commit a21ffa952a7aa6231fa3850ff33f4b837d3b183a · soopy.moe/gensokyo

+7 -4

flake.nix

···

       40
       40
        
           };

     

       41
       41
        
         };

     

       42
       42
        
       

     

       43
       43
       -
         outputs = { nixpkgs, home-manager, ... }@inputs:

     

       44
       44
       -
         let

     

       43
       43
       +
         outputs = {

     

       44
       44
       +
           nixpkgs,

     

       45
       45
       +
           home-manager,

     

       46
       46
       +
           ...

     

       47
       47
       +
         } @ inputs: let

     

       45
       48
        
           # pkgs = import nixpkgs {};

     

       46
       49
        
           _utils = import ./global/utils.nix {};

     

       47
       50
        
           lib = nixpkgs.lib;

     

       48
       51
        
         in {

     

       49
       52
        
           nixosConfigurations = {

     

       50
       50
       -
             koumakan = (import ./systems/koumakan { inherit _utils lib inputs; });

     

       53
       53
       +
             koumakan = import ./systems/koumakan {inherit _utils lib inputs;};

     

       51
       54
        
           };

     

       52
       55
        
       

     

       53
       53
       -
           # formatter.x86_64-linux = pkgs.alejendra;

     

       56
       56
       +
           formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;

     

       54
       57
        
         };

     

       55
       58
        
       }

+2 -3

global/core.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./upgrade-diff.nix

     

       5
       4
        
         ];

     
···

       19
       18
        
         # };

     

       20
       19
        
       

     

       21
       20
        
         # Lock root account

     

       22
       22
       -
         users.users.root.shell = pkgs.shadow;  # basically /bin/nologin

     

       21
       21
       +
         users.users.root.shell = pkgs.shadow; # basically /bin/nologin

     

       23
       22
        
       }

+1 -2

global/programs/compilers.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       3
       2
        
         environment.systemPackages = with pkgs; [

     

       4
       3
        
           luajit

     

       5
       4
        
           binutils

+1 -2

global/programs/default.nix

···

       1
       1
       -
       { ... }: 

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./nix.nix

     

       5
       4
        
           ./editors.nix

+1 -3

global/programs/editors.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         programs.neovim = {

     

       5
       3
        
           enable = true;

     

       6
       4
        
           defaultEditor = true;

+2 -4

global/programs/gpg.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       4
       4
       -
         environment.systemPackages = with pkgs; [ gnupg pinentry ];

     

       1
       1
       +
       {pkgs, ...}: {

     

       2
       2
       +
         environment.systemPackages = with pkgs; [gnupg pinentry];

     

       5
       3
        
       

     

       6
       4
        
         programs.gnupg.agent.enable = true;

     

       7
       5
        
         # ideally this should be set automatically but in case that doesn't work

+1 -3

global/programs/misc.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       4
       2
        
         # Miscellaneous packages that do not have an option.

     

       5
       3
        
         # It is recommended to use packages.<package>.enable when possible.

     

       6
       4

+1 -3

global/programs/multiplexers.nix

···

       1
       1
       -
       { pkgs, ... }: 

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       4
       2
        
         programs.tmux = {

     

       5
       3
        
           enable = true;

     

       6
       4
        
           newSession = true;

+1 -2

global/programs/nix.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       1
       1
       +
       {pkgs, ...}:

     

       3
       2
        
       # some items are sourced from https://jackson.dev/post/nix-reasonable-defaults/

     

       4
       3
        
       {

     

       5
       4
        
         nix.settings = {

+1 -2

global/programs/scm.nix

···

       1
       1
       -
       { ... }: 

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         programs.git = {

     

       4
       3
        
           enable = true;

     

       5
       4
        
           config = {

+1 -3

global/programs/shells.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       4
       2
        
         users.defaultUserShell = pkgs.zsh;

     

       5
       3
        
         programs.zsh = {

     

       6
       4
        
           enable = true;

+1 -3

global/programs/ssh.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         # Enable the OpenSSH daemon.

     

       5
       3
        
         services.openssh = {

     

       6
       4
        
           enable = true;

+1 -2

global/upgrade-diff.nix

···

       1
       1
        
       # Thank you https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix

     

       2
       2
       -
       

     

       3
       3
       -
       { pkgs, ... }: {

     

       2
       2
       +
       {pkgs, ...}: {

     

       4
       3
        
         system.activationScripts.diff = {

     

       5
       4
        
           supportsDryActivation = true;

     

       6
       5
        
           text = ''

+17 -16

global/utils.nix

···

       1
       1
        
       # see /docs/utils.md for a usage guide

     

       2
       2
       -
       

     

       3
       3
       -
       { ... }:

     

       4
       4
       -
       

     

       2
       2
       +
       {...}:

     

       5
       3
        
       # let

     

       6
       6
       -
         # lib = pkgs.lib;

     

       4
       4
       +
       #   lib = pkgs.lib;

     

       7
       5
        
       # in

     

       8
       6
        
       rec {

     

       9
       9
       -
         mkVhost = opts: {

     

       10
       10
       -
           # ideally mkOverride/mkDefault would be used, but i have 0 idea how it works.

     

       11
       11
       -
           forceSSL = true;

     

       12
       12
       -
           useACMEHost = "global.c.soopy.moe";

     

       13
       13
       -
           kTLS = true;

     

       14
       14
       -
         } // opts;

     

       7
       7
       +
         mkVhost = opts:

     

       8
       8
       +
           {

     

       9
       9
       +
             # ideally mkOverride/mkDefault would be used, but i have 0 idea how it works.

     

       10
       10
       +
             forceSSL = true;

     

       11
       11
       +
             useACMEHost = "global.c.soopy.moe";

     

       12
       12
       +
             kTLS = true;

     

       13
       13
       +
           }

     

       14
       14
       +
           // opts;

     

       15
       15
        
       

     

       16
       16
        
         mkSimpleProxy = {

     

       17
       17
        
           port,

     

       18
       18
        
           protocol ? "http",

     

       19
       19
        
           location ? "/",

     

       20
       20
       -
           websockets ? false

     

       21
       21
       -
         }: mkVhost {

     

       22
       22
       -
           locations."${location}" = {

     

       23
       23
       -
             proxyPass = "${protocol}://localhost:${toString port}";

     

       24
       24
       -
             proxyWebsockets = websockets;

     

       20
       20
       +
           websockets ? false,

     

       21
       21
       +
         }:

     

       22
       22
       +
           mkVhost {

     

       23
       23
       +
             locations."${location}" = {

     

       24
       24
       +
               proxyPass = "${protocol}://localhost:${toString port}";

     

       25
       25
       +
               proxyWebsockets = websockets;

     

       26
       26
       +
             };

     

       25
       27
        
           };

     

       26
       26
       -
         };

     

       27
       28
        
       }

+3 -5

systems/koumakan/certificates/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         imports = [

     

       5
       3
        
           ./global.nix

     

       6
       4
        
           ./postgresql.nix

     
···

       11
       9
        
             # == lego Configuration ==

     

       12
       10
        
             credentialsFile = "/etc/lego/desec";

     

       13
       11
        
             dnsProvider = "desec";

     

       14
       14
       -
             # In an more ideal world we would have an eddsa algo here but oh well

     

       15
       15
       -
             keyType = "ec256";  # Ensure we use ec keys

     

       12
       12
       +
             # In a more ideal world we would have an eddsa algo here but oh well

     

       13
       13
       +
             keyType = "ec256"; # Ensure we use ec keys

     

       16
       14
        
       

     

       17
       15
        
             dnsResolver = "8.8.8.8:53";

     

       18
       16

+1 -3

systems/koumakan/certificates/global.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         # Global certificate

     

       5
       3
        
         security.acme.certs."global.c.soopy.moe" = {

     

       6
       4
        
           group = "nginx";

+1 -3

systems/koumakan/certificates/postgresql.nix

···

       1
       1
       -
       { config, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {config, ...}: {

     

       4
       2
        
         # PostgreSQL only certificate

     

       5
       3
        
         security.acme.certs."phant.soopy.moe" = {

     

       6
       4
        
           group = "postgres";

+18 -18

systems/koumakan/configuration.nix

···

       1
       1
        
       # Edit this configuration file to define what should be installed on

     

       2
       2
        
       # your system.  Help is available in the configuration.nix(5) man page

     

       3
       3
        
       # and in the NixOS manual (accessible by running `nixos-help`).

     

       4
       4
       -
       

     

       5
       5
       -
       { inputs, ... }:

     

       6
       6
       -
       

     

       7
       7
       -
       {

     

       8
       8
       -
         imports = [ # Include the results of the hardware scan.

     

       9
       9
       -
             ./hardware-configuration.nix

     

       4
       4
       +
       {inputs, ...}: {

     

       5
       5
       +
         imports = [

     

       6
       6
       +
           # Include the results of the hardware scan.

     

       7
       7
       +
           ./hardware-configuration.nix

     

       10
       8
        
       

     

       11
       11
       -
             ../../global/core.nix

     

       12
       12
       -
             ../../global/programs

     

       9
       9
       +
           ../../global/core.nix

     

       10
       10
       +
           ../../global/programs

     

       13
       11
        
       

     

       14
       14
       -
             ./networking

     

       15
       15
       -
             ./certificates

     

       16
       16
       -
             ./security

     

       17
       17
       -
             ./services

     

       12
       12
       +
           ./networking

     

       13
       13
       +
           ./certificates

     

       14
       14
       +
           ./security

     

       15
       15
       +
           ./services

     

       18
       16
        
         ];

     

       19
       17
        
       

     

       20
       20
       -
         nixpkgs.overlays = import ../../overlays ++ (with inputs; [

     

       21
       21
       -
           mystia.overlays.default

     

       22
       22
       -
           attic.overlays.default

     

       23
       23
       -
         ]);

     

       18
       18
       +
         nixpkgs.overlays =

     

       19
       19
       +
           import ../../overlays

     

       20
       20
       +
           ++ (with inputs; [

     

       21
       21
       +
             mystia.overlays.default

     

       22
       22
       +
             attic.overlays.default

     

       23
       23
       +
           ]);

     

       24
       24
        
       

     

       25
       25
        
         boot.loader.efi = {

     

       26
       26
        
           canTouchEfiVariables = true;

     
···

       42
       42
        
         # Define a user account. Don't forget to set a password with ‘passwd’.

     

       43
       43
        
         users.users.cassie = {

     

       44
       44
        
           isNormalUser = true;

     

       45
       45
       -
           extraGroups = [ "wheel" ];

     

       45
       45
       +
           extraGroups = ["wheel"];

     

       46
       46
        
           openssh = {

     

       47
       47
       -
               authorizedKeys.keyFiles = [ ../../creds/ssh/cassie ];

     

       47
       47
       +
             authorizedKeys.keyFiles = [../../creds/ssh/cassie];

     

       48
       48
        
           };

     

       49
       49
        
           # packages = with pkgs; [];

     

       50
       50
        
         };

+6 -2

systems/koumakan/default.nix

···

       1
       1
       -
       { lib, _utils, inputs, ... }:

     

       2
       2
       -
       

     

       1
       1
       +
       {

     

       2
       2
       +
         lib,

     

       3
       3
       +
         _utils,

     

       4
       4
       +
         inputs,

     

       5
       5
       +
         ...

     

       6
       6
       +
       }:

     

       3
       7
        
       lib.nixosSystem {

     

       4
       8
        
         system = "x86_64-linux";

     

       5
       9

+48 -44

systems/koumakan/hardware-configuration.nix

···

       1
       1
        
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       2
        
       # and may be overwritten by future invocations.  Please make changes

     

       3
       3
        
       # to /etc/nixos/configuration.nix instead.

     

       4
       4
       -
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       5
       -
       

     

       6
       4
        
       {

     

       7
       7
       -
         imports =

     

       8
       8
       -
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       9
       -
           ];

     

       5
       5
       +
         config,

     

       6
       6
       +
         lib,

     

       7
       7
       +
         pkgs,

     

       8
       8
       +
         modulesPath,

     

       9
       9
       +
         ...

     

       10
       10
       +
       }: {

     

       11
       11
       +
         imports = [

     

       12
       12
       +
           (modulesPath + "/installer/scan/not-detected.nix")

     

       13
       13
       +
         ];

     

       10
       14
        
       

     

       11
       11
       -
         boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sr_mod" ];

     

       12
       12
       -
         boot.initrd.kernelModules = [ "dm-snapshot" ];

     

       13
       13
       -
         boot.kernelModules = [ "kvm-intel" ];

     

       14
       14
       -
         boot.extraModulePackages = [ ];

     

       15
       15
       +
         boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usbhid" "sr_mod"];

     

       16
       16
       +
         boot.initrd.kernelModules = ["dm-snapshot"];

     

       17
       17
       +
         boot.kernelModules = ["kvm-intel"];

     

       18
       18
       +
         boot.extraModulePackages = [];

     

       15
       19
        
       

     

       16
       16
       -
         fileSystems."/" =

     

       17
       17
       -
           { device = "/dev/disk/by-uuid/0b38be0c-5365-4f02-85b8-72f37bb2ddf8";

     

       18
       18
       -
             fsType = "btrfs";

     

       19
       19
       -
           };

     

       20
       20
       +
         fileSystems."/" = {

     

       21
       21
       +
           device = "/dev/disk/by-uuid/0b38be0c-5365-4f02-85b8-72f37bb2ddf8";

     

       22
       22
       +
           fsType = "btrfs";

     

       23
       23
       +
         };

     

       20
       24
        
       

     

       21
       21
       -
         fileSystems."/var/log" =

     

       22
       22
       -
           { device = "/dev/disk/by-uuid/e6ff7c96-3bef-4a17-9114-64ef1460fc00";

     

       23
       23
       -
             fsType = "btrfs";

     

       24
       24
       -
           };

     

       25
       25
       +
         fileSystems."/var/log" = {

     

       26
       26
       +
           device = "/dev/disk/by-uuid/e6ff7c96-3bef-4a17-9114-64ef1460fc00";

     

       27
       27
       +
           fsType = "btrfs";

     

       28
       28
       +
         };

     

       25
       29
        
       

     

       26
       26
       -
         fileSystems."/var/log/audit" =

     

       27
       27
       -
           { device = "/dev/disk/by-uuid/a20e2995-7297-4f69-af89-b58ff314e029";

     

       28
       28
       -
             fsType = "btrfs";

     

       29
       29
       -
           };

     

       30
       30
       +
         fileSystems."/var/log/audit" = {

     

       31
       31
       +
           device = "/dev/disk/by-uuid/a20e2995-7297-4f69-af89-b58ff314e029";

     

       32
       32
       +
           fsType = "btrfs";

     

       33
       33
       +
         };

     

       30
       34
        
       

     

       31
       31
       -
         fileSystems."/srv/osm-data" =

     

       32
       32
       -
           { device = "/dev/disk/by-uuid/3c1a8b58-fbe6-4522-8e27-72419b3c2d6f";

     

       33
       33
       -
             fsType = "btrfs";

     

       34
       34
       -
           };

     

       35
       35
       +
         fileSystems."/srv/osm-data" = {

     

       36
       36
       +
           device = "/dev/disk/by-uuid/3c1a8b58-fbe6-4522-8e27-72419b3c2d6f";

     

       37
       37
       +
           fsType = "btrfs";

     

       38
       38
       +
         };

     

       35
       39
        
       

     

       36
       36
       -
         fileSystems."/boot" =

     

       37
       37
       -
           { device = "/dev/disk/by-uuid/9E0F-3FDE";

     

       38
       38
       -
             fsType = "vfat";

     

       39
       39
       -
           };

     

       40
       40
       +
         fileSystems."/boot" = {

     

       41
       41
       +
           device = "/dev/disk/by-uuid/9E0F-3FDE";

     

       42
       42
       +
           fsType = "vfat";

     

       43
       43
       +
         };

     

       40
       44
        
       

     

       41
       41
       -
         fileSystems."/boot/efi" =

     

       42
       42
       -
           { device = "/dev/disk/by-uuid/9EB1-FA5A";

     

       43
       43
       -
             fsType = "vfat";

     

       44
       44
       -
           };

     

       45
       45
       +
         fileSystems."/boot/efi" = {

     

       46
       46
       +
           device = "/dev/disk/by-uuid/9EB1-FA5A";

     

       47
       47
       +
           fsType = "vfat";

     

       48
       48
       +
         };

     

       45
       49
        
       

     

       46
       46
       -
         fileSystems."/srv/www/keine" =

     

       47
       47
       -
           { device = "/dev/disk/by-uuid/0a0e102a-b1ac-44a2-947b-2ec505b532ad";

     

       48
       48
       -
             fsType = "btrfs";

     

       49
       49
       -
           };

     

       50
       50
       +
         fileSystems."/srv/www/keine" = {

     

       51
       51
       +
           device = "/dev/disk/by-uuid/0a0e102a-b1ac-44a2-947b-2ec505b532ad";

     

       52
       52
       +
           fsType = "btrfs";

     

       53
       53
       +
         };

     

       50
       54
        
       

     

       51
       51
       -
         fileSystems."/home" =

     

       52
       52
       -
           { device = "/dev/disk/by-uuid/50165105-6b82-4228-9640-2d32ce45f76e";

     

       53
       53
       -
             fsType = "btrfs";

     

       54
       54
       -
           };

     

       55
       55
       +
         fileSystems."/home" = {

     

       56
       56
       +
           device = "/dev/disk/by-uuid/50165105-6b82-4228-9640-2d32ce45f76e";

     

       57
       57
       +
           fsType = "btrfs";

     

       58
       58
       +
         };

     

       55
       59
        
       

     

       56
       56
       -
         swapDevices =

     

       57
       57
       -
           [ { device = "/dev/disk/by-uuid/efd68464-2e0c-4aaf-8264-519dd7d05ddf"; }

     

       58
       58
       -
           ];

     

       60
       60
       +
         swapDevices = [

     

       61
       61
       +
           {device = "/dev/disk/by-uuid/efd68464-2e0c-4aaf-8264-519dd7d05ddf";}

     

       62
       62
       +
         ];

     

       59
       63
        
       

     

       60
       64
        
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       61
       65
        
         # (the default) this is the recommended approach. When using systemd-networkd it's

+1 -3

systems/koumakan/networking/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         imports = [

     

       5
       3
        
           ./firewall.nix

     

       6
       4
        
           ./interface.nix

+3 -4

systems/koumakan/networking/firewall.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         networking.firewall = {

     

       5
       3
        
           enable = true;

     

       6
       4
        
           allowedTCPPorts = [

     

       7
       5
        
             22 # ssh

     

       8
       8
       -
             80 443 # http[s]

     

       6
       6
       +
             80

     

       7
       7
       +
             443 # http[s]

     

       9
       8
        
           ];

     

       10
       9
        
         };

     

       11
       10
        
       }

+1 -2

systems/koumakan/networking/interface.nix

···

       1
       1
       -
       { ... } :

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         networking.networkmanager.ethernet.macAddress = builtins.readFile ./nma.cry;

     

       4
       3
        
       }

+1 -2

systems/koumakan/security/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./pam.nix

     

       5
       4
        
           ./sudo.nix

+1 -2

systems/koumakan/security/pam.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         security.pam.yubico = {

     

       4
       3
        
           enable = true;

     

       5
       4
        
           id = builtins.readFile ./ykid.cry;

+4 -2

systems/koumakan/security/secureboot.nix

···

       1
       1
       -
       { pkgs, lib, ... }:

     

       2
       2
       -
       

     

       3
       1
        
       {

     

       2
       2
       +
         pkgs,

     

       3
       3
       +
         lib,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: {

     

       4
       6
        
         environment.systemPackages = with pkgs; [

     

       5
       7
        
           cryptsetup

     

       6
       8
        
           sbctl

+2 -3

systems/koumakan/security/sudo.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       3
       2
        
         security.sudo.extraConfig = ''

     

       4
       3
        
           Defaults insults

     

       5
       4
        
         '';

     

       6
       6
       -
         security.sudo.package = (pkgs.sudo.override {withInsults = true;});

     

       5
       5
       +
         security.sudo.package = pkgs.sudo.override {withInsults = true;};

     

       7
       6
        
       }

+15 -13

systems/koumakan/services/attic.nix

···

       1
       1
       -
       { _utils, pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       let

     

       1
       1
       +
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       4
       6
        
         # where tf are the docs for pkgs.formats??

     

       5
       7
        
         toml = pkgs.formats.toml {};

     

       6
       8
        
       in {

     
···

       37
       39
        
           };

     

       38
       40
        
         };

     

       39
       41
        
       

     

       40
       40
       -
         services.nginx.virtualHosts."nonbunary.soopy.moe" = _utils.mkSimpleProxy {

     

       41
       41
       -
           port = 38191;

     

       42
       42
       -
         } // {

     

       43
       43
       -
           extraConfig = ''

     

       44
       44
       -
             client_max_body_size 1G;

     

       45
       45
       -
             proxy_read_timeout 3h;

     

       46
       46
       -
             proxy_connect_timeout 3h;

     

       47
       47
       -
             proxy_send_timeout 3h;

     

       48
       48
       -
           '';

     

       49
       49
       -
         };

     

       42
       42
       +
         services.nginx.virtualHosts."nonbunary.soopy.moe" =

     

       43
       43
       +
           _utils.mkSimpleProxy {port = 38191;}

     

       44
       44
       +
           // {

     

       45
       45
       +
             extraConfig = ''

     

       46
       46
       +
               client_max_body_size 1G;

     

       47
       47
       +
               proxy_read_timeout 3h;

     

       48
       48
       +
               proxy_connect_timeout 3h;

     

       49
       49
       +
               proxy_send_timeout 3h;

     

       50
       50
       +
             '';

     

       51
       51
       +
           };

     

       50
       52
        
       }

+1 -3

systems/koumakan/services/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         imports = [

     

       5
       3
        
           ./nginx.nix

     

       6
       4

+1 -3

systems/koumakan/services/nginx.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       4
       2
        
         services.nginx = {

     

       5
       3
        
           enable = true;

     

       6
       4
        
           enableReload = true;

+2 -4

systems/koumakan/services/postgresql.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {pkgs, ...}: {

     

       4
       2
        
         services.postgresql = {

     

       5
       3
        
           enable = true;

     

       6
       4
        
       

     

       7
       5
        
           package = pkgs.postgresql_15;

     

       8
       6
        
           dataDir = "/var/lib/postgresql/15";

     

       9
       9
       -
           logLinePrefix = "%m [%p] %h ";  # bollocks to that

     

       7
       7
       +
           logLinePrefix = "%m [%p] %h ";

     

       10
       8
        
       

     

       11
       9
        
           authentication = ''

     

       12
       10
        
             # unix socket connection

+1 -3

systems/koumakan/services/proxies/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       1
       1
       +
       {...}: {

     

       4
       2
        
         imports = [

     

       5
       3
        
           ./nitter.nix

     

       6
       4
        
         ];

+5 -3

systems/koumakan/services/proxies/nitter.nix

···

       1
       1
       -
       { _utils, pkgs, ... }:

     

       2
       2
       -
       

     

       3
       1
        
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         pkgs,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: {

     

       4
       6
        
         services.nitter = {

     

       5
       7
        
           enable = true;

     

       6
       6
       -
           redisCreateLocally = false;  # why is the default of this `true`??

     

       8
       8
       +
           redisCreateLocally = false; # why is the default of this `true`??

     

       7
       9
        
           server = {

     

       8
       10
        
             title = "NSM";

     

       9
       11
        
             port = 36325;

+1 -2

systems/koumakan/services/redis.nix

···

       1
       1
       -
       { ... }: 

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         services.redis.servers."" = {

     

       4
       3
        
           enable = true;

     

       5
       4
        
         };

+2 -4

systems/koumakan/services/static-sites/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./keine.nix

     

       5
       4
        
         ];

     
···

       16
       15
        
             "~ ^/(index.html|splash.png)".root = "/srv/www/maintenance";

     

       17
       16
        
           };

     

       18
       17
        
           extraConfig = ''

     

       19
       19
       -
           	error_page 503 /index.html;

     

       18
       18
       +
             error_page 503 /index.html;

     

       20
       19
        
           '';

     

       21
       21
       -
       

     

       22
       20
        
         };

     

       23
       21
        
       }

+2 -3

systems/koumakan/services/static-sites/keine.nix

···

       1
       1
       -
       { ... }:

     

       2
       2
       -
       {

     

       1
       1
       +
       {...}: {

     

       3
       2
        
         services.nginx.virtualHosts."keine.soopy.moe" = {

     

       4
       3
        
           useACMEHost = "global.c.soopy.moe";

     

       5
       5
       -
           addSSL = true;  # Don't force SSL on a mirror (implications TBD)

     

       4
       4
       +
           addSSL = true; # Don't force SSL on a mirror (implications TBD)

     

       6
       5
        
       

     

       7
       6
        
           root = "/srv/www/keine";

     

       8
       7
        
           locations = {