diff --git a/flake.lock b/flake.lock index dd59ff3..ac9a2f2 100644 --- a/flake.lock +++ b/flake.lock @@ -40,24 +40,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -110,7 +92,9 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": [ + "flake-utils" + ], "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -225,24 +209,11 @@ "type": "github" } }, - "nix-filter_2": { - "locked": { - "lastModified": 1731533336, - "narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=", - "owner": "numtide", - "repo": "nix-filter", - "rev": "f7653272fd234696ae94229839a99b73c9ab7de0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "nix-filter", - "type": "github" - } - }, "nix-vscode-extensions": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": [ + "flake-utils" + ], "nixpkgs": [ "nixpkgs" ] @@ -295,10 +266,12 @@ }, "root": { "inputs": { + "flake-utils": "flake-utils", "home-manager": "home-manager", "lix-module": "lix-module", "naersk": "naersk", "niri": "niri", + "nix-filter": "nix-filter", "nix-vscode-extensions": "nix-vscode-extensions", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", @@ -329,7 +302,9 @@ "naersk": [ "naersk" ], - "nix-filter": "nix-filter", + "nix-filter": [ + "nix-filter" + ], "nixpkgs": [ "nixpkgs" ] @@ -353,7 +328,9 @@ "naersk": [ "naersk" ], - "nix-filter": "nix-filter_2", + "nix-filter": [ + "nix-filter" + ], "nixpkgs": [ "nixpkgs" ] @@ -387,21 +364,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "xwayland-satellite-stable": { "flake": false, "locked": { diff --git a/flake.nix b/flake.nix index e719f8d..1791bbb 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,7 @@ url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs = { nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; }; }; @@ -37,6 +38,7 @@ inputs = { nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; + nix-filter.follows = "nix-filter"; }; }; @@ -45,6 +47,7 @@ inputs = { nixpkgs.follows = "nixpkgs"; naersk.follows = "naersk"; + nix-filter.follows = "nix-filter"; }; }; @@ -52,8 +55,13 @@ url = "github:nix-community/nix-vscode-extensions"; inputs = { nixpkgs.follows = "nixpkgs"; + flake-utils.follows = "flake-utils"; }; }; + + # this is used to pin transitive dependencies to the same version + flake-utils.url = "github:numtide/flake-utils"; + nix-filter.url = "github:numtide/nix-filter"; }; outputs = @@ -96,41 +104,42 @@ in nixpkgs.lib.nixosSystem { inherit system specialArgs; - modules = [ - lix-module.nixosModules.default + modules = + [ + lix-module.nixosModules.default - { networking.hostName = device; } + { networking.hostName = device; } - ./modules/globalinstalls.nix - ./modules/networking.nix - ./modules/nixpkgs.nix + ./modules/globalinstalls.nix + ./modules/networking.nix + ./modules/nixpkgs.nix - ./hosts/${device}/hardware.nix - ./hosts/${device}/imports.nix - ./hosts/${device}/configuration.nix + ./hosts/${device}/hardware.nix + ./hosts/${device}/imports.nix + ./hosts/${device}/configuration.nix - { - nixpkgs.overlays = [ - overlays.unstable-packages - ]; - } - ] - ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [ - home-manager.nixosModules.home-manager - { home-manager.extraSpecialArgs = specialArgs; } - ./modules/home-manager.nix + { + nixpkgs.overlays = [ + overlays.unstable-packages + ]; + } + ] + ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [ + home-manager.nixosModules.home-manager + { home-manager.extraSpecialArgs = specialArgs; } + ./modules/home-manager.nix - ./modules/i18n.nix + ./modules/i18n.nix - niri.nixosModules.niri - { - nixpkgs.overlays = [ - niri.overlays.niri - overlays.servicepoint-packages - nix-vscode-extensions.overlays.default - ]; - } - ]); + niri.nixosModules.niri + { + nixpkgs.overlays = [ + niri.overlays.niri + overlays.servicepoint-packages + nix-vscode-extensions.overlays.default + ]; + } + ]); } ); diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix index 6e0ff64..db55596 100644 --- a/home/vinzenz/default.nix +++ b/home/vinzenz/default.nix @@ -30,7 +30,7 @@ ./fuzzel.nix ./git.nix ./gnome.nix - #./niri.nix + ./niri.nix ./ssh.nix ./swaylock.nix ./vscode.nix diff --git a/home/vinzenz/niri.nix b/home/vinzenz/niri.nix index 3cb557a..7c90a93 100644 --- a/home/vinzenz/niri.nix +++ b/home/vinzenz/niri.nix @@ -1,5 +1,7 @@ { pkgs, + lib, + devices, config, ... }: diff --git a/hosts/hetzner-vpn2/nginx.nix b/hosts/hetzner-vpn2/nginx.nix index b29451a..ff00daa 100644 --- a/hosts/hetzner-vpn2/nginx.nix +++ b/hosts/hetzner-vpn2/nginx.nix @@ -1,8 +1,4 @@ -{ inputs, pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-blog.sock"; -in +{ pkgs, inputs, ... }: { security.acme = { acceptTerms = true; @@ -10,16 +6,8 @@ in }; security.pam.services.nginx.setEnvironment = false; - systemd.services = { - nginx.serviceConfig = { - SupplementaryGroups = [ - "shadow" - "anubis" - ]; - }; - anubis-main.serviceConfig = { - SupplementaryGroups = [ "nginx" ]; - }; + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = [ "shadow" ]; }; services.nginx = { @@ -70,34 +58,13 @@ in "zerforschen.plus" = { addSSL = true; enableACME = true; - locations."/" = { - proxyPass = ("http://unix:" + anubis-domain-socket); - }; - }; - - "vinzenz-lpt2-in-anubis" = { root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; - listen = [ - { - addr = ("unix:" + blog-domain-socket); - } - ]; }; }; - - anubis = { - instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/hosts/vinzenz-lpt2/imports.nix b/hosts/vinzenz-lpt2/imports.nix index f9a0ae1..7e9f61a 100644 --- a/hosts/vinzenz-lpt2/imports.nix +++ b/hosts/vinzenz-lpt2/imports.nix @@ -4,7 +4,7 @@ ../../modules/gaming.nix ../../modules/printing.nix ../../modules/podman.nix - #../../modules/niri.nix + ../../modules/niri.nix ../../modules/desktop-environment.nix ../../modules/desktop-hardware.nix diff --git a/hosts/vinzenz-lpt2/nginx.nix b/hosts/vinzenz-lpt2/nginx.nix index 302a271..c0715f0 100644 --- a/hosts/vinzenz-lpt2/nginx.nix +++ b/hosts/vinzenz-lpt2/nginx.nix @@ -1,66 +1,30 @@ -{ inputs, pkgs, ... }: -let - blog-domain-socket = "/run/nginx/blog.sock"; - anubis-domain-socket = "/run/anubis/anubis-blog.sock"; -in -{ - users.groups = { - anubis.members = [ "nginx" ]; - nginx.members = [ "anubis" ]; +_: { + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "vinzenz-lpt2" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3000/"; + proxyWebsockets = true; + }; + + serverAliases = [ "172.23.42.96" ]; + }; + }; }; - services = { - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - #"vinzenz-lpt2" = { - # locations."/" = { - # proxyPass = "http://127.0.0.1:3000/"; - # proxyWebsockets = true; - # }; - # - # serverAliases = [ "172.23.42.96" ]; - #}; - - "vinzenz-lpt2" = { - locations."/" = { - proxyPass = ("http://unix:" + anubis-domain-socket); - }; - }; - - "vinzenz-lpt2-in-anubis" = { - root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; - listen = [ - { - addr = ("unix:" + blog-domain-socket); - } - ]; - }; - }; - }; - - #networking.firewall = { - # allowedTCPPorts = [ - # 80 - # 8001 - # 3000 - # ]; - # allowedUDPPorts = [ 2342 ]; - #}; - - anubis = { - instances.main = { - enable = true; - settings = { - BIND = anubis-domain-socket; - TARGET = "unix://" + blog-domain-socket; - }; - }; - }; + networking.firewall = { + allowedTCPPorts = [ + 80 + 8001 + 3000 + ]; + allowedUDPPorts = [ 2342 ]; }; }