treewide: delete unused code
parent
8fb7a5cac9
commit
360782bd4a
|
@ -1,50 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption mkOption types mkIf;
|
||||
cfg = config."nixos-in-place";
|
||||
in
|
||||
{
|
||||
imports = [ ];
|
||||
options."nixos-in-place" = {
|
||||
enable = mkEnableOption "enable nixos-in-place FS";
|
||||
rootfs = mkOption {
|
||||
type = types.str;
|
||||
description = "device name for root fs";
|
||||
};
|
||||
swapfs = mkOption {
|
||||
type = types.str;
|
||||
description = "device name for root fs";
|
||||
};
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
boot = {
|
||||
kernelModules = [ ];
|
||||
extraModulePackages = [ ];
|
||||
kernelParams = ["root=${cfg.rootfs}" "boot.shell_on_fail"];
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
storePath = "/nixos/nix/store";
|
||||
};
|
||||
initrd = {
|
||||
supportedFilesystems = [ "ext4" ];
|
||||
postDeviceCommands = ''
|
||||
mkdir -p /mnt-root/old-root ;
|
||||
mount -t ext4 ${cfg.rootfs} /mnt-root/old-root ;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/old-root/nixos";
|
||||
fsType = "none";
|
||||
options = [ "bind" ];
|
||||
};
|
||||
"/old-root" = {
|
||||
device = cfg.rootfs;
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
swapDevices = [ { device = cfg.swapfs; } ];
|
||||
};
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let cfg = config.services.victoriametrics; in
|
||||
{
|
||||
options.services.victoriametrics = with lib; {
|
||||
enable = mkEnableOption "victoriametrics";
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.victoriametrics;
|
||||
defaultText = "pkgs.victoriametrics";
|
||||
description = ''
|
||||
The VictoriaMetrics distribution to use.
|
||||
'';
|
||||
};
|
||||
http = mkOption {
|
||||
default = ":8428";
|
||||
type = types.str;
|
||||
description = ''
|
||||
The listen address for the http interface.
|
||||
'';
|
||||
};
|
||||
retentionPeriod = mkOption {
|
||||
type = types.int;
|
||||
default = 1;
|
||||
description = ''
|
||||
Retention period in months.
|
||||
'';
|
||||
};
|
||||
extraOptions = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
Extra options to pass to VictoriaMetrics. See
|
||||
the README or victoriametrics -help for more
|
||||
information.
|
||||
'';
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.victoriametrics = {
|
||||
description = "VictoriaMetrics time series database";
|
||||
serviceConfig = {
|
||||
StateDirectory = "victoriametrics";
|
||||
DynamicUser = true;
|
||||
ExecStart = "${cfg.package}/bin/victoria-metrics -storageDataPath=/var/lib/victoriametrics -httpListenAddr ${cfg.http} -retentionPeriod ${toString cfg.retentionPeriod} ${lib.concatStringsSep " " cfg.extraOptions}";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,70 +0,0 @@
|
|||
{ config, pkgs, lib, ...}:
|
||||
let
|
||||
secrets = import <secrets>;
|
||||
in
|
||||
{
|
||||
services.collectd = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
LoadPlugin network
|
||||
|
||||
LoadPlugin conntrack
|
||||
LoadPlugin cpu
|
||||
LoadPlugin df
|
||||
LoadPlugin disk
|
||||
LoadPlugin interface
|
||||
LoadPlugin fhcount
|
||||
LoadPlugin load
|
||||
LoadPlugin memory
|
||||
LoadPlugin processes
|
||||
LoadPlugin swap
|
||||
LoadPlugin tcpconns
|
||||
LoadPlugin uptime
|
||||
LoadPlugin users
|
||||
LoadPlugin sensors
|
||||
|
||||
|
||||
<Plugin tcpconns>
|
||||
LocalPort "443"
|
||||
</Plugin>
|
||||
<Plugin "network">
|
||||
<Server "graphs.yori.cc">
|
||||
Username "${config.networking.hostName}"
|
||||
Password "${secrets.influx_pass.${config.networking.hostName}}"
|
||||
</Server>
|
||||
</Plugin>
|
||||
<Plugin "df">
|
||||
FSType "btrfs"
|
||||
FSType "ext3"
|
||||
FSType "ext4"
|
||||
FSType "vfat"
|
||||
</Plugin>
|
||||
'';
|
||||
};
|
||||
boot.kernel.sysctl."net.core.rmem_max" = 26214400;
|
||||
boot.kernel.sysctl."net.core.rmem_default" = 26214400;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
collectd = pkgs.collectd.override {
|
||||
jdk = null;
|
||||
libcredis = null;
|
||||
libdbi = null;
|
||||
libmemcached = null; cyrus_sasl = null;
|
||||
libmodbus = null;
|
||||
libnotify = null; gdk_pixbuf = null;
|
||||
libsigrok = null;
|
||||
libvirt = null;
|
||||
libxml2 = null;
|
||||
libtool = null;
|
||||
lvm2 = null;
|
||||
mysql = null;
|
||||
protobufc = null;
|
||||
python = null;
|
||||
rabbitmq-c = null;
|
||||
riemann_c_client = null;
|
||||
rrdtool = null;
|
||||
varnish = null;
|
||||
yajl = null;
|
||||
net_snmp = null;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,52 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.yorick.gogs;
|
||||
in
|
||||
{
|
||||
options.services.yorick.gogs = with lib; {
|
||||
enable = mkEnableOption "gogs";
|
||||
dir = mkOption { type = types.str; default = "/var/gogs"; };
|
||||
port = mkOption { type = types.int; default = 8001; };
|
||||
vhost = mkOption { type = types.str; };
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
|
||||
users.extraUsers.git = { home = cfg.dir; extraGroups = [ "git" ]; useDefaultShell = true;};
|
||||
users.extraGroups.git = { };
|
||||
services.gogs = rec {
|
||||
enable = true;
|
||||
user = "git";
|
||||
group = "git";
|
||||
database.user = "root";
|
||||
stateDir = cfg.dir;
|
||||
repositoryRoot = "${stateDir}/gogs-repositories";
|
||||
rootUrl = "https://${cfg.vhost}/";
|
||||
httpAddress = "localhost";
|
||||
httpPort = cfg.port;
|
||||
extraConfig = ''
|
||||
[service]
|
||||
REGISTER_EMAIL_CONFIRM = false
|
||||
ENABLE_NOTIFY_MAIL = false
|
||||
DISABLE_REGISTRATION = true
|
||||
REQUIRE_SIGNIN_VIEW = false
|
||||
[picture]
|
||||
DISABLE_GRAVATAR = false
|
||||
AVATAR_UPLOAD_PATH = ${cfg.dir}/data/avatars
|
||||
[mailer]
|
||||
ENABLED = false
|
||||
'';
|
||||
domain = cfg.vhost;
|
||||
};
|
||||
users.extraUsers.gogs.createHome = lib.mkForce false;
|
||||
services.nginx.virtualHosts.${cfg.vhost} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||
extraConfig = ''
|
||||
proxy_buffering off;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
# use together with ./collectd.nix
|
||||
{ config, pkgs, lib, ...}:
|
||||
let
|
||||
secrets = import <secrets>;
|
||||
grafana_port = 3000;
|
||||
domain = "graphs.yori.cc";
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [25826];
|
||||
services.influxdb = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
collectd = [{
|
||||
enabled = true;
|
||||
typesdb = "${pkgs.collectd}/share/collectd/types.db";
|
||||
database = "collectd_db";
|
||||
"security-level" = "sign";
|
||||
"auth-file" = pkgs.writeText "collectd_auth"
|
||||
(builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: p: "${n}: ${p}") secrets.influx_pass) + "\n");
|
||||
port = 25826;
|
||||
}];
|
||||
};
|
||||
};
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
inherit domain;
|
||||
rootUrl = "https://${domain}/";
|
||||
port = grafana_port;
|
||||
};
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString grafana_port}";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
{config, pkgs, lib, ...}:
|
||||
{
|
||||
options.services.yorick.quassel = {
|
||||
enable = lib.mkEnableOption "quassel container";
|
||||
};
|
||||
config = lib.mkIf config.services.yorick.quassel.enable {
|
||||
containers.quassel = {
|
||||
config = { config, pkgs, ... }: {
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql94;
|
||||
extraConfig = ''
|
||||
max_connections = 10
|
||||
shared_buffers = 1GB
|
||||
effective_cache_size = 4GB
|
||||
work_mem = 50MB
|
||||
maintenance_work_mem = 100MB
|
||||
'';
|
||||
};
|
||||
services.quassel = {
|
||||
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/quassel.nix
|
||||
enable = true;
|
||||
interfaces = ["0.0.0.0"];
|
||||
};
|
||||
environment.systemPackages = [
|
||||
pkgs.quasselDaemon
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [4242];
|
||||
};
|
||||
privateNetwork = true;
|
||||
hostAddress = "192.168.125.1";
|
||||
localAddress = "192.168.125.11";
|
||||
};
|
||||
# give the containers networking
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-+"];
|
||||
externalInterface = "enp2s0";
|
||||
forwardPorts = [
|
||||
{ sourcePort = 4242; destination = "192.168.125.11:4242"; }
|
||||
];
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [4242];
|
||||
};
|
||||
}
|
|
@ -1,57 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
acmeKeyDir = "${config.security.acme.directory}/${cfg.vhost}";
|
||||
communityModules = [ "mam" "carbons" "smacks" ];
|
||||
cfg = config.services.yorick.xmpp;
|
||||
in
|
||||
{
|
||||
options.services.yorick.xmpp = with lib; {
|
||||
enable = mkEnableOption "xmpp";
|
||||
vhost = mkOption { type = types.str; };
|
||||
admins = mkOption { type = types.listOf types.str; };
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
# XMPP
|
||||
services.prosody = let
|
||||
in {
|
||||
enable = true;
|
||||
|
||||
allowRegistration = false;
|
||||
extraModules = [ "private" "vcard" "privacy" "compression" "muc" "pep" "adhoc" "lastactivity" "admin_adhoc" "blocklist"] ++ communityModules;
|
||||
virtualHosts.default = {
|
||||
enabled = true;
|
||||
domain = cfg.vhost;
|
||||
ssl = {
|
||||
key = "/var/lib/prosody/keys/key.pem";
|
||||
cert = "/var/lib/prosody/keys/fullchain.pem";
|
||||
};
|
||||
};
|
||||
# TODO: Component "chat.yori.cc" "muc" # also proxy65 and pubsub?
|
||||
extraConfig = ''
|
||||
use_libevent = true
|
||||
s2s_require_encryption = true
|
||||
c2s_require_encryption = true
|
||||
archive_expires_after = "never"
|
||||
storage = {
|
||||
archive2 = "sql";
|
||||
}
|
||||
'';
|
||||
inherit (cfg) admins;
|
||||
package = pkgs.prosody.override {
|
||||
withZlib = true; withDBI = true;
|
||||
withCommunityModules = communityModules;
|
||||
};
|
||||
};
|
||||
systemd.services.prosody.serviceConfig.PermissionsStartOnly = true;
|
||||
systemd.services.prosody.preStart = ''
|
||||
mkdir -m 0700 -p /var/lib/prosody/keys
|
||||
cp ${acmeKeyDir}/key.pem ${acmeKeyDir}/fullchain.pem /var/lib/prosody/keys
|
||||
chown -R prosody:prosody /var/lib/prosody
|
||||
'';
|
||||
networking.firewall.allowedTCPPorts = [5222 5269];
|
||||
security.acme.certs.${cfg.vhost}.postRun = ''
|
||||
systemctl restart prosody.service
|
||||
'';
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue