thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: thiago:main
Branches Tags
thiago:main
thiago:fix
thiago:broken-man
..
compare: thiago:fix
Branches Tags
thiago:main
thiago:fix
thiago:broken-man

No commits in common. "main" and "fix" have entirely different histories.
main ... fix

3 changed files with 71 additions and 83 deletions
Download patch file Download diff file Expand all files Collapse all files

94
hosts/Nixcloud/default.nix
View file

@ -1,11 +1,16 @@
{ pkgs, ... }: {
config,
inputs,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./networking.nix ./networking.nix
./forgejo.nix
];
];
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
efiSupport = true; # Enable EFI features efiSupport = true; # Enable EFI features
@ -13,46 +18,69 @@
}; };
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
nix = {
registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
(lib.filterAttrs (_: lib.isType "flake")) inputs
);
nixPath = [ "/etc/nix/path" ];
settings = {
download-buffer-size = "512M";
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
environment = {
shells = with pkgs; [ bash ];
etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
systemPackages = with pkgs; [
git
sops
wget
];
};
zramSwap.enable = true; zramSwap.enable = true;
programs = {
environment.systemPackages = with pkgs; [ gnupg = {
git agent = {
]; enableSSHSupport = true;
enable = true;
pinentryPackage = pkgs.pinentry-tty;
};
};
};
networking.hostName = "srv1065175"; networking.hostName = "srv1065175";
networking.domain = "hstgr.cloud"; networking.domain = "hstgr.cloud";
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch''
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook''
];
users.users.nimbus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
security.sudo.extraRules = [ users.users = {
{ root.openssh.authorizedKeys.keyFiles = [
users = [ "nimbus" ]; (builtins.fetchurl {
commands = [ url = "https://meta.sr.ht/~sposito.keys";
{ name = "sposito-srht-keys";
command = "ALL"; sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
options = [ "NOPASSWD" ]; })
} ];
]; nimbus.isNormalUser = true;
} nimbus.openssh.authorizedKeys.keys = [
]; (builtins.fetchurl {
url = "https://meta.sr.ht/~sposito.keys";
name = "sposito-srht-keys";
sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
})
];
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
boot.kernelParams = [ boot.kernelParams = [
"console=tty1" "console=tty1"
"console=ttyS0,115200" "console=ttyS0,115200"
]; ];
time.timeZone = "America/Sao_Paulo";
} }

42
hosts/Nixcloud/forgejo.nix
View file

@ -1,42 +0,0 @@
{ lib, config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
domain = "git.sposi.to";
in
{
security.acme = {
acceptTerms = true;
defaults.email = "th.spo@pm.me";
};
services.nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
# Allow HTTP initially for ACME challenge, will redirect to HTTPS once cert is ready
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.forgejo = {
enable = true;
database.type = "sqlite3";
lfs.enable = true;
settings = {
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3000;
};
service.DISABLE_REGISTRATION = true;
};
};
services.forgejo.settings.server.SSH_PORT = lib.mkDefault (lib.head (config.services.openssh.ports or [ 22 ]));
}

18
hosts/Nixcloud/hardware-configuration.nix
View file

@ -1,15 +1,9 @@
{ modulesPath, lib, ... }: { modulesPath, lib, ... }:
{ {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub.device = "nodev";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
boot.initrd.kernelModules = [ "nvme" ]; boot.initrd.kernelModules = [ "nvme" ];
boot.loader.grub.device = "nodev";
fileSystems."/" = { fileSystems."/" = {
device = "/dev/sda1"; device = "/dev/sda1";
fsType = "ext4"; fsType = "ext4";
@ -18,5 +12,13 @@
device = "/dev/sda15"; device = "/dev/sda15";
fsType = "vfat"; fsType = "vfat";
}; };
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"vmw_pvscsi"
"xen_blkfront"
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }