thohlt/nixos-config
1
0
Fork 0
mirror of https://github.com/thiloho/nixos-config.git synced 2025-11-22 11:31:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove server files

Browse Source
This commit is contained in:
thiloho
2024-04-25 08:25:23 +02:00
parent 47be5c990b
commit 3812bed347
24 changed files with 21 additions and 493 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
nixos-configurations/laptop/default.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ... }:
{ inputs, ... }:
{
imports = [
@@ -12,13 +12,7 @@
home-manager.users.thiloho = { pkgs, ... }: {
programs.git.signing.key = "BFD8F6A55B1E4F11";
home = {
packages = with pkgs;
[
# ciscoPacketTracer8
];
stateVersion = "23.05";
};
home = { stateVersion = "23.05"; };
};
system.stateVersion = "23.05";
}

29
nixos-configurations/laptop/hardware-configuration.nix
View File

@@ -4,28 +4,26 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/c930419a-6c2f-452a-9e58-c92979ab8f3d";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/c930419a-6c2f-452a-9e58-c92979ab8f3d";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EF76-673F";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EF76-673F";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/5ec2362b-c256-4097-8d48-5460002d0978"; }
];
[{ device = "/dev/disk/by-uuid/5ec2362b-c256-4097-8d48-5460002d0978"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@@ -36,5 +34,6 @@
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
nixos-configurations/pc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, inputs, lib, ... }:
{ inputs, ... }:
{
imports = [

294
nixos-configurations/server/default.nix
View File

@@ -1,294 +0,0 @@
{ inputs, pkgs, config, lib, ... }:
{
imports = [
inputs.agenix.nixosModules.default
./hardware-configuration.nix
../shared.nix
];
nix.settings.trusted-users = [ "thiloho" ];
age.secrets = {
hedgedoc-environment-file.file =
../../secrets/hedgedoc-environment-file.age;
discord-bot-token.file = ../../secrets/discord-bot-token.age;
todos-environment-file.file = ../../secrets/todos-environment-file.age;
"restic/minecraft-environment-file".file =
../../secrets/restic/minecraft-environment-file.age;
"restic/minecraft-repository".file =
../../secrets/restic/minecraft-repository.age;
"restic/minecraft-password".file =
../../secrets/restic/minecraft-password.age;
"restic/hedgedoc-environment-file".file =
../../secrets/restic/hedgedoc-environment-file.age;
"restic/hedgedoc-repository".file =
../../secrets/restic/hedgedoc-repository.age;
"restic/hedgedoc-password".file =
../../secrets/restic/hedgedoc-password.age;
"restic/todos-environment-file".file =
../../secrets/restic/todos-environment-file.age;
"restic/todos-repository".file = ../../secrets/restic/todos-repository.age;
"restic/todos-password".file = ../../secrets/restic/todos-password.age;
"restic/discord-bot-environment-file".file =
../../secrets/restic/discord-bot-environment-file.age;
"restic/discord-bot-repository".file =
../../secrets/restic/discord-bot-repository.age;
"restic/discord-bot-password".file =
../../secrets/restic/discord-bot-password.age;
};
environment.systemPackages = with pkgs; [ nodejs_20 ];
networking = {
hostName = "server";
firewall = {
allowedTCPPorts = [ 80 443 25565 3232 ];
allowedUDPPorts = [ 80 443 25565 3232 ];
};
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
minecraft-server = {
enable = true;
eula = true;
declarative = true;
openFirewall = true;
whitelist = {
thilo_ho = "4e4d744d-7748-46bc-add8-b3e8ca3b4cf5";
Liaxswan = "ccbf3468-a6b4-4d7b-9837-5a2451deca79";
};
serverProperties = {
difficulty = 3;
max-players = 10;
motd = "Thilo's SMP";
white-list = true;
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"thilohohlt.com" = {
enableACME = true;
forceSSL = true;
root = inputs.website;
};
"aurora.thilohohlt.com" = {
enableACME = true;
forceSSL = true;
root = inputs.aurora-blog-template.packages.${pkgs.system}.default;
};
"collab.thilohohlt.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:3300";
locations."/socket.io/" = {
proxyPass = "http://localhost:3300";
proxyWebsockets = true;
extraConfig = "proxy_ssl_server_name on;";
};
};
"todos.thilohohlt.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:5173";
};
"git.thilohohlt.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:3001";
};
};
};
hedgedoc = {
enable = true;
settings = {
port = 3300;
domain = "collab.thilohohlt.com";
db = {
dialect = "postgres";
host = "/run/postgresql";
database = "hedgedoc";
};
protocolUseSSL = true;
allowAnonymous = false;
allowEmailRegister = false;
email = false;
};
environmentFile = config.age.secrets.hedgedoc-environment-file.path;
};
gitea = {
enable = true;
appName = "Gitea instance of Thilo";
database = {
type = "postgres";
host = "/run/postgresql";
};
settings.service.DISABLE_REGISTRATION = true;
settings.server = {
DOMAIN = "thilohohlt.com";
ROOT_URL = "https://git.thilohohlt.com";
HTTP_PORT = 3001;
};
};
invidious = {
enable = true;
port = 3232;
domain = "invidious.thilohohlt.com";
nginx.enable = true;
settings = {
db.user = "invidious";
registration_enabled = false;
};
};
postgresql = {
enable = true;
package = pkgs.postgresql_15;
ensureDatabases = [ "dcbot" "hedgedoc" "todos" "gitea" ];
ensureUsers = [
{
name = "hedgedoc";
ensureDBOwnership = true;
}
{
name = "gitea";
ensureDBOwnership = true;
}
];
authentication = lib.mkForce ''
#type database DBuser auth-method
local all all trust
'';
};
restic.backups = {
minecraft-backup = {
initialize = true;
environmentFile =
config.age.secrets."restic/minecraft-environment-file".path;
repositoryFile = config.age.secrets."restic/minecraft-repository".path;
passwordFile = config.age.secrets."restic/minecraft-password".path;
paths = [ "/var/lib/minecraft/world" ];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
};
hedgedoc-database-backup = {
initialize = true;
environmentFile =
config.age.secrets."restic/hedgedoc-environment-file".path;
repositoryFile = config.age.secrets."restic/hedgedoc-repository".path;
passwordFile = config.age.secrets."restic/hedgedoc-password".path;
paths =
[ "/var/lib/hedgedoc/uploads" "/var/lib/hedgedoc/hedgedoc.dump" ];
backupPrepareCommand = ''
${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc hedgedoc > /var/lib/hedgedoc/hedgedoc.dump
'';
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
};
todos-database-backup = {
initialize = true;
environmentFile =
config.age.secrets."restic/todos-environment-file".path;
repositoryFile = config.age.secrets."restic/todos-repository".path;
passwordFile = config.age.secrets."restic/todos-password".path;
paths = [ "/var/lib/todos.dump" ];
backupPrepareCommand = ''
${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc todos > /var/lib/todos.dump
'';
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
};
discord-bot-database-backup = {
initialize = true;
environmentFile =
config.age.secrets."restic/discord-bot-environment-file".path;
repositoryFile =
config.age.secrets."restic/discord-bot-repository".path;
passwordFile = config.age.secrets."restic/discord-bot-password".path;
paths = [ "/var/lib/dcbot.dump" ];
backupPrepareCommand = ''
${config.services.postgresql.package}/bin/pg_dump -U postgres -Fc dcbot > /var/lib/dcbot.dump
'';
pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ];
};
};
};
security = {
acme = {
acceptTerms = true;
defaults.email = "thilo.hohlt@tutanota.com";
};
};
systemd.services = {
todoapp = {
description = "Todo application to plan your daily tasks effectively";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Environment =
"PORT=5173 DOTENV_CONFIG_PATH=${config.age.secrets.todos-environment-file.path}";
ExecStart = "${pkgs.nodejs_20}/bin/node -r dotenv/config .";
WorkingDirectory = inputs.todos.packages.${pkgs.system}.default;
Restart = "always";
};
};
todoapp-check-due-dates = {
description =
"Set is_overdue for todo in database to true if todo is overdue";
wantedBy = [ "timers.target" ];
path = [ pkgs.postgresql_15 ];
script = ''
psql -d todos -c "UPDATE user_todo SET is_overdue = true WHERE DATE_TRUNC('day', NOW() AT TIME ZONE 'CET') > due_date AND is_completed = false AND is_overdue = false"
'';
serviceConfig = { User = "postgres"; };
partOf = [ "todoapp.service" ];
startAt = "daily";
};
denbot = {
description = "Thilo's Den discord bot";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStartPre = [
"${pkgs.nodejs_20}/bin/node dbInit.js"
"${pkgs.nodejs_20}/bin/node deploy-commands.js --token=${config.age.secrets.discord-bot-token.path} --clientId=1142441791459704912"
];
ExecStart =
"${pkgs.nodejs_20}/bin/node index.js --token=${config.age.secrets.discord-bot-token.path}";
WorkingDirectory = inputs.denbot.packages.${pkgs.system}.default;
Restart = "always";
};
};
};
users.users.thiloho.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkvr+vT7Ik0fjquxb9xQBfVVWJPgrfC+vJZsyG2V+/G thiloho@pc"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5jOELdhQ85uKV8l2QkbLhjdPr142p1AmPzpawaJ7ws thiloho@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2jCxyYIisj7/tFdFewdCvxMHk3fNDkL8cFjowub7wV thiloho@pixelphone"
];
home-manager.users.thiloho = { pkgs, lib, ... }: {
home = { stateVersion = "23.05"; };
};
system.stateVersion = "23.05";
}

36
nixos-configurations/server/hardware-configuration.nix
View File

@@ -1,36 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules =
[ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/950d0289-1ae9-4c4b-8792-3f369e2d0f05";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/08B5-9946";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/d3ecc375-0371-4391-ad48-b79168737ec7"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

5
nixos-configurations/shared-desktop.nix
View File

@@ -55,8 +55,9 @@
programs = {
firefox = {
enable = true;
package =
pkgs.firefox-devedition.override { cfg = { speechSynthesisSupport = true; }; };
package = pkgs.firefox-devedition.override {
cfg = { speechSynthesisSupport = true; };
};
};
chromium = {
enable = true;

6
nixos-configurations/shared.nix
View File

@@ -1,4 +1,4 @@
{ inputs, pkgs, ... }:
{ pkgs, ... }:
{
boot = {
@@ -30,11 +30,8 @@
enable = true;
shellAliases = {
rbs = "sudo nixos-rebuild switch --flake .";
off = "sudo systemctl poweroff";
cleanup =
"nix store optimise && nix-collect-garbage -d && sudo nix store optimise && sudo nix-collect-garbage -d";
listboots =
"nix profile history --profile /nix/var/nix/profiles/system";
};
};
helix = {
@@ -43,6 +40,5 @@
settings.theme = "ayu_dark";
};
};
home.packages = [ inputs.agenix.packages."x86_64-linux".default ];
};
}