diff options
Diffstat (limited to 'system/settings')
| -rw-r--r-- | system/settings/configuration/england.nix | 10 | ||||
| -rw-r--r-- | system/settings/configuration/nix-linux.nix | 10 | ||||
| -rw-r--r-- | system/settings/configuration/nix.nix | 18 | ||||
| -rw-r--r-- | system/settings/darwin.nix | 8 | ||||
| -rw-r--r-- | system/settings/dev.nix | 31 | ||||
| -rw-r--r-- | system/settings/gaming.nix | 2 | ||||
| -rw-r--r-- | system/settings/hardware/bluetooth-audio.nix | 10 | ||||
| -rw-r--r-- | system/settings/programs/nh.nix | 20 | ||||
| -rw-r--r-- | system/settings/services/git-server.nix | 48 | ||||
| -rw-r--r-- | system/settings/user-interface.nix | 2 |
10 files changed, 49 insertions, 110 deletions
diff --git a/system/settings/configuration/england.nix b/system/settings/configuration/england.nix deleted file mode 100644 index 1323b292..00000000 --- a/system/settings/configuration/england.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config -, pkgs -, ... -}: { - time.timeZone = "Europe/London"; - services.redshift = { - latitude = 52.2394; - longitude = -0.9416; - }; -} diff --git a/system/settings/configuration/nix-linux.nix b/system/settings/configuration/nix-linux.nix index e11b0389..1c26bc7e 100644 --- a/system/settings/configuration/nix-linux.nix +++ b/system/settings/configuration/nix-linux.nix @@ -1,5 +1,4 @@ { config -, lib , pkgs , ... }: { @@ -11,20 +10,11 @@ settings = { auto-optimise-store = true; }; - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; }; nixpkgs.config.allowUnfree = true; system.autoUpgrade = { enable = true; - flags = [ "--max-jobs" "2" ]; - }; - systemd.services.nixos-upgrade = { - script = pkgs.lib.mkForce '' - ${pkgs.nix}/bin/nix-channel --update - ${config.system.build.nixos-rebuild}/bin/nixos-rebuild boot --no-build-output ${toString config.system.autoUpgrade.flags} - ''; }; } diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix index 105efaae..481c3911 100644 --- a/system/settings/configuration/nix.nix +++ b/system/settings/configuration/nix.nix @@ -1,6 +1,6 @@ -{ config -, lib +{ inputs , pkgs +, lib , ... }: { nix = { @@ -9,15 +9,16 @@ use-xdg-base-directories = true; keep-outputs = true; keep-derivations = true; - experimental-features = "nix-command flakes"; warn-dirty = false; substituters = [ "https://nix-community.cachix.org" "https://binarycache.alanpearce.eu" + "https://deploy-rs.cachix.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=" ]; }; @@ -26,5 +27,16 @@ automatic = lib.mkDefault true; options = lib.mkDefault "--delete-older-than 14d"; }; + + registry = + if pkgs.stdenv.isDarwin + then { + nixpkgs.flake = inputs.nixpkgs; + } else { + nixpkgs.to = { + type = "path"; + path = pkgs.path; + }; + }; }; } diff --git a/system/settings/darwin.nix b/system/settings/darwin.nix index 0f507a31..b49fcf35 100644 --- a/system/settings/darwin.nix +++ b/system/settings/darwin.nix @@ -7,7 +7,6 @@ ./configuration/nix.nix ]; services.nix-daemon = { - enable = true; enableSocketListener = true; }; @@ -16,9 +15,7 @@ [ "/run/current-system/sw" "/nix/var/nix/profiles/default" ] ]; - environment.darwinConfig = "$HOME/.config/nixpkgs/darwin-configuration.nix"; nix = { - daemonIOLowPriority = true; settings.extra-platforms = "aarch64-darwin x86_64-darwin"; settings.trusted-users = [ "@admin" ]; @@ -28,11 +25,6 @@ allowUnfree = true; }; - # needed so that nix-darwin can activate the system as root - security.sudo.extraConfig = '' - Defaults env_keep += "NIX_PATH" - ''; - services.lorri.enable = true; launchd.user.agents.lorri = { serviceConfig = { diff --git a/system/settings/dev.nix b/system/settings/dev.nix index b1817914..c0937ec0 100644 --- a/system/settings/dev.nix +++ b/system/settings/dev.nix @@ -24,18 +24,15 @@ ''; }; # need to test forwarding behaviour - "https://alanpearce.localhost" = { + "alanpearce.localhost" = { logFormat = "output discard"; serverAliases = [ - "http://alanpearce.localhost" - # remember to update /etc/hosts - "https://alanpearce.test" - "http://alanpearce.test" + "alanpearce.test" ]; extraConfig = '' ${local_tls} - reverse_proxy http://alanpearce.test:8080 { + reverse_proxy http://alanpearce.localhost:8080 { transport http { dial_timeout 1s compression off @@ -54,6 +51,28 @@ } ''; }; + "perplexica-backend.localhost" = { + logFormat = "output discard"; + extraConfig = '' + reverse_proxy http://localhost:8339 { + transport http { + dial_timeout 1s + compression off + } + } + ''; + }; + "perplexica.localhost" = { + logFormat = "output discard"; + extraConfig = '' + reverse_proxy http://localhost:8338 { + transport http { + dial_timeout 1s + compression off + } + } + ''; + }; }; }; } diff --git a/system/settings/gaming.nix b/system/settings/gaming.nix index d11d5a3c..2ba1fb33 100644 --- a/system/settings/gaming.nix +++ b/system/settings/gaming.nix @@ -23,7 +23,7 @@ enable = true; enable32Bit = true; }; - hardware.pulseaudio.support32Bit = true; + services.pulseaudio.support32Bit = true; services.pipewire.alsa.support32Bit = true; systemd = { diff --git a/system/settings/hardware/bluetooth-audio.nix b/system/settings/hardware/bluetooth-audio.nix index d368cb29..29a38acf 100644 --- a/system/settings/hardware/bluetooth-audio.nix +++ b/system/settings/hardware/bluetooth-audio.nix @@ -6,10 +6,10 @@ bluetooth = { package = pkgs.bluezFull; }; - pulseaudio = { - extraModules = with pkgs; [ - pulseaudio-modules-bt - ]; - }; + }; + services.pulseaudio = { + extraModules = with pkgs; [ + pulseaudio-modules-bt + ]; }; } diff --git a/system/settings/programs/nh.nix b/system/settings/programs/nh.nix deleted file mode 100644 index 10738de0..00000000 --- a/system/settings/programs/nh.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, ... }: { - programs.nh = - let - flake = builtins.toString ../../..; - in - { - enable = true; - os = { - inherit flake; - }; - home = { - inherit flake; - }; - clean = { - enable = true; - extraArgs = "--keep-since 14d"; - }; - }; - nix.gc.automatic = !config.programs.nh.clean.enable; -} diff --git a/system/settings/services/git-server.nix b/system/settings/services/git-server.nix index 1560e8f5..df3c0ea2 100644 --- a/system/settings/services/git-server.nix +++ b/system/settings/services/git-server.nix @@ -77,7 +77,7 @@ in }; services.gitolite = { enable = true; - adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner.strongbox"; + adminPubkey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYUyDdw92TNXguAxcmcmZmn/7ECGdRp6ckjxU+5zCw3BCnsS5+xEvHBVnnFdJRoH2XpfMeJjE+fi67zFVhlbn4= root@secretive.marvin"; extraGitoliteRc = '' $RC{UMASK} = 0027; $RC{LOG_EXTRA} = 0; @@ -151,6 +151,7 @@ in @git_http_backend path_regexp "^.*/(HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" handle @git_http_backend { reverse_proxy ${fcgisocket} { + request_buffers 4k transport fastcgi { env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend env GIT_PROJECT_ROOT ${repos} @@ -223,51 +224,6 @@ in }; }; - programs.ssh = with pkgs; { - knownHostsFiles = [ - (writeText "github.keys" '' - # github.com:22 SSH-2.0-babeld-05989c77 - # github.com:22 SSH-2.0-babeld-05989c77 - # github.com:22 SSH-2.0-babeld-05989c77 - # github.com:22 SSH-2.0-babeld-05989c77 - # github.com:22 SSH-2.0-babeld-05989c77 - github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= - github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= - github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl - '') - (writeText "gitlab.keys" '' - # gitlab.com:22 SSH-2.0-GitLab-SSHD - # gitlab.com:22 SSH-2.0-GitLab-SSHD - # gitlab.com:22 SSH-2.0-GitLab-SSHD - # gitlab.com:22 SSH-2.0-GitLab-SSHD - # gitlab.com:22 SSH-2.0-GitLab-SSHD - gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 - gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= - gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf - '') - (writeText "codeberg.keys" '' - # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 - # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 - # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 - # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 - # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 - codeberg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8hZi7K1/2E2uBX8gwPRJAHvRAob+3Sn+y2hxiEhN0buv1igjYFTgFO2qQD8vLfU/HT/P/rqvEeTvaDfY1y/vcvQ8+YuUYyTwE2UaVU5aJv89y6PEZBYycaJCPdGIfZlLMmjilh/Sk8IWSEK6dQr+g686lu5cSWrFW60ixWpHpEVB26eRWin3lKYWSQGMwwKv4LwmW3ouqqs4Z4vsqRFqXJ/eCi3yhpT+nOjljXvZKiYTpYajqUC48IHAxTWugrKe1vXWOPxVXXMQEPsaIRc2hpK+v1LmfB7GnEGvF1UAKnEZbUuiD9PBEeD5a1MZQIzcoPWCrTxipEpuXQ5Tni4mN - codeberg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL2pDxWr18SoiDJCGZ5LmxPygTlPu+cCKSkpqkvCyQzl5xmIMeKNdfdBpfbCGDPoZQghePzFZkKJNR/v9Win3Sc= - codeberg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVIC02vnjFyL+I4RHfvIGNtOgJMe769VTF1VR4EB3ZB - '') - (writeText "sr.ht.keys" '' - # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 - # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 - # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 - # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 - # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 - git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz - git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4= - git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60 - '') - ]; - }; - systemd.services = concatMapAttrs createMirrorService mirrors; systemd.paths = concatMapAttrs createMirrorPath mirrors; systemd.targets.git-mirroring = { diff --git a/system/settings/user-interface.nix b/system/settings/user-interface.nix index 27f1d9aa..a1d31c3b 100644 --- a/system/settings/user-interface.nix +++ b/system/settings/user-interface.nix @@ -6,7 +6,7 @@ documentation.info.enable = true; environment.systemPackages = with pkgs; [ - epdfview + qpdfview lxappearance lxrandr |