From f5983194db8abe2ba3be034046f698af13859d6e Mon Sep 17 00:00:00 2001 From: jahanson Date: Thu, 30 May 2024 23:00:46 -0500 Subject: [PATCH] Moving stuff around for the merge --- nixos/home/modules/default.nix | 7 +- nixos/home/modules/shell/fish/default.nix | 2 - nixos/lib/default.nix | 5 +- nixos/modules/nixos/de/default.nix | 1 - nixos/modules/nixos/de/gnome.nix | 27 +---- nixos/modules/nixos/programs/shell/fish.nix | 7 +- nixos/modules/nixos/security/acme/default.nix | 12 +- nixos/modules/nixos/security/default.nix | 5 +- .../nixos/services/cockpit/default.nix | 7 +- nixos/modules/nixos/services/default.nix | 1 - .../nixos/services/forgejo/default.nix | 4 +- .../nixos/services/glances/default.nix | 16 +-- .../nixos/services/grafana/default.nix | 108 ------------------ nixos/modules/nixos/services/monitoring.nix | 8 +- nixos/modules/nixos/services/nfs/default.nix | 48 -------- .../modules/nixos/services/nginx/default.nix | 6 +- .../nixos/services/nix-serve/default.nix | 8 +- .../modules/nixos/services/podman/default.nix | 13 ++- .../nixos/services/postgresql/default.nix | 18 +-- .../nixos/services/radicale/default.nix | 30 +---- .../nixos/services/reboot-required-check.nix | 11 +- .../modules/nixos/services/restic/default.nix | 9 +- 22 files changed, 35 insertions(+), 318 deletions(-) delete mode 100644 nixos/modules/nixos/services/grafana/default.nix delete mode 100644 nixos/modules/nixos/services/nfs/default.nix diff --git a/nixos/home/modules/default.nix b/nixos/home/modules/default.nix index f413d45..add7c0d 100644 --- a/nixos/home/modules/default.nix +++ b/nixos/home/modules/default.nix @@ -1,8 +1,5 @@ -{ inputs -, config -, lib -, ... -}: { +{ lib, ... }: { + imports = [ ./shell ./programs diff --git a/nixos/home/modules/shell/fish/default.nix b/nixos/home/modules/shell/fish/default.nix index 2d102ba..23ddf97 100644 --- a/nixos/home/modules/shell/fish/default.nix +++ b/nixos/home/modules/shell/fish/default.nix @@ -23,8 +23,6 @@ in ll = "${pkgs.eza}/bin/eza --long --all --group --header"; tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)"; x = "exit"; - # lazydocker --> lazypodman - lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; }; shellAbbrs = { diff --git a/nixos/lib/default.nix b/nixos/lib/default.nix index dc65e27..60bef5e 100644 --- a/nixos/lib/default.nix +++ b/nixos/lib/default.nix @@ -1,4 +1,4 @@ -{ inputs, lib, ... }: +{ lib, ... }: with lib; rec { @@ -12,9 +12,6 @@ rec { user = existsOrDefault "user" options "568"; group = existsOrDefault "group" options "568"; - subdomain = existsOrDefault "subdomainOverride" options options.app; - host = existsOrDefault "host" options "${subdomain}.${options.domain}"; - enableBackups = (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) && (lib.attrsets.attrByPath [ "persistence" "enable" ] true options); # nix doesnt have an exhausive list of options for oci diff --git a/nixos/modules/nixos/de/default.nix b/nixos/modules/nixos/de/default.nix index 6ce4870..d543173 100644 --- a/nixos/modules/nixos/de/default.nix +++ b/nixos/modules/nixos/de/default.nix @@ -1,6 +1,5 @@ { imports = [ ./gnome.nix - ]; } diff --git a/nixos/modules/nixos/de/gnome.nix b/nixos/modules/nixos/de/gnome.nix index 7006c36..647cba6 100644 --- a/nixos/modules/nixos/de/gnome.nix +++ b/nixos/modules/nixos/de/gnome.nix @@ -1,9 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: - +{ lib, config, pkgs, ... }: with lib; let cfg = config.mySystem.de.gnome; @@ -13,7 +8,6 @@ in options.mySystem.de.gnome.systrayicons = mkEnableOption "Enable systray icons" // { default = true; }; options.mySystem.de.gnome.gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; }; - config = mkIf cfg.enable { # Ref: https://nixos.wiki/wiki/GNOME @@ -38,17 +32,12 @@ in # GNOME gnome.enable = true; }; - }; udev.packages = optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator - - }; # systyray icons - - # extra pkgs and extensions environment = { systemPackages = with pkgs; [ @@ -62,9 +51,7 @@ in # dont forget to enable them per-user in dconf settings -> "org/gnome/shell" gnomeExtensions.vitals gnomeExtensions.caffeine - gnomeExtensions.spotify-tray gnomeExtensions.dash-to-dock - ] ++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ]; }; @@ -89,21 +76,9 @@ in systemd.services."getty@tty1".enable = false; systemd.services."autovt@tty1".enable = false; - # TODO tidy this - # port forward for GNOME when using RDP***REMOVED*** - - # for RDP TODO make this a flag if RDP is enabled per host - networking.firewall.allowedTCPPorts = [ - 3389 - ]; - # And dconf programs.dconf.enable = true; - # https://github.com/NixOS/nixpkgs/issues/114514 - # dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45 - - # Exclude default GNOME packages that dont interest me. environment.gnome.excludePackages = (with pkgs; [ diff --git a/nixos/modules/nixos/programs/shell/fish.nix b/nixos/modules/nixos/programs/shell/fish.nix index 4105a86..9ee8179 100644 --- a/nixos/modules/nixos/programs/shell/fish.nix +++ b/nixos/modules/nixos/programs/shell/fish.nix @@ -1,9 +1,4 @@ -{ lib -, config -, self -, pkgs -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.shell.fish; diff --git a/nixos/modules/nixos/security/acme/default.nix b/nixos/modules/nixos/security/acme/default.nix index 8bf4d4e..c0a88b0 100644 --- a/nixos/modules/nixos/security/acme/default.nix +++ b/nixos/modules/nixos/security/acme/default.nix @@ -1,17 +1,7 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.security.acme; - app = "acme"; - appFolder = "/var/lib/${app}"; - # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}"; - user = app; - group = app; - in { options.mySystem.security.acme.enable = mkEnableOption "acme"; diff --git a/nixos/modules/nixos/security/default.nix b/nixos/modules/nixos/security/default.nix index 1967434..32c8ab0 100644 --- a/nixos/modules/nixos/security/default.nix +++ b/nixos/modules/nixos/security/default.nix @@ -1,9 +1,6 @@ -{ lib, config, ... }: -with lib; +{ ... }: { imports = [ ./acme ]; - - } diff --git a/nixos/modules/nixos/services/cockpit/default.nix b/nixos/modules/nixos/services/cockpit/default.nix index 77a2979..17d589f 100644 --- a/nixos/modules/nixos/services/cockpit/default.nix +++ b/nixos/modules/nixos/services/cockpit/default.nix @@ -1,9 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: - +{ lib, config, pkgs, ... }: with lib; let cfg = config.mySystem.services.cockpit; diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix index c9371bb..9c852a1 100644 --- a/nixos/modules/nixos/services/default.nix +++ b/nixos/modules/nixos/services/default.nix @@ -3,7 +3,6 @@ ./cockpit ./forgejo ./glances - ./grafana ./monitoring.nix ./nfs ./nginx diff --git a/nixos/modules/nixos/services/forgejo/default.nix b/nixos/modules/nixos/services/forgejo/default.nix index e2ae8e5..3698f10 100644 --- a/nixos/modules/nixos/services/forgejo/default.nix +++ b/nixos/modules/nixos/services/forgejo/default.nix @@ -1,9 +1,7 @@ -{ lib, pkgs, config, ... }: +{ lib, config, ... }: with lib; let cfg = config.mySystem.services.forgejo; - app = "forgejo"; - port = 443; http_port = 3000; serviceUser = "forgejo"; domain = "git.hsn.dev"; diff --git a/nixos/modules/nixos/services/glances/default.nix b/nixos/modules/nixos/services/glances/default.nix index 610a5b8..dc89e3a 100644 --- a/nixos/modules/nixos/services/glances/default.nix +++ b/nixos/modules/nixos/services/glances/default.nix @@ -1,8 +1,4 @@ -{ pkgs -, config -, lib -, ... -}: +{ pkgs, config, lib, ... }: let cfg = config.mySystem.services.glances; app = "Glances"; @@ -17,16 +13,7 @@ with lib; type = lib.types.bool; description = "Enable gatus monitoring"; default = true; - }; - addToHomepage = mkOption - { - type = lib.types.bool; - description = "Add to homepage"; - default = true; - - }; - }; config = mkIf cfg.enable { @@ -46,7 +33,6 @@ with lib; firewall.allowedTCPPorts = [ 61208 ]; }; - environment.etc."glances/glances.conf" = { text = '' [global] diff --git a/nixos/modules/nixos/services/grafana/default.nix b/nixos/modules/nixos/services/grafana/default.nix deleted file mode 100644 index abc7fc3..0000000 --- a/nixos/modules/nixos/services/grafana/default.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ lib -, config -, pkgs -, ... -}: -with lib; -let - cfg = config.mySystem.services.grafana; - app = "grafana"; - category = "services"; - description = "Metric visualisation"; - user = app; #string - group = app; #string - port = 2342; #int - appFolder = "/var/lib/${app}"; - # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}"; - host = "${app}" + (if cfg.dev then "-dev" else ""); - url = "${host}.${config.networking.domain}"; -in -{ - options.mySystem.${category}.${app} = - { - enable = mkEnableOption "${app}"; - addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; }; - monitor = mkOption - { - type = lib.types.bool; - description = "Enable gatus monitoring"; - default = true; - }; - addToDNS = mkOption - { - type = lib.types.bool; - description = "Add to DNS list"; - default = true; - }; - dev = mkOption - { - type = lib.types.bool; - description = "Development instance"; - default = false; - }; - backups = mkOption - { - type = lib.types.bool; - description = "Enable local backups"; - default = true; - }; - - - }; - - config = mkIf cfg.enable { - - users.users.jahanson.extraGroups = [ group ]; - - ## service - services.grafana = { - inherit port; - enable = true; - domain = host; - addr = "127.0.0.1"; - }; - - ### gatus integration - mySystem.services.gatus.monitors = mkIf cfg.monitor [ - { - name = app; - group = "${category}"; - url = "https://${url}"; - interval = "1m"; - conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ]; - } - ]; - - ### Ingress - services.nginx.virtualHosts.${url} = { - useACMEHost = config.networking.domain; - forceSSL = true; - locations."^~ /" = { - proxyPass = "http://127.0.0.1:${builtins.toString port}"; - }; - }; - - ### firewall config - - # networking.firewall = mkIf cfg.openFirewall { - # allowedTCPPorts = [ port ]; - # allowedUDPPorts = [ port ]; - # }; - - ### backups - warnings = [ - (mkIf (!cfg.backups && config.mySystem.purpose != "Development") - "WARNING: Local backups for ${app} are disabled!") - ]; - - services.restic.backups = config.lib.mySystem.mkRestic - { - inherit app user; - paths = [ appFolder ]; - inherit appFolder; - - }; - - - }; -} diff --git a/nixos/modules/nixos/services/monitoring.nix b/nixos/modules/nixos/services/monitoring.nix index 06e8f45..555661b 100644 --- a/nixos/modules/nixos/services/monitoring.nix +++ b/nixos/modules/nixos/services/monitoring.nix @@ -1,8 +1,4 @@ -{ lib -, config -, self -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.services.promMonitoring; @@ -30,8 +26,6 @@ in smartctl = { enable = true; }; - - }; # ensure ports are open diff --git a/nixos/modules/nixos/services/nfs/default.nix b/nixos/modules/nixos/services/nfs/default.nix deleted file mode 100644 index 371fd70..0000000 --- a/nixos/modules/nixos/services/nfs/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ lib -, config -, pkgs -, ... -}: -with lib; -let - cfg = config.mySystem.nfs.nas; -in -{ - options.mySystem.nfs.nas = { - enable = mkEnableOption "Mount NAS"; - lazy = mkOption - { - type = lib.types.bool; - description = "Enable lazymount"; - default = false; - }; - }; - - config = mkIf cfg.enable - { - services.rpcbind.enable = true; # needed for NFS - environment.systemPackages = with pkgs; [ nfs-utils ]; - - systemd.mounts = lib.mkIf cfg.lazy [{ - type = "nfs"; - mountConfig = { - Options = "noatime"; - }; - what = "${config.mySystem.nasAddress}:/tank"; - where = "/mnt/nas"; - }]; - - systemd.automounts = lib.mkIf cfg.lazy [{ - wantedBy = [ "multi-user.target" ]; - automountConfig = { - TimeoutIdleSec = "600"; - }; - where = "/mnt/nas"; - }]; - - fileSystems."${config.mySystem.nasFolder}" = lib.mkIf (!cfg.lazy) { - device = "${config.mySystem.nasAddress}:/tank"; - fsType = "nfs"; - }; - }; -} diff --git a/nixos/modules/nixos/services/nginx/default.nix b/nixos/modules/nixos/services/nginx/default.nix index 24030e8..3ab62c4 100644 --- a/nixos/modules/nixos/services/nginx/default.nix +++ b/nixos/modules/nixos/services/nginx/default.nix @@ -1,8 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.services.nginx; diff --git a/nixos/modules/nixos/services/nix-serve/default.nix b/nixos/modules/nixos/services/nix-serve/default.nix index 6e85097..f8425e2 100644 --- a/nixos/modules/nixos/services/nix-serve/default.nix +++ b/nixos/modules/nixos/services/nix-serve/default.nix @@ -1,8 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, pkgs, ... }: with lib; let cfg = config.mySystem.services.nix-serve; @@ -13,10 +9,8 @@ in # enable nix serve binary cache # you can test its working with `nix store ping --store http://10.8.20.33:5000` config.services.nix-serve = mkIf cfg.enable { - enable = true; package = pkgs.nix-serve-ng; openFirewall = true; - }; } diff --git a/nixos/modules/nixos/services/podman/default.nix b/nixos/modules/nixos/services/podman/default.nix index ea61534..0e6326b 100644 --- a/nixos/modules/nixos/services/podman/default.nix +++ b/nixos/modules/nixos/services/podman/default.nix @@ -1,9 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: - +{ lib, config, pkgs, ... }: with lib; let cfg = config.mySystem.services.podman; @@ -34,7 +29,13 @@ in environment.systemPackages = with pkgs; [ podman-tui # status of containers in the terminal + lazydocker ]; + + config.programs.fish.shellAliases = { + # lazydocker --> lazypodman + lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker"; + }; networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ]; diff --git a/nixos/modules/nixos/services/postgresql/default.nix b/nixos/modules/nixos/services/postgresql/default.nix index 4371e78..8acfae3 100644 --- a/nixos/modules/nixos/services/postgresql/default.nix +++ b/nixos/modules/nixos/services/postgresql/default.nix @@ -1,15 +1,9 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.${category}.${app}; app = "postgresql"; category = "services"; - description = "Postgres RDMS"; - appFolder = "/var/lib/${app}"; in { options.mySystem.${category}.${app} = @@ -21,6 +15,13 @@ in type = lib.types.bool; description = "Enable prometheus scraping"; default = true; + + }; + backupLocation = mkOption + { + type = lib.types.string; + description = "Location for sql backups to be stored."; + default = "/persist/backup/postgresql"; }; backup = mkOption { @@ -28,7 +29,6 @@ in description = "Enable backups"; default = true; }; - }; config = mkIf cfg.enable { @@ -55,7 +55,7 @@ in # enable backups services.postgresqlBackup = mkIf cfg.backup { enable = lib.mkForce true; - location = "${config.mySystem.nasFolder}/backup/nixos/postgresql"; + location = backupLocation; }; ### firewall config diff --git a/nixos/modules/nixos/services/radicale/default.nix b/nixos/modules/nixos/services/radicale/default.nix index 1929d9f..6896893 100644 --- a/nixos/modules/nixos/services/radicale/default.nix +++ b/nixos/modules/nixos/services/radicale/default.nix @@ -1,20 +1,14 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.${category}.${app}; app = "radicale"; category = "services"; - description = "Contact/Calendar managment"; user = app; #string group = app; #string port = 5232; #int appFolder = "/var/lib/${app}"; - host = "${app}" + (if cfg.dev then "-dev" else ""); - url = "${host}.${config.networking.domain}"; + url = "${app}.jahanson.tech"; in { options.mySystem.${category}.${app} = @@ -33,26 +27,12 @@ in description = "Enable prometheus scraping"; default = true; }; - addToDNS = mkOption - { - type = lib.types.bool; - description = "Add to DNS list"; - default = true; - }; - dev = mkOption - { - type = lib.types.bool; - description = "Development instance"; - default = false; - }; backups = mkOption { type = lib.types.bool; description = "Enable local backups"; default = true; }; - - }; config = mkIf cfg.enable { @@ -83,8 +63,7 @@ in htpasswd_encryption = "plain"; realm = "Radicale - Password Required"; }; - storage.filesystem_folder = "/var/lib/radicale/collections"; # TODO impermance/move? - + storage.filesystem_folder = "/var/lib/radicale/collections"; }; }; @@ -126,9 +105,6 @@ in inherit app user; paths = [ appFolder ]; inherit appFolder; - }); - - }; } diff --git a/nixos/modules/nixos/services/reboot-required-check.nix b/nixos/modules/nixos/services/reboot-required-check.nix index 7ceacfe..c1446c6 100644 --- a/nixos/modules/nixos/services/reboot-required-check.nix +++ b/nixos/modules/nixos/services/reboot-required-check.nix @@ -1,8 +1,4 @@ -{ lib -, config -, self -, ... -}: +{ lib, config, ... }: with lib; let cfg = config.mySystem.services.rebootRequiredCheck; @@ -11,7 +7,6 @@ in options.mySystem.services.rebootRequiredCheck.enable = mkEnableOption "Reboot required check"; config = mkIf cfg.enable { - # Enable timer systemd.timers."reboot-required-check" = { wantedBy = [ "timers.target" ]; @@ -46,9 +41,5 @@ in User = "root"; }; }; - - }; - - } diff --git a/nixos/modules/nixos/services/restic/default.nix b/nixos/modules/nixos/services/restic/default.nix index e66bc52..2dd01a6 100644 --- a/nixos/modules/nixos/services/restic/default.nix +++ b/nixos/modules/nixos/services/restic/default.nix @@ -1,8 +1,4 @@ -{ lib -, config -, pkgs -, ... -}: +{ lib, config, pkgs, ... }: with lib; let cfg = config.mySystem.system.resticBackup; @@ -30,10 +26,9 @@ in mountPath = mkOption { type = types.str; - description = "Location for snapshot mount"; + description = "Location for snapshot mount"; default = "/mnt/nightly_backup"; }; - }; config = {