diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/cloud/sortug/configuration.nix | 2 | ||||
| -rw-r--r-- | hosts/cloud/sortug/nginx.nix | 47 | ||||
| -rw-r--r-- | hosts/cloud/span/mail.nix | 34 | ||||
| -rw-r--r-- | hosts/linux.nix | 13 | ||||
| -rw-r--r-- | hosts/local/fw11/configuration.nix | 11 | ||||
| -rw-r--r-- | hosts/local/fw11/keyboard.nix | 3 | ||||
| -rw-r--r-- | hosts/nixos.nix | 4 | ||||
| -rw-r--r-- | hosts/unfree.nix | 10 |
8 files changed, 85 insertions, 39 deletions
diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix index 308f010..ee15cd5 100644 --- a/hosts/cloud/sortug/configuration.nix +++ b/hosts/cloud/sortug/configuration.nix @@ -1,6 +1,7 @@ { modulesPath, lib, + pkgs, ... }: { imports = @@ -24,6 +25,7 @@ loader.grub.enable = true; # loader.grub.device = "/dev/sda"; }; + environment.systemPackages = [pkgs.devenv]; services.do-agent.enable = true; networking = { diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix index b075c22..78e93b8 100644 --- a/hosts/cloud/sortug/nginx.nix +++ b/hosts/cloud/sortug/nginx.nix @@ -26,19 +26,30 @@ virtualHosts."ai.sortug.com" = { enableACME = true; forceSSL = true; - locations."/" = { + locations."/stt" = { proxyPass = "http://127.0.0.1:8000"; - proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_connect_timeout 300s; + proxy_send_timeout 300s; + proxy_read_timeout 300s; + send_timeout 300s; + ''; }; - }; - virtualHosts."kino.sortug.com" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8095"; - proxyWebsockets = true; # needed if you need to use WebSocket + locations."/tts" = { + proxyPass = "http://127.0.0.1:8001"; + }; + locations."/embed" = { + proxyPass = "http://127.0.0.1:8002"; }; }; + # virtualHosts."kino.sortug.com" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://127.0.0.1:8095"; + # proxyWebsockets = true; # needed if you need to use WebSocket + # }; + # }; virtualHosts."u.sortug.com" = { enableACME = true; forceSSL = true; @@ -65,6 +76,24 @@ proxy_cache off; ''; }; + virtualHosts."line.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8924"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; virtualHosts."ntfy.sortug.com" = { enableACME = true; forceSSL = true; diff --git a/hosts/cloud/span/mail.nix b/hosts/cloud/span/mail.nix index d020fec..9cc44a7 100644 --- a/hosts/cloud/span/mail.nix +++ b/hosts/cloud/span/mail.nix @@ -1,4 +1,8 @@ -{ config, pkgs, ... }: { +{ + config, + pkgs, + ... +}: { imports = [ (builtins.fetchTarball { url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; @@ -9,11 +13,11 @@ }) ]; - services.dovecot2.sieve.extensions = [ "fileinto" ]; + services.dovecot2.sieve.extensions = ["fileinto"]; mailserver = { enable = true; fqdn = "mail.spandrell.ch"; - domains = [ "spandrell.ch" ]; + domains = ["spandrell.ch"]; # A list of all login accounts. To create the password hashes, use # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' @@ -28,7 +32,7 @@ hashedPasswordFile = "/home/span/mail.key"; }; "lol@spandrell.ch" = { - hashedPasswordFile = "/home/span/mail.key"; + hashedPasswordFile = "/home/span/mail2.key"; }; "sub@spandrell.ch" = { hashedPasswordFile = "/home/span/mail.key"; @@ -51,17 +55,17 @@ security.acme.acceptTerms = true; security.acme.defaults.email = "security@spandrell.ch"; services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "mail.spandrell.ch"; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.spandrell.ch"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; }; services.nginx.enable = true; } diff --git a/hosts/linux.nix b/hosts/linux.nix index 95049ff..70ff0c9 100644 --- a/hosts/linux.nix +++ b/hosts/linux.nix @@ -4,7 +4,6 @@ ./users.nix ./editors.nix ./pkgs.nix - ./unfree.nix ./network.nix # ./yubikey.nix ]; @@ -35,10 +34,10 @@ }; ## Bluetooth -# hardware.enableAllFirmware = true; -# hardware.bluetooth.enable = true; -# hardware.bluetooth.settings = {General = {Experimental = true;};}; -# hardware.bluetooth.disabledPlugins = ["sap"]; -# hardware.bluetooth.package = pkgs.bluez; -# services.blueman.enable = true; + # hardware.enableAllFirmware = true; + # hardware.bluetooth.enable = true; + # hardware.bluetooth.settings = {General = {Experimental = true;};}; + # hardware.bluetooth.disabledPlugins = ["sap"]; + # hardware.bluetooth.package = pkgs.bluez; + # services.blueman.enable = true; } diff --git a/hosts/local/fw11/configuration.nix b/hosts/local/fw11/configuration.nix index 8574868..ad8fffd 100644 --- a/hosts/local/fw11/configuration.nix +++ b/hosts/local/fw11/configuration.nix @@ -22,9 +22,10 @@ in { # Include the results of the hardware scan. ../../base.nix ../../linux.nix - ../wayland.nix - ../../syncthing.nix - ./keyboard.nix + # ../../syncthing.nix + ../../unfree.nix + # ../wayland.nix + # ./keyboard.nix # ../android.nix ]; @@ -44,8 +45,8 @@ in { boot.loader.efi.canTouchEfiVariables = true; # boot.supportedFilesystems = ["ntfs"]; # boot.kernelPackages = lib.mkForce unfreePkgs.linuxKernel.packages.linux_xanmod_latest; - boot.kernelPackages = pkgs.linuxPackages_latest; - # boot.kernelPackages = pkgs.linuxPackages_6_11; + # boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_6_12; services.fprintd.enable = true; networking = { diff --git a/hosts/local/fw11/keyboard.nix b/hosts/local/fw11/keyboard.nix index 7aef3c4..ce875dd 100644 --- a/hosts/local/fw11/keyboard.nix +++ b/hosts/local/fw11/keyboard.nix @@ -34,7 +34,8 @@ config = builtins.readFile ./framework.kbd; }; usbThinkpad = { - device = "/dev/input/by-id/usb-Lenovo_ThinkPad_Compact_USB_Keyboard_with_TrackPoint-event-kbd"; + # device = "/dev/input/by-id/usb-Lenovo_ThinkPad_Compact_USB_Keyboard_with_TrackPoint-event-kbd"; + device = "/dev/input/by-id/usb-Lenovo_TrackPoint_Keyboard_II-event-kbd"; config = builtins.readFile ./thinkpad.kbd; }; }; diff --git a/hosts/nixos.nix b/hosts/nixos.nix index e85a2a9..1b7b55c 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -2,7 +2,9 @@ mkNixosSystem = system: path: inputs.nixpkgs.lib.nixosSystem { inherit system; - specialArgs = {inherit inputs;}; + specialArgs = { + inherit inputs; + }; modules = import (./. + "/${path}") inputs; }; in { diff --git a/hosts/unfree.nix b/hosts/unfree.nix index d3e889d..73c4a8a 100644 --- a/hosts/unfree.nix +++ b/hosts/unfree.nix @@ -1,9 +1,16 @@ -{pkgs, ...}: { +{ + pkgs, + inputs, + ... +}: { # allow unfree nixpkgs.config = { allowUnfree = true; + allowUnfreePredicate = _: true; chromium.enableWideVine = true; }; + + # https://stackoverflow.com/questions/77585228/how-to-allow-unfree-packages-in-nix-for-each-situation-nixos-nix-nix-wit environment.systemPackages = with pkgs; [ # opera spotify @@ -15,6 +22,7 @@ steamcmd steam-run protonup-qt + # inputs.claude-desktop.packages.x86_64-linux.claude-desktop ]; # fucking vscode requires this for github copilot |