diff options
| author | Quentin Aristote <quentin@aristote.fr> | 2023-02-18 14:31:33 +0100 |
|---|---|---|
| committer | Quentin Aristote <quentin@aristote.fr> | 2023-02-18 14:42:41 +0100 |
| commit | 093cb612282f48d15ba295f109660e47a22f8e39 (patch) | |
| tree | 68d61e95578bccb71f0da0d9e451c5d022d6910d | |
| parent | ceb94dc2b322212ee3622927f5f4c289c04a798e (diff) | |
factor out common configuration options
| -rw-r--r-- | config/boot.nix | 10 | ||||
| -rw-r--r-- | config/default.nix | 4 | ||||
| -rw-r--r-- | config/environment.nix | 13 | ||||
| -rw-r--r-- | config/hardware-configuration.nix (renamed from hardware-configuration.nix) | 0 | ||||
| -rw-r--r-- | config/networking.nix | 21 | ||||
| -rw-r--r-- | config/nix.nix | 12 | ||||
| -rw-r--r-- | config/store.nix | 21 | ||||
| -rw-r--r-- | config/users.nix | 8 | ||||
| -rw-r--r-- | flake.lock | 59 | ||||
| -rw-r--r-- | flake.nix | 51 | ||||
| -rw-r--r-- | modules/default.nix | 8 | ||||
| -rw-r--r-- | modules/filtron.nix | 87 | ||||
| -rw-r--r-- | modules/rss-bridge.nix | 71 | ||||
| -rw-r--r-- | pkgs/default.nix | 5 | ||||
| -rw-r--r-- | pkgs/filtron/default.nix | 16 |
15 files changed, 91 insertions, 295 deletions
diff --git a/config/boot.nix b/config/boot.nix index df60fea..910e251 100644 --- a/config/boot.nix +++ b/config/boot.nix @@ -1,12 +1,6 @@ { ... }: { - boot = { - loader.grub = { - enable = true; - version = 2; - enableCryptodisk = true; - device = "/dev/vda"; - }; - }; + personal.boot.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; } diff --git a/config/default.nix b/config/default.nix index 271ee4b..43dff7d 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,4 +1,4 @@ -{ pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -7,8 +7,8 @@ ./boot.nix ./environment.nix ./networking.nix + ./nix.nix ./services - ./store.nix ./users.nix ]; diff --git a/config/environment.nix b/config/environment.nix index e812e43..61f55ff 100644 --- a/config/environment.nix +++ b/config/environment.nix @@ -1,16 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ vim gitMinimal ]; + personal.environment = { + enable = true; + locale.enable = true; + }; programs.bash.promptInit = '' PS1="\n\[\033[1;32m\][\[\e]0;\u@$(hostname -f): \w\a\]\u@$(hostname -f):\w]\$\[\033[0m\] " ''; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - time.timeZone = "Europe/Paris"; } diff --git a/hardware-configuration.nix b/config/hardware-configuration.nix index 1b79e6f..1b79e6f 100644 --- a/hardware-configuration.nix +++ b/config/hardware-configuration.nix diff --git a/config/networking.nix b/config/networking.nix index decd84e..172834d 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -1,6 +1,12 @@ { pkgs, ... }: { + personal.networking = { + enable = true; + firewall.http = true; + ssh.enable = true; + }; + networking = { hostName = "hermes"; domain = "aristote.fr"; @@ -12,20 +18,5 @@ }]; defaultGateway = "93.95.228.1"; nameservers = [ "93.95.224.28" "93.95.224.29" ]; - - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - extraConfig = '' - AcceptEnv PS1 - ''; }; - services.fail2ban.enable = true; } diff --git a/config/nix.nix b/config/nix.nix new file mode 100644 index 0000000..5c9278f --- /dev/null +++ b/config/nix.nix @@ -0,0 +1,12 @@ +{ lib, ... }: + +{ + personal.nix = { + enable = true; + autoUpgrade = true; + gc.enable = true; + flake = "git+file:///etc/nixos/"; + }; + nix.settings.max-jobs = lib.mkDefault 1; + system.autoUpgrade.flags = [ "--update-input" "personal-webpage/data" ]; +} diff --git a/config/store.nix b/config/store.nix deleted file mode 100644 index 8efcd5d..0000000 --- a/config/store.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: - -{ - nix = { - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - }; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-old"; - }; - settings.max-jobs = lib.mkDefault 1; - }; - system.autoUpgrade = { - enable = true; - flake = "git+file:///etc/nixos/"; - flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]; - }; -} diff --git a/config/users.nix b/config/users.nix index 99a497d..36aacef 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,11 +1,5 @@ { ... }: { - users.users.qaristote = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" - ]; - }; + personal.user.enable = true; } @@ -12,11 +12,11 @@ ] }, "locked": { - "lastModified": 1671297777, - "narHash": "sha256-kvCzzOupvgGyO3Q/0cpGPgDYEdj8g6MVCH4Mlt/e56k=", + "lastModified": 1676498599, + "narHash": "sha256-eLqhEoQZhCcpQvBE2TZe0VVyfV+DnWJKUDoZEMTHN4g=", "owner": "qaristote", "repo": "info", - "rev": "c91a58357700a466aee5135767535136c878e009", + "rev": "4f91bd86bbe9bc3e7fdc04916f244ace13a92a15", "type": "github" }, "original": { @@ -27,11 +27,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "lastModified": 1676283394, + "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=", "owner": "numtide", "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073", "type": "github" }, "original": { @@ -39,13 +39,28 @@ "type": "indirect" } }, + "my-nixpkgs": { + "inputs": { + "nur": "nur" + }, + "locked": { + "lastModified": 1676671024, + "narHash": "sha256-hziJ8MYh4f27DAaVjWqqZd0gC9LFIMx5ADnXik5+1HI=", + "type": "git", + "url": "file:///home/qaristote/code/nix/my-nixpkgs" + }, + "original": { + "type": "git", + "url": "file:///home/qaristote/code/nix/my-nixpkgs" + } + }, "nixpkgs": { "locked": { - "lastModified": 1671249438, - "narHash": "sha256-5e+CcnbZA3/i2BRXbnzRS52Ly67MUNdZR+Zpbb2C65k=", + "lastModified": 1676549890, + "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "067bfc6c90a301572cec7da48f09c447a9a8eae0", + "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257", "type": "github" }, "original": { @@ -53,23 +68,35 @@ "type": "indirect" } }, + "nur": { + "locked": { + "lastModified": 1676725308, + "narHash": "sha256-vzS7PJCDD7fCA9ybuiNcQgOAploV++zF//j6WL2e7zA=", + "owner": "nix-community", + "repo": "NUR", + "rev": "ec4bf914ab48fef81ad0ff0cbc70c84895454e0e", + "type": "github" + }, + "original": { + "id": "nur", + "type": "indirect" + } + }, "personal-webpage": { "inputs": { "data": "data", - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], "uncss": "uncss" }, "locked": { - "lastModified": 1671298845, - "narHash": "sha256-lFVBXth57Pn6QIN+vPvFR87UxWJ1HFXarHalDvjWrR4=", + "lastModified": 1676669690, + "narHash": "sha256-JOQhAYEd5/kvUGBuaMY8cpWDE9jAMKLON9/E5S9ve0o=", "owner": "qaristote", "repo": "webpage", - "rev": "334d3318b16d765dc10a537be841240986aeea04", + "rev": "2fa3778f333a59c3e8af26205b921ad0a7d1168e", "type": "github" }, "original": { @@ -80,7 +107,7 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "my-nixpkgs": "my-nixpkgs", "nixpkgs": "nixpkgs", "personal-webpage": "personal-webpage" } @@ -2,40 +2,31 @@ inputs = { personal-webpage = { url = "github:qaristote/webpage"; - inputs = { - nixpkgs.follows = "/nixpkgs"; - flake-utils.follows = "/flake-utils"; - }; + inputs.nixpkgs.follows = "/nixpkgs"; }; + my-nixpkgs.url = "git+file:///home/qaristote/code/nix/my-nixpkgs"; }; - outputs = { self, nixpkgs, personal-webpage, flake-utils, ... }@attrs: - flake-utils.lib.eachDefaultSystem (system: { - overlays.default = final: prev: { - personal = import ./pkgs { pkgs = final; } // { - webpage = personal-webpage.defaultPackage."${system}"; - }; + outputs = { self, nixpkgs, my-nixpkgs, personal-webpage, ... }: { + nixosConfigurations = let + system = "x86_64-linux"; + commonModules = [ + my-nixpkgs.nixosModules.personal + ({ ... }: { + nixpkgs.overlays = + [ my-nixpkgs.overlays.personal personal-webpage.overlays.default ]; + }) + ]; + in { + hermes = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules + ++ [ ./config ./config/hardware-configuration.nix ]; }; - }) // { - nixosModules.default = import ./modules; - nixosConfigurations = let - system = "x86_64-linux"; - specialArgs = attrs; - commonModules = [ - self.nixosModules.default - ({ ... }: { - nixpkgs.overlays = [ self.overlays."${system}".default ]; - }) - ]; - in { - hermes = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = commonModules ++ [ ./config ./hardware-configuration.nix ]; - }; - hermes-test = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = commonModules ++ [ ./tests/configuration.nix ]; - }; + hermes-test = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules ++ [ ./tests/configuration.nix ]; }; }; + }; } diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 95f75b4..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./filtron.nix - ./rss-bridge.nix - ]; -} diff --git a/modules/filtron.nix b/modules/filtron.nix deleted file mode 100644 index 55374a7..0000000 --- a/modules/filtron.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.filtron; - addressType = types.submodule { - options = { - address = mkOption { - type = types.str; - default = "127.0.0.1"; - }; - port = mkOption { type = types.port; }; - }; - }; -in { - options.services.filtron = { - enable = mkEnableOption { name = "filtron"; }; - package = mkOption { - type = types.package; - default = pkgs.personal.filtron; - defaultText = literalExample "pkgs.personal.filtron"; - description = '' - The package containing the filtron executable. - ''; - }; - api = mkOption { - type = addressType; - default = { address = "localhost"; port = 4005; }; - description = '' - API listen address and port. - ''; - }; - listen = mkOption { - type = addressType; - default = { port = 4004; }; - description = '' - Proxy listen address and port. - ''; - }; - target = mkOption { - type = addressType; - default = { port = 8888; }; - description = '' - Target address and port for reverse proxy. - ''; - }; - rules = mkOption { - type = with types; listOf (attrsOf anything); - description = '' - Rule list. - ''; - }; - readBufferSize = mkOption { - type = types.int; - default = 16384; - description = '' - Size of the buffer used for reading. - ''; - }; - }; - - config = mkIf cfg.enable { - users.users.filtron = { - description = "Filtron daemon user"; - group = "filtron"; - isSystemUser = true; - }; - users.groups.filtron = { }; - - systemd.services.filtron = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - description = "Start a filtron instance."; - serviceConfig = { - User = "filtron"; - ExecStart = with builtins; '' - ${cfg.package}/bin/filtron \ - -rules ${toFile "filtron-rules.json" (toJSON cfg.rules)} \ - -api "${cfg.api.address}:${toString cfg.api.port}" \ - -listen "${cfg.listen.address}:${toString cfg.listen.port}" \ - -target "${cfg.target.address}:${toString cfg.target.port}" \ - -read-buffer-size ${toString cfg.readBufferSize} - ''; - }; - }; - }; -} diff --git a/modules/rss-bridge.nix b/modules/rss-bridge.nix deleted file mode 100644 index 7c0d349..0000000 --- a/modules/rss-bridge.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.rss-bridge; - rss-bridge = pkgs.rss-bridge.overrideAttrs (oldAttrs: - oldAttrs // { - installPhase = oldAttrs.installPhase + '' - pushd $out/bridges - ln -sf ${./ParisJazzClubBridge.php} ParisJazzClubBridge.php - ln -sf ${./MaisonDeLaRadioBridge.php} MaisonDeLaRadioBridge.php - ln -sf ${./FipAlbumsBridge.php} FipAlbumsBridge.php - ln -sf ${./WhatsOnMubiBridge.php} WhatsOnMubiBridge.php - popd - '' + lib.optionalString debug '' - touch $out/DEBUG - ''; - }); -in { - options.services.rss-bridge = { - package = mkOption { - type = types.package; - description = "Which derivation to use."; - default = pkgs.rss-bridge; - defaultText = literalExample "pkgs.rss-bridge"; - }; - debug = mkEnableOption "debug mode"; - extraBridges = mkOption { - type = types.listOf (types.submodule { - options = { - name = mkOption { - type = types.strMatching "[a-zA-Z0-9]*"; - description = '' - The name of the bridge. - It need not include 'Bridge' at the end, unlike required in RSS-Bridge. - ''; - example = "SomeAppWithANewsletter"; - }; - source = mkOption { - type = types.path; - description = '' - The path to a file whose contents is the PHP sourcecode of the bridge. - See also the RSS-Bridge documentation: https://rss-bridge.github.io/rss-bridge/Bridge_API/index.html. - ''; - }; - }; - }); - default = [ ]; - description = '' - A list of additional bridges that aren't already included in RSS-Bridge. - These bridges are automatically whitelisted''; - }; - }; - - config.services.rss-bridge.whitelist = - map (bridge: bridge.name) cfg.extraBridges; - config.services.nginx = mkIf (cfg.virtualHost != null) { - virtualHosts.${cfg.virtualHost}.root = mkIf (cfg.extraBridges != [ ]) - (mkForce (pkgs.runCommand "rss-bridge" { } ('' - mkdir -p $out/bridges - cp -r ${cfg.package}/* $out/ - pushd $out/bridges - '' + concatStrings (map (bridge: '' - ln -sf ${bridge.source} "${bridge.name}Bridge.php" - '') cfg.extraBridges) + '' - popd - '' + lib.optionalString cfg.debug '' - touch $out/DEBUG - ''))); - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix deleted file mode 100644 index 73848b0..0000000 --- a/pkgs/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs }: - -{ - filtron = pkgs.callPackage ./filtron {}; -} diff --git a/pkgs/filtron/default.nix b/pkgs/filtron/default.nix deleted file mode 100644 index 40a6f6c..0000000 --- a/pkgs/filtron/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "filtron"; - version = "0.2.0"; - - src = fetchFromGitHub { - owner = "asciimoo"; - repo = "filtron"; - rev = "v${version}"; - sha256 = "18d3h0i2sfqbc0bjx26jm2n9f37zwp8z9z4wd17sw7nvkfa72a26"; - }; - - doCheck = false; - vendorSha256 = "05q2g591xl08h387mm6njabvki19yih63dfsafgpc9hyk5ydf2n9"; -} |