Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

flake: clean up modules

Browse source
This commit is contained in:
Infinidoge 2024-10-22 11:34:51 -04:00
parent 28f18c9a99
commit 8cd8b3a3f9
Signed by: Infinidoge
SSH key fingerprint: SHA256:oAMyvotlNFraMmZmr+p6AxnNfW/GioTs1pOn3V4tQ7A
64 changed files with 258 additions and 273 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/Infini-DESKTOP/filesystems.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";

2
hosts/Infini-DESKTOP/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" ];

2
hosts/Infini-DL360/factorio.nix
View file

@ -1,4 +1,4 @@
{ config, private, ... }:
{ private, ... }:
{
services.factorio = {

12
hosts/Infini-DL360/forgejo.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, common, ... }:
{ config, common, pkgs, ... }:
let
cfg = config.services.forgejo;
domain = config.common.subdomain "git";
domain = common.subdomain "git";
in
{
persist.directories = [ "/var/lib/private/gitea-runner/" ];
@ -25,10 +25,10 @@ in
settings = {
server = {
ROOT_URL = "https://${domain}/";
SSH_DOMAIN = config.common.domain;
SSH_DOMAIN = common.domain;
LANDING_PAGE = "explore";
};
mailer = with config.common.email; {
mailer = with common.email; {
ENABLED = true;
PROTOCOL = "smtps";
SMTP_ADDR = smtp.address;
@ -49,7 +49,7 @@ in
service = {
DISABLE_REGISTRATION = true;
OFFLINE_MODE = false;
NO_REPLY_ADDRESS = config.common.email.outgoing;
NO_REPLY_ADDRESS = common.email.outgoing;
};
indexer = {
REPO_INDEXER_ENABLED = true;
@ -96,7 +96,7 @@ in
};
};
services.nginx.virtualHosts.${domain} = config.common.nginx.ssl // {
services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
locations."/" = {
proxyPass = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}";
extraConfig = ''

4
hosts/Infini-DL360/freshrss.nix
View file

@ -1,10 +1,10 @@
{ config, ... }:
{ config, common, ... }:
let
domain = "freshrss.inx.moe";
in
{
services.nginx.virtualHosts.${domain} = config.common.nginx.ssl;
services.nginx.virtualHosts.${domain} = common.nginx.ssl;
services.freshrss = {
enable = true;

2
hosts/Infini-DL360/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports = [

16
hosts/Infini-DL360/hydra.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }:
{ config, common, ... }:
let
domain = config.common.subdomain "hydra";
domain = common.subdomain "hydra";
in
{
services.nginx.virtualHosts.${domain} = config.common.nginx.ssl // {
services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.hydra.port}";
proxyPass = "http://localhost:${toString config.services.hydra.port}";
};
};
@ -14,13 +14,13 @@ in
port = 3333;
baseDir = "/srv/hydra";
hydraURL = "https://${domain}";
notificationSender = config.common.email.withSubaddress "hydra";
smtpHost = config.common.email.smtp.address;
notificationSender = common.email.withSubaddress "hydra";
smtpHost = common.email.smtp.address;
useSubstitutes = true;
environmentFile = config.secrets.hydra;
extraEnv = {
EMAIL_SENDER_TRANSPORT_sasl_username = config.common.email.outgoing;
EMAIL_SENDER_TRANSPORT_port = builtins.toString config.common.email.smtp.SSLTLS;
EMAIL_SENDER_TRANSPORT_sasl_username = common.email.outgoing;
EMAIL_SENDER_TRANSPORT_port = toString common.email.smtp.SSLTLS;
EMAIL_SENDER_TRANSPORT_ssl = "ssl";
};
extraConfig = ''

4
hosts/Infini-DL360/jellyfin.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, common, ... }:
let
address = "127.0.0.1";
port = 8096;
@ -13,7 +13,7 @@ let
'';
in
{
services.nginx.virtualHosts."jellyfin.inx.moe" = config.common.nginx.ssl // {
services.nginx.virtualHosts."jellyfin.inx.moe" = common.nginx.ssl // {
extraConfig = ''
client_max_body_size 20M;
'';

4
hosts/Infini-DL360/jitsi.nix
View file

@ -1,12 +1,12 @@
# Unused
{ config, pkgs, lib, ... }:
{ config, common, ... }:
let
cfg = config.services.jitsi-meet;
in
{
services.jitsi-meet = {
enable = true;
hostName = config.common.subdomain "meet";
hostName = common.subdomain "meet";
config = {
prejoinPageEnabled = true;
disableModeratorIndicator = true;

8
hosts/Infini-DL360/jupyter.nix
View file

@ -1,5 +1,7 @@
{ config, pkgs, ... }:
{ config, common, pkgs, ... }:
let
cfg = config.services.jupyter;
mkPythonKernel = displayName: env: {
inherit displayName;
language = "python";
@ -53,10 +55,10 @@ in
})
];
services.nginx.virtualHosts."jupyter.internal.inx.moe" = config.common.nginx.ssl // {
services.nginx.virtualHosts."jupyter.internal.inx.moe" = common.nginx.ssl // {
listenAddresses = [ "100.101.102.124" ];
locations."/" = {
proxyPass = "http://localhost:${toString config.services.jupyter.port}";
proxyPass = "http://localhost:${toString cfg.port}";
proxyWebsockets = true;
};
};

5
hosts/Infini-DL360/postgresql.nix
View file

@ -1,5 +1,6 @@
{ pkgs, config, lib, ... }:
{ config, pkgs, ... }:
let
cfg = config.services.postgresql;
directory = "/srv/postgresql";
in
{
@ -8,6 +9,6 @@ in
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
dataDir = "${directory}/${config.services.postgresql.package.psqlSchema}";
dataDir = "${directory}/${cfg.package.psqlSchema}";
};
}

57
hosts/Infini-DL360/ssh.nix
View file

@ -1,31 +1,38 @@
{ pkgs, config, ... }:
{ config, pkgs, ... }:
let
cfg = config.services.openssh;
in
{
users.users.incoming = {
description = "User for incoming files with a chroot jail";
isSystemUser = true;
group = "incoming";
};
users.groups.incoming = { };
users.users = {
incoming = {
description = "User for incoming files with a chroot jail";
isSystemUser = true;
group = "incoming";
};
users.users.jump = {
description = "User for ssh jumping";
isSystemUser = true;
group = "nogroup";
};
jump = {
description = "User for ssh jumping";
isSystemUser = true;
group = "nogroup";
};
users.users.neofetch = {
description = "SSH Neofetch";
isSystemUser = true;
group = "nogroup";
hashedPassword = "$y$j9T$pixfaOyCz4Sbf8KE8AGVk.$TQKPzMvPan8qrO08kqjuJZO4LlUY7Yjxho0wIbcsmV3"; # :)
shell = pkgs.bash;
};
neofetch = {
description = "SSH Neofetch";
isSystemUser = true;
group = "nogroup";
hashedPassword = "$y$j9T$pixfaOyCz4Sbf8KE8AGVk.$TQKPzMvPan8qrO08kqjuJZO4LlUY7Yjxho0wIbcsmV3"; # :)
shell = pkgs.bash;
};
users.users.guest = {
description = "Guest shell account for temporary access";
group = "users";
isNormalUser = true;
shell = pkgs.bash;
guest = {
description = "Guest shell account for temporary access";
group = "users";
isNormalUser = true;
shell = pkgs.bash;
};
};
users.groups = {
incoming = { };
};
security.pam.services.sshd.allowNullPassword = true;
@ -41,7 +48,7 @@
Match user incoming
AuthorizedKeysFile /etc/ssh/authorized_keys.d/infinidoge /etc/ssh/authorized_keys.d/%u
ChrootDirectory /srv/external
ForceCommand ${config.services.openssh.sftpServerExecutable} -d incoming -u 007
ForceCommand ${cfg.sftpServerExecutable} -d incoming -u 007
X11Forwarding no
AllowTcpForwarding no
KbdInteractiveAuthentication no

4
hosts/Infini-DL360/thelounge.nix
View file

@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{ config, common, pkgs, ... }:
{
services.nginx.virtualHosts."thelounge.inx.moe" = config.common.nginx.ssl // {
services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.thelounge.port}";
};

8
hosts/Infini-DL360/vaultwarden.nix
View file

@ -1,11 +1,11 @@
{ config, lib, pkgs, ... }:
{ config, common, lib, pkgs, ... }:
let
domain = config.common.subdomain "bitwarden";
domain = common.subdomain "bitwarden";
in
{
persist.directories = [ config.services.vaultwarden.dataDir ];
services.nginx.virtualHosts.${domain} = config.common.nginx.ssl // {
services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
@ -15,7 +15,7 @@ in
enable = true;
environmentFile = config.secrets."vaultwarden";
dataDir = "/srv/vaultwarden";
config = with config.common.email; {
config = with common.email; {
DOMAIN = "https://${domain}";
SIGNUPS_ALLOWED = false;

4
hosts/Infini-DL360/web.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }:
{ config, common, pkgs, lib, ... }:
let
inherit (config.common.nginx) ssl ssl-optional;
inherit (common.nginx) ssl ssl-optional;
tryFiles = "$uri $uri.html $uri/ =404";
websiteConfig = ''

2
hosts/Infini-FRAMEWORK/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];

2
hosts/Infini-OPTIPLEX/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, private, ... }: {
{ ... }: {
imports = [
./hardware-configuration.nix
./filesystems.nix

2
hosts/Infini-OPTIPLEX/filesystems.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";
main = uuid "9d4bf2d8-f139-42e7-937a-541a7870d806";

2
hosts/Infini-OPTIPLEX/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci" ];

2
hosts/Infini-SD/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ... }: {
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
./filesystems.nix

2
hosts/Infini-SD/filesystems.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ ... }:
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";

2
hosts/Infini-SD/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports = [

2
hosts/Infini-SERVER/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, private, ... }: {
{ ... }: {
imports = [
./hardware-configuration.nix
./filesystems.nix

2
hosts/Infini-SERVER/filesystems.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ lib, ... }:
let
uuid = uuid: "/dev/disk/by-uuid/${uuid}";

2
hosts/Infini-SERVER/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }:
{ lib, ... }:
{
boot.initrd.availableKernelModules = [ "nvme" "usb_storage" "xhci_pci" "ahci" "usbhid" "sd_mod" ];

2
hosts/Infini-STICK/default.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ... }: {
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
./filesystems.nix

2
hosts/Infini-STICK/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports = [

2
hosts/Infini-SWIFT/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ pkgs, ... }:
{
imports = [
./hardware-configuration.nix

2
hosts/Infini-SWIFT/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports =

2
hosts/Infini-WSL/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ ... }:
{
system.stateVersion = "22.05";

2
hosts/vulcan/default.nix
View file

@ -1,4 +1,4 @@
{ private, config, lib, pkgs, ... }:
{ pkgs, ... }:
{
modules.hardware.form.server = true;