diff options
| -rw-r--r-- | config/boot.nix | 10 | ||||
| -rw-r--r-- | config/default.nix | 4 | ||||
| -rw-r--r-- | config/environment.nix | 13 | ||||
| -rw-r--r-- | config/hardware-configuration.nix (renamed from hardware-configuration.nix) | 0 | ||||
| -rw-r--r-- | config/networking.nix | 23 | ||||
| -rw-r--r-- | config/nix.nix | 12 | ||||
| -rw-r--r-- | config/services/web/searx/searx/engines.nix | 2 | ||||
| -rw-r--r-- | config/store.nix | 21 | ||||
| -rw-r--r-- | config/users.nix | 8 | ||||
| -rw-r--r-- | flake.lock | 74 | ||||
| -rw-r--r-- | flake.nix | 55 | ||||
| -rw-r--r-- | modules/default.nix | 8 | ||||
| -rw-r--r-- | modules/filtron.nix | 87 | ||||
| -rw-r--r-- | modules/rss-bridge.nix | 71 | ||||
| -rw-r--r-- | pkgs/default.nix | 5 | ||||
| -rw-r--r-- | pkgs/filtron/default.nix | 16 |
16 files changed, 113 insertions, 296 deletions
diff --git a/config/boot.nix b/config/boot.nix index df60fea..910e251 100644 --- a/config/boot.nix +++ b/config/boot.nix @@ -1,12 +1,6 @@ { ... }: { - boot = { - loader.grub = { - enable = true; - version = 2; - enableCryptodisk = true; - device = "/dev/vda"; - }; - }; + personal.boot.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; } diff --git a/config/default.nix b/config/default.nix index 271ee4b..43dff7d 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,4 +1,4 @@ -{ pkgs, modulesPath, ... }: +{ modulesPath, ... }: { imports = [ @@ -7,8 +7,8 @@ ./boot.nix ./environment.nix ./networking.nix + ./nix.nix ./services - ./store.nix ./users.nix ]; diff --git a/config/environment.nix b/config/environment.nix index e812e43..61f55ff 100644 --- a/config/environment.nix +++ b/config/environment.nix @@ -1,16 +1,11 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ vim gitMinimal ]; + personal.environment = { + enable = true; + locale.enable = true; + }; programs.bash.promptInit = '' PS1="\n\[\033[1;32m\][\[\e]0;\u@$(hostname -f): \w\a\]\u@$(hostname -f):\w]\$\[\033[0m\] " ''; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - time.timeZone = "Europe/Paris"; } diff --git a/hardware-configuration.nix b/config/hardware-configuration.nix index 1b79e6f..1b79e6f 100644 --- a/hardware-configuration.nix +++ b/config/hardware-configuration.nix diff --git a/config/networking.nix b/config/networking.nix index 4716149..172834d 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -1,6 +1,12 @@ { pkgs, ... }: { + personal.networking = { + enable = true; + firewall.http = true; + ssh.enable = true; + }; + networking = { hostName = "hermes"; domain = "aristote.fr"; @@ -12,22 +18,5 @@ }]; defaultGateway = "93.95.228.1"; nameservers = [ "93.95.224.28" "93.95.224.29" ]; - - firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - }; - - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - extraConfig = '' - AcceptEnv PS1 - ''; }; - services.fail2ban.enable = true; } diff --git a/config/nix.nix b/config/nix.nix new file mode 100644 index 0000000..5c9278f --- /dev/null +++ b/config/nix.nix @@ -0,0 +1,12 @@ +{ lib, ... }: + +{ + personal.nix = { + enable = true; + autoUpgrade = true; + gc.enable = true; + flake = "git+file:///etc/nixos/"; + }; + nix.settings.max-jobs = lib.mkDefault 1; + system.autoUpgrade.flags = [ "--update-input" "personal-webpage/data" ]; +} diff --git a/config/services/web/searx/searx/engines.nix b/config/services/web/searx/searx/engines.nix index 259ea74..1c5273a 100644 --- a/config/services/web/searx/searx/engines.nix +++ b/config/services/web/searx/searx/engines.nix @@ -54,7 +54,7 @@ in { # files "btdigg" # images - "openverse" + "ccengine" "bing images" "library of congress" "qwant images" diff --git a/config/store.nix b/config/store.nix deleted file mode 100644 index 8efcd5d..0000000 --- a/config/store.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ lib, ... }: - -{ - nix = { - settings = { - auto-optimise-store = true; - experimental-features = [ "nix-command" "flakes" ]; - }; - gc = { - automatic = true; - dates = "daily"; - options = "--delete-old"; - }; - settings.max-jobs = lib.mkDefault 1; - }; - system.autoUpgrade = { - enable = true; - flake = "git+file:///etc/nixos/"; - flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ]; - }; -} diff --git a/config/users.nix b/config/users.nix index 99a497d..36aacef 100644 --- a/config/users.nix +++ b/config/users.nix @@ -1,11 +1,5 @@ { ... }: { - users.users.qaristote = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4wGbl3++lqCjLUhoRyABBrVEeNhIXYO4371srkRoyq qaristote@latitude-7490" - ]; - }; + personal.user.enable = true; } @@ -12,11 +12,11 @@ ] }, "locked": { - "lastModified": 1676496210, - "narHash": "sha256-zDQaXG7+TFu2xKlzYXcwFSnGyY4mkXzM0KZmtzMVpig=", + "lastModified": 1676498599, + "narHash": "sha256-eLqhEoQZhCcpQvBE2TZe0VVyfV+DnWJKUDoZEMTHN4g=", "owner": "qaristote", "repo": "info", - "rev": "c0058bdfe82d24542c7fb8a7bb33ad518c3fa72b", + "rev": "4f91bd86bbe9bc3e7fdc04916f244ace13a92a15", "type": "github" }, "original": { @@ -39,37 +39,82 @@ "type": "indirect" } }, + "my-nixpkgs": { + "inputs": { + "nur": "nur" + }, + "locked": { + "lastModified": 1676820683, + "narHash": "sha256-Duxvn4bUTG0n03KO3cxvqThtEk1e6FfLdGXJLKrOV8c=", + "type": "git", + "url": "file:///home/qaristote/code/nix/my-nixpkgs" + }, + "original": { + "type": "git", + "url": "file:///home/qaristote/code/nix/my-nixpkgs" + } + }, "nixpkgs": { "locked": { - "lastModified": 1676335949, - "narHash": "sha256-mnvvqmFhotH++nSovRiIZX4CW8nbr2bEEnWgymzM4z4=", + "lastModified": 1676771332, + "narHash": "sha256-YYn2K0AwyIyCzvP7C+xzEt64rlCRPyrllRPGNNu+50M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f27a4e2f6a3a23b843ca1c736e6043fb8b99acc1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-22.11-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1676795730, + "narHash": "sha256-X69A9BdcPTySJJ7DqS4wc8b6eqGKi32jCSyaBsz4WB0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "efc59894b1ba73cb745676616c56c780383d6788", + "type": "github" + }, + "original": { "owner": "NixOS", + "ref": "nixos-unstable-small", "repo": "nixpkgs", - "rev": "0a25e2c87e784bf7e06e7833ec0e06d34836959a", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1676820779, + "narHash": "sha256-/EmCS02RHZbpOXLuv+iItYkice2/yjsSq2r0yAKenHE=", + "owner": "nix-community", + "repo": "NUR", + "rev": "776010dc73870aa36e322411c47ede8155e1b2dd", "type": "github" }, "original": { - "id": "nixpkgs", + "id": "nur", "type": "indirect" } }, "personal-webpage": { "inputs": { "data": "data", - "flake-utils": [ - "flake-utils" - ], + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ], "uncss": "uncss" }, "locked": { - "lastModified": 1671298845, - "narHash": "sha256-lFVBXth57Pn6QIN+vPvFR87UxWJ1HFXarHalDvjWrR4=", + "lastModified": 1676669690, + "narHash": "sha256-JOQhAYEd5/kvUGBuaMY8cpWDE9jAMKLON9/E5S9ve0o=", "owner": "qaristote", "repo": "webpage", - "rev": "334d3318b16d765dc10a537be841240986aeea04", + "rev": "2fa3778f333a59c3e8af26205b921ad0a7d1168e", "type": "github" }, "original": { @@ -80,8 +125,9 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "my-nixpkgs": "my-nixpkgs", "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "personal-webpage": "personal-webpage" } }, @@ -2,40 +2,35 @@ inputs = { personal-webpage = { url = "github:qaristote/webpage"; - inputs = { - nixpkgs.follows = "/nixpkgs"; - flake-utils.follows = "/flake-utils"; - }; + inputs.nixpkgs.follows = "/nixpkgs"; }; + my-nixpkgs.url = "git+file:///home/qaristote/code/nix/my-nixpkgs"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; }; - outputs = { self, nixpkgs, personal-webpage, flake-utils, ... }@attrs: - flake-utils.lib.eachDefaultSystem (system: { - overlays.default = final: prev: { - personal = import ./pkgs { pkgs = final; } // { - webpage = personal-webpage.defaultPackage."${system}"; - }; + outputs = { self, nixpkgs, nixpkgs-unstable, my-nixpkgs, personal-webpage, ... }: { + nixosConfigurations = let + system = "x86_64-linux"; + commonModules = [ + my-nixpkgs.nixosModules.personal + ({ ... }: { + nixpkgs.overlays = + [ my-nixpkgs.overlays.personal personal-webpage.overlays.default (_: prev: { + inherit (nixpkgs-unstable.legacyPackages."${prev.system}") filtron; + })]; + }) + ]; + in { + hermes = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules + ++ [ ./config ./config/hardware-configuration.nix ]; }; - }) // { - nixosModules.default = import ./modules; - nixosConfigurations = let - system = "x86_64-linux"; - specialArgs = attrs; - commonModules = [ - self.nixosModules.default - ({ ... }: { - nixpkgs.overlays = [ self.overlays."${system}".default ]; - }) - ]; - in { - hermes = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = commonModules ++ [ ./config ./hardware-configuration.nix ]; - }; - hermes-test = nixpkgs.lib.nixosSystem { - inherit system specialArgs; - modules = commonModules ++ [ ./tests/configuration.nix ]; - }; + hermes-test = nixpkgs.lib.nixosSystem { + inherit system; + modules = commonModules ++ [ ./tests/configuration.nix ]; }; }; + }; } diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 95f75b4..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - imports = [ - ./filtron.nix - ./rss-bridge.nix - ]; -} diff --git a/modules/filtron.nix b/modules/filtron.nix deleted file mode 100644 index 55374a7..0000000 --- a/modules/filtron.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.filtron; - addressType = types.submodule { - options = { - address = mkOption { - type = types.str; - default = "127.0.0.1"; - }; - port = mkOption { type = types.port; }; - }; - }; -in { - options.services.filtron = { - enable = mkEnableOption { name = "filtron"; }; - package = mkOption { - type = types.package; - default = pkgs.personal.filtron; - defaultText = literalExample "pkgs.personal.filtron"; - description = '' - The package containing the filtron executable. - ''; - }; - api = mkOption { - type = addressType; - default = { address = "localhost"; port = 4005; }; - description = '' - API listen address and port. - ''; - }; - listen = mkOption { - type = addressType; - default = { port = 4004; }; - description = '' - Proxy listen address and port. - ''; - }; - target = mkOption { - type = addressType; - default = { port = 8888; }; - description = '' - Target address and port for reverse proxy. - ''; - }; - rules = mkOption { - type = with types; listOf (attrsOf anything); - description = '' - Rule list. - ''; - }; - readBufferSize = mkOption { - type = types.int; - default = 16384; - description = '' - Size of the buffer used for reading. - ''; - }; - }; - - config = mkIf cfg.enable { - users.users.filtron = { - description = "Filtron daemon user"; - group = "filtron"; - isSystemUser = true; - }; - users.groups.filtron = { }; - - systemd.services.filtron = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - description = "Start a filtron instance."; - serviceConfig = { - User = "filtron"; - ExecStart = with builtins; '' - ${cfg.package}/bin/filtron \ - -rules ${toFile "filtron-rules.json" (toJSON cfg.rules)} \ - -api "${cfg.api.address}:${toString cfg.api.port}" \ - -listen "${cfg.listen.address}:${toString cfg.listen.port}" \ - -target "${cfg.target.address}:${toString cfg.target.port}" \ - -read-buffer-size ${toString cfg.readBufferSize} - ''; - }; - }; - }; -} diff --git a/modules/rss-bridge.nix b/modules/rss-bridge.nix deleted file mode 100644 index 7c0d349..0000000 --- a/modules/rss-bridge.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.services.rss-bridge; - rss-bridge = pkgs.rss-bridge.overrideAttrs (oldAttrs: - oldAttrs // { - installPhase = oldAttrs.installPhase + '' - pushd $out/bridges - ln -sf ${./ParisJazzClubBridge.php} ParisJazzClubBridge.php - ln -sf ${./MaisonDeLaRadioBridge.php} MaisonDeLaRadioBridge.php - ln -sf ${./FipAlbumsBridge.php} FipAlbumsBridge.php - ln -sf ${./WhatsOnMubiBridge.php} WhatsOnMubiBridge.php - popd - '' + lib.optionalString debug '' - touch $out/DEBUG - ''; - }); -in { - options.services.rss-bridge = { - package = mkOption { - type = types.package; - description = "Which derivation to use."; - default = pkgs.rss-bridge; - defaultText = literalExample "pkgs.rss-bridge"; - }; - debug = mkEnableOption "debug mode"; - extraBridges = mkOption { - type = types.listOf (types.submodule { - options = { - name = mkOption { - type = types.strMatching "[a-zA-Z0-9]*"; - description = '' - The name of the bridge. - It need not include 'Bridge' at the end, unlike required in RSS-Bridge. - ''; - example = "SomeAppWithANewsletter"; - }; - source = mkOption { - type = types.path; - description = '' - The path to a file whose contents is the PHP sourcecode of the bridge. - See also the RSS-Bridge documentation: https://rss-bridge.github.io/rss-bridge/Bridge_API/index.html. - ''; - }; - }; - }); - default = [ ]; - description = '' - A list of additional bridges that aren't already included in RSS-Bridge. - These bridges are automatically whitelisted''; - }; - }; - - config.services.rss-bridge.whitelist = - map (bridge: bridge.name) cfg.extraBridges; - config.services.nginx = mkIf (cfg.virtualHost != null) { - virtualHosts.${cfg.virtualHost}.root = mkIf (cfg.extraBridges != [ ]) - (mkForce (pkgs.runCommand "rss-bridge" { } ('' - mkdir -p $out/bridges - cp -r ${cfg.package}/* $out/ - pushd $out/bridges - '' + concatStrings (map (bridge: '' - ln -sf ${bridge.source} "${bridge.name}Bridge.php" - '') cfg.extraBridges) + '' - popd - '' + lib.optionalString cfg.debug '' - touch $out/DEBUG - ''))); - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix deleted file mode 100644 index 73848b0..0000000 --- a/pkgs/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs }: - -{ - filtron = pkgs.callPackage ./filtron {}; -} diff --git a/pkgs/filtron/default.nix b/pkgs/filtron/default.nix deleted file mode 100644 index 40a6f6c..0000000 --- a/pkgs/filtron/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ stdenv, buildGoModule, fetchFromGitHub }: - -buildGoModule rec { - pname = "filtron"; - version = "0.2.0"; - - src = fetchFromGitHub { - owner = "asciimoo"; - repo = "filtron"; - rev = "v${version}"; - sha256 = "18d3h0i2sfqbc0bjx26jm2n9f37zwp8z9z4wd17sw7nvkfa72a26"; - }; - - doCheck = false; - vendorSha256 = "05q2g591xl08h387mm6njabvki19yih63dfsafgpc9hyk5ydf2n9"; -} |