update flame, cleanup host config file

2025-11-04 14:03:16 +00:00 · 2023-04-30 21:51:35 +00:00
parent e8f4ee52c3
commit 605824c1a4
4 changed files with 37 additions and 66 deletions
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@@ -12,30 +12,48 @@ nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  specialArgs = { };
  modules = [
-    ./hardware-configuration.nix
+    (removeAttrs globals [ "mail.server" ])
+    home-manager.nixosModules.home-manager
    ../../modules/common
    ../../modules/nixos
-    (removeAttrs globals [ "mail.server" ])
-    wsl.nixosModules.wsl
-    home-manager.nixosModules.home-manager
    {
+      nixpkgs.overlays = overlays;
+
+      # Hardware
      server = true;
+      networking.hostName = "flame";
+
+      imports = [ (nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
+      boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
+
+      fileSystems."/" = {
+        device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
+        fsType = "ext4";
+      };
+
+      fileSystems."/boot" = {
+        device = "/dev/disk/by-uuid/D5CA-237A";
+        fsType = "vfat";
+      };
+
+      # Theming
      gui.enable = false;
      theme = { colors = (import ../../colorscheme/gruvbox).dark; };
-      nixpkgs.overlays = overlays;
-      wsl.enable = false;
-      caddy.enable = true;
-
-      # FQDNs for various services
-      networking.hostName = "flame";
-      metricsServer = "metrics.masu.rs";
-      vaultwardenServer = "vault.masu.rs";
-      giteaServer = "git.masu.rs";

      # Disable passwords, only use SSH key
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";

+      # Programs and services
+      caddy.enable = true;
+      cloudflare.enable = true; # Proxy traffic with Cloudflare
+      dotfiles.enable = true; # Clone dotfiles
+      gaming.minecraft-server.enable = true; # Setup Minecraft server
+      giteaServer = "git.masu.rs";
+      metricsServer = "metrics.masu.rs";
+      neovim.enable = true;
+      vaultwardenServer = "vault.masu.rs";
+
      # Nextcloud backup config
      backup.s3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
@@ -78,17 +96,6 @@ nixpkgs.lib.nixosSystem {
      # # Grant access to Transmission directories from Jellyfin
      # users.users.jellyfin.extraGroups = [ "transmission" ];

-      # Proxy traffic with Cloudflare
-      cloudflare.enable = true;
-
-      # Setup Minecraft server
-      gaming.minecraft-server.enable = true;
-
-      # Clone dotfiles
-      dotfiles.enable = true;
-
-      neovim.enable = true;
-
    }
  ];
 }
--- a/hosts/flame/hardware-configuration.nix
+++ b/hosts/flame/hardware-configuration.nix
@@ -1,34 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ lib, modulesPath, ... }:
-
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/D5CA-237A";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}
--- a/modules/nixos/services/cloudflare-tunnel.nix
+++ b/modules/nixos/services/cloudflare-tunnel.nix
@@ -16,7 +16,7 @@ in {

  options.cloudflareTunnel.enable = lib.mkEnableOption "Use Cloudflare Tunnel";

-  config = lib.mkIf config.cloudflare.enable {
+  config = lib.mkIf config.cloudflareTunnel.enable {

    services.cloudflared = {
      enable = true;
--- a/modules/nixos/services/gitea.nix
+++ b/modules/nixos/services/gitea.nix
@@ -17,9 +17,6 @@ in {
  config = lib.mkIf (config.giteaServer != null) {
    services.gitea = {
      enable = true;
-      httpPort = 3001;
-      httpAddress = "127.0.0.1";
-      rootUrl = "https://${config.giteaServer}/";
      database.type = "sqlite3";
      settings = {
        repository = {
@@ -31,6 +28,9 @@ in {
          DEFAULT_BRANCH = "main";
        };
        server = {
+          HTTP_PORT = 3001;
+          HTTP_ADDRESS = "127.0.0.1";
+          ROOT_URL = "https://${config.giteaServer}/";
          SSH_PORT = 22;
          START_SSH_SERVER = false; # Use sshd instead
          DISABLE_SSH = false;
@@ -59,10 +59,8 @@ in {
    # Open to groups, allowing for backups
    systemd.services.gitea.serviceConfig.StateDirectoryMode =
      lib.mkForce "0770";
-    systemd.tmpfiles.rules = [
-      "d ${giteaPath}/data 0775 gitea gitea"
-      "f ${giteaPath}/data/gitea.db 0660 gitea gitea"
-    ];
+    systemd.tmpfiles.rules =
+      [ "f ${giteaPath}/data/gitea.db 0660 gitea gitea" ];

    # Allow litestream and gitea to share a sqlite database
    users.users.litestream.extraGroups = [ "gitea" ];