willifan/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: willifan:89f576dc4b78d6289c072a29a54e979e4ea5344b
Branches Tags
willifan:main
...
compare: willifan:79022428c3699cd6a1bd4e1f8603c6dd31dfeb4d
Branches Tags
willifan:main

9 commits
89f576dc4b ... 79022428c3

Author SHA1 Message Date
willifan
79022428c3 added radicale 2024-07-31 18:34:07 +02:00
willifan
e362c39a63 added caddy 2024-07-28 20:11:32 +02:00
willifan
03774d3c80 added gitea appName 2024-07-28 17:54:21 +02:00
willifan
9a0f11d63c added firewall 2024-07-28 17:52:48 +02:00
willifan
7c9883774f added gitea 2024-07-28 16:10:57 +02:00
willifan
6a3f97cebb Added the data drive to the filesystem 2024-07-28 10:02:18 +02:00
willifan
a322f8291d generated Anton hardware config 2024-07-27 22:02:34 +00:00
willifan
f8128b6331 Add openssh server config 2024-07-27 23:25:56 +02:00
willifan
b533102019 Removed unnecessary thunderbird caldav calendars 2024-07-20 23:27:52 +02:00
17 changed files with 171 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

20
flake.nix
View file

@ -30,13 +30,10 @@
outputs = { self, nixpkgs, nixpkgs-unstable, ... }@attrs:
let
supportedSystems = [ "x86_64-linux" ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
forAllSystemsUnstable = nixpkgs-unstable.lib.genAttrs supportedSystems;
pkgs = forAllSystems (system: import nixpkgs { inherit system; });
pkgs-unstable = forAllSystemsUnstable (system: import nixpkgs-unstable { inherit system; });
system = "x86_64-linux";
lib = nixpkgs.lib;
pkgs = nixpkgs.legacyPackages.${system};
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
in
{
nixosConfigurations = {
@ -44,11 +41,12 @@
Lenni = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
lib.nixosSystem {
specialArgs = {
hostname = "Lenni";
type = "desktop";
inherit pkgs-unstable;
inherit system;
};
@ -69,11 +67,12 @@
Puenktchen = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
lib.nixosSystem {
specialArgs = {
hostname = "Puenktchen";
type = "desktop";
inherit pkgs-unstable;
inherit system;
};
@ -97,11 +96,12 @@
Anton = let
system = "x86_64-linux";
in
nixpkgs.lib.nixosSystem {
lib.nixosSystem {
specialArgs = {
hostname = "Anton";
type = "server";
inherit pkgs-unstable;
inherit system;
};

20
hosts/Anton/caddy.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
services.caddy = {
enable = true;
configFile = pkgs.writeText "Caddyfile" ''
https://git.huwe.mooo.com {
reverse_proxy localhost:3000
}
https://files.huwe.mooo.com {
reverse_proxy localhost:444
}
https://cal.huwe.mooo.com {
reverse_proxy localhost:5232
}
'';
};
}

14
hosts/Anton/data.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }:
{
# environment.systemPackages = with pkgs; [
# mergerfs
# ];
fileSystems."/mnt/data" = {
device = "/dev/disk/by-id/wwn-0x500a0751e6b6c60f-part1";
fsType = "btrfs";
options = [" noatime=true compress=zstd:12 "];
};
}

7
hosts/server/Anton/default.nix → hosts/Anton/default.nix
View file

@ -3,9 +3,14 @@
imports = [
./caddy.nix
./disko.nix
./data.nix
./firewall.nix
./gitea.nix
./hardware-configuration.nix
./radicale.nix
];
}
}

2
hosts/server/Anton/disko.nix → hosts/Anton/disko.nix
View file

@ -3,7 +3,7 @@
disk = {
root-drive = {
type = "disk";
device = "/dev/disk/by-id/wwn-0x5001b44ebc0b613a";
device = "/dev/disk/by-id/nvme-Patriot_M.2_P300_128GB_P300HHBB240118004095";
content = {
type = "gpt";
partitions = {

8
hosts/Anton/firewall.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 3000 ];
allowedUDPPorts = [ 22 80 443 ];
};
}

19
hosts/Anton/gitea.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, pkgs-unstable, ... }:
{
services.gitea = {
enable = true;
package = pkgs-unstable.gitea;
stateDir = "/mnt/data/services/gitea";
appName = "My low quality unfinished Projects";
settings = {
server = {
DOMAIN = "git.huwe.mooo.com";
HTTP_PORT = 3000;
};
};
};
}

26
hosts/Anton/hardware-configuration.nix Normal file
View file

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
hosts/Anton/radicale.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
services.radicale = {
enable = true;
settings = {
server = {
hosts = [ "0.0.0.0:5232" "[::]:5232" ];
};
auth = {
type = "htpasswd";
htpasswd_filename = "/etc/radicale/users";
htpasswd_encryption = "bcrypt";
};
storage = {
filesystem_folder = "/mnt/data/services/radicale/collections";
};
};
};
}

7
hosts/common/default.nix
View file

@ -5,5 +5,10 @@
./garbage-collect.nix
./optimise.nix
];
networking.networkmanager.enable = true;
console.keyMap = "de";
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
system.stateVersion = "23.11";
}
}

6
hosts/desktop/default.nix
View file

@ -10,8 +10,4 @@
hardware.bluetooth.enable = true;
services.hardware.bolt.enable = true;
networking.networkmanager.enable = true;
console.keyMap = "de";
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
}
}

19
hosts/server/Anton/data.nix
View file

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
mergerfs
];
fileSystems."/storage" = {
fsType = "fuse.mergerfs";
device = "/mnt/disks/*";
options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"];
};
services.snapraid = {
enable = true;
};
}

8
hosts/server/boot.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
initrd.systemd.enable = true;
};
}

8
hosts/server/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
imports = [
./boot.nix
./ssh-server.nix
];
}

20
hosts/server/ssh-server.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
AllowUsers = null; # Allows all users by default. Can be [ "user1" "user2" ]
UseDns = true;
X11Forwarding = false;
PermitRootLogin = "prohibit-password"; # "yes", "without-password", "prohibit-password", "forced-commands-only", "no"
};
};
users.users.willifan.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMRriQfw3pusl04fGhCNVoRRpye71ZwkDXAtKB/FP1DLXA4cYrwjLzv/fG1hXi7lAMp2vLiABAg/UaTE8roGzlt62XsFNwc1TI5M8m67J0kLkCtz3MkIixe/3GOFXr03g80DPncLyoIYPvvNd/TftTBK4yrrZPvMJaRrZhW/QdLPQpdHalcNRZ4bnBOCtCoqQ6RGrRi2EeKaJDYIFNl13b9FxrXEJcXnbSDdr1KI3q7a+vkefI2knUf2Uk7ufOWTQ1aqc0heGtCNlHzwZUzW/dfrpPmoVPq3Fqxqd9uXqxMk1Z3VnOwWcK3VXfzzBXKTsX0MaUgF1EqxibkYs9bDZqLEXoRucBqk3wwMPy8RJXqQOupoqa2xEOoduBf1qDHEEm69coHCpPm2mQVUrwsPrmTHmOjh9ir0mkVBDRgHvhq/ctQTVO5/SE2NCgPdlvUV5s44LLsUyxBp5JWwXZWlVys+7Dhil6mtRDcH4CXceJn0VZ61Zv2jrCTxQjKsroitSkNbpAkKajQ9moLMAblsSwJzl3uvJJ3ydlxjZefwTO/GjyuJMY2sIU2Tu0YbIVgMyq5L782LduVlyWj+RLWoEu19OfMqQvTWhJnQPAbR82qGzlfTGRLUxoY+G5MYipJwgrBQ2TnpWvfpTrZxFrglSfekz0v54lWzNZpW+irImh4w== willifan@proton.me"
];
}

6
users/willifan/default.nix
View file

@ -2,7 +2,7 @@
{
imports = [
./common
./${type}
./${hostname}
# ./${type}
# ./${hostname}
];
}
}

16
users/willifan/desktop/web/thunderbird.nix
View file

@ -17,22 +17,6 @@
"calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.type" = "caldav";
"calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.uri" = "https://cal.huwe.mooo.com/willifan/4381be3e-3453-cf20-ec8a-f9e1dc17dfc4/";
"calendar.registry.1fc1e3ed-8ed4-4ec8-8b15-e7b2fbc810a8.username" = "willifan";
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.cache.enabled" = true;
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.calendar-main-in-composite" = true;
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.color" = "#a8c2e1";
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.name" = "Abgelehnt";
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.readOnly" = false;
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.type" = "caldav";
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.uri" = "https://cal.huwe.mooo.com/willifan/3ef93cc0-40f5-2b0e-a27c-e41d19bf22ab/";
"calendar.registry.60a1da39-91e8-4f71-a3f2-366182049c9f.username" = "willifan";
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.cache.enabled" = true;
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.calendar-main-in-composite" = true;
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.color" = "#8855a8";
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.name" = "Roberta";
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.readOnly" = false;
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.type" = "caldav";
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.uri" = "https://cal.huwe.mooo.com/willifan/39af6f18-99b4-547a-906c-836f26a5cfa6/";
"calendar.registry.7da634d4-bbd5-4148-908c-42c1ad15423a.username" = "willifan";
"calendar.timezone.local" = "Europe/Berlin";
"calendar.timezone.useSystemTimezone" = true;