titaniumtown/server-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: titaniumtown:5e0dc780ad929bda314d3d5ace20a7b894c22d23
Branches Tags
titaniumtown:main
...
compare: titaniumtown:044379d6c0df9931dcf36287b5fcbb260ab175c5
Branches Tags
titaniumtown:main

4 Commits
5e0dc780ad ... 044379d6c0

Author SHA1 Message Date
Simon Gardling
044379d6c0 remove stuff used pre-deploy 2025-03-21 18:18:48 -04:00
Simon Gardling
9df61a823a activation scripts: proper file permissions 2025-03-21 18:16:40 -04:00
Simon Gardling
66aa77800f properly manage slskd_env file 2025-03-21 18:14:17 -04:00
Simon Gardling
defeb65b68 make config deployable 2025-03-21 18:07:04 -04:00
5 changed files with 34 additions and 24 deletions
Expand all files Collapse all files

21
configuration.nix
View File

@@ -53,13 +53,6 @@
}; };
}; };
# https://github.com/viperML/nh
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
};
boot = { boot = {
# 6.12 LTS until 2027 # 6.12 LTS until 2027
kernelPackages = pkgs.linuxPackages_6_12; kernelPackages = pkgs.linuxPackages_6_12;
@@ -105,9 +98,9 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
AllowUsers = [ username ]; AllowUsers = [ username "root" ];
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "yes"; # for deploying configs
}; };
}; };
@@ -128,8 +121,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
helix helix
nixfmt-rfc-style
lm_sensors lm_sensors
bottom bottom
htop htop
@@ -140,11 +131,11 @@
borgbackup borgbackup
smartmontools smartmontools
nil
ripgrep ripgrep
intel-gpu-tools intel-gpu-tools
iotop
iftop
tmux tmux
@@ -289,7 +280,7 @@
service_configs.torrent_group service_configs.torrent_group
]; ];
hashedPasswordFile = "${./secrets/hashedPass}"; hashedPasswordFile = builtins.toString ./secrets/hashedPass;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4jL6gYOunUlUtPvGdML0cpbKSsPNqQ1jit4E7U1RyH" # laptop
@@ -297,6 +288,8 @@
]; ];
}; };
users.users.root.openssh.authorizedKeys.keys = config.users.users.${username}.openssh.authorizedKeys.keys;
# https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell # https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
programs.fish.enable = true; programs.fish.enable = true;
programs.bash = { programs.bash = {

2
deploy.sh Executable file
View File

@@ -0,0 +1,2 @@
#!/bin/sh
nixos-rebuild switch --flake .#muffin --target-host root@server --build-host root@server --verbose

18
flake.lock generated
View File

@@ -183,11 +183,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742262784, "lastModified": 1742522051,
"narHash": "sha256-a/Knvms22n1Co7TR5uXW+gvpIZcmNWxzm7oUM+Unyok=", "narHash": "sha256-uDlj+5J7eTuFkDaNl9cYf++gJdEW23Z4zSuDcNANIQc=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "b72f0bc3698833e2d079fce2edf5bda04d411287", "rev": "57464e795fd31ceef845d7ce454d3b83e80e283e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -198,11 +198,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1742217307, "lastModified": 1742376361,
"narHash": "sha256-3fwpN7KN226ghLlpO9TR0/WpgQOmOj1e8bieUxpIYSk=", "narHash": "sha256-VFMgJkp/COvkt5dnkZB4D2szVdmF6DGm5ZdVvTUy61c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4f4d97d7b7be387286cc9c988760a7ebaa5be1f1", "rev": "daaae13dff0ecc692509a1332ff9003d9952d7a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -214,11 +214,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1742268799, "lastModified": 1742562948,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", "narHash": "sha256-QUnzAW7CW0sCkFN1Kez/8UVq8EbBGNKOfHZHIZON0XQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "da044451c6a70518db5b730fe277b70f494188f1", "rev": "e7a04ccc42104e0554f0a2325930fe98db9a5325",
"type": "github" "type": "github"
}, },
"original": { "original": {

15
services/soulseek.nix
View File

@@ -6,13 +6,26 @@
username, username,
... ...
}: }:
let
slskd_env = "/etc/slskd_env";
in
{ {
users.groups."music" = { }; users.groups."music" = { };
system.activationScripts = {
"zfs-key".text = ''
#!/bin/sh
rm -fr ${slskd_env} || true
cp ${../secrets/slskd_env} ${slskd_env}
chmod 0500 ${slskd_env}
chown ${config.services.slskd.user}:${config.services.slskd.group} ${slskd_env}
'';
};
services.slskd = { services.slskd = {
enable = true; enable = true;
domain = null; # null so we don't use nginx reverse proxy domain = null; # null so we don't use nginx reverse proxy
environmentFile = ../secrets/slskd_env; environmentFile = slskd_env;
settings = { settings = {
web = { web = {

2
zfs.nix
View File

@@ -12,6 +12,8 @@ in
#!/bin/sh #!/bin/sh
rm -fr ${zfs-key} || true rm -fr ${zfs-key} || true
cp ${./secrets/zfs-key} ${zfs-key} cp ${./secrets/zfs-key} ${zfs-key}
chmod 0500 ${zfs-key}
chown root:wheel ${zfs-key}
''; '';
}; };