From 76bb4f850dfe4ecf841ef5b9916e6dda0b6f3c11 Mon Sep 17 00:00:00 2001 From: Snorre Ettrup Altschul Date: Mon, 3 Mar 2025 00:38:16 +0100 Subject: [PATCH] more stuffs --- configuration.nix | 11 +++--- disko.nix | 42 +++++++------------- flake.lock | 84 +++++++++++++++++++++++++++++++++++++++- flake.nix | 8 +++- home.nix | 2 +- modules/git.nix | 14 +++++-- modules/networking.nix | 7 ++-- modules/nix-settings.nix | 8 ++-- modules/users.nix | 13 ++++--- modules/zfs.nix | 2 +- password.nix | 2 +- services/forgejo.nix | 45 +++++++++++++++++++++ services/misc.nix | 2 +- services/nextcloud.nix | 27 +++++++++++++ services/openssh.nix | 2 +- 15 files changed, 212 insertions(+), 57 deletions(-) create mode 100644 services/forgejo.nix create mode 100644 services/nextcloud.nix diff --git a/configuration.nix b/configuration.nix index a8bbb87..95cfecd 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,16 +1,15 @@ -{ pkgs -, ... -}: -{ +{pkgs, ...}: { imports = [ ./services/openssh.nix + ./services/forgejo.nix ./services/misc.nix + ./modules/git.nix ./modules/nix-settings.nix ./modules/zfs.nix - (import ./modules/networking.nix { hostname = "server"; }) - (import ./modules/users.nix { main-user = "baritone"; }) + (import ./modules/networking.nix {hostname = "server";}) + (import ./modules/users.nix {main-user = "baritone";}) ]; boot.loader = { diff --git a/disko.nix b/disko.nix index bc7ea53..5392660 100644 --- a/disko.nix +++ b/disko.nix @@ -1,8 +1,9 @@ -{ lib -, root-disk ? throw "Expected a mf disk brother" -, raid-disks ? [] -, swap-size ? -1 -, ... +{ + lib, + root-disk ? throw "Expected a mf disk brother", + raid-disks ? [], + swap-size ? -1, + ... }: { disko.devices = { disk = @@ -20,7 +21,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; + mountOptions = ["umask=0077"]; }; }; swap = lib.mkIf (swap-size != -1) { @@ -41,26 +42,6 @@ }; }; }; - # disk2 = { - # type = "disk"; - # device = "/dev/my-disk2"; - # content = { - # type = "gpt"; - # partitions = { - # boot = { - # size = "1M"; - # type = "EF02"; # for grub MBR - # }; - # mdadm = { - # size = "100%"; - # content = { - # type = "mdraid"; - # name = "raid1"; - # }; - # }; - # }; - # }; - # }; } # Import all disks into raid named "raid5" // lib.attrsets.genAttrs raid-disks (name: { @@ -102,8 +83,13 @@ type = "zpool"; mode = "raidz"; - rootFsOptions.compression = "zstd"; - rootFsOptions.mountpoint = "none"; + rootFsOptions = { + compression = "zstd"; + mountpoint = "none"; + acltype = "posixacl"; + xattr = "sa"; + "com.sun:auto-snapshot" = "true"; + }; datasets = { var = { diff --git a/flake.lock b/flake.lock index 52f8388..50d7062 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,50 @@ { "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -21,6 +66,27 @@ } }, "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -58,10 +124,26 @@ }, "root": { "inputs": { + "agenix": "agenix", "disko": "disko", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "nixpkgs": "nixpkgs" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 1ebe241..a535f82 100644 --- a/flake.nix +++ b/flake.nix @@ -13,6 +13,11 @@ url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; + + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -30,6 +35,7 @@ specialArgs = {inherit inputs;}; modules = [ inputs.disko.nixosModules.default + inputs.agenix.nixosModules.default (import ./disko.nix { lib = pkgs.lib; swap-size = "16G"; @@ -51,6 +57,7 @@ specialArgs = {inherit inputs;}; modules = [ inputs.disko.nixosModules.default + inputs.agenix.nixosModules.default (import ./disko.nix { lib = pkgs.lib; swap-size = "128G"; @@ -68,7 +75,6 @@ ./configuration.nix ]; }; - }; }; } diff --git a/home.nix b/home.nix index a974983..9d54759 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{username ? throw "no username provided" }: {...}: { +{username ? throw "no username provided"}: {...}: { imports = []; home.username = username; diff --git a/modules/git.nix b/modules/git.nix index 4fa189d..c13c331 100644 --- a/modules/git.nix +++ b/modules/git.nix @@ -1,6 +1,14 @@ -{config, ...}: -{ +{...}: { programs.git.config = { - safe.directory = [ "/etc/nixos" ]; + safe.directory = ["/etc/nixos"]; + + init = { + defaultBranch = "main"; + }; + + user = { + name = "baritone"; + email = "baritone@mail.spoodythe.one"; + }; }; } diff --git a/modules/networking.nix b/modules/networking.nix index 618fb13..d57c44b 100644 --- a/modules/networking.nix +++ b/modules/networking.nix @@ -1,11 +1,10 @@ -{ hostname ? "server" }: {...}: -{ +{hostname ? "server"}: {...}: { networking.hostName = hostname; networking.hostId = "2ead098f"; networking.networkmanager.enable = true; networking.firewall = { enable = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = []; + allowedUDPPorts = []; }; } diff --git a/modules/nix-settings.nix b/modules/nix-settings.nix index 5edb85d..4b8f768 100644 --- a/modules/nix-settings.nix +++ b/modules/nix-settings.nix @@ -1,12 +1,12 @@ -{ ... }: { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; +{...}: { + nix.settings.experimental-features = ["nix-command" "flakes"]; nix.gc = { automatic = true; options = "--delete-older-than 30d"; }; nix.optimise = { automatic = true; - dates = [ "05:00" ]; + dates = ["05:00"]; }; - nix.settings.trusted-users = [ "@wheel" ]; + nix.settings.trusted-users = ["@wheel"]; } diff --git a/modules/users.nix b/modules/users.nix index df4e2b3..553f296 100644 --- a/modules/users.nix +++ b/modules/users.nix @@ -1,8 +1,12 @@ -{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: { +{main-user ? throw "No main user"}: { + pkgs, + inputs, + ... +}: { home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = {inherit inputs;}; users = { - ${main-user} = (import ../home.nix { username = main-user; }); + ${main-user} = import ../home.nix {username = main-user;}; }; }; @@ -23,10 +27,9 @@ users.users."nixos" = { isNormalUser = true; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux" ]; }; - } diff --git a/modules/zfs.nix b/modules/zfs.nix index 60d34d5..9cf6fa4 100644 --- a/modules/zfs.nix +++ b/modules/zfs.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{pkgs, ...}: { boot.zfs.devNodes = "/dev/disk/by-path"; environment.systemPackages = with pkgs; [ diff --git a/password.nix b/password.nix index 73410f4..387f6e3 100644 --- a/password.nix +++ b/password.nix @@ -1 +1 @@ -"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3" +"$y$j9T$POWFwDly9YH2pelsCnZXa/$ocKEEW0SlKWiPPm2RJMP6wdGYg8sAeKVgnCtk2BSA7D" diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..5970828 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,45 @@ +{ + config, + pkgs, + lib, + ... +}: let + host = "127.0.0.1"; + port = 6969; +in { + services.forgejo = { + enable = true; + + lfs.enable = true; + database.type = "postgres"; + + settings = { + DEFAULT = { + APP_NAME = "An idiot admires complexity. A genius admires simplicity"; + }; + + server = { + DOMAIN = "git.spoodythe.one"; + HTTP_PORT = port; + ROOT_URL = "http://${host}:${toString port}"; + }; + + service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; + }; + federation.ENABLED = false; + }; + }; + + networking.firewall.allowedTCPPorts = [port]; + networking.firewall.allowedUDPPorts = [port]; + + services.caddy = { + enable = true; + virtualHosts."git.spoodythe.one".extraConfig = '' + reverse_proxy * ${host}:${toString port} + ''; + }; +} diff --git a/services/misc.nix b/services/misc.nix index 433a5c1..6f4e3c6 100644 --- a/services/misc.nix +++ b/services/misc.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { services.udev.enable = true; services.thermald.enable = true; } diff --git a/services/nextcloud.nix b/services/nextcloud.nix new file mode 100644 index 0000000..59071e4 --- /dev/null +++ b/services/nextcloud.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: let + nextcloud-pkg = pkgs.nextcloud30; +in { + imports = [ + "${fetchTarball { + url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz"; + sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs"; + }}/nextcloud-extras.nix" + ]; + + environment.etc."nextcloud-admin-pass".text = "supersecretpassword"; + services.nextcloud = { + enable = true; + package = nextcloud-pkg; + hostName = "localhost"; + config.adminpassFile = "/etc/nextcloud-admin-pass"; + config.dbtype = "sqlite"; + webserver = "caddy"; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedUDPPorts = [80 443]; + + environment.systemPackages = [ + nextcloud-pkg + ]; +} diff --git a/services/openssh.nix b/services/openssh.nix index 5700e44..b6dbf4e 100644 --- a/services/openssh.nix +++ b/services/openssh.nix @@ -1,4 +1,4 @@ -{ ... }: { +{...}: { services.openssh = { enable = true; settings = {