From 4027a3fd5607b69e1f9fcf04b068df6c7f6e8e91 Mon Sep 17 00:00:00 2001 From: teidesu Date: Sat, 23 Nov 2024 15:28:11 +0300 Subject: [PATCH] chore(koi): nixos-unstable-small --- flake.lock | 32 +++++++++++----------- flake.nix | 2 +- hosts/koi/configuration.nix | 2 +- hosts/koi/services/nginx.nix | 51 ++++++++++++++++-------------------- 4 files changed, 40 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 74bba3f..057c023 100644 --- a/flake.lock +++ b/flake.lock @@ -72,11 +72,11 @@ ] }, "locked": { - "lastModified": 1731274291, - "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=", + "lastModified": 1732221404, + "narHash": "sha256-fWTyjgGt+BHmkeJ5IxOR4zGF4/uc+ceWmhBjOBSVkgQ=", "owner": "nix-community", "repo": "disko", - "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc", + "rev": "97c0c4d7072f19b598ed332e9f7f8ad562c6885b", "type": "github" }, "original": { @@ -149,11 +149,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1732025103, + "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "a46e702093a5c46e192243edbd977d5749e7f294", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1731454423, - "narHash": "sha256-TtwvgFxUa0wyptLhQbKaixgNW1UXf3+TDqfX3Kp63oM=", + "lastModified": 1732229547, + "narHash": "sha256-vtUhSQFgDfyyNM6rgmn35A2T+L5PXBS0H89cxWK9N2A=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "6c71c49e2448e51ad830ed211024e6d0edc50116", + "rev": "edabc790a834326dcb5810e2698fa743483510d0", "type": "github" }, "original": { @@ -190,11 +190,11 @@ ] }, "locked": { - "lastModified": 1731209121, - "narHash": "sha256-BF7FBh1hIYPDihdUlImHGsQzaJZVLLfYqfDx41wjuF0=", + "lastModified": 1731814505, + "narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "896019f04b22ce5db4c0ee4f89978694f44345c3", + "rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132", "type": "github" }, "original": { @@ -205,16 +205,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1732179816, + "narHash": "sha256-9OMlALkKoqdtTCMGGbZZg3RIZV8DsHtQ5LBulm2dOII=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "c0451e363899513045f9d63e85ab3d8d88708e33", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index ced9c01..5c1641e 100755 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ }; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable-small"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11"; vscode-server.url = "github:nix-community/nixos-vscode-server"; diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix index 922a012..52b80f6 100755 --- a/hosts/koi/configuration.nix +++ b/hosts/koi/configuration.nix @@ -100,7 +100,7 @@ }]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - boot.kernelParams = [ "efi_pstore.pstore_disable=0" ]; + boot.kernelParams = [ "kernel.panic=10" ]; boot.kernelPackages = pkgs.linuxPackages_latest; services.desu-deploy = { diff --git a/hosts/koi/services/nginx.nix b/hosts/koi/services/nginx.nix index e03ae3d..273388f 100644 --- a/hosts/koi/services/nginx.nix +++ b/hosts/koi/services/nginx.nix @@ -72,36 +72,29 @@ in { security.acme.acceptTerms = true; security.acme.defaults.dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much - security.acme.certs."stupid.fish" = { - email = "alina@tei.su"; - group = "nginx"; - dnsProvider = "cloudflare"; - extraDomainNames = [ "*.stupid.fish" ]; - credentialFiles = { - "CLOUDFLARE_EMAIL_FILE" = config.age.secrets.cloudflare-email.path; - "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflare-token.path; + security.acme.certs = let + common = { + email = "alina@tei.su"; + group = "nginx"; + dnsProvider = "cloudflare"; + credentialFiles = { + "CLOUDFLARE_EMAIL_FILE" = config.age.secrets.cloudflare-email.path; + "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflare-token.path; + }; + }; + in { + "stupid.fish" = common // { + extraDomainNames = [ "*.stupid.fish" ]; + }; + "tei.su" = common // { + extraDomainNames = [ "*.tei.su" ]; + }; + "tei.pet" = common // { + extraDomainNames = [ "*.tei.pet" ]; + }; + "s3.stupid.fish" = common // { + extraDomainNames = [ "*.s3.stupid.fish" ]; }; }; - security.acme.certs."tei.su" = { - email = "alina@tei.su"; - group = "nginx"; - dnsProvider = "cloudflare"; - extraDomainNames = [ "*.tei.su" ]; - credentialFiles = { - "CLOUDFLARE_EMAIL_FILE" = config.age.secrets.cloudflare-email.path; - "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflare-token.path; - }; - }; - security.acme.certs."tei.pet" = { - email = "alina@tei.su"; - group = "nginx"; - dnsProvider = "cloudflare"; - extraDomainNames = [ "*.tei.pet" ]; - credentialFiles = { - "CLOUDFLARE_EMAIL_FILE" = config.age.secrets.cloudflare-email.path; - "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflare-token.path; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; }