Format nix files using new formatter

Remove redundant options from networking module
Lower CPU and RAM limits of the upgrade service
2024-12-11 22:14:07 +01:00 · 2024-12-11 22:13:13 +01:00 · 2024-12-11 22:12:43 +01:00
8 changed files with 115 additions and 87 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -202,10 +202,10 @@ with pkgs;
  # Limit the memory and CPU use of Nix
  systemd.services.nixos-upgrade.serviceConfig = {
    MemoryHigh = [ "500M" ];
-    MemoryMax = [ "2048M" ];
-    CPUWeight = [ "20" ];
-    CPUQuota = [ "85%" ];
-    IOWeight = [ "20" ];
+    MemoryMax = [ "2G" ];
+    MemorySwapMax = [ "500M" ];
+    CPUWeight = [ "50" ];
+    CPUQuota = [ "50%" ];
  };

  # Configure git for auto-upgrade
--- a/flake.nix
+++ b/flake.nix
@ -15,8 +15,16 @@
    };
  };

-  outputs = { self, nixpkgs, nixpkgs-unstable, agenix, nixos-hardware
-    , nix-matrix-appservices, ... }@inputs:
+  outputs =
+    {
+      self,
+      nixpkgs,
+      nixpkgs-unstable,
+      agenix,
+      nixos-hardware,
+      nix-matrix-appservices,
+      ...
+    }@inputs:
    let
      system = "aarch64-linux";

@ -26,7 +34,8 @@

      lib = nixpkgs.lib;

-    in {
+    in
+    {
      nixosConfigurations.zion = lib.nixosSystem {
        inherit system;
        modules = [
--- a/modules/communication.nix
+++ b/modules/communication.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 with pkgs;

@ -11,7 +16,8 @@ let
    conn_max_lifetime = -1;
  };

-in {
+in
+{
  # Matrix server configuration
  services.dendrite = {
    enable = true;
@ -34,16 +40,31 @@ in {
          "/var/lib/matrix-as-telegram/telegram-registration.yaml"
        ];
      };
-      media_api = { inherit database; };
-      room_server = { inherit database; };
-      push_server = { inherit database; };
+      media_api = {
+        inherit database;
+      };
+      room_server = {
+        inherit database;
+      };
+      push_server = {
+        inherit database;
+      };
      mscs = {
        inherit database;
-        mscs = [ "msc2836" "msc2946" ];
+        mscs = [
+          "msc2836"
+          "msc2946"
+        ];
+      };
+      sync_api = {
+        inherit database;
+      };
+      key_server = {
+        inherit database;
+      };
+      federation_api = {
+        inherit database;
      };
-      sync_api = { inherit database; };
-      key_server = { inherit database; };
-      federation_api = { inherit database; };
      user_api = {
        account_database = database;
        device_database = database;
@ -85,7 +106,7 @@ in {
      facebook = {
        port = 8228;
        format = "mautrix-python";
-        package = mautrix-facebook;
+        package = mautrix-meta;
        serviceConfig.EnvironmentFile = config.age.secrets.facebook.path;
        settings = {
          appservice.database = "$DB_STRING";
@ -93,41 +114,9 @@ in {
          bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
        };
      };
-      signal = {
-        port = 8338;
-        format = "mautrix-python";
-        package = mautrix-signal;
-        serviceConfig = {
-          EnvironmentFile = config.age.secrets.signal.path;
-          StateDirectory = [ "matrix-as-signal" "signald" ];
-          JoinNamespaceOf = "signald.service";
-          SupplementaryGroups = [ "signald" ];
-        };
-        settings = {
-          appservice.database = "$DB_STRING";
-          homeserver.software = "standard";
-          bridge.permissions."@coolneng:coolneng.duckdns.org" = "admin";
-          signal = {
-            socket_path = config.services.signald.socketPath;
-            outgoing_attachment_dir = "/var/lib/signald/tmp";
-          };
-        };
-      };
    };
  };

-  # Additional settings for mautrix-signal
-  services.signald = {
-    enable = true;
-    user = "matrix-as-signal";
-  };
-  systemd.services.matrix-as-signal = {
-    requires = [ "signald.service" ];
-    after = [ "signald.service" ];
-    unitConfig.JoinsNamespaceOf = "signald.service";
-    path = [ ffmpeg ];
-  };
-
  # Enable voice messages for facebook
  systemd.services.matrix-as-facebook.path = [ ffmpeg ];

@ -135,18 +124,26 @@ in {
  services.mosquitto = {
    enable = true;
    dataDir = "/vault/mosquitto";
-    logType = [ "websockets" "error" "warning" "notice" "information" ];
+    logType = [
+      "websockets"
+      "error"
+      "warning"
+      "notice"
+      "information"
+    ];
    logDest = [ "syslog" ];
-    listeners = [{
-      users.homeostasis = {
-        acl = [ "write #" ];
-        hashedPasswordFile = config.age.secrets.mqtt-sender.path;
-      };
-      users.prometheus = {
-        acl = [ "read #" ];
-        hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
-      };
-    }];
+    listeners = [
+      {
+        users.homeostasis = {
+          acl = [ "write #" ];
+          hashedPasswordFile = config.age.secrets.mqtt-sender.path;
+        };
+        users.prometheus = {
+          acl = [ "read #" ];
+          hashedPasswordFile = config.age.secrets.mqtt-receiver.path;
+        };
+      }
+    ];
  };

 }
--- a/modules/device.nix
+++ b/modules/device.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 with pkgs;

--- a/modules/devops.nix
+++ b/modules/devops.nix
@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
  # Set up Gitea with LFS support
  services.gitea = {
    enable = true;
--- a/modules/hardware-configuration.nix
+++ b/modules/hardware-configuration.nix
@ -1,12 +1,21 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:

 {
  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "usb_storage"
+  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
@ -117,8 +126,7 @@
    options = [ "bind" ];
  };

-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/835f9dd4-cc27-4443-b5e1-381c2f4b2afc"; }];
+  swapDevices = [ { device = "/dev/disk/by-uuid/835f9dd4-cc27-4443-b5e1-381c2f4b2afc"; } ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/modules/monitoring.nix
+++ b/modules/monitoring.nix
@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:

 with pkgs;

@ -56,20 +61,20 @@ with pkgs;
      postgres.enable = true;
      smartctl.enable = true;
    };
-    scrapeConfigs = [{
-      job_name = "zion";
-      static_configs = [{
-        targets = [
-          "localhost:${toString config.services.prometheus.exporters.node.port}"
-          "localhost:${
-            toString config.services.prometheus.exporters.postgres.port
-          }"
-          "localhost:${
-            toString config.services.prometheus.exporters.smartctl.port
-          }"
+    scrapeConfigs = [
+      {
+        job_name = "zion";
+        static_configs = [
+          {
+            targets = [
+              "localhost:${toString config.services.prometheus.exporters.node.port}"
+              "localhost:${toString config.services.prometheus.exporters.postgres.port}"
+              "localhost:${toString config.services.prometheus.exporters.smartctl.port}"
+            ];
+          }
        ];
-      }];
-    }];
+      }
+    ];
  };

  # Grafana configuration
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -42,7 +42,6 @@ in
    protocol = "duckdns";
    domains = [ "coolneng.duckdns.org" ];
    passwordFile = config.age.secrets.ddclient.path;
-    extraConfig = "";
  };

  # Firewall configuration
@ -58,11 +57,6 @@ in
      wireguard_port # Wireguard
      53 # DNS
    ];
-    extraCommands = ''
-      iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${
-        config.systemd.network.networks."24-home".name
-      } -j MASQUERADE
-    '';
  };

  # Wireguard setup
@ -110,7 +104,11 @@ in
      bogus-priv = true;
      no-resolv = true;

-      listen-address = [ "127.0.0.1" "192.168.13.2" "10.8.0.1" ];
+      listen-address = [
+        "127.0.0.1"
+        "192.168.13.2"
+        "10.8.0.1"
+      ];
      bind-interfaces = true;
      server = [ "127.0.0.1#43" ];
Author	SHA1	Message	Date
coolneng	b8ae40febd	Format nix files using new formatter	2024-12-11 22:14:07 +01:00
coolneng	0d3da95ae2	Remove redundant options from networking module	2024-12-11 22:13:13 +01:00
coolneng	52a1cbd382	Lower CPU and RAM limits of the upgrade service	2024-12-11 22:12:43 +01:00