voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Home: Fix nginx.

Browse source
This commit is contained in:
Dmitry Voronin 2025-01-09 14:35:30 +03:00
parent af86a390fa
commit 0413a97ad9
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
13 changed files with 54 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/AutoUpdateSigned.nix
View file

@ -4,7 +4,6 @@
# to prevent unathorized changes to hosts. # to prevent unathorized changes to hosts.
{ {
config, config,
const,
lib, lib,
pkgs, pkgs,
secret, secret,
@ -40,7 +39,7 @@ in
script = '' script = ''
pushd /tmp pushd /tmp
rm -rf ./nixos rm -rf ./nixos
git clone --depth=1 --single-branch --branch=main ${const.url} ./nixos git clone --depth=1 --single-branch --branch=main ${config.const.url} ./nixos
pushd ./nixos pushd ./nixos
git verify-commit HEAD && git fsck || { git verify-commit HEAD && git fsck || {
echo "Verification failed." echo "Verification failed."

12
flake.nix
View file

@ -122,13 +122,6 @@
let let
lib = nixpkgs.lib; lib = nixpkgs.lib;
const = {
droidStateVersion = "24.05";
stateVersion = "24.11";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
__findFile = _: p: ./${p}; __findFile = _: p: ./${p};
ls = ls =
@ -175,9 +168,6 @@
# Make a device hostname match the one from this config. # Make a device hostname match the one from this config.
{ networking.hostName = hostname; } { networking.hostName = hostname; }
# Specify current release version.
{ system.stateVersion = const.stateVersion; }
# Add Home Manager module. # Add Home Manager module.
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@ -203,7 +193,6 @@
{ {
inherit inherit
__findFile __findFile
const
inputs inputs
pkgsJobber pkgsJobber
pkgsMaster pkgsMaster
@ -258,7 +247,6 @@
extraSpecialArgs = { extraSpecialArgs = {
inherit inherit
__findFile __findFile
const
inputs inputs
pkgsMaster pkgsMaster
pkgsUnstable pkgsUnstable

7
home/Android.nix
View file

@ -2,7 +2,6 @@
{ {
__findFile, __findFile,
config, config,
const,
inputs, inputs,
lib, lib,
pkgs, pkgs,
@ -28,8 +27,8 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.packages = package.core; environment.packages = package.core;
nix.extraOptions = "experimental-features = nix-command flakes pipe-operators"; nix.extraOptions = "experimental-features = nix-command flakes pipe-operators";
system.stateVersion = const.droidStateVersion; system.stateVersion = config.const.droidStateVersion;
time.timeZone = const.timeZone; time.timeZone = config.const.timeZone;
terminal = { inherit (android) font colors; }; terminal = { inherit (android) font colors; };
home-manager.config = stylix // { home-manager.config = stylix // {
programs = with programs; core; programs = with programs; core;
@ -37,7 +36,7 @@ in
home = { home = {
inherit (env) sessionVariables; inherit (env) sessionVariables;
inherit file; inherit file;
stateVersion = const.droidStateVersion; stateVersion = config.const.droidStateVersion;
}; };
}; };
}; };

3
home/NixOs.nix
View file

@ -2,7 +2,6 @@
{ {
__findFile, __findFile,
config, config,
const,
lib, lib,
pkgs, pkgs,
util, util,
@ -36,7 +35,7 @@ in
// { // {
${user.username} = { ${user.username} = {
home = { home = {
inherit (const) stateVersion; inherit (config.const) stateVersion;
inherit (env) sessionVariables; inherit (env) sessionVariables;
inherit (user) username homeDirectory; inherit (user) username homeDirectory;
inherit file; inherit file;

7
host/x86_64-linux/home/Const.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
config.const.host = {
domain = "voronind.com";
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
};
}

5
host/x86_64-linux/home/Davis.nix
View file

@ -8,10 +8,7 @@ in
adminPasswordFile = "${storage}/Password"; adminPasswordFile = "${storage}/Password";
appSecretFile = "${storage}/Secret"; appSecretFile = "${storage}/Secret";
hostname = "dav.voronind.com"; hostname = "dav.voronind.com";
nginx = { nginx = { };
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
};
mail = { mail = {
dsnFile = "${storage}/Dsn"; dsnFile = "${storage}/Dsn";
inviteFromAddress = "noreply@voronind.com"; inviteFromAddress = "noreply@voronind.com";

3
host/x86_64-linux/home/Jobber.nix
View file

@ -1,7 +1,6 @@
# Use `nixos-container login jobber` as root and empty pw. # Use `nixos-container login jobber` as root and empty pw.
{ {
__findFile, __findFile,
const,
lib, lib,
pkgsJobber, pkgsJobber,
poetry2nixJobber, poetry2nixJobber,
@ -48,7 +47,7 @@ in
in in
{ {
boot.isContainer = true; boot.isContainer = true;
system.stateVersion = const.stateVersion; system.stateVersion = "24.11";
users = { users = {
users.root.password = ""; users.root.password = "";
mutableUsers = false; mutableUsers = false;

3
host/x86_64-linux/home/Network.nix
View file

@ -3,7 +3,6 @@
# fd09:8d46:b26::/48 - ULA. # fd09:8d46:b26::/48 - ULA.
{ {
config, config,
const,
lib, lib,
util, util,
... ...
@ -120,7 +119,7 @@ in
PoolOffset = 100; PoolOffset = 100;
PoolSize = 150; PoolSize = 150;
ServerAddress = "${internal}/24"; ServerAddress = "${internal}/24";
Timezone = const.timeZone; Timezone = config.const.timeZone;
UplinkInterface = wan; UplinkInterface = wan;
}; };
}; };

9
host/x86_64-linux/home/nginx/Davis.nix
View file

@ -1,15 +1,14 @@
{ lib, ... }: { config, ... }:
{ {
"dav.voronind.com" = { "dav.${config.const.host.domain}" = {
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem"; inherit (config.const.host) sslCertificate sslCertificateKey;
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
onlySSL = lib.mkForce true;
locations."/".extraConfig = '' locations."/".extraConfig = ''
allow 10.0.0.0/8; allow 10.0.0.0/8;
allow fd09:8d46:b26::/48; allow fd09:8d46:b26::/48;
deny all; deny all;
''; '';
extraConfig = '' extraConfig = ''
listen 443 ssl;
include /etc/letsencrypt/conf/options-ssl-nginx.conf; include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
''; '';

4
host/x86_64-linux/home/nginx/Deluge.nix
View file

@ -1,6 +1,6 @@
{ ... }: { config, ... }:
{ {
"download.voronind.com".extraConfig = '' "download.${config.const.host.domain}".extraConfig = ''
listen 443 ssl; listen 443 ssl;
location / { location / {

26
option/Const.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, ... }:
{
options.const = {
droidStateVersion = lib.mkOption {
default = "24.05";
type = lib.types.str;
};
stateVersion = lib.mkOption {
default = "24.11";
type = lib.types.str;
};
timeZone = lib.mkOption {
default = "Europe/Moscow";
type = lib.types.str;
};
url = lib.mkOption {
default = "https://git.voronind.com/voronind/nix.git";
type = lib.types.str;
};
host = lib.mkOption {
default = { };
type = lib.types.attrs;
};
};
}

4
system/Locale.nix
View file

@ -1,6 +1,6 @@
{ const, ... }: { config, ... }:
{ {
time.timeZone = const.timeZone; time.timeZone = config.const.timeZone;
i18n = { i18n = {
defaultLocale = "en_US.UTF-8"; defaultLocale = "en_US.UTF-8";
extraLocaleSettings = { extraLocaleSettings = {

5
system/State.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
# Specify current release version.
system.stateVersion = config.const.stateVersion;
}