2023-02-11 14:35:38 +00:00
|
|
|
# The Flame
|
2022-10-01 16:21:34 +00:00
|
|
|
# System configuration for an Oracle free server
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2024-01-16 21:30:31 +00:00
|
|
|
# See [readme](../README.md) to explain how this file works.
|
|
|
|
|
2022-10-04 00:45:05 +00:00
|
|
|
# How to install:
|
|
|
|
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
|
2023-08-05 21:14:26 +00:00
|
|
|
# These days, probably use nixos-anywhere instead.
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2024-04-13 13:03:44 +00:00
|
|
|
{
|
|
|
|
inputs,
|
|
|
|
globals,
|
|
|
|
overlays,
|
|
|
|
...
|
|
|
|
}:
|
2023-02-11 14:35:38 +00:00
|
|
|
|
2024-05-14 20:23:59 +00:00
|
|
|
inputs.nixpkgs.lib.nixosSystem rec {
|
2022-10-01 16:21:34 +00:00
|
|
|
system = "aarch64-linux";
|
2024-05-14 20:23:59 +00:00
|
|
|
specialArgs = {
|
2024-08-18 22:23:13 +00:00
|
|
|
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
|
2024-05-14 20:23:59 +00:00
|
|
|
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
|
|
|
|
};
|
2022-07-27 01:11:07 +00:00
|
|
|
modules = [
|
2023-07-04 22:20:43 +00:00
|
|
|
globals
|
2023-07-02 02:22:03 +00:00
|
|
|
inputs.home-manager.nixosModules.home-manager
|
2023-04-30 21:51:35 +00:00
|
|
|
../../modules/common
|
|
|
|
../../modules/nixos
|
2022-07-27 01:11:07 +00:00
|
|
|
{
|
2022-12-06 17:56:29 +00:00
|
|
|
nixpkgs.overlays = overlays;
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2023-04-30 21:51:35 +00:00
|
|
|
# Hardware
|
|
|
|
server = true;
|
2023-02-11 14:35:38 +00:00
|
|
|
networking.hostName = "flame";
|
2023-04-30 21:51:35 +00:00
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# Not sure what's necessary but too afraid to remove anything
|
2023-07-02 02:22:03 +00:00
|
|
|
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
|
2024-04-13 13:03:44 +00:00
|
|
|
boot.initrd.availableKernelModules = [
|
|
|
|
"xhci_pci"
|
|
|
|
"virtio_pci"
|
|
|
|
"usbhid"
|
|
|
|
];
|
2023-04-30 21:51:35 +00:00
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# File systems must be declared in order to boot
|
|
|
|
|
|
|
|
# This is the root filesystem containing NixOS
|
|
|
|
# I forgot to set a clean label for it
|
2023-04-30 21:51:35 +00:00
|
|
|
fileSystems."/" = {
|
|
|
|
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
|
|
|
|
fsType = "ext4";
|
|
|
|
};
|
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# This is the boot filesystem for systemd-boot
|
2023-04-30 21:51:35 +00:00
|
|
|
fileSystems."/boot" = {
|
|
|
|
device = "/dev/disk/by-uuid/D5CA-237A";
|
|
|
|
fsType = "vfat";
|
|
|
|
};
|
|
|
|
|
|
|
|
# Theming
|
2023-08-05 21:14:26 +00:00
|
|
|
|
|
|
|
# Server doesn't require GUI
|
2023-04-30 21:51:35 +00:00
|
|
|
gui.enable = false;
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# Still require colors for programs like Neovim, K9S
|
2024-04-13 13:03:44 +00:00
|
|
|
theme = {
|
|
|
|
colors = (import ../../colorscheme/gruvbox).dark;
|
|
|
|
};
|
2022-10-04 00:45:05 +00:00
|
|
|
|
2023-04-30 21:51:35 +00:00
|
|
|
# Programs and services
|
2024-01-21 14:42:46 +00:00
|
|
|
atuin.enable = true;
|
2023-04-30 21:51:35 +00:00
|
|
|
cloudflare.enable = true; # Proxy traffic with Cloudflare
|
|
|
|
dotfiles.enable = true; # Clone dotfiles
|
|
|
|
neovim.enable = true;
|
2023-08-05 21:14:26 +00:00
|
|
|
giteaRunner.enable = true;
|
2023-07-04 22:20:43 +00:00
|
|
|
services.caddy.enable = true;
|
|
|
|
services.grafana.enable = true;
|
2024-02-25 18:50:00 +00:00
|
|
|
services.thelounge.enable = true;
|
2023-07-13 03:33:35 +00:00
|
|
|
services.openssh.enable = true;
|
2023-07-16 14:43:14 +00:00
|
|
|
services.victoriametrics.enable = true;
|
2023-12-17 02:02:17 +00:00
|
|
|
services.influxdb2.enable = true;
|
2023-07-04 22:20:43 +00:00
|
|
|
services.gitea.enable = true;
|
|
|
|
services.vaultwarden.enable = true;
|
|
|
|
services.minecraft-server.enable = true; # Setup Minecraft server
|
2024-08-19 20:32:57 +00:00
|
|
|
services.n8n.enable = true;
|
2024-08-25 21:04:16 +00:00
|
|
|
services.ntfy-sh.enable = true;
|
2024-09-14 22:13:13 +00:00
|
|
|
services.uptime-kuma.enable = true;
|
2024-06-19 16:58:47 +00:00
|
|
|
system.autoUpgrade.enable = true;
|
2023-04-30 21:51:35 +00:00
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# Allows private remote access over the internet
|
2023-07-03 15:49:21 +00:00
|
|
|
cloudflareTunnel = {
|
|
|
|
enable = true;
|
|
|
|
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
|
|
|
|
credentialsFile = ../../private/cloudflared-flame.age;
|
2024-04-13 13:03:44 +00:00
|
|
|
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
|
2023-07-03 15:49:21 +00:00
|
|
|
};
|
|
|
|
|
2022-10-10 03:13:16 +00:00
|
|
|
# Nextcloud backup config
|
2022-12-21 21:18:03 +00:00
|
|
|
backup.s3 = {
|
2022-10-08 15:52:05 +00:00
|
|
|
endpoint = "s3.us-west-002.backblazeb2.com";
|
|
|
|
bucket = "noahmasur-backup";
|
2022-10-16 03:47:21 +00:00
|
|
|
accessKeyId = "0026b0e73b2e2c80000000005";
|
2022-10-08 15:52:05 +00:00
|
|
|
};
|
|
|
|
|
2023-08-05 21:14:26 +00:00
|
|
|
# Disable passwords, only use SSH key
|
2024-03-24 17:16:20 +00:00
|
|
|
publicKeys = [
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
|
|
|
|
];
|
2023-04-16 20:33:16 +00:00
|
|
|
|
|
|
|
# # Wireguard config for Transmission
|
|
|
|
# wireguard.enable = true;
|
|
|
|
# networking.wireguard.interfaces.wg0 = {
|
|
|
|
#
|
|
|
|
# # The local IPs for this machine within the Wireguard network
|
|
|
|
# # Any inbound traffic bound for these IPs should be kept on localhost
|
|
|
|
# ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
|
|
|
|
#
|
|
|
|
# peers = [{
|
|
|
|
#
|
|
|
|
# # Identity of Wireguard target peer (VPN)
|
|
|
|
# publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
|
|
|
|
#
|
|
|
|
# # The public internet address of the target peer
|
|
|
|
# endpoint = "86.106.143.132:51820";
|
|
|
|
#
|
|
|
|
# # Which outgoing IP ranges should be sent through Wireguard
|
|
|
|
# allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
|
|
|
#
|
|
|
|
# # Send heartbeat signal within the network
|
|
|
|
# persistentKeepalive = 25;
|
|
|
|
#
|
|
|
|
# }];
|
|
|
|
#
|
|
|
|
# };
|
|
|
|
|
|
|
|
# # VPN port forwarding
|
|
|
|
# services.transmission.settings.peer-port = 57599;
|
2022-07-27 01:11:07 +00:00
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|