summaryrefslogtreecommitdiff
path: root/hosts/cloud
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/cloud')
-rw-r--r--hosts/cloud/flake.lock48
-rw-r--r--hosts/cloud/flake.nix67
-rw-r--r--hosts/cloud/hardware-configuration.nix24
-rw-r--r--hosts/cloud/hetzner/configuration.nix53
-rw-r--r--hosts/cloud/hetzner/default.nix4
-rw-r--r--hosts/cloud/hetzner/disk-config.nix55
-rw-r--r--hosts/cloud/hetzner/nginx.nix29
-rw-r--r--hosts/cloud/packages.nix1
8 files changed, 166 insertions, 115 deletions
diff --git a/hosts/cloud/flake.lock b/hosts/cloud/flake.lock
deleted file mode 100644
index 7b53099..0000000
--- a/hosts/cloud/flake.lock
+++ /dev/null
@@ -1,48 +0,0 @@
-{
- "nodes": {
- "disko": {
- "inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1719401812,
- "narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=",
- "owner": "nix-community",
- "repo": "disko",
- "rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "disko",
- "type": "github"
- }
- },
- "nixpkgs": {
- "locked": {
- "lastModified": 1719379843,
- "narHash": "sha256-u+D+IOAMMl70+CJ9NKB+RMrASjInuIWMHzjLWQjPZ6c=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "b3f3c1b13fb08f3828442ee86630362e81136bbc",
- "type": "github"
- },
- "original": {
- "owner": "NixOS",
- "ref": "nixpkgs-unstable",
- "repo": "nixpkgs",
- "type": "github"
- }
- },
- "root": {
- "inputs": {
- "disko": "disko",
- "nixpkgs": "nixpkgs"
- }
- }
- },
- "root": "root",
- "version": 7
-}
diff --git a/hosts/cloud/flake.nix b/hosts/cloud/flake.nix
deleted file mode 100644
index 84ad8d0..0000000
--- a/hosts/cloud/flake.nix
+++ /dev/null
@@ -1,67 +0,0 @@
-{
- inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
- inputs.disko.url = "github:nix-community/disko";
- inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
-
- outputs = { nixpkgs, disko, ... }:
- {
- nixosConfigurations.sortug = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- disko.nixosModules.disko
- ./sortug/configuration.nix
- ./packages.nix
- ./users.nix
- ];
- };
- nixosConfigurations.osortug = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- disko.nixosModules.disko
- ./oldsortug/configuration.nix
- ./packages.nix
- ./users.nix
- ];
- };
- nixosConfigurations.jeet = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- disko.nixosModules.disko
- ./jeet/configuration.nix
- # ./packages.nix
- ./users.nix
- ];
- };
- nixosConfigurations.bkk = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- disko.nixosModules.disko
- ./bkk/configuration.nix
- ./packages.nix
- ./users.nix
- ];
- };
- nixosConfigurations.sing = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- disko.nixosModules.disko
- ./sing/configuration.nix
- ./packages.nix
- ./users.nix
- ./sing/omail.nix
- ./sing/nginx.nix
- ./sing/jellyfin.nix
- ];
- };
- nixosConfigurations.spanmail= nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- ./spanm/configuration.nix
- ./spanm/users.nix
- ./spanm/mail.nix
- ./spanm/packages.nix
- ./spanm/nginx.nix
- ];
- };
- };
-}
diff --git a/hosts/cloud/hardware-configuration.nix b/hosts/cloud/hardware-configuration.nix
new file mode 100644
index 0000000..f34255a
--- /dev/null
+++ b/hosts/cloud/hardware-configuration.nix
@@ -0,0 +1,24 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/profiles/qemu-guest.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "virtio_scsi" "sr_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ ];
+ boot.extraModulePackages = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix
new file mode 100644
index 0000000..73ca07e
--- /dev/null
+++ b/hosts/cloud/hetzner/configuration.nix
@@ -0,0 +1,53 @@
+{
+ modulesPath,
+ lib,
+ pkgs,
+ ...
+}: {
+ imports = [
+ # ./hardware-configuration.nix
+ (modulesPath + "/installer/scan/not-detected.nix")
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ./nginx.nix
+ ./disk-config.nix
+ ../../base.nix
+ ../users.nix
+ ../packages.nix
+ ../../server.nix
+ ];
+ boot = {
+ loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+ };
+
+ networking = {
+ hostName = "yn-hel";
+ };
+ networking.firewall = {
+ enable = false;
+ # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ];
+ # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ];
+ };
+ # services.ntfy-sh = {
+ # enable = true;
+ # settings = {
+ # base-url = "https://n.urbit.men";
+ # listen-http = ":8090";
+ # };
+ # };
+
+ # services.headscale = {
+ # enable = true;
+ # address = "0.0.0.0";
+ # port = 8001;
+ # settings = {
+ # server_url = "https://head.urbit.men";
+ # dns.baseDomain = "urbit.men";
+ # logtail.enabled = false;
+ # };
+ # };
+
+ system.stateVersion = "24.11"; # Did you read the comment?
+}
diff --git a/hosts/cloud/hetzner/default.nix b/hosts/cloud/hetzner/default.nix
new file mode 100644
index 0000000..3669483
--- /dev/null
+++ b/hosts/cloud/hetzner/default.nix
@@ -0,0 +1,4 @@
+inputs: [
+ inputs.disko.nixosModules.disko
+ ./configuration.nix
+]
diff --git a/hosts/cloud/hetzner/disk-config.nix b/hosts/cloud/hetzner/disk-config.nix
new file mode 100644
index 0000000..c72a8d4
--- /dev/null
+++ b/hosts/cloud/hetzner/disk-config.nix
@@ -0,0 +1,55 @@
+# Example to create a bios compatible gpt partition
+{lib, ...}: {
+ disko.devices = {
+ disk.disk1 = {
+ device = lib.mkDefault "/dev/sda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ boot = {
+ name = "boot";
+ size = "1M";
+ type = "EF02";
+ };
+ esp = {
+ name = "ESP";
+ size = "500M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ root = {
+ name = "root";
+ size = "100%";
+ content = {
+ type = "lvm_pv";
+ vg = "pool";
+ };
+ };
+ };
+ };
+ };
+ lvm_vg = {
+ pool = {
+ type = "lvm_vg";
+ lvs = {
+ root = {
+ size = "100%FREE";
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ mountOptions = [
+ "defaults"
+ ];
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/cloud/hetzner/nginx.nix b/hosts/cloud/hetzner/nginx.nix
new file mode 100644
index 0000000..4a6d708
--- /dev/null
+++ b/hosts/cloud/hetzner/nginx.nix
@@ -0,0 +1,29 @@
+{
+ config,
+ pkgs,
+ ...
+}: {
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "security@urbit.cam";
+ services.nginx = {
+ enable = true;
+ virtualHosts."u.urbit.cloud" = {
+ enableACME = true;
+ forceSSL = true;
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:8080";
+ # proxyWebsockets = true; # needed if you need to use WebSocket
+ extraConfig = ''
+ proxy_set_header Host $host;
+ proxy_set_header Forwarded $proxy_add_x_forwarded_for;
+ '';
+ };
+ extraConfig = ''
+ chunked_transfer_encoding off;
+ proxy_http_version 1.1;
+ proxy_buffering off;
+ proxy_cache off;
+ '';
+ };
+ };
+}
diff --git a/hosts/cloud/packages.nix b/hosts/cloud/packages.nix
index 1169342..64f2c95 100644
--- a/hosts/cloud/packages.nix
+++ b/hosts/cloud/packages.nix
@@ -39,6 +39,7 @@
tree
unzip
zip
+ ncdu
# networking
curl
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-15 22:41:37 +0000