diff options
Diffstat (limited to 'machines')
-rw-r--r-- | machines/srv1/configuration.nix | 126 | ||||
-rw-r--r-- | machines/srv1/hardware-configuration.nix | 27 |
2 files changed, 153 insertions, 0 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix new file mode 100644 index 0000000..fb3a7ac --- /dev/null +++ b/machines/srv1/configuration.nix @@ -0,0 +1,126 @@ +{ config, pkgs, ... }: +let + nvim = pkgs.neovim.override { + vimAlias = true; + }; +in +{ + imports = + [ + ./hardware-configuration.nix + ]; + + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + networking.hostName = "srv1"; + + time.timeZone = "Europe/Warsaw"; + i18n.defaultLocale = "en_US.UTF-8"; # Less confusing locale than polish one + console.keyMap = "pl"; + + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + system.autoUpgrade = { + enable = true; + allowReboot = true; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.enp4s0.useDHCP = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # }; + + environment.systemPackages = with pkgs; [ + curl wget nvim htop git + ]; + + services.openssh.enable = true; + services.openssh.passwordAuthentication = false; + services.sshguard.enable = true; + + services.nginx.enable = true; + services.nginx.virtualHosts."srv1.niedzwiedzinski.cyou" = { + addSSL = true; + enableACME = true; + root = "/var/www/srv1.niedzwiedzinski.cyou"; + }; + services.nginx.virtualHosts."git.niedzwiedzinski.cyou" = { + locations."/".proxyPass = "http://localhost:8080/cgit/"; + locations."/cgit/".proxyPass = "http://localhost:8080"; + }; + security.acme.certs = { + "srv1.niedzwiedzinski.cyou".email = "pniedzwiedzinski19@gmail.com"; + }; + security.acme.acceptTerms = true; + + networking.firewall.allowedTCPPorts = [ 80 8080 443 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + + services.molly-brown = { + #hostName = "srv1.niedzwiedzinski.cyou"; + #enable = true; + }; + + services.lighttpd = { + enable = true; + port = 8080; + cgit = { + enable = true; + configText = '' + # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.sh + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + cache-size=1000 + root-title=git.niedzwiedzinski.cyou + root-desc=Personal git server, because I can + scan-path=/srv/git/ + virtual-root=/ + + ''; + }; + }; + + users.users.pn = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com" + ]; + }; + + users.users.git = { + isSystemUser = true; + description = "git user"; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com" + ]; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + +} + diff --git a/machines/srv1/hardware-configuration.nix b/machines/srv1/hardware-configuration.nix new file mode 100644 index 0000000..3631a5d --- /dev/null +++ b/machines/srv1/hardware-configuration.nix @@ -0,0 +1,27 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "dme1737" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7daf3fc2-5800-47f8-a4fd-12a7229f727a"; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/swapfile"; size = 2048; + } + ]; + +} |