more stuffs

2025-03-03 00:38:16 +01:00 · 2025-03-03 00:38:16 +01:00 · 76bb4f850d
parent 046aa3d168
commit 76bb4f850d
15 changed files with 212 additions and 57 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,16 +1,15 @@
-{ pkgs
-, ...
-}:
-{
+{pkgs, ...}: {
  imports = [
    ./services/openssh.nix
+    ./services/forgejo.nix
    ./services/misc.nix
+
    ./modules/git.nix
    ./modules/nix-settings.nix
    ./modules/zfs.nix

-    (import ./modules/networking.nix { hostname = "server"; })
-    (import ./modules/users.nix { main-user = "baritone"; })
+    (import ./modules/networking.nix {hostname = "server";})
+    (import ./modules/users.nix {main-user = "baritone";})
  ];

  boot.loader = {
--- a/disko.nix
+++ b/disko.nix
@ -1,8 +1,9 @@
-{ lib
-, root-disk ? throw "Expected a mf disk brother"
-, raid-disks ? []
-, swap-size ? -1
-, ...
+{
+  lib,
+  root-disk ? throw "Expected a mf disk brother",
+  raid-disks ? [],
+  swap-size ? -1,
+  ...
 }: {
  disko.devices = {
    disk =
@ -20,7 +21,7 @@
                  type = "filesystem";
                  format = "vfat";
                  mountpoint = "/boot";
-                  mountOptions = [ "umask=0077" ];
+                  mountOptions = ["umask=0077"];
                };
              };
              swap = lib.mkIf (swap-size != -1) {
@ -41,26 +42,6 @@
            };
          };
        };
-        # disk2 = {
-        #   type = "disk";
-        #   device = "/dev/my-disk2";
-        #   content = {
-        #     type = "gpt";
-        #     partitions = {
-        #       boot = {
-        #         size = "1M";
-        #         type = "EF02"; # for grub MBR
-        #       };
-        #       mdadm = {
-        #         size = "100%";
-        #         content = {
-        #           type = "mdraid";
-        #           name = "raid1";
-        #         };
-        #       };
-        #     };
-        #   };
-        # };
      }
      # Import all disks into raid named "raid5"
      // lib.attrsets.genAttrs raid-disks (name: {
@ -102,8 +83,13 @@
        type = "zpool";
        mode = "raidz";

-        rootFsOptions.compression = "zstd";
-        rootFsOptions.mountpoint = "none";
+        rootFsOptions = {
+          compression = "zstd";
+          mountpoint = "none";
+          acltype = "posixacl";
+          xattr = "sa";
+          "com.sun:auto-snapshot" = "true";
+        };

        datasets = {
          var = {
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,50 @@
 {
  "nodes": {
+    "agenix": {
+      "inputs": {
+        "darwin": "darwin",
+        "home-manager": "home-manager",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1736955230,
+        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+        "owner": "ryantm",
+        "repo": "agenix",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "ryantm",
+        "repo": "agenix",
+        "type": "github"
+      }
+    },
+    "darwin": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1700795494,
+        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+        "owner": "lnl7",
+        "repo": "nix-darwin",
+        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "lnl7",
+        "ref": "master",
+        "repo": "nix-darwin",
+        "type": "github"
+      }
+    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -21,6 +66,27 @@
      }
    },
    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -58,10 +124,26 @@
    },
    "root": {
      "inputs": {
+        "agenix": "agenix",
        "disko": "disko",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs"
      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -13,6 +13,11 @@
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    agenix = {
+      url = "github:ryantm/agenix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs = {
@ -30,6 +35,7 @@
        specialArgs = {inherit inputs;};
        modules = [
          inputs.disko.nixosModules.default
+          inputs.agenix.nixosModules.default
          (import ./disko.nix {
            lib = pkgs.lib;
            swap-size = "16G";
@ -51,6 +57,7 @@
        specialArgs = {inherit inputs;};
        modules = [
          inputs.disko.nixosModules.default
+          inputs.agenix.nixosModules.default
          (import ./disko.nix {
            lib = pkgs.lib;
            swap-size = "128G";
@ -68,7 +75,6 @@
          ./configuration.nix
        ];
      };
-
    };
  };
 }
--- a/home.nix
+++ b/home.nix
@ -1,4 +1,4 @@
-{username ? throw "no username provided" }: {...}: {
+{username ? throw "no username provided"}: {...}: {
  imports = [];

  home.username = username;
--- a/modules/git.nix
+++ b/modules/git.nix
@ -1,6 +1,14 @@
-{config, ...}:
-{
+{...}: {
  programs.git.config = {
-    safe.directory = [ "/etc/nixos" ];
+    safe.directory = ["/etc/nixos"];
+
+    init = {
+      defaultBranch = "main";
+    };
+
+    user = {
+      name = "baritone";
+      email = "baritone@mail.spoodythe.one";
+    };
  };
 }
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -1,11 +1,10 @@
-{ hostname ? "server" }: {...}:
-{
+{hostname ? "server"}: {...}: {
  networking.hostName = hostname;
  networking.hostId = "2ead098f";
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ ];
-    allowedUDPPorts = [ ];
+    allowedTCPPorts = [];
+    allowedUDPPorts = [];
  };
 }
--- a/modules/nix-settings.nix
+++ b/modules/nix-settings.nix
@ -1,12 +1,12 @@
-{ ... }: {
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+{...}: {
+  nix.settings.experimental-features = ["nix-command" "flakes"];
  nix.gc = {
    automatic = true;
    options = "--delete-older-than 30d";
  };
  nix.optimise = {
    automatic = true;
-    dates = [ "05:00" ];
+    dates = ["05:00"];
  };
-  nix.settings.trusted-users = [ "@wheel" ];
+  nix.settings.trusted-users = ["@wheel"];
 }
--- a/modules/users.nix
+++ b/modules/users.nix
@ -1,8 +1,12 @@
-{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: {
+{main-user ? throw "No main user"}: {
+  pkgs,
+  inputs,
+  ...
+}: {
  home-manager = {
-    extraSpecialArgs = { inherit inputs; };
+    extraSpecialArgs = {inherit inputs;};
    users = {
-      ${main-user} = (import ../home.nix { username = main-user; });
+      ${main-user} = import ../home.nix {username = main-user;};
    };
  };

@ -23,10 +27,9 @@

  users.users."nixos" = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = ["wheel"];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
    ];
  };
-
 }
--- a/modules/zfs.nix
+++ b/modules/zfs.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  boot.zfs.devNodes = "/dev/disk/by-path";

  environment.systemPackages = with pkgs; [
--- a/password.nix
+++ b/password.nix
@ -1 +1 @@
-"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3"
+"$y$j9T$POWFwDly9YH2pelsCnZXa/$ocKEEW0SlKWiPPm2RJMP6wdGYg8sAeKVgnCtk2BSA7D"
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -0,0 +1,45 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  host = "127.0.0.1";
+  port = 6969;
+in {
+  services.forgejo = {
+    enable = true;
+
+    lfs.enable = true;
+    database.type = "postgres";
+
+    settings = {
+      DEFAULT = {
+        APP_NAME = "An idiot admires complexity. A genius admires simplicity";
+      };
+
+      server = {
+        DOMAIN = "git.spoodythe.one";
+        HTTP_PORT = port;
+        ROOT_URL = "http://${host}:${toString port}";
+      };
+
+      service.DISABLE_REGISTRATION = true;
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
+      };
+      federation.ENABLED = false;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [port];
+  networking.firewall.allowedUDPPorts = [port];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts."git.spoodythe.one".extraConfig = ''
+      reverse_proxy * ${host}:${toString port}
+    '';
+  };
+}
--- a/services/misc.nix
+++ b/services/misc.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  services.udev.enable = true;
  services.thermald.enable = true;
 }
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -0,0 +1,27 @@
+{pkgs, ...}: let
+  nextcloud-pkg = pkgs.nextcloud30;
+in {
+  imports = [
+    "${fetchTarball {
+      url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
+      sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
+    }}/nextcloud-extras.nix"
+  ];
+
+  environment.etc."nextcloud-admin-pass".text = "supersecretpassword";
+  services.nextcloud = {
+    enable = true;
+    package = nextcloud-pkg;
+    hostName = "localhost";
+    config.adminpassFile = "/etc/nextcloud-admin-pass";
+    config.dbtype = "sqlite";
+    webserver = "caddy";
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
+
+  environment.systemPackages = [
+    nextcloud-pkg
+  ];
+}
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  services.openssh = {
    enable = true;
    settings = {