diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix index dd56ec2..848e7f2 100644 --- a/hosts/Nixcloud/default.nix +++ b/hosts/Nixcloud/default.nix @@ -1,11 +1,16 @@ -{ pkgs, ... }: +{ + config, + inputs, + lib, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix ./networking.nix - ./forgejo.nix - ]; + ]; boot.loader.grub = { enable = true; efiSupport = true; # Enable EFI features @@ -13,46 +18,69 @@ }; boot.tmp.cleanOnBoot = true; + nix = { + registry = (lib.mapAttrs (_: flake: { inherit flake; })) ( + (lib.filterAttrs (_: lib.isType "flake")) inputs + ); + + nixPath = [ "/etc/nix/path" ]; + + settings = { + download-buffer-size = "512M"; + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + }; + }; + + environment = { + shells = with pkgs; [ bash ]; + etc = lib.mapAttrs' (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) config.nix.registry; + systemPackages = with pkgs; [ + git + sops + wget + ]; + }; zramSwap.enable = true; - - environment.systemPackages = with pkgs; [ - git - ]; - + programs = { + gnupg = { + agent = { + enableSSHSupport = true; + enable = true; + pinentryPackage = pkgs.pinentry-tty; + }; + }; + }; networking.hostName = "srv1065175"; networking.domain = "hstgr.cloud"; - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 443 ]; - }; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch'' - ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook'' - ]; - users.users.nimbus = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - security.sudo.extraRules = [ - { - users = [ "nimbus" ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; + users.users = { + root.openssh.authorizedKeys.keyFiles = [ + (builtins.fetchurl { + url = "https://meta.sr.ht/~sposito.keys"; + name = "sposito-srht-keys"; + sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi"; + }) + ]; + nimbus.isNormalUser = true; + nimbus.openssh.authorizedKeys.keys = [ + (builtins.fetchurl { + url = "https://meta.sr.ht/~sposito.keys"; + name = "sposito-srht-keys"; + sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi"; + }) + ]; + }; system.stateVersion = "23.11"; boot.kernelParams = [ "console=tty1" "console=ttyS0,115200" ]; + time.timeZone = "America/Sao_Paulo"; } diff --git a/hosts/Nixcloud/forgejo.nix b/hosts/Nixcloud/forgejo.nix deleted file mode 100644 index 5e74e92..0000000 --- a/hosts/Nixcloud/forgejo.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.services.forgejo; - srv = cfg.settings.server; - domain = "git.sposi.to"; -in -{ - security.acme = { - acceptTerms = true; - defaults.email = "th.spo@pm.me"; - }; - - services.nginx = { - enable = true; - virtualHosts.${domain} = { - forceSSL = true; - enableACME = true; - # Allow HTTP initially for ACME challenge, will redirect to HTTPS once cert is ready - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; - }; - }; - - services.forgejo = { - enable = true; - database.type = "sqlite3"; - lfs.enable = true; - settings = { - server = { - DOMAIN = domain; - ROOT_URL = "https://${domain}/"; - HTTP_PORT = 3000; - }; - service.DISABLE_REGISTRATION = true; - }; - }; - - services.forgejo.settings.server.SSH_PORT = lib.mkDefault (lib.head (config.services.openssh.ports or [ 22 ])); -} - diff --git a/hosts/Nixcloud/hardware-configuration.nix b/hosts/Nixcloud/hardware-configuration.nix index 566c4f3..147a8f5 100644 --- a/hosts/Nixcloud/hardware-configuration.nix +++ b/hosts/Nixcloud/hardware-configuration.nix @@ -1,15 +1,9 @@ { modulesPath, lib, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub.device = "nodev"; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "xen_blkfront" - "vmw_pvscsi" - ]; boot.initrd.kernelModules = [ "nvme" ]; + boot.loader.grub.device = "nodev"; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; @@ -18,5 +12,13 @@ device = "/dev/sda15"; fsType = "vfat"; }; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "vmw_pvscsi" + "xen_blkfront" + ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }