From 26f2fdfd0cdf606a1e136f6c802cd2a7eca972fe Mon Sep 17 00:00:00 2001 From: natto1784 Date: Wed, 9 Mar 2022 11:24:16 +0530 Subject: [PATCH] Remilia: more updates services: remove redundant nginx confs and some very minor changes --- flake.nix | 230 ++++++++++++------------ hosts/remilia/services.nix | 133 ++++++-------- modules/min-pkgs.nix | 5 +- modules/{builder.nix => x86builder.nix} | 0 4 files changed, 173 insertions(+), 195 deletions(-) rename modules/{builder.nix => x86builder.nix} (100%) diff --git a/flake.nix b/flake.nix index a3033f8..c9c1819 100644 --- a/flake.nix +++ b/flake.nix @@ -1,4 +1,4 @@ -{ +{ inputs = { stable.url = github:nixos/nixpkgs/nixos-21.11; old.url = github:nixos/nixpkgs/nixos-21.05; @@ -17,125 +17,127 @@ rust.url = github:oxalica/rust-overlay; }; - outputs = inputs@{self, nixpkgs, stable, master, old, ... }: - inputs.utils.lib.eachDefaultSystem (system: - let - mkPkgs = channel: system: import channel { - inherit system; - config.allowUnfree = true; - }; - channels = final: prev: { - stable = mkPkgs stable prev.system; - unstable = mkPkgs nixpkgs prev.system; - master = mkPkgs master prev.system; - old = mkPkgs old prev.system; - }; - overlays = [ - (import ./overlays/overridesandshit.nix) - (import ./overlays/packages.nix) - ]; - in - { - legacyPackages = import nixpkgs { - inherit system; - overlays = overlays ++ [ - inputs.nur.overlay - inputs.nvim.overlay - inputs.rust.overlay - inputs.emacs.overlay - channels - ( _: _: { - nbfc-linux=inputs.nbfc.defaultPackage.${system}; - games = inputs.nix-gaming.packages.${system}; - }) - ]; - config.allowUnfree = true; - config.allowBroken = true; - }; - }) // - ( - let - personalModules = [ - ./modules/nvidia-offload.nix - ./modules/sound.nix - ./modules/xorg.nix - ./modules/emacs - ]; - commonModules = [ - ./modules/nvim - ./modules/vault-agent.nix - ]; - serverModules = [ - ./modules/min-pkgs.nix - ./modules/min-stuff.nix - ]; - builder = [ ./modules/builder.nix ]; - in - { - hm-configs = { - natto = inputs.home-manager.lib.homeManagerConfiguration { - system = "x86_64-linux"; - configuration = { lib, ... }: { - imports = [ - ./home/natto.nix + outputs = inputs@{ self, nixpkgs, stable, master, old, ... }: + inputs.utils.lib.eachDefaultSystem + (system: + let + mkPkgs = channel: system: import channel { + inherit system; + config.allowUnfree = true; + }; + channels = final: prev: { + stable = mkPkgs stable prev.system; + unstable = mkPkgs nixpkgs prev.system; + master = mkPkgs master prev.system; + old = mkPkgs old prev.system; + }; + overlays = [ + (import ./overlays/overridesandshit.nix) + (import ./overlays/packages.nix) ]; - nixpkgs = { - overlays = self.legacyPackages.x86_64-linux.overlays; + in + { + legacyPackages = import nixpkgs { + inherit system; + overlays = overlays ++ [ + inputs.nur.overlay + inputs.nvim.overlay + inputs.rust.overlay + inputs.emacs.overlay + channels + (_: _: { + nbfc-linux = inputs.nbfc.defaultPackage.${system}; + games = inputs.nix-gaming.packages.${system}; + }) + ]; config.allowUnfree = true; config.allowBroken = true; - config.permittedInsecurePackages = [ - "electron-9.4.4" - ]; + }; + }) // + ( + let + personalModules = [ + ./modules/nvidia-offload.nix + ./modules/sound.nix + ./modules/xorg.nix + ./modules/emacs + ]; + commonModules = [ + ./modules/nvim + ./modules/vault-agent.nix + ]; + serverModules = [ + ./modules/min-pkgs.nix + ./modules/min-stuff.nix + ]; + builders = [ ./modules/x86builder.nix ]; + in + { + hm-configs = { + natto = inputs.home-manager.lib.homeManagerConfiguration { + system = "x86_64-linux"; + configuration = { lib, ... }: { + imports = [ + ./home/natto.nix + ]; + nixpkgs = { + overlays = self.legacyPackages.x86_64-linux.overlays; + config.allowUnfree = true; + config.allowBroken = true; + config.permittedInsecurePackages = [ + "electron-9.4.4" + ]; + }; + }; + homeDirectory = "/home/natto"; + username = "natto"; }; }; - homeDirectory = "/home/natto"; - username = "natto"; - }; - }; - nixosConfigurations = { - #Home laptop - Satori = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/satori - inputs.agenix.nixosModules.age - { - nixpkgs.pkgs = self.legacyPackages.x86_64-linux; - } - ] - ++ personalModules - ++ commonModules; - }; + nixosConfigurations = { + #Home laptop + Satori = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/satori + inputs.agenix.nixosModules.age + { + nixpkgs.pkgs = self.legacyPackages.x86_64-linux; + } + ] + ++ personalModules + ++ commonModules; + }; - #Home server (RPi4) - Marisa = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - ./hosts/marisa - #inputs.mailserver.nixosModules.mailserver - { - nixpkgs.pkgs = self.legacyPackages.aarch64-linux; - } - ] - ++ commonModules - ++ serverModules; - }; + #Home server (RPi4) + Marisa = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + ./hosts/marisa + #inputs.mailserver.nixosModules.mailserver + { + nixpkgs.pkgs = self.legacyPackages.aarch64-linux; + } + ] + ++ commonModules + ++ serverModules; + }; - #Oracle Cloud VM - Remilia = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/remilia - inputs.mailserver.nixosModules.mailserver - { - nixpkgs.pkgs = self.legacyPackages.x86_64-linux; - } - ] - ++ commonModules - ++ serverModules - ++ builder; - }; - }; - }); + #Oracle Cloud VM + Remilia = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/remilia + inputs.mailserver.nixosModules.mailserver + { + nixpkgs.pkgs = self.legacyPackages.x86_64-linux; + } + ] + ++ commonModules + ++ serverModules + ++ builders; + }; + }; + } + ); } diff --git a/hosts/remilia/services.nix b/hosts/remilia/services.nix index e48205e..ce86caa 100755 --- a/hosts/remilia/services.nix +++ b/hosts/remilia/services.nix @@ -16,86 +16,62 @@ package = (pkgs.nginx.overrideAttrs (oa: { configureFlags = oa.configureFlags ++ [ "--with-mail" "--with-mail_ssl_module" ]; })); - virtualHosts = { - "weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/".proxyPass = "http://10.55.0.2:80"; - serverAliases = [ "www.weirdnatto.in" ]; - }; - "git.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.55.0.2:5000"; - extraConfig = '' - client_max_body_size 64M; - proxy_set_header Host $host; - ''; + virtualHosts = + let + genericHttpRProxy = { addr, ssl ? true, conf ? "" }: { + addSSL = true; + enableACME = ssl; + locations."/" = { + proxyPass = toString addr; + extraConfig = '' + proxy_set_header Host $host; + '' + conf; + }; + }; + in + builtins.listToAttrs [ + { + name = "vault.weirdnatto.in"; + value = genericHttpRProxy { addr = "https://10.55.0.2:8800"; }; + } + { + name = "consul.weirdnatto.in"; + value = genericHttpRProxy { addr = "https://10.55.0.2:8500"; }; + } + { + name = "ci.weirdnatto.in"; + value = genericHttpRProxy { addr = "https://10.55.0.2:6666"; }; + } + { + name = "radio.weirdnatto.in"; + value = genericHttpRProxy { addr = "https://10.55.0.3:8000"; }; + } + { + name = "git.weirdnatto.in"; + value = genericHttpRProxy { + addr = "https://10.55.0.3:5000"; + conf = "client_max_body_size 64M;"; + }; + } + { + name = "nomad.weirdnatto.in"; + value = genericHttpRProxy { + addr = "https://10.55.0.3:4646"; + conf = '' + proxy_buffering off; + proxy_read_timeout 310s; + ''; + }; + } + ] // + { + "weirdnatto.in" = { + addSSL = true; + enableACME = true; + locations."/".proxyPass = "http://10.55.0.2:80"; + serverAliases = [ "www.weirdnatto.in" ]; }; }; - "vault.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "https://10.55.0.2:8800"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; - "consul.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.55.0.2:8500"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; - "nomad.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.55.0.2:4646"; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - proxy_read_timeout 310s; - ''; - }; - }; - "radio.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.55.0.3:8000"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; - "ci.weirdnatto.in" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://10.55.0.2:6666"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; - }; - /*streamConfig = '' - upstream gitea { - server 10.55.0.2:222; - } - server { - listen 22001; - proxy_pass gitea; - } - '';*/ }; vault-agent = { enable = true; @@ -154,3 +130,4 @@ }; security.pki.certificateFiles = [ ../../cert.pem ]; } + diff --git a/modules/min-pkgs.nix b/modules/min-pkgs.nix index fdea9b6..934c517 100755 --- a/modules/min-pkgs.nix +++ b/modules/min-pkgs.nix @@ -4,7 +4,7 @@ git htop vim - wireguard + wireguard-tools vault tree-sitter rnix-lsp @@ -31,12 +31,11 @@ }; }; }; - nix = { package = pkgs.nixUnstable; extraOptions = '' experimental-features = nix-command flakes ''; - trustedUsers = [ "root" ]; + settings.trusted-users = [ "root" ]; }; } diff --git a/modules/builder.nix b/modules/x86builder.nix similarity index 100% rename from modules/builder.nix rename to modules/x86builder.nix