From 35dacb96f3776cb2ed193a92e9b720493861fb9a Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 23 Apr 2024 15:58:05 +0200 Subject: [PATCH 01/10] bump: homepage --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 4c362ce..f632184 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1712745070, - "narHash": "sha256-75kSMjyCD5/IliSPkBcBSBamwPYF30Ddr8Ef2XxDfiE=", + "lastModified": 1713880523, + "narHash": "sha256-/dMwfs3toYi2SzrItwpTLKWMSIquAptdCClC2FB608Y=", "ref": "refs/heads/main", - "rev": "c2650ecab1c7b9b2e10d690b40e82817d257b53a", - "revCount": 28, + "rev": "5e986b284d6a7b81fd437822f6279dd915494c54", + "revCount": 29, "type": "git", "url": "https://git.sondell.org/glennwso/home.git" }, From c54a18e3b3200b2b69f004a7a2cbfa1568ae957d Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 26 Apr 2024 12:43:43 +0200 Subject: [PATCH 02/10] cfg some utils --- configuration.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/configuration.nix b/configuration.nix index d7553df..c953af4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -126,20 +126,24 @@ nil starship tailscale + alejandra ]; +programs = { - programs.fish= { + ssh.startAgent = true; + fish= { enable=true; shellInit = "starship init fish | source"; }; - programs.starship.enable = true; - programs.starship.settings = { + starship.enable = true; + starship.settings = { shell = { disabled = false; fish_indicator = ""; bash_indicator = "BASH"; }; }; +}; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. From fb83b50dec6edbb0c4467a8277586d21287aab25 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 29 Apr 2024 14:58:47 +0200 Subject: [PATCH 03/10] enable big drives as a pool --- hardware-configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hardware-configuration.nix b/hardware-configuration.nix index eb96fdf..ea97e53 100644 --- a/hardware-configuration.nix +++ b/hardware-configuration.nix @@ -21,7 +21,10 @@ { device = "/dev/disk/by-uuid/f3463885-fde8-4488-9442-37ced2b2c8f3"; fsType = "ext4"; }; - + fileSystems."/pool" = { + device = "/dev/pool1/vol1"; + fsType = "ext4"; + }; swapDevices = [ ]; From bb579bde4e45771e2760c840144fd6e283d2f0f4 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 29 Apr 2024 19:28:46 +0200 Subject: [PATCH 04/10] chore: moved database to a bigger drive --- configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/configuration.nix b/configuration.nix index c953af4..4b0748e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -10,6 +10,11 @@ ./hardware-configuration.nix ]; + + services.postgresql = { + dataDir = "/pool/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; powerManagement.enable = false; From 8f25ae8b4c2c3af9867c171d149220ef866294d6 Mon Sep 17 00:00:00 2001 From: admin Date: Mon, 29 Apr 2024 21:20:27 +0200 Subject: [PATCH 05/10] chore: moved media files --- filebrowser.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/filebrowser.nix b/filebrowser.nix index 293f0be..f4408ec 100644 --- a/filebrowser.nix +++ b/filebrowser.nix @@ -12,7 +12,7 @@ in After="network-online.target"; }; serviceConfig = { - ExecStart = "${filebrowser}/bin/filebrowser -r /mnt/movie_drive -d /var/lib/filebrowser/filebrowser.db"; + ExecStart = "${filebrowser}/bin/filebrowser -r /pool/media/ -d /var/lib/filebrowser/filebrowser.db"; User= "jellyfin"; Type= "simple"; }; From e26f86fd85d4e7420b85fbb4c65996cacbac47ab Mon Sep 17 00:00:00 2001 From: admin Date: Tue, 30 Apr 2024 10:37:55 +0200 Subject: [PATCH 06/10] moved forgejo data dir --- forgejo.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/forgejo.nix b/forgejo.nix index aa7e852..8ecb51d 100644 --- a/forgejo.nix +++ b/forgejo.nix @@ -7,6 +7,7 @@ in { services.forgejo = { enable = true; + stateDir = "/pool/var/lib/forgejo"; settings = { service = { # DISABLE_REGISTRATION = true; From 642d297710e9c6d031572c25901f13b584890306 Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 3 May 2024 07:39:16 +0200 Subject: [PATCH 07/10] fix pw --- flake.nix | 1 + vaultwarden.nix | 22 ++++++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 vaultwarden.nix diff --git a/flake.nix b/flake.nix index 217f656..aa86fed 100644 --- a/flake.nix +++ b/flake.nix @@ -30,6 +30,7 @@ ./tail.nix ./matrix.nix ./coturn.nix + ./vaultwarden.nix (import ./mail.nix {inherit mailserver;}) (import ./homepage.nix {inherit homepage;}) ]; diff --git a/vaultwarden.nix b/vaultwarden.nix new file mode 100644 index 0000000..104f1f7 --- /dev/null +++ b/vaultwarden.nix @@ -0,0 +1,22 @@ +{ ... }: + +let + domain = "pw.sondell.org"; + port = "8222"; +in +{ + # + services.vaultwarden = { + enable = true; + }; + + + services.nginx.virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${port}/"; + }; + }; +} + From 2d8b2e985a3b00925008ea55ffa4006c95898e6d Mon Sep 17 00:00:00 2001 From: glenn Date: Sun, 5 May 2024 20:53:16 +0200 Subject: [PATCH 08/10] added nas hostname --- configuration.nix | 84 ++++++++++++++++++++++++----------------------- 1 file changed, 43 insertions(+), 41 deletions(-) diff --git a/configuration.nix b/configuration.nix index 4b0748e..eae3e8d 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,37 +1,45 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - + config, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; services.postgresql = { dataDir = "/pool/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; }; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = ["nix-command" "flakes"]; powerManagement.enable = false; # Bootloader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sdc"; boot.loader.grub.useOSProber = true; + networking = { + hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + # Enable networking + networkmanager.enable = true; - # Enable networking - networking.networkmanager.enable = true; + # Open ports in the firewall. + firewall.allowedTCPPorts = [80 443]; + + extraHosts = '' + 192.168.1.88 nas + ''; + }; # Set your time zone. time.timeZone = "Europe/Stockholm"; @@ -99,10 +107,10 @@ users.users.sondell = { isNormalUser = true; description = "sondell"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = ["networkmanager" "wheel"]; packages = with pkgs; [ firefox - # thunderbird + # thunderbird ]; }; @@ -111,15 +119,14 @@ openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMYGJCpFIiWqzy8YbfWh7+i52XVwyhUu+P0rUglVR5uV gws@nixos"]; }; - # Allow unfree packages nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget htop cloudflared filebrowser @@ -133,22 +140,21 @@ tailscale alejandra ]; -programs = { - - ssh.startAgent = true; - fish= { - enable=true; - shellInit = "starship init fish | source"; - }; - starship.enable = true; - starship.settings = { - shell = { - disabled = false; - fish_indicator = ""; - bash_indicator = "BASH"; + programs = { + ssh.startAgent = true; + fish = { + enable = true; + shellInit = "starship init fish | source"; + }; + starship.enable = true; + starship.settings = { + shell = { + disabled = false; + fish_indicator = ""; + bash_indicator = "BASH"; + }; }; }; -}; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. @@ -169,14 +175,11 @@ programs = { defaults = { email = "glennpub@proton.me"; dnsProvider = "cloudflare"; - # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] - # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= + # # location of your CLOUDFLARE_DNS_API_TOKEN=[value] + # # https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#EnvironmentFile= environmentFile = "/etc/nixos/.secrets/cloudflare_dns_tokend"; }; }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 443 ]; # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. @@ -189,5 +192,4 @@ programs = { # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.11"; # Did you read the comment? - } From dda65cd17eaff2c96a0249edd9e786e76401d4a9 Mon Sep 17 00:00:00 2001 From: glenn Date: Sun, 5 May 2024 21:19:42 +0200 Subject: [PATCH 09/10] init nextcloud backup --- nextcloud.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/nextcloud.nix b/nextcloud.nix index 20916c6..fa9c239 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -8,6 +8,27 @@ in environment.systemPackages = [ nextcloud ]; + systemd.timers."nextcloud-backup" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + # OnBootSec = "5m"; + # OnUnitActiveSec = "5m"; + OnCalendar="*-*-* 2:00:00"; + Unit = "nextcloud-backup.service"; + }; + }; + + systemd.services."nextcloud-backup" = { + script = '' + set -eu + ${pkgs.postgresql}/bin/pg_dump "nextcloud" -f /tmp/dump.sql + ''; + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + }; + }; + services = { nginx.virtualHosts = { ${domain} = { From 0add03034e08a7c30fea783ef0edfd565559c234 Mon Sep 17 00:00:00 2001 From: glenn Date: Sun, 5 May 2024 21:54:47 +0200 Subject: [PATCH 10/10] working sql dump over ssh --- nextcloud.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nextcloud.nix b/nextcloud.nix index fa9c239..5a34596 100644 --- a/nextcloud.nix +++ b/nextcloud.nix @@ -19,9 +19,9 @@ in }; systemd.services."nextcloud-backup" = { - script = '' + script = with pkgs; '' set -eu - ${pkgs.postgresql}/bin/pg_dump "nextcloud" -f /tmp/dump.sql + ${postgresql}/bin/pg_dump "nextcloud" | ${openssh}/bin/ssh -i /etc/nixos/.secrets/tulpan Glenn@nas "cat - > back/nextcloud/dump.sql" ''; serviceConfig = { Type = "oneshot";