updated flake

max upload size bumped to 30MB
gitea ssh listen with sshd, lfs enabled
2021-12-08 16:48:32 +01:00 · 2021-12-08 16:48:02 +01:00 · 2021-12-08 16:47:11 +01:00 · 2021-12-08 16:45:21 +01:00
5 changed files with 30 additions and 29 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1638267006,
-        "narHash": "sha256-heZdDlD09rnoeEiZ4wKfbXNDkO5I9qVFvX9d790h/XE=",
+        "lastModified": 1638553958,
+        "narHash": "sha256-leETjYMtD9y37CvfRSQhIGibcIl4dNVlFkY/8QgqmAM=",
        "owner": "rycee",
        "repo": "home-manager",
-        "rev": "3e93c4e8b2b479c712b7c20a428993b459118842",
+        "rev": "6ce1d64073f48b9bc9425218803b1b607454c1e7",
        "type": "github"
      },
      "original": {
@ -23,11 +23,11 @@
    },
    "nixos-unstable": {
      "locked": {
-        "lastModified": 1638286143,
-        "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=",
+        "lastModified": 1638806821,
+        "narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea",
+        "rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff",
        "type": "github"
      },
      "original": {
@ -39,11 +39,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1638279546,
-        "narHash": "sha256-1KCwN7twjp1dBdp0jPgVdYFztDkCR8+roo0B34J9oBY=",
+        "lastModified": 1638887115,
+        "narHash": "sha256-emjtIeqyJ84Eb3X7APJruTrwcfnHQKs55XGljj62prs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "96b4157790fc96e70d6e6c115e3f34bba7be490f",
+        "rev": "1bd4bbd49bef217a3d1adea43498270d6e779d65",
        "type": "github"
      },
      "original": {
--- a/hosts/architect/default.nix
+++ b/hosts/architect/default.nix
@ -23,7 +23,7 @@ in {
    ./matrix.nix
    ./fail2ban.nix
    ./dns.nix
-#    ./minecraft.nix
+    #    ./minecraft.nix
    ./prowlarr.nix
    ./plex.nix
    ./transmission.nix
@ -36,11 +36,13 @@ in {
  time.timeZone = "Europe/Rome";
  system.stateVersion = "21.11"; # Did you read the comment?
  users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
-  
+
  services.fwupd.enable = true;
  boot = {
-    kernelParams =
-      [ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" "nvme_core.default_ps_max_latency_us=5500" ];
+    kernelParams = [
+      "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"
+      "nvme_core.default_ps_max_latency_us=5500"
+    ];
    kernel.sysctl."net.ipv4.ip_forward" = 1;
    initrd = {
      availableKernelModules = [ "igc" "r8169" ];
@ -70,6 +72,7 @@ in {

    supportedFilesystems = [ "zfs" ];
    zfs.requestEncryptionCredentials = true;
+    tmpOnTmpfsSize = "75%";
  };

  networking = {
--- a/hosts/architect/gitea.nix
+++ b/hosts/architect/gitea.nix
@ -5,9 +5,8 @@ with import ./network.nix; {
    domain = "git.giugl.io";
    appName = "Gitea";
    rootUrl = "https://git.giugl.io";
-    ssh.clonePort = 10022;
-    log.level = "Info";
-    settings.server.START_SSH_SERVER = true;
+    ssh.clonePort = 22;
+    settings.server.LFS_START_SERVER = true;
  };

  services.nginx.virtualHosts.${gitdomain} = {
@ -16,12 +15,12 @@ with import ./network.nix; {
    locations."/" = {
      proxyPass = "http://localhost:3000";
      extraConfig = ''
-                  allow 127.0.0.1;
-                  allow 10.0.0.0/24;
-                  allow 10.3.0.0/24;
-        	  allow 10.4.0.0/24;
-                  deny all;
-              '';
+        allow 127.0.0.1;
+        allow 10.0.0.0/24;
+        allow 10.3.0.0/24;
+        allow 10.4.0.0/24;
+        deny all;
+      '';
    };
  };

@ -29,4 +28,5 @@ with import ./network.nix; {
    ${architect-lan} ${gitdomain}
    ${architect-wg} ${gitdomain}
  '';
+
 }
--- a/hosts/architect/hardware.nix
+++ b/hosts/architect/hardware.nix
@ -42,12 +42,6 @@
    fsType = "vfat";
  };

-  fileSystems."/tmp" = {
-    fsType = "tmpfs";
-    device = "tmpfs";
-    options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=29G" ];
-  };
-
  swapDevices = [{
    device = "/dev/sdc1";
    size = 100000;
--- a/hosts/architect/matrix.nix
+++ b/hosts/architect/matrix.nix
@ -18,8 +18,8 @@ with import ./network.nix; {
        auto_join_rooms:
          - "#infra:matrix.giugl.io"
          - "#general:matrix.giugl.io"
-          - "#gaming:matrix.giugl.io"
          - "#movies:matrix.giugl.io"
+        max_upload_size: "30M"
      '';
      listeners = [{
        port = 8008;
@ -42,6 +42,7 @@ with import ./network.nix; {

    postgresql = {
      enable = true;
+      package = pkgs.postgresql_11;
      ensureDatabases = [ "synapse" ];
      ensureUsers = [{
        name = "matrix-synapse";
@ -54,6 +55,9 @@ with import ./network.nix; {
      ${matrixdomain} = {
        enableACME = true;
        forceSSL = true;
+        extraConfig = ''
+          client_max_body_size  30m;
+        '';
        locations."= /.well-known/matrix/server".extraConfig =
          let server = { "m.server" = "${matrixdomain}:443"; };
          in ''
Author	SHA1	Message	Date
Giulio De Pasquale	faf97e2b3f	updated flake	2021-12-08 16:48:32 +01:00
Giulio De Pasquale	07de18a9a9	max upload size bumped to 30MB	2021-12-08 16:48:02 +01:00
Giulio De Pasquale	394b5e5070	gitea ssh listen with sshd, lfs enabled	2021-12-08 16:47:11 +01:00
Giulio De Pasquale	05a4fa074b	use tmpOnTmpfsSize	2021-12-08 16:45:21 +01:00