From 5361e21b67b1180ed64fb88f737a6bec1d4e8fe3 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sun, 3 Mar 2024 10:52:46 +0100 Subject: [PATCH] systems folder get smaller --- nixos/components/network/nginx.nix | 8 +- nixos/machines/bobi/configuration.nix | 3 +- nixos/machines/cherry/configuration.nix | 3 - nixos/machines/chungus/configuration.nix | 5 +- nixos/machines/cream/configuration.nix | 5 +- nixos/machines/dummy/configuration.nix | 55 ------- .../machines/dummy/hardware-configuration.nix | 9 -- nixos/machines/mobi/configuration.nix | 3 +- nixos/machines/orbi/configuration.nix | 9 +- nixos/machines/robi/configuration.nix | 3 - nixos/machines/sternchen/configuration.nix | 3 +- nixos/machines/sterni/configuration.nix | 2 +- nixos/{system/all => modules}/borg-jobs.nix | 0 nixos/modules/default.nix | 6 +- .../initssh.nix => modules/init-ssh.nix} | 10 +- nixos/pkgs/nginx-show-config/default.nix | 7 + .../nginx-show-config/nginx-show-config.py | 40 +++++ nixos/system/all/default.nix | 5 - nixos/system/all/packages.nix | 2 - .../system/all/packages/llvm-config-dummy.nix | 43 ------ nixos/system/desktop/default.nix | 18 --- nixos/system/proxy/default.nix | 12 -- nixos/system/server/default.nix | 23 --- nixos/system/server/graylog-exporter.nix | 139 ------------------ nixos/system/server/packages.nix | 20 --- nixos/system/server/prometheus-exporters.nix | 8 - 26 files changed, 74 insertions(+), 367 deletions(-) delete mode 100644 nixos/machines/dummy/configuration.nix delete mode 100644 nixos/machines/dummy/hardware-configuration.nix rename nixos/{system/all => modules}/borg-jobs.nix (100%) rename nixos/{system/server/initssh.nix => modules/init-ssh.nix} (96%) create mode 100644 nixos/pkgs/nginx-show-config/default.nix create mode 100644 nixos/pkgs/nginx-show-config/nginx-show-config.py delete mode 100644 nixos/system/all/packages/llvm-config-dummy.nix delete mode 100644 nixos/system/desktop/default.nix delete mode 100644 nixos/system/proxy/default.nix delete mode 100644 nixos/system/server/default.nix delete mode 100644 nixos/system/server/graylog-exporter.nix delete mode 100644 nixos/system/server/packages.nix delete mode 100644 nixos/system/server/prometheus-exporters.nix diff --git a/nixos/components/network/nginx.nix b/nixos/components/network/nginx.nix index 658e927..ab87afa 100644 --- a/nixos/components/network/nginx.nix +++ b/nixos/components/network/nginx.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, assets, ... }: with lib; { options.components.network.nginx.enable = mkOption { @@ -8,6 +8,12 @@ with lib; config = mkIf (config.components.network.nginx.enable) { + environment.systemPackages = [ + pkgs.nginx-config-formatter + (pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; } + (lib.fileContents "${assets}/nginx-show-config.py")) + ]; + security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.acceptTerms = true; diff --git a/nixos/machines/bobi/configuration.nix b/nixos/machines/bobi/configuration.nix index c4a329f..3d0e629 100644 --- a/nixos/machines/bobi/configuration.nix +++ b/nixos/machines/bobi/configuration.nix @@ -3,7 +3,8 @@ imports = [ ../../components - ../../system/desktop + ../../modules + ./hardware-configuration.nix ./tinc.nix ./syncthing.nix diff --git a/nixos/machines/cherry/configuration.nix b/nixos/machines/cherry/configuration.nix index dfc63da..43c4f75 100644 --- a/nixos/machines/cherry/configuration.nix +++ b/nixos/machines/cherry/configuration.nix @@ -3,10 +3,7 @@ imports = [ - # last system packages that need to be migrated to components - ../../system/all/borg-jobs.nix ../../modules - ../../components ./disko-config.nix diff --git a/nixos/machines/chungus/configuration.nix b/nixos/machines/chungus/configuration.nix index b12adbb..45fb0e4 100644 --- a/nixos/machines/chungus/configuration.nix +++ b/nixos/machines/chungus/configuration.nix @@ -2,8 +2,11 @@ imports = [ - ../../system/server + # todo : remove + ../../system/all + ../../components + ../../modules ./hardware-configuration diff --git a/nixos/machines/cream/configuration.nix b/nixos/machines/cream/configuration.nix index 572a09d..fae5b98 100644 --- a/nixos/machines/cream/configuration.nix +++ b/nixos/machines/cream/configuration.nix @@ -3,11 +3,8 @@ imports = [ - # last system packages that need to be migrated to components - ../../system/all/borg-jobs.nix - ../../modules - ../../components + ../../modules ./hardware-configuration.nix diff --git a/nixos/machines/dummy/configuration.nix b/nixos/machines/dummy/configuration.nix deleted file mode 100644 index a3a70d2..0000000 --- a/nixos/machines/dummy/configuration.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, config, pkgs, ... }: { - imports = [ - - - - - - ./hardware-configuration.nix - - ]; - - # enable initrd ssh - configuration.init-ssh = { - enable = "enabled"; - kernelModules = [ "virtio_pci" ]; - hostECDSAKey = ; - }; - - networking.hostName = "dummy"; - - # allow un-free - # ------------- - # todo : put this in flake - environment.variables.NIXPKGS_ALLOW_UNFREE = "1"; - - # some system stuff - # ----------------- - time.timeZone = lib.mkDefault "Europe/Berlin"; - #time.timeZone = lib.mkDefault "Pacific/Auckland"; - #time.timeZone = lib.mkDefault "Asia/Singapore"; - #time.timeZone = lib.mkDefault "Asia/Makassar"; - - i18n.defaultLocale = "en_US.UTF-8"; - console.font = "Lat2-Terminus16"; - console.keyMap = "us"; - - # swappiness - # ---------- - # 0 = only when running out of RAM - # 100 = always swapp - boot.kernel.sysctl."vm.swappiness" = 0; - - # rewire NIX_PATH - # --------------- - environment.variables.NIX_PATH = lib.mkForce "/var/src"; - - environment.systemPackages = [ pkgs.git ]; - - boot.initrd.network.postCommands = lib.mkAfter '' - echo "sleep engineering" - sleep 120 - ''; - -} - diff --git a/nixos/machines/dummy/hardware-configuration.nix b/nixos/machines/dummy/hardware-configuration.nix deleted file mode 100644 index 81c8290..0000000 --- a/nixos/machines/dummy/hardware-configuration.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: { - imports = [ ]; - boot.loader.grub.device = "/dev/sda"; - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; -} - diff --git a/nixos/machines/mobi/configuration.nix b/nixos/machines/mobi/configuration.nix index dc63fa0..bd7f766 100644 --- a/nixos/machines/mobi/configuration.nix +++ b/nixos/machines/mobi/configuration.nix @@ -3,7 +3,8 @@ imports = [ ../../components - ../../system/desktop + ../../modules + ./hardware-configuration.nix ./tinc.nix ./syncthing.nix diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix index 5fcf92d..b00e1bc 100644 --- a/nixos/machines/orbi/configuration.nix +++ b/nixos/machines/orbi/configuration.nix @@ -1,17 +1,14 @@ { lib, config, pkgs, ... }: { imports = [ - #../../system/all/nginx.nix - ../../system/all/borg-jobs.nix + ./hardware-configuration + ../../system/all/defaults.nix - ../../system/server/packages.nix + ../../components ../../modules - #./disko-config.nix - #./hetzner.nix - ./hardware-configuration # services #./borg.nix diff --git a/nixos/machines/robi/configuration.nix b/nixos/machines/robi/configuration.nix index 3f50a64..4b3f70d 100644 --- a/nixos/machines/robi/configuration.nix +++ b/nixos/machines/robi/configuration.nix @@ -2,12 +2,9 @@ imports = [ # ../../system/all/nginx.nix - ../../system/all/borg-jobs.nix ../../system/all/defaults.nix - ../../system/server/packages.nix ../../components - ../../modules ./hetzner.nix diff --git a/nixos/machines/sternchen/configuration.nix b/nixos/machines/sternchen/configuration.nix index 93a49a2..75babba 100644 --- a/nixos/machines/sternchen/configuration.nix +++ b/nixos/machines/sternchen/configuration.nix @@ -3,7 +3,8 @@ imports = [ ../../components - ../../system/desktop + ../../modules + ./hardware-configuration.nix ./packages.nix diff --git a/nixos/machines/sterni/configuration.nix b/nixos/machines/sterni/configuration.nix index da9026f..da206d5 100644 --- a/nixos/machines/sterni/configuration.nix +++ b/nixos/machines/sterni/configuration.nix @@ -3,7 +3,7 @@ imports = [ ../../components - ../../system/desktop + ../../modules ./hardware-configuration.nix ./packages.nix diff --git a/nixos/system/all/borg-jobs.nix b/nixos/modules/borg-jobs.nix similarity index 100% rename from nixos/system/all/borg-jobs.nix rename to nixos/modules/borg-jobs.nix diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 3de097a..0bbde21 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,11 +1,13 @@ { imports = [ + ./borg-jobs.nix + ./browser.nix ./castget.nix + ./init-ssh.nix ./rbackup.nix ./samba-share.nix - ./taskwarrior-pushover.nix ./taskwarrior-autotag.nix - ./browser.nix + ./taskwarrior-pushover.nix ]; } diff --git a/nixos/system/server/initssh.nix b/nixos/modules/init-ssh.nix similarity index 96% rename from nixos/system/server/initssh.nix rename to nixos/modules/init-ssh.nix index 2513908..59b6667 100644 --- a/nixos/system/server/initssh.nix +++ b/nixos/modules/init-ssh.nix @@ -1,14 +1,11 @@ { config, lib, pkgs, ... }: - with lib; - let - cfg = config.configuration.init-ssh; - in { + # todo : this is kinda deprecated. It should be replaced some day with something more simple, and put in a module. options.configuration.init-ssh = { enable = mkOption { @@ -16,11 +13,6 @@ in type = with types; enum [ "disable" "prepare" "enabled" ]; }; - #mode = mkOption { - # default = "ssh"; - # type = with types; enum [ "ssh" "ssh+tor" ]; - #}; - kernelModules = mkOption { type = with types; listOf str; description = diff --git a/nixos/pkgs/nginx-show-config/default.nix b/nixos/pkgs/nginx-show-config/default.nix new file mode 100644 index 0000000..2f2756a --- /dev/null +++ b/nixos/pkgs/nginx-show-config/default.nix @@ -0,0 +1,7 @@ +{ writers, fileContents, ... }: +pkgs.writers.writePython3Bin "nginx-show-config" +{ + flakeIgnore = [ "E265" "E225" "W292" ]; + libraries = [ nginx-config-formatter ]; +} + (lib.fileContents ./nginx-show-config.py) diff --git a/nixos/pkgs/nginx-show-config/nginx-show-config.py b/nixos/pkgs/nginx-show-config/nginx-show-config.py new file mode 100644 index 0000000..06cd646 --- /dev/null +++ b/nixos/pkgs/nginx-show-config/nginx-show-config.py @@ -0,0 +1,40 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p nginx-config-formatter python3 -i python3 + +import os +import re +import shutil +import subprocess +import sys +from tempfile import TemporaryDirectory + + +def nginx_config() -> str: + reload_config = "/etc/nginx/nginx.conf" + if os.path.exists(reload_config): + return reload_config + out = subprocess.check_output(["systemctl", "cat", "nginx"]) + match = re.search(r"-c '(\S+-nginx\.conf)", out.decode("utf-8")) + if not match: + print("Could not find nginx.conf in nginx.service", file=sys.stderr) + sys.exit(1) + + return match.group(1) + + +def main(): + config_path = nginx_config() + with TemporaryDirectory() as temp_dir: + temp_path = os.path.join(temp_dir, "nginx.conf") + with open(temp_path, "wb+") as temp_file, open( + config_path, "rb" + ) as config_file: + shutil.copyfileobj(config_file, temp_file) + temp_file.flush() + subprocess.check_call(["nginxfmt", temp_file.name]) + editor = os.environ.get("EDITOR", "cat") + subprocess.check_call([editor, temp_file.name] + sys.argv[1:]) + + +if __name__ == "__main__": + main() diff --git a/nixos/system/all/default.nix b/nixos/system/all/default.nix index 052155c..083bb0e 100644 --- a/nixos/system/all/default.nix +++ b/nixos/system/all/default.nix @@ -4,14 +4,9 @@ ../../modules ../../components/network - ./defaults.nix - ./grub.nix - #./nginx-landingpage.nix - #./nginx.nix ./packages.nix - ./borg-jobs.nix ./borg-scripts.nix ]; diff --git a/nixos/system/all/packages.nix b/nixos/system/all/packages.nix index 6379cf5..cb1a671 100644 --- a/nixos/system/all/packages.nix +++ b/nixos/system/all/packages.nix @@ -41,8 +41,6 @@ let in { - #imports = [ ./packages/llvm-config-dummy.nix ]; - programs.tmux = { enable = true; clock24 = true; diff --git a/nixos/system/all/packages/llvm-config-dummy.nix b/nixos/system/all/packages/llvm-config-dummy.nix deleted file mode 100644 index 06f89b3..0000000 --- a/nixos/system/all/packages/llvm-config-dummy.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, config, lib, ... }: -with pkgs.lib; { - environment.systemPackages = - let - llvm = pkgs.llvm; - llvm-config = pkgs.writers.writeBashBin "llvm-config" '' - while [[ $# -gt 0 ]]; do - arg="$1" - case $arg in - --assertion-mode) - echo "OFF" - ;; - --bindir) - echo "${getBin llvm}/bin" - ;; - --libdir) - echo "${getLib llvm}/lib" - ;; - --includedir) - echo "${getDev llvm}/include" - ;; - --prefix) - echo "${llvm.out}" - ;; - --src-root) - echo "/build/llvm"; - ;; - --obj-root) - echo "/build/llvm/build"; - ;; - --cmakedir) - echo "${getDev llvm}/lib/cmake/llvm" - ;; - *) - echo "Unhandled argument '$arg' passed to dummy llvm-config!" - exit 1 - esac - shift - done - ''; - in - [ llvm-config ]; -} diff --git a/nixos/system/desktop/default.nix b/nixos/system/desktop/default.nix deleted file mode 100644 index 222093c..0000000 --- a/nixos/system/desktop/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, lib, ... }: { - - imports = [ - ../all - ]; - - backup.dirs = [ - "${config.users.users.mainUser.home}/.config/noti" - "${config.users.users.mainUser.home}/.password-store" - "${config.users.users.mainUser.home}/.task" - "${config.users.users.mainUser.home}/.vit" - ]; - - services.urxvtd.enable = true; - - -} - diff --git a/nixos/system/proxy/default.nix b/nixos/system/proxy/default.nix deleted file mode 100644 index 223c52e..0000000 --- a/nixos/system/proxy/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: { - - imports = [ - ../../system/all - ../../system/server/graylog-exporter.nix - ../../system/server/prometheus-exporters.nix - ]; - - services.sshguard.enable = true; - -} - diff --git a/nixos/system/server/default.nix b/nixos/system/server/default.nix deleted file mode 100644 index 47c2365..0000000 --- a/nixos/system/server/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: { - - imports = [ - ../../system/all - #./netdata.nix - ./initssh.nix - #./graylog-exporter.nix - ./prometheus-exporters.nix - ./packages.nix - ]; - - # make sure laptops stay awake when closing the montior - services.logind.lidSwitch = "ignore"; - powerManagement.enable = false; - #powerManagement.scsiLinkPolicy = "min_power"; - - services.locate.enable = true; - services.locate.locate = pkgs.mlocate; - services.locate.localuser = null; - - -} - diff --git a/nixos/system/server/graylog-exporter.nix b/nixos/system/server/graylog-exporter.nix deleted file mode 100644 index 9cb9ce3..0000000 --- a/nixos/system/server/graylog-exporter.nix +++ /dev/null @@ -1,139 +0,0 @@ -{ lib, ... }: { - - # send data to graylog - services.SystemdJournal2Gelf.enable = lib.mkDefault false; - services.SystemdJournal2Gelf.graylogServer = "workhorse.private:11201"; - - services.journalbeat = { - enable = true; - # https://docs.graylog.org/en/4.0/pages/sending/journald.html - extraConfig = '' - journalbeat.inputs: - # Paths that should be crawled and fetched. Possible values files and directories. - # When setting a directory, all journals under it are merged. - # When empty starts to read from local journal. - - paths: [] - - # The number of seconds to wait before trying to read again from journals. - #backoff: 1s - # The maximum number of seconds to wait before attempting to read again from journals. - #max_backoff: 20s - - # Position to start reading from journal. Valid values: head, tail, cursor - seek: tail - - # Fallback position if no cursor data is available. - #cursor_seek_fallback: tail - - # Exact matching for field values of events. - # Matching for nginx entries: "systemd.unit=nginx" - #include_matches: [] - - output.logstash: - # Boolean flag to enable or disable the output module. - enabled: true - - # Graylog host and the beats input - hosts: ["workhorse.private:5044"] - - # Number of workers per Graylog host. - #worker: 1 - - # Set gzip compression level. - #compression_level: 3 - - # Configure escaping HTML symbols in strings. - #escape_html: false - - # Optional maximum time to live for a connection to Graylog, after which the - # connection will be re-established. A value of `0s` (the default) will - # disable this feature. - # - # Not yet supported for async connections (i.e. with the "pipelining" option set) - ttl: 30s - - # Optionally load-balance events between Graylog hosts. Default is false. - #loadbalance: false - - # If enabled only a subset of events in a batch of events is transferred per - # transaction. The number of events to be sent increases up to `bulk_max_size` - # if no error is encountered. - slow_start: true - - # The number of seconds to wait before trying to reconnect to Graylog - # after a network error. After waiting backoff.init seconds, the Beat - # tries to reconnect. If the attempt fails, the backoff timer is increased - # exponentially up to backoff.max. After a successful connection, the backoff - # timer is reset. The default is 1s. - backoff.init: 1s - - # The maximum number of seconds to wait before attempting to connect to - # Graylog after a network error. The default is 60s. - backoff.max: 60s - - # SOCKS5 proxy server URL - #proxy_url: socks5://user:password@socks5-server:2233 - - # Resolve names locally when using a proxy server. Defaults to false. - #proxy_use_local_resolver: false - - # Enable SSL support. SSL is automatically enabled if any SSL setting is set. - #ssl.enabled: true - - # Configure SSL verification mode. If `none` is configured, all server hosts - # and certificates will be accepted. In this mode, SSL based connections are - # susceptible to man-in-the-middle attacks. Use only for testing. Default is - # `full`. - #ssl.verification_mode: full - - # List of supported/valid TLS versions. By default all TLS versions from 1.1 - # up to 1.3 are enabled. - #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] - - # Optional SSL configuration options. SSL is off by default. - # List of root certificates for HTTPS server verifications - #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] - - # Certificate for SSL client authentication - #ssl.certificate: "/etc/pki/client/cert.pem" - - # Client certificate key - #ssl.key: "/etc/pki/client/cert.key" - - # Optional passphrase for decrypting the Certificate Key. - #ssl.key_passphrase: - - # Configure cipher suites to be used for SSL connections - #ssl.cipher_suites: [] - - # Configure curve types for ECDHE-based cipher suites - #ssl.curve_types: [] - - # Configure what types of renegotiation are supported. Valid options are - # never, once, and freely. Default is never. - #ssl.renegotiation: never - - # Configure a pin that can be used to do extra validation of the verified certificate chain, - # this allow you to ensure that a specific certificate is used to validate the chain of trust. - # - # The pin is a base64 encoded string of the SHA-256 fingerprint. - #ssl.ca_sha256: "" - - # The number of times to retry publishing an event after a publishing failure. - # After the specified number of retries, the events are typically dropped. - # Some Beats, such as Filebeat and Winlogbeat, ignore the max_retries setting - # and retry until all events are published. Set max_retries to a value less - # than 0 to retry until all events are published. The default is 3. - #max_retries: 3 - - # The maximum number of events to bulk in a single Graylog request. The - # default is 2048. - bulk_max_size: 2048 - - # The number of seconds to wait for responses from the Graylog server before - # timing out. The default is 30s. - #timeout: 30s - ''; - }; - -} diff --git a/nixos/system/server/packages.nix b/nixos/system/server/packages.nix deleted file mode 100644 index 877f428..0000000 --- a/nixos/system/server/packages.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, config, lib, ... }: { - - # no need to to start a service - environment.systemPackages = - let - - nginxShowConfig = pkgs.writers.writePython3Bin "nginx-show-config" - { - flakeIgnore = [ "E265" "E225" "W292" ]; - } - (lib.fileContents ../../assets/nginx-show-config.py); - in - [ - pkgs.mosh - - # nginxfmt - pkgs.nginx-config-formatter - nginxShowConfig - ]; -} diff --git a/nixos/system/server/prometheus-exporters.nix b/nixos/system/server/prometheus-exporters.nix deleted file mode 100644 index f62479e..0000000 --- a/nixos/system/server/prometheus-exporters.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, ... }: { - config = lib.mkMerge [ - (lib.mkIf config.services.nginx.enable { - services.prometheus.exporters.nginx.enable = true; - services.nginx.statusPage = true; - }) - ]; -}