jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

thrall: Extract modules

Browse source
This commit is contained in:
Alexander Kobjolke 2024-01-22 21:19:09 +01:00
parent 5c1e8ea969
commit a951a1e3fb
3 changed files with 30 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

39
hosts/thrall/default.nix
View file

@ -3,7 +3,9 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }: { config, pkgs, ... }:
let ledgerVHost = "ledger.failco.de"; let
authorityFromUrl = url:
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -11,6 +13,8 @@ in {
../../modules/nix-config.nix ../../modules/nix-config.nix
../../modules/iohk.nix ../../modules/iohk.nix
../../modules/timezone.nix ../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -137,14 +141,12 @@ in {
htop htop
tmux tmux
git git
#agenix.defaultPackage.x86_64-linux
restic # fast and secure backup restic # fast and secure backup
rclone rclone
]; ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
@ -163,20 +165,15 @@ in {
# List services that you want to enable: # List services that you want to enable:
# depending on wireguard
services.kresd = { services.kresd = {
enable = true; enable = true;
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
}; };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.lorri.enable = true; services.lorri.enable = true;
# configure backup via restic to gdrive # configure backup via restic to gdrive
services.restic.backups = { }; services.restic.backups = { };
services.keybase = { enable = true; };
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -226,27 +223,31 @@ in {
}; };
# gitea # gitea
"git.failco.de" = { "${config.services.gitea.settings.server.DOMAIN}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:3001/"; proxyPass = "http://127.0.0.1:${
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
# paperless # paperless
"docs.failco.de" = { "${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" =
forceSSL = true; {
enableACME = true; forceSSL = true;
locations."/" = { enableACME = true;
proxyPass = "http://127.0.0.1:3002/"; locations."/" = {
proxyWebsockets = true; proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
}; };
};
# hledger # hledger
"${ledgerVHost}" = { "${authorityFromUrl config.services.hledger-web.baseUrl}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path; basicAuthFile = config.age.secrets.hledger-web.path;
@ -297,7 +298,7 @@ in {
services.hledger-web = { services.hledger-web = {
enable = true; enable = true;
baseUrl = "https://${ledgerVHost}"; baseUrl = "https://ledger.failco.de";
port = 3003; port = 3003;
capabilities = { capabilities = {
view = true; view = true;

5
modules/keybase.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
services.keybase.enable = true;
}

5
modules/ssh.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
services.openssh.enable = true;
}