diff options
| -rw-r--r-- | Biz/Bild.nix | 12 | ||||
| -rw-r--r-- | Biz/Bild/Sources.json | 6 | ||||
| -rw-r--r-- | Biz/Cloud/Gmnisrv.nix | 39 | ||||
| -rw-r--r-- | Biz/Cloud/Web.nix | 4 | ||||
| -rw-r--r-- | Biz/Dev.nix | 3 | ||||
| -rw-r--r-- | Biz/Dev/Configuration.nix | 28 | ||||
| -rw-r--r-- | Biz/Dev/Wireguard.nix | 4 | ||||
| -rw-r--r-- | Biz/OsBase.nix | 4 | ||||
| -rw-r--r-- | Biz/Packages.nix | 4 |
9 files changed, 76 insertions, 28 deletions
diff --git a/Biz/Bild.nix b/Biz/Bild.nix index ad56549..da0c6a8 100644 --- a/Biz/Bild.nix +++ b/Biz/Bild.nix @@ -2,6 +2,8 @@ rec { constants = import ./Bild/Constants.nix; + + # internal usage private = { inherit nixpkgs; @@ -32,6 +34,8 @@ rec { wai # can remove when removed from Biz.Log ]); }; + + # generally-useful things from nixpkgs inherit (nixpkgs) lib stdenv sources; # a standard nix build for `bild` - this should be the only hand-written @@ -83,10 +87,11 @@ rec { # gather data needed for compiling by analyzing the main module analyze = main: - builtins.head + # builtins.head (lib.trivial.importJSON (runBildAnalyze main + "/analysis.json")); + # build a ghc executable ghc = main: let data = analyze main; @@ -131,10 +136,10 @@ rec { ]; }; + # build an operating system. 'cfg' is the NixOS config os = cfg: (nixpkgs.nixos (_args: cfg)).toplevel; - pkgs = { inherit (nixpkgs) git; }; - + # build a rust executable rust = main: let data = analyze main; @@ -155,5 +160,6 @@ rec { installPhase = "exit 0"; }; + # build a docker image image = nixpkgs.pkgs.dockerTools.buildImage; } diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json index d151bdc..22dae63 100644 --- a/Biz/Bild/Sources.json +++ b/Biz/Bild/Sources.json @@ -92,10 +92,10 @@ "name": "nixpkgs", "owner": "bsima", "repo": "nixpkgs", - "rev": "30216881bc4c0faf52f048b9141afe167762b917", - "sha256": "11qwps5mg8pgy5hvb2cw5l0vj7igk5gi7gskn9z6mqf7rv29yh4x", + "rev": "a876fc5e1c239764fff9ce99bd4dee53c465ace2", + "sha256": "0n4y8acppkpdgx10mqwyrhgzqizhk7jqmzz1x2kpw9yafbh6bz0k", "type": "tarball", - "url": "https://github.com/bsima/nixpkgs/archive/30216881bc4c0faf52f048b9141afe167762b917.tar.gz", + "url": "https://github.com/bsima/nixpkgs/archive/a876fc5e1c239764fff9ce99bd4dee53c465ace2.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "regex-applicative": { diff --git a/Biz/Cloud/Gmnisrv.nix b/Biz/Cloud/Gmnisrv.nix new file mode 100644 index 0000000..c60d271 --- /dev/null +++ b/Biz/Cloud/Gmnisrv.nix @@ -0,0 +1,39 @@ +{ lib +, config +, pkgs +, ... +}: + +let + cfg = config.services.gmnisrv; +in { + meta.maintainers = [ lib.maintainers.bsima ]; + options.services.gmnisrv = { + enable = lib.mkEnableOption "Enable the gmnisrv service"; + settings = lib.mkOption { + # type = cfgFormat.type; + description = '' + Configuration for gmnisrv. See gmnisrv.ini(5) for supported settings. + ''; + default = { + "listen" = lib.mkDefault "0.0.0.0:1965 [::]:1965"; + ":tls" = { + "store" = lib.mkDefault "${cfg.dataDir}/certs"; + }; + }; + }; + dataDir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/gemini"; + description = "Where gmnisrv should store certs and other data."; + }; + }; + config = lib.mkIf cfg.enable { + systemd.services.gmnisrv = { + description = "gmnisrv service"; + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" ]; + script = "${pkgs.gmnisrv}/bin/gmnisrv -C ${lib.generators.toINI {} cfg.settings}"; + }; + }; +} diff --git a/Biz/Cloud/Web.nix b/Biz/Cloud/Web.nix index a096779..e0b9a95 100644 --- a/Biz/Cloud/Web.nix +++ b/Biz/Cloud/Web.nix @@ -1,10 +1,11 @@ -{ config, ... }: +{ config, pkgs, ... }: let rootDomain = config.networking.domain; ports = import ./Ports.nix; in { + imports = [ ./Gmnisrv.nix ]; networking.firewall = { allowedTCPPorts = [ ports.ssh @@ -36,6 +37,7 @@ in }; }; gmnisrv = { + package = pkgs.gmnisrv; enable = true; settings = { listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}"; diff --git a/Biz/Dev.nix b/Biz/Dev.nix index 80ca773..c31b004 100644 --- a/Biz/Dev.nix +++ b/Biz/Dev.nix @@ -11,7 +11,7 @@ bild.os { ./Dev/Hardware.nix ./Dev/Hoogle.nix ./Dev/Networking.nix - ./Dev/Wireguard.nix + #./Dev/Wireguard.nix # this changed in the upgrade and I can't find docs ./Dragons.nix # ./Dev/Guix.nix # I need to package a bunch of guile libs first ]; @@ -25,4 +25,3 @@ bild.os { depo = "/var/dragons/depo"; }; } - diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index abdbfab..8e316ed 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -22,7 +22,7 @@ in { pkgs.k3s pkgs.wemux pkgs.tmux - pkgs.wireguard + pkgs.wireguard-tools ]; nixpkgs = { @@ -77,11 +77,11 @@ in { services.tor.enable = true; services.tor.client.enable = true; services.tor.relay.role = "bridge"; - services.tor.relay.port = ports.tor; - services.tor.relay.nickname = "ydeee3q1cjo83tsuqcz"; - services.tor.relay.accountingMax = "10 GBytes"; - services.tor.relay.accountingStart = "month 1 1:00"; - services.tor.relay.contactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; + services.tor.settings.ORPort = ports.tor; + services.tor.settings.Nickname = "ydeee3q1cjo83tsuqcz"; + services.tor.settings.AccountingMax = "10 GBytes"; + services.tor.settings.AccountingStart = "month 1 1:00"; + services.tor.settings.ContactInfo = "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; services.bitcoind.mainnet.enable = true; services.bitcoind.mainnet.dataDir = "/mnt/campbell/bitcoind-mainnet/data"; @@ -135,6 +135,8 @@ in { services.jupyter.enable = true; services.jupyter.port = ports.jupyter; services.jupyter.ip = "*"; + users.users.jupyter.group = "jupyter"; + users.groups.jupyter = {}; services.jupyter.password = "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; services.jupyter.kernels.python3 = let env = (pkgs.python3.withPackages (p: with p; [ @@ -161,9 +163,9 @@ in { services.jellyfin.group = "jellyfin"; services.minidlna.enable = true; - services.minidlna.announceInterval = 60; - services.minidlna.friendlyName = "Sima Media"; - services.minidlna.mediaDirs = [ + services.minidlna.settings.notify_interval = 60; + services.minidlna.settings.friendly_name = "Sima Media"; + services.minidlna.settings.media_dir = [ "V,/mnt/campbell/ben/youtube" "A,/mnt/campbell/ben/music" "V,/mnt/campbell/ben/torrents/done" @@ -178,8 +180,8 @@ in { documentation.man.enable = true; documentation.nixos.enable = true; - nix.autoOptimiseStore = true; - nix.buildCores = 0; # use all available cores + nix.settings.auto-optimise-store = true; + nix.settings.cores = 0; # use all available cores # Since this is the dev machine, we can turn these on at the expense # of extra disk space. nix.extraOptions = '' @@ -187,14 +189,14 @@ in { keep-derivations = true ''; # 1 job * 2 cores = 2 maximum cores used at any one time - nix.maxJobs = 1; + nix.settings.max-jobs = 1; nix.sshServe.enable = true; nix.sshServe.keys = lib.trivial.pipe ../Keys/Ben.pub [ builtins.readFile (lib.strings.splitString "\n") (lib.filter (s: s != "")) ]; - nix.trustedUsers = [ "root" "ben" ]; + nix.settings.trusted-users = [ "root" "ben" ]; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/Biz/Dev/Wireguard.nix b/Biz/Dev/Wireguard.nix index 9c72dd4..b4c26a5 100644 --- a/Biz/Dev/Wireguard.nix +++ b/Biz/Dev/Wireguard.nix @@ -40,9 +40,9 @@ in { networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall.allowedUDPPorts = [ ports.wireguard ]; - networking.wireguard.enable = true; + networking.wireguard-tools.enable = true; - networking.wireguard.interfaces = { + networking.wireguard-tools.interfaces = { wg0 = { ips = [ ips ]; allowedIPsAsRoutes = true; diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix index f1caee3..ba67fb5 100644 --- a/Biz/OsBase.nix +++ b/Biz/OsBase.nix @@ -4,14 +4,14 @@ let in { boot.cleanTmpDir = true; networking.firewall.allowPing = true; - nix.binaryCaches = [ "https://cache.nixos.org" ]; + nix.settings.substituters = [ "https://cache.nixos.org" ]; nix.gc.automatic = true; nix.gc.dates = "Sunday 02:15"; nix.optimise.automatic = true; nix.optimise.dates = [ "Sunday 02:30" ]; programs.mosh.enable = true; programs.mosh.withUtempter = true; - security.acme.email = "ben@bsima.me"; + security.acme.defaults.email = "ben@bsima.me"; security.acme.acceptTerms = true; security.sudo.wheelNeedsPassword = false; services.clamav.daemon.enable = true; # security diff --git a/Biz/Packages.nix b/Biz/Packages.nix index 2538546..58235d3 100644 --- a/Biz/Packages.nix +++ b/Biz/Packages.nix @@ -12,11 +12,11 @@ with pkgs; htop openssl ranger - telnet + inetutils traceroute vim vnstat - wireguard + wireguard-tools wget ]; } |