chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity

updates, fix storage ports (again), fix postgres backups, fingerprint broke, only set nixpkgs when not in container

Browse source
This commit is contained in:
chaos 2023-10-16 20:02:47 +01:00
parent 85e38766ce
commit a8f98a5e08
No known key found for this signature in database
8 changed files with 88 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
flake.lock
View file

@ -3,11 +3,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -67,11 +67,11 @@
]
},
"locked": {
"lastModified": 1695738267,
"narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
"lastModified": 1697410455,
"narHash": "sha256-jCs/ffIP3tUPN7HWWuae4BB8+haAw2NI02z5BQvWMGM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
"rev": "78125bc681d12364cb65524eaa887354134053d0",
"type": "github"
},
"original": {
@ -119,11 +119,11 @@
]
},
"locked": {
"lastModified": 1696883888,
"narHash": "sha256-EdQMeJxDoi26YDtkNf20mNBeCj7Y5eKg+rrxkiB86z0=",
"lastModified": 1697459493,
"narHash": "sha256-HH8ePJIVAsiDHIdS4qnKQ9o4X0KTVGA9cfHBplKqpfs=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "5da7c4fd0ab9693d83cae50de7d9430696f92568",
"rev": "b63b328577f1cb5839f8ecc4fd05040335d4a55a",
"type": "github"
},
"original": {
@ -134,11 +134,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1695644571,
"narHash": "sha256-asS9dCCdlt1lPq0DLwkVBbVoEKuEuz+Zi3DG7pR/RxA=",
"lastModified": 1697059129,
"narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6500b4580c2a1f3d0f980d32d285739d8e156d92",
"rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593",
"type": "github"
},
"original": {
@ -150,11 +150,11 @@
},
"nur": {
"locked": {
"lastModified": 1695844033,
"narHash": "sha256-UX5sbK9dc/bOupgDGWer75zBjoh7eWIheyGGCjD7FIg=",
"lastModified": 1697470606,
"narHash": "sha256-TP3UN5RktQpqDVj5mA6rb1Nu4vGTnctWkbe5sef4LEw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "f08568d903901b7ac1017572b9af9855e935155a",
"rev": "cc83a858d3dbf50a934a4f74fe5508ac2fa72bc5",
"type": "github"
},
"original": {
@ -176,11 +176,11 @@
]
},
"locked": {
"lastModified": 1696098855,
"narHash": "sha256-bRksfF76An44TGS703+6My+i2o4hooVPdX5qWn9aMfo=",
"lastModified": 1697479170,
"narHash": "sha256-TF5LZDLY/WMDcQ/kexL3+fZ9lw9p9h16htloC1CcQLA=",
"ref": "refs/heads/main",
"rev": "17ca4470eef819d56f2c7fdd13c3952797fb4512",
"revCount": 21,
"rev": "d2344c2b4ae8216c286d762f367a49fe3fc8b306",
"revCount": 23,
"type": "git",
"url": "https://forgejo.owo.monster/chaos/piped-flake"
},

21
hosts/hetzner-arm/containers/music/default.nix
View file

@ -87,21 +87,20 @@ in {
in {
forceSSL = true;
enableACME = true;
locations =
mkMerge [
{
"/mpd/flac" = {
proxyPass = "http://${containerIP}:${toString ports.mpd-flac}";
inherit extraConfig;
};
}
]
++ (mkMerge (forEach ["low" "medium" "high"] (quality: {
locations = mkMerge [
{
"/mpd/flac" = {
proxyPass = "http://${containerIP}:${toString ports.mpd-flac}";
inherit extraConfig;
};
}
(mkMerge (forEach ["low" "medium" "high"] (quality: {
"/mpd/opus-${quality}" = {
proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}";
inherit extraConfig;
};
})));
})))
];
};
networking = {

6
hosts/hetzner-arm/containers/postgresql/profiles/restic.nix
View file

@ -7,9 +7,9 @@
backupPrepareCommand = "${
(pkgs.writeShellScriptBin "backupPrepareCommand" ''
systemctl start postgresqlBackup-piped --wait
systemctl start postgresqlBackup-gotosocial --wait
systemctl start postgresqlBackup-quassel --wait
systemctl start remotePostgreSQLBackup-piped --wait
systemctl start remotePostgreSQLBackup-gotosocial --wait
systemctl start remotePostgreSQLBackup-quassel --wait
'')
}/bin/backupPrepareCommand";
in {

38
hosts/hetzner-arm/containers/storage/data/ports.nix
View file

@ -1,20 +1,24 @@
{
rclone_serve_webdav_main = 4200;
rclone_serve_webdav_media = 4201;
rclone_serve_webdav_music_ro = 4202;
rclone_serve_webdav_public = 4202;
rclone_serve_webdav_uploads = 4202;
let
webdav = 4200;
restic = 4300;
http = 4400;
in {
webdav_main = webdav + 0;
webdav_media = webdav + 1;
webdav_music_ro = webdav + 2;
webdav_public = webdav + 3;
webdav_uploads = webdav + 4;
rclone_serve_restic_music = 4210;
rclone_serve_restic_vault = 4211;
rclone_serve_restic_social = 4212;
rclone_serve_restic_quassel = 4213;
rclone_serve_restic_postgresql = 4214;
rclone_serve_restic_mail = 4215;
rclone_serve_restic_forgejo = 4216;
rclone_serve_restic_caldav = 4217;
restic_music = restic + 0;
restic_vault = restic + 1;
restic_social = restic + 2;
restic_quassel = restic + 3;
restic_postgresql = restic + 4;
restic_mail = restic + 5;
restic_forgejo = restic + 6;
restic_caldav = restic + 7;
rclone_serve_http_music = 4220;
rclone_serve_http_public = 4221;
rclone_serve_http_uploads_public = 4221;
http_music = http + 0;
http_public = http + 1;
http_uploads_public = http + 2;
}

32
hosts/hetzner-arm/containers/storage/default.nix
View file

@ -62,11 +62,11 @@ in {
forceSSL = true;
enableACME = true;
locations = {
"/Main/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_main}";
"/Media/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_media}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_music_ro}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_webdav_uploads}";
"/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}";
"/Media/".proxyPass = "http://${containerIP}:${toString ports.webdav_media}";
"/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
@ -77,9 +77,9 @@ in {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_http_uploads_public}";
"/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}";
"/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}";
"/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};
@ -90,14 +90,14 @@ in {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}";
"/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}";
"/Social/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_social}";
"/Quassel/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_quassel}";
"/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_postgresql}";
"/Mail/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_mail}";
"/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_forgejo}";
"/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_caldav}";
"/Music/".proxyPass = "http://${containerIP}:${toString ports.restic_music}";
"/Vault/".proxyPass = "http://${containerIP}:${toString ports.restic_vault}";
"/Social/".proxyPass = "http://${containerIP}:${toString ports.restic_social}";
"/Quassel/".proxyPass = "http://${containerIP}:${toString ports.restic_quassel}";
"/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.restic_postgresql}";
"/Mail/".proxyPass = "http://${containerIP}:${toString ports.restic_mail}";
"/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.restic_forgejo}";
"/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.restic_caldav}";
};
extraConfig = ''
client_max_body_size ${clientMaxBodySize};

32
hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix
View file

@ -25,7 +25,7 @@ in {
remote = "StorageBox:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_main}"
"--addr=0.0.0.0:${toString ports.webdav_main}"
"--htpasswd=${secrets.webdav_main_htpasswd.path}"
"--baseurl=/Main/"
"--cache-dir=/caches/main_webdav_serve"
@ -37,7 +37,7 @@ in {
remote = "Media-Combine-Serve:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_media}"
"--addr=0.0.0.0:${toString ports.webdav_media}"
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
"--baseurl=/Media/"
"--cache-dir=/caches/media_webdav_serve"
@ -51,7 +51,7 @@ in {
remote = "StorageBox:Music";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_music_ro}"
"--addr=0.0.0.0:${toString ports.webdav_music_ro}"
"--read-only"
"--baseurl=/MusicRO/"
];
@ -61,7 +61,7 @@ in {
remote = "StorageBox:Public";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_public}"
"--addr=0.0.0.0:${toString ports.webdav_public}"
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
"--baseurl=/Public/"
];
@ -71,7 +71,7 @@ in {
remote = "StorageBox:Uploads";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_uploads}"
"--addr=0.0.0.0:${toString ports.webdav_uploads}"
"--htpasswd=${secrets.webdav_uploads_htpasswd.path}"
"--baseurl=/Uploads/"
];
@ -82,7 +82,7 @@ in {
remote = "StorageBox:Music";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_http_music}"
"--addr=0.0.0.0:${toString ports.http_music}"
"--baseurl=/Music/"
"--read-only"
];
@ -92,7 +92,7 @@ in {
remote = "StorageBox:Public";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_http_public}"
"--addr=0.0.0.0:${toString ports.http_public}"
"--baseurl=/Public/"
"--read-only"
];
@ -102,7 +102,7 @@ in {
remote = "StorageBox:Uploads/Public";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_http_uploads_public}"
"--addr=0.0.0.0:${toString ports.http_uploads_public}"
"--baseurl=/Uploads/"
"--read-only"
];
@ -112,7 +112,7 @@ in {
remote = "StorageBox:Backups/Restic/Music";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_music}"
"--addr=0.0.0.0:${toString ports.restic_music}"
"--htpasswd=${secrets.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
@ -122,7 +122,7 @@ in {
remote = "StorageBox:Backups/Restic/Vault";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_vault}"
"--addr=0.0.0.0:${toString ports.restic_vault}"
"--htpasswd=${secrets.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
@ -132,7 +132,7 @@ in {
remote = "StorageBox:Backups/Restic/Social";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_social}"
"--addr=0.0.0.0:${toString ports.restic_social}"
"--htpasswd=${secrets.restic_social_htpasswd.path}"
"--baseurl=/Social/"
];
@ -142,7 +142,7 @@ in {
remote = "StorageBox:Backups/Restic/Quassel";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_quassel}"
"--addr=0.0.0.0:${toString ports.restic_quassel}"
"--htpasswd=${secrets.restic_quassel_htpasswd.path}"
"--baseurl=/Quassel/"
];
@ -152,7 +152,7 @@ in {
remote = "StorageBox:Backups/Restic/PostgreSQL";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_postgresql}"
"--addr=0.0.0.0:${toString ports.restic_postgresql}"
"--htpasswd=${secrets.restic_postgresql_htpasswd.path}"
"--baseurl=/PostgreSQL/"
];
@ -162,7 +162,7 @@ in {
remote = "StorageBox:Backups/Restic/CalDAV";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_caldav}"
"--addr=0.0.0.0:${toString ports.restic_caldav}"
"--htpasswd=${secrets.restic_caldav_htpasswd.path}"
"--baseurl=/CalDAV/"
];
@ -172,7 +172,7 @@ in {
remote = "StorageBox:Backups/Restic/Mail";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_mail}"
"--addr=0.0.0.0:${toString ports.restic_mail}"
"--htpasswd=${secrets.restic_mail_htpasswd.path}"
"--baseurl=/Mail/"
];
@ -182,7 +182,7 @@ in {
remote = "StorageBox:Backups/Restic/Forgejo";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.rclone_serve_restic_forgejo}"
"--addr=0.0.0.0:${toString ports.restic_forgejo}"
"--htpasswd=${secrets.restic_forgejo_htpasswd.path}"
"--baseurl=/Forgejo/"
];

1
hosts/lappy-t495/lappy-t495.nix
View file

@ -11,7 +11,6 @@
profiles.cross.arm64
profiles.remoteBuilders
profiles.chaosInternalWireGuard
profiles.fingerprint
./profiles/raspberryExtDrive.nix

5
profiles/base/nix.nix
View file

@ -6,7 +6,8 @@
...
}: let
inherit (lib.strings) optionalString versionAtLeast;
inherit (lib.optional);
inherit (lib.lists) optional;
inherit (lib.modules) mkIf;
in {
nix = {
nixPath = ["nixpkgs=${inputs.nixpkgs}"];
@ -18,7 +19,7 @@ in {
settings.system-features = lib.optional (pkgs.system == "aarch64-linux") "native-arm64";
settings.trusted-users = ["root" "@wheel"];
};
nixpkgs = {
nixpkgs = mkIf (!config.boot.isContainer) {
config = {
allowUnfree = true;