From b533102019f5a27419f54729318705cbe2145951 Mon Sep 17 00:00:00 2001 From: willifan Date: Sat, 20 Jul 2024 23:27:52 +0200 Subject: [PATCH 1/9] Removed unnecessary thunderbird caldav calendars --- users/willifan/desktop/web/thunderbird.nix | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/users/willifan/desktop/web/thunderbird.nix b/users/willifan/desktop/web/thunderbird.nix index f335f81..9a53bc8 100644 --- a/users/willifan/desktop/web/thunderbird.nix +++ b/users/willifan/desktop/web/thunderbird.nix @@ -17,22 +17,6 @@ "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.type" = "caldav"; "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.uri" = "https://cal.huwe.mooo.com/willifan/4381be3e-3453-cf20-ec8a-f9e1dc17dfc4/"; "calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.username" = "willifan"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.cache.enabled" = true; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.calendar-main-in-composite" = true; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.color" = "#a8c2e1"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.name" = "Abgelehnt"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.readOnly" = false; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.type" = "caldav"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.uri" = "https://cal.huwe.mooo.com/willifan/3ef93cc0-40f5-2b0e-a27c-e41d19bf22ab/"; - "calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.username" = "willifan"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.cache.enabled" = true; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.calendar-main-in-composite" = true; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.color" = "#8855a8"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.name" = "Roberta"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.readOnly" = false; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.type" = "caldav"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.uri" = "https://cal.huwe.mooo.com/willifan/39af6f18-99b4-547a-906c-836f26a5cfa6/"; - "calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.username" = "willifan"; "calendar.timezone.local" = "Europe/Berlin"; "calendar.timezone.useSystemTimezone" = true; From f8128b6331019222095b5edb9b31552a2199097b Mon Sep 17 00:00:00 2001 From: willifan Date: Sat, 27 Jul 2024 23:25:56 +0200 Subject: [PATCH 2/9] Add openssh server config --- hosts/{server => }/Anton/data.nix | 0 hosts/{server => }/Anton/default.nix | 0 hosts/{server => }/Anton/disko.nix | 2 +- hosts/server/default.nix | 7 +++++++ hosts/server/ssh-server.nix | 20 ++++++++++++++++++++ 5 files changed, 28 insertions(+), 1 deletion(-) rename hosts/{server => }/Anton/data.nix (100%) rename hosts/{server => }/Anton/default.nix (100%) rename hosts/{server => }/Anton/disko.nix (94%) create mode 100644 hosts/server/default.nix create mode 100644 hosts/server/ssh-server.nix diff --git a/hosts/server/Anton/data.nix b/hosts/Anton/data.nix similarity index 100% rename from hosts/server/Anton/data.nix rename to hosts/Anton/data.nix diff --git a/hosts/server/Anton/default.nix b/hosts/Anton/default.nix similarity index 100% rename from hosts/server/Anton/default.nix rename to hosts/Anton/default.nix diff --git a/hosts/server/Anton/disko.nix b/hosts/Anton/disko.nix similarity index 94% rename from hosts/server/Anton/disko.nix rename to hosts/Anton/disko.nix index b7595d0..e581c67 100644 --- a/hosts/server/Anton/disko.nix +++ b/hosts/Anton/disko.nix @@ -3,7 +3,7 @@ disk = { root-drive = { type = "disk"; - device = "/dev/disk/by-id/wwn-0x5001b44ebc0b613a"; + device = "/dev/disk/by-id/nvme-Patriot_M.2_P300_128GB_P300HHBB240118004095"; content = { type = "gpt"; partitions = { diff --git a/hosts/server/default.nix b/hosts/server/default.nix new file mode 100644 index 0000000..38c661d --- /dev/null +++ b/hosts/server/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + + imports = [ + ./ssh-server.nix + ]; +} \ No newline at end of file diff --git a/hosts/server/ssh-server.nix b/hosts/server/ssh-server.nix new file mode 100644 index 0000000..4853e41 --- /dev/null +++ b/hosts/server/ssh-server.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + + services.openssh = { + enable = true; + ports = [ 22 ]; + settings = { + PasswordAuthentication = false; + AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ] + UseDns = true; + X11Forwarding = false; + PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no" + }; + }; + + users.users.willifan.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me" + ]; + +} \ No newline at end of file From a322f8291d5d11383a1de14ec09bfa6ab89c9c0f Mon Sep 17 00:00:00 2001 From: willifan Date: Sat, 27 Jul 2024 21:57:36 +0000 Subject: [PATCH 3/9] generated Anton hardware config --- hosts/Anton/hardware-configuration.nix | 26 ++++++++++++++++++++++++++ hosts/server/boot.nix | 8 ++++++++ hosts/server/default.nix | 3 ++- users/willifan/default.nix | 6 +++--- 4 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 hosts/Anton/hardware-configuration.nix create mode 100644 hosts/server/boot.nix diff --git a/hosts/Anton/hardware-configuration.nix b/hosts/Anton/hardware-configuration.nix new file mode 100644 index 0000000..b1da3d4 --- /dev/null +++ b/hosts/Anton/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/server/boot.nix b/hosts/server/boot.nix new file mode 100644 index 0000000..019a354 --- /dev/null +++ b/hosts/server/boot.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + boot = { + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = true; + initrd.systemd.enable = true; + }; +} diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 38c661d..ac62c2e 100644 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -2,6 +2,7 @@ { imports = [ + ./boot.nix ./ssh-server.nix ]; -} \ No newline at end of file +} diff --git a/users/willifan/default.nix b/users/willifan/default.nix index fbe7d2c..992d3b0 100644 --- a/users/willifan/default.nix +++ b/users/willifan/default.nix @@ -2,7 +2,7 @@ { imports = [ ./common - ./${type} - ./${hostname} +# ./${type} +# ./${hostname} ]; -} \ No newline at end of file +} From 6a3f97cebbcda7e65a81a42387f2bb9c467fae8d Mon Sep 17 00:00:00 2001 From: willifan Date: Sun, 28 Jul 2024 10:02:18 +0200 Subject: [PATCH 4/9] Added the data drive to the filesystem --- hosts/Anton/data.nix | 21 ++++++++------------- hosts/Anton/default.nix | 3 ++- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/hosts/Anton/data.nix b/hosts/Anton/data.nix index d747664..224b321 100644 --- a/hosts/Anton/data.nix +++ b/hosts/Anton/data.nix @@ -1,19 +1,14 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - mergerfs - ]; +# environment.systemPackages = with pkgs; [ +# mergerfs +# ]; - fileSystems."/storage" = { - fsType = "fuse.mergerfs"; - device = "/mnt/disks/*"; - options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"]; + fileSystems."/mnt/data" = { + device = "/dev/disk/by-id/wwn-0x500a0751e6b6c60f-part1"; + fsType = "btrfs"; + options = [" noatime=true compress=zstd:12 "]; }; - services.snapraid = { - enable = true; - - }; - -} \ No newline at end of file +} diff --git a/hosts/Anton/default.nix b/hosts/Anton/default.nix index 928904d..b4c837a 100644 --- a/hosts/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -4,8 +4,9 @@ imports = [ ./disko.nix + ./data.nix ./hardware-configuration.nix ]; -} \ No newline at end of file +} From 7c9883774f29250c945fded895b0367b48fb1459 Mon Sep 17 00:00:00 2001 From: willifan Date: Sun, 28 Jul 2024 10:16:48 +0200 Subject: [PATCH 5/9] added gitea --- flake.nix | 20 ++++++++++---------- hosts/Anton/default.nix | 1 + hosts/Anton/gitea.nix | 17 +++++++++++++++++ hosts/common/default.nix | 7 ++++++- hosts/desktop/default.nix | 6 +----- 5 files changed, 35 insertions(+), 16 deletions(-) create mode 100644 hosts/Anton/gitea.nix diff --git a/flake.nix b/flake.nix index 85ed8aa..e12f9a9 100644 --- a/flake.nix +++ b/flake.nix @@ -30,13 +30,10 @@ outputs = { self, nixpkgs, nixpkgs-unstable, ... }@attrs: let - supportedSystems = [ "x86_64-linux" ]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - forAllSystemsUnstable = nixpkgs-unstable.lib.genAttrs supportedSystems; - - pkgs = forAllSystems (system: import nixpkgs { inherit system; }); - pkgs-unstable = forAllSystemsUnstable (system: import nixpkgs-unstable { inherit system; }); - + system = "x86_64-linux"; + lib = nixpkgs.lib; + pkgs = nixpkgs.legacyPackages.${system}; + pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; in { nixosConfigurations = { @@ -44,11 +41,12 @@ Lenni = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Lenni"; type = "desktop"; + inherit pkgs-unstable; inherit system; }; @@ -69,11 +67,12 @@ Puenktchen = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Puenktchen"; type = "desktop"; + inherit pkgs-unstable; inherit system; }; @@ -97,11 +96,12 @@ Anton = let system = "x86_64-linux"; in - nixpkgs.lib.nixosSystem { + lib.nixosSystem { specialArgs = { hostname = "Anton"; type = "server"; + inherit pkgs-unstable; inherit system; }; diff --git a/hosts/Anton/default.nix b/hosts/Anton/default.nix index b4c837a..33a1cc8 100644 --- a/hosts/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -5,6 +5,7 @@ ./disko.nix ./data.nix + ./gitea.nix ./hardware-configuration.nix ]; diff --git a/hosts/Anton/gitea.nix b/hosts/Anton/gitea.nix new file mode 100644 index 0000000..9b0704d --- /dev/null +++ b/hosts/Anton/gitea.nix @@ -0,0 +1,17 @@ +{ pkgs, pkgs-unstable, ... }: +{ + + services.gitea = { + enable = true; + package = pkgs-unstable.gitea; + stateDir = "/mnt/data/services/gitea"; + + settings = { + server = { + DOMAIN = "git.huwe.mooo.com"; + HTTP_PORT = 3000; + }; + }; + }; + +} diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 80de576..994fa2c 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -5,5 +5,10 @@ ./garbage-collect.nix ./optimise.nix ]; + + networking.networkmanager.enable = true; + console.keyMap = "de"; + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "23.11"; -} \ No newline at end of file +} diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix index 10453fc..e92c023 100644 --- a/hosts/desktop/default.nix +++ b/hosts/desktop/default.nix @@ -10,8 +10,4 @@ hardware.bluetooth.enable = true; services.hardware.bolt.enable = true; - networking.networkmanager.enable = true; - console.keyMap = "de"; - nixpkgs.config.allowUnfree = true; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; -} \ No newline at end of file +} From 9a0f11d63c1347b89724a16b3339d5f80180fec2 Mon Sep 17 00:00:00 2001 From: willifan Date: Sun, 28 Jul 2024 17:51:58 +0200 Subject: [PATCH 6/9] added firewall --- hosts/Anton/default.nix | 1 + hosts/Anton/firewall.nix | 8 ++++++++ 2 files changed, 9 insertions(+) create mode 100644 hosts/Anton/firewall.nix diff --git a/hosts/Anton/default.nix b/hosts/Anton/default.nix index 33a1cc8..5799720 100644 --- a/hosts/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -5,6 +5,7 @@ ./disko.nix ./data.nix + ./firewall.nix ./gitea.nix ./hardware-configuration.nix diff --git a/hosts/Anton/firewall.nix b/hosts/Anton/firewall.nix new file mode 100644 index 0000000..104ab20 --- /dev/null +++ b/hosts/Anton/firewall.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 3000 ]; + allowedUDPPorts = [ 22 ]; + }; +} From 03774d3c80dec032cfdf405c5b0cbe121ff6a50a Mon Sep 17 00:00:00 2001 From: willifan Date: Sun, 28 Jul 2024 17:54:21 +0200 Subject: [PATCH 7/9] added gitea appName --- hosts/Anton/gitea.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/Anton/gitea.nix b/hosts/Anton/gitea.nix index 9b0704d..65c4388 100644 --- a/hosts/Anton/gitea.nix +++ b/hosts/Anton/gitea.nix @@ -6,6 +6,8 @@ package = pkgs-unstable.gitea; stateDir = "/mnt/data/services/gitea"; + appName = "My low quality unfinished Projects"; + settings = { server = { DOMAIN = "git.huwe.mooo.com"; From e362c39a63375ca1a1efbd726aff660ab8bf2e21 Mon Sep 17 00:00:00 2001 From: willifan Date: Sun, 28 Jul 2024 18:14:30 +0200 Subject: [PATCH 8/9] added caddy --- hosts/Anton/caddy.nix | 20 ++++++++++++++++++++ hosts/Anton/default.nix | 1 + hosts/Anton/firewall.nix | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 hosts/Anton/caddy.nix diff --git a/hosts/Anton/caddy.nix b/hosts/Anton/caddy.nix new file mode 100644 index 0000000..8145e58 --- /dev/null +++ b/hosts/Anton/caddy.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: +{ + + services.caddy = { + enable = true; + configFile = pkgs.writeText "Caddyfile" '' +https://git.huwe.mooo.com { + reverse_proxy localhost:3000 +} +''; +#https://files.huwe.mooo.com { +# reverse_proxy localhost:444 +#} + +#https://cal.huwe.mooo.com { +# reverse_proxy localhost:5232 +#} + + }; +} diff --git a/hosts/Anton/default.nix b/hosts/Anton/default.nix index 5799720..60a8d21 100644 --- a/hosts/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -3,6 +3,7 @@ imports = [ + ./caddy.nix ./disko.nix ./data.nix ./firewall.nix diff --git a/hosts/Anton/firewall.nix b/hosts/Anton/firewall.nix index 104ab20..2bde668 100644 --- a/hosts/Anton/firewall.nix +++ b/hosts/Anton/firewall.nix @@ -3,6 +3,6 @@ networking.firewall = { enable = true; allowedTCPPorts = [ 22 80 443 3000 ]; - allowedUDPPorts = [ 22 ]; + allowedUDPPorts = [ 22 80 443 ]; }; } From 79022428c3699cd6a1bd4e1f8603c6dd31dfeb4d Mon Sep 17 00:00:00 2001 From: willifan Date: Wed, 31 Jul 2024 17:32:56 +0200 Subject: [PATCH 9/9] added radicale --- hosts/Anton/caddy.nix | 16 ++++++++-------- hosts/Anton/default.nix | 1 + hosts/Anton/radicale.nix | 21 +++++++++++++++++++++ 3 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 hosts/Anton/radicale.nix diff --git a/hosts/Anton/caddy.nix b/hosts/Anton/caddy.nix index 8145e58..30ded7c 100644 --- a/hosts/Anton/caddy.nix +++ b/hosts/Anton/caddy.nix @@ -7,14 +7,14 @@ https://git.huwe.mooo.com { reverse_proxy localhost:3000 } + +https://files.huwe.mooo.com { + reverse_proxy localhost:444 +} + +https://cal.huwe.mooo.com { + reverse_proxy localhost:5232 +} ''; -#https://files.huwe.mooo.com { -# reverse_proxy localhost:444 -#} - -#https://cal.huwe.mooo.com { -# reverse_proxy localhost:5232 -#} - }; } diff --git a/hosts/Anton/default.nix b/hosts/Anton/default.nix index 60a8d21..2f37475 100644 --- a/hosts/Anton/default.nix +++ b/hosts/Anton/default.nix @@ -9,6 +9,7 @@ ./firewall.nix ./gitea.nix ./hardware-configuration.nix + ./radicale.nix ]; diff --git a/hosts/Anton/radicale.nix b/hosts/Anton/radicale.nix new file mode 100644 index 0000000..d982e57 --- /dev/null +++ b/hosts/Anton/radicale.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + + services.radicale = { + enable = true; + settings = { + server = { + hosts = [ "0.0.0.0:5232" "[::]:5232" ]; + }; + auth = { + type = "htpasswd"; + htpasswd_filename = "/etc/radicale/users"; + htpasswd_encryption = "bcrypt"; + }; + storage = { + filesystem_folder = "/mnt/data/services/radicale/collections"; + }; + }; + }; + +}