diff --git a/cachix.nix b/cachix.nix new file mode 100644 index 0000000..ecd2d39 --- /dev/null +++ b/cachix.nix @@ -0,0 +1,13 @@ + +# WARN: this file will get overwritten by $ cachix use +{ pkgs, lib, ... }: + +let + folder = ./cachix; + toImport = name: value: folder + ("/" + name); + filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; + imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); +in { + inherit imports; + nix.settings.substituters = ["https://cache.nixos.org/"]; +} diff --git a/cachix/rgit.nix b/cachix/rgit.nix new file mode 100644 index 0000000..0f37960 --- /dev/null +++ b/cachix/rgit.nix @@ -0,0 +1,13 @@ + +{ + nix = { + settings = { + substituters = [ + "https://rgit.cachix.org" + ]; + trusted-public-keys = [ + "rgit.cachix.org-1:3Wva/GHhrlhbYx+ObbEYQSYq1Yzk8x9OAvEvcYazgL0=" + ]; + }; + }; +} diff --git a/configuration.nix b/configuration.nix index 637bc8c..2a1abe6 100755 --- a/configuration.nix +++ b/configuration.nix @@ -12,7 +12,8 @@ networking.domain = ""; networking.firewall = { enable = true; - allowedTCPPorts = [80 443]; + allowedTCPPorts = [80 443 9418]; + allowedUDPPorts = [80 443 9418]; }; boot.loader.grub.devices = ["nodev"]; @@ -34,12 +35,6 @@ ''; }; - services.fail2ban = { - enable = true; - maxretry = 10; - bantime-increment.enable = true; - }; - users.users.mtgmonkey = { isNormalUser = true; description = "mtgmonkey"; diff --git a/flake.lock b/flake.lock index a83352b..48c6c6f 100644 --- a/flake.lock +++ b/flake.lock @@ -119,18 +119,17 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1750259320, - "narHash": "sha256-H8J4H2XCIMEJ5g6fZ179QfQvsc2dUqhqfBjC8RAHNRY=", - "owner": "nixos", + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9ba04bda9249d5d5e5238303c9755de5a49a79c5", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", "type": "github" }, "original": { - "owner": "nixos", - "ref": "release-25.05", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" } }, "nixpkgs_5": { diff --git a/flake.nix b/flake.nix index a123ab1..60fa3ad 100755 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "server flake"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/release-25.05"; + nixpkgs.url = "nixpkgs/nixos-unstable"; noshell.url = "github:viperML/noshell"; spacebar-server.url = "github:spacebarchat/server"; @@ -40,7 +40,8 @@ jank-client.nixosModules.x86_64-linux.default ./services/spacebar.nix - ./services/rgit.nix + # ./services/rgit.nix + ./services/gitea.nix ./services/translate.nix diff --git a/services/blog.nix b/services/blog.nix index cc303d7..aa85420 100755 --- a/services/blog.nix +++ b/services/blog.nix @@ -49,7 +49,12 @@ in { Type = "simple"; ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/blog.ferron.yaml"; RemainAfterExit = true; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; }; + wantedBy = ["multi-user.target"]; }; environment.etc."blog.ferron.yaml" = { source = (pkgs.formats.yaml {}).generate "" ferron-conf-nix; diff --git a/services/elmskell.nix b/services/elmskell.nix index 86d154b..da1bd4e 100755 --- a/services/elmskell.nix +++ b/services/elmskell.nix @@ -39,7 +39,12 @@ in { Type = "simple"; ExecStart = "/etc/nixos/services/elmskell/elmskell"; RemainAfterExit = true; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; }; + wantedBy = ["multi-user.target"]; }; services.tor = { enable = true; diff --git a/services/ferron.nix b/services/ferron.nix index c694a57..d182d9d 100755 --- a/services/ferron.nix +++ b/services/ferron.nix @@ -50,6 +50,7 @@ in { ExecStart = "${lib.getExe pkgs.ferron} --config=/etc/ferron.yaml"; RemainAfterExit = true; }; + wantedBy = ["multi-user.target"]; }; environment.etc."ferron.yaml" = { diff --git a/services/gitea.nix b/services/gitea.nix new file mode 100755 index 0000000..6d2e135 --- /dev/null +++ b/services/gitea.nix @@ -0,0 +1,28 @@ +{ + pkgs, + lib, + ... +}: { + systemd.services.gitea = { + serviceConfig = { + Type = "simple"; + ExecStart = "${lib.getExe pkgs.forgejo} -c /etc/gitea/config.ini"; + RemainAfterExit = true; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; + User = "git"; + Group = "git"; + }; + wantedBy = ["multi-user.target"]; + }; + environment.etc."gitea/config.ini.default" = { + text = '' + WORK_PATH = /var/lib/git-server + [server] + HTTP_PORT = 8000 + ''; + mode = "644"; + }; +} diff --git a/services/math-project.nix b/services/math-project.nix index 227d502..c3e577d 100755 --- a/services/math-project.nix +++ b/services/math-project.nix @@ -29,7 +29,7 @@ in { METRICS_BIND = "[::1]:9283"; METRICS_BIND_NETWORK = "tcp"; POLICY_FNAME = "/etc/anubis/math-project.botPolicies.yaml"; - TARGET = "http://localhost:8080"; + TARGET = "http://localhost:8081"; }; }; }; @@ -44,6 +44,11 @@ in { Type = "simple"; ExecStart = "${lib.getExe math-project.packages.x86_64-linux.default}"; RemainAfterExit = true; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; }; + wantedBy = ["multi-user.target"]; }; } diff --git a/services/rgit.nix b/services/rgit.nix index 96c628e..faccc74 100755 --- a/services/rgit.nix +++ b/services/rgit.nix @@ -1,23 +1,16 @@ -{ - virtualisation.docker = { - enable = true; - }; - virtualisation.oci-containers.backend = "docker"; - virtualisation.oci-containers.containers.rgit = { - image = "ghcr.io/w4/rgit:main"; - ports = [ - "8000:8000" - ]; - volumes = [ - "/var/lib/git-server:/git:ro" - ]; - cmd = [ - "[::]:8000" - "/git" - "-d /tmp/rgit-cache.db" - ]; - environment = { - REFRESH_INTERVAL = "5m"; +{rgit, ...}: { + systemd.services.rgit = { + serviceConfig = { + Type = "simple"; + ExecStart = "${rgit.packages.x86_64-linux.default}/bin/rgit -d /var/lib/git-server/.db/rgit-cache.db [::1]:8000 /var/lib/git-server"; + RemainAfterExit = true; + Restart = "always"; + RestartMaxDelay = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; + User = "git"; + Group = "git"; }; + wantedBy = ["multi-user.target"]; }; } diff --git a/services/rgit.nix.bak b/services/rgit.nix.bak new file mode 100755 index 0000000..96c628e --- /dev/null +++ b/services/rgit.nix.bak @@ -0,0 +1,23 @@ +{ + virtualisation.docker = { + enable = true; + }; + virtualisation.oci-containers.backend = "docker"; + virtualisation.oci-containers.containers.rgit = { + image = "ghcr.io/w4/rgit:main"; + ports = [ + "8000:8000" + ]; + volumes = [ + "/var/lib/git-server:/git:ro" + ]; + cmd = [ + "[::]:8000" + "/git" + "-d /tmp/rgit-cache.db" + ]; + environment = { + REFRESH_INTERVAL = "5m"; + }; + }; +} diff --git a/services/spacebar.nix b/services/spacebar.nix index 1a3cd0f..dea6f39 100644 --- a/services/spacebar.nix +++ b/services/spacebar.nix @@ -45,7 +45,12 @@ in { RemainAfterExit = true; User = "spacebar"; Group = "spacebar"; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; }; + wantedBy = ["multi-user.target"]; environment = { DATABASE = "/var/lib/spacebar-server/database.db"; STORAGE_LOCATION = "/var/lib/spacebar-server/files/"; diff --git a/services/translate.nix b/services/translate.nix index f9be6c0..2362e06 100755 --- a/services/translate.nix +++ b/services/translate.nix @@ -41,8 +41,13 @@ in { systemd.services.translate = { serviceConfig = { Type = "simple"; - ExecStart = "${lib.getExe pkgs.libretranslate}"; + ExecStart = "${lib.getExe pkgs.libretranslate} --port 8108"; RemainAfterExit = true; + Restart = "always"; + RestartMaxDelaySec = "1m"; + RestartSec = "100ms"; + RestartSteps = 9; }; + wantedBy = ["multi-user.target"]; }; }