diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-05-02 01:27:41 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-05-02 01:27:41 +0300 |
commit | 1e9d5f05b350cec8568b6c2eb4fb4d124e73e926 (patch) | |
tree | 1ae63982779fef6b367dc8dc4777a1ab89cab7f2 /nixosConfigurations | |
parent | 2023-04-14 (diff) |
2023-05-02
Diffstat (limited to '')
-rw-r--r-- | nixosConfigurations/eonwe/default.nix | 11 | ||||
-rw-r--r-- | nixosConfigurations/manwe/mailserver.nix | 40 | ||||
-rw-r--r-- | nixosConfigurations/varda/default.nix | 2 | ||||
-rw-r--r-- | nixosConfigurations/yavanna/default.nix | 31 |
4 files changed, 43 insertions, 41 deletions
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index 3db651e..2c53b64 100644 --- a/nixosConfigurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -18,6 +18,7 @@ with lib; { lutris.enable = true; minecraft.client.enable = true; steam.enable = true; + steam-run.quirks.crusaderKings3 = true; }; android.enable = true; bluetooth.enable = true; @@ -26,13 +27,23 @@ with lib; { qutebrowser.enable = true; mpd.enable = true; ipfs.enable = true; + + common.nix.allowedUnfreePackages = ["burpsuite"]; }; hm = { home.packages = with pkgs; [ + burpsuite + gzdoom kdenlive + nikto obs-studio + openmw + openttd radeontop + vcmi + whatweb + zap ]; programs = { diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix index 0667a49..acd625b 100644 --- a/nixosConfigurations/manwe/mailserver.nix +++ b/nixosConfigurations/manwe/mailserver.nix @@ -7,36 +7,46 @@ with lib; { imports = [inputs.simple-nixos-mailserver.nixosModule]; - nixfiles.modules.redis.enable = true; + ark.directories = with config.mailserver; [ + "/var/lib/dovecot" + "/var/lib/postfix" + config.security.dhparams.params.dovecot2.path + dkimKeyDirectory + mailDirectory + sieveDirectory + ]; - secrets = { + secrets = with config.mailserver; { dkim-key-azahi-cc = { file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-rohan-net = { file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-gondor-net = { file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-shire-net = { file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; }; - nixfiles.modules.acme.enable = true; + nixfiles.modules = { + acme.enable = true; + redis.enable = true; + }; mailserver = let cert = config.certs.${my.domain.shire}; diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix index 340ea8b..2ff8993 100644 --- a/nixosConfigurations/varda/default.nix +++ b/nixosConfigurations/varda/default.nix @@ -5,7 +5,7 @@ with lib; { acme.enable = true; - k3s.enable = true; + k3s.enable = false; }; boot = { diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index 908b6d3..ba298f8 100644 --- a/nixosConfigurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix @@ -14,38 +14,19 @@ with lib; { # ipfs.enable = true; }; - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - # NOTE This is probably not required, but I cannot test this out without - # risking "bricking" my VPS because Kimsufi/OVH doesn't provide a console - # access. This configuration was generated via nixos-infect[1] and at the - # time I didn't bother to test for loaded kernel modules and just left the - # automatically (IIRC) generated `hardware-configuration.nix' as is. - # - # There's, however, no indication that any NVME drives are being used and, - # as the matter of fact, the VPS itself is on KVM, so... I'm still not going - # to risk it, though. - # - # [1]: https://github.com/elitak/nixos-infect - initrd.availableKernelModules = ["nvme"]; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 5; }; fileSystems."/" = { - device = "/dev/sda1"; + device = "/dev/sda2"; fsType = "ext4"; options = ["noatime"]; }; - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; + swapDevices = [{device = "/dev/sda3";}]; zramSwap = { enable = true; |