diff --git a/flake.lock b/flake.lock index 34fbb7c..6fceb88 100644 --- a/flake.lock +++ b/flake.lock @@ -63,24 +63,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { - "inputs": { - "systems": "systems_3" - }, "locked": { "lastModified": 1710146030, "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", @@ -95,9 +77,9 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_2": { "inputs": { - "systems": "systems_4" + "systems": "systems_3" }, "locked": { "lastModified": 1701680307, @@ -113,7 +95,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "locked": { "lastModified": 1631561581, "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", @@ -146,7 +128,7 @@ }, "gradle2nix": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": "nixpkgs_3" }, "locked": { @@ -192,16 +174,16 @@ ] }, "locked": { - "lastModified": 1716729592, - "narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=", + "lastModified": 1716736833, + "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c78a57c544dd19b07442350727ced097e1aa6e6", + "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "home-manager", "type": "github" } @@ -226,28 +208,6 @@ "url": "https://git.4o1x5.dev/4o1x5/i2pd-exporter" } }, - "microvm": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ], - "spectrum": "spectrum" - }, - "locked": { - "lastModified": 1716754174, - "narHash": "sha256-L2Vni6dGDFWXWwY0rqkQWtZXt+qYQKUZr+Fj+EpI97Q=", - "owner": "astro", - "repo": "microvm.nix", - "rev": "fa4262c3c9197e7d62185858907f2e5acff3258d", - "type": "github" - }, - "original": { - "owner": "astro", - "repo": "microvm.nix", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -339,7 +299,7 @@ }, "pnpm2nix": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -377,7 +337,6 @@ "agenix": "agenix", "home-manager": "home-manager_2", "i2pd-exporter": "i2pd-exporter", - "microvm": "microvm", "nixpkgs": "nixpkgs_2", "piped": "piped", "scribe": "scribe" @@ -385,7 +344,7 @@ }, "scribe": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -404,22 +363,6 @@ "url": "https://git.sr.ht/~edwardloveall/scribe" } }, - "spectrum": { - "flake": false, - "locked": { - "lastModified": 1708358594, - "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", - "ref": "refs/heads/main", - "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", - "revCount": 614, - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - }, - "original": { - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -464,21 +407,6 @@ "repo": "default", "type": "github" } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 63869d9..67f1294 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; home-manager = { - url = "github:nix-community/home-manager/release-23.11"; + url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -22,11 +22,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - - microvm = { - url = "github:astro/microvm.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; agenix.url = "github:ryantm/agenix"; }; @@ -35,7 +30,6 @@ , nixpkgs , home-manager , i2pd-exporter - , microvm , agenix , scribe , piped @@ -80,22 +74,6 @@ lime = nixpkgs.lib.nixosSystem { inherit system; modules = [ - ({ pkgs, ... }: { - nixpkgs.overlays = [ - (self: super: { - inadyn = super.inadyn.overrideAttrs - (oldAttrs: rec { - src = pkgs.fetchFromGitHub - { - owner = "troglobit"; - repo = "inadyn"; - rev = "7d576c4d00d312597c2b9c06c00529d2dde5ac89"; - hash = "sha256-EJ9/MZhz/Gjj2RCMRDkwuKRatig/t1wAqQRqOcHA2gc="; - }; - }); - }) - ]; - }) ./hosts/lime/root.nix ./root.nix ./secrets/lime.nix diff --git a/hosts/carbon/root.nix b/hosts/carbon/root.nix index 47c9def..1aa2eb3 100644 --- a/hosts/carbon/root.nix +++ b/hosts/carbon/root.nix @@ -10,7 +10,7 @@ # routes (other servers) ./services/routes/owncast.nix ./services/routes/openproject.nix - ./services/routes/hydra.nix + #./services/routes/hydra.nix ./services/routes/csengo.nix ./services/routes/penpot.nix ./services/routes/matrix.nix diff --git a/hosts/carbon/services/forgejo.nix b/hosts/carbon/services/forgejo.nix index a73dd34..eb6f4d1 100644 --- a/hosts/carbon/services/forgejo.nix +++ b/hosts/carbon/services/forgejo.nix @@ -49,7 +49,7 @@ labels = [ "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" ]; - name = config.networking.hostname; + name = config.networking.hostName; }; }; } diff --git a/hosts/carbon/services/nginx.nix b/hosts/carbon/services/nginx.nix index a977cbf..f383db1 100644 --- a/hosts/carbon/services/nginx.nix +++ b/hosts/carbon/services/nginx.nix @@ -88,7 +88,6 @@ in access_log /var/log/nginx/$server_name-access.log json_analytics; ''; }; - "${config.networking.domain}" = { forceSSL = true; enableACME = true; diff --git a/hosts/carbon/services/privacy/anonymousoverflow.nix b/hosts/carbon/services/privacy/anonymousoverflow.nix index 76b6dac..2fef72a 100644 --- a/hosts/carbon/services/privacy/anonymousoverflow.nix +++ b/hosts/carbon/services/privacy/anonymousoverflow.nix @@ -21,9 +21,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:7344"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/biblioreads.nix b/hosts/carbon/services/privacy/biblioreads.nix index 5bdb58a..61f4cb6 100644 --- a/hosts/carbon/services/privacy/biblioreads.nix +++ b/hosts/carbon/services/privacy/biblioreads.nix @@ -1,8 +1,6 @@ { pkgs, config, ... }: { virtualisation.oci-containers.containers = { - - biblioreads = { image = "nesaku/biblioreads:latest"; ports = [ @@ -18,9 +16,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:5484"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/binternet.nix b/hosts/carbon/services/privacy/binternet.nix index a461c30..4ab3773 100644 --- a/hosts/carbon/services/privacy/binternet.nix +++ b/hosts/carbon/services/privacy/binternet.nix @@ -17,7 +17,6 @@ locations."/" = { proxyPass = " http://127.0.0.1:7382"; extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; rewrite ^/www.pinterest.com$ http://binternet.${config.networking.domain}/ permanent; rewrite ^/pinterest.com$ http://binternet.${config.networking.domain}/ permanent; ''; diff --git a/hosts/carbon/services/privacy/breezewiki.nix b/hosts/carbon/services/privacy/breezewiki.nix index 146e35c..818d5c1 100644 --- a/hosts/carbon/services/privacy/breezewiki.nix +++ b/hosts/carbon/services/privacy/breezewiki.nix @@ -7,11 +7,16 @@ ports = [ "1584:10416" ]; + # Todo fix since it doesnt work (required by default) + environment = { + CANONICAL_ORIGIN = "https://breezewiki.${config.networking.domain}"; + canonical_origin = "https://breezewiki.${config.networking.domain}"; + }; + }; }; services.nginx = { virtualHosts = { - "breezewiki.${config.networking.domain}" = { forceSSL = true; enableACME = true; @@ -24,5 +29,4 @@ }; }; }; - } diff --git a/hosts/carbon/services/privacy/dumb.nix b/hosts/carbon/services/privacy/dumb.nix index 835ee0b..9be56b8 100644 --- a/hosts/carbon/services/privacy/dumb.nix +++ b/hosts/carbon/services/privacy/dumb.nix @@ -17,9 +17,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:8332"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/gothub.nix b/hosts/carbon/services/privacy/gothub.nix index 1f8998a..0a5878a 100644 --- a/hosts/carbon/services/privacy/gothub.nix +++ b/hosts/carbon/services/privacy/gothub.nix @@ -29,9 +29,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:4032"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/libremdb.nix b/hosts/carbon/services/privacy/libremdb.nix index 2463a90..e441fbb 100644 --- a/hosts/carbon/services/privacy/libremdb.nix +++ b/hosts/carbon/services/privacy/libremdb.nix @@ -26,9 +26,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:7345"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/librey.nix b/hosts/carbon/services/privacy/librey.nix index c94be0d..35f5229 100644 --- a/hosts/carbon/services/privacy/librey.nix +++ b/hosts/carbon/services/privacy/librey.nix @@ -36,9 +36,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:3345"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/priviblur.nix b/hosts/carbon/services/privacy/priviblur.nix index 4cbe10c..0ca27af 100644 --- a/hosts/carbon/services/privacy/priviblur.nix +++ b/hosts/carbon/services/privacy/priviblur.nix @@ -16,9 +16,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:1484"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/proxitok.nix b/hosts/carbon/services/privacy/proxitok.nix index f676977..c54bcc3 100644 --- a/hosts/carbon/services/privacy/proxitok.nix +++ b/hosts/carbon/services/privacy/proxitok.nix @@ -9,9 +9,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:4772"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/quetre.nix b/hosts/carbon/services/privacy/quetre.nix index 725b807..3f3c83e 100644 --- a/hosts/carbon/services/privacy/quetre.nix +++ b/hosts/carbon/services/privacy/quetre.nix @@ -34,9 +34,6 @@ locations."/" = { proxyPass = " http://127.0.0.1:2355"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/redlib.nix b/hosts/carbon/services/privacy/redlib.nix index 1533211..62ddd7e 100644 --- a/hosts/carbon/services/privacy/redlib.nix +++ b/hosts/carbon/services/privacy/redlib.nix @@ -16,9 +16,6 @@ locations."/" = { proxyPass = " http://127.0.0.1:3672"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; "redlib.${config.networking.domain}" = { @@ -27,9 +24,6 @@ locations."/" = { proxyPass = " http://127.0.0.1:3672"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; diff --git a/hosts/carbon/services/privacy/rimgo.nix b/hosts/carbon/services/privacy/rimgo.nix index 0f9f135..909b2f4 100644 --- a/hosts/carbon/services/privacy/rimgo.nix +++ b/hosts/carbon/services/privacy/rimgo.nix @@ -34,9 +34,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:${toString config.services.rimgo.settings.PORT}"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/safetwitch.nix b/hosts/carbon/services/privacy/safetwitch.nix index c58b4f1..4b63159 100644 --- a/hosts/carbon/services/privacy/safetwitch.nix +++ b/hosts/carbon/services/privacy/safetwitch.nix @@ -44,9 +44,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:7100"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/privacy/scribe.nix b/hosts/carbon/services/privacy/scribe.nix index f90aa46..ac8f3e5 100644 --- a/hosts/carbon/services/privacy/scribe.nix +++ b/hosts/carbon/services/privacy/scribe.nix @@ -22,9 +22,6 @@ enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:7283"; - extraConfig = '' - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; }; }; }; diff --git a/hosts/carbon/services/routes/hydra.nix b/hosts/carbon/services/routes/hydra.nix index 03ee9a1..2038efd 100644 --- a/hosts/carbon/services/routes/hydra.nix +++ b/hosts/carbon/services/routes/hydra.nix @@ -1,23 +1,24 @@ { pkgs, config, ... }: { services.nginx = { + virtualHosts = { - "hydra.${config.networking.domain}" = - { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = " http://32.54.31.99:6732"; - }; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; + "hydra.${config.networking.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = " http://32.54.31.99:6732"; }; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + access_log /var/log/nginx/$server_name-access.log json_analytics; + ''; + }; }; + }; } diff --git a/hosts/carbon/services/routes/matrix.nix b/hosts/carbon/services/routes/matrix.nix index 8b5af47..6997adb 100644 --- a/hosts/carbon/services/routes/matrix.nix +++ b/hosts/carbon/services/routes/matrix.nix @@ -1,9 +1,8 @@ { pkgs, config, ... }: let - fqdn = "${config.networking.domain}"; - baseUrl = "https://${fqdn}"; - clientConfig."m.homeserver".base_url = "https://matrix.${fqdn}"; - serverConfig."m.server" = "${fqdn}:443"; + baseUrl = "https://${config.networking.domain}"; + clientConfig."m.homeserver".base_url = "https://matrix.${config.networking.domain}"; + serverConfig."m.server" = "${config.networking.domain}:443"; mkWellKnown = data: '' default_type application/json; add_header Access-Control-Allow-Origin *; @@ -27,8 +26,7 @@ in access_log /var/log/nginx/$server_name-access.log json_analytics; ''; }; - "${fqdn}" = { - + "${config.networking.domain}" = { # well known paths for matrix locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."/_matrix".proxyPass = "http://32.54.31.241:8008"; diff --git a/hosts/carbon/services/routes/penpot.nix b/hosts/carbon/services/routes/penpot.nix index 281d943..56386bd 100644 --- a/hosts/carbon/services/routes/penpot.nix +++ b/hosts/carbon/services/routes/penpot.nix @@ -2,21 +2,22 @@ services.nginx = { virtualHosts = { - "penpot.${config.networking.domain}" = - { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = " http://32.54.31.241:9032"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - access_log /var/log/nginx/$server_name-access.log json_analytics; - ''; - }; + "penpot.${config.networking.domain}" = { + forceSSL = true; + enableACME = true; + + # Todo fix font routes + locations."/" = { + proxyPass = " http://32.54.31.241:9032"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + access_log /var/log/nginx/$server_name-access.log json_analytics; + ''; }; + }; }; }; } diff --git a/hosts/lime/services/mumble.nix b/hosts/lime/services/mumble.nix index 1badc75..20ae69f 100644 --- a/hosts/lime/services/mumble.nix +++ b/hosts/lime/services/mumble.nix @@ -16,13 +16,13 @@ bot = { channel = "/music"; name = "Zenebona"; - comment = "szia"; + comment = "Bassza meg az MSZP, csak a FIDESZ"; admin = "penge;dmk"; stereo = true; when_nobody_in_channel = "pause_resume"; bitrate = 1300000; }; - commands.command_symbol = ".:@:;:4:!:1"; + commands.command_symbol = ".:@:;:4:!:1:,:':2"; }; } diff --git a/hosts/pink/root.nix b/hosts/pink/root.nix index 36763dd..b4ea665 100644 --- a/hosts/pink/root.nix +++ b/hosts/pink/root.nix @@ -9,7 +9,7 @@ ./services/dns.nix ./services/endlessh.nix ./services/i2pd.nix - ./services/hydra.nix + #./services/hydra.nix # monitoring diff --git a/hosts/pink/services/dns.nix b/hosts/pink/services/dns.nix index 23ffda3..bf953f3 100644 --- a/hosts/pink/services/dns.nix +++ b/hosts/pink/services/dns.nix @@ -1,6 +1,4 @@ { pkgs, config, ... }: { - - services.adguardhome = { enable = true; openFirewall = true; diff --git a/hosts/pink/services/firewall.nix b/hosts/pink/services/firewall.nix index a20094f..2142a68 100644 --- a/hosts/pink/services/firewall.nix +++ b/hosts/pink/services/firewall.nix @@ -7,7 +7,6 @@ # pihole 53 - 1444 # prometheus 9090 @@ -18,6 +17,7 @@ 8422 # csengoclient 5333 # csengoserver 5432 + # learningpulse 8181 @@ -25,13 +25,10 @@ allowedUDPPorts = [ 22 # ssh - # pihole - 53 - 1444 - # prometheus 9090 8080 + 53 8422 # csengoclient 5333 # csengoserver diff --git a/hosts/pink/services/i2pd.nix b/hosts/pink/services/i2pd.nix index 87478c4..87bc72a 100644 --- a/hosts/pink/services/i2pd.nix +++ b/hosts/pink/services/i2pd.nix @@ -1,7 +1,7 @@ { pkgs, lib, config, ... }: { services.i2pd = { - enable = true; + enable = false; port = 9732; enableIPv6 = true; floodfill = true; @@ -33,7 +33,7 @@ # need to create a nginx proxy that proxies the reseed file services.prometheus.exporters.i2pd = { - enable = true; + enable = config.services.i2pd.enable; port = 3321; routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}"; routerPassword = "itoopie"; diff --git a/hosts/pink/services/monitoring/grafana.nix b/hosts/pink/services/monitoring/grafana.nix index c9efced..c7f68f8 100644 --- a/hosts/pink/services/monitoring/grafana.nix +++ b/hosts/pink/services/monitoring/grafana.nix @@ -12,13 +12,12 @@ in }; provision = { enable = true; - datasources.settings.datasources = [ - { - name = "prometheus"; - type = "prometheus"; - url = "http://127.0.0.1:${toString config.services.prometheus.port}"; - isDefault = true; - } + datasources.settings.datasources = [{ + name = "prometheus"; + type = "prometheus"; + url = "http://127.0.0.1:${toString config.services.prometheus.port}"; + isDefault = true; + } # { # name = "loki"; # type = "loki"; diff --git a/root.nix b/root.nix index 3a7c0f5..b0167b6 100644 --- a/root.nix +++ b/root.nix @@ -16,7 +16,6 @@ }; }; - home-manager.users.root.home.stateVersion = "23.11"; networking.networkmanager.enable = true; @@ -54,7 +53,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config.allowUnfree = true; - system.stateVersion = "23.11"; environment.systemPackages = with pkgs; [ docker-compose @@ -69,4 +67,7 @@ enableOnBoot = false; }; + home-manager.users.root.home.stateVersion = "24.05"; + system.stateVersion = "24.05"; + }