tidying
This commit is contained in:
parent
13afaf15a4
commit
85e38766ce
|
|
@ -21,7 +21,6 @@
|
|||
nixos-wsl.inputs.flake-utils.follows = "flake-utils";
|
||||
nixos-wsl.inputs.flake-compat.follows = "flake-compat";
|
||||
|
||||
|
||||
tree-input.url = "github:kittywitch/tree";
|
||||
tree-input.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,36 +1,21 @@
|
|||
{
|
||||
self,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
{lib, ...}: let
|
||||
inherit (lib.modules) mkMerge;
|
||||
inherit (lib.lists) forEach;
|
||||
inherit (builtins) attrNames;
|
||||
|
||||
containerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix";
|
||||
in {
|
||||
programs.ssh.enable = true;
|
||||
programs.ssh.matchBlocks =
|
||||
mkMerge
|
||||
((forEach ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"] (hostname: {
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
matchBlocks = mkMerge [
|
||||
(mkMerge (map (hostname: {
|
||||
"${hostname}" = {
|
||||
user = "root";
|
||||
hostname = "${hostname}.servers.genderfucked.monster";
|
||||
};
|
||||
}))
|
||||
++ (forEach (attrNames containerAddresses.containers) (name: {
|
||||
"hetzner-arm-container-${name}" = {
|
||||
user = "root";
|
||||
hostname = "${containerAddresses.containers.${name}}";
|
||||
proxyJump = "hetzner-arm";
|
||||
}) ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"]))
|
||||
{
|
||||
"blahaj" = {
|
||||
user = "chaos";
|
||||
hostname = "blahaj.sapphicco.de";
|
||||
};
|
||||
}))
|
||||
++ [
|
||||
{
|
||||
"blahaj" = {
|
||||
user = "chaos";
|
||||
hostname = "blahaj.sapphicco.de";
|
||||
};
|
||||
}
|
||||
]);
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,9 +31,6 @@ in {
|
|||
[
|
||||
presets.nixos.containerBase
|
||||
./secrets.nix
|
||||
|
||||
#./profiles/postgres.nix
|
||||
#./profiles/restic.nix
|
||||
]
|
||||
++ (with hosts.hetzner-arm.containers.caldav.profiles; [
|
||||
radicale
|
||||
|
|
|
|||
|
|
@ -35,8 +35,6 @@ in {
|
|||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
profiles.sshd
|
||||
profiles.firewallAllow.ssh
|
||||
|
||||
./secrets.nix
|
||||
]
|
||||
|
|
|
|||
|
|
@ -54,12 +54,11 @@ in {
|
|||
[
|
||||
presets.nixos.containerBase
|
||||
|
||||
profiles.nginx
|
||||
|
||||
./secrets.nix
|
||||
]
|
||||
++ (with hosts.hetzner-arm.containers.mail; [
|
||||
modules.mailserver
|
||||
|
||||
profiles.mailserver
|
||||
profiles.restic
|
||||
]);
|
||||
|
|
|
|||
|
|
@ -43,8 +43,6 @@ in {
|
|||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
profiles.sshd
|
||||
profiles.firewallAllow.ssh
|
||||
|
||||
profiles.nginx
|
||||
profiles.firewallAllow.httpCommon
|
||||
|
|
@ -89,7 +87,8 @@ in {
|
|||
in {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = mkMerge ([
|
||||
locations =
|
||||
mkMerge [
|
||||
{
|
||||
"/mpd/flac" = {
|
||||
proxyPass = "http://${containerIP}:${toString ports.mpd-flac}";
|
||||
|
|
@ -97,7 +96,7 @@ in {
|
|||
};
|
||||
}
|
||||
]
|
||||
++ (forEach ["low" "medium" "high"] (quality: {
|
||||
++ (mkMerge (forEach ["low" "medium" "high"] (quality: {
|
||||
"/mpd/opus-${quality}" = {
|
||||
proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}";
|
||||
inherit extraConfig;
|
||||
|
|
|
|||
|
|
@ -27,13 +27,15 @@ in {
|
|||
config = {...}: {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
|
||||
imports = with tree; [
|
||||
presets.nixos.containerBase
|
||||
./secrets.nix
|
||||
|
||||
./profiles/postgres.nix
|
||||
./profiles/restic.nix
|
||||
];
|
||||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
./secrets.nix
|
||||
]
|
||||
++ (with hosts.hetzner-arm.containers.postgresql.profiles; [
|
||||
postgres
|
||||
restic
|
||||
]);
|
||||
|
||||
networking.firewall.allowedTCPPorts = [5432];
|
||||
|
||||
|
|
|
|||
|
|
@ -30,8 +30,6 @@ in {
|
|||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
profiles.sshd
|
||||
profiles.firewallAllow.ssh
|
||||
|
||||
./secrets.nix
|
||||
]
|
||||
|
|
|
|||
|
|
@ -30,9 +30,6 @@ in {
|
|||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
profiles.sshd
|
||||
profiles.firewallAllow.ssh
|
||||
|
||||
./secrets.nix
|
||||
]
|
||||
++ (with hosts.hetzner-arm.containers.social.profiles; [
|
||||
|
|
|
|||
|
|
@ -37,10 +37,6 @@ in {
|
|||
imports = with tree;
|
||||
[
|
||||
presets.nixos.containerBase
|
||||
|
||||
profiles.sshd
|
||||
profiles.firewallAllow.ssh
|
||||
|
||||
./secrets.nix
|
||||
]
|
||||
++ (with hosts.hetzner-arm.containers.storage.profiles; [
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
{ tree, ... }: {
|
||||
imports = with tree;[
|
||||
{tree, ...}: {
|
||||
imports = with tree; [
|
||||
users.root
|
||||
users.chaos
|
||||
profiles.sshd
|
||||
|
|
|
|||
|
|
@ -1,8 +1,12 @@
|
|||
{ config, pkgs, lib, ... }: let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (lib.modules) mkIf;
|
||||
cfg = config.wsl;
|
||||
in
|
||||
{
|
||||
in {
|
||||
config = mkIf cfg.enable {
|
||||
system.build.tarballBuilderExt = pkgs.writeShellApplication {
|
||||
name = "nixos-wsl-tarball-builder-ext";
|
||||
|
|
|
|||
|
|
@ -17,7 +17,9 @@
|
|||
"tablet"
|
||||
]
|
||||
then usbSSHKeyFile
|
||||
else if builtins.elem currentHostname ["wsl"] then normalSSHKeyFile else throw "host isn't configured for remote-builders";
|
||||
else if builtins.elem currentHostname ["wsl"]
|
||||
then normalSSHKeyFile
|
||||
else throw "host isn't configured for remote-builders";
|
||||
|
||||
builderDefaults = {
|
||||
sshUser = "root";
|
||||
|
|
|
|||
Loading…
Reference in a new issue