navidrome.settings.MusicFolder} = { + label = "music"; + fsType = "ext4"; + options = ["noatime"]; + }; +} diff --git a/hosts/abacus/default.nix b/hosts/abacus/hardware.nix similarity index 68% rename from hosts/abacus/default.nix rename to hosts/abacus/hardware.nix index 450e6a7..c1c7c6b 100644 --- a/hosts/abacus/default.nix +++ b/hosts/abacus/hardware.nix @@ -1,15 +1,5 @@ {modulesPath, ...}: { - imports = [ - "${modulesPath}/profiles/qemu-guest.nix" - - ./backup.nix - ./microbin.nix - ./miniflux.nix - ./nginx.nix - ./static - ./syncthing.nix - ./vaultwarden.nix - ]; + imports = ["${modulesPath}/profiles/qemu-guest.nix"]; nixpkgs.hostPlatform = "aarch64-linux"; @@ -35,9 +25,4 @@ }; firewall.allowedTCPPorts = [80 443]; }; - - security.acme = { - defaults.email = "lukas@wrz.one"; - acceptTerms = true; - }; } diff --git a/hosts/abacus/microbin.nix b/hosts/abacus/microbin.nix index cb2c83c..6661b7d 100644 --- a/hosts/abacus/microbin.nix +++ b/hosts/abacus/microbin.nix @@ -1,4 +1,8 @@ -{config, ...}: let +{ + config, + lib, + ... +}: let inherit (config.networking) domain; virtualHostName = "bin.${domain}"; in { @@ -8,7 +12,7 @@ in { enable = true; passwordFile = config.age.secrets.microbin.path; settings = { - MICROBIN_BIND = "127.0.0.1"; + MICROBIN_BIND = "localhost"; MICROBIN_PORT = 8020; MICROBIN_READONLY = true; @@ -31,6 +35,9 @@ in { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://${config.services.microbin.settings.MICROBIN_BIND}:${builtins.toString config.services.microbin.settings.MICROBIN_PORT}"; + locations."/".proxyPass = "http://${lib.formatHostPort { + host = config.services.microbin.settings.MICROBIN_BIND; + port = config.services.microbin.settings.MICROBIN_PORT; + }}"; }; } diff --git a/hosts/abacus/navidrome.nix b/hosts/abacus/navidrome.nix new file mode 100644 index 0000000..1c3f35f --- /dev/null +++ b/hosts/abacus/navidrome.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: let + inherit (config.networking) domain; + virtualHostName = "navi.${domain}"; +in { + services.navidrome = { + enable = true; + settings = { + Address = "localhost"; + Port = 8050; + MusicFolder = "/srv/music"; + }; + }; + + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + locations."/".proxyPass = "http://${lib.formatHostPort { + host = config.services.navidrome.settings.Address; + port = config.services.navidrome.settings.Port; + }}"; + }; +} diff --git a/hosts/abacus/static.nix b/hosts/abacus/static.nix new file mode 100644 index 0000000..150a4fe --- /dev/null +++ b/hosts/abacus/static.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: let + inherit (config.networking) domain; + parent = "/var/www"; + sites = [ + domain + "log.${domain}" + ]; +in + lib.mkMerge (map ( + virtualHostName: let + root = "${parent}/${virtualHostName}"; + in { + services.nginx.virtualHosts.${virtualHostName} = { + enableACME = true; + forceSSL = true; + + inherit root; + }; + + systemd.tmpfiles.settings."10-static-sites".${root}.d = { + user = "lukas"; + group = "users"; + mode = "0755"; + }; + } + ) + sites) diff --git a/hosts/abacus/static/default.nix b/hosts/abacus/static/default.nix deleted file mode 100644 index 0b8abc2..0000000 --- a/hosts/abacus/static/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - imports = [ - ./log.nix - ./main.nix - ]; - - systemd.tmpfiles.settings."10-static-sites"."/var/www".d = { - user = "root"; - group = "root"; - mode = "0755"; - }; -} diff --git a/hosts/abacus/static/log.nix b/hosts/abacus/static/log.nix deleted file mode 100644 index f1695cd..0000000 --- a/hosts/abacus/static/log.nix +++ /dev/null @@ -1,18 +0,0 @@ -{config, ...}: let - inherit (config.networking) domain; - virtualHostName = "log.${domain}"; - root = "/var/www/${virtualHostName}"; -in { - services.nginx.virtualHosts.${virtualHostName} = { - enableACME = true; - forceSSL = true; - - inherit root; - }; - - systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = "lukas"; - group = "users"; - mode = "0755"; - }; -} diff --git a/hosts/abacus/static/main.nix b/hosts/abacus/static/main.nix deleted file mode 100644 index 17f17de..0000000 --- a/hosts/abacus/static/main.nix +++ /dev/null @@ -1,18 +0,0 @@ -{config, ...}: let - inherit (config.networking) domain; - virtualHostName = domain; - root = "/var/www/${virtualHostName}"; -in { - services.nginx.virtualHosts.${virtualHostName} = { - enableACME = true; - forceSSL = true; - - inherit root; - }; - - systemd.tmpfiles.settings."10-static-sites".${root}.d = { - user = "lukas"; - group = "users"; - mode = "0755"; - }; -} diff --git a/hosts/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix index 816fda4..4d46082 100644 --- a/hosts/abacus/vaultwarden.nix +++ b/hosts/abacus/vaultwarden.nix @@ -1,4 +1,8 @@ -{config, ...}: let +{ + config, + lib, + ... +}: let inherit (config.networking) domain; virtualHostName = "vault.${domain}"; backupDir = "/srv/backup/vaultwarden"; @@ -20,7 +24,7 @@ in { ENABLE_WEBSOCKET = true; - ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_ADDRESS = "localhost"; ROCKET_PORT = 8000; }; @@ -34,7 +38,10 @@ in { forceSSL = true; locations."/" = { - proxyPass = "http://${config.services.vaultwarden.config.ROCKET_ADDRESS}:${builtins.toString config.services.vaultwarden.config.ROCKET_PORT}"; + proxyPass = "http://${lib.formatHostPort { + host = config.services.vaultwarden.config.ROCKET_ADDRESS; + port = config.services.vaultwarden.config.ROCKET_PORT; + }}"; proxyWebsockets = true; }; }; diff --git a/hosts/vessel/audiocomp.nix b/hosts/vessel/audiocomp.nix new file mode 100644 index 0000000..fa46ee4 --- /dev/null +++ b/hosts/vessel/audiocomp.nix @@ -0,0 +1,52 @@ +{ + inputs, + lib, + pkgs, + ... +}: let + audiocomp = pkgs.writeShellApplication { + name = "audiocomp"; + runtimeInputs = [ + pkgs.parallel + pkgs.rsync + ]; + text = let + remoteDir = inputs.self.nixosConfigurations.abacus.config.services.navidrome.settings.MusicFolder; + enc = pkgs.writeShellApplication { + name = "enc"; + runtimeInputs = [ + pkgs.opusTools + ]; + text = '' + src="$1" + dst=''${src%.flac}.opus + dst=/srv/compmusic/''${dst#./} + + if [[ -f "$dst" ]]; then + exit + fi + + mkdir --parents -- "$(dirname -- "$dst")" + exec opusenc --quiet --bitrate 96.000 -- {} "$dst" + ''; + }; + in '' + cd /srv/music + find . -name '*.flac' -print0 | parallel --null -- '${lib.getExe enc} {}' + + rsync --verbose --verbose --archive --update --delete --mkpath --exclude lost+found \ + --rsh 'ssh -i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \ + -- /srv/compmusic/ root@wrz.one:${remoteDir} + ''; + }; +in { + # systemd.services.audiocomp = { + # description = "Compress and sync music"; + # serviceConfig = { + # Type = "oneshot"; + # User = "root"; + # Group = "root"; + # ExecStart = lib.getExe audiocomp; + # }; + # }; +} diff --git a/hosts/vessel/backup.nix b/hosts/vessel/backup.nix index 730c44c..789065f 100644 --- a/hosts/vessel/backup.nix +++ b/hosts/vessel/backup.nix @@ -6,8 +6,9 @@ ... }: let backups = { - storage = "/srv/storage"; + music = "/srv/music"; safe = "/srv/safe"; + storage = "/srv/storage"; sync = config.services.syncthing.dataDir; }; in { @@ -33,7 +34,7 @@ in { Group = "root"; }; script = '' - ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} /srv/backup/${backupName}/ + ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath -- ${backups.${backupName}}/ /srv/backup/${backupName}/ ''; }; } diff --git a/hosts/vessel/default.nix b/hosts/vessel/hardware.nix similarity index 86% rename from hosts/vessel/default.nix rename to hosts/vessel/hardware.nix index b0a608a..628ff7e 100644 --- a/hosts/vessel/default.nix +++ b/hosts/vessel/hardware.nix @@ -9,12 +9,6 @@ inputs.hardware.nixosModules.common-cpu-intel inputs.hardware.nixosModules.common-gpu-intel inputs.hardware.nixosModules.common-pc-ssd - - ./backup.nix - ./blocky.nix - ./fs.nix - ./storage.nix - ./syncthing.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/hosts/vessel/storage.nix b/hosts/vessel/storage.nix index 61d5ea7..63332ad 100644 --- a/hosts/vessel/storage.nix +++ b/hosts/vessel/storage.nix @@ -11,5 +11,17 @@ group = "users"; mode = "0755"; }; + + "10-music"."/srv/music".d = { + user = "lukas"; + group = "users"; + mode = "0755"; + }; + + "10-compmusic"."/srv/compmusic".d = { + user = "lukas"; + group = "users"; + mode = "0755"; + }; }; } diff --git a/lib.nix b/lib.nix new file mode 100644 index 0000000..cb44264 --- /dev/null +++ b/lib.nix @@ -0,0 +1,16 @@ +lib: _: { + findModules = dirs: + builtins.concatMap (dir: + lib.pipe dir [ + (lib.fileset.fileFilter ( + file: file.hasExt "nix" && file.name != "default.nix" + )) + lib.fileset.toList + ]) + dirs; + + formatHostPort = { + host, + port, + }: "${host}:${builtins.toString port}"; +}