noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-11-22 19:15:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

update flame, cleanup host config file

Browse Source
This commit is contained in:
Noah Masur 2023-04-30 21:51:35 +00:00
parent e8f4ee52c3
commit 605824c1a4
4 changed files with 37 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
hosts/flame/default.nix
View File

@ -12,30 +12,48 @@ nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = { }; specialArgs = { };
modules = [ modules = [
./hardware-configuration.nix (removeAttrs globals [ "mail.server" ])
home-manager.nixosModules.home-manager
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
(removeAttrs globals [ "mail.server" ])
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
{ {
nixpkgs.overlays = overlays;
# Hardware
server = true; server = true;
networking.hostName = "flame";
imports = [ (nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Theming
gui.enable = false; gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; }; theme = { colors = (import ../../colorscheme/gruvbox).dark; };
nixpkgs.overlays = overlays;
wsl.enable = false;
caddy.enable = true;
# FQDNs for various services
networking.hostName = "flame";
metricsServer = "metrics.masu.rs";
vaultwardenServer = "vault.masu.rs";
giteaServer = "git.masu.rs";
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# Programs and services
caddy.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
gaming.minecraft-server.enable = true; # Setup Minecraft server
giteaServer = "git.masu.rs";
metricsServer = "metrics.masu.rs";
neovim.enable = true;
vaultwardenServer = "vault.masu.rs";
# Nextcloud backup config # Nextcloud backup config
backup.s3 = { backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
@ -78,17 +96,6 @@ nixpkgs.lib.nixosSystem {
# # Grant access to Transmission directories from Jellyfin # # Grant access to Transmission directories from Jellyfin
# users.users.jellyfin.extraGroups = [ "transmission" ]; # users.users.jellyfin.extraGroups = [ "transmission" ];
# Proxy traffic with Cloudflare
cloudflare.enable = true;
# Setup Minecraft server
gaming.minecraft-server.enable = true;
# Clone dotfiles
dotfiles.enable = true;
neovim.enable = true;
} }
]; ];
} }

34
hosts/flame/hardware-configuration.nix
View File

@ -1,34 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

2
modules/nixos/services/cloudflare-tunnel.nix
View File

@ -16,7 +16,7 @@ in {
options.cloudflareTunnel.enable = lib.mkEnableOption "Use Cloudflare Tunnel"; options.cloudflareTunnel.enable = lib.mkEnableOption "Use Cloudflare Tunnel";
config = lib.mkIf config.cloudflare.enable { config = lib.mkIf config.cloudflareTunnel.enable {
services.cloudflared = { services.cloudflared = {
enable = true; enable = true;

12
modules/nixos/services/gitea.nix
View File

@ -17,9 +17,6 @@ in {
config = lib.mkIf (config.giteaServer != null) { config = lib.mkIf (config.giteaServer != null) {
services.gitea = { services.gitea = {
enable = true; enable = true;
httpPort = 3001;
httpAddress = "127.0.0.1";
rootUrl = "https://${config.giteaServer}/";
database.type = "sqlite3"; database.type = "sqlite3";
settings = { settings = {
repository = { repository = {
@ -31,6 +28,9 @@ in {
DEFAULT_BRANCH = "main"; DEFAULT_BRANCH = "main";
}; };
server = { server = {
HTTP_PORT = 3001;
HTTP_ADDRESS = "127.0.0.1";
ROOT_URL = "https://${config.giteaServer}/";
SSH_PORT = 22; SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false; DISABLE_SSH = false;
@ -59,10 +59,8 @@ in {
# Open to groups, allowing for backups # Open to groups, allowing for backups
systemd.services.gitea.serviceConfig.StateDirectoryMode = systemd.services.gitea.serviceConfig.StateDirectoryMode =
lib.mkForce "0770"; lib.mkForce "0770";
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules =
"d ${giteaPath}/data 0775 gitea gitea" [ "f ${giteaPath}/data/gitea.db 0660 gitea gitea" ];
"f ${giteaPath}/data/gitea.db 0660 gitea gitea"
];
# Allow litestream and gitea to share a sqlite database # Allow litestream and gitea to share a sqlite database
users.users.litestream.extraGroups = [ "gitea" ]; users.users.litestream.extraGroups = [ "gitea" ];