From 2649599a5a0d053c701d8a5be02c0f0b1d57b2f2 Mon Sep 17 00:00:00 2001 From: tzlil Date: Fri, 21 Apr 2023 16:49:37 +0300 Subject: trying now --- hosts/vps/hydrus.nix | 11 ++++----- hosts/vps/matrix.nix | 69 ++++++++++++++++++++++++++++------------------------ profiles/network.nix | 2 +- profiles/user.nix | 8 ++---- 4 files changed, 45 insertions(+), 45 deletions(-) diff --git a/hosts/vps/hydrus.nix b/hosts/vps/hydrus.nix index 6727ed7..efd5383 100644 --- a/hosts/vps/hydrus.nix +++ b/hosts/vps/hydrus.nix @@ -15,7 +15,7 @@ systemd.services.Xvnc = { description = "Xvnc"; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; serviceConfig = { ExecStart = "${pkgs.turbovnc}/bin/Xvnc :30 -iglx -depth 24 -rfbwait 120000 -deferupdate 1 -localhost -verbose -securitytypes none"; @@ -25,14 +25,14 @@ RestartSec = "5s"; }; }; - + systemd.services.hydrus = { description = "Hydrus"; - wantedBy = [ "multi-user.target" "Xvnc.service" ]; - wants = [ "podman-hydrus-web.service" ]; + wantedBy = ["multi-user.target" "Xvnc.service"]; + wants = ["podman-hydrus-web.service"]; serviceConfig = { - Environment = "DISPLAY=:30"; + Environment = "DISPLAY=:30"; ExecStart = "${pkgs.hydrus}/bin/hydrus-client -d /home/hydrus"; User = "hydrus"; Group = "hydrus"; @@ -41,7 +41,6 @@ }; }; - security.lockKernelModules = lib.mkForce false; virtualisation.oci-containers.containers.hydrus-web = { ports = ["8080:80"]; diff --git a/hosts/vps/matrix.nix b/hosts/vps/matrix.nix index 26095e1..c2f4c5b 100644 --- a/hosts/vps/matrix.nix +++ b/hosts/vps/matrix.nix @@ -25,21 +25,20 @@ # }; # networking.firewall.allowedTCPPorts = [80 443]; - age.secrets = { - matrix = { + age.secrets.matrix = { file = ../secrets/matrix.age; mode = "600"; owner = "root"; group = "root"; }; - }; services.dendrite = let - database_config = { - connection_string = "postgresql:///dendrite?host=/run/postgresql"; - max_open_conns = 10; - max_idle_conns = 5; - }; in { + database_config = { + connection_string = "postgresql:///dendrite?host=/run/postgresql"; + max_open_conns = 10; + max_idle_conns = 5; + }; + in { enable = true; tlsCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/tzlil.net/tzlil.net.crt"; @@ -74,8 +73,14 @@ { server_name = "matrix.org"; keys = [ - { key_id = "ed25519:auto"; public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; } - { key_id = "ed25519:a_RXGa"; public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; } + { + key_id = "ed25519:auto"; + public_key = "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"; + } + { + key_id = "ed25519:a_RXGa"; + public_key = "l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ"; + } ]; } ]; @@ -92,7 +97,8 @@ }; }; - postgresql = { + services.postgresql = { + package = pkgs.postgresql_11; ensureUsers = [ { name = "dendrite"; @@ -102,29 +108,28 @@ } ]; - ensureDatabases = [ "dendrite" ]; + ensureDatabases = ["dendrite"]; }; - }; - - # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service - # systemd.services.dendrite.serviceConfig.User = "dendrite"; - # systemd.services.dendrite.serviceConfig.Group = "dendrite"; - environment.persistence."/nix/persist".directories = [ - { - directory = /var/lib/postgresql/${config.services.postgresql.package.psqlSchema}; - user = "postgres"; - group = "postgres"; - } - { - directory = /var/lib/private/dendrite; - user = "root"; - group = "root"; - } - ]; - - systemd.services.dendrite.after = [ "postgresql.service" ]; + # not needed if i use /var/lib/private , DynamicUser can remap the permissions for the service + # systemd.services.dendrite.serviceConfig.User = "dendrite"; + # systemd.services.dendrite.serviceConfig.Group = "dendrite"; + environment.persistence."/nix/persist".directories = [ + { + directory = "/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + user = "postgres"; + group = "postgres"; + } + + { + directory = "/var/lib/private/dendrite"; + user = "root"; + group = "root"; + } + ]; - networking.firewall.allowedTCPPorts = [8448]; + systemd.services.dendrite.after = ["postgresql.service"]; + networking.firewall.allowedTCPPorts = [8448]; + }; } diff --git a/profiles/network.nix b/profiles/network.nix index a83f25c..ba6e9a2 100644 --- a/profiles/network.nix +++ b/profiles/network.nix @@ -49,7 +49,7 @@ }; # You can choose a specific set of servers from https://github.com/DNSCrypt/dnscrypt-resolvers/blob/master/v3/public-resolvers.md - server_names = [ ]; # tailscale magicdns + server_names = []; # tailscale magicdns }; }; diff --git a/profiles/user.nix b/profiles/user.nix index d343e9c..6f1d573 100644 --- a/profiles/user.nix +++ b/profiles/user.nix @@ -9,18 +9,14 @@ inputs.home-manager.nixosModules."home-manager" ]; config = { - age.secrets = { - id_ed25519 = { + age.secrets.id_ed25519 = { file = ../secrets/id_ed25519.age; mode = "600"; owner = "tzlil"; group = "users"; }; - # password.file = ../secrets/password.age; - }; - - programs.fish.enable = true; # needed now + programs.fish.enable = true; # needed now users.users.tzlil = { isNormalUser = true; description = "Me"; -- cgit 1.4.1