diff options
author | Azat Bahawi <azat@bahawi.net> | 2022-09-12 14:03:31 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2022-09-12 14:03:31 +0300 |
commit | 5b01fa945b2122b82da4be33203e4cf753951b7c (patch) | |
tree | f0693b31788e717d9ab1781cf19e2403727755df /configurations | |
parent | 2022-09-11 (diff) |
2022-09-12
Diffstat (limited to 'configurations')
-rw-r--r-- | configurations/manwe/default.nix | 75 | ||||
-rw-r--r-- | configurations/melian/default.nix | 116 | ||||
-rw-r--r-- | configurations/varda/default.nix | 9 | ||||
-rw-r--r-- | configurations/yavanna/default.nix | 34 |
4 files changed, 7 insertions, 227 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 656667e..2599d78 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -1,6 +1,5 @@ { config, - inputs, lib, this, ... @@ -11,8 +10,6 @@ with lib; { ./webserver.nix ]; - secrets.wireguard-private-key-manwe.file = "${inputs.self}/secrets/wireguard-private-key-manwe"; - nixfiles.modules = { nsd = { enable = true; @@ -20,10 +17,7 @@ with lib; { }; unbound.enable = true; - wireguard = { - privateKeyFile = config.secrets.wireguard-private-key-manwe.path; - server.enable = true; - }; + wireguard.server.enable = true; acme.enable = true; @@ -44,73 +38,6 @@ with lib; { vaultwarden.enable = true; }; - services.prometheus = { - # TODO Make this generic. - scrapeConfigs = with my.configurations; - with config.services.prometheus.exporters; [ - { - job_name = "endlessh-go"; - static_configs = [ - { - targets = with config.services.endlessh-go.prometheus; [ - "${manwe.hostname}:${toString port}" - "${varda.hostname}:${toString port}" - "${yavanna.hostname}:${toString port}" - ]; - } - ]; - } - { - job_name = "nginx"; - static_configs = [ - { - targets = with nginx; [ - "${manwe.hostname}:${toString port}" - "${varda.hostname}:${toString port}" - "${yavanna.hostname}:${toString port}" - ]; - } - ]; - } - { - job_name = "node"; - static_configs = [ - { - targets = with node; [ - "${manwe.hostname}:${toString port}" - "${varda.hostname}:${toString port}" - "${yavanna.hostname}:${toString port}" - ]; - } - ]; - } - { - job_name = "postgres"; - static_configs = [ - { - targets = with postgres; ["${manwe.hostname}:${toString port}"]; - } - ]; - } - { - job_name = "unbound"; - static_configs = [ - { - targets = with unbound; ["${manwe.hostname}:${toString port}"]; - } - ]; - } - { - job_name = "wireguard"; - static_configs = [ - { - targets = with wireguard; ["${manwe.hostname}:${toString port}"]; - } - ]; - } - ]; - }; - networking = let interface = "eth0"; in { diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix index 8540c24..a3dbe35 100644 --- a/configurations/melian/default.nix +++ b/configurations/melian/default.nix @@ -1,27 +1,9 @@ { - config, - inputs, lib, pkgs, ... }: with lib; { - secrets = { - wireguard-private-key-melian.file = "${inputs.self}/secrets/wireguard-private-key-melian"; - - syncthing-cert-melian = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-melian"; - owner = user; - inherit group; - }; - - syncthing-key-melian = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-melian"; - owner = user; - inherit group; - }; - }; - nixfiles.modules = { profiles.dev = { containers.enable = true; @@ -34,16 +16,9 @@ with lib; { steam.enable = true; }; - wireguard = { - privateKeyFile = config.secrets.wireguard-private-key-melian.path; - client.enable = true; - }; + wireguard.client.enable = true; - syncthing = with config.secrets; { - enable = true; - key = syncthing-key-melian.path; - cert = syncthing-cert-melian.path; - }; + syncthing.enable = true; beets.enable = true; bluetooth.enable = true; @@ -54,93 +29,6 @@ with lib; { throttled.enable = true; }; - # TODO Move to a separate module so that it could be reused on other desktops - # in the future. - hm = { - home.packages = with pkgs; [ - (aspellWithDicts (p: with p; [en ru])) - calibre - kotatogram-desktop - nheko - tor-browser - ]; - - accounts.email = { - maildirBasePath = "${config.my.home}/mail"; - - accounts = let - mkAccount = attrs: - mkMerge [ - { - mbsync = { - enable = true; - create = "both"; - expunge = "both"; - patterns = ["*"]; - }; - msmtp.enable = true; - mu.enable = true; - } - attrs - ]; - - pass = path: "${pkgs.pass}/bin/pass show ${path}"; - in { - shire = mkAccount { - address = my.email; - gpg = { - inherit (my.pgp) key; - signByDefault = true; - encryptByDefault = false; - }; - - primary = true; - - imap.host = "shire.me"; - smtp.host = "shire.me"; - userName = "azahi@shire.me"; - passwordCommand = pass "email/shire.me/azahi"; - }; - - yahoo = mkAccount { - address = "a.gondor@yahoo.com"; - - imap.host = "imap.yahoo.com"; - smtp.host = "smtp.yahoo.com"; - userName = "a.gondor@yahoo.com"; - passwordCommand = pass "email/yahoo.com/a.gondor"; - }; - }; - }; - - programs = { - mbsync.enable = true; - msmtp.enable = true; - mu.enable = true; - - ssh.matchBlocks = let - mkBlock = { - hostname, - port ? 22022, - user ? "azahi", - }: { - inherit hostname port user; - identityFile = "${config.my.home}/.ssh/id_ed25519"; - }; - mkInternalHostname = hostname: "${hostname}.${my.domain.shire}"; - in - with my.configurations; { - # TODO Wrap this. - manwe = mkBlock {hostname = mkInternalHostname "manwe";}; - manwe-init = mkBlock {hostname = manwe.ipv4.address;}; - varda = mkBlock {hostname = mkInternalHostname "varda";}; - varda-init = mkBlock {hostname = varda.ipv4.address;}; - yavanna = mkBlock {hostname = mkInternalHostname "yavanna";}; - yavanna-init = mkBlock {hostname = yavanna.ipv4.address;}; - }; - }; - }; - networking = { interfaces = { eth0.useDHCP = true; diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix index 313d2fb..7efeb61 100644 --- a/configurations/varda/default.nix +++ b/configurations/varda/default.nix @@ -1,18 +1,11 @@ { - config, - inputs, lib, this, ... }: with lib; { - secrets.wireguard-private-key-varda.file = "${inputs.self}/secrets/wireguard-private-key-varda"; - nixfiles.modules = { - wireguard = { - privateKeyFile = config.secrets.wireguard-private-key-varda.path; - client.enable = true; - }; + wireguard.client.enable = true; games.minecraft.server = { enable = true; diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix index 3ed114e..d390e40 100644 --- a/configurations/yavanna/default.nix +++ b/configurations/yavanna/default.nix @@ -1,45 +1,17 @@ { - config, - inputs, lib, this, ... }: with lib; { - secrets = { - wireguard-private-key-yavanna.file = "${inputs.self}/secrets/wireguard-private-key-yavanna"; - - syncthing-cert-yavanna = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-yavanna"; - owner = user; - inherit group; - }; - - syncthing-key-yavanna = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-yavanna"; - owner = user; - inherit group; - }; - }; - nixfiles.modules = { - wireguard = { - privateKeyFile = config.secrets.wireguard-private-key-yavanna.path; - client.enable = true; - }; + wireguard.client.enable = true; - syncthing = with config.secrets; { - enable = true; - key = syncthing-key-yavanna.path; - cert = syncthing-cert-yavanna.path; - }; + syncthing.enable = true; acme.enable = true; - rtorrent = { - enable = true; - flood.enable = true; - }; + rtorrent.enable = true; }; networking = let |