diff --git a/features/client/home-manager/home.nix b/features/client/home-manager/home.nix deleted file mode 100644 index ef691e7..0000000 --- a/features/client/home-manager/home.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, pkgs, ... }: - -{ - # Home Manager needs a bit of information about you and the paths it should - # manage. - home.username = "katz"; - home.homeDirectory = "/home/katz"; - - # This value determines the Home Manager release that your configuration is - # compatible with. This helps avoid breakage when a new Home Manager release - # introduces backwards incompatible changes. - # - # You should not change this value, even if you update Home Manager. If you do - # want to update the value, then make sure to first check the Home Manager - # release notes. - home.stateVersion = "24.05"; # Please read the comment before changing. - - # The home.packages option allows you to install Nix packages into your - # environment. - home.packages = [ - # # Adds the 'hello' command to your environment. It prints a friendly - # # "Hello, world!" when run. - # pkgs.hello - pkgs.neovim - pkgs.openarena - pkgs.xonotic - pkgs.jellyfin-mpv-shim - pkgs.bitwarden-cli - pkgs.moonlight-qt - # # It is sometimes useful to fine-tune packages, for example, by applying - # # overrides. You can do that directly here, just don't forget the - # # parentheses. Maybe you want to install Nerd Fonts with a limited number of - # # fonts? - # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; }) - - # # You can also create simple shell scripts directly inside your - # # configuration. For example, this adds a command 'my-hello' to your - # # environment: - # (pkgs.writeShellScriptBin "my-hello" '' - # echo "Hello, ${config.home.username}!" - # '') - ]; - - # Home Manager is pretty good at managing dotfiles. The primary way to manage - # plain files is through 'home.file'. - home.file = { - # # Building this configuration will create a copy of 'dotfiles/screenrc' in - # # the Nix store. Activating the configuration will then make '~/.screenrc' a - # # symlink to the Nix store copy. - # ".screenrc".source = dotfiles/screenrc; - - # # You can also set the file content immediately. - # ".gradle/gradle.properties".text = '' - # org.gradle.console=verbose - # org.gradle.daemon.idletimeout=3600000 - # ''; - }; - - # Home Manager can also manage your environment variables through - # 'home.sessionVariables'. These will be explicitly sourced when using a - # shell provided by Home Manager. If you don't want to manage your shell - # through Home Manager then you have to manually source 'hm-session-vars.sh' - # located at either - # - # ~/.nix-profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh - # - # or - # - # /etc/profiles/per-user/katz/etc/profile.d/hm-session-vars.sh - # - home.sessionVariables = { - EDITOR = "nvim"; - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; -} diff --git a/features/client/vesktop.nix b/features/client/vesktop.nix deleted file mode 100644 index f56c4cd..0000000 --- a/features/client/vesktop.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - - } diff --git a/flake.nix b/flake.nix index e86b430..b8e9691 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,10 @@ flake = false; }; + miovim = { + url = "https://git.hypervirtual.world/harry123/miovim"; + }; + nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; @@ -25,13 +29,8 @@ nix-darwin.url = "github:LnL7/nix-darwin"; nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=v0.4.1"; neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; - nixvim = { - url = "github:nix-community/nixvim"; - inputs.nixpkgs.follows = "nixpkgs"; - }; walker.url = "github:abenz1267/walker"; }; @@ -48,6 +47,7 @@ nix-flatpak, home-manager, nixvim, + miovim, ... }@inputs: let @@ -153,6 +153,18 @@ ]; format = "proxmox"; }; + + diva = nixos-generators.nixosGenerate { + system = "x86_64-linux"; + specialArgs = { + diskSize = 20 * 1024; + inherit specialArgs; + }; + modules = [ + ./hosts/diva/configuration.nix + ]; + format = "proxmox"; + }; }; darwinConfigurations."iMac-de-Eddie" = nix-darwin.lib.darwinSystem { diff --git a/hosts/diva/configuration.nix b/hosts/diva/configuration.nix new file mode 100644 index 0000000..4d1235d --- /dev/null +++ b/hosts/diva/configuration.nix @@ -0,0 +1,25 @@ +{ inputs, ... }: +{ + imports = [ ./features ]; + networking.hostName = "diva"; # Define your hostname. + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # ssl + ]; + }; + + # reducing disk usage + boot.loader.systemd-boot.configurationLimit = 10; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; + + nix.settings.auto-optimise-store = true; + services.caddy.enable = true; +} diff --git a/hosts/diva/features/backups.nix b/hosts/diva/features/backups.nix new file mode 100644 index 0000000..101c0e6 --- /dev/null +++ b/hosts/diva/features/backups.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + services.borgmatic.enable = true; +} diff --git a/hosts/diva/features/default.nix b/hosts/diva/features/default.nix new file mode 100644 index 0000000..398d8f8 --- /dev/null +++ b/hosts/diva/features/default.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + imports = [ + ./backups.nix + ./fail2ban.nix + ./nextcloud.nix + ./uptime-kuma.nix + ]; +} diff --git a/hosts/diva/features/fail2ban.nix b/hosts/diva/features/fail2ban.nix new file mode 100644 index 0000000..367633f --- /dev/null +++ b/hosts/diva/features/fail2ban.nix @@ -0,0 +1,4 @@ +{ config, ... }: +{ + +} diff --git a/hosts/diva/features/nextcloud.nix b/hosts/diva/features/nextcloud.nix new file mode 100644 index 0000000..a37407f --- /dev/null +++ b/hosts/diva/features/nextcloud.nix @@ -0,0 +1,78 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + imports = [ + "${ + fetchTarball { + url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz"; + sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs"; + } + }/nextcloud-extras.nix" + ./nextcloud-network.nix + ]; # adding caddy support + + sops.secrets.adminNextcloudPass = { + owner = "nextcloud"; + }; + + services.nextcloud = { + enable = true; + hostName = "cloud.hypervirtual.world"; + database.createLocally = true; + webserver = "caddy"; + configureRedis = true; + package = pkgs.nextcloud30; + config = { + dbtype = "pgsql"; + adminpassFile = config.sops.secrets.adminNextcloudPass.path; + }; + + settings = { + enabledPreviewProviders = [ + "OC\\Preview\\BMP" + "OC\\Preview\\GIF" + "OC\\Preview\\JPEG" + "OC\\Preview\\Krita" + "OC\\Preview\\MarkDown" + "OC\\Preview\\MP3" + "OC\\Preview\\OpenDocument" + "OC\\Preview\\PNG" + "OC\\Preview\\TXT" + "OC\\Preview\\XBitmap" + "OC\\Preview\\HEIC" + ]; + + trustedDomains = [ "cloud.hypervirtual.world" ]; + overwriteprotocol = "https"; + log_type = "file"; # temporary fix for https://nixos.org/manual/nixos/stable/#module-services-nextcloud-warning-logreader + default_phone_region = "FR"; + default_locale = "fr_FR"; + default_language = "fr"; + default_timezone = "Europe/Paris"; + "memories.exiftool" = "${lib.getExe pkgs.exiftool}"; + }; + + phpExtraExtensions = all: [ + all.pdlib + all.redis + all.bz2 + ]; + + phpOptions."opcache.interned_strings_buffer" = "23"; + appstoreEnable = true; # why i would want appstore to be disabled ??? + autoUpdateApps.enable = true; + cli.memoryLimit = "4G"; + }; + + environment.systemPackages = + let + php = pkgs.php.buildEnv { extraConfig = "memory_limit = 4G"; }; + in + [ + php + ]; +} diff --git a/hosts/diva/features/uptime-kuma.nix b/hosts/diva/features/uptime-kuma.nix new file mode 100644 index 0000000..c3726d6 --- /dev/null +++ b/hosts/diva/features/uptime-kuma.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + services.uptime-kuma = { + enable = true; + settings = { + PORT = "4000"; + }; + }; + + services.caddy.virtualHosts."http://status.hypervirtual.world".extraConfig = '' + reverse_proxy :4000 + ''; + + services.caddy.virtualHosts."http://uptime.sisyphe.normandy.hypervirtual.world".extraConfig = '' + reverse_proxy :4000 + ''; +} diff --git a/hosts/sisyphe/configuration.nix b/hosts/sisyphe/configuration.nix index 977b5eb..20deb33 100644 --- a/hosts/sisyphe/configuration.nix +++ b/hosts/sisyphe/configuration.nix @@ -5,7 +5,7 @@ secrets, ... }: -let +let ip = "192.168.1.177"; gateway = "192.168.1.1"; username = "homelab"; @@ -13,8 +13,8 @@ in { imports = [ ./hardware-configuration.nix - ./features/default.nix - ../../features/shared/ssh.nix + ./features + ../shared ]; # Use the GRUB 2 boot loader. @@ -25,23 +25,6 @@ in services.qemuGuest.enable = true; networking.hostName = "sisyphe"; # Define your hostname. - # Set your time zone. - time.timeZone = lib.mkDefault "Europe/Paris"; - - i18n.defaultLocale = "fr_FR.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "fr"; - }; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = true; - users.users.homelab = { isNormalUser = true; extraGroups = [ @@ -68,11 +51,8 @@ in environment.systemPackages = with pkgs; [ git neovim - curl ]; - environment.variables.EDITOR = "nvim"; - # setting up networking!! networking = { interfaces = { @@ -125,15 +105,6 @@ in sops.age.generateKey = true; sops.defaultSopsFile = "${secrets}/secrets/secrets.yaml"; - # reducing disk usage - boot.loader.systemd-boot.configurationLimit = 10; - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 1w"; - }; - nix.settings.auto-optimise-store = true; - # sonarr needs some EoL packages to be build nixpkgs.config.permittedInsecurePackages = [ "aspnetcore-runtime-6.0.36" @@ -143,10 +114,11 @@ in ]; # seems like sabnzbd needs some unfree pkgs... - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "unrar" - ]; - + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "unrar" + ]; # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. @@ -166,5 +138,4 @@ in # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "24.05"; # Did you read the comment? - } diff --git a/hosts/sisyphe/features/default.nix b/hosts/sisyphe/features/default.nix index 0b54b2e..15a63fb 100644 --- a/hosts/sisyphe/features/default.nix +++ b/hosts/sisyphe/features/default.nix @@ -1,10 +1,10 @@ { config, pkgs, ... }: { imports = [ - ./containers/default.nix - ./multimedia/default.nix - ./databases/default.nix - ./services/default.nix + ./containers + ./multimedia + ./databases + ./services ./backups.nix ./caddy.nix ./prometheus.nix diff --git a/features/client/backups.nix b/shared/client/backups.nix similarity index 100% rename from features/client/backups.nix rename to shared/client/backups.nix diff --git a/features/client/default.nix b/shared/client/default.nix similarity index 100% rename from features/client/default.nix rename to shared/client/default.nix diff --git a/features/client/games.nix b/shared/client/games.nix similarity index 100% rename from features/client/games.nix rename to shared/client/games.nix diff --git a/features/client/sway.nix b/shared/client/sway.nix similarity index 100% rename from features/client/sway.nix rename to shared/client/sway.nix diff --git a/features/client/tailscale.nix b/shared/client/tailscale.nix similarity index 100% rename from features/client/tailscale.nix rename to shared/client/tailscale.nix diff --git a/features/client/udisks2.nix b/shared/client/udisks2.nix similarity index 100% rename from features/client/udisks2.nix rename to shared/client/udisks2.nix diff --git a/shared/default.nix b/shared/default.nix new file mode 100644 index 0000000..f335412 --- /dev/null +++ b/shared/default.nix @@ -0,0 +1,45 @@ +{ + pkgs, + inputs, + system, + lib, + ... +}: +{ + imports = [ + ../shared + ]; + + environment.systemPackages = [ + inputs.miovim.packages.${system}.default + pkgs.curl + pkgs.unzip + ]; + + environment.variables.EDITOR = "nvim"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + console = { + font = "Lat2-Terminus16"; + keyMap = "fr"; + }; + + services.tailscale.enable = true; + + # Set your time zone. + time.timeZone = lib.mkDefault "Europe/Paris"; + i18n.defaultLocale = "fr_FR.UTF-8"; + + # reducing disk usage + boot.loader.systemd-boot.configurationLimit = 10; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; + nix.settings.auto-optimise-store = true; +} diff --git a/features/isos/goober.nix b/shared/isos/goober.nix similarity index 100% rename from features/isos/goober.nix rename to shared/isos/goober.nix diff --git a/features/shared/ssh.nix b/shared/ssh.nix similarity index 66% rename from features/shared/ssh.nix rename to shared/ssh.nix index 4400ec3..99a0f58 100644 --- a/features/shared/ssh.nix +++ b/shared/ssh.nix @@ -1,4 +1,8 @@ -{ config, ... }: +{ + config, + + ... +}: { services.openssh = { enable = true; @@ -11,11 +15,12 @@ services.fail2ban.jails.sshd.settings = { ssh = '' - enabled = true - port = ssh - filter = sshd - logpath = %(sshd_log)s - maxretry = 5 + enabled = true + port = ssh + filter = sshd + logpath = %(sshd_log)s + maxretry = 5 ''; }; + }