From 1e9d5f05b350cec8568b6c2eb4fb4d124e73e926 Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Tue, 2 May 2023 01:27:41 +0300
Subject: 2023-05-02

---
 nixosConfigurations/eonwe/default.nix    | 11 +++++++++
 nixosConfigurations/manwe/mailserver.nix | 40 ++++++++++++++++++++------------
 nixosConfigurations/varda/default.nix    |  2 +-
 nixosConfigurations/yavanna/default.nix  | 31 +++++--------------------
 4 files changed, 43 insertions(+), 41 deletions(-)

(limited to 'nixosConfigurations')

diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index 3db651e..2c53b64 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -18,6 +18,7 @@ with lib; {
       lutris.enable = true;
       minecraft.client.enable = true;
       steam.enable = true;
+      steam-run.quirks.crusaderKings3 = true;
     };
     android.enable = true;
     bluetooth.enable = true;
@@ -26,13 +27,23 @@ with lib; {
     qutebrowser.enable = true;
     mpd.enable = true;
     ipfs.enable = true;
+
+    common.nix.allowedUnfreePackages = ["burpsuite"];
   };
 
   hm = {
     home.packages = with pkgs; [
+      burpsuite
+      gzdoom
       kdenlive
+      nikto
       obs-studio
+      openmw
+      openttd
       radeontop
+      vcmi
+      whatweb
+      zap
     ];
 
     programs = {
diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix
index 0667a49..acd625b 100644
--- a/nixosConfigurations/manwe/mailserver.nix
+++ b/nixosConfigurations/manwe/mailserver.nix
@@ -7,36 +7,46 @@
 with lib; {
   imports = [inputs.simple-nixos-mailserver.nixosModule];
 
-  nixfiles.modules.redis.enable = true;
+  ark.directories = with config.mailserver; [
+    "/var/lib/dovecot"
+    "/var/lib/postfix"
+    config.security.dhparams.params.dovecot2.path
+    dkimKeyDirectory
+    mailDirectory
+    sieveDirectory
+  ];
 
-  secrets = {
+  secrets = with config.mailserver; {
     dkim-key-azahi-cc = {
       file = "${inputs.self}/secrets/dkim-key-azahi-cc";
-      path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.azahi}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-rohan-net = {
       file = "${inputs.self}/secrets/dkim-key-rohan-net";
-      path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.rohan}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-gondor-net = {
       file = "${inputs.self}/secrets/dkim-key-gondor-net";
-      path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.gondor}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
     dkim-key-shire-net = {
       file = "${inputs.self}/secrets/dkim-key-shire-net";
-      path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key";
-      owner = "opendkim";
-      group = "opendkim";
+      path = "${dkimKeyDirectory}/${my.domain.shire}.${dkimSelector}.key";
+      owner = config.services.opendkim.user;
+      inherit (config.services.opendkim) group;
     };
   };
 
-  nixfiles.modules.acme.enable = true;
+  nixfiles.modules = {
+    acme.enable = true;
+    redis.enable = true;
+  };
 
   mailserver = let
     cert = config.certs.${my.domain.shire};
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index 340ea8b..2ff8993 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -5,7 +5,7 @@ with lib; {
 
     acme.enable = true;
 
-    k3s.enable = true;
+    k3s.enable = false;
   };
 
   boot = {
diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix
index 908b6d3..ba298f8 100644
--- a/nixosConfigurations/yavanna/default.nix
+++ b/nixosConfigurations/yavanna/default.nix
@@ -14,38 +14,19 @@ with lib; {
     # ipfs.enable = true;
   };
 
-  boot = {
-    loader.grub = {
-      enable = true;
-      device = "/dev/sda";
-    };
-
-    # NOTE This is probably not required, but I cannot test this out without
-    # risking "bricking" my VPS because Kimsufi/OVH doesn't provide a console
-    # access. This configuration was generated via nixos-infect[1] and at the
-    # time I didn't bother to test for loaded kernel modules and just left the
-    # automatically (IIRC) generated `hardware-configuration.nix' as is.
-    #
-    # There's, however, no indication that any NVME drives are being used and,
-    # as the matter of fact, the VPS itself is on KVM, so... I'm still not going
-    # to risk it, though.
-    #
-    # [1]: https://github.com/elitak/nixos-infect
-    initrd.availableKernelModules = ["nvme"];
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+    configurationLimit = 5;
   };
 
   fileSystems."/" = {
-    device = "/dev/sda1";
+    device = "/dev/sda2";
     fsType = "ext4";
     options = ["noatime"];
   };
 
-  swapDevices = [
-    {
-      device = "/swapfile";
-      size = 4 * 1024;
-    }
-  ];
+  swapDevices = [{device = "/dev/sda3";}];
 
   zramSwap = {
     enable = true;
-- 
cgit v1.2.3