diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix index 7a46ad1..c846997 100644 --- a/hosts/flame/default.nix +++ b/hosts/flame/default.nix @@ -12,30 +12,48 @@ nixpkgs.lib.nixosSystem { system = "aarch64-linux"; specialArgs = { }; modules = [ - ./hardware-configuration.nix + (removeAttrs globals [ "mail.server" ]) + home-manager.nixosModules.home-manager ../../modules/common ../../modules/nixos - (removeAttrs globals [ "mail.server" ]) - wsl.nixosModules.wsl - home-manager.nixosModules.home-manager { + nixpkgs.overlays = overlays; + + # Hardware server = true; + networking.hostName = "flame"; + + imports = [ (nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/D5CA-237A"; + fsType = "vfat"; + }; + + # Theming gui.enable = false; theme = { colors = (import ../../colorscheme/gruvbox).dark; }; - nixpkgs.overlays = overlays; - wsl.enable = false; - caddy.enable = true; - - # FQDNs for various services - networking.hostName = "flame"; - metricsServer = "metrics.masu.rs"; - vaultwardenServer = "vault.masu.rs"; - giteaServer = "git.masu.rs"; # Disable passwords, only use SSH key publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"; + # Programs and services + caddy.enable = true; + cloudflare.enable = true; # Proxy traffic with Cloudflare + dotfiles.enable = true; # Clone dotfiles + gaming.minecraft-server.enable = true; # Setup Minecraft server + giteaServer = "git.masu.rs"; + metricsServer = "metrics.masu.rs"; + neovim.enable = true; + vaultwardenServer = "vault.masu.rs"; + # Nextcloud backup config backup.s3 = { endpoint = "s3.us-west-002.backblazeb2.com"; @@ -78,17 +96,6 @@ nixpkgs.lib.nixosSystem { # # Grant access to Transmission directories from Jellyfin # users.users.jellyfin.extraGroups = [ "transmission" ]; - # Proxy traffic with Cloudflare - cloudflare.enable = true; - - # Setup Minecraft server - gaming.minecraft-server.enable = true; - - # Clone dotfiles - dotfiles.enable = true; - - neovim.enable = true; - } ]; } diff --git a/hosts/flame/hardware-configuration.nix b/hosts/flame/hardware-configuration.nix deleted file mode 100644 index e8347f5..0000000 --- a/hosts/flame/hardware-configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/D5CA-237A"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/modules/nixos/services/cloudflare-tunnel.nix b/modules/nixos/services/cloudflare-tunnel.nix index 35aed87..19833a4 100644 --- a/modules/nixos/services/cloudflare-tunnel.nix +++ b/modules/nixos/services/cloudflare-tunnel.nix @@ -16,7 +16,7 @@ in { options.cloudflareTunnel.enable = lib.mkEnableOption "Use Cloudflare Tunnel"; - config = lib.mkIf config.cloudflare.enable { + config = lib.mkIf config.cloudflareTunnel.enable { services.cloudflared = { enable = true; diff --git a/modules/nixos/services/gitea.nix b/modules/nixos/services/gitea.nix index 8c5281f..81fbb80 100644 --- a/modules/nixos/services/gitea.nix +++ b/modules/nixos/services/gitea.nix @@ -17,9 +17,6 @@ in { config = lib.mkIf (config.giteaServer != null) { services.gitea = { enable = true; - httpPort = 3001; - httpAddress = "127.0.0.1"; - rootUrl = "https://${config.giteaServer}/"; database.type = "sqlite3"; settings = { repository = { @@ -31,6 +28,9 @@ in { DEFAULT_BRANCH = "main"; }; server = { + HTTP_PORT = 3001; + HTTP_ADDRESS = "127.0.0.1"; + ROOT_URL = "https://${config.giteaServer}/"; SSH_PORT = 22; START_SSH_SERVER = false; # Use sshd instead DISABLE_SSH = false; @@ -59,10 +59,8 @@ in { # Open to groups, allowing for backups systemd.services.gitea.serviceConfig.StateDirectoryMode = lib.mkForce "0770"; - systemd.tmpfiles.rules = [ - "d ${giteaPath}/data 0775 gitea gitea" - "f ${giteaPath}/data/gitea.db 0660 gitea gitea" - ]; + systemd.tmpfiles.rules = + [ "f ${giteaPath}/data/gitea.db 0660 gitea gitea" ]; # Allow litestream and gitea to share a sqlite database users.users.litestream.extraGroups = [ "gitea" ];