From 5579b49e8e3115458d7e9fd25d7bb489f175722e Mon Sep 17 00:00:00 2001 From: min Date: Thu, 17 Oct 2024 18:32:14 -0400 Subject: [PATCH] Prepare for refactors --- nixos/hosts/default.nix | 5 +++-- nixos/hosts/eidola/nebula.nix | 2 +- nixos/hosts/silver/configuration.nix | 18 ++++++++++++------ nixos/hosts/silver/default.nix | 2 +- nixos/hosts/silver/disk-config.nix | 2 +- nixos/hosts/silver/secrets.nix | 2 +- nixos/hosts/silver/services/gitea.nix | 17 ++++++++++------- nixos/hosts/silver/services/min-rip.nix | 2 +- nixos/hosts/silver/services/nebula.nix | 2 +- nixos/hosts/silver/services/synapse.nix | 4 ++-- nixos/modules/default.nix | 8 +++++--- 11 files changed, 38 insertions(+), 26 deletions(-) diff --git a/nixos/hosts/default.nix b/nixos/hosts/default.nix index 66c7fee..e6ef97f 100644 --- a/nixos/hosts/default.nix +++ b/nixos/hosts/default.nix @@ -20,8 +20,9 @@ inherit inputs; }; } - ] - ++ (import ../modules); + + ../modules + ]; }) systems; diff --git a/nixos/hosts/eidola/nebula.nix b/nixos/hosts/eidola/nebula.nix index 5bee2da..0645dd3 100644 --- a/nixos/hosts/eidola/nebula.nix +++ b/nixos/hosts/eidola/nebula.nix @@ -2,7 +2,7 @@ netName = "m-infra"; # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12 userGroup = "nebula-${netName}"; - lhs = {"10.13.0.1" = ["min.rip:4242"];}; + lhs = {"10.13.0.1" = ["min.rip:4242"];}; # TODO: hardcoding lhsInt = builtins.attrNames lhs; in { sops.secrets."nebula-key" = { diff --git a/nixos/hosts/silver/configuration.nix b/nixos/hosts/silver/configuration.nix index 1833486..670c0c2 100644 --- a/nixos/hosts/silver/configuration.nix +++ b/nixos/hosts/silver/configuration.nix @@ -3,7 +3,7 @@ pkgs, ... }: let - net = { + net = { # TODO: hardcoding (this module *may* be a good place to store values like this, though) address = "107.152.41.67"; prefixLength = 24; subnet = "255.255.255.0"; @@ -95,11 +95,17 @@ in { hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"]; }; - # Periodic nix gc - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; + # Periodically optimise & collect garbage + nix = { + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 30d"; + }; + optimise = { + automatic = true; + dates = ["daily"]; + }; }; system.stateVersion = "24.05"; diff --git a/nixos/hosts/silver/default.nix b/nixos/hosts/silver/default.nix index 14ce09f..2c4a3f1 100644 --- a/nixos/hosts/silver/default.nix +++ b/nixos/hosts/silver/default.nix @@ -6,7 +6,7 @@ }; deployment = { - host = "min.rip"; + host = "10.13.0.1"; user = "root"; port = 12208; diff --git a/nixos/hosts/silver/disk-config.nix b/nixos/hosts/silver/disk-config.nix index e33e7d7..be6f6eb 100644 --- a/nixos/hosts/silver/disk-config.nix +++ b/nixos/hosts/silver/disk-config.nix @@ -3,7 +3,7 @@ disk = { main = { type = "disk"; - device = "/dev/vda"; + device = "/dev/vda"; # TODO: hardcoding (not sure if fixable) content = { type = "gpt"; diff --git a/nixos/hosts/silver/secrets.nix b/nixos/hosts/silver/secrets.nix index d759f5c..285c1f8 100644 --- a/nixos/hosts/silver/secrets.nix +++ b/nixos/hosts/silver/secrets.nix @@ -1,5 +1,5 @@ {...}: { - sops = { + sops = { # TODO: hardcoding defaultSopsFile = ../../../secrets/silver.yaml; age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; diff --git a/nixos/hosts/silver/services/gitea.nix b/nixos/hosts/silver/services/gitea.nix index 23fed94..64667f0 100644 --- a/nixos/hosts/silver/services/gitea.nix +++ b/nixos/hosts/silver/services/gitea.nix @@ -1,8 +1,11 @@ {config, ...}: let - sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod + sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod (and ideally hardcode it somewhere else) sshIntPort = 14022; httpIntPort = 14020; - dom = "git.min.rip"; + dom = "git.min.rip"; # TODO: hardcoding + pBase = "/srv/gitea"; + pGitea = "${pBase}/gitea"; + pRunner = "${pBase}/runner"; in { services.nginx = { virtualHosts.${dom} = { @@ -28,9 +31,9 @@ in { # Auto-create directories we need systemd.tmpfiles.rules = [ - "d /srv/gitea 0750 1000 1000 - -" - "d /srv/gitea/gitea 0750 1000 1000 - -" - "d /srv/gitea/runner 0750 1000 1000 - -" + "d ${pBase} 0750 1000 1000 - -" + "d ${pGitea} 0750 1000 1000 - -" + "d ${pRunner} 0750 1000 1000 - -" ]; virtualisation.oci-containers.containers.gitea = { @@ -43,7 +46,7 @@ in { GITEA_APP_INI = "/data/gitea/conf/app.ini"; }; volumes = [ - "/srv/gitea/gitea:/data" + "${pGitea}:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ @@ -62,7 +65,7 @@ in { }; environmentFiles = [config.sops.secrets."svc-gitea-runner-env".path]; volumes = [ - "/srv/gitea/runner:/data" + "${pRunner}:/data" ]; extraOptions = ["--privileged"]; }; diff --git a/nixos/hosts/silver/services/min-rip.nix b/nixos/hosts/silver/services/min-rip.nix index 1098cd4..5146358 100644 --- a/nixos/hosts/silver/services/min-rip.nix +++ b/nixos/hosts/silver/services/min-rip.nix @@ -1,5 +1,5 @@ {inputs, ...}: let - dom = "min.rip"; + dom = "min.rip"; # TODO: hardcoding in { services.nginx.virtualHosts.${dom} = { root = "${inputs.min-rip}"; diff --git a/nixos/hosts/silver/services/nebula.nix b/nixos/hosts/silver/services/nebula.nix index 52e2c56..4f4ca30 100644 --- a/nixos/hosts/silver/services/nebula.nix +++ b/nixos/hosts/silver/services/nebula.nix @@ -1,5 +1,5 @@ {config, ...}: let - netName = "m-infra"; + netName = "m-infra"; # TODO: hardcoding # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/networking/nebula.nix#L12 userGroup = "nebula-${netName}"; in { diff --git a/nixos/hosts/silver/services/synapse.nix b/nixos/hosts/silver/services/synapse.nix index a283c5c..41b7d77 100644 --- a/nixos/hosts/silver/services/synapse.nix +++ b/nixos/hosts/silver/services/synapse.nix @@ -1,8 +1,8 @@ {config, ...}: let httpIntPort = 14030; dbIntPort = 14032; - domHost = "mtx.min.rip"; - domDelegate = "min.rip"; + domHost = "mtx.min.rip"; # TODO: hardcoding + domDelegate = "min.rip"; # TODO: hardcoding dir = "/srv/synapse"; dirSynapse = "${dir}/synapse"; dirDb = "${dir}/db"; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 0bd30b4..fb8572c 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,3 +1,5 @@ -[ - ./system -] +{...}: { + imports = [ + ./system + ]; +}