Compare commits
No commits in common. "main" and "update-inputs-2024-09-12-04-20" have entirely different histories.
main
...
update-inp
|
@ -62,7 +62,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
|
@ -52,7 +52,7 @@
|
|||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
icons = "auto";
|
||||
icons = true;
|
||||
git = true;
|
||||
extraOptions = [
|
||||
"--color-scale=all"
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
../../services/nginx.nix
|
||||
../../services/uptime-kuma.nix
|
||||
../../services/vaultwarden.nix
|
||||
../../services/librespeed.nix
|
||||
./disko.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
|
|
@ -62,7 +62,6 @@
|
|||
};
|
||||
};
|
||||
root = {
|
||||
type = "8300";
|
||||
size = "100%";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -16,15 +16,6 @@
|
|||
|
||||
networking.hostName = "integra";
|
||||
|
||||
nix.sshServe.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOWlYhnummuWZbq3+d0x5A67YvlPvtl7/1Dk4RtNlzf christina@cafkafk.com"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu"
|
||||
];
|
||||
|
||||
systemd.network.networks."98-eth-default" = {
|
||||
matchConfig.Type = "ether";
|
||||
matchConfig.Name = "e*";
|
||||
|
|
|
@ -21,26 +21,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "24GB";
|
||||
effective_cache_size = "72GB";
|
||||
maintenance_work_mem = "2GB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "31457kB";
|
||||
huge_pages = "try";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 32;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_parallel_workers = 32;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
|
||||
kyouma.ooklaserver = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{ config, inputs, lib, ... }: {
|
||||
imports = [
|
||||
./nix-config.nix
|
||||
inputs.hydra.nixosModules.hydra
|
||||
];
|
||||
sops.secrets."services/hydra/signKey" = {
|
||||
owner = "hydra-queue-runner";
|
||||
|
@ -19,7 +18,7 @@
|
|||
};
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
|
||||
services.hydra-dev = {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
package = inputs.hydra.packages.${config.nixpkgs.hostPlatform.system}.hydra;
|
||||
hydraURL = "https://hydra.kyouma.net";
|
||||
|
@ -32,7 +31,7 @@
|
|||
binary_cache_public_uri = https://cache.kyouma.net
|
||||
evaluator_workers = 8
|
||||
evaluator_max_memory_size = 16384
|
||||
max_output_size = ${builtins.toString (24 * 1024 * 1024 * 1024)}
|
||||
max_output_size = 4294967296
|
||||
'';
|
||||
};
|
||||
services.harmonia = {
|
||||
|
|
|
@ -17,8 +17,8 @@
|
|||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
{
|
||||
hostName = "build-worker-04.nyantec.com";
|
||||
] ++ lib.forEach [ "03" "04" ] (num: {
|
||||
hostName = "build-worker-${num}.nyantec.com";
|
||||
sshUser = "nix-ssh";
|
||||
maxJobs = 4;
|
||||
speedFactor = 18;
|
||||
|
@ -26,12 +26,12 @@
|
|||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
}
|
||||
] ++ lib.forEach [ "01" "02" "03" "05" "06" "07" "08" "09" ] (num: {
|
||||
) ++ lib.forEach [ "01" "02" "05" "06" ] (num: {
|
||||
hostName = "build-worker-${num}";
|
||||
sshUser = "root";
|
||||
maxJobs = 2;
|
||||
maxJobs = 4;
|
||||
speedFactor = 20;
|
||||
systems = [ "i686-linux" "x86_64-linux" ];
|
||||
systems = [ "x86_64-linux" ];
|
||||
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "gccarch-x86-64" "gccarch-x86-64-v2" "gccarch-x86-64-v3" ];
|
||||
sshKey = config.sops.secrets."services/hydra/id_ed25519_hydra".path;
|
||||
});
|
||||
|
@ -53,10 +53,6 @@
|
|||
"[build-worker-kyoumanet.fly.dev]:2202".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTwVKL0P0chPM2Gz23rbT94844+w1CGJdCaZdzfjThz";
|
||||
"[build-worker-kyoumanet.fly.dev]:2203".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAjy2eZGJQeAYy0+fLgW9jiS0jVY2LInY0NDMnzCvvKp";
|
||||
"[build-worker-kyoumanet.fly.dev]:2204".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN72OyD9LYy4hq0WZ7ie5RPV+G54UreEJiA/RubjGoe9";
|
||||
"[build-worker-kyoumanet.fly.dev]:2205".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNh1o1I98XrI2XmOI6Q0aHPfyLCIQwKkKOxGUUeXL9v";
|
||||
"[build-worker-kyoumanet.fly.dev]:2206".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGf0kxGgwOG9KhUhvxxTSiQC5YikrzZXKDgSpBw33qN4";
|
||||
"[build-worker-kyoumanet.fly.dev]:2207".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9z95a6Fn/dB+iNigEYpuJdBnBwCkIZYaKHcFbGP+RY";
|
||||
"[build-worker-kyoumanet.fly.dev]:2208".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAk+FNMhTfAVqk3MfLp4QiG/i5ti53DlpnC0q+sOvU9O";
|
||||
};
|
||||
extraConfig = ''
|
||||
Host build-worker-01
|
||||
|
@ -65,24 +61,12 @@
|
|||
Host build-worker-02
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2202
|
||||
Host build-worker-03
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2203
|
||||
Host build-worker-05
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2204
|
||||
Port 2203
|
||||
Host build-worker-06
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2205
|
||||
Host build-worker-07
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2206
|
||||
Host build-worker-08
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2207
|
||||
Host build-worker-09
|
||||
Hostname build-worker-kyoumanet.fly.dev
|
||||
Port 2208
|
||||
Port 2204
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
{ ... }: {
|
||||
services.librespeed = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
domain = "speed.kyouma.net";
|
||||
frontend.enable = true;
|
||||
};
|
||||
}
|
|
@ -34,11 +34,5 @@
|
|||
add_header Referrer-Policy "same-origin" always;
|
||||
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||
'';
|
||||
eventsConfig = ''
|
||||
multi_accept on;
|
||||
'';
|
||||
appendConfig = ''
|
||||
worker_processes auto;
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,14 +5,14 @@
|
|||
};
|
||||
sops.secrets."services/vaultwarden/basicAuth" = {
|
||||
sopsFile = ../../secrets/services/vaultwarden.yaml;
|
||||
owner = "nginx";
|
||||
owner = "vaultwarden";
|
||||
};
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."services/vaultwarden/environmentFile".path;
|
||||
backupDir = "/var/backup/bitwarden_rs";
|
||||
config = {
|
||||
DOMAIN = "https://vault.kyouma.net";
|
||||
DOMAIN = "https://staging.vault.kyouma.net";
|
||||
DATABASE_MAX_CONNS = 15;
|
||||
WEB_VAULT_ENABLED = true;
|
||||
WEBSOCKET_ADDRESS = "::1";
|
||||
|
@ -33,10 +33,10 @@
|
|||
SMTP_SECURITY = "starttls";
|
||||
SMTP_PORT = 587;
|
||||
ROCKET_ADDRESS = "::1";
|
||||
ROCKET_PORT = 8222;
|
||||
ROCKET_PORT = "8222";
|
||||
};
|
||||
};
|
||||
kyouma.nginx.virtualHosts."vault.kyouma.net" = {
|
||||
kyouma.nginx.virtualHosts."staging.vault.kyouma.net" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://[::1]:8222";
|
||||
proxyWebsockets = true;
|
||||
|
@ -46,5 +46,5 @@
|
|||
basicAuthFile = config.sops.secrets."services/vaultwarden/basicAuth".path;
|
||||
};
|
||||
};
|
||||
security.acme.certs."vault.kyouma.net" = {};
|
||||
security.acme.certs."staging.vault.kyouma.net" = {};
|
||||
}
|
||||
|
|
249
flake.lock
249
flake.lock
|
@ -11,11 +11,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729116596,
|
||||
"narHash": "sha256-NnLMLIXGZtAscUF4dCShksuQ1nOGF6Y2dEeyj0rBbUg=",
|
||||
"lastModified": 1726069220,
|
||||
"narHash": "sha256-dAUWlC8uMJX9iovycfvJcg5nm3PzqJIRAOwN4z322zM=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "2b05b7d986cf6009b1c1ef7daa4961cd1a658782",
|
||||
"rev": "416687e59c4f0b32742423458cab2c5ff8fe748a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -58,14 +58,30 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-foot": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725948,
|
||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-foot",
|
||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-foot",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-helix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1725860795,
|
||||
"narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=",
|
||||
"lastModified": 1720809814,
|
||||
"narHash": "sha256-numb3xigRGnr/deF7wdjBwVg7fpbTH7reFDkJ75AJkY=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-helix",
|
||||
"rev": "7f795bf75d38e0eea9fed287264067ca187b88a9",
|
||||
"rev": "34f41987bec14c0f3f6b2155c19787b1f6489625",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -74,6 +90,38 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1665001328,
|
||||
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
|
||||
"owner": "kdrag0n",
|
||||
"repo": "base16-kitty",
|
||||
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "kdrag0n",
|
||||
"repo": "base16-kitty",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-tmux": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725902,
|
||||
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-tmux",
|
||||
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-tmux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-vim": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -135,11 +183,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728330715,
|
||||
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
|
||||
"lastModified": 1722113426,
|
||||
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
|
||||
"owner": "numtide",
|
||||
"repo": "devshell",
|
||||
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
|
||||
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -155,11 +203,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729099656,
|
||||
"narHash": "sha256-VftVIg7UXTy1bq+tzi1aVYOWl7PQ35IpjW88yMYjjpc=",
|
||||
"lastModified": 1725377834,
|
||||
"narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "d7d57edb72e54891fa67a6f058a46b2bb405663b",
|
||||
"rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -178,11 +226,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726867691,
|
||||
"narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
|
||||
"lastModified": 1719459426,
|
||||
"narHash": "sha256-4Kn9Pb3lvsik/VYsEAYgXpkcmLhrr0tTE6oIT2PMSPA=",
|
||||
"owner": "kirelagin",
|
||||
"repo": "dns.nix",
|
||||
"rev": "a3196708a56dee76186a9415c187473b94e6cbae",
|
||||
"rev": "e6693931023206f1f3c2bfc57d2c98b5f27f52e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -326,11 +374,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727826117,
|
||||
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
|
||||
"lastModified": 1722555600,
|
||||
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
|
||||
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -344,11 +392,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -380,11 +428,11 @@
|
|||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -462,11 +510,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728778939,
|
||||
"narHash": "sha256-WybK5E3hpGxtCYtBwpRj1E9JoiVxe+8kX83snTNaFHE=",
|
||||
"lastModified": 1724857454,
|
||||
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "ff68f91754be6f3427e4986d7949e6273659be1d",
|
||||
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -521,11 +569,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729174520,
|
||||
"narHash": "sha256-QxCAdgQdeIOaCiE0Sr23s9lD0+T1b/wuz5pSiGwNrCQ=",
|
||||
"lastModified": 1726036828,
|
||||
"narHash": "sha256-ZQHbpyti0jcAKnwQY1lwmooecLmSG6wX1JakQ/eZNeM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e78cbb20276f09c1802e62d2f77fc93ec32da268",
|
||||
"rev": "8a1671642826633586d12ac3158e463c7a50a112",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -543,19 +591,17 @@
|
|||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728215710,
|
||||
"narHash": "sha256-TRxR6zELQoUDPhLkmBU8QjgskNyVcblKgQIxhuOyNRc=",
|
||||
"ref": "main",
|
||||
"rev": "799441dcf6d595efb0def686ca0815aef398627b",
|
||||
"revCount": 4217,
|
||||
"lastModified": 1724696781,
|
||||
"narHash": "sha256-oDLfi7PdElAdhGK8i+mQ4OOn6Hu3vzHiYnuFcHoJ0IU=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "ab6d81fad404af05dfeae7f74d1783a2f7367826",
|
||||
"revCount": 4205,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/hydra"
|
||||
"url": "https://git.lix.systems/snaakey/hydra.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"rev": "799441dcf6d595efb0def686ca0815aef398627b",
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/hydra"
|
||||
"url": "https://git.lix.systems/snaakey/hydra.git"
|
||||
}
|
||||
},
|
||||
"iceshrimp": {
|
||||
|
@ -588,11 +634,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727022979,
|
||||
"narHash": "sha256-L73aHx90Fmok+5TA87mRhYNm/aHIPm0+7kAEvkEf80w=",
|
||||
"lastModified": 1719228964,
|
||||
"narHash": "sha256-OvA+zYBIUYg/kE2SdF/850s2dGZQyDECB2XoZfHioE0=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "f4e46ff6820d334c12b8f3a609ab43b895d3b630",
|
||||
"revCount": 24,
|
||||
"rev": "fc34094fc69e69e217db1bf17d82b9d0bf3b2cc4",
|
||||
"revCount": 22,
|
||||
"type": "git",
|
||||
"url": "https://woof.rip/emily/kyouma-net.git"
|
||||
},
|
||||
|
@ -664,11 +710,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728901530,
|
||||
"narHash": "sha256-I9Qd0LnAsEGHtKE9+uVR0iDFmsijWSy7GT0g3jihG4Q=",
|
||||
"lastModified": 1724561770,
|
||||
"narHash": "sha256-zv8C9RNa86CIpyHwPIVO/k+5TfM8ZbjGwOOpTe1grls=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "a60ac02f9466f85f092e576fd8364dfc4406b5a6",
|
||||
"rev": "ac5694a0b855a981e81b4d9f14052e3ff46ca39e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -745,11 +791,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1728729581,
|
||||
"narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
|
||||
"lastModified": 1725885300,
|
||||
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
|
||||
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -828,11 +874,11 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1728156290,
|
||||
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
|
||||
"lastModified": 1725762081,
|
||||
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
|
||||
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -844,11 +890,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1725001927,
|
||||
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
|
||||
"lastModified": 1723688146,
|
||||
"narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
|
||||
"rev": "c3d4ac725177c030b1e289015989da2ad9d56af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -876,11 +922,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1728888510,
|
||||
"narHash": "sha256-nsNdSldaAyu6PE3YUA+YQLqUDJh+gRbBooMMekZJwvI=",
|
||||
"lastModified": 1725983898,
|
||||
"narHash": "sha256-4b3A9zPpxAxLnkF9MawJNHDtOOl6ruL0r6Og1TEDGCE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a3c0b3b21515f74fd2665903d4ce6bc4dc81c77c",
|
||||
"rev": "1355a0cbfeac61d785b7183c0caaec1f97361b43",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -907,11 +953,11 @@
|
|||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729196897,
|
||||
"narHash": "sha256-xftdQl0kxWJZNWCDSl0pU2E7zCmGjhD/N9ZWgPXK0A0=",
|
||||
"lastModified": 1726027257,
|
||||
"narHash": "sha256-hsdIfpIB5wzEehgOSaifBJwY3Tn0P0wiU9pTf8nRBQc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixvim",
|
||||
"rev": "3c7b6ae5d1524c691a1b65f7290facd0dc296e40",
|
||||
"rev": "11c133e89e4090c43445a2c3b5af2322831d7219",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -929,11 +975,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728905062,
|
||||
"narHash": "sha256-W/lClt0bRgFRO0WFtytX/LEILpPNq+FOjIfESpkeu5c=",
|
||||
"lastModified": 1724584782,
|
||||
"narHash": "sha256-7FfHv7b1jwMPSu9SPY9hdxStk8E6EeSwzqdvV69U4BM=",
|
||||
"owner": "NuschtOS",
|
||||
"repo": "search",
|
||||
"rev": "f82d3e1c1c9d1eaeb91878519e2d27b27c66ce84",
|
||||
"rev": "5a08d691de30b6fc28d58ce71a5e420f2694e087",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -987,11 +1033,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728345710,
|
||||
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
|
||||
"lastModified": 1725922448,
|
||||
"narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
|
||||
"rev": "cede1a08039178ac12957733e97ab1006c6b6892",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1004,7 +1050,10 @@
|
|||
"inputs": {
|
||||
"base16": "base16",
|
||||
"base16-fish": "base16-fish",
|
||||
"base16-foot": "base16-foot",
|
||||
"base16-helix": "base16-helix",
|
||||
"base16-kitty": "base16-kitty",
|
||||
"base16-tmux": "base16-tmux",
|
||||
"base16-vim": "base16-vim",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-utils": "flake-utils_4",
|
||||
|
@ -1015,17 +1064,14 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems_4",
|
||||
"tinted-foot": "tinted-foot",
|
||||
"tinted-kitty": "tinted-kitty",
|
||||
"tinted-tmux": "tinted-tmux"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1728900372,
|
||||
"narHash": "sha256-hmG/u7qZEm7CTh1XPDi+pg4Oi0nNrv7sL8PgZDRe6wg=",
|
||||
"lastModified": 1725290973,
|
||||
"narHash": "sha256-+jwXF9KI0HfvDgpsoJGvOdfOGGSKOrID1wQB79zjUbo=",
|
||||
"owner": "danth",
|
||||
"repo": "stylix",
|
||||
"rev": "33a2eff15181e557bb6dd9d2073b90f7d218975d",
|
||||
"rev": "ef81ad9e85e60420cc83d4642619c14b57139d33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1094,55 +1140,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-foot": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725948,
|
||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-foot",
|
||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-foot",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1716423189,
|
||||
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-kitty",
|
||||
"rev": "eb39e141db14baef052893285df9f266df041ff8",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tinted-tmux": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725902,
|
||||
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-tmux",
|
||||
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "tinted-tmux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -1173,11 +1170,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1727984844,
|
||||
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=",
|
||||
"lastModified": 1724833132,
|
||||
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64",
|
||||
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -26,7 +26,7 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
hydra = {
|
||||
url = "git+https://git.lix.systems/lix-project/hydra?ref=main&rev=799441dcf6d595efb0def686ca0815aef398627b";
|
||||
url = "git+https://git.lix.systems/snaakey/hydra.git";
|
||||
inputs.lix.follows = "lix";
|
||||
};
|
||||
iceshrimp = {
|
||||
|
|
65
fly.toml
65
fly.toml
|
@ -9,10 +9,6 @@ primary_region = 'ams'
|
|||
bw-02 = '/entrypoint.sh'
|
||||
bw-03 = '/entrypoint.sh'
|
||||
bw-04 = '/entrypoint.sh'
|
||||
bw-05 = '/entrypoint.sh'
|
||||
bw-06 = '/entrypoint.sh'
|
||||
bw-07 = '/entrypoint.sh'
|
||||
bw-08 = '/entrypoint.sh'
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw01'
|
||||
|
@ -38,30 +34,6 @@ primary_region = 'ams'
|
|||
initial_size = '128GB'
|
||||
processes = ['bw-04']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw05'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw06'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw07'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[mounts]]
|
||||
source = 'bw08'
|
||||
destination = '/mnt/data'
|
||||
initial_size = '256GB'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
|
@ -98,45 +70,8 @@ primary_region = 'ams'
|
|||
[[services.ports]]
|
||||
port = 2204
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-05']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2205
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-06']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2206
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-07']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2207
|
||||
|
||||
[[services]]
|
||||
protocol = 'tcp'
|
||||
internal_port = 2222
|
||||
auto_stop_machines = 'off'
|
||||
processes = ['bw-08']
|
||||
|
||||
[[services.ports]]
|
||||
port = 2208
|
||||
|
||||
[[restart]]
|
||||
policy = 'never'
|
||||
|
||||
[[vm]]
|
||||
size = 'performance-16x'
|
||||
memory = '96GB'
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
{ lib, ... }: let
|
||||
mapModules = builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ./.));
|
||||
in {
|
||||
imports = builtins.map (dir: ./${dir}) mapModules;
|
||||
{ ... }: {
|
||||
imports = [
|
||||
./deployment
|
||||
./graphical
|
||||
./machine-type
|
||||
./nginx
|
||||
./ooklaserver
|
||||
./update-nixfiles
|
||||
];
|
||||
}
|
||||
|
|
|
@ -119,7 +119,7 @@
|
|||
#"eDP-1, 2560x1600@60, 0x0, 1, bitdepth, 10"
|
||||
#"eDP-1, 1920x1200@60, 0x0, 1, bitdepth, 10"
|
||||
"desc:Dell Inc. AW3225QF FXK2YZ3, 3840x2160@240,5280x0,1, bitdepth,10, vrr,2"
|
||||
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-280,1, bitdepth,10, transform,1"
|
||||
"desc:GIGA-BYTE TECHNOLOGY CO. LTD. AORUS AD27QD 19320B000455, 2560x1440@144,3840x-350,1, bitdepth,10, transform,1"
|
||||
",preferred,auto,1"
|
||||
];
|
||||
workspace = [
|
||||
|
|
|
@ -161,8 +161,8 @@
|
|||
};
|
||||
servers = {
|
||||
bashls.enable = true;
|
||||
lua_ls.enable = true;
|
||||
nil_ls = {
|
||||
lua-ls.enable = true;
|
||||
nil-ls = {
|
||||
enable = true;
|
||||
settings.formatting.command = [ "nixfmt" "-w" "140" ];
|
||||
};
|
||||
|
@ -175,8 +175,8 @@
|
|||
options.enable = true;
|
||||
};
|
||||
};
|
||||
ruff_lsp.enable = true;
|
||||
rust_analyzer = {
|
||||
ruff-lsp.enable = true;
|
||||
rust-analyzer = {
|
||||
enable = true;
|
||||
installRustc = true;
|
||||
installCargo = true;
|
||||
|
@ -187,6 +187,7 @@
|
|||
enable = true;
|
||||
sources.diagnostics = {
|
||||
pylint.enable = true;
|
||||
statix.enable = true;
|
||||
};
|
||||
sources.formatting = {
|
||||
nixfmt.enable = true;
|
||||
|
@ -211,7 +212,6 @@
|
|||
plugins.luasnip.enable = true;
|
||||
plugins.nvim-autopairs.enable = true;
|
||||
plugins.rainbow-delimiters.enable = true;
|
||||
plugins.web-devicons.enable = true;
|
||||
# Broken
|
||||
plugins.rustaceanvim.enable = false;
|
||||
plugins.treesitter-context.enable = true;
|
||||
|
|
|
@ -1,408 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.services.librespeed;
|
||||
in
|
||||
{
|
||||
options.services.librespeed =
|
||||
let
|
||||
inherit (lib) mkOption types;
|
||||
in
|
||||
{
|
||||
enable = lib.mkEnableOption "LibreSpeed server";
|
||||
package = lib.mkPackageOption pkgs "librespeed-rust" { };
|
||||
domain = mkOption {
|
||||
description = ''
|
||||
If not `null`, this will add an entry to `services.librespeed.servers` and
|
||||
configure librespeed to use TLS.
|
||||
'';
|
||||
default = null;
|
||||
type = with types; nullOr nonEmptyStr;
|
||||
};
|
||||
downloadIPDB = mkOption {
|
||||
description = ''
|
||||
Whether to download the IP info database before starting librespeed.
|
||||
Disable this if you want to use the Go implementation.
|
||||
'';
|
||||
default = !(cfg.secrets ? "ipinfo_api_key");
|
||||
defaultText = lib.literalExpression ''!(cfg.secrets ? "ipinfo_api_key")'';
|
||||
type = types.bool;
|
||||
};
|
||||
openFirewall = mkOption {
|
||||
description = ''
|
||||
Whether to open the firewall for the specified port.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
secrets = mkOption {
|
||||
description = ''
|
||||
Attribute set of filesystem paths.
|
||||
The contents of the specified paths will be read at service start time and merged with the attributes provided in `settings`.
|
||||
'';
|
||||
default = { };
|
||||
type = with types; nullOr (attrsOf path);
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
LibreSpeed configuration written as Nix expression.
|
||||
All values set to `null` will be excluded from the evaluated config.
|
||||
This is useful if you want to omit certain defaults when using a different LibreSpeed implementation.
|
||||
|
||||
See [github.com/librespeed][librespeed] for configuration help.
|
||||
|
||||
[librespeed]: https://github.com/librespeed/speedtest-rust
|
||||
'';
|
||||
default = { };
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
(nullOr bool)
|
||||
int
|
||||
str
|
||||
package
|
||||
])
|
||||
);
|
||||
};
|
||||
frontend = {
|
||||
enable = lib.mkEnableOption ''
|
||||
Enables the LibreSpeed frontend and adds a nginx virtual host if
|
||||
not explicetly disabled and `services.librespeed.domain` is not `null`.
|
||||
'';
|
||||
contactEmail = mkOption {
|
||||
description = "Email address listed in the privacy policy.";
|
||||
default =
|
||||
if (cfg.domain != null) then "webmaster@${cfg.domain}" else "webmaster@${config.networking.fqdn}";
|
||||
defaultText = lib.literalExpression ''
|
||||
if (config.services.librespeed.domain != null) then
|
||||
"webmaster@''${config.services.librespeed.domain}"
|
||||
else
|
||||
"webmaster@''${config.networking.fqdn}";
|
||||
'';
|
||||
type = types.str;
|
||||
};
|
||||
pageTitle = mkOption {
|
||||
description = "Title of the webpage.";
|
||||
default = "LibreSpeed";
|
||||
type = types.str;
|
||||
};
|
||||
useNginx = mkOption {
|
||||
description = ''
|
||||
Configure nginx for the LibreSpeed frontend.
|
||||
This will only create a virtual host for the frontend and won't proxy all requests because
|
||||
the reported upload and download speeds are inaccurate if proxied.
|
||||
'';
|
||||
default = cfg.domain != null;
|
||||
defaultText = lib.literalExpression "config.services.librespeed.domain != null";
|
||||
type = types.bool;
|
||||
};
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Override default settings of the speedtest web client.
|
||||
See [speedtest_worker.js][link] for a list of possible values.
|
||||
|
||||
[link]: https://github.com/librespeed/speedtest/blob/master/speedtest_worker.js#L39
|
||||
'';
|
||||
default = {
|
||||
telemetry_level = "basic";
|
||||
};
|
||||
type =
|
||||
with types;
|
||||
nullOr (
|
||||
attrsOf (oneOf [
|
||||
bool
|
||||
int
|
||||
str
|
||||
float
|
||||
])
|
||||
);
|
||||
};
|
||||
servers = mkOption {
|
||||
description = "LibreSpeed servers that should apper in the server list.";
|
||||
type = types.listOf (
|
||||
types.submodule {
|
||||
options =
|
||||
let
|
||||
inherit (types) nonEmptyStr;
|
||||
in
|
||||
{
|
||||
name = mkOption {
|
||||
description = "Name shown in the server list.";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
server = mkOption {
|
||||
description = "URL to the server. You may use `//` instead of `http://` or `https://`.";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
dlURL = mkOption {
|
||||
description = ''
|
||||
URL path to download test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/garbage";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
ulURL = mkOption {
|
||||
description = ''
|
||||
URL path to upload test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/empty";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
pingURL = mkOption {
|
||||
description = ''
|
||||
URL path to latency/jitter test on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/empty";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
getIpURL = mkOption {
|
||||
description = ''
|
||||
URL path to IP lookup on this server.
|
||||
Append `.php` to the default value if the server uses the php implementation.
|
||||
'';
|
||||
default = "backend/getIP";
|
||||
type = nonEmptyStr;
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable (
|
||||
let
|
||||
librespeedAssets =
|
||||
pkgs.runCommand "librespeed-assets"
|
||||
(
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if ((lib.isInt arg) || (lib.isFloat arg)) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
|
||||
mapSettings = lib.pipe cfg.frontend.settings [
|
||||
(lib.mapAttrs (name: val: " s.setParameter(\"${lib.escape [ "\"" ] name}\",${mapValue val});"))
|
||||
(lib.attrValues)
|
||||
(lib.concatLines)
|
||||
];
|
||||
in
|
||||
{
|
||||
preferLocal = true;
|
||||
|
||||
serversList = ''
|
||||
function get_servers() {
|
||||
return ${builtins.toJSON cfg.frontend.servers}
|
||||
}
|
||||
function override_settings () {
|
||||
${mapSettings}
|
||||
}
|
||||
'';
|
||||
}
|
||||
)
|
||||
''
|
||||
cp -r ${pkgs.librespeed-rust}/assets $out
|
||||
chmod 666 $out/servers_list.js
|
||||
cat >$out/servers_list.js <<<"$serversList"
|
||||
substitute ${pkgs.librespeed-rust}/assets/index.html $out/index.html \
|
||||
--replace-fail "s.setParameter(\"telemetry_level\",\"basic\"); //enable telemetry" "override_settings();" \
|
||||
--replace-fail "LibreSpeed Example" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.pageTitle)} \
|
||||
--replace-fail "PUT@YOUR_EMAIL.HERE" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)} \
|
||||
--replace-fail "TO BE FILLED BY DEVELOPER" ${lib.escapeShellArg (lib.escapeXML cfg.frontend.contactEmail)}
|
||||
'';
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = cfg.frontend.useNginx -> cfg.domain != null;
|
||||
message = ''
|
||||
`services.librespeed.frontend.useNginx` requires `services.librespeed.frontend.domain` to be set.
|
||||
'';
|
||||
}
|
||||
];
|
||||
|
||||
networking.firewall = lib.mkIf cfg.openFirewall {
|
||||
allowedTCPPorts = [ cfg.settings.listen_port ];
|
||||
};
|
||||
services.nginx.virtualHosts = lib.mkIf (cfg.frontend.enable && cfg.frontend.useNginx) {
|
||||
${cfg.domain} = {
|
||||
locations."/".root = librespeedAssets;
|
||||
locations."= /servers.json".return = "200 '${builtins.toJSON cfg.frontend.servers}'";
|
||||
locations."/backend/".return = "301 https://$host:${toString cfg.settings.listen_port}$request_uri";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
};
|
||||
security.acme.certs = lib.mkIf (cfg.domain != null) {
|
||||
${cfg.domain} = {
|
||||
reloadServices = [ "librespeed.service" ];
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
};
|
||||
};
|
||||
|
||||
services.librespeed.frontend.servers = lib.mkIf (cfg.frontend.enable && (cfg.domain != null)) [
|
||||
{
|
||||
name = cfg.domain;
|
||||
server = "//${cfg.domain}:${toString cfg.settings.listen_port}";
|
||||
}
|
||||
];
|
||||
|
||||
services.librespeed.settings =
|
||||
let
|
||||
inherit (lib) mkDefault mkIf;
|
||||
in
|
||||
{
|
||||
assets_path =
|
||||
if (cfg.frontend.enable && !cfg.frontend.useNginx) then
|
||||
librespeedAssets
|
||||
else
|
||||
pkgs.writeTextDir "index.html" "";
|
||||
|
||||
bind_address = mkDefault "::";
|
||||
listen_port = mkDefault 8989;
|
||||
base_url = mkDefault "backend";
|
||||
worker_threads = mkDefault "auto";
|
||||
|
||||
database_type = mkDefault "none";
|
||||
database_file = mkDefault "/var/lib/librespeed/speedtest.sqlite";
|
||||
|
||||
#librespeed-rust will fail to start if the following config parameters are omitted.
|
||||
ipinfo_api_key = mkIf (!cfg.secrets ? "ipinfo_api_key") "";
|
||||
stats_password = mkIf (!cfg.secrets ? "stats_password") "";
|
||||
tls_cert_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/cert.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
tls_key_file =
|
||||
if (cfg.domain != null) then
|
||||
(mkDefault "/run/credentials/librespeed.service/key.pem")
|
||||
else
|
||||
(mkDefault "");
|
||||
|
||||
enable_tls = mkDefault (cfg.domain != null);
|
||||
};
|
||||
|
||||
systemd.services =
|
||||
let
|
||||
configFile =
|
||||
let
|
||||
mapValue =
|
||||
arg:
|
||||
if (lib.isBool arg) then
|
||||
lib.boolToString arg
|
||||
else if (lib.isInt arg) then
|
||||
toString arg
|
||||
else
|
||||
"\"${lib.escape [ "\"" ] (toString arg)}\"";
|
||||
in
|
||||
with lib;
|
||||
pipe cfg.settings [
|
||||
(filterAttrs (_: val: val != null))
|
||||
(mapAttrs (name: val: "${name}=${mapValue val}"))
|
||||
(attrValues)
|
||||
(concatLines)
|
||||
(pkgs.writeText "${cfg.package.name}-config.toml")
|
||||
];
|
||||
in
|
||||
{
|
||||
librespeed-secrets = lib.mkIf (cfg.secrets != { }) {
|
||||
description = "LibreSpeed secret helper";
|
||||
|
||||
ExecStart =
|
||||
let
|
||||
script = pkgs.writeShellApplication {
|
||||
name = "librespeed-secrets";
|
||||
runtimeInputs = [ pkgs.coreutils ];
|
||||
text =
|
||||
''
|
||||
cp ${configFile} ''${RUNTIME_DIRECTORY%%:*}/config.toml
|
||||
''
|
||||
+ lib.pipe cfg.secrets [
|
||||
(lib.mapAttrs (
|
||||
name: file: ''
|
||||
cat >>''${RUNTIME_DIRECTORY%%:*}/config.toml <<EOF
|
||||
${name}="$(<${lib.escapeShellArg file})"
|
||||
EOF
|
||||
''
|
||||
))
|
||||
(lib.concatLines lib.attrValues)
|
||||
];
|
||||
};
|
||||
in
|
||||
lib.getExe script;
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
RuntimeDirectory = "librespeed";
|
||||
UMask = "u=rw";
|
||||
};
|
||||
};
|
||||
librespeed = {
|
||||
description = "LibreSpeed server daemon";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
requires = lib.optionals (cfg.secrets != { }) [ "librespeed-secrets.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
|
||||
DynamicUser = true;
|
||||
|
||||
LoadCredential = lib.mkIf (cfg.domain != null) [
|
||||
"cert.pem:${config.security.acme.certs.${cfg.domain}.directory}/cert.pem"
|
||||
"key.pem:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
|
||||
];
|
||||
|
||||
ExecStartPre = lib.mkIf cfg.downloadIPDB "${lib.getExe cfg.package} --update-ipdb";
|
||||
ExecStart = "${lib.getExe cfg.package} -c ${
|
||||
if (cfg.secrets == { }) then configFile else "\${RUNTIME_DIRECTORY%%:*}/config.toml"
|
||||
}";
|
||||
WorkingDirectory = "/var/cache/librespeed";
|
||||
RuntimeDirectory = "librespeed";
|
||||
RuntimeDirectoryPreserve = true;
|
||||
StateDirectory = "librespeed";
|
||||
CacheDirectory = "librespeed";
|
||||
SyslogIdentifier = "librespeed";
|
||||
|
||||
ReadOnlyPaths = [ cfg.package ];
|
||||
RestrictSUIDSGID = true;
|
||||
RestrictNamespaces = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
ProtectProc = "invisible";
|
||||
SystemCallArchitectures = "native";
|
||||
SystemCallFilter = "@system-service";
|
||||
SystemCallErrorNumber = "EPERM";
|
||||
LockPersonality = true;
|
||||
NoNewPrivileges = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ snaki ];
|
||||
}
|
|
@ -34,23 +34,17 @@ dockerTools.buildLayeredImage {
|
|||
trusted-public-keys = cache.kyouma.net:Frjwu4q1rnwE/MnSTmX9yx86GNA/z3p/oElGvucLiZg= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
|
||||
max-substitution-jobs = 20
|
||||
max-silent-time = 14400
|
||||
min-free = ${builtins.toString (49152 * 1024 * 1024)}
|
||||
max-free = ${builtins.toString (65536 * 1024 * 1024)}
|
||||
min-free = 17179869184
|
||||
max-free = 34359738368
|
||||
system-features = benchmark big-parallel kvm nixos-test uid-range gccarch-x86-64 gccarch-x86-64-v2 gccarch-x86-64-v3
|
||||
EOF
|
||||
|
||||
mkdir -p /root/.ssh
|
||||
cat <<EOF > /root/.ssh/authorized_keys
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK397sBHLS66snWNPtmjUy7qZxRJh54N0RRXogKODudl nix@muon
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE/vCXM3IaxJP9v2Y+xcQrQD2IcffgdzqtWhpMjj9Xl5 hydra@seras
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICT0dGyLUjxFnvqUmex+5xUGQ7D4yGHKo267JgApcq0k root@ryuuko
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDTwCSWYODyvTJxwB6Rahuy0j6s/YYwtQta8bjzG/We root@ryuuko-arch
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/RmFnel8pcZT9nh7EAfKfAekt3BoEXy0G7G2GTacN/ aprl@computer
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxsX+lEWkHZt9NOvn9yYFP0Z++186LY4b97C4mwj/f2 aprl@whatever
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpyVefbZLkNVNzdSIlO6x6JohHE1snoHiUB3Qdvl5I2 aprl@idk
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVNo871p97NTefP52KYiwuch+FaVScxvcFd9fg0yykySTq7Y5JsxrJQgTnox/oDa0O87OyHD/GHQljAXkqiHpDkExbiGjDmGXJSKReKH061F4FqBnDIwYRzUu9Cxjl4MNqsU0RqLaz4+F42c/L7GROQwjEPUb8JHThRiI5FJnDvvB+oBLBxeyQA4v3O4i8DaDQayTr/XB+aSlhNwKrb6cjjL93AHT1uE53yY5jn4kZX+RiPQhH7rvt9N6E4Yr3CG6nUgRCUS0L66d9yfrq0XAbAVk9F+viV7Nk9qy4MWHtXZ4h0qUlzrGALPgGsCGiLGd4NvEgeCcV4nvxdmevxTSdKlJP75xlmlLVXGyhqCZkTsxm/png2UvDl+p0pLyrgNaNoXPdE0Jbv7C28WX36Nast1QFSMUhexzuOx8OgaOioeXVfK98AouqWb58iPBCvgreUIH/gJhZcnlB/Foo1KSO+fJNH8hAsLH7w0mnKyHhJjkrjjwUqsnpepB3SOLfZTE= aprl@meow
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD0v3tUBNEUxfoOQBFb+N2DUBQDay0iFggUWa9Nd+BtFLOKkz+RRto3eBF0ZiJZVUxv/hLb8m2s45hcMw8agwuPrXMe5085T1fzkvPdKAPZdsT/cCmBi1OsoLjAKBFIdM4lcV0A2cca8hip+/ZPpjFPUWx73/672gAPHU7co7fP8+8CSf9dx+WIeLx3yaYHYZ/th3dB5auX3VjOazS8MojsAorwTUeBoPamHQ5dFeNafhFUL/hhtGkUI1cNHUn3bJd2V7AKTW3UglK7hVgMJPrzVS31OlpcJEf6S5XgKTWdOSwubn1bs5Lt6YYRDU24NV6CGrwKgCJSRxzNMLwpnFKiSXpO8FzkqWHYWyju141hQcFF31aZIV+7YcwEt5ZukLjFOpVtpbSXvJYigOUzGi34P3/OAGshDXjTQjvM8GIir49gx3b2Nwhg0z4UHBkAKZvDDFPHDMJoclvnhITojaAojfC9zmMCO5ZaEsk8yv7c/lWQumzRpfldWF4mwHvhD5kTADbhRdO7WTdX7AaiAYINooToeWKjFe2wn3rFubPUppptqtP03mmvs7vhhgnEVBbGZRJK3GTVk1XcsfF9rDKzewSa+wb4LsBoZtFRhc8cJqHGlKWSNk7dQ04B1atPyNLKGpGoo/UIPxyZ6bSqFVxY3nhz46VZ6z8XWI48z0/fRQ== aprl@uwu
|
||||
EOF
|
||||
|
||||
cat <<EOF > /root/.ssh/environment
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
|
||||
dockerTools.pullImage {
|
||||
imageName = "nixos/nix";
|
||||
imageDigest = "sha256:fd7a5c67d396fe6bddeb9c10779d97541ab3a1b2a9d744df3754a99add4046f1";
|
||||
sha256 = "1ggkwd9zw8lj97ig7zah7dqy463hfhsgq3iwxxf8117gf8xi422s";
|
||||
imageDigest = "sha256:338ca39c0c75f10919cd0cf38647ce4543033d2bbdabab4519de5adee45445f8";
|
||||
sha256 = "0rzms97xnzlh63pjkqq3m5146lyw00mqgdldsd00c9bzk3ybr75x";
|
||||
finalImageName = "nixos/nix";
|
||||
finalImageTag = "latest";
|
||||
}
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
buildGoModule,
|
||||
}:
|
||||
let
|
||||
version = "1.1.5";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-go";
|
||||
rev = "refs/tags/v${version}";
|
||||
hash = "sha256-ywGrodl/mj/WB25F0TKVvaV0PV4lgc+KEj0x/ix9HT8=";
|
||||
};
|
||||
in
|
||||
buildGoModule {
|
||||
pname = "librespeed-go";
|
||||
inherit version src;
|
||||
|
||||
vendorHash = "sha256-ev5TEv8u+tx7xIvNaK8b5iq2XXF6I37Fnrr8mb+N2WM=";
|
||||
|
||||
ldflags = [ "-w" "-s" ];
|
||||
|
||||
postInstall = ''
|
||||
cp -r web/assets $out/
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A very lightweight speed test implementation in Go.";
|
||||
homepage = "https://github.com/librespeed/speedtest-go";
|
||||
license = lib.licenses.lgpl3Plus;
|
||||
maintainers = with lib.maintainers; [ snaki ];
|
||||
mainProgram = "speedtest";
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
fetchFromGitHub,
|
||||
rustPlatform,
|
||||
}:
|
||||
let
|
||||
# https://github.com/librespeed/speedtest-rust/pull/7
|
||||
version = "unstable-2024-09-28";
|
||||
src = fetchFromGitHub {
|
||||
owner = "librespeed";
|
||||
repo = "speedtest-rust";
|
||||
rev = "a74f25d07da3eb665ce806e015c537264f7254c9";
|
||||
hash = "sha256-+G1DFHQONXXg/5apSBlBkRvuLT4qCJaeFnQSLWt0CD0=";
|
||||
};
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
pname = "librespeed-rust";
|
||||
inherit version src;
|
||||
|
||||
cargoLock.lockFile = "${src}/Cargo.lock";
|
||||
|
||||
# error: linker `aarch64-linux-gnu-gcc` not found
|
||||
postPatch = ''
|
||||
rm .cargo/config.toml
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
cp -r assets $out/
|
||||
'';
|
||||
|
||||
meta = {
|
||||
description = "A very lightweight speed test implementation in Rust.";
|
||||
homepage = "https://github.com/librespeed/speedtest-rust";
|
||||
license = lib.licenses.lgpl3Plus;
|
||||
maintainers = with lib.maintainers; [ snaki ];
|
||||
mainProgram = "librespeed-rs";
|
||||
};
|
||||
}
|
|
@ -3,6 +3,4 @@ final: prev: {
|
|||
upgrade-system = final.callPackage ./upgrade-system/default.nix {};
|
||||
update-nixfiles = final.callPackage ./update-nixfiles/default.nix {};
|
||||
build-worker-oci = final.callPackage ./build-worker-oci/default.nix {};
|
||||
librespeed-rust = final.callPackage ./librespeed-rust/default.nix {};
|
||||
librespeed-go = final.callPackage ./librespeed-go/default.nix {};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue