Moving stuff around for the merge

This commit is contained in:
Joseph Hanson 2024-05-30 23:00:46 -05:00
parent ca25688c2c
commit f5983194db
22 changed files with 35 additions and 318 deletions

View file

@ -1,8 +1,5 @@
{ inputs
, config
, lib
, ...
}: {
{ lib, ... }: {
imports = [
./shell
./programs

View file

@ -23,8 +23,6 @@ in
ll = "${pkgs.eza}/bin/eza --long --all --group --header";
tm = "tmux attach -t (basename $PWD) || tmux new -s (basename $PWD)";
x = "exit";
# lazydocker --> lazypodman
lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
};
shellAbbrs = {

View file

@ -1,4 +1,4 @@
{ inputs, lib, ... }:
{ lib, ... }:
with lib;
rec {
@ -12,9 +12,6 @@ rec {
user = existsOrDefault "user" options "568";
group = existsOrDefault "group" options "568";
subdomain = existsOrDefault "subdomainOverride" options options.app;
host = existsOrDefault "host" options "${subdomain}.${options.domain}";
enableBackups = (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options)
&& (lib.attrsets.attrByPath [ "persistence" "enable" ] true options);
# nix doesnt have an exhausive list of options for oci

View file

@ -1,6 +1,5 @@
{
imports = [
./gnome.nix
];
}

View file

@ -1,9 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.de.gnome;
@ -13,7 +8,6 @@ in
options.mySystem.de.gnome.systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
options.mySystem.de.gnome.gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
config = mkIf cfg.enable {
# Ref: https://nixos.wiki/wiki/GNOME
@ -38,17 +32,12 @@ in
# GNOME
gnome.enable = true;
};
};
udev.packages = optionals cfg.systrayicons [ pkgs.gnome.gnome-settings-daemon ]; # support appindicator
};
# systyray icons
# extra pkgs and extensions
environment = {
systemPackages = with pkgs; [
@ -62,9 +51,7 @@ in
# dont forget to enable them per-user in dconf settings -> "org/gnome/shell"
gnomeExtensions.vitals
gnomeExtensions.caffeine
gnomeExtensions.spotify-tray
gnomeExtensions.dash-to-dock
]
++ optionals cfg.systrayicons [ pkgs.gnomeExtensions.appindicator ];
};
@ -89,21 +76,9 @@ in
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
# TODO tidy this
# port forward for GNOME when using RDP***REMOVED***
# for RDP TODO make this a flag if RDP is enabled per host
networking.firewall.allowedTCPPorts = [
3389
];
# And dconf
programs.dconf.enable = true;
# https://github.com/NixOS/nixpkgs/issues/114514
# dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45
# Exclude default GNOME packages that dont interest me.
environment.gnome.excludePackages =
(with pkgs; [

View file

@ -1,9 +1,4 @@
{ lib
, config
, self
, pkgs
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.shell.fish;

View file

@ -1,17 +1,7 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.security.acme;
app = "acme";
appFolder = "/var/lib/${app}";
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
user = app;
group = app;
in
{
options.mySystem.security.acme.enable = mkEnableOption "acme";

View file

@ -1,9 +1,6 @@
{ lib, config, ... }:
with lib;
{ ... }:
{
imports = [
./acme
];
}

View file

@ -1,9 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.services.cockpit;

View file

@ -3,7 +3,6 @@
./cockpit
./forgejo
./glances
./grafana
./monitoring.nix
./nfs
./nginx

View file

@ -1,9 +1,7 @@
{ lib, pkgs, config, ... }:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.forgejo;
app = "forgejo";
port = 443;
http_port = 3000;
serviceUser = "forgejo";
domain = "git.hsn.dev";

View file

@ -1,8 +1,4 @@
{ pkgs
, config
, lib
, ...
}:
{ pkgs, config, lib, ... }:
let
cfg = config.mySystem.services.glances;
app = "Glances";
@ -17,16 +13,7 @@ with lib;
type = lib.types.bool;
description = "Enable gatus monitoring";
default = true;
};
addToHomepage = mkOption
{
type = lib.types.bool;
description = "Add to homepage";
default = true;
};
};
config = mkIf cfg.enable {
@ -46,7 +33,6 @@ with lib;
firewall.allowedTCPPorts = [ 61208 ];
};
environment.etc."glances/glances.conf" = {
text = ''
[global]

View file

@ -1,108 +0,0 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.services.grafana;
app = "grafana";
category = "services";
description = "Metric visualisation";
user = app; #string
group = app; #string
port = 2342; #int
appFolder = "/var/lib/${app}";
# persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
host = "${app}" + (if cfg.dev then "-dev" else "");
url = "${host}.${config.networking.domain}";
in
{
options.mySystem.${category}.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
monitor = mkOption
{
type = lib.types.bool;
description = "Enable gatus monitoring";
default = true;
};
addToDNS = mkOption
{
type = lib.types.bool;
description = "Add to DNS list";
default = true;
};
dev = mkOption
{
type = lib.types.bool;
description = "Development instance";
default = false;
};
backups = mkOption
{
type = lib.types.bool;
description = "Enable local backups";
default = true;
};
};
config = mkIf cfg.enable {
users.users.jahanson.extraGroups = [ group ];
## service
services.grafana = {
inherit port;
enable = true;
domain = host;
addr = "127.0.0.1";
};
### gatus integration
mySystem.services.gatus.monitors = mkIf cfg.monitor [
{
name = app;
group = "${category}";
url = "https://${url}";
interval = "1m";
conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
}
];
### Ingress
services.nginx.virtualHosts.${url} = {
useACMEHost = config.networking.domain;
forceSSL = true;
locations."^~ /" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
};
};
### firewall config
# networking.firewall = mkIf cfg.openFirewall {
# allowedTCPPorts = [ port ];
# allowedUDPPorts = [ port ];
# };
### backups
warnings = [
(mkIf (!cfg.backups && config.mySystem.purpose != "Development")
"WARNING: Local backups for ${app} are disabled!")
];
services.restic.backups = config.lib.mySystem.mkRestic
{
inherit app user;
paths = [ appFolder ];
inherit appFolder;
};
};
}

View file

@ -1,8 +1,4 @@
{ lib
, config
, self
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.promMonitoring;
@ -30,8 +26,6 @@ in
smartctl = {
enable = true;
};
};
# ensure ports are open

View file

@ -1,48 +0,0 @@
{ lib
, config
, pkgs
, ...
}:
with lib;
let
cfg = config.mySystem.nfs.nas;
in
{
options.mySystem.nfs.nas = {
enable = mkEnableOption "Mount NAS";
lazy = mkOption
{
type = lib.types.bool;
description = "Enable lazymount";
default = false;
};
};
config = mkIf cfg.enable
{
services.rpcbind.enable = true; # needed for NFS
environment.systemPackages = with pkgs; [ nfs-utils ];
systemd.mounts = lib.mkIf cfg.lazy [{
type = "nfs";
mountConfig = {
Options = "noatime";
};
what = "${config.mySystem.nasAddress}:/tank";
where = "/mnt/nas";
}];
systemd.automounts = lib.mkIf cfg.lazy [{
wantedBy = [ "multi-user.target" ];
automountConfig = {
TimeoutIdleSec = "600";
};
where = "/mnt/nas";
}];
fileSystems."${config.mySystem.nasFolder}" = lib.mkIf (!cfg.lazy) {
device = "${config.mySystem.nasAddress}:/tank";
fsType = "nfs";
};
};
}

View file

@ -1,8 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.nginx;

View file

@ -1,8 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.services.nix-serve;
@ -13,10 +9,8 @@ in
# enable nix serve binary cache
# you can test its working with `nix store ping --store http://10.8.20.33:5000`
config.services.nix-serve = mkIf cfg.enable {
enable = true;
package = pkgs.nix-serve-ng;
openFirewall = true;
};
}

View file

@ -1,9 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.services.podman;
@ -34,8 +29,14 @@ in
environment.systemPackages = with pkgs; [
podman-tui # status of containers in the terminal
lazydocker
];
config.programs.fish.shellAliases = {
# lazydocker --> lazypodman
lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
};
networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];
# extra user for containers

View file

@ -1,15 +1,9 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.${category}.${app};
app = "postgresql";
category = "services";
description = "Postgres RDMS";
appFolder = "/var/lib/${app}";
in
{
options.mySystem.${category}.${app} =
@ -21,6 +15,13 @@ in
type = lib.types.bool;
description = "Enable prometheus scraping";
default = true;
};
backupLocation = mkOption
{
type = lib.types.string;
description = "Location for sql backups to be stored.";
default = "/persist/backup/postgresql";
};
backup = mkOption
{
@ -28,7 +29,6 @@ in
description = "Enable backups";
default = true;
};
};
config = mkIf cfg.enable {
@ -55,7 +55,7 @@ in
# enable backups
services.postgresqlBackup = mkIf cfg.backup {
enable = lib.mkForce true;
location = "${config.mySystem.nasFolder}/backup/nixos/postgresql";
location = backupLocation;
};
### firewall config

View file

@ -1,20 +1,14 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.${category}.${app};
app = "radicale";
category = "services";
description = "Contact/Calendar managment";
user = app; #string
group = app; #string
port = 5232; #int
appFolder = "/var/lib/${app}";
host = "${app}" + (if cfg.dev then "-dev" else "");
url = "${host}.${config.networking.domain}";
url = "${app}.jahanson.tech";
in
{
options.mySystem.${category}.${app} =
@ -33,26 +27,12 @@ in
description = "Enable prometheus scraping";
default = true;
};
addToDNS = mkOption
{
type = lib.types.bool;
description = "Add to DNS list";
default = true;
};
dev = mkOption
{
type = lib.types.bool;
description = "Development instance";
default = false;
};
backups = mkOption
{
type = lib.types.bool;
description = "Enable local backups";
default = true;
};
};
config = mkIf cfg.enable {
@ -83,8 +63,7 @@ in
htpasswd_encryption = "plain";
realm = "Radicale - Password Required";
};
storage.filesystem_folder = "/var/lib/radicale/collections"; # TODO impermance/move?
storage.filesystem_folder = "/var/lib/radicale/collections";
};
};
@ -126,9 +105,6 @@ in
inherit app user;
paths = [ appFolder ];
inherit appFolder;
});
};
}

View file

@ -1,8 +1,4 @@
{ lib
, config
, self
, ...
}:
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.services.rebootRequiredCheck;
@ -11,7 +7,6 @@ in
options.mySystem.services.rebootRequiredCheck.enable = mkEnableOption "Reboot required check";
config = mkIf cfg.enable {
# Enable timer
systemd.timers."reboot-required-check" = {
wantedBy = [ "timers.target" ];
@ -46,9 +41,5 @@ in
User = "root";
};
};
};
}

View file

@ -1,8 +1,4 @@
{ lib
, config
, pkgs
, ...
}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.mySystem.system.resticBackup;
@ -33,7 +29,6 @@ in
description = "Location for snapshot mount";
default = "/mnt/nightly_backup";
};
};
config = {