jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jsw:derek-site
Branches Tags
jsw:master
jsw:derek-site
..
compare: jsw:master
Branches Tags
jsw:derek-site
jsw:master

No commits in common. "derek-site" and "master" have entirely different histories.
derek-site ... master

8 changed files with 24 additions and 140 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/lapserv/default.nix
View file

@ -10,7 +10,6 @@
server = { server = {
baseDomain = "jsw.tf"; baseDomain = "jsw.tf";
derek-bot.enable = true; derek-bot.enable = true;
derek-site.enable = true;
forgejo = { forgejo = {
enable = true; enable = true;
subDomain = "git"; subDomain = "git";

34
hosts/lapserv/hardware-configuration.nix
View file

@ -1,23 +1,17 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = { boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "sd_mod" ];
initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"]; boot.initrd.kernelModules = [ ];
initrd.kernelModules = []; boot.kernelModules = [ "kvm-intel" ];
kernelModules = ["kvm-intel"]; boot.extraModulePackages = [ ];
extraModulePackages = [];
};
# fileSystems."/" = # fileSystems."/" =
# { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e"; # { device = "/dev/disk/by-uuid/33b7e681-d92a-40db-a172-b797591a1e2e";
@ -30,19 +24,19 @@
# options = [ "fmask=0022" "dmask=0022" ]; # options = [ "fmask=0022" "dmask=0022" ];
# }; # };
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6"; { device = "/dev/disk/by-uuid/2ce4b2b1-0083-43b2-bd8d-0e8cd21b1ef6";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/AE71-FD70"; { device = "/dev/disk/by-uuid/AE71-FD70";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [ "fmask=0022" "dmask=0022" ];
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736";} [ { device = "/dev/disk/by-uuid/f5af06e8-e285-4565-abc3-fdd0ddde4736"; }
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

4
secrets/default.nix
View file

@ -22,10 +22,6 @@ in {
file = ./derek-bot.age; file = ./derek-bot.age;
owner = "derek-bot"; owner = "derek-bot";
}; };
derek-site = isEnabled "derek-site" {
file = ./derek-site.age;
owner = "derek-site";
};
# matrix-registration = isEnabled "matrix" { # matrix-registration = isEnabled "matrix" {
# file = ./matrix-registration.age; # file = ./matrix-registration.age;
# owner = abstrServiceUser "matrix-continuwuity"; # owner = abstrServiceUser "matrix-continuwuity";

16
secrets/derek-site.age
View file

@ -1,16 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA GkqfPf+tdDEQa8RWdEX+OhEB0/p0PpFudx4NGpR5Cik
CSxbatcY8s3JX0Wj2B7XKU9cO+kQAL2eg9eX0ukA21I
-> ssh-ed25519 MfR7VA SHjQ3YY3z5JdbZCmct4prjXBug9JnYC/daluw4q0dwQ
2AYJSI0jhRB/qDSBvzWQRpbyUNIrf1khjy83r1TARGI
-> ssh-ed25519 +cvRTg j2DV+BM4VXYhgC91GE9mqHnxJX/6DexDYLDdB3/dMF4
sfYe2TL8ksQ6zBKMwBJQSqZBHKPlUW3255qZf/FwS0A
-> ssh-ed25519 WCPLrA nJHlAidKTa8xFLOIYXvG8MP3bbj2e62MRwkMkgsztEA
jzPf28wYo5FgOB+uiI7r/xdhakXXBmRp0zjW0m5nPJ4
-> ssh-ed25519 7/ziYw luRZzFqdT+xOtuqPIILhfNQQ//IOb3CewrMIrkYuijQ
QiuNNcYK7i0/mVDkcmEJiSiFy7ydT4asFnLlFGmzV/o
-> ssh-ed25519 VQy60Q raBea0oINduk69QI1UzDs3z0Rld32sHMofFSkRQHdU0
cyifYZSbV/sEbeWHb6VrAWf1kRJP5FGKzez/LQt3ahs
--- OgztbV5bq/R2LAcjgGFdxYm55U8fle/EB/+L9v6vuRY
ÈLÞ·ååÁ?ÞÔìÎ{•ˆÝvgåëëØ­]fp¶g&·‰h<E280B0>Ã~dÒp£rÕe~¢õ}|¿ž¢nMÕ$_óÑ
yøwAâ8Dâö'R©jD<6A>&_é)±hD]âj‰õBW<42>[ËÛq¬ŒÆ”¡ð¿f/°¾§ÈusóQc³ª<>±ð-µ<>%µE뾦@‰ƒ¾ÎÜå)ßÞ`É2${{\åE8êìŸùo—ÈÍPBnEûG”_ZØ]ÖßHQ”<51>Å°žÅ¤&ÝE˜ærñÕwN—Aÿ“63ITѦ\g•yÍ´Þ‘â²ËFÚó¢;L_sT€ôÞ†‹ü L½€AD °`2<01>U/c

1
secrets/secrets.nix
View file

@ -16,7 +16,6 @@ in {
"password.age".publicKeys = keys; "password.age".publicKeys = keys;
"jsw-bot.age".publicKeys = keys; "jsw-bot.age".publicKeys = keys;
"derek-bot.age".publicKeys = keys; "derek-bot.age".publicKeys = keys;
"derek-site.age".publicKeys = keys;
"matrix-registration.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys;
"mail-admin.age".publicKeys = keys; "mail-admin.age".publicKeys = keys;
"zitadel-key.age".publicKeys = keys; "zitadel-key.age".publicKeys = keys;

1
system/server/default.nix
View file

@ -7,7 +7,6 @@ in {
./jsw-bot.nix ./jsw-bot.nix
./caddy.nix ./caddy.nix
./derek-bot.nix ./derek-bot.nix
./derek-site.nix
./forgejo.nix ./forgejo.nix
./immich.nix ./immich.nix
./index ./index

87
system/server/derek-site.nix
View file

@ -1,87 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
name = "derek-site";
cfg = config.niksos.server.${name}.enable;
userGroup = name;
gitRepo = "https://github.com/Definitely-Not-A-Dolphin/Geen-Dolfijn";
inherit (lib) getExe mkEnableOption mkIf;
bash = getExe pkgs.bash;
varLib = "/var/lib/";
mainDir = "${varLib}${userGroup}";
programDir = "${mainDir}/program";
denoDir = "${mainDir}/deno";
path = builtins.concatStringsSep ":" (map (x: "${x}/bin/") [pkgs.coreutils pkgs.gnugrep pkgs.findutils pkgs.deno pkgs.git pkgs.nodejs]);
runScript = pkgs.writeShellScriptBin "geen-dolfijn" ''
export PATH='${path}'
set -a
. ${config.age.secrets.${userGroup}.path}
set +a
cd ${programDir}
deno run preview --host --port 9010
'';
in {
options.niksos.server.${name}.enable = mkEnableOption name;
config = mkIf cfg {
services.caddy.virtualHosts."geen-dolfijn.nl".extraConfig = ''
reverse_proxy http://127.0.0.1:9010
'';
systemd.services.${userGroup} = {
enable = true;
after = ["network.target"];
wantedBy = ["default.target"];
description = userGroup;
environment = {
"DENO_DIR" = denoDir;
"PATH" = lib.mkForce path;
};
preStart = ''
export PATH=${path}
set -a
. ${config.age.secrets.${userGroup}.path}
set +a
cd "${mainDir}"
chown -R ${userGroup}:${userGroup} ${mainDir}/* || echo
if [ ! -d "${programDir}" ]; then
git clone "${gitRepo}" "${programDir}"
fi
chmod -R 750 ${mainDir}/* || echo
cd "${programDir}"
git fetch
git reset --hard origin/HEAD
rm -rf build || echo no build here lol
DENO_DIR=${denoDir} deno i --allow-scripts=npm:workerd,npm:sharp
DENO_DIR=${denoDir} deno run build || echo oopsie woopsie error
'';
serviceConfig = {
StateDirectory = userGroup;
ExecStart = getExe runScript;
User = userGroup;
Group = userGroup;
Restart = "always";
};
};
users.groups.${userGroup} = {};
users.users.${userGroup} = {
group = userGroup;
isNormalUser = true;
};
};
}

4
system/server/lib/extractWebOptions.nix
View file

@ -11,8 +11,8 @@
then "" then ""
else "${cfg.subDomain}."; else "${cfg.subDomain}.";
in in
cfg cfg //
// { {
domain = "${subDomain}${baseDomain}"; domain = "${subDomain}${baseDomain}";
inherit baseDomain subDomain; inherit baseDomain subDomain;
} }