From 1e9d5f05b350cec8568b6c2eb4fb4d124e73e926 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Tue, 2 May 2023 01:27:41 +0300 Subject: 2023-05-02 --- modules/nixos/acme.nix | 2 ++ modules/nixos/endlessh.nix | 5 +++++ modules/nixos/fail2ban.nix | 2 ++ modules/nixos/games/steam-run.nix | 20 ++++++++++++-------- modules/nixos/git/default.nix | 4 ++++ modules/nixos/grafana.nix | 2 ++ modules/nixos/ipfs.nix | 4 ++++ modules/nixos/lidarr.nix | 6 ++++++ modules/nixos/loki.nix | 2 ++ modules/nixos/matrix/dendrite.nix | 5 +++++ modules/nixos/matrix/synapse.nix | 2 ++ modules/nixos/murmur.nix | 2 ++ modules/nixos/ntfy.nix | 2 ++ modules/nixos/postgresql.nix | 2 ++ modules/nixos/radarr.nix | 2 ++ modules/nixos/radicale.nix | 2 ++ modules/nixos/redis.nix | 2 ++ modules/nixos/rss-bridge.nix | 2 ++ modules/nixos/rtorrent.nix | 2 ++ modules/nixos/sonarr.nix | 2 ++ modules/nixos/unbound.nix | 2 ++ modules/nixos/vaultwarden.nix | 2 ++ 22 files changed, 68 insertions(+), 8 deletions(-) (limited to 'modules/nixos') diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix index d3ad661..49be684 100644 --- a/modules/nixos/acme.nix +++ b/modules/nixos/acme.nix @@ -21,6 +21,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/acme"]; + security.acme = { acceptTerms = true; defaults = { diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix index 1350a6a..caf9a38 100644 --- a/modules/nixos/endlessh.nix +++ b/modules/nixos/endlessh.nix @@ -12,6 +12,11 @@ in { port = 22; in mkIf cfg.enable { + ark.directories = [ + "/var/lib/gotify-server" + "/var/lib/private/gotify-server" + ]; + services.endlessh = { enable = true; inherit port; diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix index 5ac3c9c..a42aab3 100644 --- a/modules/nixos/fail2ban.nix +++ b/modules/nixos/fail2ban.nix @@ -11,6 +11,8 @@ in { mkEnableOption "fail2ban"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/fail2ban"]; + services.fail2ban = { enable = true; diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix index 1a1e61f..ba18849 100644 --- a/modules/nixos/games/steam-run.nix +++ b/modules/nixos/games/steam-run.nix @@ -11,8 +11,9 @@ in { enable = mkEnableOption "native Steam runtime"; quirks = { - mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + crusaderKings3 = mkEnableOption ''fixes for "Crusader Kings III" issues''; cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; + mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; }; }; @@ -31,6 +32,16 @@ in { extraLibraries = _: with cfg.quirks; [] + ++ optionals crusaderKings3 [ + ncurses + ] + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) {inherit (config.nixpkgs) config localSystem;}) + .flac + ] ++ optionals mountAndBladeWarband [ (glew.overrideAttrs (_: super: let opname = super.pname; @@ -58,13 +69,6 @@ in { patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so ''; })) - ] - ++ optionals cryptOfTheNecrodancer [ - (import (builtins.fetchTarball { - url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; - sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; - }) {inherit (config.nixpkgs) config localSystem;}) - .flac ]; }) .run diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 62a200c..9236437 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -24,6 +24,10 @@ in { }; config = mkIf cfg.server.enable { + ark.directories = [ + config.services.gitolite.dataDir + ]; + nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.server.domain} = { diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index e8630c4..c191e38 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -27,6 +27,8 @@ in { db = "grafana"; in mkIf cfg.enable { + ark.directories = [config.services.grafana.dataDir]; + secrets = { grafana-key = { file = "${inputs.self}/secrets/grafana-key"; diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 6d32ec6..16e986c 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -108,6 +108,10 @@ in { } ) ]; + + localDiscovery = true; + + startWhenNeeded = true; }; networking.firewall = rec { diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index 8439ec0..ffa0735 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/lidarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.lidarr.servers."127.0.0.1:8686" = {}; @@ -31,5 +33,9 @@ in { user = "rtorrent"; group = "rtorrent"; }; + + systemd.tmpfiles.rules = with config.services.lidarr; [ + "d /var/lib/lidarr/root 0755 ${user} ${group} - -" + ]; }; } diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index fe3c2eb..90a051c 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -24,6 +24,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = [config.services.loki.configuration.common.path_prefix]; + nixfiles.modules.nginx = with cfg; { enable = true; upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix index 35647cb..bd19f8b 100644 --- a/modules/nixos/matrix/dendrite.nix +++ b/modules/nixos/matrix/dendrite.nix @@ -28,6 +28,11 @@ in { db = "dendrite"; in mkIf cfg.enable { + ark.directories = [ + "/var/lib/dendrite" + "/var/lib/private/dendrite" + ]; + secrets.dendrite-private-key = { file = "${inputs.self}/secrets/dendrite-private-key"; mode = "0444"; # The user is dynamic so the file must be world-readable. diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix index 1117f23..a74ebb4 100644 --- a/modules/nixos/matrix/synapse.nix +++ b/modules/nixos/matrix/synapse.nix @@ -21,6 +21,8 @@ in { port = 8448; in mkIf cfg.enable { + ark.directories = ["/var/lib/matrix-synapse"]; + nixfiles.modules = { nginx = { enable = true; diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix index cbd90d4..8ac7899 100644 --- a/modules/nixos/murmur.nix +++ b/modules/nixos/murmur.nix @@ -10,6 +10,8 @@ in { options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/murmur"]; + secrets.murmur-environment = { file = "${inputs.self}/secrets/murmur-environment"; owner = "murmur"; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index f8510d5..edbe7e5 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -40,6 +40,8 @@ in { }; config = mkIf cfg.enable { + ark.files = [config.services.ntfy-sh.settings.auth-file]; + nixfiles.modules.nginx = { enable = true; upstreams.ntfy.servers.${config.services.ntfy-sh.settings.listen-http} = {}; diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix index c7085ce..89b24b8 100644 --- a/modules/nixos/postgresql.nix +++ b/modules/nixos/postgresql.nix @@ -37,6 +37,8 @@ in { } ]; + ark.directories = [config.services.postgresql.dataDir]; + services = { postgresql = { enable = true; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index c706eae..1551934 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/radarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.radarr.servers."127.0.0.1:7878" = {}; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index c903d39..d072899 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -21,6 +21,8 @@ in { port = 5232; in mkIf cfg.enable { + ark.directories = ["/var/lib/radicale"]; + secrets.radicale-htpasswd = { file = "${inputs.self}/secrets/radicale-htpasswd"; owner = "radicale"; diff --git a/modules/nixos/redis.nix b/modules/nixos/redis.nix index 166407e..ca25101 100644 --- a/modules/nixos/redis.nix +++ b/modules/nixos/redis.nix @@ -10,6 +10,8 @@ in { options.nixfiles.modules.redis.enable = mkEnableOption "Redis"; config = mkIf cfg.enable { + ark.directories = ["/var/lib/redis-default"]; + services = { redis = { servers.default = { diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index fef1070..1fcaac8 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/rss-bridge"]; + nixfiles.modules.nginx = { enable = true; virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index 4014a3b..a4cade7 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -31,6 +31,8 @@ in { (let port = 50000; in { + ark.directories = [baseDir]; + systemd = { services.rtorrent = { description = "rTorrent"; diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 5990ff1..2d2feb9 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -17,6 +17,8 @@ in { }; config = mkIf cfg.enable { + ark.directories = ["/var/lib/sonarr"]; + nixfiles.modules.nginx = { enable = true; upstreams.sonarr.servers."127.0.0.1:8989" = {}; diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix index 79d52eb..d24b79e 100644 --- a/modules/nixos/unbound.nix +++ b/modules/nixos/unbound.nix @@ -22,6 +22,8 @@ in { adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; in mkIf cfg.enable { + ark.directories = [config.services.unbound.stateDir]; + nixfiles.modules.redis.enable = true; services = { diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix index 7d51667..2475ed3 100644 --- a/modules/nixos/vaultwarden.nix +++ b/modules/nixos/vaultwarden.nix @@ -21,6 +21,8 @@ in { db = "vaultwarden"; in mkIf cfg.enable { + ark.directories = ["/var/lib/bitwarden_rs"]; + secrets.vaultwarden-environment = { file = "${inputs.self}/secrets/vaultwarden-environment"; owner = "vaultwarden"; -- cgit v1.2.3