jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

linode builds both image and host
Some checks failed
MCP Tests / mcp-tests (push) Successful in 23s
Details
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 9m18s
Details

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-09 00:13:59 -06:00
parent 7670f2fa94
commit 8d62cffc8e
6 changed files with 116 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/vps/configuration.nix
View File

@@ -48,7 +48,11 @@ in
./nginx-nextcloud.nix ./nginx-nextcloud.nix
../../config/base.nix ../../config/base.nix
]; ];
my = import ./toggles.nix { inherit config inputs; } // { my =
import ./toggles.nix {
inherit config inputs lib;
}
// {
secureHost = true; secureHost = true;
users.nixremote = { users.nixremote = {
enable = true; enable = true;
@@ -151,7 +155,12 @@ in
www-data = { }; www-data = { };
}; };
users = { users = {
nginx.extraGroups = [ "www-data" ]; nginx = lib.mkIf config.my.secureHost {
extraGroups = [
"www-data"
"lidarr-reports"
];
};
deploy = { deploy = {
isSystemUser = true; isSystemUser = true;
group = "deploy"; group = "deploy";

13
hosts/vps/hardware-configuration.nix
View File

@@ -1,5 +1,6 @@
{ {
lib, lib,
config,
modulesPath, modulesPath,
... ...
}: }:
@@ -33,11 +34,17 @@
}; };
}; };
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"; device = lib.mkForce (
if config.my.build.baseImage then
"/dev/sda"
else
"/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"
);
fsType = "ext4"; fsType = "ext4";
}; };
swapDevices = [ swapDevices = lib.mkMerge [
{ device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } [ { device = "/dev/disk/by-uuid/f1408ea6-59a0-11ed-bc9d-525400000001"; } ]
(lib.mkIf config.my.build.baseImage [ { device = "/dev/sdb"; } ])
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

2
hosts/vps/nginx-nextcloud.nix
View File

@@ -3,7 +3,7 @@ let
cfg = config.my.servers.nextcloud; cfg = config.my.servers.nextcloud;
in in
{ {
config = lib.mkIf (cfg.enableProxy && config.my.enableProxy) { config = lib.mkIf (cfg.enableProxy && config.my.enableProxy && config.my.secureHost) {
services.nginx.virtualHosts.${cfg.host} = { services.nginx.virtualHosts.${cfg.host} = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

28
hosts/vps/toggles.nix
View File

@@ -1,4 +1,8 @@
{ config, inputs }: {
config,
inputs,
lib,
}:
let let
inherit (inputs.self.lib) inherit (inputs.self.lib)
enableList enableList
@@ -16,12 +20,7 @@ let
ip = wgServerIp; ip = wgServerIp;
}; };
}; };
in baseToggles = {
{
enableProxy = true;
enableContainers = true;
apps.dictionaries.enable = true;
apps.dictionaries.users = "jawz";
services = enableList mkEnabled [ services = enableList mkEnabled [
"network" "network"
"wireguard" "wireguard"
@@ -34,6 +33,14 @@ in
"nix" "nix"
"sh" "sh"
]; ];
apps.dictionaries = {
enable = true;
users = "jawz";
};
};
secureToggles = {
enableProxy = true;
enableContainers = true;
websites = { websites = {
portfolio.enableProxy = true; portfolio.enableProxy = true;
lidarrMbReport.enableProxy = true; lidarrMbReport.enableProxy = true;
@@ -71,4 +78,9 @@ in
"vaultwarden" "vaultwarden"
"yamtrack" "yamtrack"
]; ];
} };
in
lib.mkMerge [
baseToggles
(lib.mkIf config.my.secureHost secureToggles)
]

5
modules/modules.nix
View File

@@ -130,6 +130,11 @@ in
}; };
enableContainers = lib.mkEnableOption "container services (Docker/Podman)"; enableContainers = lib.mkEnableOption "container services (Docker/Podman)";
enableProxy = lib.mkEnableOption "nginx reverse proxy for services"; enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
build.baseImage = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether to enable base image settings for this host build.";
};
toggleUsers = lib.mkOption { toggleUsers = lib.mkOption {
type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str)); type = lib.types.attrsOf (lib.types.either lib.types.str (lib.types.listOf lib.types.str));
default = { default = {

13
parts/packages.nix
View File

@@ -26,6 +26,17 @@
exec ${mcpPython}/bin/python -m mcp_server.server exec ${mcpPython}/bin/python -m mcp_server.server
''; '';
}; };
vpsLinodeConfig = inputs.self.nixosConfigurations.vps.extendModules {
modules = [
(
{ lib, ... }:
{
my.secureHost = lib.mkForce false;
my.build.baseImage = true;
}
)
];
};
mcpTests = pkgs.writeShellApplication { mcpTests = pkgs.writeShellApplication {
name = "mcp-tests"; name = "mcp-tests";
runtimeInputs = with pkgs.python3Packages; [ runtimeInputs = with pkgs.python3Packages; [
@@ -43,7 +54,7 @@
{ {
packages = (inputs.jawz-scripts.packages.${system} or { }) // { packages = (inputs.jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.self.nixosConfigurations.emacs.config.system.build.vm; emacs-vm = inputs.self.nixosConfigurations.emacs.config.system.build.vm;
vps-linode = inputs.self.nixosConfigurations.vps.config.system.build.images.linode; vps-linode = vpsLinodeConfig.config.system.build.images.linode;
mcp-tests = mcpTests; mcp-tests = mcpTests;
nixos-mcp = nixosMcp; nixos-mcp = nixosMcp;
nixos-mcp-server = mcpServerPkg; nixos-mcp-server = mcpServerPkg;