about summary refs log tree commit diff
path: root/machines
diff options
context:
space:
mode:
Diffstat (limited to 'machines')
-rw-r--r--machines/srv1/configuration.nix126
-rw-r--r--machines/srv1/hardware-configuration.nix27
2 files changed, 153 insertions, 0 deletions
diff --git a/machines/srv1/configuration.nix b/machines/srv1/configuration.nix
new file mode 100644
index 0000000..fb3a7ac
--- /dev/null
+++ b/machines/srv1/configuration.nix
@@ -0,0 +1,126 @@
+{ config, pkgs, ... }:
+let
+  nvim = pkgs.neovim.override {
+    vimAlias = true;
+  };
+in
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  networking.hostName = "srv1";
+
+  time.timeZone = "Europe/Warsaw";
+  i18n.defaultLocale = "en_US.UTF-8"; # Less confusing locale than polish one
+  console.keyMap = "pl";
+
+  nix.gc = {
+    automatic = true;
+    options = "--delete-older-than 30d";
+  };
+  nix.optimise.automatic = true;
+  system.autoUpgrade = {
+    enable = true;
+    allowReboot = true;
+  };
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.enp4s0.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  environment.systemPackages = with pkgs; [
+    curl wget nvim htop git
+  ];
+
+  services.openssh.enable = true;
+  services.openssh.passwordAuthentication = false;
+  services.sshguard.enable = true;
+
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."srv1.niedzwiedzinski.cyou" = {
+      addSSL = true;
+      enableACME = true;
+      root = "/var/www/srv1.niedzwiedzinski.cyou";
+  };
+  services.nginx.virtualHosts."git.niedzwiedzinski.cyou" = {
+    locations."/".proxyPass = "http://localhost:8080/cgit/";
+    locations."/cgit/".proxyPass = "http://localhost:8080";
+  };
+  security.acme.certs = {
+    "srv1.niedzwiedzinski.cyou".email = "pniedzwiedzinski19@gmail.com";
+  };
+  security.acme.acceptTerms = true;
+
+  networking.firewall.allowedTCPPorts = [ 80 8080 443 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+
+  services.molly-brown = {
+    #hostName = "srv1.niedzwiedzinski.cyou";
+    #enable = true;
+  };
+
+  services.lighttpd = {
+    enable = true;
+    port = 8080;
+    cgit = {
+      enable = true;
+      configText = ''
+        # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.sh
+        about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+        cache-size=1000
+	root-title=git.niedzwiedzinski.cyou
+	root-desc=Personal git server, because I can
+        scan-path=/srv/git/
+	virtual-root=/
+
+      '';
+    };
+  };
+
+  users.users.pn = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
+    ];
+  };
+
+  users.users.git = {
+    isSystemUser = true;
+    description = "git user";
+    home = "/srv/git";
+    shell = "${pkgs.git}/bin/git-shell";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqlCe4ovKa/Gwl5xmgu9nvVPmFXMgwdeLRYW7Gg7RWx pniedzwiedzinski19@gmail.com"
+    ];
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.09"; # Did you read the comment?
+
+}
+
diff --git a/machines/srv1/hardware-configuration.nix b/machines/srv1/hardware-configuration.nix
new file mode 100644
index 0000000..3631a5d
--- /dev/null
+++ b/machines/srv1/hardware-configuration.nix
@@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "dme1737" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/7daf3fc2-5800-47f8-a4fd-12a7229f727a";
+      fsType = "ext4";
+    };
+
+  swapDevices = [
+    {
+      device = "/swapfile"; size = 2048;
+    }
+  ];
+
+}