From edda7ef46bf2ae7fde9511005b4e7d40648c7e24 Mon Sep 17 00:00:00 2001
From: Martin Fischer <martin@push-f.com>
Date: Fri, 27 Dec 2024 08:27:03 +0100
Subject: refactor: move host configs under hosts/
---
nixos/README.md | 6 +-
nixos/ev-configuration.nix | 50 ------
nixos/ev-hardware-configuration.nix | 42 -----
nixos/hamac-configuration.nix | 86 ----------
nixos/hamac-hardware-configuration.nix | 40 -----
nixos/hosts/ev/default.nix | 50 ++++++
nixos/hosts/ev/hardware-configuration.nix | 42 +++++
nixos/hosts/hamac/default.nix | 86 ++++++++++
nixos/hosts/hamac/hardware-configuration.nix | 40 +++++
nixos/hosts/tente/default.nix | 239 +++++++++++++++++++++++++++
nixos/hosts/tente/hardware-configuration.nix | 31 ++++
nixos/rebuild | 2 +-
nixos/tente-configuration.nix | 239 ---------------------------
nixos/tente-hardware-configuration.nix | 31 ----
14 files changed, 492 insertions(+), 492 deletions(-)
delete mode 100644 nixos/ev-configuration.nix
delete mode 100644 nixos/ev-hardware-configuration.nix
delete mode 100644 nixos/hamac-configuration.nix
delete mode 100644 nixos/hamac-hardware-configuration.nix
create mode 100644 nixos/hosts/ev/default.nix
create mode 100644 nixos/hosts/ev/hardware-configuration.nix
create mode 100644 nixos/hosts/hamac/default.nix
create mode 100644 nixos/hosts/hamac/hardware-configuration.nix
create mode 100644 nixos/hosts/tente/default.nix
create mode 100644 nixos/hosts/tente/hardware-configuration.nix
delete mode 100644 nixos/tente-configuration.nix
delete mode 100644 nixos/tente-hardware-configuration.nix
(limited to 'nixos')
diff --git a/nixos/README.md b/nixos/README.md
index 1a9c50e..67b6cf7 100644
--- a/nixos/README.md
+++ b/nixos/README.md
@@ -22,7 +22,7 @@ We're assuming that you just installed NixOS by going through the [official inst
'git clone https://git.push-f.com/config ~/config'
cd ~/config/nixos
```
-2. Add your initial NixOS configuration files, either
+2. Create a new directory under `hosts` named after the hostname. Add your initial NixOS configuration files, either
- Move your existing configuration files into it:
```
sudo mv /etc/nixos/* .
@@ -31,8 +31,8 @@ We're assuming that you just installed NixOS by going through the [official inst
```
nixos-generate-config --dir .
```
-3. Rename the files to `$host-configuration.nix` and `$host-hardware-configuration.nix` where `$host` is the configured hostname.
- Add `# channel="..."` to the start of the `$host-configuration.nix` file where `...` is the key of a channel pinned in `npins/sources.json`.
+3. Rename the `configuration.nix` to `default.nix`.
+ Add `# channel="..."` to the start of the `default.nix` file where `...` is the key of a channel pinned in `npins/sources.json`.
A new channel can be pinned with:
```
diff --git a/nixos/ev-configuration.nix b/nixos/ev-configuration.nix
deleted file mode 100644
index 11acf3f..0000000
--- a/nixos/ev-configuration.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-# channel="nixos-small"
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./ev-hardware-configuration.nix
- ./sanix.nix
- ./parts/server.nix
- ./parts/tailscale.nix
- ./parts/basics.nix
- ./parts/basics-physical.nix
- ];
-
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.hostName = "ev";
-
- networking.networkmanager.enable = true;
-
- time.timeZone = "Europe/Vienna";
-
- users.users.martin = {
- isNormalUser = true;
- extraGroups = [
- "networkmanager"
- "wheel"
- ];
- };
-
- # Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [
- # Enabling openssh automatically opens its port in the firewall.
- # For all other services we need to manually list the ports here.
- ];
- networking.firewall.allowedUDPPorts = [];
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "24.11"; # Did you read the comment?
-
-}
diff --git a/nixos/ev-hardware-configuration.nix b/nixos/ev-hardware-configuration.nix
deleted file mode 100644
index 65300c8..0000000
--- a/nixos/ev-hardware-configuration.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/2c273b8a-7f40-41dd-ab63-2194d4bfd328";
- fsType = "ext4";
- };
-
- boot.initrd.luks.devices."luks-d9d95f9b-5f7d-4193-859f-d36dae4ed814".device = "/dev/disk/by-uuid/d9d95f9b-5f7d-4193-859f-d36dae4ed814";
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/83DB-4251";
- fsType = "vfat";
- options = [ "fmask=0077" "dmask=0077" ];
- };
-
- swapDevices = [ ];
-
- # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
- # (the default) this is the recommended approach. When using systemd-networkd it's
- # still possible to use this option, but it's recommended to use it in conjunction
- # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
- networking.useDHCP = lib.mkDefault true;
- # networking.interfaces.enp0s21f0u4.useDHCP = lib.mkDefault true;
- # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
- # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/nixos/hamac-configuration.nix b/nixos/hamac-configuration.nix
deleted file mode 100644
index 1ddd371..0000000
--- a/nixos/hamac-configuration.nix
+++ /dev/null
@@ -1,86 +0,0 @@
-# channel="nixos"
-# See the configuration.nix(5) man page and the NixOS manual (accessible by running `nixos-help`).
-
-{ config, pkgs, ... }:
-
-{
- imports = [
- ./hamac-hardware-configuration.nix
- ./sanix.nix
- ./parts/basics.nix
- ./parts/basics-physical.nix
- ./parts/graphical.nix
- ./parts/tailscale.nix
- ./parts/dev.nix
- ./parts/create.nix
- ];
-
- # Bootloader.
- boot.loader.systemd-boot.enable = true;
- boot.loader.efi.canTouchEfiVariables = true;
-
- networking.hostName = "hamac";
-
- networking.networkmanager.enable = true;
-
- time.timeZone = "Europe/Vienna";
-
- i18n.defaultLocale = "en_US.UTF-8";
-
- i18n.extraLocaleSettings = {
- LC_ADDRESS = "en_US.UTF-8";
- LC_IDENTIFICATION = "en_US.UTF-8";
- LC_MEASUREMENT = "en_US.UTF-8";
- LC_MONETARY = "en_US.UTF-8";
- LC_NAME = "en_US.UTF-8";
- LC_NUMERIC = "en_US.UTF-8";
- LC_PAPER = "en_US.UTF-8";
- LC_TELEPHONE = "en_US.UTF-8";
- LC_TIME = "en_US.UTF-8";
- };
-
- users.users.martin = {
- isNormalUser = true;
- description = "Martin";
- extraGroups = [ "networkmanager" "wheel" ];
- packages = with pkgs; [];
- };
-
- services.getty = {
- autologinUser = "martin";
- autologinOnce = true; # only in the first tty once per boot
- };
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # List services that you want to enable:
-
- # Enable the OpenSSH daemon.
- # services.openssh.enable = true;
-
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
- # This value determines the NixOS release from which the default
- # settings for stateful data, like file locations and database versions
- # on your system were taken. It‘s perfectly fine and recommended to leave
- # this value at the release version of the first install of this system.
- # Before changing this value read the documentation for this option
- # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
- system.stateVersion = "24.05"; # Did you read the comment?
-
-}
diff --git a/nixos/hamac-hardware-configuration.nix b/nixos/hamac-hardware-configuration.nix
deleted file mode 100644
index 54b9d60..0000000
--- a/nixos/hamac-hardware-configuration.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/installer/scan/not-detected.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/7b33d046-ffd6-4baf-8bd8-a88e3c04d538";
- fsType = "ext4";
- };
-
- boot.initrd.luks.devices."luks-cf2639e7-1f9c-4c2d-989a-ef2d9950f751".device = "/dev/disk/by-uuid/cf2639e7-1f9c-4c2d-989a-ef2d9950f751";
-
- fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/3FA1-5306";
- fsType = "vfat";
- options = [ "fmask=0077" "dmask=0077" ];
- };
-
- swapDevices = [ ];
-
- # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
- # (the default) this is the recommended approach. When using systemd-networkd it's
- # still possible to use this option, but it's recommended to use it in conjunction
- # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
- networking.useDHCP = lib.mkDefault true;
- # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
- hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
new file mode 100644
index 0000000..d8b4b24
--- /dev/null
+++ b/nixos/hosts/ev/default.nix
@@ -0,0 +1,50 @@
+# channel="nixos-small"
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ../../sanix.nix
+ ../../parts/server.nix
+ ../../parts/tailscale.nix
+ ../../parts/basics.nix
+ ../../parts/basics-physical.nix
+ ];
+
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "ev";
+
+ networking.networkmanager.enable = true;
+
+ time.timeZone = "Europe/Vienna";
+
+ users.users.martin = {
+ isNormalUser = true;
+ extraGroups = [
+ "networkmanager"
+ "wheel"
+ ];
+ };
+
+ # Open ports in the firewall.
+ networking.firewall.allowedTCPPorts = [
+ # Enabling openssh automatically opens its port in the firewall.
+ # For all other services we need to manually list the ports here.
+ ];
+ networking.firewall.allowedUDPPorts = [];
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "24.11"; # Did you read the comment?
+
+}
diff --git a/nixos/hosts/ev/hardware-configuration.nix b/nixos/hosts/ev/hardware-configuration.nix
new file mode 100644
index 0000000..65300c8
--- /dev/null
+++ b/nixos/hosts/ev/hardware-configuration.nix
@@ -0,0 +1,42 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/2c273b8a-7f40-41dd-ab63-2194d4bfd328";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."luks-d9d95f9b-5f7d-4193-859f-d36dae4ed814".device = "/dev/disk/by-uuid/d9d95f9b-5f7d-4193-859f-d36dae4ed814";
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/83DB-4251";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp0s21f0u4.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/nixos/hosts/hamac/default.nix b/nixos/hosts/hamac/default.nix
new file mode 100644
index 0000000..c8f40e1
--- /dev/null
+++ b/nixos/hosts/hamac/default.nix
@@ -0,0 +1,86 @@
+# channel="nixos"
+# See the configuration.nix(5) man page and the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ../../sanix.nix
+ ../../parts/basics.nix
+ ../../parts/basics-physical.nix
+ ../../parts/graphical.nix
+ ../../parts/tailscale.nix
+ ../../parts/dev.nix
+ ../../parts/create.nix
+ ];
+
+ # Bootloader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ networking.hostName = "hamac";
+
+ networking.networkmanager.enable = true;
+
+ time.timeZone = "Europe/Vienna";
+
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "en_US.UTF-8";
+ LC_IDENTIFICATION = "en_US.UTF-8";
+ LC_MEASUREMENT = "en_US.UTF-8";
+ LC_MONETARY = "en_US.UTF-8";
+ LC_NAME = "en_US.UTF-8";
+ LC_NUMERIC = "en_US.UTF-8";
+ LC_PAPER = "en_US.UTF-8";
+ LC_TELEPHONE = "en_US.UTF-8";
+ LC_TIME = "en_US.UTF-8";
+ };
+
+ users.users.martin = {
+ isNormalUser = true;
+ description = "Martin";
+ extraGroups = [ "networkmanager" "wheel" ];
+ packages = with pkgs; [];
+ };
+
+ services.getty = {
+ autologinUser = "martin";
+ autologinOnce = true; # only in the first tty once per boot
+ };
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # List services that you want to enable:
+
+ # Enable the OpenSSH daemon.
+ # services.openssh.enable = true;
+
+ # Open ports in the firewall.
+ # networking.firewall.allowedTCPPorts = [ ... ];
+ # networking.firewall.allowedUDPPorts = [ ... ];
+ # Or disable the firewall altogether.
+ # networking.firewall.enable = false;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "24.05"; # Did you read the comment?
+
+}
diff --git a/nixos/hosts/hamac/hardware-configuration.nix b/nixos/hosts/hamac/hardware-configuration.nix
new file mode 100644
index 0000000..54b9d60
--- /dev/null
+++ b/nixos/hosts/hamac/hardware-configuration.nix
@@ -0,0 +1,40 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/7b33d046-ffd6-4baf-8bd8-a88e3c04d538";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."luks-cf2639e7-1f9c-4c2d-989a-ef2d9950f751".device = "/dev/disk/by-uuid/cf2639e7-1f9c-4c2d-989a-ef2d9950f751";
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/3FA1-5306";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/nixos/hosts/tente/default.nix b/nixos/hosts/tente/default.nix
new file mode 100644
index 0000000..b38d1ea
--- /dev/null
+++ b/nixos/hosts/tente/default.nix
@@ -0,0 +1,239 @@
+# channel="nixos-small"
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+let
+ domains =
+ let
+ domain = "push-f.com";
+ in
+ {
+ personalWebsite = domain;
+ tailscaleControlServer = "tailscale.${domain}";
+ gitWebsite = "git.${domain}";
+ matrixServer = "matrix.${domain}";
+ };
+ acmeEmail = "martin@push-f.com";
+in
+{ config, lib, pkgs, ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ../../sanix.nix
+ ../../parts/server.nix
+ ../../parts/basics.nix
+ ];
+
+ # Use the GRUB 2 boot loader.
+ boot.loader.grub.enable = true;
+ # boot.loader.grub.efiSupport = true;
+ # boot.loader.grub.efiInstallAsRemovable = true;
+ # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+ # Define on which hard drive you want to install Grub.
+ boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+ networking.hostName = "tente"; # Define your hostname.
+ # Pick only one of the below networking options.
+ # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
+ networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+
+ # Set your time zone.
+ time.timeZone = "Europe/Vienna";
+
+ # Select internationalisation properties.
+ # i18n.defaultLocale = "en_US.UTF-8";
+ # console = {
+ # font = "Lat2-Terminus16";
+ # keyMap = "us";
+ # useXkbConfig = true; # use xkb.options in tty.
+ # };
+
+ # Enable the X11 windowing system.
+ # services.xserver.enable = true;
+
+ users.users.martin = {
+ isNormalUser = true;
+ extraGroups = [
+ "wheel" # Enable ‘sudo’ for the user.
+ "www-data"
+ ];
+ packages = with pkgs; [
+ ];
+ };
+
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+ wget
+ ];
+
+ # Some programs need SUID wrappers, can be configured further or are
+ # started in user sessions.
+ # programs.mtr.enable = true;
+ # programs.gnupg.agent = {
+ # enable = true;
+ # enableSSHSupport = true;
+ # };
+
+ # Open ports in the firewall.
+ networking.firewall.allowedTCPPorts = [
+ # Enabling openssh automatically opens its port in the firewall.
+ # For all other services we need to manually list the ports here.
+ 80 443
+ ];
+ networking.firewall.allowedUDPPorts = [];
+
+ users.groups.www-data = {};
+
+ systemd.tmpfiles.rules = [
+ "d /srv/www 2770 root www-data -"
+ ];
+
+ services = {
+ gitolite = {
+ enable = true;
+ adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
+ user = "git";
+ group = "git";
+ dataDir = "/srv/gitolite";
+ extraGitoliteRc = ''
+ $RC{UMASK} = 0027;
+ $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*';
+
+ # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS
+ # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config
+ '';
+ };
+
+ nginx = {
+ enable = true;
+ group = "www-data";
+ };
+
+ headscale = {
+ enable = true;
+ port = 8080;
+ # TODO: make dataDir configurable and set it to /srv/
+ settings = {
+ server_url = "https://${domains.tailscaleControlServer}";
+ dns = { base_domain = "tailnet"; };
+ };
+ };
+
+ nginx.virtualHosts.${domains.tailscaleControlServer} = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString config.services.headscale.port}";
+ proxyWebsockets = true;
+ };
+ };
+
+ postgresql = {
+ enable = true;
+ authentication = pkgs.lib.mkOverride 10 ''
+ #type database DBuser auth-method
+ local sameuser all peer
+ '';
+ };
+
+ matrix-synapse = {
+ enable = true;
+ settings = {
+ server_name = domains.personalWebsite;
+ };
+ };
+
+ nginx.virtualHosts.${domains.matrixServer} = {
+ enableACME = true;
+ forceSSL = true;
+
+ # TODO: add locations."/" with some message
+
+ # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
+ # *must not* be used here.
+ locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
+ # Forward requests for e.g. SSO and password-resets.
+ locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
+ };
+
+ nginx.virtualHosts.${domains.personalWebsite} =
+ let
+ mkWellKnown = data: ''
+ default_type application/json;
+ add_header Access-Control-Allow-Origin *;
+ return 200 '${builtins.toJSON data}';
+ '';
+ in
+ {
+ enableACME = true;
+ forceSSL = true;
+ root = "/srv/www/${domains.personalWebsite}";
+
+ locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
+ "m.server" = "${domains.matrixServer}:443";
+ };
+ locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
+ "m.homeserver" = { base_url = "https://${domains.matrixServer}"; };
+ };
+ };
+
+ nginx.virtualHosts.${domains.gitWebsite} = {
+ enableACME = true;
+ forceSSL = true;
+ };
+
+ cgit.main = {
+ enable = true;
+ # running as the gitolite user because otherwise cloning a repo via cgit fails with:
+ # fatal: detected dubious ownership in repository
+ user = config.services.gitolite.user;
+ group = config.services.gitolite.group;
+ nginx.virtualHost = domains.gitWebsite;
+ scanPath = "${config.services.gitolite.dataDir}/repositories";
+ settings = {
+ remove-suffix = 1;
+ enable-git-config = 1;
+ root-title = "push-f.com repositories";
+ root-desc = "My various repositories.";
+ enable-index-owner = 0;
+ source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
+ clone-prefix = "https://${domains.gitWebsite}";
+ };
+ };
+ };
+
+ security.acme = {
+ acceptTerms = true; # https://letsencrypt.org/repository/
+ defaults.email = acmeEmail;
+ };
+
+ # Copy the NixOS configuration file and link it from the resulting system
+ # (/run/current-system/configuration.nix). This is useful in case you
+ # accidentally delete configuration.nix.
+ # system.copySystemConfiguration = true;
+
+ # This option defines the first version of NixOS you have installed on this particular machine,
+ # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+ #
+ # Most users should NEVER change this value after the initial install, for any reason,
+ # even if you've upgraded your system to a new NixOS release.
+ #
+ # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+ # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+ # to actually do that.
+ #
+ # This value being lower than the current NixOS release does NOT mean your system is
+ # out of date, out of support, or vulnerable.
+ #
+ # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+ # and migrated your data accordingly.
+ #
+ # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+ system.stateVersion = "24.11"; # Did you read the comment?
+
+}
+
diff --git a/nixos/hosts/tente/hardware-configuration.nix b/nixos/hosts/tente/hardware-configuration.nix
new file mode 100644
index 0000000..576ca76
--- /dev/null
+++ b/nixos/hosts/tente/hardware-configuration.nix
@@ -0,0 +1,31 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/47b134dc-3b9a-4892-8fd5-eadef3d9e7b0";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/nixos/rebuild b/nixos/rebuild
index 3cb086e..978dc87 100755
--- a/nixos/rebuild
+++ b/nixos/rebuild
@@ -4,7 +4,7 @@ set -euo pipefail
# Enable all future paths in this script to be relative to the directory containing the script.
cd "$(dirname -- "${BASH_SOURCE[0]}")"
-configPath=$(realpath -- "$HOSTNAME-configuration.nix")
+configPath=$(realpath -- "hosts/$HOSTNAME/default.nix")
if [ ! -f $configPath ]; then
echo "aborting: $configPath doesn't exist"
diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix
deleted file mode 100644
index 183e065..0000000
--- a/nixos/tente-configuration.nix
+++ /dev/null
@@ -1,239 +0,0 @@
-# channel="nixos-small"
-# Edit this configuration file to define what should be installed on
-# your system. Help is available in the configuration.nix(5) man page, on
-# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-
-let
- domains =
- let
- domain = "push-f.com";
- in
- {
- personalWebsite = domain;
- tailscaleControlServer = "tailscale.${domain}";
- gitWebsite = "git.${domain}";
- matrixServer = "matrix.${domain}";
- };
- acmeEmail = "martin@push-f.com";
-in
-{ config, lib, pkgs, ... }:
-
-{
- imports = [
- ./tente-hardware-configuration.nix
- ./sanix.nix
- ./parts/server.nix
- ./parts/basics.nix
- ];
-
- # Use the GRUB 2 boot loader.
- boot.loader.grub.enable = true;
- # boot.loader.grub.efiSupport = true;
- # boot.loader.grub.efiInstallAsRemovable = true;
- # boot.loader.efi.efiSysMountPoint = "/boot/efi";
- # Define on which hard drive you want to install Grub.
- boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
- networking.hostName = "tente"; # Define your hostname.
- # Pick only one of the below networking options.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
-
- # Set your time zone.
- time.timeZone = "Europe/Vienna";
-
- # Select internationalisation properties.
- # i18n.defaultLocale = "en_US.UTF-8";
- # console = {
- # font = "Lat2-Terminus16";
- # keyMap = "us";
- # useXkbConfig = true; # use xkb.options in tty.
- # };
-
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
-
- users.users.martin = {
- isNormalUser = true;
- extraGroups = [
- "wheel" # Enable ‘sudo’ for the user.
- "www-data"
- ];
- packages = with pkgs; [
- ];
- };
-
- # List packages installed in system profile. To search, run:
- # $ nix search wget
- environment.systemPackages = with pkgs; [
- vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
- wget
- ];
-
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # Open ports in the firewall.
- networking.firewall.allowedTCPPorts = [
- # Enabling openssh automatically opens its port in the firewall.
- # For all other services we need to manually list the ports here.
- 80 443
- ];
- networking.firewall.allowedUDPPorts = [];
-
- users.groups.www-data = {};
-
- systemd.tmpfiles.rules = [
- "d /srv/www 2770 root www-data -"
- ];
-
- services = {
- gitolite = {
- enable = true;
- adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
- user = "git";
- group = "git";
- dataDir = "/srv/gitolite";
- extraGitoliteRc = ''
- $RC{UMASK} = 0027;
- $RC{GIT_CONFIG_KEYS} = 'cgit.* gitweb.*';
-
- # not working for some reason? still getting `FATAL: git config 'gitweb.description' not allowed` if gitweb.* is omitted in GIT_CONFIG_KEYS
- # push( @{$RC{ENABLE}}, 'cgit' ); # update description files instead of gitweb.description config
- '';
- };
-
- nginx = {
- enable = true;
- group = "www-data";
- };
-
- headscale = {
- enable = true;
- port = 8080;
- # TODO: make dataDir configurable and set it to /srv/
- settings = {
- server_url = "https://${domains.tailscaleControlServer}";
- dns = { base_domain = "tailnet"; };
- };
- };
-
- nginx.virtualHosts.${domains.tailscaleControlServer} = {
- enableACME = true;
- forceSSL = true;
- locations."/" = {
- proxyPass = "http://localhost:${toString config.services.headscale.port}";
- proxyWebsockets = true;
- };
- };
-
- postgresql = {
- enable = true;
- authentication = pkgs.lib.mkOverride 10 ''
- #type database DBuser auth-method
- local sameuser all peer
- '';
- };
-
- matrix-synapse = {
- enable = true;
- settings = {
- server_name = domains.personalWebsite;
- };
- };
-
- nginx.virtualHosts.${domains.matrixServer} = {
- enableACME = true;
- forceSSL = true;
-
- # TODO: add locations."/" with some message
-
- # Forward all Matrix API calls to the synapse Matrix homeserver. A trailing slash
- # *must not* be used here.
- locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
- # Forward requests for e.g. SSO and password-resets.
- locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008";
- };
-
- nginx.virtualHosts.${domains.personalWebsite} =
- let
- mkWellKnown = data: ''
- default_type application/json;
- add_header Access-Control-Allow-Origin *;
- return 200 '${builtins.toJSON data}';
- '';
- in
- {
- enableACME = true;
- forceSSL = true;
- root = "/srv/www/${domains.personalWebsite}";
-
- locations."= /.well-known/matrix/server".extraConfig = mkWellKnown {
- "m.server" = "${domains.matrixServer}:443";
- };
- locations."= /.well-known/matrix/client".extraConfig = mkWellKnown {
- "m.homeserver" = { base_url = "https://${domains.matrixServer}"; };
- };
- };
-
- nginx.virtualHosts.${domains.gitWebsite} = {
- enableACME = true;
- forceSSL = true;
- };
-
- cgit.main = {
- enable = true;
- # running as the gitolite user because otherwise cloning a repo via cgit fails with:
- # fatal: detected dubious ownership in repository
- user = config.services.gitolite.user;
- group = config.services.gitolite.group;
- nginx.virtualHost = domains.gitWebsite;
- scanPath = "${config.services.gitolite.dataDir}/repositories";
- settings = {
- remove-suffix = 1;
- enable-git-config = 1;
- root-title = "push-f.com repositories";
- root-desc = "My various repositories.";
- enable-index-owner = 0;
- source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py";
- clone-prefix = "https://${domains.gitWebsite}";
- };
- };
- };
-
- security.acme = {
- acceptTerms = true; # https://letsencrypt.org/repository/
- defaults.email = acmeEmail;
- };
-
- # Copy the NixOS configuration file and link it from the resulting system
- # (/run/current-system/configuration.nix). This is useful in case you
- # accidentally delete configuration.nix.
- # system.copySystemConfiguration = true;
-
- # This option defines the first version of NixOS you have installed on this particular machine,
- # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
- #
- # Most users should NEVER change this value after the initial install, for any reason,
- # even if you've upgraded your system to a new NixOS release.
- #
- # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
- # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
- # to actually do that.
- #
- # This value being lower than the current NixOS release does NOT mean your system is
- # out of date, out of support, or vulnerable.
- #
- # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
- # and migrated your data accordingly.
- #
- # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
- system.stateVersion = "24.11"; # Did you read the comment?
-
-}
-
diff --git a/nixos/tente-hardware-configuration.nix b/nixos/tente-hardware-configuration.nix
deleted file mode 100644
index 576ca76..0000000
--- a/nixos/tente-hardware-configuration.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports =
- [ (modulesPath + "/profiles/qemu-guest.nix")
- ];
-
- boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
- boot.initrd.kernelModules = [ ];
- boot.kernelModules = [ ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" =
- { device = "/dev/disk/by-uuid/47b134dc-3b9a-4892-8fd5-eadef3d9e7b0";
- fsType = "ext4";
- };
-
- swapDevices = [ ];
-
- # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
- # (the default) this is the recommended approach. When using systemd-networkd it's
- # still possible to use this option, but it's recommended to use it in conjunction
- # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
- networking.useDHCP = lib.mkDefault true;
- # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
--
cgit v1.2.3