uku/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add utility functions

Browse source
This commit is contained in:
uku 2024-07-29 10:58:43 +02:00
parent ca71ddac8c
commit b8d7062228
Signed by: uku
SSH key fingerprint: SHA256:4P0aN6M8ajKukNi6aPOaX0LacanGYtlfjmN+m/sHY/o
12 changed files with 177 additions and 156 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
configs/common.nix
View file

@ -2,6 +2,7 @@
lib, lib,
pkgs, pkgs,
config, config,
_utils,
nixpkgs, nixpkgs,
agenix, agenix,
home-manager, home-manager,
@ -9,6 +10,8 @@
}: let }: let
username = "leo"; username = "leo";
stateVersion = "23.11"; stateVersion = "23.11";
rootPassword = _utils.setupSingleSecret config "rootPassword" {};
in { in {
imports = [ imports = [
agenix.nixosModules.default agenix.nixosModules.default
@ -16,6 +19,8 @@ in {
(lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username]) (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" username])
rootPassword.generate
../programs/fish.nix ../programs/fish.nix
../programs/git.nix ../programs/git.nix
../programs/rust.nix ../programs/rust.nix
@ -26,7 +31,6 @@ in {
identityPaths = ["/etc/age/key"]; identityPaths = ["/etc/age/key"];
secrets = { secrets = {
rootPassword.file = ../secrets/${config.networking.hostName}/rootPassword.age;
userPassword.file = ../secrets/userPassword.age; userPassword.file = ../secrets/userPassword.age;
tailscaleKey.file = ../secrets/tailscaleKey.age; tailscaleKey.file = ../secrets/tailscaleKey.age;
}; };
@ -174,7 +178,7 @@ in {
root = { root = {
shell = pkgs.fish; shell = pkgs.fish;
hashedPasswordFile = config.age.secrets.rootPassword.path; hashedPasswordFile = rootPassword.path;
}; };
}; };

56
global/utils.nix Normal file
View file

@ -0,0 +1,56 @@
{lib, ...}: {
setupSecrets = _config: {
secrets,
extra ? {},
}: let
inherit (_config.networking) hostName;
in {
generate = {age.secrets = lib.genAttrs secrets (name: extra // {file = ../secrets/${hostName}/${name}.age;});};
get = name: _config.age.secrets.${name}.path;
};
setupSingleSecret = _config: name: extra: let
inherit (_config.networking) hostName;
in {
generate = {age.secrets.${name} = extra // {file = ../secrets/${hostName}/${name}.age;};};
inherit (_config.age.secrets.${name}) path;
};
mkMinecraftServer = _config: {
name,
port,
remotePort,
tag ? "java21",
dataDir ? "/var/lib/${name}",
memory ? "4G",
env ? {},
envFiles ? [],
extraPorts ? [],
}: let
inherit (_config.virtualisation.oci-containers) backend;
in {
virtualisation.oci-containers.containers.${name} = {
image = "itzg/minecraft-server:${tag}";
ports = ["${builtins.toString port}:25565"] ++ extraPorts;
volumes = ["${dataDir}:/data"];
environmentFiles = envFiles;
environment =
{
EULA = "true";
MEMORY = memory;
}
// env;
};
services.frp.settings.proxies = [
{
inherit name remotePort;
type = "tcp";
localIp = "127.0.0.1";
localPort = port;
}
];
systemd.services."${backend}-${name}".serviceConfig.TimeoutSec = "300";
};
}

4
systems/default.nix
View file

@ -3,6 +3,8 @@
inputs, inputs,
... ...
}: let }: let
_utils = import ../global/utils.nix {inherit lib;};
toSystem = name: { toSystem = name: {
role, role,
system, system,
@ -19,7 +21,7 @@
{networking.hostName = name;} {networking.hostName = name;}
]; ];
specialArgs = inputs; specialArgs = inputs // {inherit _utils;};
}; };
in { in {
flake.nixosConfigurations = lib.mapAttrs toSystem { flake.nixosConfigurations = lib.mapAttrs toSystem {

37
systems/etna/default.nix
View file

@ -1,22 +1,24 @@
{ {
lib, lib,
pkgs,
config, config,
pkgs, # required for fudgeMyShitIn _utils,
... ...
} @ args: let }: let
tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5"; tunnelId = "57f51ad7-25a0-45f3-b113-0b6ae0b2c3e5";
secretsPath = ../../secrets/etna; frpSecret = _utils.setupSingleSecret config "frpToken" {};
mkSecrets = builtins.mapAttrs (name: value: value // {file = "${secretsPath}/${name}.age";}); cfTunnelSecret = _utils.setupSingleSecret config "tunnelCreds" {
mkSecret = name: other: mkSecrets {${name} = other;}; owner = "cloudflared";
group = "cloudflared";
fudgeMyShitIn = builtins.map (file: import file (args // {inherit mkSecret mkSecrets;})); };
in { in {
imports = imports = [
[
(lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"]) (lib.mkAliasOptionModule ["cfTunnels"] ["services" "cloudflared" "tunnels" tunnelId "ingress"])
]
++ fudgeMyShitIn [ frpSecret.generate
cfTunnelSecret.generate
./minecraft.nix ./minecraft.nix
./dendrite.nix ./dendrite.nix
./nextcloud.nix ./nextcloud.nix
@ -28,15 +30,6 @@ in {
./metrics.nix ./metrics.nix
]; ];
age.secrets = mkSecrets {
tunnelCreds = {
owner = "cloudflared";
group = "cloudflared";
};
frpToken = {};
};
boot = { boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_6_1; kernelPackages = lib.mkForce pkgs.linuxPackages_6_1;
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
@ -68,11 +61,11 @@ in {
cloudflared = { cloudflared = {
enable = true; enable = true;
tunnels.${tunnelId} = { tunnels.${tunnelId} = {
credentialsFile = config.age.secrets.tunnelCreds.path; credentialsFile = cfTunnelSecret.path;
default = "http_status:404"; default = "http_status:404";
}; };
}; };
}; };
systemd.services.frp.serviceConfig.EnvironmentFile = config.age.secrets.frpToken.path; systemd.services.frp.serviceConfig.EnvironmentFile = frpSecret.path;
} }

11
systems/etna/dendrite.nix
View file

@ -1,9 +1,12 @@
{ {
config, config,
mkSecret, _utils,
... ...
}: { }: let
age.secrets = mkSecret "dendriteKey" {}; secretKey = _utils.setupSingleSecret config "dendriteKey" {};
in {
imports = [secretKey.generate];
cfTunnels."m.uku.moe" = "http://localhost:80"; cfTunnels."m.uku.moe" = "http://localhost:80";
systemd.services.dendrite = { systemd.services.dendrite = {
@ -22,7 +25,7 @@
in { in {
enable = true; enable = true;
httpPort = 8008; httpPort = 8008;
loadCredential = ["private_key:${config.age.secrets.dendriteKey.path}"]; loadCredential = ["private_key:${secretKey.path}"];
settings = { settings = {
global = { global = {

14
systems/etna/forgejo.nix
View file

@ -1,14 +1,16 @@
{ {
config, config,
mkSecret, _utils,
... ...
}: { }: let
cfTunnels."git.uku3lig.net" = "http://localhost:3000"; turnstileSecret = _utils.setupSingleSecret config "turnstileSecret" {
age.secrets = mkSecret "turnstileSecret" {
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
}; };
in {
imports = [turnstileSecret.generate];
cfTunnels."git.uku3lig.net" = "http://localhost:3000";
services = { services = {
forgejo = { forgejo = {
@ -20,7 +22,7 @@
}; };
secrets = { secrets = {
service.CF_TURNSTILE_SECRET = config.age.secrets.turnstileSecret.path; service.CF_TURNSTILE_SECRET = turnstileSecret.path;
}; };
settings = { settings = {

2
systems/etna/metrics.nix
View file

@ -1,4 +1,4 @@
{...}: { {
cfTunnels."grafana.uku3lig.net" = "http://localhost:2432"; cfTunnels."grafana.uku3lig.net" = "http://localhost:2432";
services.grafana = { services.grafana = {

113
systems/etna/minecraft.nix
View file

@ -2,66 +2,48 @@
lib, lib,
pkgs, pkgs,
config, config,
mkSecret, _utils,
... ...
}: let }: let
inherit (config.virtualisation.oci-containers) backend; inherit (config.virtualisation.oci-containers) backend;
mkMinecraftServer = name: { secret = _utils.setupSingleSecret config "minecraftEnv" {};
port,
remotePort, atm9 = _utils.mkMinecraftServer config {
tag ? "java21", name = "atm9";
dataDir ? "/var/lib/${name}", port = 25565;
memory ? "4G", remotePort = 6004;
env ? {}, tag = "java17";
extraPorts ? [], memory = "8G";
}: { envFiles = [secret.path];
virtualisation.oci-containers.containers.${name} = { env = {
image = "itzg/minecraft-server:${tag}"; USE_AIKAR_FLAGS = "true";
ports = ["${builtins.toString port}:25565"] ++ extraPorts; MOD_PLATFORM = "AUTO_CURSEFORGE";
volumes = ["${dataDir}:/data"]; CF_SLUG = "all-the-mods-9";
environmentFiles = [config.age.secrets.minecraftEnv.path]; CF_FILE_ID = "5458414";
environment = };
{
EULA = "true";
MEMORY = memory;
}
// env;
}; };
services.frp.settings.proxies = [ lynn = _utils.mkMinecraftServer config {
{ name = "lynn";
inherit name remotePort; port = 25567;
type = "tcp"; remotePort = 6002;
localIp = "127.0.0.1"; memory = "4G";
localPort = port; envFiles = [secret.path];
} env = {
USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH";
MODRINTH_MODPACK = "https://modrinth.com/modpack/adrenaserver/version/1.6.0+1.20.6.fabric";
};
};
in {
imports = [
secret.generate
atm9
lynn
]; ];
systemd.services."${backend}-${name}".serviceConfig.TimeoutSec = "300";
};
recursiveMerge = attrList:
with lib; let
f = attrPath:
zipAttrsWith (
n: values:
if tail values == []
then head values
else if all isList values
then unique (concatLists values)
else if all isAttrs values
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;
mkMinecraftServers = attrs: recursiveMerge (lib.mapAttrsToList mkMinecraftServer attrs);
in
lib.recursiveUpdate {
age.secrets = mkSecret "minecraftEnv" {};
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
systemd.services.restart-minecraft-servers = { systemd.services.restart-minecraft-servers = {
@ -80,29 +62,4 @@ in
Unit = "restart-minecraft-servers.service"; Unit = "restart-minecraft-servers.service";
}; };
}; };
} }
(mkMinecraftServers {
atm9 = {
port = 25565;
remotePort = 6004;
tag = "java17";
memory = "8G";
env = {
USE_AIKAR_FLAGS = "true";
MOD_PLATFORM = "AUTO_CURSEFORGE";
CF_SLUG = "all-the-mods-9";
CF_FILE_ID = "5458414";
};
};
lynn = {
port = 25567;
remotePort = 6002;
memory = "4G";
env = {
USE_AIKAR_FLAGS = "true";
TYPE = "MODRINTH";
MODRINTH_MODPACK = "https://modrinth.com/modpack/adrenaserver/version/1.6.0+1.20.6.fabric";
};
};
})

13
systems/etna/nextcloud.nix
View file

@ -1,14 +1,17 @@
{ {
config,
pkgs, pkgs,
mkSecret, config,
_utils,
... ...
}: { }: let
age.secrets = mkSecret "nextcloudAdminPass" { adminPass = _utils.setupSingleSecret config "nextcloudAdminPass" {
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
group = config.users.users.nextcloud.name; group = config.users.users.nextcloud.name;
}; };
in {
imports = [adminPass.generate];
# nextcloud generates nginx config
cfTunnels."cloud.uku3lig.net" = "http://localhost:80"; cfTunnels."cloud.uku3lig.net" = "http://localhost:80";
services.nextcloud = { services.nextcloud = {
@ -22,7 +25,7 @@
configureRedis = true; configureRedis = true;
config = { config = {
adminpassFile = config.age.secrets.nextcloudAdminPass.path; adminpassFile = adminPass.path;
}; };
}; };
} }

2
systems/etna/shlink.nix
View file

@ -1,4 +1,4 @@
_: { {
cfTunnels."uku.moe" = "http://localhost:8081"; cfTunnels."uku.moe" = "http://localhost:8081";
virtualisation.oci-containers.containers.shlink = { virtualisation.oci-containers.containers.shlink = {

19
systems/etna/uku.nix
View file

@ -1,31 +1,32 @@
{ {
config, config,
mkSecrets, _utils,
api-rs, api-rs,
ukubot-rs, ukubot-rs,
... ...
}: { }: let
secrets = _utils.setupSecrets config {
secrets = ["apiRsEnv" "ukubotRsEnv"];
};
in {
imports = [ imports = [
api-rs.nixosModules.default api-rs.nixosModules.default
ukubot-rs.nixosModules.default ukubot-rs.nixosModules.default
];
age.secrets = mkSecrets { secrets.generate
apiRsEnv = {}; ];
ukubotRsEnv = {};
};
cfTunnels."api.uku3lig.net" = "http://localhost:5000"; cfTunnels."api.uku3lig.net" = "http://localhost:5000";
services = { services = {
api-rs = { api-rs = {
enable = true; enable = true;
environmentFile = config.age.secrets.apiRsEnv.path; environmentFile = secrets.get "apiRsEnv";
}; };
ukubot-rs = { ukubot-rs = {
enable = true; enable = true;
environmentFile = config.age.secrets.ukubotRsEnv.path; environmentFile = secrets.get "ukubotRsEnv";
}; };
}; };
} }

2
systems/etna/vaultwarden.nix
View file

@ -1,4 +1,4 @@
_: { {
cfTunnels."bw.uku3lig.net" = "http://localhost:8222"; cfTunnels."bw.uku3lig.net" = "http://localhost:8222";
services.vaultwarden = { services.vaultwarden = {