thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: reconfigure nix cloud

Browse source
This commit is contained in:
Thiago Sposito 2026-01-30 15:25:37 -03:00
parent d5db6daa8c
commit 20e8bd96bd
Signed by: thiago
GPG key ID: 3065EA73A976D430
3 changed files with 73 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

83
hosts/Nixcloud/default.nix
View file

@ -1,16 +1,11 @@
{ { ... }:
config,
inputs,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix ./networking.nix
./forgejo.nix
]; ];
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
efiSupport = true; # Enable EFI features efiSupport = true; # Enable EFI features
@ -18,69 +13,37 @@
}; };
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
nix = {
registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
(lib.filterAttrs (_: lib.isType "flake")) inputs
);
nixPath = [ "/etc/nix/path" ];
settings = {
download-buffer-size = "512M";
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
environment = {
shells = with pkgs; [ bash ];
etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
systemPackages = with pkgs; [
git
sops
wget
];
};
zramSwap.enable = true; zramSwap.enable = true;
programs = {
gnupg = {
agent = {
enableSSHSupport = true;
enable = true;
pinentryPackage = pkgs.pinentry-tty;
};
};
};
networking.hostName = "srv1065175"; networking.hostName = "srv1065175";
networking.domain = "hstgr.cloud"; networking.domain = "hstgr.cloud";
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
users.users = { ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch''
root.openssh.authorizedKeys.keyFiles = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1''
(builtins.fetchurl { ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook''
url = "https://meta.sr.ht/~sposito.keys";
name = "sposito-srht-keys";
sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
})
];
nimbus.isNormalUser = true;
nimbus.openssh.authorizedKeys.keys = [
(builtins.fetchurl {
url = "https://meta.sr.ht/~sposito.keys";
name = "sposito-srht-keys";
sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
})
]; ];
users.users.nimbus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
}; };
security.sudo.extraRules = [
{
users = [ "nimbus" ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
boot.kernelParams = [ boot.kernelParams = [
"console=tty1" "console=tty1"
"console=ttyS0,115200" "console=ttyS0,115200"
]; ];
time.timeZone = "America/Sao_Paulo";
} }

41
hosts/Nixcloud/forgejo.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
domain = "git.sposi.to";
in
{
security.acme = {
acceptTerms = true;
defaults.email = "thiago@sposi.to";
};
services.nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.forgejo = {
enable = true;
database.type = "sqlite3";
lfs.enable = true;
settings = {
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3000;
};
service.DISABLE_REGISTRATION = true;
};
};
services.forgejo.settings.server.SSH_PORT = lib.mkDefault (lib.head (config.services.openssh.ports or [ 22 ]));
}

16
hosts/Nixcloud/hardware-configuration.nix
View file

@ -1,9 +1,15 @@
{ modulesPath, lib, ... }: { modulesPath, lib, ... }:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.kernelModules = [ "nvme" ];
boot.loader.grub.device = "nodev"; boot.loader.grub.device = "nodev";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/sda1"; device = "/dev/sda1";
fsType = "ext4"; fsType = "ext4";
@ -12,13 +18,5 @@
device = "/dev/sda15"; device = "/dev/sda15";
fsType = "vfat"; fsType = "vfat";
}; };
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"vmw_pvscsi"
"xen_blkfront"
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }