James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Misc system changes and nix flake update

Browse Source
This commit is contained in:
James Eversole
2025-07-24 08:08:22 -05:00
parent fc3979e64b
commit ff550b960e
8 changed files with 142 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1736955230, "lastModified": 1750173260,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,20 +39,59 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"lix": {
"inputs": {
"flake-compat": "flake-compat_2",
"nix2container": "nix2container",
"nixpkgs": "nixpkgs",
"nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1737234286,
"narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=",
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b",
"revCount": 16631,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
},
"original": {
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b",
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
}
},
"nix-serve-ng": { "nix-serve-ng": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"lix": "lix",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1733148767, "lastModified": 1748458972,
"narHash": "sha256-Ht5wD/n2I/tQWNgYIdmi3UQbm1FNwp9m9JmDjZEd6ng=", "narHash": "sha256-N6c3NozYqAGwmjf+k5GHOZzlcquDntrJwsZQ7O2sqtQ=",
"owner": "aristanetworks", "owner": "aristanetworks",
"repo": "nix-serve-ng", "repo": "nix-serve-ng",
"rev": "6e8d82a451fccbaa4714da8f7a3db5907bdfa96d", "rev": "1d21f73a2d563ffbb924a4244c29b35e898caefe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -61,28 +100,45 @@
"type": "github" "type": "github"
} }
}, },
"nix2container": {
"flake": false,
"locked": {
"lastModified": 1724996935,
"narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741332913, "lastModified": 1733348545,
"narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "narHash": "sha256-b4JrUmqT0vFNx42aEN9LTWOHomkTKL/ayLopflVf81U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "20755fa05115c84be00b04690630cb38f0a203ad", "rev": "9ecb50d2fae8680be74c08bb0a995c5383747f89",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-24.11-small",
"type": "indirect" "repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1740877520, "lastModified": 1751159883,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -91,16 +147,47 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1753115646,
"narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "92c2e04a475523e723c67ef872d8037379073681",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"parts": { "parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1741352980, "lastModified": 1753121425,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -109,11 +196,27 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"flake": false,
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"nix-serve-ng": "nix-serve-ng", "nix-serve-ng": "nix-serve-ng",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"parts": "parts" "parts": "parts"
} }
}, },

2
flake.nix
View File

@ -2,7 +2,7 @@
description = "eve-psr-nix0 - Home Server"; description = "eve-psr-nix0 - Home Server";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.11"; nixpkgs.url = "nixpkgs/nixos-25.05";
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

8
nix/application/containers.nix
View File

@ -28,7 +28,7 @@
"/home/sezycei/srv/containerdata/gitea/config:/etc/gitea" "/home/sezycei/srv/containerdata/gitea/config:/etc/gitea"
]; ];
ports = [ "8027:3000" "23231:2222"]; ports = [ "8027:3000" "23231:2222"];
environment = environment =
{ {
GITEA_APP_INI = "/etc/gitea/app.ini"; GITEA_APP_INI = "/etc/gitea/app.ini";
GITEA_CUSTOM = "/var/lib/gitea/custom"; GITEA_CUSTOM = "/var/lib/gitea/custom";
@ -48,13 +48,13 @@
"/home/sezycei/srv/containerdata/gitea/runner/data:/data" "/home/sezycei/srv/containerdata/gitea/runner/data:/data"
"/run/podman/podman.sock:/var/run/docker.sock" "/run/podman/podman.sock:/var/run/docker.sock"
]; ];
environment = environment =
{ {
CONFIG_FILE = "/config.yaml"; CONFIG_FILE = "/config.yaml";
GITEA_INSTANCE_URL = "https://git.eversole.co"; GITEA_INSTANCE_URL = "https://git.eversole.co";
GITEA_RUNNER_REGISTRATION_TOKEN = "Rxl7OYPb4ysOmDZB3jnmzm7hJtQQYeaKHdn4jrbR"; GITEA_RUNNER_REGISTRATION_TOKEN = "Rxl7OYPb4ysOmDZB3jnmzm7hJtQQYeaKHdn4jrbR";
GITEA_RUNNER_NAME = "nix0-primary"; GITEA_RUNNER_NAME = "nix0-primary";
}; };
}; };
@ -96,7 +96,7 @@
volumes = [ volumes = [
"/home/sezycei/srv/containerdata/purr/data:/app/data" "/home/sezycei/srv/containerdata/purr/data:/app/data"
]; ];
environment = { environment = {
ENVIRONMENT = "production"; ENVIRONMENT = "production";
APPLICATIONHOST = "localhost"; APPLICATIONHOST = "localhost";
APPLICATIONPORT = "3000"; APPLICATIONPORT = "3000";

9
nix/application/nginx.nix
View File

@ -88,6 +88,15 @@
''; '';
}; };
"jame.su" = static { dir = "/var/www/jame.su"; }; "jame.su" = static { dir = "/var/www/jame.su"; };
"llm.matri.cx" = proxiedLAN {
target = "http://192.168.0.94:11434";
extra = ''
proxy_connect_timeout 1800s;
proxy_send_timeout 1800s;
proxy_read_timeout 1800s;
send_timeout 1800s;
'';
};
"matri.cx" = static { dir = "/var/www/matri.cx"; }; "matri.cx" = static { dir = "/var/www/matri.cx"; };
"media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; }; "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
"purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; }; "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };

2
nix/system/backups.nix
View File

@ -13,7 +13,7 @@
"${config.users.users.sezycei.home}/keys" "${config.users.users.sezycei.home}/keys"
"${config.users.users.sezycei.home}/dev" "${config.users.users.sezycei.home}/dev"
]; ];
exclude = [ exclude = [
"*minecraft/OLD*" "*minecraft/OLD*"
]; ];

4
nix/system/dns.nix
View File

@ -12,7 +12,7 @@
mail.matri.cx { mail.matri.cx {
template IN A { template IN A {
answer "{{ .Name }} 0 IN A 149.28.112.101" answer "{{ .Name }} 0 IN A 216.128.148.134"
} }
} }
@ -37,7 +37,7 @@
box.eversole.co { box.eversole.co {
template IN A { template IN A {
answer "{{ .Name }} 0 IN A 149.28.112.101" answer "{{ .Name }} 0 IN A 216.128.148.134"
} }
} }

4
nix/system/network.nix
View File

@ -2,8 +2,8 @@
networking = { networking = {
hostName = "eve-psr-nix0"; hostName = "eve-psr-nix0";
firewall = { firewall = {
allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 ]; allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 20443 ];
allowedUDPPorts = [ 53 51820 config.services.tailscale.port ]; allowedUDPPorts = [ 53 51820 config.services.tailscale.port 20443 ];
extraCommands = '' extraCommands = ''
iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE
''; '';

2
nix/system/nix-conf.nix
View File

@ -1,7 +1,7 @@
{ config, ... }: { { config, ... }: {
services = { services = {
nix-serve = { nix-serve = {
enable = true; enable = false;
secretKeyFile = config.age.secrets.cache-key.path; secretKeyFile = config.age.secrets.cache-key.path;
}; };
}; };