diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/base.nix | 38 | ||||
| -rw-r--r-- | hosts/cloud/flake.lock | 48 | ||||
| -rw-r--r-- | hosts/cloud/flake.nix | 67 | ||||
| -rw-r--r-- | hosts/cloud/hardware-configuration.nix | 24 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/configuration.nix | 53 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/default.nix | 4 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/disk-config.nix | 55 | ||||
| -rw-r--r-- | hosts/cloud/hetzner/nginx.nix | 29 | ||||
| -rw-r--r-- | hosts/cloud/packages.nix | 1 | ||||
| -rw-r--r-- | hosts/local/ohira/configuration.nix | 38 | ||||
| -rw-r--r-- | hosts/local/s15/configuration.nix | 88 | ||||
| -rw-r--r-- | hosts/nixos.nix | 1 |
12 files changed, 255 insertions, 191 deletions
diff --git a/hosts/base.nix b/hosts/base.nix index e8de7d8..91f90a5 100644 --- a/hosts/base.nix +++ b/hosts/base.nix @@ -2,22 +2,22 @@ # fucking linux vulnerability # enable flakes nix = { - gc = - { - automatic = true; - options = "--delete-older-than 7d"; - } - // ( - if pkgs.stdenv.isDarwin - then { - interval = { - Weekday = 0; - Hour = 20; - Minute = 0; - }; - } - else {dates = "weekly";} - ); + # gc = + # { + # automatic = true; + # options = "--delete-older-than 7d"; + # } + # // ( + # if pkgs.stdenv.isDarwin + # then { + # interval = { + # Weekday = 0; + # Hour = 20; + # Minute = 0; + # }; + # } + # else {dates = "weekly";} + # ); # package = pkgs.nixFlakes; extraOptions = '' experimental-features = nix-command flakes @@ -28,6 +28,12 @@ trusted-users = ["root" "y"]; }; }; + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 4d --keep 3"; + # flake = "/home/user/my-nixos-config"; + }; #direnv # programs.direnv.enable = true; diff --git a/hosts/cloud/flake.lock b/hosts/cloud/flake.lock deleted file mode 100644 index 7b53099..0000000 --- a/hosts/cloud/flake.lock +++ /dev/null @@ -1,48 +0,0 @@ -{ - "nodes": { - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1719401812, - "narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=", - "owner": "nix-community", - "repo": "disko", - "rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1719379843, - "narHash": "sha256-u+D+IOAMMl70+CJ9NKB+RMrASjInuIWMHzjLWQjPZ6c=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b3f3c1b13fb08f3828442ee86630362e81136bbc", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "disko": "disko", - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/hosts/cloud/flake.nix b/hosts/cloud/flake.nix deleted file mode 100644 index 84ad8d0..0000000 --- a/hosts/cloud/flake.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ - inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - inputs.disko.url = "github:nix-community/disko"; - inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; - - outputs = { nixpkgs, disko, ... }: - { - nixosConfigurations.sortug = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./sortug/configuration.nix - ./packages.nix - ./users.nix - ]; - }; - nixosConfigurations.osortug = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./oldsortug/configuration.nix - ./packages.nix - ./users.nix - ]; - }; - nixosConfigurations.jeet = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./jeet/configuration.nix - # ./packages.nix - ./users.nix - ]; - }; - nixosConfigurations.bkk = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./bkk/configuration.nix - ./packages.nix - ./users.nix - ]; - }; - nixosConfigurations.sing = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./sing/configuration.nix - ./packages.nix - ./users.nix - ./sing/omail.nix - ./sing/nginx.nix - ./sing/jellyfin.nix - ]; - }; - nixosConfigurations.spanmail= nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./spanm/configuration.nix - ./spanm/users.nix - ./spanm/mail.nix - ./spanm/packages.nix - ./spanm/nginx.nix - ]; - }; - }; -} diff --git a/hosts/cloud/hardware-configuration.nix b/hosts/cloud/hardware-configuration.nix new file mode 100644 index 0000000..f34255a --- /dev/null +++ b/hosts/cloud/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "virtio_scsi" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/hosts/cloud/hetzner/configuration.nix b/hosts/cloud/hetzner/configuration.nix new file mode 100644 index 0000000..73ca07e --- /dev/null +++ b/hosts/cloud/hetzner/configuration.nix @@ -0,0 +1,53 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: { + imports = [ + # ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./nginx.nix + ./disk-config.nix + ../../base.nix + ../users.nix + ../packages.nix + ../../server.nix + ]; + boot = { + loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + }; + + networking = { + hostName = "yn-hel"; + }; + networking.firewall = { + enable = false; + # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + }; + # services.ntfy-sh = { + # enable = true; + # settings = { + # base-url = "https://n.urbit.men"; + # listen-http = ":8090"; + # }; + # }; + + # services.headscale = { + # enable = true; + # address = "0.0.0.0"; + # port = 8001; + # settings = { + # server_url = "https://head.urbit.men"; + # dns.baseDomain = "urbit.men"; + # logtail.enabled = false; + # }; + # }; + + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/hosts/cloud/hetzner/default.nix b/hosts/cloud/hetzner/default.nix new file mode 100644 index 0000000..3669483 --- /dev/null +++ b/hosts/cloud/hetzner/default.nix @@ -0,0 +1,4 @@ +inputs: [ + inputs.disko.nixosModules.disko + ./configuration.nix +] diff --git a/hosts/cloud/hetzner/disk-config.nix b/hosts/cloud/hetzner/disk-config.nix new file mode 100644 index 0000000..c72a8d4 --- /dev/null +++ b/hosts/cloud/hetzner/disk-config.nix @@ -0,0 +1,55 @@ +# Example to create a bios compatible gpt partition +{lib, ...}: { + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cloud/hetzner/nginx.nix b/hosts/cloud/hetzner/nginx.nix new file mode 100644 index 0000000..4a6d708 --- /dev/null +++ b/hosts/cloud/hetzner/nginx.nix @@ -0,0 +1,29 @@ +{ + config, + pkgs, + ... +}: { + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@urbit.cam"; + services.nginx = { + enable = true; + virtualHosts."u.urbit.cloud" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + }; +} diff --git a/hosts/cloud/packages.nix b/hosts/cloud/packages.nix index 1169342..64f2c95 100644 --- a/hosts/cloud/packages.nix +++ b/hosts/cloud/packages.nix @@ -39,6 +39,7 @@ tree unzip zip + ncdu # networking curl diff --git a/hosts/local/ohira/configuration.nix b/hosts/local/ohira/configuration.nix index 480926a..1144f48 100644 --- a/hosts/local/ohira/configuration.nix +++ b/hosts/local/ohira/configuration.nix @@ -1,11 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - pkgs, - ... -}: { +{pkgs, ...}: { imports = [ # Include the results of the hardware scan. ../../base.nix @@ -70,6 +66,7 @@ i18n = { inputMethod = { + enable = true; type = "fcitx5"; fcitx5.addons = with pkgs; [fcitx5-mozc]; }; @@ -111,21 +108,30 @@ # services.xserver.libinput.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. + programs.fish = { + enable = true; + shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; + v = "nvim"; + sv = "sudo nvim"; + dotsin = "sh ~/dotfiles/commit.sh"; + sourceit = ". (sed 's/^/export /' .env | psub)"; + sqlite = "rlwrap sqlite3"; + # rsyn = "rsync -zuvaP --filter=':- .gitignore'" + }; + }; + users.users.y = { + shell = pkgs.fish; isNormalUser = true; description = "y"; extraGroups = ["networkmanager" "wheel"]; packages = with pkgs; [ - # firefox - # thunderbird - ]; - }; - users.users.leo2 = { - isNormalUser = true; - description = "leo2"; - extraGroups = ["networkmanager" "wheel"]; - packages = with pkgs; [ - # firefox + firefox # thunderbird ]; }; @@ -206,7 +212,7 @@ # font-awesome # inconsolata # monospaced noto-fonts - noto-fonts-cjk + noto-fonts-cjk-sans noto-fonts-emoji noto-fonts-extra # powerline-fonts diff --git a/hosts/local/s15/configuration.nix b/hosts/local/s15/configuration.nix index ed159df..a326dd4 100644 --- a/hosts/local/s15/configuration.nix +++ b/hosts/local/s15/configuration.nix @@ -40,56 +40,56 @@ in { # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? - systemd.services.periodic-http-request = { - description = "Periodic HTTP Request Service"; + # systemd.services.periodic-http-request = { + # description = "Periodic HTTP Request Service"; - # Run every 15 minutes - startAt = "*:0/30"; + # # Run every 15 minutes + # startAt = "*:0/30"; - # Service configuration - serviceConfig = { - Type = "oneshot"; - User = "nobody"; # Run as unprivileged user - DynamicUser = true; - PrivateTmp = true; - ProtectSystem = "strict"; - ProtectHome = true; - NoNewPrivileges = true; - }; + # # Service configuration + # serviceConfig = { + # Type = "oneshot"; + # User = "nobody"; # Run as unprivileged user + # DynamicUser = true; + # PrivateTmp = true; + # ProtectSystem = "strict"; + # ProtectHome = true; + # NoNewPrivileges = true; + # }; - path = [pkgs.curl]; + # path = [pkgs.curl]; - script = '' - TOKEN="1993620520:AAE-RACWzn8YuQOkBfDxbkuKBigZQb-w9wE" - URL="https://api.telegram.org/bot$TOKEN/sendMessage" + # script = '' + # TOKEN="1993620520:AAE-RACWzn8YuQOkBfDxbkuKBigZQb-w9wE" + # URL="https://api.telegram.org/bot$TOKEN/sendMessage" - get_public_ipv4() { - # Try ipify first - IP=$(curl -s https://api.ipify.org) - if [ -n "$IP" ]; then - echo "$IP" - return - fi + # get_public_ipv4() { + # # Try ipify first + # IP=$(curl -s https://api.ipify.org) + # if [ -n "$IP" ]; then + # echo "$IP" + # return + # fi - # Fallback to icanhazip - IP=$(curl -s https://ipv4.icanhazip.com) - if [ -n "$IP" ]; then - echo "$IP" - return - fi + # # Fallback to icanhazip + # IP=$(curl -s https://ipv4.icanhazip.com) + # if [ -n "$IP" ]; then + # echo "$IP" + # return + # fi - # Last resort: ipecho - curl -s https://ipecho.net/plain - } + # # Last resort: ipecho + # curl -s https://ipecho.net/plain + # } - curl -s -X POST "$URL" \ - -H "User-Agent: NixOS-Periodic-Request" \ - -H 'Content-Type: application/json' \ - -d "{\"chat_id\": \"547865560\", \"text\": \"s15 reporting for duty $(get_public_ipv4)\"}" \ - --retry 3 \ - --retry-delay 5 \ - --max-time 30 \ - -o /dev/null - ''; - }; + # curl -s -X POST "$URL" \ + # -H "User-Agent: NixOS-Periodic-Request" \ + # -H 'Content-Type: application/json' \ + # -d "{\"chat_id\": \"547865560\", \"text\": \"s15 reporting for duty $(get_public_ipv4)\"}" \ + # --retry 3 \ + # --retry-delay 5 \ + # --max-time 30 \ + # -o /dev/null + # ''; + # }; } diff --git a/hosts/nixos.nix b/hosts/nixos.nix index 94348d8..9ebe253 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -21,5 +21,6 @@ in { span = mkNixosSystem "x86_64-linux" "cloud/span"; lightnode = mkNixosSystem "x86_64-linux" "cloud/bkk"; hostinger = mkNixosSystem "x86_64-linux" "cloud/jeet"; + hetzner = mkNixosSystem "aarch64-linux" "cloud/hetzner"; # contabo = mkNixosSystem "x86_64-linux" "cloud/contabo"; } |