diff options
Diffstat (limited to 'nix/hosts')
-rw-r--r-- | nix/hosts/nixos/default.nix | 6 | ||||
-rw-r--r-- | nix/hosts/nixos/packages.nix | 9 | ||||
-rw-r--r-- | nix/hosts/nixos/user.nix | 19 | ||||
-rw-r--r-- | nix/hosts/nixos/vm/default.nix | 19 | ||||
-rw-r--r-- | nix/hosts/nixos/vm/hardware.nix | 14 | ||||
-rw-r--r-- | nix/hosts/nixos/wildcat/configuration.nix | 140 | ||||
-rw-r--r-- | nix/hosts/nixos/wildcat/default.nix | 18 | ||||
-rw-r--r-- | nix/hosts/nixos/wildcat/hardware.nix | 29 | ||||
-rw-r--r-- | nix/hosts/nixos/wildcat/networking.nix | 51 |
9 files changed, 0 insertions, 305 deletions
diff --git a/nix/hosts/nixos/default.nix b/nix/hosts/nixos/default.nix deleted file mode 100644 index abfb3a7..0000000 --- a/nix/hosts/nixos/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: { - imports = [ - ./packages.nix - ./user.nix - ]; -} diff --git a/nix/hosts/nixos/packages.nix b/nix/hosts/nixos/packages.nix deleted file mode 100644 index 8e807c6..0000000 --- a/nix/hosts/nixos/packages.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - git - jq - vim - ]; - }; -} diff --git a/nix/hosts/nixos/user.nix b/nix/hosts/nixos/user.nix deleted file mode 100644 index 47c2267..0000000 --- a/nix/hosts/nixos/user.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: { - users.users.fcuny = { - uid = 1000; - isNormalUser = true; - extraGroups = [ "git" "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP4IsfG32WsmXJNcjsmuahhBHFQ6NulngEMaxcvDd/C" - ]; - }; - - security.sudo.extraRules = [{ - groups = [ "wheel" ]; - commands = [{ - command = "ALL"; - options = [ "NOPASSWD" ]; - }]; - }]; -} diff --git a/nix/hosts/nixos/vm/default.nix b/nix/hosts/nixos/vm/default.nix deleted file mode 100644 index f4a51aa..0000000 --- a/nix/hosts/nixos/vm/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: { - imports = [ ./hardware.nix ]; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = false; - - networking = { - hostName = "nixos"; - domain = ""; - }; - - services.openssh.enable = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - - system.stateVersion = "23.11"; -} diff --git a/nix/hosts/nixos/vm/hardware.nix b/nix/hosts/nixos/vm/hardware.nix deleted file mode 100644 index 89c3d8b..0000000 --- a/nix/hosts/nixos/vm/hardware.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/E783-E9AE"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; }; - swapDevices = [{ device = "/dev/vda3"; }]; -} diff --git a/nix/hosts/nixos/wildcat/configuration.nix b/nix/hosts/nixos/wildcat/configuration.nix deleted file mode 100644 index b74f522..0000000 --- a/nix/hosts/nixos/wildcat/configuration.nix +++ /dev/null @@ -1,140 +0,0 @@ -{ lib, pkgs, ... }: { - security.acme = { - defaults.email = "acme@fcuny.net"; - acceptTerms = true; - }; - - # FIXME: I also ran the following as the git user: - # git config --global init.defaultBranch main - # to ensure that new repositories are created with the default - # branch set to `main'. - # TODO(fcuny): I could create the configuration file to set the default branch - services.gitolite = { - enable = true; - adminPubkey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; - user = "git"; - group = "git"; - extraGitoliteRc = '' - # Make dirs/files group readable, needed for webserver/cgit. (Default - # setting is 0077.) - $RC{UMASK} = 0027; - $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner'; - $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; - push( @{$RC{ENABLE}}, 'symbolic-ref' ); - ''; - }; - - services.cgit.main = { - enable = true; - package = pkgs.cgit-pink; - user = "git"; - group = "git"; - nginx.virtualHost = "git.fcuny.net"; - scanPath = "/var/lib/gitolite/repositories"; - settings = { - css = "/cgit.css"; - logo = "/cgit.png"; - favicon = "/favicon.ico"; - robots = "noindex, nofollow"; - readme = ":README.md"; - project-list = "/var/lib/gitolite/projects.list"; - about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - source-filter = - "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - clone-url = - (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); - enable-log-filecount = 1; - enable-log-linecount = 1; - enable-git-config = 1; - enable-blame = 1; - enable-commit-graph = 1; - enable-follow-links = 1; - enable-index-links = 1; - enable-remote-branches = 1; - enable-subject-links = 1; - enable-tree-linenumbers = 1; - max-atom-items = 108; - max-commit-count = 250; - max-repo-count = 500; - repository-sort = "age"; - snapshots = "tar.gz"; - root-title = "¯\\_(ツ)_/¯"; - root-desc = "source code of my various projects"; - }; - }; - - virtualisation.oci-containers.containers.excalidraw = { - autoStart = true; - image = "excalidraw/excalidraw:latest"; - environment = { TZ = "America/Los_Angeles"; }; - ports = [ "127.0.0.1:3030:80" ]; - extraOptions = [ "--pull=always" ]; - }; - - services.nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts = { - "fcuny.net" = { - # make it the default site: if a request goes through nginx - # without a host header, this will be the default site we serve - # for that request. - default = true; - forceSSL = true; - enableACME = true; - locations = { - "/" = { root = "/srv/www/fcuny.net"; }; - "/.well-known/acme-challenge" = { - root = "/var/lib/acme/acme-challenges"; - }; - }; - }; - "git.fcuny.net" = { - forceSSL = true; - enableACME = true; - locations = { - "/.well-known/acme-challenge" = { - root = "/var/lib/acme/acme-challenges"; - }; - }; - }; - "draw.fcuny.net" = { - forceSSL = true; - enableACME = true; - locations = { - "/".proxyPass = "http://127.0.0.1:3030"; - "/.well-known/acme-challenge" = { - root = "/var/lib/acme/acme-challenges"; - }; - }; - }; - }; - }; - - services.restic.backups.git = { - user = "fcuny"; - passwordFile = "/etc/restic.pw"; - repository = "/srv/backups/git"; - initialize = true; - paths = [ "/var/lib/gitolite" ]; - exclude = [ - "/var/lib/gitolite/.bash_history" - "/var/lib/gitolite/.ssh" - "/var/lib/gitolite/.viminfo" - ]; - extraBackupArgs = [ "--exclude-caches" "--compression=max" ]; - timerConfig = { OnCalendar = "*:0/30"; }; - pruneOpts = [ - "--keep-hourly 36" - "--keep-daily 7" - "--keep-weekly 4" - "--keep-monthly 3" - ]; - }; -} diff --git a/nix/hosts/nixos/wildcat/default.nix b/nix/hosts/nixos/wildcat/default.nix deleted file mode 100644 index 7bde471..0000000 --- a/nix/hosts/nixos/wildcat/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: { - - imports = [ ./hardware.nix ./networking.nix ./configuration.nix ]; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - - networking.hostName = "fcuny"; - networking.domain = "net"; - - services.openssh.enable = true; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - - system.stateVersion = "23.11"; -} diff --git a/nix/hosts/nixos/wildcat/hardware.nix b/nix/hosts/nixos/wildcat/hardware.nix deleted file mode 100644 index 351c991..0000000 --- a/nix/hosts/nixos/wildcat/hardware.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "xen_blkfront" - "vmw_pvscsi" - ]; - - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - boot.initrd.kernelModules = [ "nvme" ]; - - fileSystems = { - "/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - "/srv" = { - device = "/dev/disk/by-id/scsi-0HC_Volume_101115314"; - fsType = "ext4"; - }; - }; -} diff --git a/nix/hosts/nixos/wildcat/networking.nix b/nix/hosts/nixos/wildcat/networking.nix deleted file mode 100644 index c0b4bd0..0000000 --- a/nix/hosts/nixos/wildcat/networking.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ lib, ... }: { - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = - [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [{ - address = "5.78.87.68"; - prefixLength = 32; - }]; - ipv6.addresses = [ - { - address = "2a01:4ff:1f0:d1a3::1"; - prefixLength = 64; - } - { - address = "fe80::9400:3ff:fe98:d6dc"; - prefixLength = 64; - } - ]; - ipv4.routes = [{ - address = "172.31.1.1"; - prefixLength = 32; - }]; - ipv6.routes = [{ - address = "fe80::1"; - prefixLength = 128; - }]; - }; - - }; - firewall.allowedTCPPorts = [ - 22 # ssh - 80 # nginx - 443 # nginx - ]; - }; - services.udev.extraRules = '' - ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0" - - ''; -} |