From edda7ef46bf2ae7fde9511005b4e7d40648c7e24 Mon Sep 17 00:00:00 2001 From: Martin Fischer Date: Fri, 27 Dec 2024 08:27:03 +0100 Subject: refactor: move host configs under hosts/ --- nixos/README.md | 6 +- nixos/ev-configuration.nix | 50 ------ nixos/ev-hardware-configuration.nix | 42 ----- nixos/hamac-configuration.nix | 86 ---------- nixos/hamac-hardware-configuration.nix | 40 ----- nixos/hosts/ev/default.nix | 50 ++++++ nixos/hosts/ev/hardware-configuration.nix | 42 +++++ nixos/hosts/hamac/default.nix | 86 ++++++++++ nixos/hosts/hamac/hardware-configuration.nix | 40 +++++ nixos/hosts/tente/default.nix | 239 +++++++++++++++++++++++++++ nixos/hosts/tente/hardware-configuration.nix | 31 ++++ nixos/rebuild | 2 +- nixos/tente-configuration.nix | 239 --------------------------- nixos/tente-hardware-configuration.nix | 31 ---- 14 files changed, 492 insertions(+), 492 deletions(-) delete mode 100644 nixos/ev-configuration.nix delete mode 100644 nixos/ev-hardware-configuration.nix delete mode 100644 nixos/hamac-configuration.nix delete mode 100644 nixos/hamac-hardware-configuration.nix create mode 100644 nixos/hosts/ev/default.nix create mode 100644 nixos/hosts/ev/hardware-configuration.nix create mode 100644 nixos/hosts/hamac/default.nix create mode 100644 nixos/hosts/hamac/hardware-configuration.nix create mode 100644 nixos/hosts/tente/default.nix create mode 100644 nixos/hosts/tente/hardware-configuration.nix delete mode 100644 nixos/tente-configuration.nix delete mode 100644 nixos/tente-hardware-configuration.nix diff --git a/nixos/README.md b/nixos/README.md index 1a9c50e..67b6cf7 100644 --- a/nixos/README.md +++ b/nixos/README.md @@ -22,7 +22,7 @@ We're assuming that you just installed NixOS by going through the [official inst 'git clone https://git.push-f.com/config ~/config' cd ~/config/nixos ``` -2. Add your initial NixOS configuration files, either +2. Create a new directory under `hosts` named after the hostname. Add your initial NixOS configuration files, either - Move your existing configuration files into it: ``` sudo mv /etc/nixos/* . @@ -31,8 +31,8 @@ We're assuming that you just installed NixOS by going through the [official inst ``` nixos-generate-config --dir . ``` -3. Rename the files to `$host-configuration.nix` and `$host-hardware-configuration.nix` where `$host` is the configured hostname. - Add `# channel="..."` to the start of the `$host-configuration.nix` file where `...` is the key of a channel pinned in `npins/sources.json`. +3. Rename the `configuration.nix` to `default.nix`. + Add `# channel="..."` to the start of the `default.nix` file where `...` is the key of a channel pinned in `npins/sources.json`. A new channel can be pinned with: ``` diff --git a/nixos/ev-configuration.nix b/nixos/ev-configuration.nix deleted file mode 100644 index 11acf3f..0000000 --- a/nixos/ev-configuration.nix +++ /dev/null @@ -1,50 +0,0 @@ -# channel="nixos-small" -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = [ - ./ev-hardware-configuration.nix - ./sanix.nix - ./parts/server.nix - ./parts/tailscale.nix - ./parts/basics.nix - ./parts/basics-physical.nix - ]; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "ev"; - - networking.networkmanager.enable = true; - - time.timeZone = "Europe/Vienna"; - - users.users.martin = { - isNormalUser = true; - extraGroups = [ - "networkmanager" - "wheel" - ]; - }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - # Enabling openssh automatically opens its port in the firewall. - # For all other services we need to manually list the ports here. - ]; - networking.firewall.allowedUDPPorts = []; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? - -} diff --git a/nixos/ev-hardware-configuration.nix b/nixos/ev-hardware-configuration.nix deleted file mode 100644 index 65300c8..0000000 --- a/nixos/ev-hardware-configuration.nix +++ /dev/null @@ -1,42 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/2c273b8a-7f40-41dd-ab63-2194d4bfd328"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-d9d95f9b-5f7d-4193-859f-d36dae4ed814".device = "/dev/disk/by-uuid/d9d95f9b-5f7d-4193-859f-d36dae4ed814"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/83DB-4251"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s21f0u4.useDHCP = lib.mkDefault true; - # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/hamac-configuration.nix b/nixos/hamac-configuration.nix deleted file mode 100644 index 1ddd371..0000000 --- a/nixos/hamac-configuration.nix +++ /dev/null @@ -1,86 +0,0 @@ -# channel="nixos" -# See the configuration.nix(5) man page and the NixOS manual (accessible by running `nixos-help`). - -{ config, pkgs, ... }: - -{ - imports = [ - ./hamac-hardware-configuration.nix - ./sanix.nix - ./parts/basics.nix - ./parts/basics-physical.nix - ./parts/graphical.nix - ./parts/tailscale.nix - ./parts/dev.nix - ./parts/create.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "hamac"; - - networking.networkmanager.enable = true; - - time.timeZone = "Europe/Vienna"; - - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - users.users.martin = { - isNormalUser = true; - description = "Martin"; - extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; []; - }; - - services.getty = { - autologinUser = "martin"; - autologinOnce = true; # only in the first tty once per boot - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? - -} diff --git a/nixos/hamac-hardware-configuration.nix b/nixos/hamac-hardware-configuration.nix deleted file mode 100644 index 54b9d60..0000000 --- a/nixos/hamac-hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/7b33d046-ffd6-4baf-8bd8-a88e3c04d538"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-cf2639e7-1f9c-4c2d-989a-ef2d9950f751".device = "/dev/disk/by-uuid/cf2639e7-1f9c-4c2d-989a-ef2d9950f751"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3FA1-5306"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix new file mode 100644 index 0000000..d8b4b24 --- /dev/null +++ b/nixos/hosts/ev/default.nix @@ -0,0 +1,50 @@ +# channel="nixos-small" +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../sanix.nix + ../../parts/server.nix + ../../parts/tailscale.nix + ../../parts/basics.nix + ../../parts/basics-physical.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "ev"; + + networking.networkmanager.enable = true; + + time.timeZone = "Europe/Vienna"; + + users.users.martin = { + isNormalUser = true; + extraGroups = [ + "networkmanager" + "wheel" + ]; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + # Enabling openssh automatically opens its port in the firewall. + # For all other services we need to manually list the ports here. + ]; + networking.firewall.allowedUDPPorts = []; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/nixos/hosts/ev/hardware-configuration.nix b/nixos/hosts/ev/hardware-configuration.nix new file mode 100644 index 0000000..65300c8 --- /dev/null +++ b/nixos/hosts/ev/hardware-configuration.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/2c273b8a-7f40-41dd-ab63-2194d4bfd328"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-d9d95f9b-5f7d-4193-859f-d36dae4ed814".device = "/dev/disk/by-uuid/d9d95f9b-5f7d-4193-859f-d36dae4ed814"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/83DB-4251"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s21f0u4.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/hosts/hamac/default.nix b/nixos/hosts/hamac/default.nix new file mode 100644 index 0000000..c8f40e1 --- /dev/null +++ b/nixos/hosts/hamac/default.nix @@ -0,0 +1,86 @@ +# channel="nixos" +# See the configuration.nix(5) man page and the NixOS manual (accessible by running `nixos-help`). + +{ config, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../sanix.nix + ../../parts/basics.nix + ../../parts/basics-physical.nix + ../../parts/graphical.nix + ../../parts/tailscale.nix + ../../parts/dev.nix + ../../parts/create.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "hamac"; + + networking.networkmanager.enable = true; + + time.timeZone = "Europe/Vienna"; + + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + users.users.martin = { + isNormalUser = true; + description = "Martin"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = with pkgs; []; + }; + + services.getty = { + autologinUser = "martin"; + autologinOnce = true; # only in the first tty once per boot + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + +} diff --git a/nixos/hosts/hamac/hardware-configuration.nix b/nixos/hosts/hamac/hardware-configuration.nix new file mode 100644 index 0000000..54b9d60 --- /dev/null +++ b/nixos/hosts/hamac/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7b33d046-ffd6-4baf-8bd8-a88e3c04d538"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."luks-cf2639e7-1f9c-4c2d-989a-ef2d9950f751".device = "/dev/disk/by-uuid/cf2639e7-1f9c-4c2d-989a-ef2d9950f751"; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3FA1-5306"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix new file mode 100644 index 0000000..b38d1ea --- /dev/null +++ b/nixos/hosts/tente/default.nix @@ -0,0 +1,239 @@ +# channel="nixos-small" +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +let + domains = + let + domain = "push-f.com"; + in + { + personalWebsite = domain; + tailscaleControlServer = "tailscale.${domain}"; + gitWebsite = "git.${domain}"; + matrixServer = "matrix.${domain}"; + }; + acmeEmail = "martin@push-f.com"; +in +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../sanix.nix + ../../parts/server.nix + ../../parts/basics.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "tente"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Vienna"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + users.users.martin = { + isNormalUser = true; + extraGroups = [ + "wheel" # Enable ‘sudo’ for the user. + "www-data" + ]; + packages = with pkgs; [ + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + # Enabling openssh automatically opens its port in the firewall. + # For all other services we need to manually list the ports here. + 80 443 + ]; + networking.firewall.allowedUDPPorts = []; + + users.groups.www-data = {}; + + systemd.tmpfiles.rules = [ + "d /srv/www 2770 root www-data -" + ]; + + services = { + gitolite = { + enable = true; + adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional + user = "git"; + group = "git"; + dataDir = "/srv/gitolite"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*'; + + # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS + # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config + ''; + }; + + nginx = { + enable = true; + group = "www-data"; + }; + + headscale = { + enable = true; + port = 8080; + # TODO: make dataDir configurable and set it to /srv/ + settings = { + server_url = "https://${domains.tailscaleControlServer}"; + dns = { base_domain = "tailnet"; }; + }; + }; + + nginx.virtualHosts.${domains.tailscaleControlServer} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.headscale.port}"; + proxyWebsockets = true; + }; + }; + + postgresql = { + enable = true; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local sameuser all peer + ''; + }; + + matrix-synapse = { + enable = true; + settings = { + server_name = domains.personalWebsite; + }; + }; + + nginx.virtualHosts.${domains.matrixServer} = { + enableACME = true; + forceSSL = true; + + # TODO: add locations."/" with some message + + # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash + # *must not* be used here. + locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; + # Forward requests for e.g. SSO and password-resets. + locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; + }; + + nginx.virtualHosts.${domains.personalWebsite} = + let + mkWellKnown = data: '' + default_type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON data}'; + ''; + in + { + enableACME = true; + forceSSL = true; + root = "/srv/www/${domains.personalWebsite}"; + + locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { + "m.server" = "${domains.matrixServer}:443"; + }; + locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { + "m.homeserver" = { base_url = "https://${domains.matrixServer}"; }; + }; + }; + + nginx.virtualHosts.${domains.gitWebsite} = { + enableACME = true; + forceSSL = true; + }; + + cgit.main = { + enable = true; + # running as the gitolite user because otherwise cloning a repo via cgit fails with: + # fatal: detected dubious ownership in repository + user = config.services.gitolite.user; + group = config.services.gitolite.group; + nginx.virtualHost = domains.gitWebsite; + scanPath = "${config.services.gitolite.dataDir}/repositories"; + settings = { + remove-suffix = 1; + enable-git-config = 1; + root-title = "push-f.com repositories"; + root-desc = "My various repositories."; + enable-index-owner = 0; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + clone-prefix = "https://${domains.gitWebsite}"; + }; + }; + }; + + security.acme = { + acceptTerms = true; # https://letsencrypt.org/repository/ + defaults.email = acmeEmail; + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/nixos/hosts/tente/hardware-configuration.nix b/nixos/hosts/tente/hardware-configuration.nix new file mode 100644 index 0000000..576ca76 --- /dev/null +++ b/nixos/hosts/tente/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/47b134dc-3b9a-4892-8fd5-eadef3d9e7b0"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/rebuild b/nixos/rebuild index 3cb086e..978dc87 100755 --- a/nixos/rebuild +++ b/nixos/rebuild @@ -4,7 +4,7 @@ set -euo pipefail # Enable all future paths in this script to be relative to the directory containing the script. cd "$(dirname -- "${BASH_SOURCE[0]}")" -configPath=$(realpath -- "$HOSTNAME-configuration.nix") +configPath=$(realpath -- "hosts/$HOSTNAME/default.nix") if [ ! -f $configPath ]; then echo "aborting: $configPath doesn't exist" diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix deleted file mode 100644 index 183e065..0000000 --- a/nixos/tente-configuration.nix +++ /dev/null @@ -1,239 +0,0 @@ -# channel="nixos-small" -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -let - domains = - let - domain = "push-f.com"; - in - { - personalWebsite = domain; - tailscaleControlServer = "tailscale.${domain}"; - gitWebsite = "git.${domain}"; - matrixServer = "matrix.${domain}"; - }; - acmeEmail = "martin@push-f.com"; -in -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./tente-hardware-configuration.nix - ./sanix.nix - ./parts/server.nix - ./parts/basics.nix - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - - networking.hostName = "tente"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - # Set your time zone. - time.timeZone = "Europe/Vienna"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - users.users.martin = { - isNormalUser = true; - extraGroups = [ - "wheel" # Enable ‘sudo’ for the user. - "www-data" - ]; - packages = with pkgs; [ - ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ - # Enabling openssh automatically opens its port in the firewall. - # For all other services we need to manually list the ports here. - 80 443 - ]; - networking.firewall.allowedUDPPorts = []; - - users.groups.www-data = {}; - - systemd.tmpfiles.rules = [ - "d /srv/www 2770 root www-data -" - ]; - - services = { - gitolite = { - enable = true; - adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional - user = "git"; - group = "git"; - dataDir = "/srv/gitolite"; - extraGitoliteRc = '' - $RC{UMASK} = 0027; - $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*'; - - # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS - # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config - ''; - }; - - nginx = { - enable = true; - group = "www-data"; - }; - - headscale = { - enable = true; - port = 8080; - # TODO: make dataDir configurable and set it to /srv/ - settings = { - server_url = "https://${domains.tailscaleControlServer}"; - dns = { base_domain = "tailnet"; }; - }; - }; - - nginx.virtualHosts.${domains.tailscaleControlServer} = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.headscale.port}"; - proxyWebsockets = true; - }; - }; - - postgresql = { - enable = true; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local sameuser all peer - ''; - }; - - matrix-synapse = { - enable = true; - settings = { - server_name = domains.personalWebsite; - }; - }; - - nginx.virtualHosts.${domains.matrixServer} = { - enableACME = true; - forceSSL = true; - - # TODO: add locations."/" with some message - - # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash - # *must not* be used here. - locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; - # Forward requests for e.g. SSO and password-resets. - locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; - }; - - nginx.virtualHosts.${domains.personalWebsite} = - let - mkWellKnown = data: '' - default_type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; - in - { - enableACME = true; - forceSSL = true; - root = "/srv/www/${domains.personalWebsite}"; - - locations."= /.well-known/matrix/server".extraConfig = mkWellKnown { - "m.server" = "${domains.matrixServer}:443"; - }; - locations."= /.well-known/matrix/client".extraConfig = mkWellKnown { - "m.homeserver" = { base_url = "https://${domains.matrixServer}"; }; - }; - }; - - nginx.virtualHosts.${domains.gitWebsite} = { - enableACME = true; - forceSSL = true; - }; - - cgit.main = { - enable = true; - # running as the gitolite user because otherwise cloning a repo via cgit fails with: - # fatal: detected dubious ownership in repository - user = config.services.gitolite.user; - group = config.services.gitolite.group; - nginx.virtualHost = domains.gitWebsite; - scanPath = "${config.services.gitolite.dataDir}/repositories"; - settings = { - remove-suffix = 1; - enable-git-config = 1; - root-title = "push-f.com repositories"; - root-desc = "My various repositories."; - enable-index-owner = 0; - source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; - clone-prefix = "https://${domains.gitWebsite}"; - }; - }; - }; - - security.acme = { - acceptTerms = true; # https://letsencrypt.org/repository/ - defaults.email = acmeEmail; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "24.11"; # Did you read the comment? - -} - diff --git a/nixos/tente-hardware-configuration.nix b/nixos/tente-hardware-configuration.nix deleted file mode 100644 index 576ca76..0000000 --- a/nixos/tente-hardware-configuration.nix +++ /dev/null @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/47b134dc-3b9a-4892-8fd5-eadef3d9e7b0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} -- cgit v1.2.3