reidlab/nix-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

lint

Browse source
This commit is contained in:
Reid 2024-12-08 18:39:26 -08:00
parent 5030dcf3b6
commit 2232ad3f31
Signed by: reidlab
GPG key ID: DAF5EAF6665839FD
12 changed files with 31 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.editorconfig
View file

@ -3,4 +3,6 @@ root = true
[*] [*]
end_of_line = lf end_of_line = lf
indent_style = space indent_style = space
indent_size = 2 indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true

1
README.md
View file

@ -7,6 +7,7 @@ nix flake config! this is just used on my personal server at the moment
this flake is built for a multi-user experience per host, enforced by [`modules/users.nix`](./modules/users.nix), and found in the `default.nix` file for each host. this flake is built for a multi-user experience per host, enforced by [`modules/users.nix`](./modules/users.nix), and found in the `default.nix` file for each host.
## todo ## todo
- find a better way to do cloudflare ips - find a better way to do cloudflare ips
- per-host architecture selection, atm it is hardcoded to `aarch64` - per-host architecture selection, atm it is hardcoded to `aarch64`
- move common config such as bootloader and networking settings to [`default.nix`](./default.nix) - move common config such as bootloader and networking settings to [`default.nix`](./default.nix)

10
default.nix
View file

@ -6,7 +6,7 @@ let
inherit (lib.my) mapModulesRec'; inherit (lib.my) mapModulesRec';
in { in {
imports = imports =
[ [
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
inputs.vscode-server.nixosModules.default inputs.vscode-server.nixosModules.default
] ]
@ -19,14 +19,14 @@ in {
# might not be needed? see: https://github.com/NixOS/nixpkgs/commit/e456032addae76701eb17e6c03fc515fd78ad74f # might not be needed? see: https://github.com/NixOS/nixpkgs/commit/e456032addae76701eb17e6c03fc515fd78ad74f
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
registry.nixpkgs.flake = inputs.nixpkgs; registry.nixpkgs.flake = inputs.nixpkgs;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true; auto-optimise-store = true;
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
@ -38,7 +38,7 @@ in {
system.configurationRevision = with inputs; mkIf (self ? rev) self.rev; system.configurationRevision = with inputs; mkIf (self ? rev) self.rev;
time.timeZone = mkDefault "America/Los_Angeles"; time.timeZone = mkDefault "America/Los_Angeles";
i18n.defaultLocale = mkDefault "en_US.UTF-8"; i18n.defaultLocale = mkDefault "en_US.UTF-8";
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;

12
flake.nix
View file

@ -15,7 +15,7 @@
inherit (lib.my) mapModules mapModulesRec mapHosts; inherit (lib.my) mapModules mapModulesRec mapHosts;
system = "aarch64-linux"; system = "aarch64-linux";
mkPkgs = pkgs: extraOverlays: mkPkgs = pkgs: extraOverlays:
import pkgs { import pkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
@ -32,19 +32,19 @@
}); });
in { in {
lib = lib.my; lib = lib.my;
overlays = overlays =
(mapModules ./overlays import) (mapModules ./overlays import)
// { // {
default = final: prev: { default = final: prev: {
my = self.packages.${system}; my = self.packages.${system};
}; };
}; };
packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {}); packages."${system}" = mapModules ./packages (p: pkgs.callPackage p {});
nixosModules = mapModulesRec ./modules import; nixosModules = mapModulesRec ./modules import;
nixosConfigurations = mapHosts ./hosts {}; nixosConfigurations = mapHosts ./hosts {};
}; };
} }

12
hosts/nixos-server-reid/hardware.nix
View file

@ -2,16 +2,16 @@
{ {
imports = imports =
[ [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
# TODO: move bootloader, networking, boot speed to another file? # TODO: move bootloader, networking, boot speed to another file?
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { loader = {
# use u-boot over grub # use u-boot over grub
@ -25,7 +25,7 @@
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = swapDevices =
[ ]; [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

2
hosts/nixos-server-reid/webapps/default.nix
View file

@ -19,7 +19,7 @@ in {
nginx-config.enable = true; nginx-config.enable = true;
staticSites = { staticSites = {
"reidlab.pink".dataDir = "/var/www/reidlab.pink"; "reidlab.pink".dataDir = "/var/www/reidlab.pink";
}; };
matomo = { matomo = {

2
lib/default.nix
View file

@ -16,5 +16,5 @@
mylib = mylib =
makeExtensible (self: makeExtensible (self:
mapModules ./. (file: import file {inherit self lib pkgs inputs;})); mapModules ./. (file: import file {inherit self lib pkgs inputs;}));
in in
mylib.extend (self: super: foldr (a: b: a // b) {} (attrValues super)) mylib.extend (self: super: foldr (a: b: a // b) {} (attrValues super))

8
modules/security.nix
View file

@ -9,10 +9,10 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
boot = { boot = {
tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
kernel.sysctl = { kernel.sysctl = {
# magic sysrq key, allows low-level commands through keyboard input # magic sysrq key, allows low-level commands through keyboard input
"kernel.sysrq" = 0; "kernel.sysrq" = 0;

2
modules/services/mysql.nix
View file

@ -26,4 +26,4 @@ in {
}; };
}; };
}; };
} }

2
modules/services/nginx-conf.nix
View file

@ -18,7 +18,7 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

2
modules/services/promtail.yml
View file

@ -17,4 +17,4 @@ scrape_configs:
host: nixos-server-reid host: nixos-server-reid
relabel_configs: relabel_configs:
- source_labels: ["__journal__systemd_unit"] - source_labels: ["__journal__systemd_unit"]
target_label: "unit" target_label: "unit"

2
modules/users.nix
View file

@ -67,7 +67,7 @@ in {
}; };
users.groups = mapAttrs (_: _: {}) config.normalUsers; users.groups = mapAttrs (_: _: {}) config.normalUsers;
users.users = mapAttrs (username: user: (mkMerge [ users.users = mapAttrs (username: user: (mkMerge [
(mkAliasDefinitions options.user) (mkAliasDefinitions options.user)
user.conf user.conf