lukas/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

snapshot

Browse source
This commit is contained in:
Lukas Wurzinger 2024-08-18 02:55:37 +02:00
parent f15455ca12
commit 7b2a024010
19 changed files with 235 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
class/desktop/syncthing.nix
View file

@ -1,4 +1,5 @@
{
#what?
services.syncthing = {
enable = true;
overrideDevices = false;

2
class/desktop/users.nix
View file

@ -1,3 +1,5 @@
{
users.mutableUsers = true;
# install neovide/neovim for user?
}

1
class/server/default.nix
View file

@ -2,5 +2,6 @@
imports = [
./fs.nix
./time.nix
./users.nix
];
}

2
class/server/fs.nix
View file

@ -1,3 +1,3 @@
{
fileSystems."/".device = "/dev/disk/by-label/main";
fileSystems."/".label = "main";
}

2
common/fish.nix
View file

@ -5,7 +5,7 @@
nixpkgs.overlays = [
(final: prev: {
fish = prev.fish.overrideAttrs (oldAttrs: {
fish = prev.fish.overrideAttrs (_: {
postInstall = ''
rm $out/share/applications/fish.desktop
'';

2
common/fs.nix
View file

@ -7,7 +7,7 @@
options = ["noatime"];
};
"/boot" = {
device = "/dev/disk/by-label/BOOT";
label = "BOOT";
fsType = "vfat";
};
};

117
flake.lock
View file

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1722339003,
"narHash": "sha256-ZeS51uJI30ehNkcZ4uKqT4ZDARPyqrHADSKAwv5vVCU=",
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "3f1dae074a12feb7327b4bf43cbac0d124488bb7",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@ -45,7 +45,6 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"myvim",
"nixvim",
@ -53,11 +52,11 @@
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
@ -103,11 +102,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
@ -125,11 +124,11 @@
]
},
"locked": {
"lastModified": 1719877454,
"narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=",
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4e3583423212f9303aa1a6337f8dffb415920e4f",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
@ -143,11 +142,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -176,11 +175,11 @@
]
},
"locked": {
"lastModified": 1719259945,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=",
"lastModified": 1722857853,
"narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07",
"rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github"
},
"original": {
@ -214,11 +213,11 @@
},
"hardware": {
"locked": {
"lastModified": 1722332872,
"narHash": "sha256-2xLM4sc5QBfi0U/AANJAW21Bj4ZX479MHPMPkB+eKBU=",
"lastModified": 1723310128,
"narHash": "sha256-IiH8jG6PpR4h9TxSGMYh+2/gQiJW9MwehFvheSb5rPc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "14c333162ba53c02853add87a0000cbd7aa230c2",
"rev": "c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf",
"type": "github"
},
"original": {
@ -257,11 +256,11 @@
]
},
"locked": {
"lastModified": 1719827439,
"narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"lastModified": 1722630065,
"narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"rev": "afc892db74d65042031a093adb6010c4c3378422",
"type": "github"
},
"original": {
@ -277,11 +276,11 @@
"nixvim": "nixvim"
},
"locked": {
"lastModified": 1720826561,
"narHash": "sha256-ieLivNcp3gJ0eEgd/Er9130XD3B0LD3Kyt37QitgxGk=",
"lastModified": 1723337900,
"narHash": "sha256-sikwTpsSGRagCWS8wVP731ibDFuwZUj2+nukOjJifKo=",
"owner": "lukaswrz",
"repo": "myvim",
"rev": "44f386248c02517e26a4e372a307de9a9b31588f",
"rev": "c39a65463856678ee5dfd691e0d6acf1a4106331",
"type": "github"
},
"original": {
@ -299,11 +298,11 @@
]
},
"locked": {
"lastModified": 1719845423,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=",
"lastModified": 1722924007,
"narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756",
"rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
"type": "github"
},
"original": {
@ -342,14 +341,14 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1719876945,
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=",
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs_2": {
@ -370,11 +369,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1719848872,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=",
"lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8",
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github"
},
"original": {
@ -386,11 +385,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"lastModified": 1723362943,
"narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"rev": "a58bc8ad779655e790115244571758e8de055e3d",
"type": "github"
},
"original": {
@ -409,14 +408,15 @@
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_3",
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1720804407,
"narHash": "sha256-mLVzkOpfOqYPmwjAAHRmeVUoOUmpLpxmfKDObT1FVtc=",
"lastModified": 1723230145,
"narHash": "sha256-FyjcuYZMqXdiKOXkHaIC2ubag+TPV9Z12urC/sdVI6A=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "89d74cdce173223f57754c6a315c929f8fc14229",
"rev": "4852f94f8ccae551514df0092a077014bafb95ca",
"type": "github"
},
"original": {
@ -425,6 +425,29 @@
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722772237,
"narHash": "sha256-3eCYmzeLngX8eutIsTZAG8DIvT/0DWQQxiszTQz8n0s=",
"owner": "NuschtOS",
"repo": "search",
"rev": "aa5f6246565cc9b1e697d2c9d6ed2c842b17fff6",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -473,11 +496,11 @@
]
},
"locked": {
"lastModified": 1719887753,
"narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=",
"lastModified": 1722330636,
"narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c",
"rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
"type": "github"
},
"original": {

1
flake.nix
View file

@ -10,6 +10,7 @@
};
outputs = {
self,
nixpkgs,
flake-parts,
...

20
hosts/abacus/backup.nix Normal file
View file

@ -0,0 +1,20 @@
{
attrName,
config,
...
}: {
age.secrets."restic-${attrName}".file = ../../secrets/restic-${attrName}.age;
services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true;
paths = [config.services.syncthing.dataDir];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
};
extraOptions = ["sftp.args='-i /etc/ssh/ssh_host_ed25519_key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'"];
};
}

3
hosts/abacus/conduit.nix
View file

@ -60,11 +60,10 @@ in {
"/".return = "404";
"/_matrix/" = {
proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}$request_uri";
proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};

2
hosts/abacus/default.nix
View file

@ -2,6 +2,8 @@
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
./microbin.nix
./miniflux.nix
./nginx.nix
./vaultwarden.nix
];

37
hosts/abacus/microbin.nix Normal file
View file

@ -0,0 +1,37 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
in {
age.secrets.microbin.file = ../../secrets/microbin.age;
services.microbin = {
enable = true;
passwordFile = config.age.secrets.microbin.path;
settings = {
MICROBIN_BIND = "localhost";
MICROBIN_PORT = 8020;
MICROBIN_ADMIN_USERNAME = "lukas";
MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/";
MICROBIN_QR = true;
MICROBIN_ETERNAL_PASTA = false;
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = 1024;
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = 4096;
MICROBIN_DISABLE_UPDATE_CHECKING = false;
MICROBIN_DISABLE_TELEMETRY = true;
MICROBIN_LIST_SERVER = false;
};
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
quic = true;
locations."/".proxyPass = "http://${config.services.microbin.settings.MICROBIN_BIND}:${builtins.toString config.services.microbin.settings.MICROBIN_PORT}";
};
}

23
hosts/abacus/miniflux.nix Normal file
View file

@ -0,0 +1,23 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
in {
services.miniflux = {
enable = true;
createDatabaseLocally = true;
adminCredentialsFile = "";
config = {
LISTEN_ADDR = "localhost:8040";
BASE_URL = "https://${virtualHostName}";
WEBAUTHN = true;
};
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
quic = true;
locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
};
}

71
hosts/vessel/backup.nix
View file

@ -5,42 +5,45 @@
pkgs,
...
}: let
safePath = "/srv/storage/safe";
backupPath = "/srv/backup";
backups = {
storage = "/srv/storage";
safe = "/srv/safe";
sync = config.services.syncthing.dataDir;
};
in {
systemd = {
timers.local-backup = {
description = "Local rsync Backup";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
Unit = "local-backup.service";
};
};
systemd = lib.mkMerge (map (
backupName: let
systemdName = "${backupName}-backup";
in {
timers.${systemdName} = {
description = "Local rsync Backup ${backupName}";
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "*-*-* 03:00:00";
Persistent = true;
Unit = "${systemdName}.service";
};
};
services.local-backup = {
description = "Local rsync Backup";
serviceConfig = {
Type = "oneshot";
ExecStart = "${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete /srv/storage/ /srv/backup/";
User = "root";
Group = "root";
};
};
services.${systemdName} = {
description = "Local rsync Backup ${backupName}";
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
};
script = ''
${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/
'';
};
}
) (lib.attrNames backups));
tmpfiles.settings = {
"10-storage-safe".${safePath}.d = {
user = "root";
group = "root";
mode = "0755";
};
};
};
fileSystems."/srv/backup" = {
device = "/dev/disk/by-label/backup";
fsType = "btrfs";
options = ["subvol=/" "compress=zstd" "noatime"];
fileSystems.${backupPath} = {
label = "backup";
fsType = "ext4";
options = ["noatime"];
};
age.secrets."restic-${attrName}".file = ../../secrets/restic-${attrName}.age;
@ -48,7 +51,7 @@ in {
services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true;
paths = [safePath];
paths = [backups.safe backups.sync];
passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = {

2
hosts/vessel/default.nix
View file

@ -12,6 +12,8 @@
./backup.nix
./blocky.nix
./storage.nix
./syncthing.nix
];
nixpkgs.hostPlatform = "x86_64-linux";

15
hosts/vessel/storage.nix Normal file
View file

@ -0,0 +1,15 @@
{
systemd.tmpfiles.settings = {
"10-safe"."/srv/safe".d = {
user = "root";
group = "root";
mode = "0755";
};
"10-storage"."/srv/storage".d = {
user = "root";
group = "root";
mode = "0755";
};
};
}

7
hosts/vessel/syncthing.nix Normal file
View file

@ -0,0 +1,7 @@
{
services.syncthing = {
enable = true;
systemService = true;
openDefaultPorts = true;
};
}

9
secrets/microbin.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw F95W8SsHzaohI3esnMon2BAFepiV3n780P7fcCYQUDQ
K/9OutO7/MAAP+G4DX+lKP9MV18x686fkwWQFRjSUrk
-> ssh-ed25519 S+dwQQ goTruGBCq5cmiZ3H7fur99lCmjlHlA/milfbMryi5n4
9K5s3zCTwW23BOdzD3oHW3ptl7tbY4D+fEZdHDjCsGU
-> ssh-ed25519 ffmsLw 6FKkfm2o7ese13ZRrZ1xxdqT0wn77HoRfPTrBKZvRxA
1QohzDabU+Fa1yoLQhL5Iz+lLMRFEerPhDV1yRi/Z9U
--- H3k2LojeNCCv4WehZlRJyTXCbivbsq+4cwixlx3rnGo
¶©dh%ó-©fFVçâgû/L8ʬÄ]_k…[˪Ê*¿Ÿ°]O„ŸR>N šîOß:QÁmºÙ¸MêíT©ÈPj<50>)zŠú`…®§<>)“~Öš*™-6÷±²ßÁµOU À7Y_e¾Cz

4
secrets/secrets.nix
View file

@ -1,5 +1,9 @@
with import ../pubkeys.nix; {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts);
"microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
"restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
}