From eb865ecae2aecd1d5256928fc2afe7a10135bfe1 Mon Sep 17 00:00:00 2001 From: Chaos Date: Sat, 29 Jul 2023 15:41:20 +0000 Subject: [PATCH] add gotosocial container, tidy up some files, disable tlp&powertop on laptops --- home/base/ssh.nix | 2 +- hosts/hetzner-vm/containers/matrix/matrix.nix | 211 ------------------ .../containers/matrix/profiles/matrix.nix | 14 -- .../containers/matrix/profiles/restic.nix | 17 -- hosts/hetzner-vm/containers/music/music.nix | 1 - .../containers/music/profiles/mpd.nix | 1 - .../containers/social/profiles/backups.nix | 79 +++++++ .../containers/social/profiles/gotosocial.nix | 30 +++ hosts/hetzner-vm/containers/social/social.nix | 96 ++++++++ .../containers/storage/data/ports.nix | 2 +- .../storage/profiles/rclone-serve.nix | 8 +- .../containers/storage/profiles/secrets.nix | 7 +- .../hetzner-vm/containers/storage/storage.nix | 2 +- hosts/hetzner-vm/hetzner-vm.nix | 2 +- hosts/hetzner-vm/profiles/restic.nix | 4 + hosts/hetzner-vm/secrets.nix | 13 +- hosts/lappy-t495/lappy-t495.nix | 6 +- hosts/tablet/tablet.nix | 6 +- overlay/conduit/default.nix | 45 ---- overlay/conduit/meta.json | 4 - overlay/conduit/update.sh | 26 --- overlay/default.nix | 2 - presets/nixos/server-encrypted-drive.nix | 1 - profiles/{laptop/default.nix => laptop.nix} | 2 - profiles/tlp.nix | 3 + treeConfig.nix | 2 +- 26 files changed, 233 insertions(+), 353 deletions(-) delete mode 100644 hosts/hetzner-vm/containers/matrix/matrix.nix delete mode 100644 hosts/hetzner-vm/containers/matrix/profiles/matrix.nix delete mode 100644 hosts/hetzner-vm/containers/matrix/profiles/restic.nix create mode 100644 hosts/hetzner-vm/containers/social/profiles/backups.nix create mode 100644 hosts/hetzner-vm/containers/social/profiles/gotosocial.nix create mode 100644 hosts/hetzner-vm/containers/social/social.nix delete mode 100644 overlay/conduit/default.nix delete mode 100644 overlay/conduit/meta.json delete mode 100755 overlay/conduit/update.sh rename profiles/{laptop/default.nix => laptop.nix} (73%) create mode 100644 profiles/tlp.nix diff --git a/home/base/ssh.nix b/home/base/ssh.nix index 0bf359f..e23d5f7 100644 --- a/home/base/ssh.nix +++ b/home/base/ssh.nix @@ -15,7 +15,7 @@ hostname = "192.168.100.11"; proxyJump = "hetzner-vm"; }; - "container-matrix" = { + "container-social" = { user = "root"; hostname = "192.168.100.12"; proxyJump = "hetzner-vm"; diff --git a/hosts/hetzner-vm/containers/matrix/matrix.nix b/hosts/hetzner-vm/containers/matrix/matrix.nix deleted file mode 100644 index 2bc4cd7..0000000 --- a/hosts/hetzner-vm/containers/matrix/matrix.nix +++ /dev/null @@ -1,211 +0,0 @@ -{ - tree, - lib, - inputs, - pkgs, - config, - ... -}: let - hostIP = "192.168.100.10"; - containerIP = "192.168.100.12"; - - # Using secrets from Host - secrets = config.services.secrets.secrets; -in { - containers.matrix = { - autoStart = true; - privateNetwork = true; - hostAddress = hostIP; - localAddress = containerIP; - bindMounts = { - "${secrets.matrix_restic_password.path}" = { - hostPath = "${secrets.matrix_restic_password.path}"; - }; - "${secrets.matrix_restic_env.path}" = { - hostPath = "${secrets.matrix_restic_env.path}"; - }; - }; - - config = { - config, - pkgs, - ... - }: { - _module.args = { - inherit inputs; - inherit tree; - host_secrets = secrets; - }; - - imports = with tree; - [ - profiles.base - inputs.home-manager-unstable.nixosModules.home-manager - - profiles.sshd - - modules.nixos.secrets - - users.root - ] - ++ (with hosts.hetzner-vm.containers.matrix; [ - profiles.matrix - profiles.restic - ]); - - # For Shared Secrets - systemd.tmpfiles.rules = [ - "d ${config.services.secrets.secretsDir} - root root" - ]; - - networking.firewall = { - enable = true; - allowedTCPPorts = [22 6167]; - }; - - home-manager.users.root = { - imports = with tree; [home.base home.dev.small]; - home.packages = with pkgs; [vault]; - home.stateVersion = "22.05"; - }; - - # Manually configure nameserver. Using resolved inside the container seems to fail - # currently - environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; - system.stateVersion = "22.05"; - }; - }; - - services.nginx = { - virtualHosts = { - "matrix.owo.monster" = { - forceSSL = true; - enableACME = true; - - listen = [ - { - addr = "0.0.0.0"; - port = 80; - ssl = false; - } - { - addr = "0.0.0.0"; - port = 443; - ssl = true; - } - { - addr = "0.0.0.0"; - port = 8448; - ssl = true; - } - ]; - - extraConfig = '' - merge_slashes off; - ''; - - locations."/" = { - root = pkgs.element-web; - }; - - locations."=/config.matrix.owo.monster.json" = { - alias = let - config = { - default_server_config = { - "m.homeserver" = { - "base_url" = "https://matrix.owo.monster"; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; - brand = "Element"; - bug_report_endpoint_url = ""; - default_country_code = "GB"; - default_federate = true; - default_theme = "dark"; - disable_3pid_login = false; - disable_custom_urls = false; - disable_guests = false; - disable_login_language_selector = false; - jitsi.preferred_domain = ""; - element_call = { - brand = "Element Call"; - participant_limit = 8; - url = ""; - }; - enable_presence_by_hs_url = { - "https://matrix-client.matrix.org" = false; - "https://matrix.org" = false; - }; - features = {}; - integrations_rest_url = "https://scalar.vector.im/api"; - integrations_ui_url = "https://scalar.vector.im/"; - integrations_widgets_urls = ["https://scalar.vector.im/_matrix/integrations/v1" "https://scalar.vector.im/api" "https://scalar-staging.vector.im/_matrix/integrations/v1" "https://scalar-staging.vector.im/api" "https://scalar-staging.riot.im/scalar/api"]; - map_style_url = "https://api.maptiler.com/maps/streets/style.json?key=fU3vlMsMn4Jb6dnEIFsx"; - room_directory = {servers = ["matrix.org"];}; - setting_defaults = {breadcrumbs = true;}; - show_labs_settings = false; - uisi_autorageshake_app = "element-auto-uisi"; - }; - in - pkgs.writeText "config.matrix.owo.monster.json" (builtins.toJSON config); - extraConfig = '' - default_type application/json; - ''; - }; - - locations."/_matrix/" = { - proxyPass = "http://backend_conduit$request_uri"; - proxyWebsockets = true; - extraConfig = '' - proxy_set_header Host $host; - proxy_buffering off; - ''; - }; - - locations."=/.well-known/matrix/server" = { - alias = let - config = { - "m.server" = "matrix.owo.monster"; - }; - in - pkgs.writeText "well-known-matrix-server" (builtins.toJSON config); - - extraConfig = '' - default_type application/json; - ''; - }; - - locations."=/.well-known/matrix/client" = { - alias = let - config = { - "m.homeserver" = { - "base_url" = "https://matrix.owo.monster"; - }; - "m.identity_server" = { - "base_url" = "https://vector.im"; - }; - }; - in - pkgs.writeText "well-known-matrix-client" (builtins.toJSON config); - - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin "*"; - ''; - }; - }; - }; - - upstreams = { - "backend_conduit" = { - servers = { - "${containerIP}:${toString 6167}" = {}; - }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [80 443 8448]; - networking.firewall.allowedUDPPorts = [80 443 8448]; -} diff --git a/hosts/hetzner-vm/containers/matrix/profiles/matrix.nix b/hosts/hetzner-vm/containers/matrix/profiles/matrix.nix deleted file mode 100644 index 9923b87..0000000 --- a/hosts/hetzner-vm/containers/matrix/profiles/matrix.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - inputs, - pkgs, - ... -}: { - services.matrix-conduit = { - enable = true; - settings.global = { - address = "0.0.0.0"; - allow_registration = true; - server_name = "matrix.owo.monster"; - }; - }; -} diff --git a/hosts/hetzner-vm/containers/matrix/profiles/restic.nix b/hosts/hetzner-vm/containers/matrix/profiles/restic.nix deleted file mode 100644 index a8af7f7..0000000 --- a/hosts/hetzner-vm/containers/matrix/profiles/restic.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - pkgs, - config, - host_secrets, - ... -}: let - secrets = host_secrets; -in { - environment.systemPackages = [ - (pkgs.writeShellScriptBin "restic-matrix" '' - env \ - RESTIC_PASSWORD_FILE=${secrets.matrix_restic_password.path} \ - $(cat ${secrets.matrix_restic_env.path}) \ - ${pkgs.restic}/bin/restic $@ - '') - ]; -} diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix index d41e853..b59b6ee 100644 --- a/hosts/hetzner-vm/containers/music/music.nix +++ b/hosts/hetzner-vm/containers/music/music.nix @@ -2,7 +2,6 @@ tree, lib, inputs, - pkgs, config, ... }: let diff --git a/hosts/hetzner-vm/containers/music/profiles/mpd.nix b/hosts/hetzner-vm/containers/music/profiles/mpd.nix index 12f828e..f00ef7f 100644 --- a/hosts/hetzner-vm/containers/music/profiles/mpd.nix +++ b/hosts/hetzner-vm/containers/music/profiles/mpd.nix @@ -1,5 +1,4 @@ { - config, lib, pkgs, host_secrets, diff --git a/hosts/hetzner-vm/containers/social/profiles/backups.nix b/hosts/hetzner-vm/containers/social/profiles/backups.nix new file mode 100644 index 0000000..8f75c00 --- /dev/null +++ b/hosts/hetzner-vm/containers/social/profiles/backups.nix @@ -0,0 +1,79 @@ +{ + pkgs, + config, + lib, + host_secrets, + ... +}: let + secrets = host_secrets; + + # Because gotosocial-admin isn't a seporate package we need to generate a seperate config + # and duplicate the wrapper for use in a systemd unit + goToSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings; + goToSocialAdmin = "${(pkgs.writeShellScriptBin "goToSocialAdmin" '' + exec systemd-run \ + -u gotosocial-admin.service \ + -p Group=gotosocial \ + -p User=gotosocial \ + -q -t -G --wait --service-type=exec \ + ${pkgs.gotosocial}/bin/gotosocial --config-path ${goToSocialConfigFile} admin "$@" + '')}/bin/goToSocialAdmin"; + + backupPrepareCommand = "${ + (pkgs.writeShellScriptBin "backupPrepareCommand" '' + systemctl start ${ + lib.concatStringsSep " " + (lib.forEach config.services.postgresqlBackup.databases + (db: "postgresqlBackup-${db}")) + } --wait + + ${goToSocialAdmin} export --path /var/lib/gotosocial/gts-export.json + '') + }/bin/backupPrepareCommand"; + + backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' + rm /var/lib/gotosocial/gts-export.json + '')}/bin/backupCleanupCommand"; +in { + environment.systemPackages = [ + (pkgs.writeShellScriptBin "restic-social" '' + env \ + RESTIC_PASSWORD_FILE=${secrets.social_restic_password.path} \ + $(cat ${secrets.social_restic_env.path}) \ + ${pkgs.restic}/bin/restic $@ + '') + ]; + + services.restic.backups.social = { + user = "root"; + paths = [ + "/var/backup/postgresql" + "/var/lib/gotosocial" + ]; + + # repository is overrided in environmentFile to contain auth + # make sure to keep up to date when changing repository + repository = "rest:https://storage-restic.owo.monster/Social"; + passwordFile = "${secrets.social_restic_password.path}"; + environmentFile = "${secrets.social_restic_env.path}"; + + pruneOpts = [ + "--keep-last 10" + ]; + + timerConfig = { + OnBootSec = "1m"; + OnCalendar = "daily"; + }; + + inherit backupPrepareCommand; + inherit backupCleanupCommand; + }; + + services.postgresqlBackup = { + enable = true; + backupAll = false; + databases = ["gotosocial"]; + compression = "zstd"; + }; +} diff --git a/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix b/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix new file mode 100644 index 0000000..62e29e2 --- /dev/null +++ b/hosts/hetzner-vm/containers/social/profiles/gotosocial.nix @@ -0,0 +1,30 @@ +{...}: { + services.gotosocial = { + enable = true; + setupPostgresqlDB = true; + settings = { + application-name = "Chaos"; + host = "gts-01.owo.monster"; + bind-address = "0.0.0.0"; + + log-level = "info"; + log-client-ip = false; + + port = 8080; + letsencrypt-enabled = false; + + accounts-registration-open = false; + + media-image-max-size = 1000000 * 64; # MB + media-video-max-size = 1000000 * 1024; # MB + media-description-max-chars = 4000; + media-remote-cache-days = 3; + media-emoji-local-max-size = 102400; + media-emoji-remote-max-size = 102400; + + statuses-cw-max-chars = 150; + statuses-poll-max-options = 10; + statuses-media-max-files = 8; + }; + }; +} diff --git a/hosts/hetzner-vm/containers/social/social.nix b/hosts/hetzner-vm/containers/social/social.nix new file mode 100644 index 0000000..40f2f96 --- /dev/null +++ b/hosts/hetzner-vm/containers/social/social.nix @@ -0,0 +1,96 @@ +{ + tree, + inputs, + config, + ... +}: let + hostIP = "192.168.100.10"; + containerIP = "192.168.100.12"; + + # Using secrets from Host + secrets = config.services.secrets.secrets; +in { + containers.social = { + autoStart = true; + privateNetwork = true; + hostAddress = hostIP; + localAddress = containerIP; + bindMounts = { + "${secrets.social_restic_password.path}" = { + hostPath = "${secrets.social_restic_password.path}"; + }; + "${secrets.social_restic_env.path}" = { + hostPath = "${secrets.social_restic_env.path}"; + }; + }; + + config = { + config, + pkgs, + ... + }: { + _module.args = { + inherit inputs; + inherit tree; + host_secrets = secrets; + }; + + imports = with tree; + [ + profiles.base + inputs.home-manager-unstable.nixosModules.home-manager + + profiles.sshd + + modules.nixos.secrets + + users.root + ] + ++ (with hosts.hetzner-vm.containers.social; [ + profiles.gotosocial + profiles.backups + ]); + + environment.systemPackages = with pkgs; [ + rclone + restic + ]; + + # For Shared Secrets + systemd.tmpfiles.rules = [ + "d ${config.services.secrets.secretsDir} - root root" + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [22 8080]; + }; + + home-manager.users.root = { + imports = with tree; [home.base home.dev.small]; + home.packages = with pkgs; [vault]; + home.stateVersion = "22.05"; + }; + + # Manually configure nameserver. Using resolved inside the container seems to fail + # currently + environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; + system.stateVersion = "22.05"; + }; + }; + + services.nginx.virtualHosts."gts-01.owo.monster" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${containerIP}:8080"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + ''; + }; + extraConfig = '' + client_max_body_size 128M; + ''; + }; +} diff --git a/hosts/hetzner-vm/containers/storage/data/ports.nix b/hosts/hetzner-vm/containers/storage/data/ports.nix index 508aa40..1afcada 100644 --- a/hosts/hetzner-vm/containers/storage/data/ports.nix +++ b/hosts/hetzner-vm/containers/storage/data/ports.nix @@ -7,7 +7,7 @@ rclone_serve_restic_hvm = 4210; rclone_serve_restic_music = 4211; rclone_serve_restic_vault = 4212; - rclone_serve_restic_matrix = 4213; + rclone_serve_restic_social = 4213; rclone_serve_http_music = 4220; rclone_serve_http_public = 4221; diff --git a/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix b/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix index 1a5cf1f..fb942c2 100644 --- a/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix +++ b/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix @@ -128,12 +128,12 @@ in { } { user = "storage"; - remote = "StorageBox:Backups/Restic/Matrix"; + remote = "StorageBox:Backups/Restic/Social"; type = "restic"; extraArgs = [ - "--addr=0.0.0.0:${toString ports.rclone_serve_restic_matrix}" - "--htpasswd=${secrets.restic_matrix_htpasswd.path}" - "--baseurl=/Matrix/" + "--addr=0.0.0.0:${toString ports.rclone_serve_restic_social}" + "--htpasswd=${secrets.restic_social_htpasswd.path}" + "--baseurl=/Social/" ]; inherit serviceConfig; } diff --git a/hosts/hetzner-vm/containers/storage/profiles/secrets.nix b/hosts/hetzner-vm/containers/storage/profiles/secrets.nix index 5ad35d8..532e949 100644 --- a/hosts/hetzner-vm/containers/storage/profiles/secrets.nix +++ b/hosts/hetzner-vm/containers/storage/profiles/secrets.nix @@ -71,12 +71,12 @@ htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null ''; }; - restic_matrix_htpasswd = { + restic_social_htpasswd = { user = "storage"; group = "storage"; fetchScript = '' - username=$(simple_get "/api-keys/storage/restic/Matrix" .username) - password=$(simple_get "/api-keys/storage/restic/Matrix" .password) + username=$(simple_get "/api-keys/storage/restic/Social" .username) + password=$(simple_get "/api-keys/storage/restic/Social" .password) htpasswd -bc "$secretFile" "$username" "$password" 2>/dev/null ''; }; @@ -108,7 +108,6 @@ htpasswd -bc "$secretFile" "$username" "$password" 2>&1 ''; }; - rclone_config = { user = "storage"; group = "storage"; diff --git a/hosts/hetzner-vm/containers/storage/storage.nix b/hosts/hetzner-vm/containers/storage/storage.nix index cc8646b..c622eef 100644 --- a/hosts/hetzner-vm/containers/storage/storage.nix +++ b/hosts/hetzner-vm/containers/storage/storage.nix @@ -97,7 +97,7 @@ in { "/HetznerVM/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_hvm}"; "/Music/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_music}"; "/Vault/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_vault}"; - "/Matrix/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_matrix}"; + "/Social/".proxyPass = "http://${containerIP}:${toString ports.rclone_serve_restic_social}"; }; }; } diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index b0d2d47..5d2fff5 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -11,7 +11,7 @@ profiles.nix-gc ./containers/storage/storage.nix - ./containers/matrix/matrix.nix + ./containers/social/social.nix ./containers/music/music.nix hosts.hetzner-vm.profiles.restic diff --git a/hosts/hetzner-vm/profiles/restic.nix b/hosts/hetzner-vm/profiles/restic.nix index c8d0e84..5a08ff2 100644 --- a/hosts/hetzner-vm/profiles/restic.nix +++ b/hosts/hetzner-vm/profiles/restic.nix @@ -51,6 +51,10 @@ in { passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; + pruneOpts = [ + "--keep-last 20" + ]; + timerConfig = { OnBootSec = "1m"; OnCalendar = "daily"; diff --git a/hosts/hetzner-vm/secrets.nix b/hosts/hetzner-vm/secrets.nix index 7ff4d9d..0661959 100644 --- a/hosts/hetzner-vm/secrets.nix +++ b/hosts/hetzner-vm/secrets.nix @@ -111,16 +111,17 @@ ''; }; - matrix_restic_password = { + social_restic_password = { fetchScript = '' - simple_get "/private-public-keys/restic/Matrix" .password > $secretFile + simple_get "/private-public-keys/restic/Social" .password > $secretFile ''; }; - matrix_restic_env = { + social_restic_env = { fetchScript = '' - RESTIC_USERNAME=$(simple_get "/api-keys/storage/restic/Matrix" .username) - RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Matrix" .password) - echo "RESTIC_REPOSITORY=rest:https://$RESTIC_USERNAME:$RESTIC_PASSWORD@storage-restic.owo.monster/Matrix" > $secretFile ''; + RESTIC_USERNAME=$(simple_get "/api-keys/storage/restic/Social" .username) + RESTIC_PASSWORD=$(simple_get "/api-keys/storage/restic/Social" .password) + echo "RESTIC_REPOSITORY=rest:https://$RESTIC_USERNAME:$RESTIC_PASSWORD@storage-restic.owo.monster/Social" > $secretFile + ''; }; restic_password = { fetchScript = '' diff --git a/hosts/lappy-t495/lappy-t495.nix b/hosts/lappy-t495/lappy-t495.nix index 51aa20d..9a0548e 100644 --- a/hosts/lappy-t495/lappy-t495.nix +++ b/hosts/lappy-t495/lappy-t495.nix @@ -1,8 +1,4 @@ -{ - tree, - pkgs, - ... -}: { +{tree, ...}: { imports = with tree; [ users.root users.chaos diff --git a/hosts/tablet/tablet.nix b/hosts/tablet/tablet.nix index e9d62c3..3151f93 100644 --- a/hosts/tablet/tablet.nix +++ b/hosts/tablet/tablet.nix @@ -1,8 +1,4 @@ -{ - tree, - pkgs, - ... -}: { +{tree, ...}: { imports = with tree; [ users.root users.chaos diff --git a/overlay/conduit/default.nix b/overlay/conduit/default.nix deleted file mode 100644 index a076a96..0000000 --- a/overlay/conduit/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - stdenv, - lib, - fetchFromGitLab, - rustPlatform, - pkg-config, - rocksdb, -}: let - meta = builtins.fromJSON (builtins.readFile ./meta.json); - - rev = meta.rev; - sha256 = meta.sha256; -in - rustPlatform.buildRustPackage rec { - pname = "matrix-conduit"; - version = "latest-${rev}"; - - src = fetchFromGitLab { - owner = "famedly"; - repo = "conduit"; - rev = "${rev}"; - sha256 = "${sha256}"; - }; - - cargoSha256 = "sha256-E9f7yJR2GksUHjWE4EP+iBRlhn4JG/JUVw7/L+41Nfc="; - - nativeBuildInputs = [ - rustPlatform.bindgenHook - pkg-config - ]; - - buildInputs = [ - rocksdb - ]; - - cargoBuildFlags = ["--bin" "conduit"]; - - meta = with lib; { - broken = stdenv.isDarwin; - description = "A Matrix homeserver written in Rust"; - homepage = "https://conduit.rs/"; - license = licenses.asl20; - maintainers = with maintainers; [pstn piegames pimeys]; - }; - } diff --git a/overlay/conduit/meta.json b/overlay/conduit/meta.json deleted file mode 100644 index 6bfef12..0000000 --- a/overlay/conduit/meta.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "rev": "7b987411630056204b73e61165c8a99e20a78fec", - "sha256": "sha256-xcNa18r1V+SM0J0NGDrt2xr+nFgAhutiVvTljUSeStM=" -} diff --git a/overlay/conduit/update.sh b/overlay/conduit/update.sh deleted file mode 100755 index f02fd9c..0000000 --- a/overlay/conduit/update.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i bash -p curl jq git moreutils nix nix-prefetch -set -euo pipefail - -cd "$(dirname "${BASH_SOURCE[0]}")" - - -json_get() { - jq -r "$1" < 'meta.json' -} - -json_set() { - jq --arg x "$2" "$1 = \$x" < 'meta.json' | sponge 'meta.json' -} - -old_rev=$(json_get '.rev') -new_rev=$(curl -L "https://gitlab.com/api/v4/projects/famedly%2Fconduit/repository/commits" 2>/dev/null | jq ".[0].id" -r) - -if [ "$new_rev" = "$old_rev" ]; then - echo "conduit is up-to-date." - exit -fi - -json_set '.rev' "$new_rev" -new_sha256=$(nix-prefetch fetchFromGitLab --owner famedly --repo conduit --rev "$new_rev") -json_set '.sha256' "$new_sha256" diff --git a/overlay/default.nix b/overlay/default.nix index a0ece50..1220dda 100644 --- a/overlay/default.nix +++ b/overlay/default.nix @@ -9,6 +9,4 @@ final: _prev: { }; piped-frontend = final.callPackage ./piped/frontend {}; piped-proxy = final.callPackage ./piped/proxy {}; - # currently broken - #matrix-conduit = final.callPackage ./conduit {}; } diff --git a/presets/nixos/server-encrypted-drive.nix b/presets/nixos/server-encrypted-drive.nix index c37a5aa..dd9551a 100644 --- a/presets/nixos/server-encrypted-drive.nix +++ b/presets/nixos/server-encrypted-drive.nix @@ -1,6 +1,5 @@ { config, - pkgs, tree, ... }: { diff --git a/profiles/laptop/default.nix b/profiles/laptop.nix similarity index 73% rename from profiles/laptop/default.nix rename to profiles/laptop.nix index 3254c1c..caf6fd1 100644 --- a/profiles/laptop/default.nix +++ b/profiles/laptop.nix @@ -1,8 +1,6 @@ {config, ...}: { services.xserver.libinput.enable = true; - services.tlp.enable = true; powerManagement.enable = true; - powerManagement.powertop.enable = true; hardware.acpilight.enable = true; environment.systemPackages = [config.boot.kernelPackages.cpupower]; } diff --git a/profiles/tlp.nix b/profiles/tlp.nix new file mode 100644 index 0000000..d93d613 --- /dev/null +++ b/profiles/tlp.nix @@ -0,0 +1,3 @@ +{...}: { + services.tlp.enable = true; +} diff --git a/treeConfig.nix b/treeConfig.nix index 0449ab4..e96e85e 100644 --- a/treeConfig.nix +++ b/treeConfig.nix @@ -15,7 +15,7 @@ "hosts/hetzner-vm/modules/mailserver".functor.enable = true; "hosts/hetzner-vm/modules/piped".functor.enable = true; "hosts/hetzner-vm/containers/storage/profiles".functor.enable = true; - "hosts/hetzner-vm/containers/matrix/profiles".functor.enable = true; + "hosts/hetzner-vm/containers/social/profiles".functor.enable = true; # Profiles "profiles/*".functor.enable = true;