emily/nixfiles
emily/nixfiles
1
0
Fork 1
Code Issues Pull requests Activity

changed deployment options and some fixes

Browse source
This commit is contained in:
emily 2024-04-27 19:35:52 +02:00
parent e4fd5ee179
commit 82604fd3d2
Signed by: emily
GPG key ID: F6F4C66207FCF995
10 changed files with 33 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config/common/default.nix
View file

@ -28,13 +28,7 @@ with lib; {
fish.enable = true; fish.enable = true;
}; };
kyouma.tags = [ "all" ]; kyouma.deployment.tags = [ "all" ];
# deployment = {
# tags = [ "all" ];
# targetHost = mkDefault config.networking.fqdn;
# targetPort = mkDefault 22;
# targetUser = mkDefault null;
# };
security.dhparams.defaultBitSize = 4096; security.dhparams.defaultBitSize = 4096;

52
config/hosts/crime/nginx.nix
View file

@ -81,32 +81,32 @@ in {
useACMEHost = "fentanyl.trade"; useACMEHost = "fentanyl.trade";
}; };
}; };
createHost = { };
"watch.kyouma.net" = { redirectTo = "fentanyl.trade"; }; kyouma.nginx.virtualHosts = {
"redirect" = { "watch.kyouma.net" = { redirectTo = "fentanyl.trade"; };
default = true; "redirect" = {
reuseport = true; default = true;
useACMEHost = "fentanyl.trade"; reuseport = true;
extraConfig = '' useACMEHost = "fentanyl.trade";
return 403; extraConfig = ''
''; return 403;
}; '';
"crime.kyouma.net" = { };
listenAddresses = [ "[2a0f:be01:0:100::1338]" ]; "crime.kyouma.net" = {
locations = { listenAddresses = [ "[2a0f:be01:0:100::1338]" ];
"/".root = landingPage; locations = {
"/sonarr/" = { "/".root = landingPage;
proxyPass = "http://127.0.0.1:8989"; "/sonarr/" = {
recommendedProxySettings = true; proxyPass = "http://127.0.0.1:8989";
}; recommendedProxySettings = true;
"/radarr/" = { };
proxyPass = "http://127.0.0.1:7878"; "/radarr/" = {
recommendedProxySettings = true; proxyPass = "http://127.0.0.1:7878";
}; recommendedProxySettings = true;
"/prowlarr/" = { };
proxyPass = "http://127.0.0.1:9696"; "/prowlarr/" = {
recommendedProxySettings = true; proxyPass = "http://127.0.0.1:9696";
}; recommendedProxySettings = true;
}; };
}; };
}; };

3
config/hosts/girldick/configuration.nix
View file

@ -7,9 +7,6 @@
../../services/nginx.nix ../../services/nginx.nix
../../services/nyastodon.nix ../../services/nyastodon.nix
]; ];
deployment = {
targetUser = lib.mkForce "emily";
};
networking = { networking = {
domain = lib.mkForce "girldick.gay"; domain = lib.mkForce "girldick.gay";
hostName = "staging"; hostName = "staging";

4
config/hosts/lain/configuration.nix
View file

@ -6,9 +6,7 @@
../../profiles/headless.nix ../../profiles/headless.nix
]; ];
deployment = { kyouma.deployment.targetHost = "192.168.178.171";
targetHost = "192.168.178.171";
};
networking = { networking = {
hostName = "lain"; hostName = "lain";

5
config/hosts/ryuuko/configuration.nix
View file

@ -27,11 +27,6 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
deployment = {
targetHost = null;
targetUser = "emily";
};
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;

2
config/hosts/seras/configuration.nix
View file

@ -7,8 +7,6 @@
]; ];
boot.binfmt.emulatedSystems = ["aarch64-linux"]; boot.binfmt.emulatedSystems = ["aarch64-linux"];
deployment.targetUser = lib.mkForce "emily";
networking = { networking = {
hostName = "seras"; hostName = "seras";
nftables.enable = lib.mkForce false; nftables.enable = lib.mkForce false;

4
config/hosts/web-dus/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, inputs, pkgs, ... }: { { config, inputs, lib, pkgs, ... }: {
imports = [ imports = [
inputs.fernglas.nixosModules.default inputs.fernglas.nixosModules.default
inputs.kyouma-www.nixosModules.default inputs.kyouma-www.nixosModules.default
@ -10,7 +10,7 @@
]; ];
networking = { networking = {
hostName = "web-dus"; hostName = "web-dus";
nftables.enable = mkForce false; nftables.enable = lib.mkForce false;
firewall.allowedTCPPorts = [ 80 443 11019 ]; firewall.allowedTCPPorts = [ 80 443 11019 ];
firewall.allowedUDPPorts = [ 443 ]; firewall.allowedUDPPorts = [ 443 ];
}; };

1
config/profiles/graphical/default.nix
View file

@ -7,7 +7,6 @@
]; ];
kyouma.machine-type.graphical = true; kyouma.machine-type.graphical = true;
deployment.allowLocalDeployment = true;
hardware.opengl.enable = true; hardware.opengl.enable = true;

3
config/profiles/lxc.nix
View file

@ -9,7 +9,8 @@ with lib; {
manageHostName = true; manageHostName = true;
}; };
kyouma.machine-type.virtual = true; kyouma.machine-type.virtual = true;
deployment.tags = [ "pve-lxc" ]; kyouma.deployment.tags = [ "pve-lxc" ];
networking.useDHCP = false; networking.useDHCP = false;
networking.useHostResolvConf = false; networking.useHostResolvConf = false;
} }

2
config/services/nginx.nix
View file

@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }: with lib; { { config, pkgs, lib, ... }: with lib; {
deployment.tags = [ "web" ]; kyouma.deployment.tags = [ "web" ];
security.dhparams.enable = true; security.dhparams.enable = true;
security.dhparams.params.nginx = {}; security.dhparams.params.nginx = {};
security.acme = { security.acme = {