diff --git a/flake.nix b/flake.nix index f8c151e..389eca4 100755 --- a/flake.nix +++ b/flake.nix @@ -1,5 +1,5 @@ { - description = "Nettika's NixOS Configs"; + description = "NixOS Configurations"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; diff --git a/hosts/apogee/default.nix b/hosts/apogee/default.nix new file mode 100644 index 0000000..f4f1c0b --- /dev/null +++ b/hosts/apogee/default.nix @@ -0,0 +1,9 @@ +{ ... }: { + imports = [ ./matrix.nix ./gandicloud.nix ]; + + networking.hostName = "apogee"; + + services.postgresql.enable = true; + + promptSymbol = "🔭"; +} diff --git a/hosts/apogee/gandicloud.nix b/hosts/apogee/gandicloud.nix new file mode 100644 index 0000000..8df6e08 --- /dev/null +++ b/hosts/apogee/gandicloud.nix @@ -0,0 +1,46 @@ +# This is the configuration required to run NixOS on GandiCloud. +{ lib, modulesPath, ... }: { + imports = [ (modulesPath + "/virtualisation/openstack-config.nix") ]; + config = { + boot.initrd.kernelModules = [ + "xen-blkfront" + "xen-tpmfront" + "xen-kbdfront" + "xen-fbfront" + "xen-netfront" + "xen-pcifront" + "xen-scsifront" + ]; + + # Show debug kernel message on boot then reduce loglevel once booted + boot.consoleLogLevel = 7; + boot.kernel.sysctl."kernel.printk" = "4 4 1 7"; + + # For "openstack console log show" + boot.kernelParams = [ "console=ttyS0" ]; + systemd.services."serial-getty@ttyS0" = { + enable = true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Restart = "always"; + }; + + # The device exposed by Xen + boot.loader.grub.device = lib.mkForce "/dev/xvda"; + + # This is to get a prompt via the "openstack console url show" command + systemd.services."getty@tty1" = { + enable = lib.mkForce true; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Restart = "always"; + }; + + # This is required to get an IPv6 address on our infrastructure + networking.tempAddresses = "disabled"; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + system.stateVersion = "24.11"; + }; +} diff --git a/hosts/apogee/matrix.nix b/hosts/apogee/matrix.nix new file mode 100644 index 0000000..76d329c --- /dev/null +++ b/hosts/apogee/matrix.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let domain = "leaf.ninja"; +in { + age.secrets.synapse-secrets-config.file = + ./secrets/synapse-secrets-config.age; + + services.matrix-synapse = { + enable = true; + extraConfigFiles = [ config.age.secrets.synapse-secrets-config.path ]; + settings = { + server_name = domain; + database_type = "psycopg2"; + database_args.database = "matrix-synapse"; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 8448 # Matrix federation + ]; + + services.caddy = { + enable = true; + virtualHosts."matrix.${domain}".extraConfig = '' + reverse_proxy /_matrix/* localhost:8008 + reverse_proxy /_synapse/client/* localhost:8008 + ''; + }; +} diff --git a/hosts/apogee/secrets/synapse-secrets-config.age b/hosts/apogee/secrets/synapse-secrets-config.age new file mode 100644 index 0000000..5c762df --- /dev/null +++ b/hosts/apogee/secrets/synapse-secrets-config.age @@ -0,0 +1,6 @@ +age-encryption.org/v1 +-> ssh-ed25519 f+PJrQ 2Gd75cRZviUH5xYRTC+6oKAT5/FfpY2zfMJVYwVlcCs +eA4B5qHSoPujIgcpBl4UOT8ovvdiTUb16Yk/lHNJJKo +--- 58bdTWl7z2skdVACACl/aAt76ciYkJOjnvDyendgKpQ +Qv=VU&Ld<#h~y"kv1Iz?»UH +rYImlh&PqK>s;ɅuX7z-(Ȭ \ No newline at end of file diff --git a/hosts/astral/default.nix b/hosts/astral/default.nix index c600557..9bd5a71 100644 --- a/hosts/astral/default.nix +++ b/hosts/astral/default.nix @@ -1,14 +1,8 @@ -{ modulesPath, nixosModules, agenix, lib, pkgs, ... }: { +{ nixosModules, modulesPath, lib, pkgs, ... }: { imports = [ "${modulesPath}/virtualisation/amazon-image.nix" - nixosModules.nano nixosModules.nettika nixosModules.promptmoji - agenix.nixosModules.default - ./forgejo.nix - ./links.nix - ./radicale.nix - ./vaultwarden.nix ]; boot.loader.grub.device = lib.mkForce "/dev/nvme0n1"; @@ -19,28 +13,23 @@ dates = "weekly"; options = "--delete-older-than 30d"; }; - settings = { - trusted-users = [ "@wheel" ]; - experimental-features = [ "nix-command" "flakes" ]; - }; + settings.trusted-users = [ "@wheel" ]; }; networking = { hostName = "astral"; firewall.allowedTCPPorts = [ 80 443 ]; + networkmanager.enable = true; }; users.defaultUserShell = pkgs.fish; security.sudo.wheelNeedsPassword = false; + environment.variables.EDITOR = "nano"; + services.caddy = { enable = true; - package = pkgs.caddy.withPlugins { - plugins = - [ "github.com/abiosoft/caddy-exec@v0.0.0-20240914124740-521d8736cb4d" ]; - hash = "sha256-ef6/x7wjKk0axjX6MfAzTTwPM2FTOTSSyI9zLLrczV0="; - }; virtualHosts = { "astral.leaf.ninja".extraConfig = '' respond "astral is online" @@ -49,13 +38,32 @@ }; }; - services.postgresql.enable = true; - programs.fish.enable = true; + programs.git = { + enable = true; + lfs.enable = true; + config = { + init.defaultBranch = "master"; + user = { + email = "git@nettika.cat"; + name = "Nettika"; + }; + credential.helper = "store"; + }; + }; + + programs.nano = { + enable = true; + nanorc = '' + set autoindent + set linenumbers + ''; + }; + documentation.man.generateCaches = false; - promptSymbol = "👻"; + promptSymbol = "✴️"; time.timeZone = "America/Los_Angeles"; diff --git a/hosts/astral/forgejo.nix b/hosts/astral/forgejo.nix deleted file mode 100644 index 366bf7b..0000000 --- a/hosts/astral/forgejo.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, ... }: -let domain = "git.leaf.ninja"; -in { - services.forgejo = { - enable = true; - database.type = "postgres"; - lfs.enable = true; - settings = { - server = { - DOMAIN = domain; - ROOT_URL = "https://${domain}/"; - HTTP_PORT = 3000; - }; - service.DISABLE_REGISTRATION = true; - mailer = { - ENABLED = true; - SMTP_ADDR = "smtp.migadu.com"; - FROM = "forgejo@leaf.ninja"; - USER = "forgejo@$leaf.ninja"; - }; - webhook.ALLOWED_HOST_LIST = - pkgs.lib.concatStringsSep "," [ "localhost" "::1" ]; - }; - secrets = { - mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path; - }; - }; - - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy localhost:3000 - ''; - - age.secrets.forgejo-mailer-password = { - file = ./secrets/forgejo-mailer-password.age; - mode = "400"; - owner = "forgejo"; - }; -} diff --git a/hosts/astral/links.nix b/hosts/astral/links.nix deleted file mode 100644 index fe836be..0000000 --- a/hosts/astral/links.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ pkgs, lib, ... }: -let - domain = "nettika.leaf.ninja"; - root = "/srv/links"; -in { - services.caddy.virtualHosts = { - ${domain}.extraConfig = '' - root * ${root} - file_server - ''; - "http://localhost:8081".extraConfig = let git = lib.getExe pkgs.git; - in '' - route { - exec { - command ${git} pull --rebase - directory ${root} - } - } - ''; - }; -} diff --git a/hosts/astral/radicale.nix b/hosts/astral/radicale.nix deleted file mode 100644 index 68d3c08..0000000 --- a/hosts/astral/radicale.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -let domain = "radicale.leaf.ninja"; -in { - age.secrets.radicale-htpasswd = { - file = ./secrets/radicale-htpasswd; - mode = "400"; - owner = "radicale"; - }; - - services.radicale = { - enable = true; - settings = { - server.hosts = [ "localhost:5232" ]; - auth = { - type = "htpasswd"; - htpasswd_filename = config.age.secrets.radicale-htpasswd.path; - htpasswd_encryption = "plain"; - }; - }; - }; - - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy localhost:5232 - ''; -} diff --git a/hosts/astral/secrets/forgejo-mailer-password.age b/hosts/astral/secrets/forgejo-mailer-password.age deleted file mode 100644 index 411e34a..0000000 --- a/hosts/astral/secrets/forgejo-mailer-password.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 f+PJrQ 6h8dfxbHOBbyTK6iwzbqVpUUYJtJhg6XMAoRWDhbdT8 -kZSsccA4qkiTS8wNdZphZ9cioiFbXjR4xkVZBi1j0aM --> ssh-ed25519 nz/vnw Q+BuraNFun6RwcLPFcKcjBptgpZdddI+hQP2UVKFJmA -WJNvdIDTDBXbaXYw7gom7YQTTNrxlsP1EvTDNN5G9+0 ---- a6gvFS7YixX30i1Jm04vrwzq3Xh9iXufdnZMnPPI+Mw -ԇ]h6+2xD UZeAzDkL;I /'4nLT<4}i _݋ \ No newline at end of file diff --git a/hosts/astral/secrets/radicale-htpasswd b/hosts/astral/secrets/radicale-htpasswd deleted file mode 100644 index 36c140f..0000000 --- a/hosts/astral/secrets/radicale-htpasswd +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 f+PJrQ pKqLrqz0R7kAzNQZ3ChRsoWa63JEN2H2KHtGguF5nSc -6Mk1qDWKx26jPdEzaVMh0vgUeVWjAGcmIPpvSU8BFNE --> ssh-ed25519 nz/vnw 0PuVNQ97Qa6iCk4pPf34lgS1aPb4CeDB4Qclk5F24T4 -OwJOYMTlTY9+Pj/BwG09z4q2/QViii710Kh3xPU5FRA ---- mSdutlC3gFq8lDjeOGqi361i+DUI1Yg6Bpl7hCfznJA -tQ/rNeKeѥ~ן{_o -y_ܭ}ûP*W5F.ECZ#; -liԧ*]yT \ No newline at end of file diff --git a/hosts/astral/secrets/vaultwarden-env.age b/hosts/astral/secrets/vaultwarden-env.age deleted file mode 100644 index 83accd1..0000000 Binary files a/hosts/astral/secrets/vaultwarden-env.age and /dev/null differ diff --git a/hosts/astral/vaultwarden.nix b/hosts/astral/vaultwarden.nix deleted file mode 100644 index 1041d65..0000000 --- a/hosts/astral/vaultwarden.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -let domain = "vault.leaf.ninja"; -in { - services.vaultwarden = { - enable = true; - config = { - domain = "https://${domain}"; - signupsAllowed = false; - rocketAddress = "0.0.0.0"; - rocketPort = 8222; - smtpHost = "smtp.migadu.com"; - smtpFrom = "vaultwarden@leaf.ninja"; - smtpPort = 587; - smtpSecurity = "starttls"; - smtpUsername = "vaultwarden@leaf.ninja"; - }; - environmentFile = config.age.secrets.vaultwarden-env.path; - }; - - services.caddy.virtualHosts.${domain}.extraConfig = '' - reverse_proxy localhost:8222 - ''; - - age.secrets.vaultwarden-env.file = ./secrets/vaultwarden-env.age; -} diff --git a/hosts/default.nix b/hosts/default.nix index 1b52d15..3795651 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,24 +1,17 @@ -{ self, nixpkgs, phps, agenix }: -let - baseSpecialArgs = { - inherit (self) nixosModules; - inherit agenix; - }; - nixosSystem = args: - nixpkgs.lib.nixosSystem - (nixpkgs.lib.recursiveUpdate args { specialArgs = baseSpecialArgs; }); +{ self, nixpkgs, phps, agenix, ... }: +let inherit (nixpkgs.lib) nixosSystem; in { marauder = nixosSystem { system = "x86_64-linux"; modules = [ ./marauder ]; - specialArgs = { inherit phps; }; + specialArgs = { + inherit (self) nixosModules; + inherit phps agenix; + }; }; astral = nixosSystem { system = "x86_64-linux"; modules = [ ./astral ]; - }; - quasar = nixosSystem { - system = "x86_64-linux"; - modules = [ ./quasar ]; + specialArgs = { inherit (self) nixosModules; }; }; } diff --git a/hosts/marauder/default.nix b/hosts/marauder/default.nix index ab09178..712e12d 100755 --- a/hosts/marauder/default.nix +++ b/hosts/marauder/default.nix @@ -11,7 +11,6 @@ let in { imports = [ ./backup.nix - nixosModules.nano nixosModules.nettika nixosModules.promptmoji agenix.nixosModules.default @@ -31,6 +30,8 @@ in { nixpkgs.config.allowUnfree = true; + environment.variables.EDITOR = "nano"; + documentation.man.generateCaches = false; environment.variables = { @@ -76,7 +77,6 @@ in { }; kernelModules = [ "kvm-amd" ]; kernelParams = [ "amd_pstate=active" ]; - binfmt.emulatedSystems = [ "aarch64-linux" ]; }; hardware = { @@ -103,74 +103,69 @@ in { environment.systemPackages = with pkgs; [ # Chat clients discord - cinny-desktop - signal-desktop slack + element-desktop telegram-desktop + signal-desktop # Browsers - filezilla firefox + filezilla # Creative - bambu-studio - blender - gimp inkscape + gimp krita openscad-unstable + bambu-studio orca-slicer - plasticity # Multimedia - ffcheck - ffmpeg vlc + ffmpeg + ffcheck + aonsoku - # Editors - abiword - obsidian + # Code Editors vscode + arduino-ide # Dev Tools - fossil - just - kondo nixd nixfmt-classic nixpkgs-fmt pyenv rustup + electron + uv + ruff + fossil + just + dioxus-cli # Languages + gcc kotlin nodejs php # Command line - agenix.packages.x86_64-linux.default - backblaze-b2 - dig htop jq - unzip - zip - - # Network - mullvad-vpn - qbittorrent - - # Utility Apps - baobab - gparted - system-config-printer + backblaze-b2 # Misc - gcc + obsidian intiface-central + prismlauncher + blender + mullvad-vpn + qbittorrent + system-config-printer openssl pkg-config - prismlauncher + agenix.packages.x86_64-linux.default + abiword ]; programs.git = { @@ -178,15 +173,22 @@ in { lfs.enable = true; config = { init.defaultBranch = "master"; - push.autoSetupRemote = true; user = { - name = "Nettika"; email = "git@nettika.cat"; + name = "Nettika"; }; credential.helper = "store"; }; }; + programs.nano = { + enable = true; + nanorc = '' + set autoindent + set linenumbers + ''; + }; + programs.steam = { enable = true; remotePlay.openFirewall = true; @@ -197,7 +199,7 @@ in { programs.ssh.extraConfig = '' Host quasar - HostName quasar.leaf.ninja + HostName consortium.chat IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem Host monolith @@ -206,6 +208,9 @@ in { Host astral HostName astral.leaf.ninja IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem + + Host apogee + HostName 46.226.107.209 ''; services.mysql = { diff --git a/hosts/marauder/secrets/restic-env.age b/hosts/marauder/secrets/restic-env.age index 55e4f77..1d93a5d 100644 --- a/hosts/marauder/secrets/restic-env.age +++ b/hosts/marauder/secrets/restic-env.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 f+PJrQ VJshLBSbF93anR9fOJ3Kwhxh1AOdvsS0hoJ86Bw9oBQ -It8hELrRN+EYt9nv75lVHha+ZDUhCDNQVczDZVlDCBs ---- xzJ/50+WOA+IWRXiAvBbJLUlsgsSztQrzbimng2QdlU -Ϭjҍ8K7$wbԲǰ~]NB]QM+cw -Jo͔Sؚ!NDuOnZnNѵV:kc)|JopSHfu19 \ No newline at end of file +-> ssh-ed25519 f+PJrQ qccE2xAzfBZ3DCRQtQDgwS1UzjlZx44oUrYjcDfMfDk +I2l6xRJsdQLYB2cMo0Kfi6mVyhZsuSPFG574P8pl12Y +--- WoBlo7fqYRkiBYPoLpa3wHB8ZPCVy32a4aL5UswCHJc +LΚ[N<#] B}f%PxKۨkI