voronind/nix
0
0
Fork 0
Code Issues 38 Pull requests Packages Projects Releases Wiki Activity

Home: Fix nginx.

Browse source
This commit is contained in:
Dmitry Voronin 2025-01-09 14:35:30 +03:00
parent af86a390fa
commit 0413a97ad9
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
13 changed files with 54 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/AutoUpdateSigned.nix
View file

@ -4,7 +4,6 @@
# to prevent unathorized changes to hosts.
{
config,
const,
lib,
pkgs,
secret,
@ -40,7 +39,7 @@ in
script = ''
pushd /tmp
rm -rf ./nixos
git clone --depth=1 --single-branch --branch=main ${const.url} ./nixos
git clone --depth=1 --single-branch --branch=main ${config.const.url} ./nixos
pushd ./nixos
git verify-commit HEAD && git fsck || {
echo "Verification failed."

12
flake.nix
View file

@ -122,13 +122,6 @@
let
lib = nixpkgs.lib;
const = {
droidStateVersion = "24.05";
stateVersion = "24.11";
timeZone = "Europe/Moscow";
url = "https://git.voronind.com/voronind/nix.git";
};
__findFile = _: p: ./${p};
ls =
@ -175,9 +168,6 @@
# Make a device hostname match the one from this config.
{ networking.hostName = hostname; }
# Specify current release version.
{ system.stateVersion = const.stateVersion; }
# Add Home Manager module.
home-manager.nixosModules.home-manager
@ -203,7 +193,6 @@
{
inherit
__findFile
const
inputs
pkgsJobber
pkgsMaster
@ -258,7 +247,6 @@
extraSpecialArgs = {
inherit
__findFile
const
inputs
pkgsMaster
pkgsUnstable

7
home/Android.nix
View file

@ -2,7 +2,6 @@
{
__findFile,
config,
const,
inputs,
lib,
pkgs,
@ -28,8 +27,8 @@ in
config = lib.mkIf cfg.enable {
environment.packages = package.core;
nix.extraOptions = "experimental-features = nix-command flakes pipe-operators";
system.stateVersion = const.droidStateVersion;
time.timeZone = const.timeZone;
system.stateVersion = config.const.droidStateVersion;
time.timeZone = config.const.timeZone;
terminal = { inherit (android) font colors; };
home-manager.config = stylix // {
programs = with programs; core;
@ -37,7 +36,7 @@ in
home = {
inherit (env) sessionVariables;
inherit file;
stateVersion = const.droidStateVersion;
stateVersion = config.const.droidStateVersion;
};
};
};

3
home/NixOs.nix
View file

@ -2,7 +2,6 @@
{
__findFile,
config,
const,
lib,
pkgs,
util,
@ -36,7 +35,7 @@ in
// {
${user.username} = {
home = {
inherit (const) stateVersion;
inherit (config.const) stateVersion;
inherit (env) sessionVariables;
inherit (user) username homeDirectory;
inherit file;

7
host/x86_64-linux/home/Const.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }: {
config.const.host = {
domain = "voronind.com";
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
};
}

5
host/x86_64-linux/home/Davis.nix
View file

@ -8,10 +8,7 @@ in
adminPasswordFile = "${storage}/Password";
appSecretFile = "${storage}/Secret";
hostname = "dav.voronind.com";
nginx = {
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
};
nginx = { };
mail = {
dsnFile = "${storage}/Dsn";
inviteFromAddress = "noreply@voronind.com";

3
host/x86_64-linux/home/Jobber.nix
View file

@ -1,7 +1,6 @@
# Use `nixos-container login jobber` as root and empty pw.
{
__findFile,
const,
lib,
pkgsJobber,
poetry2nixJobber,
@ -48,7 +47,7 @@ in
in
{
boot.isContainer = true;
system.stateVersion = const.stateVersion;
system.stateVersion = "24.11";
users = {
users.root.password = "";
mutableUsers = false;

3
host/x86_64-linux/home/Network.nix
View file

@ -3,7 +3,6 @@
# fd09:8d46:b26::/48 - ULA.
{
config,
const,
lib,
util,
...
@ -120,7 +119,7 @@ in
PoolOffset = 100;
PoolSize = 150;
ServerAddress = "${internal}/24";
Timezone = const.timeZone;
Timezone = config.const.timeZone;
UplinkInterface = wan;
};
};

9
host/x86_64-linux/home/nginx/Davis.nix
View file

@ -1,15 +1,14 @@
{ lib, ... }:
{ config, ... }:
{
"dav.voronind.com" = {
sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
onlySSL = lib.mkForce true;
"dav.${config.const.host.domain}" = {
inherit (config.const.host) sslCertificate sslCertificateKey;
locations."/".extraConfig = ''
allow 10.0.0.0/8;
allow fd09:8d46:b26::/48;
deny all;
'';
extraConfig = ''
listen 443 ssl;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';

4
host/x86_64-linux/home/nginx/Deluge.nix
View file

@ -1,6 +1,6 @@
{ ... }:
{ config, ... }:
{
"download.voronind.com".extraConfig = ''
"download.${config.const.host.domain}".extraConfig = ''
listen 443 ssl;
location / {

26
option/Const.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, ... }:
{
options.const = {
droidStateVersion = lib.mkOption {
default = "24.05";
type = lib.types.str;
};
stateVersion = lib.mkOption {
default = "24.11";
type = lib.types.str;
};
timeZone = lib.mkOption {
default = "Europe/Moscow";
type = lib.types.str;
};
url = lib.mkOption {
default = "https://git.voronind.com/voronind/nix.git";
type = lib.types.str;
};
host = lib.mkOption {
default = { };
type = lib.types.attrs;
};
};
}

4
system/Locale.nix
View file

@ -1,6 +1,6 @@
{ const, ... }:
{ config, ... }:
{
time.timeZone = const.timeZone;
time.timeZone = config.const.timeZone;
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {

5
system/State.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
# Specify current release version.
system.stateVersion = config.const.stateVersion;
}