Prepare for refactors

2024-10-17 18:32:14 -04:00 · 2024-10-17 18:32:14 -04:00 · 5579b49e8e
parent c54c259653
commit 5579b49e8e
11 changed files with 38 additions and 26 deletions
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@ -20,8 +20,9 @@
                inherit inputs;
              };
            }
-          ]
-          ++ (import ../modules);
+
+            ../modules
+          ];
      })
    systems;

--- a/nixos/hosts/eidola/nebula.nix
+++ b/nixos/hosts/eidola/nebula.nix
@ -2,7 +2,7 @@
  netName = "m-infra";
  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12
  userGroup = "nebula-${netName}";
-  lhs = {"10.13.0.1" = ["min.rip:4242"];};
+  lhs = {"10.13.0.1" = ["min.rip:4242"];}; # TODO: hardcoding
  lhsInt = builtins.attrNames lhs;
 in {
  sops.secrets."nebula-key" = {
--- a/nixos/hosts/silver/configuration.nix
+++ b/nixos/hosts/silver/configuration.nix
@ -3,7 +3,7 @@
  pkgs,
  ...
 }: let
-  net = {
+  net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though)
    address = "107.152.41.67";
    prefixLength = 24;
    subnet = "255.255.255.0";
@ -95,11 +95,17 @@ in {
    hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
  };

-  # Periodic nix gc
-  nix.gc = {
-    automatic = true;
-    dates = "weekly";
-    options = "--delete-older-than 30d";
+  # Periodically optimise & collect garbage
+  nix = {
+    gc = {
+      automatic = true;
+      dates = "daily";
+      options = "--delete-older-than 30d";
+    };
+    optimise = {
+      automatic = true;
+      dates = ["daily"];
+    };
  };

  system.stateVersion = "24.05";
--- a/nixos/hosts/silver/default.nix
+++ b/nixos/hosts/silver/default.nix
@ -6,7 +6,7 @@
  };

  deployment = {
-    host = "min.rip";
+    host = "10.13.0.1";
    user = "root";
    port = 12208;

--- a/nixos/hosts/silver/disk-config.nix
+++ b/nixos/hosts/silver/disk-config.nix
@ -3,7 +3,7 @@
    disk = {
      main = {
        type = "disk";
-        device = "/dev/vda";
+        device = "/dev/vda"; # TODO: hardcoding (not sure if fixable)
        content = {
          type = "gpt";

--- a/nixos/hosts/silver/secrets.nix
+++ b/nixos/hosts/silver/secrets.nix
@ -1,5 +1,5 @@
 {...}: {
-  sops = {
+  sops = { # TODO: hardcoding
    defaultSopsFile = ../../../secrets/silver.yaml;
    age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];

--- a/nixos/hosts/silver/services/gitea.nix
+++ b/nixos/hosts/silver/services/gitea.nix
@ -1,8 +1,11 @@
 {config, ...}: let
-  sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod
+  sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod (and ideally hardcode it somewhere else)
  sshIntPort = 14022;
  httpIntPort = 14020;
-  dom = "git.min.rip";
+  dom = "git.min.rip"; # TODO: hardcoding
+  pBase = "/srv/gitea";
+  pGitea = "${pBase}/gitea";
+  pRunner = "${pBase}/runner";
 in {
  services.nginx = {
    virtualHosts.${dom} = {
@ -28,9 +31,9 @@ in {

  # Auto-create directories we need
  systemd.tmpfiles.rules = [
-    "d /srv/gitea 0750 1000 1000 - -"
-    "d /srv/gitea/gitea 0750 1000 1000 - -"
-    "d /srv/gitea/runner 0750 1000 1000 - -"
+    "d ${pBase} 0750 1000 1000 - -"
+    "d ${pGitea} 0750 1000 1000 - -"
+    "d ${pRunner} 0750 1000 1000 - -"
  ];

  virtualisation.oci-containers.containers.gitea = {
@ -43,7 +46,7 @@ in {
      GITEA_APP_INI = "/data/gitea/conf/app.ini";
    };
    volumes = [
-      "/srv/gitea/gitea:/data"
+      "${pGitea}:/data"
      "/etc/localtime:/etc/localtime:ro"
    ];
    ports = [
@ -62,7 +65,7 @@ in {
    };
    environmentFiles = [config.sops.secrets."svc-gitea-runner-env".path];
    volumes = [
-      "/srv/gitea/runner:/data"
+      "${pRunner}:/data"
    ];
    extraOptions = ["--privileged"];
  };
--- a/nixos/hosts/silver/services/min-rip.nix
+++ b/nixos/hosts/silver/services/min-rip.nix
@ -1,5 +1,5 @@
 {inputs, ...}: let
-  dom = "min.rip";
+  dom = "min.rip"; # TODO: hardcoding
 in {
  services.nginx.virtualHosts.${dom} = {
    root = "${inputs.min-rip}";
--- a/nixos/hosts/silver/services/nebula.nix
+++ b/nixos/hosts/silver/services/nebula.nix
@ -1,5 +1,5 @@
 {config, ...}: let
-  netName = "m-infra";
+  netName = "m-infra"; # TODO: hardcoding
  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12
  userGroup = "nebula-${netName}";
 in {
--- a/nixos/hosts/silver/services/synapse.nix
+++ b/nixos/hosts/silver/services/synapse.nix
@ -1,8 +1,8 @@
 {config, ...}: let
  httpIntPort = 14030;
  dbIntPort = 14032;
-  domHost = "mtx.min.rip";
-  domDelegate = "min.rip";
+  domHost = "mtx.min.rip"; # TODO: hardcoding
+  domDelegate = "min.rip"; # TODO: hardcoding
  dir = "/srv/synapse";
  dirSynapse = "${dir}/synapse";
  dirDb = "${dir}/db";
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -1,3 +1,5 @@
-[
-  ./system
-]
+{...}: {
+  imports = [
+    ./system
+  ];
+}