root/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fmt

Browse source
This commit is contained in:
root 2025-11-09 23:35:16 +00:00
parent f418e5ec19
commit bfc55f27f3
9 changed files with 60 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

4
flake.nix
View file

@ -25,11 +25,11 @@
nixosConfigurations = { nixosConfigurations = {
distrust = lib.nixosSystem { distrust = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default { networking.hostName = "distrust"; }]; modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default {networking.hostName = "distrust";}];
}; };
distrust-mini = lib.nixosSystem { distrust-mini = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix { networking.hostName = "distrust-mini"; }]; modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix {networking.hostName = "distrust-mini";}];
}; };
}; };
}; };

2
helpers/services.nix
View file

@ -140,7 +140,7 @@ in {
else [] else []
) )
]; ];
readWritePaths = lib.mkIf (dump != null) [ "/var/backup/postgres/" ]; readWritePaths = lib.mkIf (dump != null) ["/var/backup/postgres/"];
preHook = lib.mkIf (dump != null) '' preHook = lib.mkIf (dump != null) ''
mkdir -p /var/backup/postgres mkdir -p /var/backup/postgres
${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump ${dump} > /var/backup/postgres/${key}.sql ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump ${dump} > /var/backup/postgres/${key}.sql

16
services/distrust-mini/default.nix
View file

@ -1,10 +1,10 @@
{ {
imports = [ imports = [
../shared ../shared
# TOR bridge # TOR bridge
./tor.nix ./tor.nix
# Status page in diff. data center for redundancy/resilience # Status page in diff. data center for redundancy/resilience
./uptime-kuma.nix ./uptime-kuma.nix
] ];
} }

5
services/distrust-mini/uptime-kuma.nix
View file

@ -1,7 +1,6 @@
let let
kumaPort = 3001; kumaPort = 3001;
in in {
{
services.uptime-kuma = { services.uptime-kuma = {
enable = true; enable = true;
settings = { settings = {
@ -25,4 +24,4 @@ in
]; ];
}; };
}; };
} }

2
services/distrust/forgejo.nix
View file

@ -8,7 +8,7 @@ in {
services.forgejo = { services.forgejo = {
enable = true; enable = true;
lfs.enable = false; lfs.enable = false;
settings = { settings = {
server = { server = {
DOMAIN = "git.distrust.network"; DOMAIN = "git.distrust.network";
HTTP_PORT = forgejoPort; HTTP_PORT = forgejoPort;

6
services/distrust/lldap.nix
View file

@ -9,7 +9,7 @@ in {
group = "lldap-secrets"; group = "lldap-secrets";
}; };
}; };
services.lldap = { services.lldap = {
enable = true; enable = true;
settings = { settings = {
@ -39,10 +39,10 @@ in {
]; ];
}; };
}; };
# Creates a group for the LLDAP DynamicUser to read the secret # Creates a group for the LLDAP DynamicUser to read the secret
users.groups.lldap-secrets = {}; users.groups.lldap-secrets = {};
systemd.services.lldap.serviceConfig = { systemd.services.lldap.serviceConfig = {
SupplementaryGroups = [ "lldap-secrets" ]; SupplementaryGroups = ["lldap-secrets"];
}; };
} }

8
services/shared/default.nix
View file

@ -1,5 +1,5 @@
{ {
imports = [ imports = [
./borg.nix ./borg.nix
]; ];
} }

15
system/distrust/hardware-configuration.nix
View file

@ -1,9 +1,10 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{ imports = [(modulesPath + "/profiles/qemu-guest.nix")];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = [ "nvme" ]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
} }

43
system/distrust/networking.nix
View file

@ -1,11 +1,12 @@
{ lib, ... }: { {lib, ...}: {
# This file was populated at runtime with the networking # This file was populated at runtime with the networking
# details gathered from the active system. # details gathered from the active system.
networking = { networking = {
nameservers = [ "2a01:4ff:ff00::add:2" nameservers = [
"2a01:4ff:ff00::add:1" "2a01:4ff:ff00::add:2"
"185.12.64.2" "2a01:4ff:ff00::add:1"
]; "185.12.64.2"
];
defaultGateway = "172.31.1.1"; defaultGateway = "172.31.1.1";
defaultGateway6 = { defaultGateway6 = {
address = "fe80::1"; address = "fe80::1";
@ -16,20 +17,38 @@
interfaces = { interfaces = {
eth0 = { eth0 = {
ipv4.addresses = [ ipv4.addresses = [
{ address="95.217.161.66"; prefixLength=32; } {
address = "95.217.161.66";
prefixLength = 32;
}
]; ];
ipv6.addresses = [ ipv6.addresses = [
{ address="2a01:4f9:c012:215b::1"; prefixLength=64; } {
{ address="fe80::9000:6ff:feb6:58bb"; prefixLength=64; } address = "2a01:4f9:c012:215b::1";
prefixLength = 64;
}
{
address = "fe80::9000:6ff:feb6:58bb";
prefixLength = 64;
}
];
ipv4.routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
ipv6.routes = [
{
address = "fe80::1";
prefixLength = 128;
}
]; ];
ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
}; };
}; };
}; };
services.udev.extraRules = '' services.udev.extraRules = ''
ATTR{address}=="92:00:06:b6:58:bb", NAME="eth0" ATTR{address}=="92:00:06:b6:58:bb", NAME="eth0"
''; '';
} }