diff --git a/flake.nix b/flake.nix index 85ed8aa..e12f9a9 100644 --- a/flake.nix +++ b/flake.nix @@ -30,13 +30,10 @@ outputs = { self, nixpkgs, nixpkgs-unstable, ... }@attrs: let - supportedSystems = [ "x86_64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - forAllSystemsUnstable = nixpkgs-unstable.lib.genAttrs supportedSystems; - - pkgs = forAllSystems (system: import nixpkgs { inherit system; }); - pkgs-unstable = forAllSystemsUnstable (system: import nixpkgs-unstable { inherit system; }); - + system = "x86_64-linux"; + lib = nixpkgs.lib; + pkgs = nixpkgs.legacyPackages.${system}; + pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; in { nixosConfigurations = { @@ -44,11 +41,12 @@ Lenni = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Lenni"; type = "desktop"; + inherit pkgs-unstable; inherit system; }; @@ -69,11 +67,12 @@ Puenktchen = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Puenktchen"; type = "desktop"; + inherit pkgs-unstable; inherit system; }; @@ -97,11 +96,12 @@ Anton = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Anton"; type = "server"; + inherit pkgs-unstable; inherit system; }; diff --git a/hosts/Anton/caddy.nix b/hosts/Anton/caddy.nix new file mode 100644 index 0000000..30ded7c --- /dev/null +++ b/hosts/Anton/caddy.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + + services.caddy = { + enable = true; + configFile = pkgs.writeText "Caddyfile" '' +https://git.huwe.mooo.com { + reverse_proxy localhost:3000 +} + +https://files.huwe.mooo.com { + reverse_proxy localhost:444 +} + +https://cal.huwe.mooo.com { + reverse_proxy localhost:5232 +} +''; + }; +} diff --git a/hosts/Anton/data.nix b/hosts/Anton/data.nix new file mode 100644 index 0000000..224b321 --- /dev/null +++ b/hosts/Anton/data.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: +{ + +# environment.systemPackages = with pkgs; [ +# mergerfs +# ]; + + fileSystems."/mnt/data" = { + device = "/dev/disk/by-id/wwn-0x500a0751e6b6c60f-part1"; + fsType = "btrfs"; + options = [" noatime=true compress=zstd:12 "]; + }; + +} diff --git a/hosts/server/Anton/default.nix b/hosts/Anton/default.nix similarity index 50% rename from hosts/server/Anton/default.nix rename to hosts/Anton/default.nix index 928904d..2f37475 100644 --- a/hosts/server/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -3,9 +3,14 @@ imports = [ + ./caddy.nix ./disko.nix + ./data.nix + ./firewall.nix + ./gitea.nix ./hardware-configuration.nix + ./radicale.nix ]; -} \ No newline at end of file +} diff --git a/hosts/server/Anton/disko.nix b/hosts/Anton/disko.nix similarity index 94% rename from hosts/server/Anton/disko.nix rename to hosts/Anton/disko.nix index b7595d0..e581c67 100644 --- a/hosts/server/Anton/disko.nix +++ b/hosts/Anton/disko.nix @@ -3,7 +3,7 @@ disk = { root-drive = { type = "disk"; - device = "/dev/disk/by-id/wwn-0x5001b44ebc0b613a"; + device = "/dev/disk/by-id/nvme-Patriot_M.2_P300_128GB_P300HHBB240118004095"; content = { type = "gpt"; partitions = { diff --git a/hosts/Anton/firewall.nix b/hosts/Anton/firewall.nix new file mode 100644 index 0000000..2bde668 --- /dev/null +++ b/hosts/Anton/firewall.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 3000 ]; + allowedUDPPorts = [ 22 80 443 ]; + }; +} diff --git a/hosts/Anton/gitea.nix b/hosts/Anton/gitea.nix new file mode 100644 index 0000000..65c4388 --- /dev/null +++ b/hosts/Anton/gitea.nix @@ -0,0 +1,19 @@ +{ pkgs, pkgs-unstable, ... }: +{ + + services.gitea = { + enable = true; + package = pkgs-unstable.gitea; + stateDir = "/mnt/data/services/gitea"; + + appName = "My low quality unfinished Projects"; + + settings = { + server = { + DOMAIN = "git.huwe.mooo.com"; + HTTP_PORT = 3000; + }; + }; + }; + +} diff --git a/hosts/Anton/hardware-configuration.nix b/hosts/Anton/hardware-configuration.nix new file mode 100644 index 0000000..b1da3d4 --- /dev/null +++ b/hosts/Anton/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/Anton/radicale.nix b/hosts/Anton/radicale.nix new file mode 100644 index 0000000..d982e57 --- /dev/null +++ b/hosts/Anton/radicale.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "0.0.0.0:5232" "[::]:5232" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + storage = { + filesystem_folder = "/mnt/data/services/radicale/collections"; + }; + }; + }; + +} diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 80de576..994fa2c 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -5,5 +5,10 @@ ./garbage-collect.nix ./optimise.nix ]; + + networking.networkmanager.enable = true; + console.keyMap = "de"; + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "23.11"; -} \ No newline at end of file +} diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 10453fc..e92c023 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -10,8 +10,4 @@ hardware.bluetooth.enable = true; services.hardware.bolt.enable = true; - networking.networkmanager.enable = true; - console.keyMap = "de"; - nixpkgs.config.allowUnfree = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; -} \ No newline at end of file +} diff --git a/hosts/server/Anton/data.nix b/hosts/server/Anton/data.nix deleted file mode 100644 index d747664..0000000 --- a/hosts/server/Anton/data.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, ... }: -{ - - environment.systemPackages = with pkgs; [ - mergerfs - ]; - - fileSystems."/storage" = { - fsType = "fuse.mergerfs"; - device = "/mnt/disks/*"; - options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"]; - }; - - services.snapraid = { - enable = true; - - }; - -} \ No newline at end of file diff --git a/hosts/server/boot.nix b/hosts/server/boot.nix new file mode 100644 index 0000000..019a354 --- /dev/null +++ b/hosts/server/boot.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; + }; +} diff --git a/hosts/server/default.nix b/hosts/server/default.nix new file mode 100644 index 0000000..ac62c2e --- /dev/null +++ b/hosts/server/default.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + + imports = [ + ./boot.nix + ./ssh-server.nix + ]; +} diff --git a/hosts/server/ssh-server.nix b/hosts/server/ssh-server.nix new file mode 100644 index 0000000..4853e41 --- /dev/null +++ b/hosts/server/ssh-server.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + + users.users.willifan.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me" + ]; + +} \ No newline at end of file diff --git a/users/willifan/default.nix b/users/willifan/default.nix index fbe7d2c..992d3b0 100644 --- a/users/willifan/default.nix +++ b/users/willifan/default.nix @@ -2,7 +2,7 @@ { imports = [ ./common - ./${type} - ./${hostname} +# ./${type} +# ./${hostname} ]; -} \ No newline at end of file +} diff --git a/users/willifan/desktop/web/thunderbird.nix b/users/willifan/desktop/web/thunderbird.nix index f335f81..9a53bc8 100644 --- a/users/willifan/desktop/web/thunderbird.nix +++ b/users/willifan/desktop/web/thunderbird.nix @@ -17,22 +17,6 @@ "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.type" = "caldav"; "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.uri" = "https://cal.huwe.mooo.com/willifan/4381be3e-3453-cf20-ec8a-f9e1dc17dfc4/"; "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.username" = "willifan"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.cache.enabled" = true; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.calendar-main-in-composite" = true; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.color" = "#a8c2e1"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.name" = "Abgelehnt"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.readOnly" = false; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.type" = "caldav"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.uri" = "https://cal.huwe.mooo.com/willifan/3ef93cc0-40f5-2b0e-a27c-e41d19bf22ab/"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.username" = "willifan"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.cache.enabled" = true; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.calendar-main-in-composite" = true; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.color" = "#8855a8"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.name" = "Roberta"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.readOnly" = false; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.type" = "caldav"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.uri" = "https://cal.huwe.mooo.com/willifan/39af6f18-99b4-547a-906c-836f26a5cfa6/"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.username" = "willifan"; "calendar.timezone.local" = "Europe/Berlin"; "calendar.timezone.useSystemTimezone" = true;