From 1e9d5f05b350cec8568b6c2eb4fb4d124e73e926 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Tue, 2 May 2023 01:27:41 +0300 Subject: 2023-05-02 --- flake.lock | 81 +++++++++++++++----------------- flake.nix | 5 +- modules/common/common/nix/default.nix | 61 ++++++++++++++---------- modules/common/profiles/dev/default.nix | 4 ++ modules/nixos/acme.nix | 2 + modules/nixos/endlessh.nix | 5 ++ modules/nixos/fail2ban.nix | 2 + modules/nixos/games/steam-run.nix | 20 ++++---- modules/nixos/git/default.nix | 4 ++ modules/nixos/grafana.nix | 2 + modules/nixos/ipfs.nix | 4 ++ modules/nixos/lidarr.nix | 6 +++ modules/nixos/loki.nix | 2 + modules/nixos/matrix/dendrite.nix | 5 ++ modules/nixos/matrix/synapse.nix | 2 + modules/nixos/murmur.nix | 2 + modules/nixos/ntfy.nix | 2 + modules/nixos/postgresql.nix | 2 + modules/nixos/radarr.nix | 2 + modules/nixos/radicale.nix | 2 + modules/nixos/redis.nix | 2 + modules/nixos/rss-bridge.nix | 2 + modules/nixos/rtorrent.nix | 2 + modules/nixos/sonarr.nix | 2 + modules/nixos/unbound.nix | 2 + modules/nixos/vaultwarden.nix | 2 + nixosConfigurations/eonwe/default.nix | 11 +++++ nixosConfigurations/manwe/mailserver.nix | 40 ++++++++++------ nixosConfigurations/varda/default.nix | 2 +- nixosConfigurations/yavanna/default.nix | 31 +++--------- 30 files changed, 191 insertions(+), 120 deletions(-) diff --git a/flake.lock b/flake.lock index 0d30364..3ed97db 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ ] }, "locked": { - "lastModified": 1680281360, - "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", + "lastModified": 1682101079, + "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "owner": "ryantm", "repo": "agenix", - "rev": "e64961977f60388dd0b49572bb0fc453b871f896", + "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1679223908, - "narHash": "sha256-7ns8EL9+AKPH2wHouZLosirLKc3/tRogOUg2kj8vDRA=", + "lastModified": 1682873512, + "narHash": "sha256-/klMuyTFQLI3HgAPhh0il8RtXUvnLqylwFvlvCcd5Q8=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "8f33d2833cc1391cc7c1a1f0b405820f681e428d", + "rev": "75b869828b85755f940ee71b5ecbd824e8f20185", "type": "github" }, "original": { @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1681154394, - "narHash": "sha256-avnu1K9AuouygBiwVKuDp6emiTET43az3rcpv0ctLjc=", + "lastModified": 1682773107, + "narHash": "sha256-+h94XeJnG3uk5imJlBi/1lVmcfCbxHpwZp5u7n3Krwg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "025912529dd0b31dead95519e944ea05f1ad56f2", + "rev": "379d42fad6bc5c28f79d5f7ff2fa5f1c90cb7bf8", "type": "github" }, "original": { @@ -179,11 +179,11 @@ "flake-registry": { "flake": false, "locked": { - "lastModified": 1681032461, - "narHash": "sha256-3xrrC7YpoajVynlvj0+iQev6PWJRjS213ulTi3HNLeo=", + "lastModified": 1682423975, + "narHash": "sha256-zvOBrH3hwCedgpaWiOSHYSt+fgF/RhaJs8R5qOX6AYc=", "owner": "NixOS", "repo": "flake-registry", - "rev": "4ea5076e347dda44283714b8f4d580f6922064e9", + "rev": "8054bfa00d60437297d670ab3296a117e7059a10", "type": "github" }, "original": { @@ -237,17 +237,14 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ], - "utils": [ - "flake-utils" ] }, "locked": { - "lastModified": 1681250798, - "narHash": "sha256-fQMROyKzPFBPqJy9J4ffywm02ZuqAI0GW1O1QibVpdQ=", + "lastModified": 1682779989, + "narHash": "sha256-H8AjcIBYFYrlRobYJ+n1B+ZJ6TsaaeZpuLn4iRqVvr4=", "owner": "nix-community", "repo": "home-manager", - "rev": "28698126bd825aff21cae9ffd15cf83e169051b0", + "rev": "3144311f31194b537808ae6848f86f3dbf977d59", "type": "github" }, "original": { @@ -259,11 +256,11 @@ }, "impermanence": { "locked": { - "lastModified": 1675359654, - "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", + "lastModified": 1682268411, + "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=", "owner": "nix-community", "repo": "impermanence", - "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", + "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d", "type": "github" }, "original": { @@ -299,11 +296,11 @@ ] }, "locked": { - "lastModified": 1681262808, - "narHash": "sha256-A4CCPgNUDTLnu7WNdcE0GD/IhcIdV9fmNvWl6bC5f8Q=", + "lastModified": 1682645728, + "narHash": "sha256-ZntcUOTbkw7klRK5kRPIJOp8bB9785CXKPt5eW2X4cc=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "2d5c4d090c759b7cf9ef6292f33d0702dab21d09", + "rev": "699ed72b94864505a38c97de3015bdfb992e1f84", "type": "github" }, "original": { @@ -315,11 +312,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1680876084, - "narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", + "lastModified": 1682836095, + "narHash": "sha256-PdzpJhuXBz71AgWNWMMYLbB8GMMce6QguhQY/6HOOcc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", + "rev": "e4a21ddcb45ee5f5c85a5d9e9698debf77fb98c3", "type": "github" }, "original": { @@ -331,11 +328,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1681358109, - "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=", + "lastModified": 1682809678, + "narHash": "sha256-jqR8t82mWotOSgnWZvr6xXCO/tc3fCPTLMPvI7Jo5rA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "96ba1c52e54e74c3197f4d43026b3f3d92e83ff9", + "rev": "3dcff817eebb7e4afc4e9eae0ce6f722f4d9e399", "type": "github" }, "original": { @@ -347,11 +344,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1681414187, - "narHash": "sha256-Vwl5bTDAZA28/M0/31tBgKw9g+vnHtDm6m5EkG9rmHU=", + "lastModified": 1682883825, + "narHash": "sha256-JJeaDa6bOxf1AcW5ZvTs9skJzMz7uPRPRvDCNdDDflo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f53d20ef81e9d98033ccf34509aace3e99dcfbb7", + "rev": "9d27bdd3b5d88ec2c1674fd9b93cf6b6751776ff", "type": "github" }, "original": { @@ -363,11 +360,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1681411673, - "narHash": "sha256-23S0skJVstbQtrhy+65Bi4Jrdw74hY1OYbBnuuQausc=", + "lastModified": 1682858021, + "narHash": "sha256-tMZILw7wABxSRUcJNrwLmBJ7h8+Bf4eyVGXLUyoZIr4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "80d54821fffaffbc90409a1262ea91071e0dff8f", + "rev": "923f835a6c8eadb655c08370ade5c42990e790cd", "type": "github" }, "original": { @@ -413,11 +410,11 @@ }, "nur": { "locked": { - "lastModified": 1681413105, - "narHash": "sha256-RVurZLx/l83DOSB2Uy92kGyuhMOc+jEieHvjtJy4t90=", + "lastModified": 1682879890, + "narHash": "sha256-gnNDKsgsLX0dxumLDTuFylSRVvscErxRa0425gUk5Xk=", "owner": "nix-community", "repo": "NUR", - "rev": "81da935a918fa216295272c576705f816f0fc36a", + "rev": "57e8229760e718f670cd7b359b509246e6d734ab", "type": "github" }, "original": { @@ -469,11 +466,11 @@ ] }, "locked": { - "lastModified": 1681413034, - "narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=", + "lastModified": 1682596858, + "narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5", + "rev": "fb58866e20af98779017134319b5663b8215d912", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9af2e05..a58fed6 100644 --- a/flake.nix +++ b/flake.nix @@ -64,10 +64,7 @@ owner = "nix-community"; repo = "home-manager"; ref = "master"; - inputs = { - nixpkgs.follows = "nixpkgs"; - utils.follows = "flake-utils"; - }; + inputs.nixpkgs.follows = "nixpkgs"; }; impermanence = { diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix index dea9358..723a2b8 100644 --- a/modules/common/common/nix/default.nix +++ b/modules/common/common/nix/default.nix @@ -99,7 +99,23 @@ with lib; { patches = [./patches/alejandra-no-ads.patch]; }); - inherit (pkgsPR "225985" "sha256-wS8vyIEH2gFt3cLvSrROTULu8N8FCUle6cy2zqHN+VI=") mangohud; + openmw = super.openmw.overrideAttrs (_: final: { + src = super.fetchFromGitHub { + owner = "OpenMW"; + repo = "openmw"; + rev = "openmw-48-rc9"; + hash = "sha256-3x+pwtZh+moLN3l1x5Q0rr9TKo3BMaul73ZgywrRBCk="; + }; + patches = []; + buildInputs = + final.buildInputs + ++ (with super; [ + yaml-cpp + luajit + ]); + }); + + inherit (pkgsPR "228852" "sha256-NKZySJ3IVMMeSmpc1zYwse52kxGg0dIrsHTMcO8a73Y=") soju; } // (with super; let np = nodePackages; @@ -129,33 +145,28 @@ with lib; { environment.systemPackages = with pkgs; optionals this.isHeadful [ - hydra-check nix-top nix-tree ]; - hm.home = { - packages = with pkgs; [nix-index]; - - file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( + hm.home.file.".nix-defexpr/default.nix".text = + optionalString this.isHeadful + ( + let + hostname = strings.escapeNixIdentifier this.hostname; + in '' let - hostname = strings.escapeNixIdentifier this.hostname; - in '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); - }; + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + '' + ); } diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix index 210924a..442a03a 100644 --- a/modules/common/profiles/dev/default.nix +++ b/modules/common/profiles/dev/default.nix @@ -80,7 +80,11 @@ in { packages = with pkgs; [ htmlq + hydra-check jq + nix-index + nix-update + nixpkgs-review yq ]; }; diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix index d3ad661..49be684 100644 --- a/modules/nixos/acme.nix +++ b/modules/nixos/acme.nix @@ -21,6 +21,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/acme"]; + security.acme = { acceptTerms = true; defaults = { diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix index 1350a6a..caf9a38 100644 --- a/modules/nixos/endlessh.nix +++ b/modules/nixos/endlessh.nix @@ -12,6 +12,11 @@ in { port = 22; in mkIf cfg.enable { + ark.directories = [ + "/var/lib/gotify-server" + "/var/lib/private/gotify-server" + ]; + services.endlessh = { enable = true; inherit port; diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix index 5ac3c9c..a42aab3 100644 --- a/modules/nixos/fail2ban.nix +++ b/modules/nixos/fail2ban.nix @@ -11,6 +11,8 @@ in { mkEnableOption "fail2ban"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/fail2ban"]; + services.fail2ban = { enable = true; diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 1a1e61f..ba18849 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -11,8 +11,9 @@ in { enable = mkEnableOption "native Steam runtime"; quirks = { - mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + crusaderKings3 = mkEnableOption ''fixes for "Crusader Kings III" issues''; cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; + mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; }; }; @@ -31,6 +32,16 @@ in { extraLibraries = _: with cfg.quirks; [] + ++ optionals crusaderKings3 [ + ncurses + ] + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) {inherit (config.nixpkgs) config localSystem;}) + .flac + ] ++ optionals mountAndBladeWarband [ (glew.overrideAttrs (_: super: let opname = super.pname; @@ -58,13 +69,6 @@ in { patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so ''; })) - ] - ++ optionals cryptOfTheNecrodancer [ - (import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; - sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; - }) {inherit (config.nixpkgs) config localSystem;}) - .flac ]; }) .run diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 62a200c..9236437 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -24,6 +24,10 @@ in { }; config = mkIf cfg.server.enable { + ark.directories = [ + config.services.gitolite.dataDir + ]; + nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.server.domain} = { diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index e8630c4..c191e38 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -27,6 +27,8 @@ in { db = "grafana"; in mkIf cfg.enable { + ark.directories = [config.services.grafana.dataDir]; + secrets = { grafana-key = { file = "${inputs.self}/secrets/grafana-key"; diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 6d32ec6..16e986c 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -108,6 +108,10 @@ in { } ) ]; + + localDiscovery = true; + + startWhenNeeded = true; }; networking.firewall = rec { diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index 8439ec0..ffa0735 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/lidarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.lidarr.servers."127.0.0.1:8686" = {}; @@ -31,5 +33,9 @@ in { user = "rtorrent"; group = "rtorrent"; }; + + systemd.tmpfiles.rules = with config.services.lidarr; [ + "d /var/lib/lidarr/root 0755 ${user} ${group} - -" + ]; }; } diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index fe3c2eb..90a051c 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -24,6 +24,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = [config.services.loki.configuration.common.path_prefix]; + nixfiles.modules.nginx = with cfg; { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 35647cb..bd19f8b 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -28,6 +28,11 @@ in { db = "dendrite"; in mkIf cfg.enable { + ark.directories = [ + "/var/lib/dendrite" + "/var/lib/private/dendrite" + ]; + secrets.dendrite-private-key = { file = "${inputs.self}/secrets/dendrite-private-key"; mode = "0444"; # The user is dynamic so the file must be world-readable. diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 1117f23..a74ebb4 100644 --- a/modules/nixos/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix @@ -21,6 +21,8 @@ in { port = 8448; in mkIf cfg.enable { + ark.directories = ["/var/lib/matrix-synapse"]; + nixfiles.modules = { nginx = { enable = true; diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix index cbd90d4..8ac7899 100644 --- a/modules/nixos/murmur.nix +++ b/modules/nixos/murmur.nix @@ -10,6 +10,8 @@ in { options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/murmur"]; + secrets.murmur-environment = { file = "${inputs.self}/secrets/murmur-environment"; owner = "murmur"; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index f8510d5..edbe7e5 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -40,6 +40,8 @@ in { }; config = mkIf cfg.enable { + ark.files = [config.services.ntfy-sh.settings.auth-file]; + nixfiles.modules.nginx = { enable = true; upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {}; diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix index c7085ce..89b24b8 100644 --- a/modules/nixos/postgresql.nix +++ b/modules/nixos/postgresql.nix @@ -37,6 +37,8 @@ in { } ]; + ark.directories = [config.services.postgresql.dataDir]; + services = { postgresql = { enable = true; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index c706eae..1551934 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/radarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.radarr.servers."127.0.0.1:7878" = {}; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index c903d39..d072899 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -21,6 +21,8 @@ in { port = 5232; in mkIf cfg.enable { + ark.directories = ["/var/lib/radicale"]; + secrets.radicale-htpasswd = { file = "${inputs.self}/secrets/radicale-htpasswd"; owner = "radicale"; diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix index 166407e..ca25101 100644 --- a/modules/nixos/redis.nix +++ b/modules/nixos/redis.nix @@ -10,6 +10,8 @@ in { options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/redis-default"]; + services = { redis = { servers.default = { diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index fef1070..1fcaac8 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/rss-bridge"]; + nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index 4014a3b..a4cade7 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -31,6 +31,8 @@ in { (let port = 50000; in { + ark.directories = [baseDir]; + systemd = { services.rtorrent = { description = "rTorrent"; diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 5990ff1..2d2feb9 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/sonarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.sonarr.servers."127.0.0.1:8989" = {}; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 79d52eb..d24b79e 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -22,6 +22,8 @@ in { adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; in mkIf cfg.enable { + ark.directories = [config.services.unbound.stateDir]; + nixfiles.modules.redis.enable = true; services = { diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 7d51667..2475ed3 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -21,6 +21,8 @@ in { db = "vaultwarden"; in mkIf cfg.enable { + ark.directories = ["/var/lib/bitwarden_rs"]; + secrets.vaultwarden-environment = { file = "${inputs.self}/secrets/vaultwarden-environment"; owner = "vaultwarden"; diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix index 3db651e..2c53b64 100644 --- a/nixosConfigurations/eonwe/default.nix +++ b/nixosConfigurations/eonwe/default.nix @@ -18,6 +18,7 @@ with lib; { lutris.enable = true; minecraft.client.enable = true; steam.enable = true; + steam-run.quirks.crusaderKings3 = true; }; android.enable = true; bluetooth.enable = true; @@ -26,13 +27,23 @@ with lib; { qutebrowser.enable = true; mpd.enable = true; ipfs.enable = true; + + common.nix.allowedUnfreePackages = ["burpsuite"]; }; hm = { home.packages = with pkgs; [ + burpsuite + gzdoom kdenlive + nikto obs-studio + openmw + openttd radeontop + vcmi + whatweb + zap ]; programs = { diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix index 0667a49..acd625b 100644 --- a/nixosConfigurations/manwe/mailserver.nix +++ b/nixosConfigurations/manwe/mailserver.nix @@ -7,36 +7,46 @@ with lib; { imports = [inputs.simple-nixos-mailserver.nixosModule]; - nixfiles.modules.redis.enable = true; + ark.directories = with config.mailserver; [ + "/var/lib/dovecot" + "/var/lib/postfix" + config.security.dhparams.params.dovecot2.path + dkimKeyDirectory + mailDirectory + sieveDirectory + ]; - secrets = { + secrets = with config.mailserver; { dkim-key-azahi-cc = { file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-rohan-net = { file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-gondor-net = { file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; dkim-key-shire-net = { file = "${inputs.self}/secrets/dkim-key-shire-net"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; + path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key"; + owner = config.services.opendkim.user; + inherit (config.services.opendkim) group; }; }; - nixfiles.modules.acme.enable = true; + nixfiles.modules = { + acme.enable = true; + redis.enable = true; + }; mailserver = let cert = config.certs.${my.domain.shire}; diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix index 340ea8b..2ff8993 100644 --- a/nixosConfigurations/varda/default.nix +++ b/nixosConfigurations/varda/default.nix @@ -5,7 +5,7 @@ with lib; { acme.enable = true; - k3s.enable = true; + k3s.enable = false; }; boot = { diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index 908b6d3..ba298f8 100644 --- a/nixosConfigurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix @@ -14,38 +14,19 @@ with lib; { # ipfs.enable = true; }; - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - # NOTE This is probably not required, but I cannot test this out without - # risking "bricking" my VPS because Kimsufi/OVH doesn't provide a console - # access. This configuration was generated via nixos-infect[1] and at the - # time I didn't bother to test for loaded kernel modules and just left the - # automatically (IIRC) generated `hardware-configuration.nix' as is. - # - # There's, however, no indication that any NVME drives are being used and, - # as the matter of fact, the VPS itself is on KVM, so... I'm still not going - # to risk it, though. - # - # [1]: https://github.com/elitak/nixos-infect - initrd.availableKernelModules = ["nvme"]; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 5; }; fileSystems."/" = { - device = "/dev/sda1"; + device = "/dev/sda2"; fsType = "ext4"; options = ["noatime"]; }; - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; + swapDevices = [{device = "/dev/sda3";}]; zramSwap = { enable = true; -- cgit 1.4.1