uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: alejandra -> nixfmt

Browse source
This commit is contained in:
uku 2024-12-25 18:21:24 +01:00
parent acc6e6e825
commit 65ce9c5882
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
56 changed files with 737 additions and 456 deletions
Download patch file Download diff file Expand all files Collapse all files

10
systems/etna/default.nix
View file

@ -4,15 +4,17 @@
config,
_utils,
...
}: let
}:
let
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
secrets = _utils.setupSharedSecrets config {secrets = ["frpToken"];};
secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
owner = "cloudflared";
group = "cloudflared";
};
in {
in
{
assertions = [
{
assertion = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.6.31";
@ -21,7 +23,7 @@ in {
];
imports = [
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
(lib.mkAliasOptionModule [ "cfTunnels" ] [ "services" "cloudflared" "tunnels" tunnelId "ingress" ])
secrets.generate
cfTunnelSecret.generate

126
systems/etna/dendrite.nix
View file

@ -2,60 +2,64 @@
config,
_utils,
...
}: let
secretKey = _utils.setupSingleSecret config "dendriteKey" {};
in {
imports = [secretKey.generate];
}:
let
secretKey = _utils.setupSingleSecret config "dendriteKey" { };
in
{
imports = [ secretKey.generate ];
cfTunnels."m.uku.moe" = "http://localhost:80";
systemd.services.dendrite = {
after = ["postgresql.service"];
after = [ "postgresql.service" ];
serviceConfig.RestartSec = 10;
};
services = {
dendrite = let
database = {
connection_string = "postgres:///dendrite?host=/run/postgresql";
max_open_conns = 50;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
in {
enable = true;
httpPort = 8008;
loadCredential = ["private_key:${secretKey.path}"];
settings = {
global = {
server_name = "m.uku.moe";
private_key = "$CREDENTIALS_DIRECTORY/private_key";
inherit database;
dendrite =
let
database = {
connection_string = "postgres:///dendrite?host=/run/postgresql";
max_open_conns = 50;
max_idle_conns = 5;
conn_max_lifetime = -1;
};
in
{
enable = true;
httpPort = 8008;
loadCredential = [ "private_key:${secretKey.path}" ];
client_api = {
registration_disabled = true;
};
settings = {
global = {
server_name = "m.uku.moe";
private_key = "$CREDENTIALS_DIRECTORY/private_key";
inherit database;
};
app_service_api = {inherit database;};
federation_api = {inherit database;};
key_server = {inherit database;};
media_api = {inherit database;};
mscs = {inherit database;};
relay_api = {inherit database;};
room_server = {inherit database;};
sync_api = {inherit database;};
user_api = {
account_database = database;
device_database = database;
client_api = {
registration_disabled = true;
};
app_service_api = { inherit database; };
federation_api = { inherit database; };
key_server = { inherit database; };
media_api = { inherit database; };
mscs = { inherit database; };
relay_api = { inherit database; };
room_server = { inherit database; };
sync_api = { inherit database; };
user_api = {
account_database = database;
device_database = database;
};
};
};
};
postgresql = {
enable = true;
ensureDatabases = ["dendrite"];
ensureDatabases = [ "dendrite" ];
ensureUsers = [
{
name = "dendrite";
@ -64,28 +68,34 @@ in {
];
};
nginx.virtualHosts."m.uku.moe".locations = let
server = {"m.server" = "m.uku.moe:443";};
client = {"m.homeserver"."base_url" = "https://m.uku.moe";};
in {
"=/.well-known/matrix/server" = {
return = "200 '${builtins.toJSON server}'";
};
nginx.virtualHosts."m.uku.moe".locations =
let
server = {
"m.server" = "m.uku.moe:443";
};
client = {
"m.homeserver"."base_url" = "https://m.uku.moe";
};
in
{
"=/.well-known/matrix/server" = {
return = "200 '${builtins.toJSON server}'";
};
"=/.well-known/matrix/client" = {
return = "200 '${builtins.toJSON client}'";
};
"=/.well-known/matrix/client" = {
return = "200 '${builtins.toJSON client}'";
};
"/" = {
proxyPass = "http://localhost:8008";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
client_max_body_size 100M;
'';
"/" = {
proxyPass = "http://localhost:8008";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_read_timeout 600;
client_max_body_size 100M;
'';
};
};
};
};
}

13
systems/etna/forgejo.nix
View file

@ -3,16 +3,21 @@
config,
_utils,
...
}: let
}:
let
secrets = _utils.setupSecrets config {
secrets = ["turnstileSecret" "forgejoRunnerSecret"];
secrets = [
"turnstileSecret"
"forgejoRunnerSecret"
];
extra = {
owner = "forgejo";
group = "forgejo";
};
};
in {
imports = [secrets.generate];
in
{
imports = [ secrets.generate ];
cfTunnels."git.uku3lig.net" = "http://localhost:3000";

24
systems/etna/hardware-configuration.nix
View file

@ -7,15 +7,22 @@
pkgs,
modulesPath,
...
}: {
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e136f8ad-b8d5-4706-ad24-725926fd50ec";
@ -25,7 +32,10 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FBB1-A79D";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/data" = {
@ -34,7 +44,7 @@
};
swapDevices = [
{device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615";}
{ device = "/dev/disk/by-uuid/4982538e-5402-44c0-86c6-bf086c856615"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
systems/etna/immich.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
services.immich = {
enable = true;

14
systems/etna/metrics.nix
View file

@ -3,11 +3,13 @@
mystia,
_utils,
...
}: let
}:
let
vmcfg = config.services.victoriametrics;
secrets = _utils.setupSharedSecrets config {secrets = ["vmAuthToken"];};
vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" {};
in {
secrets = _utils.setupSharedSecrets config { secrets = [ "vmAuthToken" ]; };
vmauthEnv = _utils.setupSingleSecret config "vmauthEnv" { };
in
{
imports = [
mystia.nixosModules.vmauth
secrets.generate
@ -47,12 +49,12 @@ in {
scrape_configs = [
{
job_name = "victoriametrics";
static_configs = [{targets = ["${builtins.toString vmcfg.listenAddress}"];}];
static_configs = [ { targets = [ "${builtins.toString vmcfg.listenAddress}" ]; } ];
}
{
job_name = "api-rs";
static_configs = [{targets = ["localhost:5001"];}];
static_configs = [ { targets = [ "localhost:5001" ]; } ];
}
];
};

16
systems/etna/minecraft.nix
View file

@ -4,17 +4,18 @@
config,
_utils,
...
}: let
}:
let
inherit (config.virtualisation.oci-containers) backend;
secret = _utils.setupSingleSecret config "minecraftEnv" {};
secret = _utils.setupSingleSecret config "minecraftEnv" { };
lynn = _utils.mkMinecraftServer config {
name = "lynn";
port = 25567;
remotePort = 6002;
memory = "4G";
envFiles = [secret.path];
envFiles = [ secret.path ];
env = {
USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH";
@ -27,7 +28,7 @@
port = 25565;
remotePort = 6005;
memory = "4G";
envFiles = [secret.path];
envFiles = [ secret.path ];
env = {
USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH";
@ -40,7 +41,7 @@
port = 25566;
remotePort = 6006;
memory = "4G";
envFiles = [secret.path];
envFiles = [ secret.path ];
env = {
USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH";
@ -48,7 +49,8 @@
MODRINTH_PROJECTS = "spark, no-chat-reports";
};
};
in {
in
{
imports = [
secret.generate
@ -58,7 +60,7 @@ in {
];
systemd.services.restart-minecraft-servers = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* 05:00:00";
restartIfChanged = false;

8
systems/etna/navidrome.nix
View file

@ -2,15 +2,17 @@
config,
_utils,
...
}: let
}:
let
cfg = config.services.navidrome;
env = _utils.setupSingleSecret config "navidromeEnv" {
inherit (cfg) group;
owner = cfg.user;
};
in {
imports = [env.generate];
in
{
imports = [ env.generate ];
cfTunnels."navidrome.uku3lig.net" = "http://localhost:4533";

8
systems/etna/nextcloud.nix
View file

@ -3,13 +3,15 @@
config,
_utils,
...
}: let
}:
let
adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" {
owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.name;
};
in {
imports = [adminPass.generate];
in
{
imports = [ adminPass.generate ];
# nextcloud generates nginx config
cfTunnels."cloud.uku3lig.net" = "http://localhost:80";

5
systems/etna/reposilite.nix
View file

@ -1,5 +1,6 @@
{camasca, ...}: {
imports = [camasca.nixosModules.reposilite];
{ camasca, ... }:
{
imports = [ camasca.nixosModules.reposilite ];
cfTunnels."maven.uku3lig.net" = "http://localhost:8080";

17
systems/etna/satisfactory.nix
View file

@ -1,10 +1,15 @@
{config, ...}: let
{ config, ... }:
let
inherit (config.virtualisation.oci-containers) backend;
in {
in
{
virtualisation.oci-containers.containers.satisfactory = {
image = "wolveix/satisfactory-server:v1.8.5";
ports = ["7777:7777/udp" "7777:7777/tcp"];
volumes = ["/var/lib/satisfactory-server:/config"];
ports = [
"7777:7777/udp"
"7777:7777/tcp"
];
volumes = [ "/var/lib/satisfactory-server:/config" ];
environment = {
MAXPLAYERS = "4";
PGID = "1000";
@ -20,7 +25,7 @@ in {
};
networking.firewall = {
allowedTCPPorts = [7777];
allowedUDPPorts = [7777];
allowedTCPPorts = [ 7777 ];
allowedUDPPorts = [ 7777 ];
};
}

4
systems/etna/shlink.nix
View file

@ -3,8 +3,8 @@
virtualisation.oci-containers.containers.shlink = {
image = "shlinkio/shlink:stable";
ports = ["8081:8080"];
volumes = ["/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite"];
ports = [ "8081:8080" ];
volumes = [ "/data/shlink/database.sqlite:/etc/shlink/data/database.sqlite" ];
environment = {
DEFAULT_DOMAIN = "uku.moe";
IS_HTTPS_ENABLED = "true";

11
systems/etna/uku.nix
View file

@ -4,11 +4,16 @@
api-rs,
ukubot-rs,
...
}: let
}:
let
secrets = _utils.setupSecrets config {
secrets = ["apiRsEnv" "ukubotRsEnv"];
secrets = [
"apiRsEnv"
"ukubotRsEnv"
];
};
in {
in
{
imports = [
api-rs.nixosModules.default
ukubot-rs.nixosModules.default

21
systems/etna/ups.nix
View file

@ -2,10 +2,12 @@
_utils,
config,
...
}: let
upsdPass = _utils.setupSingleSecret config "upsdUserPass" {};
in {
imports = [upsdPass.generate];
}:
let
upsdPass = _utils.setupSingleSecret config "upsdUserPass" { };
in
{
imports = [ upsdPass.generate ];
power.ups = {
enable = true;
@ -20,8 +22,11 @@ in {
users.admin = {
passwordFile = upsdPass.path;
instcmds = ["ALL"];
actions = ["SET" "FSD"];
instcmds = [ "ALL" ];
actions = [
"SET"
"FSD"
];
};
ups.eaton-3s-850 = {
@ -57,10 +62,10 @@ in {
{
job_name = "nut";
metrics_path = "/ups_metrics";
params.ups = ["eaton-3s-850"];
params.ups = [ "eaton-3s-850" ];
static_configs = [
{
targets = ["localhost:${builtins.toString config.services.prometheus.exporters.nut.port}"];
targets = [ "localhost:${builtins.toString config.services.prometheus.exporters.nut.port}" ];
labels.ups = "eaton-3s-850";
}
];

10
systems/etna/vaultwarden.nix
View file

@ -2,10 +2,12 @@
config,
_utils,
...
}: let
envFile = _utils.setupSingleSecret config "vaultwardenEnv" {};
in {
imports = [envFile.generate];
}:
let
envFile = _utils.setupSingleSecret config "vaultwardenEnv" { };
in
{
imports = [ envFile.generate ];
cfTunnels."bw.uku3lig.net" = "http://localhost:8222";