more stuffs

2025-03-03 00:38:16 +01:00 · 2025-03-03 00:38:16 +01:00 · 76bb4f850d
parent 046aa3d168
commit 76bb4f850d
15 changed files with 212 additions and 57 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,16 +1,15 @@
-{ pkgs
+{pkgs, ...}: {
 , ...
 }:
 {
  imports = [
    ./services/openssh.nix
    ./services/forgejo.nix
    ./services/misc.nix
    ./modules/git.nix
    ./modules/nix-settings.nix
    ./modules/zfs.nix
-    (import ./modules/networking.nix { hostname = "server"; })
+    (import ./modules/networking.nix {hostname = "server";})
-    (import ./modules/users.nix { main-user = "baritone"; })
+    (import ./modules/users.nix {main-user = "baritone";})
  ];
  boot.loader = {
--- a/disko.nix
+++ b/disko.nix
@ -1,8 +1,9 @@
-{ lib
+{
-, root-disk ? throw "Expected a mf disk brother"
+  lib,
-, raid-disks ? []
+  root-disk ? throw "Expected a mf disk brother",
-, swap-size ? -1
+  raid-disks ? [],
-, ...
+  swap-size ? -1,
  ...
 }: {
  disko.devices = {
    disk =
@ -20,7 +21,7 @@
                  type = "filesystem";
                  format = "vfat";
                  mountpoint = "/boot";
-                  mountOptions = [ "umask=0077" ];
+                  mountOptions = ["umask=0077"];
                };
              };
              swap = lib.mkIf (swap-size != -1) {
@ -41,26 +42,6 @@
            };
          };
        };
        # disk2 = {
        #   type = "disk";
        #   device = "/dev/my-disk2";
        #   content = {
        #     type = "gpt";
        #     partitions = {
        #       boot = {
        #         size = "1M";
        #         type = "EF02"; # for grub MBR
        #       };
        #       mdadm = {
        #         size = "100%";
        #         content = {
        #           type = "mdraid";
        #           name = "raid1";
        #         };
        #       };
        #     };
        #   };
        # };
      }
      # Import all disks into raid named "raid5"
      // lib.attrsets.genAttrs raid-disks (name: {
@ -102,8 +83,13 @@
        type = "zpool";
        mode = "raidz";
-        rootFsOptions.compression = "zstd";
+        rootFsOptions = {
-        rootFsOptions.mountpoint = "none";
+          compression = "zstd";
          mountpoint = "none";
          acltype = "posixacl";
          xattr = "sa";
          "com.sun:auto-snapshot" = "true";
        };
        datasets = {
          var = {
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,50 @@
 {
  "nodes": {
    "agenix": {
      "inputs": {
        "darwin": "darwin",
        "home-manager": "home-manager",
        "nixpkgs": [
          "nixpkgs"
        ],
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1736955230,
        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
        "owner": "ryantm",
        "repo": "agenix",
        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
        "type": "github"
      },
      "original": {
        "owner": "ryantm",
        "repo": "agenix",
        "type": "github"
      }
    },
    "darwin": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1700795494,
        "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
        "owner": "lnl7",
        "repo": "nix-darwin",
        "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
        "type": "github"
      },
      "original": {
        "owner": "lnl7",
        "ref": "master",
        "repo": "nix-darwin",
        "type": "github"
      }
    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -21,6 +66,27 @@
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1703113217,
        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "home-manager_2": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
@ -58,10 +124,26 @@
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "disko": "disko",
-        "home-manager": "home-manager",
+        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -13,6 +13,11 @@
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
      url = "github:ryantm/agenix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
@ -30,6 +35,7 @@
        specialArgs = {inherit inputs;};
        modules = [
          inputs.disko.nixosModules.default
          inputs.agenix.nixosModules.default
          (import ./disko.nix {
            lib = pkgs.lib;
            swap-size = "16G";
@ -51,6 +57,7 @@
        specialArgs = {inherit inputs;};
        modules = [
          inputs.disko.nixosModules.default
          inputs.agenix.nixosModules.default
          (import ./disko.nix {
            lib = pkgs.lib;
            swap-size = "128G";
@ -68,7 +75,6 @@
          ./configuration.nix
        ];
      };
    };
  };
 }
--- a/home.nix
+++ b/home.nix
@ -1,4 +1,4 @@
-{username ? throw "no username provided" }: {...}: {
+{username ? throw "no username provided"}: {...}: {
  imports = [];
  home.username = username;
--- a/modules/git.nix
+++ b/modules/git.nix
@ -1,6 +1,14 @@
-{config, ...}:
+{...}: {
 {
  programs.git.config = {
-    safe.directory = [ "/etc/nixos" ];
+    safe.directory = ["/etc/nixos"];
    init = {
      defaultBranch = "main";
    };
    user = {
      name = "baritone";
      email = "baritone@mail.spoodythe.one";
    };
  };
 }
--- a/modules/networking.nix
+++ b/modules/networking.nix
@ -1,11 +1,10 @@
-{ hostname ? "server" }: {...}:
+{hostname ? "server"}: {...}: {
 {
  networking.hostName = hostname;
  networking.hostId = "2ead098f";
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ ];
+    allowedTCPPorts = [];
-    allowedUDPPorts = [ ];
+    allowedUDPPorts = [];
  };
 }
--- a/modules/nix-settings.nix
+++ b/modules/nix-settings.nix
@ -1,12 +1,12 @@
-{ ... }: {
+{...}: {
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  nix.settings.experimental-features = ["nix-command" "flakes"];
  nix.gc = {
    automatic = true;
    options = "--delete-older-than 30d";
  };
  nix.optimise = {
    automatic = true;
-    dates = [ "05:00" ];
+    dates = ["05:00"];
  };
-  nix.settings.trusted-users = [ "@wheel" ];
+  nix.settings.trusted-users = ["@wheel"];
 }
--- a/modules/users.nix
+++ b/modules/users.nix
@ -1,8 +1,12 @@
-{ main-user ? throw "No main user" }: { pkgs, inputs, ... }: {
+{main-user ? throw "No main user"}: {
  pkgs,
  inputs,
  ...
 }: {
  home-manager = {
-    extraSpecialArgs = { inherit inputs; };
+    extraSpecialArgs = {inherit inputs;};
    users = {
-      ${main-user} = (import ../home.nix { username = main-user; });
+      ${main-user} = import ../home.nix {username = main-user;};
    };
  };
@ -23,10 +27,9 @@
  users.users."nixos" = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = ["wheel"];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFhTExbc9m4dCK6676wGiA8zPjE0l/9Fz2yf0IKvUvg snorre@archlinux"
    ];
  };
 }
--- a/modules/zfs.nix
+++ b/modules/zfs.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{pkgs, ...}: {
  boot.zfs.devNodes = "/dev/disk/by-path";
  environment.systemPackages = with pkgs; [
--- a/password.nix
+++ b/password.nix
@ -1 +1 @@
-"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3"
+"$y$j9T$POWFwDly9YH2pelsCnZXa/$ocKEEW0SlKWiPPm2RJMP6wdGYg8sAeKVgnCtk2BSA7D"
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@ -0,0 +1,45 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: let
  host = "127.0.0.1";
  port = 6969;
 in {
  services.forgejo = {
    enable = true;
    lfs.enable = true;
    database.type = "postgres";
    settings = {
      DEFAULT = {
        APP_NAME = "An idiot admires complexity. A genius admires simplicity";
      };
      server = {
        DOMAIN = "git.spoodythe.one";
        HTTP_PORT = port;
        ROOT_URL = "http://${host}:${toString port}";
      };
      service.DISABLE_REGISTRATION = true;
      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "https://code.forgejo.org";
      };
      federation.ENABLED = false;
    };
  };
  networking.firewall.allowedTCPPorts = [port];
  networking.firewall.allowedUDPPorts = [port];
  services.caddy = {
    enable = true;
    virtualHosts."git.spoodythe.one".extraConfig = ''
      reverse_proxy * ${host}:${toString port}
    '';
  };
 }
--- a/services/misc.nix
+++ b/services/misc.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  services.udev.enable = true;
  services.thermald.enable = true;
 }
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@ -0,0 +1,27 @@
 {pkgs, ...}: let
  nextcloud-pkg = pkgs.nextcloud30;
 in {
  imports = [
    "${fetchTarball {
      url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
      sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
    }}/nextcloud-extras.nix"
  ];
  environment.etc."nextcloud-admin-pass".text = "supersecretpassword";
  services.nextcloud = {
    enable = true;
    package = nextcloud-pkg;
    hostName = "localhost";
    config.adminpassFile = "/etc/nextcloud-admin-pass";
    config.dbtype = "sqlite";
    webserver = "caddy";
  };
  networking.firewall.allowedTCPPorts = [80 443];
  networking.firewall.allowedUDPPorts = [80 443];
  environment.systemPackages = [
    nextcloud-pkg
  ];
 }
--- a/services/openssh.nix
+++ b/services/openssh.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{...}: {
  services.openssh = {
    enable = true;
    settings = {
`@ -1 +1 @@`
	`"$y$j9T$rflI.YoiFDa7wg2F2rmgy1$uCLInRwRKmUIUYlhdHFUwBf0yhnRUK9eTVMvX8UjCz3"`	`"$y$j9T$POWFwDly9YH2pelsCnZXa/$ocKEEW0SlKWiPPm2RJMP6wdGYg8sAeKVgnCtk2BSA7D"`