pupbrained/nix-config
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

add server config

Browse source
This commit is contained in:
Mars 2024-08-03 02:43:51 -04:00
parent 0ac8781c63
commit 3b1d76f533
Signed by: pupbrained
GPG key ID: 91B1F40056A01DDF
7 changed files with 414 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake.in.nix
View file

@ -88,7 +88,8 @@
git
nvfetcher
statix
(writeScriptBin "build" "nix fmt && flake switch")
(writeScriptBin "build" "nix fmt && ${snowfallorg.flake}/bin/flake switch")
(writeScriptBin "up" "nix flake update")
];
};

62
homes/x86_64-linux/marshall@polaris-nix/default.nix Normal file
View file

@ -0,0 +1,62 @@
{
inputs,
pkgs,
...
}:
with pkgs; {
imports = with inputs; [
catppuccin.homeManagerModules.catppuccin
nix-index-database.hmModules.nix-index
];
nixpkgs = {
config.allowUnfree = true;
};
home = {
homeDirectory = "/home/marshall";
username = "marshall";
packages =
[
alejandra
bun
grc
kitty
macchina
wl-clipboard
xclip
zed-editor
]
++ (with inputs; [
nixvim.packages.${pkgs.system}.default
]);
};
programs = {
gpg.enable = true;
skim.enable = true;
tealdeer.enable = true;
atuin = {
enable = true;
settings = {
inline_height = 20;
show_preview = true;
style = "compact";
};
};
git = {
signing.key = "91B1F40056A01DDF";
};
};
services = {
cliphist.enable = true;
};
systemd.user.startServices = "sd-switch";
home.stateVersion = "23.11";
}

7
secrets/mailer_passwd.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 Rnre+g 2qc+9205o7uT68Fo6ZmJWdOC8TkIvfNVFiuEop4crH8
eCywuzUaNYQ6+23DBlnhK7FExAvFWDrjzcOi7sIMDzY
-> ssh-ed25519 TwwU0w fMO1xuxh/nEE2mhscChrxnz7ZKv7LJQgivORxH/QLSk
U4acV2ubZaVtpLceEjW3/J7q3YENNeD55vLsivCA/Pw
--- /4REYNdKs9m2g1OtlLcPDhOJFZs9atAP/fW6UyNeXa8
š0!<21>b(½}ׄ³õ½ÈGË$2…tðÂ!Äwþýr>Ý/þ]oŠÎ'ã<>TvPÁt¿@?Д<C390>Ìf UÁ© íòæÍO½5

2
secrets/secrets.nix
View file

@ -3,4 +3,6 @@ let
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJe8dn/plNp53zGSzHTZjjrQbo94WWMZf7508agyIwQQ agenix";
in {
"passwd.age".publicKeys = [marshall system];
"mailer_passwd.age".publicKeys = [marshall system];
"token.age".publicKeys = [marshall system];
}

BIN
secrets/token.age Normal file
View file

Binary file not shown.

307
systems/x86_64-linux/polaris-nix/default.nix Normal file
View file

@ -0,0 +1,307 @@
{
inputs,
lib,
config,
pkgs,
system,
...
}: {
imports = [./hardware.nix];
nixpkgs.config.allowUnfree = true;
system.stateVersion = "23.11";
time.timeZone = "America/New_York";
age = {
secrets.token.file = ../../../secrets/token.age;
secrets.mailer_passwd.file = ../../../secrets/mailer_passwd.age;
identityPaths = ["/root/.ssh/id_ed25519"];
};
nix = {
nixPath = ["nixpkgs=flake:nixpkgs"];
registry =
(lib.mapAttrs (_: flake: {inherit flake;}))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
settings = {
auto-optimise-store = true;
experimental-features = "nix-command flakes";
warn-dirty = false;
trusted-users = ["marshall"];
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://nyx.chaotic.cx/"
"https://cuda-maintainers.cachix.org"
];
trusted-substituters = [
"cache.nixos.org"
"nix-community.cachix.org"
"nyx.chaotic.cx"
"cuda-maintainers.cachix.org"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
"conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw="
];
};
};
environment = {
localBinInPath = true;
sessionVariables.FLAKE = "/home/marshall/nix-config";
systemPackages = [
pkgs.miniupnpc
inputs.agenix.packages.${system}.default
];
etc =
lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
};
fonts.packages = with pkgs; [
inter
maple-mono-SC-NF
nerdfonts
];
boot = {
kernelPackages = pkgs.linuxPackages_xanmod_latest;
supportedFilesystems = ["ntfs"];
binfmt = {
emulatedSystems = ["aarch64-linux"];
registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff'';
magicOrExtension = ''\x7fELF....AI\x02'';
};
};
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
hardware = {
pulseaudio.enable = false;
bluetooth = {
enable = true;
powerOnBoot = true;
};
opengl = {
enable = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
libGL
libGLU
];
};
};
networking = {
hostName = "polaris-nix";
networkmanager.enable = true;
firewall.enable = false;
};
security = {
pam.services.gdm.enableGnomeKeyring = true;
rtkit.enable = true;
sudo.extraConfig = ''
Defaults lecture = never
'';
};
programs = {
fish.enable = true;
ssh.startAgent = true;
};
services = {
eternal-terminal.enable = true;
tailscale.enable = true;
xe-guest-utilities.enable = true;
forgejo = let
forgejoDomain = "git.pupbrained.xyz";
in {
enable = true;
user = "git";
group = "git";
lfs.enable = true;
secrets.mailer.PASSWD = config.age.secrets.mailer_passwd.path;
settings = {
log.LEVEL = "Debug";
DEFAULT.APP_NAME = "MarGit";
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
database = {
SQLITE_JOURNAL_MODE = "WAL";
LOG_SQL = false;
};
federation.ENABLED = true;
mailer = {
ENABLED = true;
SMTP_ADDR = "email-smtp.us-east-2.amazonaws.com";
FROM = "noreply@git.pupbrained.xyz";
USER = "AKIAVIRH7PRQXI3FCBZ4";
SEND_AS_PLAIN_TEXT = true;
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
ENABLED_ISSUE_BY_LABEL = true;
};
oauth2_client = {
ACCOUNT_LINKING = "login";
USERNAME = "nickname";
ENABLE_AUTO_REGISTRATION = false;
REGISTER_EMAIL_CONFIRM = false;
UPDATE_AVATAR = true;
};
packages.ENABLED = true;
repository = {
DEFAULT_PRIVATE = "private";
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
server = {
HTTP_ADDR = "0.0.0.0";
HTTP_PORT = 6610;
DOMAIN = forgejoDomain;
ROOT_URL = "https://${forgejoDomain}/";
SSH_USER = "git";
SSH_DOMAIN = "ssh.pupbrained.xyz";
};
service = {
DISABLE_REGISTRATION = false;
SHOW_REGISTRATION_BUTTON = true;
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = true;
};
session.COOKIE_SECURE = true;
ui = {
DEFAULT_THEME = "forgejo-auto";
};
"ui.meta".AUTHOR = "MarGit";
};
};
matrix-conduit = {
enable = true;
package = pkgs.conduwuit_git;
settings.global.database_backend = "rocksdb";
settings.global.allow_registration = true;
settings.global.address = "0.0.0.0";
settings.global.server_name = "pupbrained.xyz";
settings.global.registration_token = "blehh";
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
pipewire = {
enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
layout = "us";
xkbVariant = "";
};
};
systemd.services.cloudflared = {
description = "Point traffic to tunnel subdomain";
wantedBy = ["default.target"];
serviceConfig = {
EnvironmentFile = config.age.secrets.token.path;
Type = "oneshot";
ExecStart = "${lib.getExe pkgs.cloudflared} tunnel --no-autoupdate run";
};
};
users.users.marshall = {
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ["wheel" "libvirtd" "kvm"];
};
users.groups.git = {};
users.users.git = {
isSystemUser = true;
useDefaultShell = true;
group = "git";
home = config.services.forgejo.stateDir;
};
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
}

34
systems/x86_64-linux/polaris-nix/hardware.nix Normal file
View file

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{lib, ...}: {
imports = [];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "sr_mod" "xen_blkfront"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/64079eb2-d3e3-47b7-a889-d5b2fee4fa82";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/BC12-6397";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/d36507db-7392-4852-9b2a-12d2a476cd31";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enX0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}