chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

openssh & piped fixes

Browse source
This commit is contained in:
Chaos 2023-02-09 15:22:55 +00:00
parent 788880739c
commit 55bef5d7d4
No known key found for this signature in database
6 changed files with 59 additions and 79 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
flake.lock
View file

@ -9,11 +9,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1672327199, "lastModified": 1674127017,
"narHash": "sha256-pFlngSHXKBhAmbaKZ4FYtu57LLunG+vWdL7a5vw1RvQ=", "narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "a5619f5660a00f58c2b7c16d89058e92327ac9b8", "rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -138,11 +138,11 @@
"utils": "utils_4" "utils": "utils_4"
}, },
"locked": { "locked": {
"lastModified": 1673343300, "lastModified": 1674556204,
"narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=", "narHash": "sha256-HCRmkZsq01h2Evch08zpgE9jeHdMtGdT1okWotyvuhY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e", "rev": "c59f0eac51da91c6989fd13a68e156f63c0e60b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -191,11 +191,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1673540789, "lastModified": 1674459583,
"narHash": "sha256-xqnxBOK3qctIeUVxecydrEDbEXjsvHCPGPbvsl63M/U=", "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0f213d0fee84280d8c3a97f7469b988d6fe5fcdf", "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -207,11 +207,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1673711115, "lastModified": 1674574136,
"narHash": "sha256-RY2xKMbs+GDbH3mszx5NsJ9HbVVSa9w6qUItE6UDcGQ=", "narHash": "sha256-1VZkgpWft6Ifs35aIAry1vHUGLzxUe5M2eBvHhYVByA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "39f8d3cbd719478c3505de5f31a7000404ee6c42", "rev": "b87197cac6c38db9e32d76c6f286fee98e2ba752",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -233,18 +233,34 @@
"tree-input": "tree-input" "tree-input": "tree-input"
} }
}, },
"std": {
"locked": {
"lastModified": 1671250799,
"narHash": "sha256-uPIakP98gOf6504NtrAb2/0O0BgRRXNShM0PTV8z+T0=",
"owner": "chessai",
"repo": "nix-std",
"rev": "b300fd6dfeae8cc331c7d8cde0e81b404d50d40c",
"type": "github"
},
"original": {
"owner": "chessai",
"repo": "nix-std",
"type": "github"
}
},
"tree-input": { "tree-input": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
] ],
"std": "std"
}, },
"locked": { "locked": {
"lastModified": 1670085069, "lastModified": 1674066361,
"narHash": "sha256-IO9HcAjncPp/0sUGcCUWVwa0XoBVFQKx+oY+8EBRcTc=", "narHash": "sha256-1f7L1be7u3x0jNDJ+W641kM9pZfd2ZLkjziRvKIZMvw=",
"owner": "kittywitch", "owner": "kittywitch",
"repo": "tree", "repo": "tree",
"rev": "501675588cb663a9bd18056002de697f4e91b667", "rev": "638ad6549febe360b0120375cae2bc3bb3b477f3",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/hetzner-vm/modules/piped/proxy.nix
View file

@ -33,7 +33,6 @@ in {
environment.BIND = "0.0.0.0:${toString cfg.internalProxyPort}"; environment.BIND = "0.0.0.0:${toString cfg.internalProxyPort}";
environment.IPV4_ONLY = mkIf cfg.proxyIPv4Only "1"; environment.IPV4_ONLY = mkIf cfg.proxyIPv4Only "1";
serviceConfig = { serviceConfig = {
WorkingDirectory = "/run/piped-proxy";
ExecStart = "${pkgs.piped-proxy}/bin/piped-proxy"; ExecStart = "${pkgs.piped-proxy}/bin/piped-proxy";
RestartSec = "5s"; RestartSec = "5s";

51
hosts/tablet/tablet.nix
View file

@ -1,4 +1,8 @@
{tree, pkgs, ...}: { {
tree,
pkgs,
...
}: {
imports = with tree; [ imports = with tree; [
users.root users.root
users.chaos users.chaos
@ -19,8 +23,7 @@
./profiles/misskey-dev.nix ./profiles/misskey-dev.nix
]; ];
services.teamviewer.enable = true; environment.systemPackages = with pkgs; [teamviewer];
environment.systemPackages = with pkgs; [ teamviewer ];
home-manager.users.root = { home-manager.users.root = {
imports = with tree; [home.base]; imports = with tree; [home.base];
@ -45,14 +48,11 @@
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "buildbox.servers.genderfucked.monster"; hostName = "hetzner-vm.servers.genderfucked.monster";
system = "x86_64-linux"; system = "x86_64-linux";
# if the builder supports building for multiple architectures,
# replace the previous line by, e.g.,
# systems = ["x86_64-linux" "aarch64-linux"];
sshUser = "root"; sshUser = "root";
sshKey = "/usb/ssh-keys/chaos.priv"; sshKey = "/usb/ssh-keys/chaos.priv";
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpXZGI5SVl3dFBSRm9rK2JTWUpmSnlRTlJSSithVEtIT3VOTkNLY2FMUHggcm9vdEBuaXhvcwo="; publicHostKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMIt2ABqwHhMjz9r6atv4XuX58xEWeStkmXUwvMVGv4w";
maxJobs = 16; maxJobs = 16;
speedFactor = 4; speedFactor = 4;
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
@ -62,41 +62,6 @@
nix.distributedBuilds = true; # true; nix.distributedBuilds = true; # true;
nix.extraOptions = "builders-use-substitutes = true"; nix.extraOptions = "builders-use-substitutes = true";
#services.telegraf = {
# enable = true;
# extraConfig = {
# inputs.mem = { };
# inputs.systemd_units = { pattern = ""; };
# outputs.websocket = {
# url = "ws://127.0.0.1:9002/test";
# use_text_frames = true;
# data_format = "json";
# };
# outputs.file = {
# files = [ "/tmp/telegraf-output" ];
# data_format = "json";
# flush_interval = "1s";
# flush_jitter = "1s";
# metric_batch_size = 10;
# };
# };
#};
#services.datadog-agent = {
# enable = true;
# apiKeyFile = "/tmp/key";
# site = "datadoghq.eu";
# checks = {
# systemd = {
# init_config = null;
# instances = [{ unit_names = [ "postgresql.service" "none.service" ]; }];
# };
# };
#};
#systemd.services.datadog-agent.environment = {
# ASSUME_NO_MOVING_GC_UNSAFE_RISK_IT_WITH = "go1.19";
#};
networking.hostName = "tablet"; networking.hostName = "tablet";
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";

16
overlay/piped/frontend/yarn.nix
View file

@ -946,11 +946,11 @@
}; };
} }
{ {
name = "_iconify_json___json_2.2.6.tgz"; name = "_iconify_json___json_2.2.11.tgz";
path = fetchurl { path = fetchurl {
name = "_iconify_json___json_2.2.6.tgz"; name = "_iconify_json___json_2.2.11.tgz";
url = "https://registry.yarnpkg.com/@iconify/json/-/json-2.2.6.tgz"; url = "https://registry.yarnpkg.com/@iconify/json/-/json-2.2.11.tgz";
sha512 = "fRP5PwXvX0PAGne1/xHvd6zVYiHq9dQzdvhhxamwJuNjoIVRWNNP5y465NkxybzEX94kn2JnoULkA9kbZkXoqA=="; sha512 = "LlFrpRAOFq4zW7tbw3GZPB3GRjtwpXQJIb7bHyFjAQb43FdkOWM01A5tB1WpXDYBq1C4FMIbGusCbrSHlX9jHQ==";
}; };
} }
{ {
@ -2346,11 +2346,11 @@
}; };
} }
{ {
name = "eslint___eslint_8.31.0.tgz"; name = "eslint___eslint_8.32.0.tgz";
path = fetchurl { path = fetchurl {
name = "eslint___eslint_8.31.0.tgz"; name = "eslint___eslint_8.32.0.tgz";
url = "https://registry.yarnpkg.com/eslint/-/eslint-8.31.0.tgz"; url = "https://registry.yarnpkg.com/eslint/-/eslint-8.32.0.tgz";
sha512 = "0tQQEVdmPZ1UtUKXjX7EMm9BlgJ08G90IhWh0PKDCb3ZLsgAOHI8fYSIzYVZej92zsgq+ft0FGsxhJ3xo2tbuA=="; sha512 = "nETVXpnthqKPFyuY2FNjz/bEd6nbosRgKbkgS/y1C7LJop96gYHWpiguLecMHQ2XCPxn77DS0P+68WzG6vkZSQ==";
}; };
} }
{ {

8
overlay/piped/meta.json
View file

@ -1,14 +1,14 @@
{ {
"frontend": { "frontend": {
"rev": "2436b735c8efb598b537f4be16f863937c1c9276", "rev": "1a759d4d59f87e9cd69d74a90b8d4ecea8cb38f0",
"sha256": "sha256-xZ3Kp0YW/z+ndq3Nl76OmxfKANdq7WVo9C7lSHThiUo=" "sha256": "sha256-VtBfBIc7TOAUh0axPgxprdyh9g+TU75fNSnb1rM5Yw4="
}, },
"backend": { "backend": {
"rev": "939b0bbaa8f9a3529e1ebaedfdf0b9e7546fdeff", "rev": "939b0bbaa8f9a3529e1ebaedfdf0b9e7546fdeff",
"sha256": "sha256-hd2inw0WpdDeJATLLQNlp9/PXkrSRXjBh5RgKo1UIGc=" "sha256": "sha256-hd2inw0WpdDeJATLLQNlp9/PXkrSRXjBh5RgKo1UIGc="
}, },
"proxy": { "proxy": {
"rev": "7419f8a453cb6cb3836c25925b68288f343a8301", "rev": "5260c00b2ff70897dbebdfba90053d51c84b4c4f",
"sha256": "sha256-wJJ/lQQLA8roK+S7jBYnUVHbXdQf1GlS3CDKDp0LrP8=" "sha256": "sha256-kq2131zj3J3dnamiaeP+nySmQOCqHBI8hq4lkW/7sW4="
} }
} }

14
profiles/sshd/sshd.nix
View file

@ -1,13 +1,13 @@
{lib, ...}: { {lib, ...}: {
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false; settings = {
kbdInteractiveAuthentication = lib.mkDefault false; PermitRootLogin = "prohibit-password";
permitRootLogin = "prohibit-password"; PasswordAuthentication = false;
KbdInteractiveAuthentication = lib.mkDefault false;
StreamLocalBindUnlink = true;
LogLevel = "VERBOSE";
};
kexAlgorithms = ["curve25519-sha256@libssh.org"]; kexAlgorithms = ["curve25519-sha256@libssh.org"];
extraConfig = ''
StreamLocalBindUnlink yes
LogLevel VERBOSE
'';
}; };
} }