jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:a951a1e3fbaebf7c2ea66b4ecbc6a47aab91c55c
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:fbb85bc1da748526302fcaad33382404eb7b80fd
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

No commits in common. "a951a1e3fbaebf7c2ea66b4ecbc6a47aab91c55c" and "fbb85bc1da748526302fcaad33382404eb7b80fd" have entirely different histories.
a951a1e3fb ... fbb85bc1da

5 changed files with 30 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

53
hosts/thrall/default.nix
View file

@ -4,19 +4,21 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
authorityFromUrl = url: extIface = "ens3";
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); ledgerVHost = "ledger.failco.de";
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../modules/upgrade-pg-cluster.nix ../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix ../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
]; ];
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
#nix.binaryCaches = [ "https://hydra.iohk.io" ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true; # boot.loader.grub.efiSupport = true;
@ -26,6 +28,9 @@ in {
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
# boot.loader.systemd-boot.enable = true; # boot.loader.systemd-boot.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
age.secrets = { age.secrets = {
mailPass.file = ../../secrets/mailPass.age; mailPass.file = ../../secrets/mailPass.age;
paperless-mail.file = ../../secrets/paperless-mail.age; paperless-mail.file = ../../secrets/paperless-mail.age;
@ -41,8 +46,7 @@ in {
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour. # replicates the default behaviour.
networking = let extIface = "ens3"; networking = {
in {
hostName = "thrall"; hostName = "thrall";
domain = "failco.de"; domain = "failco.de";
wireless.enable = false; wireless.enable = false;
@ -141,12 +145,14 @@ in {
htop htop
tmux tmux
git git
#agenix.defaultPackage.x86_64-linux
restic # fast and secure backup restic # fast and secure backup
rclone rclone
]; ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
@ -165,15 +171,20 @@ in {
# List services that you want to enable: # List services that you want to enable:
# depending on wireguard
services.kresd = { services.kresd = {
enable = true; enable = true;
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
}; };
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.lorri.enable = true; services.lorri.enable = true;
# configure backup via restic to gdrive # configure backup via restic to gdrive
services.restic.backups = { }; services.restic.backups = { };
services.keybase = { enable = true; };
services.nginx = { services.nginx = {
enable = true; enable = true;
@ -223,31 +234,27 @@ in {
}; };
# gitea # gitea
"${config.services.gitea.settings.server.DOMAIN}" = { "git.failco.de" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${ proxyPass = "http://127.0.0.1:3001/";
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
# paperless # paperless
"${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" = "docs.failco.de" = {
{ forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; locations."/" = {
locations."/" = { proxyPass = "http://127.0.0.1:3002/";
proxyPass = proxyWebsockets = true;
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
}; };
};
# hledger # hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = { "${ledgerVHost}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path; basicAuthFile = config.age.secrets.hledger-web.path;
@ -298,7 +305,7 @@ in {
services.hledger-web = { services.hledger-web = {
enable = true; enable = true;
baseUrl = "https://ledger.failco.de"; baseUrl = "https://${ledgerVHost}";
port = 3003; port = 3003;
capabilities = { capabilities = {
view = true; view = true;

9
modules/iohk.nix
View file

@ -1,9 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
nix.settings.substituters = lib.mkAfter [ "https://hydra.iohk.io" ];
}

5
modules/keybase.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.keybase.enable = true;
}

5
modules/ssh.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.openssh.enable = true;
}

5
modules/timezone.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
time.timeZone = lib.mkDefault "Europe/Berlin";
}