curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(nixos): update syntax to 21.05 

- https://nixos.org/manual/nixos/stable/release-notes.html#sec-release-21.05
This commit is contained in:
Ming Di Leom 2021-06-12 07:33:38 +00:00
parent ad4b53a5c3
commit 8c2e000d8d
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
5 changed files with 45 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
source/_posts/caddy-nixos-part-2.md
View File

@ -110,6 +110,8 @@ Combining with the previous user configs, I ended up with:
tor = { tor = {
home = "/var/lib/tor"; home = "/var/lib/tor";
createHome = true; createHome = true;
group = "tor";
uid = config.ids.uids.tor;
}; };
}; };
@ -121,7 +123,7 @@ Combining with the previous user configs, I ended up with:
members = [ "caddyTor" ]; members = [ "caddyTor" ];
}; };
tor = { tor = {
members = [ "tor" ]; gid = config.ids.gids.tor;
}; };
}; };
}; };
@ -568,24 +570,23 @@ Since [unattended upgrade](#Unattended-upgrade) is executed on 00:00, I delay ga
services.tor = { services.tor = {
enable = true; enable = true;
enableGeoIP = false; enableGeoIP = false;
hiddenServices = { relay.onionServices = {
proxy = { proxy = {
version = 3; version = 3;
map = [ map = [{
{ port = 80;
port = "80"; target = {
toHost = "[::1]"; addr = "[::1]";
toPort = "8080"; port = 8080;
} };
]; }];
}; };
}; };
extraConfig = settings = {
'' ClientUseIPv4 = false;
ClientUseIPv4 0 ClientUseIPv6 = true;
ClientUseIPv6 1 ClientPreferIPv6ORPort = true;
ClientPreferIPv6ORPort 1 };
'';
}; };
## I2P Eepsite ## I2P Eepsite

12
source/_posts/caddy-nixos-part-3.md
View File

@ -111,10 +111,8 @@ in {
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# 21.03+ startLimitIntervalSec = 14400;
# https://github.com/NixOS/nixpkgs/pull/97512 startLimitBurst = 10;
# startLimitIntervalSec = 14400;
# startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}"; ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}"; ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
@ -122,8 +120,10 @@ in {
User = "caddyProxy"; User = "caddyProxy";
Group = "caddyProxy"; Group = "caddyProxy";
Restart = "on-abnormal"; Restart = "on-abnormal";
StartLimitIntervalSec = 14400; # < 20.09
StartLimitBurst = 10; # https://github.com/NixOS/nixpkgs/pull/97512
# StartLimitIntervalSec = 14400;
# StartLimitBurst = 10;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 512; LimitNPROC = 512;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

4
source/_posts/caddy-v2-nixos.md
View File

@ -79,6 +79,8 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2) environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
startLimitIntervalSec = 14400;
startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = if isCaddy2 then '' ExecStart = if isCaddy2 then ''
${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter} ${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}
@ -94,8 +96,6 @@ in {
User = "caddy"; User = "caddy";
Group = "caddy"; Group = "caddy";
Restart = "on-abnormal"; Restart = "on-abnormal";
StartLimitIntervalSec = 14400;
StartLimitBurst = 10;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 512; LimitNPROC = 512;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

8
source/_posts/i2p-eepsite-nixos.md
View File

@ -159,10 +159,8 @@ in {
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# 21.03+ startLimitIntervalSec = 14400;
# https://github.com/NixOS/nixpkgs/pull/97512 startLimitBurst = 10;
# startLimitIntervalSec = 14400;
# startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}"; ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}"; ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
@ -170,8 +168,6 @@ in {
User = "caddyI2p"; User = "caddyI2p";
Group = "caddyI2p"; Group = "caddyI2p";
Restart = "on-abnormal"; Restart = "on-abnormal";
StartLimitIntervalSec = 14400;
StartLimitBurst = 10;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 512; LimitNPROC = 512;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

39
source/_posts/tor-hidden-onion-nixos.md
View File

@ -39,24 +39,23 @@ The first step is to bring up a Tor hidden service to get an onion address. Add
services.tor = { services.tor = {
enable = true; enable = true;
enableGeoIP = false; enableGeoIP = false;
hiddenServices = { relay.onionServices = {
myOnion = { myOnion = {
version = 3; version = 3;
map = [ map = [{
{ port = 80;
port = "80"; target = {
toHost = "[::1]"; addr = "[::1]";
toPort = "8080"; port = 8080;
} };
]; }];
}; };
}; };
extraConfig = settings = {
'' ClientUseIPv4 = false;
ClientUseIPv4 0 ClientUseIPv6 = true;
ClientUseIPv6 1 ClientPreferIPv6ORPort = true;
ClientPreferIPv6ORPort 1 };
'';
}; };
``` ```
@ -134,10 +133,8 @@ in {
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# 21.03+ startLimitIntervalSec = 14400;
# https://github.com/NixOS/nixpkgs/pull/97512 startLimitBurst = 10;
# startLimitIntervalSec = 14400;
# startLimitBurst = 10;
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}"; ExecStart = "${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}";
ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}"; ExecReload = "${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}";
@ -145,8 +142,10 @@ in {
User = "caddyProxy"; User = "caddyProxy";
Group = "caddyProxy"; Group = "caddyProxy";
Restart = "on-abnormal"; Restart = "on-abnormal";
StartLimitIntervalSec = 14400; # < 20.09
StartLimitBurst = 10; # https://github.com/NixOS/nixpkgs/pull/97512
# StartLimitIntervalSec = 14400;
# StartLimitBurst = 10;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 512; LimitNPROC = 512;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;