diff options
| -rw-r--r-- | config/acme-sh.nix | 8 | ||||
| -rw-r--r-- | config/borg-backup.nix | 7 | ||||
| -rw-r--r-- | config/container.nix | 7 | ||||
| -rw-r--r-- | config/dns.nix | 17 | ||||
| -rw-r--r-- | config/hydra.nix | 28 | ||||
| -rw-r--r-- | config/keycloak.nix | 3 | ||||
| -rw-r--r-- | config/laptop.nix | 20 | ||||
| -rw-r--r-- | flake.lock | 30 | ||||
| -rw-r--r-- | flake.nix | 6 | ||||
| -rw-r--r-- | machines/dragon.nix | 4 | ||||
| -rw-r--r-- | machines/x1-pincer.nix | 1 | ||||
| -rw-r--r-- | machines/x220-aji.nix | 1 | ||||
| -rw-r--r-- | modules/common.nix | 21 | ||||
| -rw-r--r-- | modules/monitoring.nix | 20 | ||||
| -rw-r--r-- | modules/nextcloud.nix | 3 | ||||
| -rw-r--r-- | modules/thinkpad.nix | 6 |
16 files changed, 68 insertions, 114 deletions
diff --git a/config/acme-sh.nix b/config/acme-sh.nix index 41cca88..95a6c4f 100644 --- a/config/acme-sh.nix +++ b/config/acme-sh.nix @@ -1,7 +1,3 @@ { config, lib, pkgs, ... }: -let - acme-sh = pkgs.callPackage ../pkgs/acme-sh/default.nix {}; -in -{ - environment.systemPackages = [ acme-sh ]; -} +let acme-sh = pkgs.callPackage ../pkgs/acme-sh/default.nix { }; +in { environment.systemPackages = [ acme-sh ]; } diff --git a/config/borg-backup.nix b/config/borg-backup.nix index fe31144..188fd06 100644 --- a/config/borg-backup.nix +++ b/config/borg-backup.nix @@ -9,8 +9,7 @@ let repo = "storage"; repo_path = lib.removePrefix "/" path; }; -in -{ +in { systemd.services.borg-backup = { description = "Run backups."; path = with pkgs; [ borgbackup rsync openssh ]; @@ -57,9 +56,7 @@ in description = "Find latest backup probe timestamp."; path = with pkgs; [ borgbackup rsync openssh sshfs moreutils ]; startAt = "06:30"; - serviceConfig = { - PrivateTmp = true; - }; + serviceConfig = { PrivateTmp = true; }; environment = { BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup"; BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; diff --git a/config/container.nix b/config/container.nix index 60cb2d9..0c81251 100644 --- a/config/container.nix +++ b/config/container.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: { boot.isContainer = true; networking.firewall.allowedTCPPorts = [ 22 ]; services = { @@ -12,8 +11,6 @@ ln -fs $systemConfig/init /sbin/init ''; boot.specialFileSystems = { - "/dev/pts" = { - options = lib.mkAfter [ "ptmxmode=666" ]; - }; + "/dev/pts" = { options = lib.mkAfter [ "ptmxmode=666" ]; }; }; } diff --git a/config/dns.nix b/config/dns.nix index d0e67c0..c1172ef 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -4,8 +4,7 @@ let masterZones = [ "tommvo.com" "orbekk.com" "orbekk.no" ]; zone-files = pkgs.callPackage ../pkgs/zone-files/default.nix { }; -in -{ +in { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; @@ -13,17 +12,9 @@ in services.bind = { enable = true; - forwarders = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - cacheNetworks = [ - "::1/128" - "127.0.0.0/24" - "10.0.0.0/8" - ]; + forwarders = + [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + cacheNetworks = [ "::1/128" "127.0.0.0/24" "10.0.0.0/8" ]; extraOptions = '' serial-update-method unixtime; listen-on-v6 { 2001:470:8e2e:20::d; }; diff --git a/config/hydra.nix b/config/hydra.nix index cb9c8e6..5ebc605 100644 --- a/config/hydra.nix +++ b/config/hydra.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -let - hydraPort = (import ../data/aliases.nix).services.hydra.port; -in -{ +let hydraPort = (import ../data/aliases.nix).services.hydra.port; +in { networking.firewall.allowedTCPPorts = [ hydraPort ]; virtualisation.virtualbox.host.enable = true; @@ -11,7 +9,7 @@ in enable = true; hydraURL = "https://hydra.orbekk.com"; notificationSender = "kj+hydra@orbekk.com"; - buildMachinesFiles = []; + buildMachinesFiles = [ ]; useSubstitutes = true; port = hydraPort; extraConfig = '' @@ -40,24 +38,20 @@ in touch /opt/secret/hydra_key/initialized fi ''; - }; + }; nix = { distributedBuilds = true; nrBuildUsers = 30; # Enable this if I run low on disk. gc.automatic = lib.mkForce false; - buildMachines = [ - { - hostName = "localhost"; - systems = [ "x86_64-linux" "i686-linux" ]; - maxJobs = "16"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; - } - ]; + buildMachines = [{ + hostName = "localhost"; + systems = [ "x86_64-linux" "i686-linux" ]; + maxJobs = "16"; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + }]; extraOptions = "auto-optimise-store = true"; }; - nixpkgs.config = { - allowUnfree = true; - }; + nixpkgs.config = { allowUnfree = true; }; } diff --git a/config/keycloak.nix b/config/keycloak.nix index fb02dc2..7209d8e 100644 --- a/config/keycloak.nix +++ b/config/keycloak.nix @@ -7,7 +7,8 @@ enable = true; settings.hostname = "auth.orbekk.com"; settings.log-level = "INFO"; - settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port; + settings.http-port = + (import ../data/aliases.nix).services.keycloak.http-port; settings.hostname-strict-https = false; settings.proxy = "edge"; database.type = "postgresql"; diff --git a/config/laptop.nix b/config/laptop.nix deleted file mode 100644 index 230d513..0000000 --- a/config/laptop.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - boot = { - loader = { - systemd-boot.enable = true; - # systemd-boot.memtest86.enable = true; - timeout = 0; - efi.canTouchEfiVariables = true; - }; - }; - - networking = { - networkmanager.enable = lib.mkDefault true; - firewall.enable = lib.mkDefault true; - }; - -}; - - -} @@ -24,11 +24,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1669290739, - "narHash": "sha256-0QT6o7lv4UZDR3qaneCsN51erLFpLhsTVrYJLv9JDlE=", + "lastModified": 1669898266, + "narHash": "sha256-1gsmlz+ftMKg6crJOcghVOYqRiXmdmt1sAR9He4CuKI=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fa293d98210547e943c1e64df8d0e0aa24174eab", + "rev": "9e53c246a9f9db278b8e881b796f099119befe79", "type": "github" }, "original": { @@ -54,11 +54,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1669146234, - "narHash": "sha256-HEby7EG1yaq1oT2Ze6Cvok9CFju1XHkSvVHmkptLW9U=", + "lastModified": 1669650994, + "narHash": "sha256-uwASLUfedIQ5q01TtMwZDEV2HCZr5nVPZjzVgCG+D5I=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "0099253ad0b5283f06ffe31cf010af3f9ad7837d", + "rev": "7883883d135ce5b7eae5dce4bfa12262b85c1c46", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1669140675, - "narHash": "sha256-npzfyfLECsJWgzK/M4gWhykP2DNAJTYjgY2BWkz/oEQ=", + "lastModified": 1669791787, + "narHash": "sha256-KBfoA2fOI5+wCrm7PR+j7jHqXeTkVRPQ0m5fcKchyuU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2788904d26dda6cfa1921c5abb7a2466ffe3cb8c", + "rev": "e76c78d20685a043d23f5f9e0ccd2203997f1fb1", "type": "github" }, "original": { @@ -103,8 +103,8 @@ "nixpkgs_2": { "locked": { "lastModified": 0, - "narHash": "sha256-A2B7rlFKmBikRwz/cmayWcTAhyIOdp2whjVCDGhg9Xw=", - "path": "/nix/store/0jd2s12864n6qkgxviwqgg9glrw3mrk4-source", + "narHash": "sha256-st3uS3X/qIdyleFN3HUmDJkqIhHfkgxuDK3J8XyQwls=", + "path": "/nix/store/4i356n8msrnpl93w9ark7pxnxw1xss30-source", "type": "path" }, "original": { @@ -114,16 +114,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1669196918, - "narHash": "sha256-st3uS3X/qIdyleFN3HUmDJkqIhHfkgxuDK3J8XyQwls=", + "lastModified": 1669834992, + "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f10cdcf31dd2a436edbf7f0ad82c44b911804bc8", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.05", + "ref": "nixos-22.11", "repo": "nixpkgs", "type": "github" } @@ -1,5 +1,5 @@ { - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; inputs.nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; inputs.nixos-hardware.url = "github:NixOS/nixos-hardware/master"; inputs.emacs-overlay.url = "github:nix-community/emacs-overlay"; @@ -88,7 +88,9 @@ { hostName = "dragon"; } { hostName = "firelink"; } { hostName = "tiny1"; } - { hostName = "minideck"; } + { + hostName = "minideck"; + } # { hostName = "testvm"; module = { # users.users.orbekk.initialHashedPassword = ""; # }; } diff --git a/machines/dragon.nix b/machines/dragon.nix index b892f49..7ddcb02 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -131,8 +131,8 @@ in { swapDevices = [ ]; - nix.trustedUsers = [ "builder" ]; - nix.maxJobs = lib.mkDefault 8; + nix.settings.trusted-users = [ "builder" ]; + nix.settings.max-jobs = lib.mkDefault 8; powerManagement.cpuFreqGovernor = "ondemand"; hardware.enableRedistributableFirmware = lib.mkDefault true; } diff --git a/machines/x1-pincer.nix b/machines/x1-pincer.nix index 7f8fe96..7c6ab47 100644 --- a/machines/x1-pincer.nix +++ b/machines/x1-pincer.nix @@ -139,7 +139,6 @@ let ports = { # hardware-configuration.nix boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "sd_mod" ]; - nix.maxJobs = lib.mkDefault 4; hardware.enableRedistributableFirmware = lib.mkDefault true; system.stateVersion = "17.04"; } diff --git a/machines/x220-aji.nix b/machines/x220-aji.nix index b05f16a..6f02a42 100644 --- a/machines/x220-aji.nix +++ b/machines/x220-aji.nix @@ -2,7 +2,6 @@ { imports = [ ../config/desktop.nix - ../config/laptop.nix ../config/thinkpad.nix ../config/yubikey.nix ../config/postgresql.nix diff --git a/modules/common.nix b/modules/common.nix index 1c9af79..241ab77 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -89,23 +89,24 @@ }; nix = rec { - useSandbox = lib.mkDefault true; - maxJobs = lib.mkOverride 110 16; - buildCores = lib.mkDefault 0; # auto configure + settings = { + sandbox = lib.mkDefault true; + cores = lib.mkDefault 0; # auto configure + substituters = [ + "https://nix-community.cachix.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + auto-optimise-store = true; + }; gc.automatic = lib.mkDefault true; - binaryCaches = [ - "https://nix-community.cachix.org" - ]; - binaryCachePublicKeys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; daemonCPUSchedPolicy = "idle"; daemonIOSchedPriority = 10; package = pkgs.nixFlakes; extraOptions = '' experimental-features = nix-command flakes ''; - autoOptimiseStore = true; }; boot.cleanTmpDir = true; diff --git a/modules/monitoring.nix b/modules/monitoring.nix index 65e292d..fd7fa59 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -46,19 +46,21 @@ in config = lib.mkIf cfg.enable { services.grafana = { enable = true; - domain = cfg.grafana-domain; - port = cfg.grafana-port; - addr = "127.0.0.1"; - rootUrl = "https://grafana.orbekk.com/"; - smtp = lib.mkIf config.orbekk.postfix.enable { - enable = true; - host = "localhost:25"; - fromAddress = "root@orbekk.com"; + settings = { + smtp = lib.mkIf config.orbekk.postfix.enable { + enable = true; + host = "localhost:25"; + fromAddress = "root@orbekk.com"; + }; + server.root_url = "https://grafana.orbekk.com/"; + server.domain = cfg.grafana-domain; + server.http_port = cfg.grafana-port; + server.http_addr = "127.0.0.1"; }; provision = { enable = true; - datasources = [ + datasources.settings.datasources = [ { name = "Prometheus"; type = "prometheus"; diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index e38401b..1f6bde3 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -12,8 +12,9 @@ in config = lib.mkIf cfg.enable { services.nextcloud = { enable = true; - package = pkgs.nextcloud24; + package = pkgs.nextcloud25; hostName = "nextcloud.orbekk.com"; + enableBrokenCiphersForSSE = false; config = { dbtype = "pgsql"; dbuser = "nextcloud"; diff --git a/modules/thinkpad.nix b/modules/thinkpad.nix index 69f11a4..7535a9a 100644 --- a/modules/thinkpad.nix +++ b/modules/thinkpad.nix @@ -11,12 +11,6 @@ in config = lib.mkIf cfg.enable { services = { - tlp = { - enable = true; - settings = { - "SATA_LINKPWR_ON_BAT" = "max_performance"; - }; - }; xserver.xkbModel = "thinkpad60"; }; |