diff options
Diffstat (limited to 'system')
| -rw-r--r-- | system/linde.nix | 31 | ||||
| -rw-r--r-- | system/mba.nix | 1 | ||||
| -rwxr-xr-x | system/nanopi.nix | 60 | ||||
| -rw-r--r-- | system/prefect.nix | 5 | ||||
| -rw-r--r-- | system/settings/configuration/nix.nix | 1 | ||||
| -rw-r--r-- | system/settings/hardware/nvidia-gpu.nix | 1 | ||||
| -rw-r--r-- | system/settings/pin.nix | 12 | ||||
| -rw-r--r-- | system/settings/programs/base.nix | 1 | ||||
| -rw-r--r-- | system/settings/services/git-server.nix | 5 |
9 files changed, 18 insertions, 99 deletions
diff --git a/system/linde.nix b/system/linde.nix index ee680eb0..db061e6d 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -18,21 +18,13 @@ let net-gw6 = "fe80::1"; domain = "alanpearce.eu"; ts-domain = "hydra-pinecone.ts.net"; - golink = (builtins.getFlake (toString <golink>)).nixosModules.default; in { imports = [ - <personal/modules/nixos/laminar.nix> - <personal/modules/nixos/goatcounter.nix> - <home-manager/nixos> - <agenix/modules/age.nix> - <searchix/nix/modules> - golink # Include the results of the hardware scan. ./linde-hardware.nix - ./settings/pin.nix ./settings/services/git-server.nix ]; age.secrets = { @@ -324,9 +316,6 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner.strongbox" ]; }; - home-manager = { - users.alan = import ../user/server.nix; - }; users.users.nixremote = { shell = "/bin/sh"; @@ -352,15 +341,17 @@ in services.goatcounter = { enable = true; - listenAddress = "localhost"; + address = "localhost"; port = 8082; - package = (import <personal> { inherit pkgs; }).goatcounter; - settings = { - tls = "proxy"; - websocket = true; - automigrate = true; - smtp = "smtp://localhost:25"; - }; + proxy = true; + extraArgs = [ + "-db" + "sqlite3+db/goatcounter.sqlite3" + "-websocket" + "-automigrate" + "-smtp" + "smtp://localhost:25" + ]; }; services.powerdns = @@ -805,7 +796,7 @@ in useACMEHost = "stats.alanpearce.eu"; serverAliases = [ "*.stats.alanpearce.eu" ]; extraConfig = '' - reverse_proxy ${srv.listenAddress}:${toString srv.port} + reverse_proxy ${srv.address}:${toString srv.port} ''; }; "go.alanpearce.eu" = { diff --git a/system/mba.nix b/system/mba.nix index b1a17922..ede4542d 100644 --- a/system/mba.nix +++ b/system/mba.nix @@ -3,7 +3,6 @@ ./settings/darwin.nix ./settings/dev.nix ./settings/programs/shell.nix - <personal/modules/darwin/caddy> ]; services.caddy = { diff --git a/system/nanopi.nix b/system/nanopi.nix index 1e7411fa..3a95ebfc 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -146,29 +146,12 @@ in ]; }; extraForwardRules = '' - iifname { "wlan0", "lte0" } oifname { "lan1", "lan2", "bridge0" } icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept - iifname { "lan1", "lan2", "bridge0" } oifname { "wlan0", "lte0" } accept iifname "tailscale0" oifname "bridge0" accept iifname "bridge0" oifname "tailscale0" accept ''; }; nftables = { enable = true; - tables = { - firewall = { - family = "inet"; - content = '' - chain postrouting { - type nat hook postrouting priority srcnat; policy accept; - oifname { "wlan0", "lte0" } masquerade - } - chain prerouting { - type nat hook prerouting priority dstnat; - iifname "wan0" tcp dport { 6922, 51413 } dnat ip to 10.0.0.42 - } - ''; - }; - }; }; wireless = { enable = true; @@ -284,12 +267,6 @@ in Name = "wlan0"; }; }; - "10-name-lte0" = { - matchConfig.MACAddress = "34:4b:50:00:00:00"; - linkConfig = { - Name = "lte0"; - }; - }; }; netdevs = { "20-bridge" = { @@ -337,43 +314,13 @@ in Token = "::1"; }; }; - "50-lte0" = { - matchConfig.Name = "lte0"; - networkConfig = { - DHCP = "yes"; - IPv6AcceptRA = true; - IPForward = "yes"; - }; - dhcpV4Config = { - UseDNS = false; - SendHostname = false; - UseRoutes = false; - }; - ipv6AcceptRAConfig.UseDNS = false; - routes = [ - { - Gateway = "_dhcp4"; - Metric = 2048; - QuickAck = true; - InitialCongestionWindow = 30; - InitialAdvertisedReceiveWindow = 30; - } - ]; - cakeConfig = { - Bandwidth = "1M"; - OverheadBytes = 18; - MPUBytes = 64; - CompensationMode = "none"; - NAT = true; - PriorityQueueingPreset = "diffserv8"; - }; - }; "50-wan" = { matchConfig.Name = "wan0"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = true; - IPForward = "yes"; + IPv4Forwarding = true; + IPv6Forwarding = true; }; dhcpV4Config = { UseDNS = false; @@ -430,7 +377,8 @@ in matchConfig.MACAddress = "9c:53:22:33:bf:e9"; networkConfig = { DHCP = "yes"; - IPForward = "yes"; + IPv4Forwarding = true; + IPv6Forwarding = true; IgnoreCarrierLoss = "3s"; }; dhcpV4Config = { diff --git a/system/prefect.nix b/system/prefect.nix index e145c304..662c0144 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -25,11 +25,6 @@ ./settings/programs/docker.nix ./settings/dev.nix ./settings/gaming.nix - <nixos-hardware/common/cpu/amd> - <nixos-hardware/common/cpu/amd/pstate.nix> - <nixos-hardware/common/pc/ssd> - <nixos-hardware/common/pc> - <nixos-hardware/common/gpu/nvidia> ]; virtualisation.vmVariant = { diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix index b28fde18..105efaae 100644 --- a/system/settings/configuration/nix.nix +++ b/system/settings/configuration/nix.nix @@ -3,7 +3,6 @@ , pkgs , ... }: { - imports = [ ../pin.nix ]; nix = { settings = { cores = lib.mkDefault 0; diff --git a/system/settings/hardware/nvidia-gpu.nix b/system/settings/hardware/nvidia-gpu.nix index 0195dbd3..f3c10afd 100644 --- a/system/settings/hardware/nvidia-gpu.nix +++ b/system/settings/hardware/nvidia-gpu.nix @@ -9,6 +9,7 @@ boot.extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ]; hardware.nvidia = { + open = true; modesetting.enable = true; powerManagement = { enable = true; diff --git a/system/settings/pin.nix b/system/settings/pin.nix deleted file mode 100644 index 533149fe..00000000 --- a/system/settings/pin.nix +++ /dev/null @@ -1,12 +0,0 @@ -let - inherit (import ../../sources.nix) nixPath sources; -in -{ - nix = { - inherit nixPath; - registry.nixpkgs.to = { - type = "path"; - path = sources.nixpkgs; - }; - }; -} diff --git a/system/settings/programs/base.nix b/system/settings/programs/base.nix index 47ed4c07..ac85a14d 100644 --- a/system/settings/programs/base.nix +++ b/system/settings/programs/base.nix @@ -2,7 +2,6 @@ environment.systemPackages = with pkgs; [ home-manager brotli - lzma lzop zstd ] ++ (lib.optionals (stdenv.isLinux) [ diff --git a/system/settings/services/git-server.nix b/system/settings/services/git-server.nix index 72c441f5..1560e8f5 100644 --- a/system/settings/services/git-server.nix +++ b/system/settings/services/git-server.nix @@ -64,7 +64,7 @@ let mkMirrorWants = repo: map (target: "mirror-to-${target}@${repo}.path"); in { - services.fcgiwrap.gitolite = { + services.fcgiwrap.instances.gitolite = { process = { user = "gitolite"; group = "gitolite"; @@ -117,7 +117,7 @@ in services.caddy.virtualHosts = { "git.alanpearce.eu" = let - fcgi = config.services.fcgiwrap.gitolite; + fcgi = config.services.fcgiwrap.instances.gitolite; fcgisocket = "${fcgi.socket.type}/${fcgi.socket.address}"; in { @@ -176,7 +176,6 @@ in enable-log-linecount=1 max-stats=year snapshots=tar.lz tar.zst zip - cache-size=10240 enable-http-clone=1 enable-commit-graph=1 mimetype-file=${pkgs.nginx}/conf/mime.types |