diff --git a/README.md b/README.md index 47c51b8..f59ce8a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -## Jimbo's Nix Systems +## Nix Systems Thanks for taking a look at my Nix* flake! While this is primarily organized for my own use, you may find each individual service or config useful to read, reference, learn from, and adapt for your own systems. diff --git a/flake.nix b/flake.nix index c7d2cf8..e67e7ab 100644 --- a/flake.nix +++ b/flake.nix @@ -76,7 +76,6 @@ tower = mkNix [ ./hosts/tower ]; # Main Desktop envy = mkNix [ ./hosts/envy ]; # HP Convertable - lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot extern = mkNix [ ./hosts/extern ]; # External Drive/USB diff --git a/hosts/lacros/boot/default.nix b/hosts/lacros/boot/default.nix deleted file mode 100644 index cc98a84..0000000 --- a/hosts/lacros/boot/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - kernel.sysctl."vm.max_map_count" = 2147483642; - }; -} diff --git a/hosts/lacros/default.nix b/hosts/lacros/default.nix deleted file mode 100644 index 6e08959..0000000 --- a/hosts/lacros/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, ... }: -{ - imports = [ - ./boot - ./disko - ./filesystems - ./hardware - ./users - ../../modules/system - ]; - - services.keyd.keyboards.default.settings.main = { - leftmeta = lib.mkForce "overload(control, esc)"; - leftcontrol = lib.mkForce "leftmeta"; - f13 = lib.mkForce "delete"; - }; - - system.lanzaboote.enable = true; - - networking.hostName = "lacros"; - system.stateVersion = "24.11"; -} diff --git a/hosts/lacros/disko/default.nix b/hosts/lacros/disko/default.nix deleted file mode 100644 index 45560d7..0000000 --- a/hosts/lacros/disko/default.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ disko, config, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/mmcblk0"; - content = { - type = "gpt"; - partitions = { - ESP = { - priority = 1; - size = "1500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "${config.networking.hostName}-disk"; - settings.allowDiscards = true; - passwordFile = "/tmp/secret.key"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; - }; - "/persist/.snapshots" = { }; - - "/jimbo" = { - mountpoint = "/persist/home/jimbo"; - mountOptions = [ "compress=zstd" "noatime" "ssd" ]; - }; - "/jimbo/.snapshots" = { }; - }; - }; - }; - swap = { - size = "1500M"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems = { - "/persist".neededForBoot = true; - "/persist/home/jimbo".neededForBoot = true; - }; -} diff --git a/hosts/lacros/filesystems/default.nix b/hosts/lacros/filesystems/default.nix deleted file mode 100644 index 4696462..0000000 --- a/hosts/lacros/filesystems/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -{ - fileSystems = { - # Network mounts - "/home/jimbo/JimboNFS" = { - device = "10.100.0.1:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; - }; - }; -} diff --git a/hosts/lacros/hardware/default.nix b/hosts/lacros/hardware/default.nix deleted file mode 100644 index 8e73a23..0000000 --- a/hosts/lacros/hardware/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: - -{ - boot.kernelModules = [ "kvm-intel" ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/lacros/id_ed25519.pub b/hosts/lacros/id_ed25519.pub deleted file mode 100644 index 1fa6123..0000000 --- a/hosts/lacros/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk6ALxn+zKrRys6/c1oYSoWJaUUEo3nAM224ElhjJQR diff --git a/hosts/lacros/users/default.nix b/hosts/lacros/users/default.nix deleted file mode 100644 index a0f4778..0000000 --- a/hosts/lacros/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./jimbo ]; -} diff --git a/hosts/lacros/users/jimbo/default.nix b/hosts/lacros/users/jimbo/default.nix deleted file mode 100644 index d93c068..0000000 --- a/hosts/lacros/users/jimbo/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ lib, ... }: -{ - home-manager.users.jimbo = { - home.stateVersion = lib.mkForce "24.11"; - }; -} diff --git a/modules/system/accounts/users/custom/default.nix b/modules/system/accounts/users/custom/default.nix new file mode 100644 index 0000000..575e8a5 --- /dev/null +++ b/modules/system/accounts/users/custom/default.nix @@ -0,0 +1,7 @@ +{ home-manager, ... }: +{ + imports = [ + ./jimbo + home-manager.nixosModules.home-manager + ]; +} diff --git a/modules/system/accounts/users/jimbo/default.nix b/modules/system/accounts/users/custom/jimbo/default.nix similarity index 55% rename from modules/system/accounts/users/jimbo/default.nix rename to modules/system/accounts/users/custom/jimbo/default.nix index 34f9512..4bd7056 100644 --- a/modules/system/accounts/users/jimbo/default.nix +++ b/modules/system/accounts/users/custom/jimbo/default.nix @@ -5,14 +5,13 @@ hashedPassword = config.secrets.jimboAccPass; isNormalUser = true; openssh.authorizedKeys.keys = [ - (builtins.readFile ../../../../../hosts/tower/id_ed25519.pub) + (builtins.readFile ../../../../../../hosts/tower/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/envy/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub) + (builtins.readFile ../../../../../../hosts/envy/id_ed25519.pub) + (builtins.readFile ../../../../../../hosts/redmond/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub) + (builtins.readFile ../../../../../../hosts/kitty/id_ed25519.pub) + (builtins.readFile ../../../../../../hosts/prophet/id_ed25519.pub) "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9" ]; @@ -35,5 +34,5 @@ shell = pkgs.zsh; }; - home-manager.users.jimbo = import ../../../../home; + home-manager.users.jimbo = import ../../../../../home; } diff --git a/modules/system/accounts/users/default.nix b/modules/system/accounts/users/default.nix index 3794404..59e3555 100644 --- a/modules/system/accounts/users/default.nix +++ b/modules/system/accounts/users/default.nix @@ -1,11 +1,8 @@ -{ home-manager, ... }: +{ ... }: { imports = [ - ./jimbo - ./liquidsoap - ./nextcloud - ./nginx - home-manager.nixosModules.home-manager + ./custom + ./system ]; users.mutableUsers = false; diff --git a/modules/system/accounts/users/system/default.nix b/modules/system/accounts/users/system/default.nix new file mode 100644 index 0000000..770ed27 --- /dev/null +++ b/modules/system/accounts/users/system/default.nix @@ -0,0 +1,8 @@ +{ ... }: +{ + imports = [ + ./liquidsoap + ./nextcloud + ./nginx + ]; +} diff --git a/modules/system/accounts/users/liquidsoap/default.nix b/modules/system/accounts/users/system/liquidsoap/default.nix similarity index 100% rename from modules/system/accounts/users/liquidsoap/default.nix rename to modules/system/accounts/users/system/liquidsoap/default.nix diff --git a/modules/system/accounts/users/nextcloud/default.nix b/modules/system/accounts/users/system/nextcloud/default.nix similarity index 100% rename from modules/system/accounts/users/nextcloud/default.nix rename to modules/system/accounts/users/system/nextcloud/default.nix diff --git a/modules/system/accounts/users/nginx/default.nix b/modules/system/accounts/users/system/nginx/default.nix similarity index 100% rename from modules/system/accounts/users/nginx/default.nix rename to modules/system/accounts/users/system/nginx/default.nix diff --git a/modules/system/services/server/acme/default.nix b/modules/system/services/server/acme/default.nix index ab2c23c..9a155f5 100644 --- a/modules/system/services/server/acme/default.nix +++ b/modules/system/services/server/acme/default.nix @@ -2,6 +2,6 @@ { security.acme = { acceptTerms = true; - defaults.email = "jimjam4real@gmail.com"; + defaults.email = "jimbo@${config.domains.p2}"; }; } diff --git a/modules/system/services/server/ddclient/default.nix b/modules/system/services/server/ddclient/default.nix index 0ab584e..76aa1c9 100644 --- a/modules/system/services/server/ddclient/default.nix +++ b/modules/system/services/server/ddclient/default.nix @@ -4,19 +4,19 @@ enable = config.system.server.enable; protocol = "cloudflare"; usev4 = "web, web=https://ipinfo.io/ip"; - zone = "${config.domains.p1}"; + zone = "${config.domains.p2}"; username = "token"; passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}"; domains = [ - "${config.domains.p1}" - "*.${config.domains.p1}" - "sv.${config.domains.p1}" - "git.${config.domains.p1}" - "turn.${config.domains.p1}" - "dew.${config.domains.p1}" - "john.${config.domains.p1}" - "beta.${config.domains.p1}" - "rogue.${config.domains.p1}" + "${config.domains.p2}" + "*.${config.domains.p2}" + "sv.${config.domains.p2}" + "git.${config.domains.p2}" + "turn.${config.domains.p2}" + "dew.${config.domains.p2}" + "john.${config.domains.p2}" + "beta.${config.domains.p2}" + "rogue.${config.domains.p2}" ]; }; } diff --git a/modules/system/services/server/fileserver/nextcloud/default.nix b/modules/system/services/server/fileserver/nextcloud/default.nix index e4f671c..3e34e1d 100644 --- a/modules/system/services/server/fileserver/nextcloud/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/default.nix @@ -5,7 +5,7 @@ services.nextcloud = { enable = config.system.server.enable; package = pkgs.nextcloud30; - hostName = "cloud.${config.domains.p1}"; + hostName = "cloud.${config.domains.p2}"; datadir = "/mnt/nextcloud"; https = true; config = { @@ -14,7 +14,7 @@ }; settings = { trusted_proxies = [ "127.0.0.1" ]; - trusted_domains = [ "cloud.${config.domains.p1}" ]; + trusted_domains = [ "cloud.${config.domains.p2}" ]; overwriteprotocol = "https"; mail_smtphost = "mx.${config.domains.p1}"; mail_domain = "${config.domains.p1}"; diff --git a/modules/system/services/server/fileserver/nextcloud/nginx/default.nix b/modules/system/services/server/fileserver/nextcloud/nginx/default.nix index 31c0362..61df13e 100644 --- a/modules/system/services/server/fileserver/nextcloud/nginx/default.nix +++ b/modules/system/services/server/fileserver/nextcloud/nginx/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable { + services.nginx.virtualHosts."cloud.${config.domains.p2}" = lib.mkIf config.services.nextcloud.enable { enableACME = true; addSSL = true; locations."/" = { diff --git a/modules/system/services/server/forgejo/default.nix b/modules/system/services/server/forgejo/default.nix index 2f2a7d7..8c83cbe 100644 --- a/modules/system/services/server/forgejo/default.nix +++ b/modules/system/services/server/forgejo/default.nix @@ -16,7 +16,7 @@ mailer = { ENABLED = true; SMTP_ADDR = "mx.${config.domains.p1}"; - FROM = "Jimbo's Git "; + FROM = "NixFox Git "; USER = "noreply@${config.domains.p1}"; PASSWD = config.secrets.noreplyPassword; PROTOCOL = "smtps"; diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix index 78e9d49..75c77a5 100644 --- a/modules/system/services/server/icecast/default.nix +++ b/modules/system/services/server/icecast/default.nix @@ -8,7 +8,7 @@ services.icecast = { enable = config.system.server.enable; listen.port = 265; - hostname = "icecast.${config.domains.p1}"; + hostname = "radio.${config.domains.p2}"; admin = { user = "jimbo"; password = "${config.secrets.castAdminPass}"; diff --git a/modules/system/services/server/icecast/nginx/default.nix b/modules/system/services/server/icecast/nginx/default.nix index c88f03b..7b7beb7 100644 --- a/modules/system/services/server/icecast/nginx/default.nix +++ b/modules/system/services/server/icecast/nginx/default.nix @@ -1,6 +1,6 @@ { lib, config, ... }: { - services.nginx.virtualHosts."icecast.${config.domains.p1}" = lib.mkIf config.services.icecast.enable { + services.nginx.virtualHosts."radio.${config.domains.p2}" = lib.mkIf config.services.icecast.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/mailserver/roundcube/default.nix b/modules/system/services/server/mailserver/roundcube/default.nix index b1d1b90..dbcc22b 100644 --- a/modules/system/services/server/mailserver/roundcube/default.nix +++ b/modules/system/services/server/mailserver/roundcube/default.nix @@ -2,7 +2,7 @@ { services.roundcube = { enable = config.system.mailserver.enable; - hostName = "mail.${config.domains.p1}"; + hostName = "mail.${config.domains.p2}"; extraConfig = '' $config['smtp_server'] = "tls://mx.${config.domains.p1}"; $config['smtp_user'] = "%u"; diff --git a/modules/system/services/server/minecraft/servers/roguecraft/default.nix b/modules/system/services/server/minecraft/servers/roguecraft/default.nix index 3081365..68e373a 100644 --- a/modules/system/services/server/minecraft/servers/roguecraft/default.nix +++ b/modules/system/services/server/minecraft/servers/roguecraft/default.nix @@ -9,7 +9,7 @@ in { serverProperties = common.serverProperties // { difficulty = 3; server-port = 30014; - motd = "\\u00A7l\\u00A7bJimbo's \\u00A7cRoguecraft \\u00A7bserver."; + motd = "\\u00A7l\\u00A7bNixFox \\u00A7cRoguecraft \\u00A7bserver."; require-resource-pack = true; resource-pack = "https://${config.domains.p1}/roguecraftresourcepackredir"; resource-pack-sha1 = "b540c0562aba90c3ead2356bb9cb74fcf0db36b3"; diff --git a/modules/system/services/server/nginx/rtmp/default.nix b/modules/system/services/server/nginx/rtmp/default.nix index 3bc0995..6975268 100644 --- a/modules/system/services/server/nginx/rtmp/default.nix +++ b/modules/system/services/server/nginx/rtmp/default.nix @@ -34,7 +34,7 @@ }; systemd.services.nginx.serviceConfig = { - ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ]; + ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ]; }; }; } diff --git a/modules/system/services/server/nginx/virtualhosts/default.nix b/modules/system/services/server/nginx/virtualhosts/default.nix index 4c2b8a5..d3d9510 100644 --- a/modules/system/services/server/nginx/virtualhosts/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/default.nix @@ -1,6 +1,6 @@ { ... }: { imports = [ - ./p1 + ./p2 ]; } diff --git a/modules/system/services/server/nginx/virtualhosts/p1/default.nix b/modules/system/services/server/nginx/virtualhosts/p2/default.nix similarity index 71% rename from modules/system/services/server/nginx/virtualhosts/p1/default.nix rename to modules/system/services/server/nginx/virtualhosts/p2/default.nix index dabdc98..7ed8f09 100644 --- a/modules/system/services/server/nginx/virtualhosts/p1/default.nix +++ b/modules/system/services/server/nginx/virtualhosts/p2/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable { + services.nginx.virtualHosts."${config.domains.p2}" = lib.mkIf config.system.server.enable { enableACME = true; addSSL = true; root = "/var/www/landing-page"; @@ -10,13 +10,13 @@ return 200 ' { "m.homeserver": { - "base_url": "https://matrix.${config.domains.p1}" + "base_url": "https://matrix.${config.domains.p2}" }, "m.identity_server": { "base_url": "https://matrix.org" }, "org.matrix.msc3575.proxy": { - "url": "https://matrix.${config.domains.p1}" + "url": "https://matrix.${config.domains.p2}" } } '; @@ -24,7 +24,7 @@ "/.well-known/matrix/server".extraConfig = '' default_type application/json; - return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }'; + return 200 '{ "m.server": "matrix.${config.domains.p2}:443" }'; ''; }; }; diff --git a/modules/system/services/server/social/lemmy/default.nix b/modules/system/services/server/social/lemmy/default.nix index 48fc0b1..3829818 100644 --- a/modules/system/services/server/social/lemmy/default.nix +++ b/modules/system/services/server/social/lemmy/default.nix @@ -11,7 +11,7 @@ email = { smtp_server = "mx.${config.domains.p1}:587"; smtp_login = "noreply@${config.domains.p1}"; - smtp_from_address = "Jimbo's Lemmy "; + smtp_from_address = "NixFox Lemmy "; smtp_password = config.secrets.noreplyPassword; tls_type = "starttls"; }; diff --git a/modules/system/services/server/transmission/nginx/default.nix b/modules/system/services/server/transmission/nginx/default.nix index cb3978b..b60907a 100644 --- a/modules/system/services/server/transmission/nginx/default.nix +++ b/modules/system/services/server/transmission/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."torrent.${config.domains.p1}" = lib.mkIf config.services.transmission.enable { + services.nginx.virtualHosts."tor.${config.domains.p2}" = lib.mkIf config.services.transmission.enable { enableACME = true; forceSSL = true; locations."/" = { diff --git a/modules/system/services/server/vaultwarden/default.nix b/modules/system/services/server/vaultwarden/default.nix index b2829fa..2bcaec9 100644 --- a/modules/system/services/server/vaultwarden/default.nix +++ b/modules/system/services/server/vaultwarden/default.nix @@ -5,7 +5,7 @@ services.vaultwarden = { enable = config.system.server.enable; config = { - DOMAIN = "https://warden.${config.domains.p1}"; + DOMAIN = "https://pass.${config.domains.p2}"; SIGNUPS_ALLOWED = false; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = 8222; diff --git a/modules/system/services/server/vaultwarden/nginx/default.nix b/modules/system/services/server/vaultwarden/nginx/default.nix index 20d96d8..e44a168 100644 --- a/modules/system/services/server/vaultwarden/nginx/default.nix +++ b/modules/system/services/server/vaultwarden/nginx/default.nix @@ -1,6 +1,6 @@ { config, lib, ... }: { - services.nginx.virtualHosts."warden.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable { + services.nginx.virtualHosts."pass.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable { enableACME = true; forceSSL = true; locations."/" = {