flake/hosts/tyo0/default.nix

131 lines
3.1 KiB
Nix
Raw Normal View History

2024-04-22 18:35:50 +00:00
{
lib,
2024-08-29 17:42:37 +00:00
config,
2024-07-11 15:50:43 +00:00
modulesPath,
pkgs,
2024-04-22 18:35:50 +00:00
...
}:
{
2024-04-22 18:35:50 +00:00
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
./anti-feature.nix
2024-08-11 10:13:36 +00:00
./services/forgejo.nix
./services/keycloak.nix
./services/miniflux.nix
./services/murmur.nix
./services/ntfy.nix
2024-08-29 17:42:37 +00:00
./services/prometheus.nix
2024-08-27 09:08:53 +00:00
./services/redlib.nix
2024-08-27 21:02:01 +00:00
./services/sing-box.nix
2024-08-12 13:23:46 +00:00
./services/vaultwarden.nix
2024-08-27 09:08:53 +00:00
./services/wastebin.nix
2024-04-22 18:35:50 +00:00
];
boot.loader.grub.device = lib.mkForce "/dev/nvme0n1";
2024-08-12 07:25:36 +00:00
system.stateVersion = "24.05";
2024-08-29 18:17:30 +00:00
swapDevices = lib.singleton {
device = "/var/lib/swapfile";
size = 4 * 1024; # 4 GiB
};
# WORKAROUND:
systemd.services."print-host-key".enable = false;
### Secrets
sops.secrets = lib.mapAttrs (_name: value: value // { sopsFile = ./secrets.yaml; }) {
2024-08-27 21:02:01 +00:00
"sing-box/auth" = {
restartUnits = [ "sing-box.service" ];
2024-07-21 10:09:21 +00:00
};
2024-08-29 17:42:37 +00:00
"prometheus/auth" = {
owner = config.systemd.services.prometheus.serviceConfig.User;
restartUnits = [ "prometheus.service" ];
};
2024-07-21 10:09:21 +00:00
"miniflux/environment" = {
restartUnits = [ "miniflux.service" ];
};
2024-08-12 13:23:46 +00:00
"vaultwarden/environment" = {
restartUnits = [ "vaultwarden.service" ];
2024-08-12 13:23:46 +00:00
};
};
### Services
2024-08-27 21:02:01 +00:00
networking.firewall.allowedUDPPorts = [ 443 ];
networking.firewall.allowedTCPPorts = [
80
443
2024-08-27 21:02:01 +00:00
];
systemd.tmpfiles.settings = {
"10-www" = {
"/var/www/robots/robots.txt".C.argument = toString ./robots.txt;
"/var/www/matrix/client".C.argument = toString ./matrix-client.json;
"/var/www/matrix/server".C.argument = toString ./matrix-server.json;
};
};
services.caddy = {
enable = true;
2024-08-19 14:45:31 +00:00
configFile = pkgs.replaceVars ./Caddyfile {
"element" = pkgs.element-web.override {
conf.default_server_config."m.homeserver" = {
base_url = "https://matrix.ny4.dev";
server_name = "ny4.dev";
};
};
2024-07-31 13:34:24 +00:00
"cinny" = pkgs.cinny.override {
conf = {
defaultHomeserver = 0;
homeserverList = [ "ny4.dev" ];
2024-07-31 13:34:24 +00:00
};
};
};
};
2024-08-11 11:02:04 +00:00
services.postgresql = {
package = pkgs.postgresql_16;
settings = {
max_connections = 200;
shared_buffers = "256MB";
effective_cache_size = "768MB";
maintenance_work_mem = "64MB";
checkpoint_completion_target = 0.9;
wal_buffers = "7864kB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "655kB";
huge_pages = "off";
min_wal_size = "1GB";
max_wal_size = "4GB";
};
};
### Prevents me from bankrupt
# https://fmk.im/p/shutdown-aws/
services.vnstat.enable = true;
systemd.services."no-bankrupt" = {
serviceConfig.Type = "oneshot";
path = with pkgs; [
coreutils
gawk
vnstat
systemd
];
script = ''
TRAFF_TOTAL=1900
TRAFF_USED=$(vnstat --oneline b | awk -F ';' '{print $11}')
CHANGE_TO_GB=$(($TRAFF_USED / 1073741824))
if [ $CHANGE_TO_GB -gt $TRAFF_TOTAL ]; then
shutdown -h now
fi
'';
};
systemd.timers."no-bankrupt" = {
timerConfig.OnCalendar = "*:0:0"; # Check every hour
};
2024-04-22 18:35:50 +00:00
}