From 4d0f08a364a6dfc24ad1cfba4cd124f43ddefc63 Mon Sep 17 00:00:00 2001 From: reidlab Date: Sun, 3 Mar 2024 22:43:50 -0800 Subject: [PATCH 01/12] update more documentation --- flake.nix | 2 +- readme.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 3d96afd..3527f24 100755 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Flake-o-rama"; + description = "a collection of personal nix configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; diff --git a/readme.md b/readme.md index 5db5b04..f17cb1b 100755 --- a/readme.md +++ b/readme.md @@ -6,7 +6,7 @@ please do not use this as a learning resource for nix as i have essentially zero ## users -this flake is built for a multi-user experience per host, enforced by `modules/user.nix`, and found in the `default.nix` file for each host. +this flake is built for a multi-user experience per host, enforced by [`modules/users.nix`](./modules/users.nix), and found in the `default.nix` file for each host. as this is a multi-user setup, the `dotfiles` group will be used for read and write access to the flake @@ -23,5 +23,6 @@ before committing, please run `nix flake check` and make sure everything is ok - remove the lua static stuff from nginx + maybe cloudflare ips too - per-host architecture selection, atm it is hardcoded to `aarch64` - some weird perl error abt locales when building using doas - `keepEnv` might fix this +- fix the logrotate error, only patchable with the hack displayed in [`hosts/server/default.nix`](./hosts/server/default.nix) - leverage nixos-hardware - somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup From 4d598a496ab8be7464d60829fe519e979e9e6155 Mon Sep 17 00:00:00 2001 From: reidlab Date: Mon, 11 Mar 2024 17:14:43 -0700 Subject: [PATCH 02/12] oops. dense commit --- default.nix | 4 ++++ flake.lock | 12 ++++++------ hosts/server/default.nix | 16 +++++----------- ...{hardware-configuration.nix => hardware.nix} | 13 +++++++------ modules/keyboard.nix | 17 ----------------- modules/security.nix | 3 +++ readme.md | 7 ++++--- 7 files changed, 29 insertions(+), 43 deletions(-) rename hosts/server/{hardware-configuration.nix => hardware.nix} (81%) delete mode 100755 modules/keyboard.nix diff --git a/default.nix b/default.nix index 47c528e..275d5aa 100755 --- a/default.nix +++ b/default.nix @@ -15,6 +15,7 @@ in { package = pkgs.nix; # flake registry and nix path pinning + # might not be needed? see: https://github.com/NixOS/nixpkgs/commit/e456032addae76701eb17e6c03fc515fd78ad74f nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; registry.nixpkgs.flake = inputs.nixpkgs; @@ -32,6 +33,9 @@ in { }; }; + # set our git revision inside `nixos-version` + system.configurationRevision = with inputs; mkIf (self ? rev) self.rev; + time.timeZone = mkDefault "America/Los_Angeles"; i18n.defaultLocale = mkDefault "en_US.UTF-8"; diff --git a/flake.lock b/flake.lock index 586528d..f566bec 100755 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709485962, - "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", + "lastModified": 1710164657, + "narHash": "sha256-l64+ZjaQAVkHDVaK0VHwtXBdjcBD6nLBD+p7IfyBp/w=", "owner": "nix-community", "repo": "home-manager", - "rev": "d579633ff9915a8f4058d5c439281097e92380a8", + "rev": "017b12de5b899ef9b64e2c035ce257bfe95b8ae2", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1709961763, + "narHash": "sha256-6H95HGJHhEZtyYA3rIQpvamMKAGoa8Yh2rFV29QnuGw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "3030f185ba6a4bf4f18b87f345f104e6a6961f34", "type": "github" }, "original": { diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 7608a91..4757588 100755 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -4,20 +4,18 @@ let in { imports = [ - ./hardware-configuration.nix + ./hardware.nix ./webapps/default.nix ]; users.groups.dotfiles = {}; - # HACK HACK HACK - services.logrotate.checkConfig = false; - # HACK HACK HACK - normalUsers = { reidlab = { conf = { - packages = with pkgs; [ bat tree micro duf ]; + packages = with pkgs; [ + bat btop duf file micro nix-output-monitor tree which + ]; extraGroups = [ "wheel" "dotfiles" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc" @@ -33,11 +31,6 @@ in { }; }; - keyboard = { - locale = "en_US.UTF-8"; - variant = "qwerty"; - }; - modules = { services = { ssh = { @@ -55,6 +48,7 @@ in { security.useDoas = false; }; + # enable networking networking = { hostName = "nixos-server-reid"; networkmanager.enable = true; diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware.nix similarity index 81% rename from hosts/server/hardware-configuration.nix rename to hosts/server/hardware.nix index b880e8d..83a985a 100755 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware.nix @@ -7,10 +7,12 @@ ]; boot = { - initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; initrd.kernelModules = [ ]; - kernelPackages = pkgs.linuxPackages_latest; kernelModules = [ ]; + extraModulePackages = [ ]; + # TODO: move bootloader, networking, boot speed to another file? + kernelPackages = pkgs.linuxPackages_latest; loader = { # use u-boot over grub grub.enable = lib.mkForce false; @@ -18,14 +20,13 @@ }; }; - fileSystems = { - "/" = { + fileSystems."/" = { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; fsType = "ext4"; }; - }; - swapDevices = [ ]; + swapDevices = + [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/keyboard.nix b/modules/keyboard.nix deleted file mode 100755 index 7c39e8d..0000000 --- a/modules/keyboard.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, options, ... }: - -with lib; -let - cfg = config.keyboard; -in { - options.keyboard = { - locale = mkOption { - type = types.str; - default = "en_US.UTF-8"; - }; - variant = mkOption { - type = types.str; - default = ""; - }; - }; -} diff --git a/modules/security.nix b/modules/security.nix index 474b50c..1c6ba49 100755 --- a/modules/security.nix +++ b/modules/security.nix @@ -49,7 +49,10 @@ in { }; security = { + # prevents replacing the kernel without a reboot protectKernelImage = true; + # allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot) + polkit.enable = true; rtkit.enable = true; }; } // (mkIf cfg.useDoas { diff --git a/readme.md b/readme.md index f17cb1b..c94c78a 100755 --- a/readme.md +++ b/readme.md @@ -20,9 +20,10 @@ before committing, please run `nix flake check` and make sure everything is ok ## todo -- remove the lua static stuff from nginx + maybe cloudflare ips too +- remove the lua static stuff from nginx + maybe cloudflare ips too + redis - per-host architecture selection, atm it is hardcoded to `aarch64` - some weird perl error abt locales when building using doas - `keepEnv` might fix this -- fix the logrotate error, only patchable with the hack displayed in [`hosts/server/default.nix`](./hosts/server/default.nix) +- move common config such as bootloader and networking settings to [`default.nix`](./default.nix) +- swap back to hardened kernel - leverage nixos-hardware -- somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup +- somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup - we can always give this up if needed From 913572b7709e7f02b205204bb1b49f59499f4e82 Mon Sep 17 00:00:00 2001 From: reidlab Date: Mon, 11 Mar 2024 17:31:10 -0700 Subject: [PATCH 03/12] fix import --- default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default.nix b/default.nix index 275d5aa..79c1614 100755 --- a/default.nix +++ b/default.nix @@ -2,7 +2,7 @@ let inherit (builtins) toString; - inherit (lib.modules) mkDefault; + inherit (lib.modules) mkDefault mkIf; inherit (lib.my) mapModulesRec'; in { imports = From 68737c75e34279a9e84f1475de2828b59ea1bbdf Mon Sep 17 00:00:00 2001 From: reidlab Date: Tue, 19 Mar 2024 22:47:33 -0700 Subject: [PATCH 04/12] some nginx log and access changes --- modules/services/nginx-conf.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/services/nginx-conf.nix b/modules/services/nginx-conf.nix index f446f57..dd3c378 100755 --- a/modules/services/nginx-conf.nix +++ b/modules/services/nginx-conf.nix @@ -5,7 +5,7 @@ let cfg = config.modules.services.nginx-config; in { options.modules.services.nginx-config = { - enable = mkEnableOption "enable nginx, a high performance web server along with default configurations"; + enable = mkEnableOption "enable and configure nginx. you know what nginx is."; package = mkOption { type = types.package; @@ -28,6 +28,7 @@ in { security.acme = { acceptTerms = true; defaults.email = "reidlab325@gmail.com"; + # uncomment me for staging! # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; }; @@ -40,8 +41,6 @@ in { recommendedGzipSettings = true; recommendedProxySettings = true; - logError = "stderr warn"; - # TODO: clean this up oh my god like everything here :sob: im vomiting shaking and crying looking at this. commonHttpConfig = let # lua @@ -98,6 +97,9 @@ in { ${realIpsFromList cfipv6} real_ip_header CF-Connecting-IP; ''; + + # this prevents invalid domains and direct ip access from being used + virtualHosts."_".locations."/".return = "444"; }; networking.firewall.allowedTCPPorts = [ 443 80 ]; From 40eaef3d59543e60d5c066241e86004e69baf7e5 Mon Sep 17 00:00:00 2001 From: reidlab Date: Tue, 19 Mar 2024 22:58:07 -0700 Subject: [PATCH 05/12] oops --- modules/services/nginx-conf.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/services/nginx-conf.nix b/modules/services/nginx-conf.nix index dd3c378..84a40ab 100755 --- a/modules/services/nginx-conf.nix +++ b/modules/services/nginx-conf.nix @@ -97,9 +97,6 @@ in { ${realIpsFromList cfipv6} real_ip_header CF-Connecting-IP; ''; - - # this prevents invalid domains and direct ip access from being used - virtualHosts."_".locations."/".return = "444"; }; networking.firewall.allowedTCPPorts = [ 443 80 ]; From a464099e1fc84399223e93f62754cf2e7603dbb7 Mon Sep 17 00:00:00 2001 From: reidlab Date: Sun, 24 Mar 2024 16:13:39 -0700 Subject: [PATCH 06/12] remove metrics --- hosts/server/webapps/default.nix | 6 -- modules/services/loki.yml | 55 ------------------ modules/services/metrics.nix | 95 -------------------------------- modules/services/promtail.yml | 20 ------- 4 files changed, 176 deletions(-) delete mode 100644 modules/services/loki.yml delete mode 100644 modules/services/metrics.nix delete mode 100644 modules/services/promtail.yml diff --git a/hosts/server/webapps/default.nix b/hosts/server/webapps/default.nix index cdacaeb..a768112 100755 --- a/hosts/server/webapps/default.nix +++ b/hosts/server/webapps/default.nix @@ -12,12 +12,6 @@ in { port = 3000; }; - metrics = { - enable = false; - domain = "metrics.reidlab.online"; - port = 2342; - }; - # you should probably keep this on # configures acme, gzip, optimization, proxy, and ssl config # opens ports and adds some Headers diff --git a/modules/services/loki.yml b/modules/services/loki.yml deleted file mode 100644 index 6c47d51..0000000 --- a/modules/services/loki.yml +++ /dev/null @@ -1,55 +0,0 @@ -auth_enabled: false - -server: - http_listen_port: 3100 - -ingester: - lifecycler: - address: 0.0.0.0 - ring: - kvstore: - store: inmemory - replication_factor: 1 - final_sleep: 0s - chunk_idle_period: 1h # Any chunk not receiving new logs in this time will be flushed - max_chunk_age: 1h # All chunks will be flushed when they hit this age, default is 1h - chunk_target_size: 1048576 # Loki will attempt to build chunks up to 1.5MB, flushing first if chunk_idle_period or max_chunk_age is reached first - chunk_retain_period: 30s # Must be greater than index read cache TTL if using an index cache (Default index read cache TTL is 5m) - max_transfer_retries: 0 # Chunk transfers disabled - -schema_config: - configs: - - from: 2023-12-08 - store: boltdb-shipper - object_store: filesystem - schema: v11 - index: - prefix: index_ - period: 24h - -storage_config: - boltdb_shipper: - active_index_directory: /var/lib/loki/boltdb-shipper-active - cache_location: /var/lib/loki/boltdb-shipper-cache - cache_ttl: 24h # Can be increased for faster performance over longer query periods, uses more disk space - shared_store: filesystem - filesystem: - directory: /var/lib/loki/chunks - -limits_config: - reject_old_samples: true - reject_old_samples_max_age: 168h - -chunk_store_config: - max_look_back_period: 0s - -table_manager: - retention_deletes_enabled: false - retention_period: 0s - -compactor: - working_directory: /var/lib/loki - shared_store: filesystem - compactor_ring: - kvstore: - store: inmemory \ No newline at end of file diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix deleted file mode 100644 index 1cbd26b..0000000 --- a/modules/services/metrics.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, lib, pkgs, options, ... }: - -with lib; -let - cfg = config.modules.services.metrics; -in { - options.modules.services.metrics = { - enable = mkEnableOption "enable grafana with loki, prometheus, and promtail"; - domain = mkOption { - type = types.str; - default = "grafana.reidlab.online"; - }; - port = mkOption { - type = types.int; - default = 2342; - }; - }; - - config = mkIf cfg.enable { - systemd.services.promtail = { - description = "promtail, an agent for loki"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = '' - ${pkgs.grafana-loki}/bin/promtail --config.file ${./promtail.yml} - ''; - }; - }; - services = { - grafana = { - enable = true; - - settings = { - server = { - domain = cfg.domain; - http_port = cfg.port; - http_addr = "127.0.0.1"; - }; - }; - }; - - prometheus = let - ports = { - base = 9001; - node = 9002; - nginx = 9003; - }; - in { - enable = true; - port = ports.base; - - exporters = { - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - port = ports.node; - }; - nginx = { - enable = true; - port = ports.nginx; - }; - }; - - scrapeConfigs = [ - { - job_name = "nixos-server-reid"; - static_configs = [{ - targets = [ - "127.0.0.1:${toString ports.node}" - "127.0.0.1:${toString ports.nginx}" - ]; - }]; - } - ]; - }; - - loki = { - enable = true; - configFile = ./loki.yml; - }; - - nginx.statusPage = true; - - nginx.virtualHosts."${cfg.domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString cfg.port}"; - proxyWebsockets = true; - }; - }; - }; - }; -} diff --git a/modules/services/promtail.yml b/modules/services/promtail.yml deleted file mode 100644 index 1085e65..0000000 --- a/modules/services/promtail.yml +++ /dev/null @@ -1,20 +0,0 @@ -server: - http_listen_port: 28183 - grpc_listen_port: 0 - -positions: - filename: /tmp/positions.yaml - -clients: - - url: http://127.0.0.1:3100/loki/api/v1/push - -scrape_configs: - - job_name: journal - journal: - max_age: 12h - labels: - job: systemd-journal - host: nixos-server-reid - relabel_configs: - - source_labels: ["__journal__systemd_unit"] - target_label: "unit" \ No newline at end of file From 1696ae74116bc93f31b9a128c17ee9ada1554fbf Mon Sep 17 00:00:00 2001 From: reidlab Date: Mon, 25 Mar 2024 17:49:51 -0700 Subject: [PATCH 07/12] remove dotfiles group --- hosts/server/default.nix | 2 -- readme.md | 2 -- 2 files changed, 4 deletions(-) diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 4757588..b3cba60 100755 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -8,8 +8,6 @@ in { ./webapps/default.nix ]; - users.groups.dotfiles = {}; - normalUsers = { reidlab = { conf = { diff --git a/readme.md b/readme.md index c94c78a..f3e466b 100755 --- a/readme.md +++ b/readme.md @@ -8,8 +8,6 @@ please do not use this as a learning resource for nix as i have essentially zero this flake is built for a multi-user experience per host, enforced by [`modules/users.nix`](./modules/users.nix), and found in the `default.nix` file for each host. -as this is a multi-user setup, the `dotfiles` group will be used for read and write access to the flake - ## development to build the system, run `sudo nixos-rebuild switch --flake .#server` From b71ef36f57d0b9374397a80d4b49beb1717d50ba Mon Sep 17 00:00:00 2001 From: reidlab Date: Mon, 25 Mar 2024 18:05:45 -0700 Subject: [PATCH 08/12] reorganization + todo --- modules/security.nix | 4 ++-- readme.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/security.nix b/modules/security.nix index 1c6ba49..c9a2d1d 100755 --- a/modules/security.nix +++ b/modules/security.nix @@ -23,7 +23,7 @@ in { # do not accept IP source packets (we are not a router) "net.ipv4.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0; - # Don't send ICMP redirects (again, we're not a router) + # don't send ICMP redirects (again, we're not a router) "net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0; # refuse ICMP redirects (MITM mitigations) @@ -52,8 +52,8 @@ in { # prevents replacing the kernel without a reboot protectKernelImage = true; # allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot) - polkit.enable = true; rtkit.enable = true; + polkit.enable = true; }; } // (mkIf cfg.useDoas { security.sudo.enable = false; diff --git a/readme.md b/readme.md index f3e466b..68530cc 100755 --- a/readme.md +++ b/readme.md @@ -25,3 +25,4 @@ before committing, please run `nix flake check` and make sure everything is ok - swap back to hardened kernel - leverage nixos-hardware - somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup - we can always give this up if needed +- flake-parts From cf60caa311a41ee1f367909e8481f0631b949b76 Mon Sep 17 00:00:00 2001 From: reidlab Date: Mon, 25 Mar 2024 19:12:23 -0700 Subject: [PATCH 09/12] change folder name for server host --- hosts/{server => nixos-server-reid}/default.nix | 7 ++----- hosts/{server => nixos-server-reid}/hardware.nix | 0 hosts/{server => nixos-server-reid}/webapps/default.nix | 0 3 files changed, 2 insertions(+), 5 deletions(-) rename hosts/{server => nixos-server-reid}/default.nix (88%) rename hosts/{server => nixos-server-reid}/hardware.nix (100%) rename hosts/{server => nixos-server-reid}/webapps/default.nix (100%) diff --git a/hosts/server/default.nix b/hosts/nixos-server-reid/default.nix similarity index 88% rename from hosts/server/default.nix rename to hosts/nixos-server-reid/default.nix index b3cba60..03e1335 100755 --- a/hosts/server/default.nix +++ b/hosts/nixos-server-reid/default.nix @@ -46,9 +46,6 @@ in { security.useDoas = false; }; - # enable networking - networking = { - hostName = "nixos-server-reid"; - networkmanager.enable = true; - }; + # enable network manager - probably not the best on a single server but Oh Well + networking.networkmanager.enable = true; } diff --git a/hosts/server/hardware.nix b/hosts/nixos-server-reid/hardware.nix similarity index 100% rename from hosts/server/hardware.nix rename to hosts/nixos-server-reid/hardware.nix diff --git a/hosts/server/webapps/default.nix b/hosts/nixos-server-reid/webapps/default.nix similarity index 100% rename from hosts/server/webapps/default.nix rename to hosts/nixos-server-reid/webapps/default.nix From 8251040b04686ff0d26d9b1b8e681b4c0e7b9143 Mon Sep 17 00:00:00 2001 From: reidlab Date: Wed, 27 Mar 2024 23:10:34 -0700 Subject: [PATCH 10/12] security.nix adjustments... --- modules/security.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/security.nix b/modules/security.nix index c9a2d1d..1fdc7bc 100755 --- a/modules/security.nix +++ b/modules/security.nix @@ -5,7 +5,7 @@ let cfg = config.modules.security; in { options.modules.security = { - useDoas = mkEnableOption "use doas instead of sudo"; + useDoas = mkEnableOption "use opendoas instead of sudo"; }; config = mkIf cfg.enable { @@ -51,10 +51,14 @@ in { security = { # prevents replacing the kernel without a reboot protectKernelImage = true; - # allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot) + # rtkit allows unprivileged processes to use realtime scheduling + # polkit allows unprivileged processes to speak to privileged processes (ex. nmtui, reboot) rtkit.enable = true; polkit.enable = true; }; + + # while this is on by default, i am going to explicitly specify this + networking.firewall.enable = true; } // (mkIf cfg.useDoas { security.sudo.enable = false; security.doas.enable = true; From bb3199ae0279cdd1a0fbe14260f04e9dd111e763 Mon Sep 17 00:00:00 2001 From: reidlab Date: Thu, 28 Mar 2024 00:56:20 -0700 Subject: [PATCH 11/12] change repo name --- readme.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/readme.md b/readme.md index 68530cc..813af11 100755 --- a/readme.md +++ b/readme.md @@ -1,21 +1,11 @@ -# flake-o-rama +# nix-server nix flake config! this is just used on my personal server at the moment -please do not use this as a learning resource for nix as i have essentially zero clue what i'm doing - ## users this flake is built for a multi-user experience per host, enforced by [`modules/users.nix`](./modules/users.nix), and found in the `default.nix` file for each host. -## development - -to build the system, run `sudo nixos-rebuild switch --flake .#server` - -please periodically run `nix flake update` to make sure we arent slacking on package versions - -before committing, please run `nix flake check` and make sure everything is ok - ## todo - remove the lua static stuff from nginx + maybe cloudflare ips too + redis @@ -26,3 +16,4 @@ before committing, please run `nix flake check` and make sure everything is ok - leverage nixos-hardware - somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup - we can always give this up if needed - flake-parts +- god im ruining everything for myself. maybe just make another repo for desktops From e70934e174e74209c7d410c05260c82bde4ce0da Mon Sep 17 00:00:00 2001 From: reidlab Date: Wed, 8 May 2024 22:10:03 -0700 Subject: [PATCH 12/12] change a Xomment --- hosts/nixos-server-reid/webapps/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/nixos-server-reid/webapps/default.nix b/hosts/nixos-server-reid/webapps/default.nix index a768112..02cd416 100755 --- a/hosts/nixos-server-reid/webapps/default.nix +++ b/hosts/nixos-server-reid/webapps/default.nix @@ -13,8 +13,9 @@ in { }; # you should probably keep this on - # configures acme, gzip, optimization, proxy, and ssl config - # opens ports and adds some Headers + # actually enables nginx, configures acme, + # gzip, optimization, proxy, ssl config, + # opens ports, and adds some Headers nginx-config = { enable = true; defaultLuaPackagePath = /var/www/reidlab.online/lua;