diff --git a/configuration.nix b/configuration.nix
index a8bbb87..95cfecd 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,16 +1,15 @@
-{ pkgs
-, ...
-}:
-{
+{pkgs, ...}: {
imports = [
./services/openssh.nix
+ ./services/forgejo.nix
./services/misc.nix
+
./modules/git.nix
./modules/nix-settings.nix
./modules/zfs.nix
- (import ./modules/networking.nix { hostname = "server"; })
- (import ./modules/users.nix { main-user = "baritone"; })
+ (import ./modules/networking.nix {hostname = "server";})
+ (import ./modules/users.nix {main-user = "baritone";})
];
boot.loader = {
diff --git a/disko.nix b/disko.nix
index bc7ea53..5392660 100644
--- a/disko.nix
+++ b/disko.nix
@@ -1,8 +1,9 @@
-{ lib
-, root-disk ? throw "Expected a mf disk brother"
-, raid-disks ? []
-, swap-size ? -1
-, ...
+{
+ lib,
+ root-disk ? throw "Expected a mf disk brother",
+ raid-disks ? [],
+ swap-size ? -1,
+ ...
}: {
disko.devices = {
disk =
@@ -20,7 +21,7 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
- mountOptions = [ "umask=0077" ];
+ mountOptions = ["umask=0077"];
};
};
swap = lib.mkIf (swap-size != -1) {
@@ -41,26 +42,6 @@
};
};
};
- # disk2 = {
- # type = "disk";
- # device = "/dev/my-disk2";
- # content = {
- # type = "gpt";
- # partitions = {
- # boot = {
- # size = "1M";
- # type = "EF02"; # for grub MBR
- # };
- # mdadm = {
- # size = "100%";
- # content = {
- # type = "mdraid";
- # name = "raid1";
- # };
- # };
- # };
- # };
- # };
}
# Import all disks into raid named "raid5"
// lib.attrsets.genAttrs raid-disks (name: {
@@ -102,8 +83,13 @@
type = "zpool";
mode = "raidz";
- rootFsOptions.compression = "zstd";
- rootFsOptions.mountpoint = "none";
+ rootFsOptions = {
+ compression = "zstd";
+ mountpoint = "none";
+ acltype = "posixacl";
+ xattr = "sa";
+ "com.sun:auto-snapshot" = "true";
+ };
datasets = {
var = {
diff --git a/flake.lock b/flake.lock
index 52f8388..50d7062 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,50 @@
{
"nodes": {
+ "agenix": {
+ "inputs": {
+ "darwin": "darwin",
+ "home-manager": "home-manager",
+ "nixpkgs": [
+ "nixpkgs"
+ ],
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1736955230,
+ "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+ "owner": "ryantm",
+ "repo": "agenix",
+ "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ryantm",
+ "repo": "agenix",
+ "type": "github"
+ }
+ },
+ "darwin": {
+ "inputs": {
+ "nixpkgs": [
+ "agenix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1700795494,
+ "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+ "owner": "lnl7",
+ "repo": "nix-darwin",
+ "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+ "type": "github"
+ },
+ "original": {
+ "owner": "lnl7",
+ "ref": "master",
+ "repo": "nix-darwin",
+ "type": "github"
+ }
+ },
"disko": {
"inputs": {
"nixpkgs": [
@@ -21,6 +66,27 @@
}
},
"home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "agenix",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1703113217,
+ "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
@@ -58,10 +124,26 @@
},
"root": {
"inputs": {
+ "agenix": "agenix",
"disko": "disko",
- "home-manager": "home-manager",
+ "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs"
}
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
}
},
"root": "root",
diff --git a/flake.nix b/flake.nix
index 1ebe241..a535f82 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,6 +13,11 @@
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
+
+ agenix = {
+ url = "github:ryantm/agenix";
+ inputs.nixpkgs.follows = "nixpkgs";
+ };
};
outputs = {
@@ -30,6 +35,7 @@
specialArgs = {inherit inputs;};
modules = [
inputs.disko.nixosModules.default
+ inputs.agenix.nixosModules.default
(import ./disko.nix {
lib = pkgs.lib;
swap-size = "16G";
@@ -51,6 +57,7 @@
specialArgs = {inherit inputs;};
modules = [
inputs.disko.nixosModules.default
+ inputs.agenix.nixosModules.default
(import ./disko.nix {
lib = pkgs.lib;
swap-size = "128G";
@@ -68,7 +75,6 @@
./configuration.nix
];
};
-
};
};
}
diff --git a/home.nix b/home.nix
index a974983..9d54759 100644
--- a/home.nix
+++ b/home.nix
@@ -1,4 +1,4 @@
-{username ? throw "no username provided" }: {...}: {
+{username ? throw "no username provided"}: {...}: {
imports = [];
home.username = username;
diff --git a/modules/git.nix b/modules/git.nix
index 4fa189d..c13c331 100644
--- a/modules/git.nix
+++ b/modules/git.nix
@@ -1,6 +1,14 @@
-{config, ...}:
-{
+{...}: {
programs.git.config = {
- safe.directory = [ "/etc/nixos" ];
+ safe.directory = ["/etc/nixos"];
+
+ init = {
+ defaultBranch = "main";
+ };
+
+ user = {
+ name = "baritone";
+ email = "baritone@mail.spoodythe.one";
+ };
};
}
diff --git a/modules/networking.nix b/modules/networking.nix
index 618fb13..d57c44b 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -1,11 +1,10 @@
-{ hostname ? "server" }: {...}:
-{
+{hostname ? "server"}: {...}: {
networking.hostName = hostname;
networking.hostId = "2ead098f";
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
- allowedTCPPorts = [ ];
- allowedUDPPorts = [ ];
+ allowedTCPPorts = [];
+ allowedUDPPorts = [];
};
}
diff --git a/modules/nix-settings.nix b/modules/nix-settings.nix
index 5edb85d..4b8f768 100644
--- a/modules/nix-settings.nix
+++ b/modules/nix-settings.nix
@@ -1,12 +1,12 @@
-{ ... }: {
- nix.settings.experimental-features = [ "nix-command" "flakes" ];
+{...}: {
+ nix.settings.experimental-features = ["nix-command" "flakes"];
nix.gc = {
automatic = true;
options = "--delete-older-than 30d";
};
nix.optimise = {
automatic = true;
- dates = [ "05:00" ];
+ dates = ["05:00"];
};
- nix.settings.trusted-users = [ "@wheel" ];
+ nix.settings.trusted-users = ["@wheel"];
}
diff --git a/modules/users.nix b/modules/users.nix
index df4e2b3..553f296 100644
--- a/modules/users.nix
+++ b/modules/users.nix
@@ -1,8 +1,12 @@
-{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: {
+{main-user ? throw "No main user"}: {
+ pkgs,
+ inputs,
+ ...
+}: {
home-manager = {
- extraSpecialArgs = { inherit inputs; };
+ extraSpecialArgs = {inherit inputs;};
users = {
- ${main-user} = (import ../home.nix { username = main-user; });
+ ${main-user} = import ../home.nix {username = main-user;};
};
};
@@ -23,10 +27,9 @@
users.users."nixos" = {
isNormalUser = true;
- extraGroups = [ "wheel" ];
+ extraGroups = ["wheel"];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
];
};
-
}
diff --git a/modules/zfs.nix b/modules/zfs.nix
index 60d34d5..9cf6fa4 100644
--- a/modules/zfs.nix
+++ b/modules/zfs.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
boot.zfs.devNodes = "/dev/disk/by-path";
environment.systemPackages = with pkgs; [
diff --git a/password.nix b/password.nix
index 73410f4..387f6e3 100644
--- a/password.nix
+++ b/password.nix
@@ -1 +1 @@
-"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3"
+"$y$j9T$POWFwDly9YH2pelsCnZXa/$ocKEEW0SlKWiPPm2RJMP6wdGYg8sAeKVgnCtk2BSA7D"
diff --git a/services/forgejo.nix b/services/forgejo.nix
new file mode 100644
index 0000000..5970828
--- /dev/null
+++ b/services/forgejo.nix
@@ -0,0 +1,45 @@
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}: let
+ host = "127.0.0.1";
+ port = 6969;
+in {
+ services.forgejo = {
+ enable = true;
+
+ lfs.enable = true;
+ database.type = "postgres";
+
+ settings = {
+ DEFAULT = {
+ APP_NAME = "An idiot admires complexity. A genius admires simplicity";
+ };
+
+ server = {
+ DOMAIN = "git.spoodythe.one";
+ HTTP_PORT = port;
+ ROOT_URL = "http://${host}:${toString port}";
+ };
+
+ service.DISABLE_REGISTRATION = true;
+ actions = {
+ ENABLED = true;
+ DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
+ };
+ federation.ENABLED = false;
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [port];
+ networking.firewall.allowedUDPPorts = [port];
+
+ services.caddy = {
+ enable = true;
+ virtualHosts."git.spoodythe.one".extraConfig = ''
+ reverse_proxy * ${host}:${toString port}
+ '';
+ };
+}
diff --git a/services/misc.nix b/services/misc.nix
index 433a5c1..6f4e3c6 100644
--- a/services/misc.nix
+++ b/services/misc.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
services.udev.enable = true;
services.thermald.enable = true;
}
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
new file mode 100644
index 0000000..59071e4
--- /dev/null
+++ b/services/nextcloud.nix
@@ -0,0 +1,27 @@
+{pkgs, ...}: let
+ nextcloud-pkg = pkgs.nextcloud30;
+in {
+ imports = [
+ "${fetchTarball {
+ url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
+ sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
+ }}/nextcloud-extras.nix"
+ ];
+
+ environment.etc."nextcloud-admin-pass".text = "supersecretpassword";
+ services.nextcloud = {
+ enable = true;
+ package = nextcloud-pkg;
+ hostName = "localhost";
+ config.adminpassFile = "/etc/nextcloud-admin-pass";
+ config.dbtype = "sqlite";
+ webserver = "caddy";
+ };
+
+ networking.firewall.allowedTCPPorts = [80 443];
+ networking.firewall.allowedUDPPorts = [80 443];
+
+ environment.systemPackages = [
+ nextcloud-pkg
+ ];
+}
diff --git a/services/openssh.nix b/services/openssh.nix
index 5700e44..b6dbf4e 100644
--- a/services/openssh.nix
+++ b/services/openssh.nix
@@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
services.openssh = {
enable = true;
settings = {