More service changes start the move to nixfox.ca and replace the username
This commit is contained in:
parent
bf138bcd93
commit
ab6f4f9946
|
@ -1,4 +1,4 @@
|
|||
## Jimbo's Nix Systems
|
||||
## Nix Systems
|
||||
|
||||
Thanks for taking a look at my Nix* flake!
|
||||
While this is primarily organized for my own use, you may find each individual service or config useful to read, reference, learn from, and adapt for your own systems.
|
||||
|
|
|
@ -76,7 +76,6 @@
|
|||
tower = mkNix [ ./hosts/tower ]; # Main Desktop
|
||||
|
||||
envy = mkNix [ ./hosts/envy ]; # HP Convertable
|
||||
lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook
|
||||
redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot
|
||||
extern = mkNix [ ./hosts/extern ]; # External Drive/USB
|
||||
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_latest;
|
||||
kernel.sysctl."vm.max_map_count" = 2147483642;
|
||||
};
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./boot
|
||||
./disko
|
||||
./filesystems
|
||||
./hardware
|
||||
./users
|
||||
../../modules/system
|
||||
];
|
||||
|
||||
services.keyd.keyboards.default.settings.main = {
|
||||
leftmeta = lib.mkForce "overload(control, esc)";
|
||||
leftcontrol = lib.mkForce "leftmeta";
|
||||
f13 = lib.mkForce "delete";
|
||||
};
|
||||
|
||||
system.lanzaboote.enable = true;
|
||||
|
||||
networking.hostName = "lacros";
|
||||
system.stateVersion = "24.11";
|
||||
}
|
|
@ -1,97 +0,0 @@
|
|||
{ disko, config, ... }:
|
||||
{
|
||||
imports = [ disko.nixosModules.disko ];
|
||||
|
||||
disko.devices = {
|
||||
disk = {
|
||||
"${config.networking.hostName}" = {
|
||||
type = "disk";
|
||||
device = "/dev/mmcblk0";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
ESP = {
|
||||
priority = 1;
|
||||
size = "1500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "umask=0077" ];
|
||||
};
|
||||
};
|
||||
luks = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "${config.networking.hostName}-disk";
|
||||
settings.allowDiscards = true;
|
||||
passwordFile = "/tmp/secret.key";
|
||||
content = {
|
||||
type = "lvm_pv";
|
||||
vg = "${config.networking.hostName}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
lvm_vg = {
|
||||
"${config.networking.hostName}" = {
|
||||
type = "lvm_vg";
|
||||
lvs = {
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
subvolumes = {
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
|
||||
};
|
||||
"/prev" = {
|
||||
mountpoint = "/prev";
|
||||
mountOptions = [ "compress=zstd" "noatime" "ssd" "noexec" ];
|
||||
};
|
||||
"/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
|
||||
};
|
||||
|
||||
# Impermanence
|
||||
"/persist" = {
|
||||
mountpoint = "/persist";
|
||||
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
|
||||
};
|
||||
"/persist/.snapshots" = { };
|
||||
|
||||
"/jimbo" = {
|
||||
mountpoint = "/persist/home/jimbo";
|
||||
mountOptions = [ "compress=zstd" "noatime" "ssd" ];
|
||||
};
|
||||
"/jimbo/.snapshots" = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
size = "1500M";
|
||||
content = {
|
||||
type = "swap";
|
||||
discardPolicy = "both";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Needed for impermanence
|
||||
fileSystems = {
|
||||
"/persist".neededForBoot = true;
|
||||
"/persist/home/jimbo".neededForBoot = true;
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
fileSystems = {
|
||||
# Network mounts
|
||||
"/home/jimbo/JimboNFS" = {
|
||||
device = "10.100.0.1:/export/JimboNFS";
|
||||
fsType = "nfs4";
|
||||
options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
|
||||
{
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk6ALxn+zKrRys6/c1oYSoWJaUUEo3nAM224ElhjJQR
|
|
@ -1,4 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [ ./jimbo ];
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
home-manager.users.jimbo = {
|
||||
home.stateVersion = lib.mkForce "24.11";
|
||||
};
|
||||
}
|
7
modules/system/accounts/users/custom/default.nix
Normal file
7
modules/system/accounts/users/custom/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ home-manager, ... }:
|
||||
{
|
||||
imports = [
|
||||
./jimbo
|
||||
home-manager.nixosModules.home-manager
|
||||
];
|
||||
}
|
|
@ -5,14 +5,13 @@
|
|||
hashedPassword = config.secrets.jimboAccPass;
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ../../../../../hosts/tower/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../../hosts/tower/id_ed25519.pub)
|
||||
|
||||
(builtins.readFile ../../../../../hosts/envy/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../../hosts/envy/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../../hosts/redmond/id_ed25519.pub)
|
||||
|
||||
(builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../hosts/prophet/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../../hosts/kitty/id_ed25519.pub)
|
||||
(builtins.readFile ../../../../../../hosts/prophet/id_ed25519.pub)
|
||||
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJahAoF74BY6GCTsFkt1ADKaraFgJJozW1Y1aBTLK0j9 Pixel9"
|
||||
];
|
||||
|
@ -35,5 +34,5 @@
|
|||
shell = pkgs.zsh;
|
||||
};
|
||||
|
||||
home-manager.users.jimbo = import ../../../../home;
|
||||
home-manager.users.jimbo = import ../../../../../home;
|
||||
}
|
|
@ -1,11 +1,8 @@
|
|||
{ home-manager, ... }:
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./jimbo
|
||||
./liquidsoap
|
||||
./nextcloud
|
||||
./nginx
|
||||
home-manager.nixosModules.home-manager
|
||||
./custom
|
||||
./system
|
||||
];
|
||||
|
||||
users.mutableUsers = false;
|
||||
|
|
8
modules/system/accounts/users/system/default.nix
Normal file
8
modules/system/accounts/users/system/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./liquidsoap
|
||||
./nextcloud
|
||||
./nginx
|
||||
];
|
||||
}
|
|
@ -2,6 +2,6 @@
|
|||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "jimjam4real@gmail.com";
|
||||
defaults.email = "jimbo@${config.domains.p2}";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,19 +4,19 @@
|
|||
enable = config.system.server.enable;
|
||||
protocol = "cloudflare";
|
||||
usev4 = "web, web=https://ipinfo.io/ip";
|
||||
zone = "${config.domains.p1}";
|
||||
zone = "${config.domains.p2}";
|
||||
username = "token";
|
||||
passwordFile = "${pkgs.writeText "cloudflareapikey" config.secrets.flareApiKey}";
|
||||
domains = [
|
||||
"${config.domains.p1}"
|
||||
"*.${config.domains.p1}"
|
||||
"sv.${config.domains.p1}"
|
||||
"git.${config.domains.p1}"
|
||||
"turn.${config.domains.p1}"
|
||||
"dew.${config.domains.p1}"
|
||||
"john.${config.domains.p1}"
|
||||
"beta.${config.domains.p1}"
|
||||
"rogue.${config.domains.p1}"
|
||||
"${config.domains.p2}"
|
||||
"*.${config.domains.p2}"
|
||||
"sv.${config.domains.p2}"
|
||||
"git.${config.domains.p2}"
|
||||
"turn.${config.domains.p2}"
|
||||
"dew.${config.domains.p2}"
|
||||
"john.${config.domains.p2}"
|
||||
"beta.${config.domains.p2}"
|
||||
"rogue.${config.domains.p2}"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
services.nextcloud = {
|
||||
enable = config.system.server.enable;
|
||||
package = pkgs.nextcloud30;
|
||||
hostName = "cloud.${config.domains.p1}";
|
||||
hostName = "cloud.${config.domains.p2}";
|
||||
datadir = "/mnt/nextcloud";
|
||||
https = true;
|
||||
config = {
|
||||
|
@ -14,7 +14,7 @@
|
|||
};
|
||||
settings = {
|
||||
trusted_proxies = [ "127.0.0.1" ];
|
||||
trusted_domains = [ "cloud.${config.domains.p1}" ];
|
||||
trusted_domains = [ "cloud.${config.domains.p2}" ];
|
||||
overwriteprotocol = "https";
|
||||
mail_smtphost = "mx.${config.domains.p1}";
|
||||
mail_domain = "${config.domains.p1}";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, config, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."cloud.${config.domains.p1}" = lib.mkIf config.services.nextcloud.enable {
|
||||
services.nginx.virtualHosts."cloud.${config.domains.p2}" = lib.mkIf config.services.nextcloud.enable {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
mailer = {
|
||||
ENABLED = true;
|
||||
SMTP_ADDR = "mx.${config.domains.p1}";
|
||||
FROM = "Jimbo's Git <noreply@${config.domains.p1}>";
|
||||
FROM = "NixFox Git <noreply@${config.domains.p1}>";
|
||||
USER = "noreply@${config.domains.p1}";
|
||||
PASSWD = config.secrets.noreplyPassword;
|
||||
PROTOCOL = "smtps";
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
services.icecast = {
|
||||
enable = config.system.server.enable;
|
||||
listen.port = 265;
|
||||
hostname = "icecast.${config.domains.p1}";
|
||||
hostname = "radio.${config.domains.p2}";
|
||||
admin = {
|
||||
user = "jimbo";
|
||||
password = "${config.secrets.castAdminPass}";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, config, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."icecast.${config.domains.p1}" = lib.mkIf config.services.icecast.enable {
|
||||
services.nginx.virtualHosts."radio.${config.domains.p2}" = lib.mkIf config.services.icecast.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
{
|
||||
services.roundcube = {
|
||||
enable = config.system.mailserver.enable;
|
||||
hostName = "mail.${config.domains.p1}";
|
||||
hostName = "mail.${config.domains.p2}";
|
||||
extraConfig = ''
|
||||
$config['smtp_server'] = "tls://mx.${config.domains.p1}";
|
||||
$config['smtp_user'] = "%u";
|
||||
|
|
|
@ -9,7 +9,7 @@ in {
|
|||
serverProperties = common.serverProperties // {
|
||||
difficulty = 3;
|
||||
server-port = 30014;
|
||||
motd = "\\u00A7l\\u00A7bJimbo's \\u00A7cRoguecraft \\u00A7bserver.";
|
||||
motd = "\\u00A7l\\u00A7bNixFox \\u00A7cRoguecraft \\u00A7bserver.";
|
||||
require-resource-pack = true;
|
||||
resource-pack = "https://${config.domains.p1}/roguecraftresourcepackredir";
|
||||
resource-pack-sha1 = "b540c0562aba90c3ead2356bb9cb74fcf0db36b3";
|
||||
|
|
|
@ -34,7 +34,7 @@
|
|||
};
|
||||
|
||||
systemd.services.nginx.serviceConfig = {
|
||||
ReadWritePaths = [ "/var/www/Jimbo-Landing-Page/streams/hls/" ];
|
||||
ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./p1
|
||||
./p2
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."${config.domains.p1}" = lib.mkIf config.system.server.enable {
|
||||
services.nginx.virtualHosts."${config.domains.p2}" = lib.mkIf config.system.server.enable {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
root = "/var/www/landing-page";
|
||||
|
@ -10,13 +10,13 @@
|
|||
return 200 '
|
||||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.${config.domains.p1}"
|
||||
"base_url": "https://matrix.${config.domains.p2}"
|
||||
},
|
||||
"m.identity_server": {
|
||||
"base_url": "https://matrix.org"
|
||||
},
|
||||
"org.matrix.msc3575.proxy": {
|
||||
"url": "https://matrix.${config.domains.p1}"
|
||||
"url": "https://matrix.${config.domains.p2}"
|
||||
}
|
||||
}
|
||||
';
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
"/.well-known/matrix/server".extraConfig = ''
|
||||
default_type application/json;
|
||||
return 200 '{ "m.server": "matrix.${config.domains.p1}:443" }';
|
||||
return 200 '{ "m.server": "matrix.${config.domains.p2}:443" }';
|
||||
'';
|
||||
};
|
||||
};
|
|
@ -11,7 +11,7 @@
|
|||
email = {
|
||||
smtp_server = "mx.${config.domains.p1}:587";
|
||||
smtp_login = "noreply@${config.domains.p1}";
|
||||
smtp_from_address = "Jimbo's Lemmy <noreply@${config.domains.p1}>";
|
||||
smtp_from_address = "NixFox Lemmy <noreply@${config.domains.p1}>";
|
||||
smtp_password = config.secrets.noreplyPassword;
|
||||
tls_type = "starttls";
|
||||
};
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."torrent.${config.domains.p1}" = lib.mkIf config.services.transmission.enable {
|
||||
services.nginx.virtualHosts."tor.${config.domains.p2}" = lib.mkIf config.services.transmission.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
services.vaultwarden = {
|
||||
enable = config.system.server.enable;
|
||||
config = {
|
||||
DOMAIN = "https://warden.${config.domains.p1}";
|
||||
DOMAIN = "https://pass.${config.domains.p2}";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
ROCKET_ADDRESS = "127.0.0.1";
|
||||
ROCKET_PORT = 8222;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."warden.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable {
|
||||
services.nginx.virtualHosts."pass.${config.domains.p1}" = lib.mkIf config.services.vaultwarden.enable {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
|
|
Loading…
Reference in a new issue