jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:afeae40848f14e623ad4ecd0cf0a49c1abeddd22
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:dc34117014930e277e4ec4742c677a3557f85613
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

No commits in common. "afeae40848f14e623ad4ecd0cf0a49c1abeddd22" and "dc34117014930e277e4ec4742c677a3557f85613" have entirely different histories.
afeae40848 ... dc34117014

6 changed files with 38 additions and 118 deletions
Download patch file Download diff file Expand all files Collapse all files

32
hosts/dregil/configuration.nix
View file

@ -93,7 +93,28 @@ in
extraGroups = [ "wheel" # Enable sudo for the user. extraGroups = [ "wheel" # Enable sudo for the user.
"input" "input"
]; ];
}; packages = with pkgs; [
# gui tool
alacritty
firefox
jitsi-meet-electron
# editing
helix
nil # nix language server
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
bat # better cat
uhk-agent
# gaming support
lutris
#inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
];
};
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -102,7 +123,6 @@ in
ripgrep ripgrep
git git
nvidia-offload nvidia-offload
pinentry
]; ];
# adjust channels to nixpkgs used on this system via this flake # adjust channels to nixpkgs used on this system via this flake
@ -114,10 +134,10 @@ in
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
# programs.mtr.enable = true; # programs.mtr.enable = true;
programs.gnupg.agent = { # programs.gnupg.agent = {
enable = true; # enable = true;
enableSSHSupport = true; # enableSSHSupport = true;
}; # };
programs.neovim = { programs.neovim = {
enable = true; enable = true;

72
hosts/thrall/default.nix
View file

@ -36,7 +36,6 @@ in {
age.secrets = { age.secrets = {
mailPass.file = ../../secrets/mailPass.age; mailPass.file = ../../secrets/mailPass.age;
paperless-mail.file = ../../secrets/paperless-mail.age;
wireguard-thrall.file = ../../secrets/wireguard-thrall.age; wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
}; };
@ -135,7 +134,6 @@ in {
htop htop
tmux tmux
git git
git-annex
#agenix.defaultPackage.x86_64-linux #agenix.defaultPackage.x86_64-linux
restic # fast and secure backup restic # fast and secure backup
rclone rclone
@ -177,56 +175,25 @@ in {
services.restic.backups = { }; services.restic.backups = { };
services.keybase = { enable = true; }; services.keybase = { enable = true; };
services.nginx.enable = true;
services.nginx = { services.nginx = {
enable = true;
statusPage = true;
clientMaxBodySize = "64m";
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
# main site
"failco.de" = { "failco.de" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
root = "/srv/www/failco.de"; root = "/srv/www/failco.de";
serverAliases = [ "www.failco.de" "mail.failco.de" ]; serverAliases = [ "www.failco.de" "mail.failco.de" ];
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
}; };
"www.jakalx.net" = {
forceSSL = true;
enableACME = true;
root = "/srv/www/jakalx.net";
serverAliases = [ "jakalx.net" ];
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
};
# gitea
"git.failco.de" = { "git.failco.de" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = { proxyPass = "http://127.0.0.1:3001/"; };
proxyPass = "http://127.0.0.1:3001/";
proxyWebsockets = true;
};
};
# paperless
"docs.failco.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3002/";
proxyWebsockets = true;
};
}; };
}; };
@ -239,28 +206,7 @@ in {
httpAddress = "127.0.0.1"; httpAddress = "127.0.0.1";
httpPort = 3001; httpPort = 3001;
settings = { settings.service.DISABLE_REGISTRATION = true;
service.DISABLE_REGISTRATION = true;
mailer = {
ENABLED = true;
MAILER_TYPE = "smtp";
FROM = "git@failco.de";
HOST = "thrall.failco.de:25";
IS_TLS_ENABLED = false;
};
};
};
services.paperless = {
enable = true;
address = "127.0.0.1";
port = 3002;
consumptionDirIsPublic = true;
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_URL = "https://docs.failco.de";
};
}; };
services.fail2ban = { services.fail2ban = {
@ -306,17 +252,7 @@ in {
aliases = [ "lx@failco.de" "alex@failco.de" ]; aliases = [ "lx@failco.de" "alex@failco.de" ];
catchAll = [ "failco.de" ]; catchAll = [ "failco.de" "jakalx.net" ];
};
"alex@jakalx.net" = {
hashedPasswordFile = config.age.secrets.mailPass.path;
catchAll = [ "jakalx.net" ];
};
"archive@failco.de" = {
hashedPasswordFile = config.age.secrets.paperless-mail.path;
}; };
}; };

8
modules/common-system.nix
View file

@ -14,12 +14,16 @@
fd fd
fzf fzf
bat bat
lshw
pciutils
]; ];
networking.firewall.enable = true; networking.firewall.enable = true;
users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" "input" ];
shell = pkgs.zsh;
};
nix = { nix = {
gc = { gc = {
automatic = true; automatic = true;

40
outputs/homeConfigurations/default.nix
View file

@ -17,50 +17,12 @@ in
username = "alex"; username = "alex";
homeDirectory = "/home/alex"; homeDirectory = "/home/alex";
stateVersion = "22.11"; stateVersion = "22.11";
packages = with pkgs; [ packages = with pkgs; [
alacritty # fast terminal
firefox # the browser with the fox
# social
jitsi-meet-electron # jitsi as a stand-alone app
discord # talk to other people
#inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
# editing
helix # vim like editor
nil # nix language server
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
bat # better cat
uhk-agent # my keyboard
mosh # ssh via udp
# gaming support
lutris lutris
]; ];
}; };
programs.bash = {
enable = true;
};
programs.zsh = {
enable = true;
};
programs.git = {
enable = true;
userName = "Alexander Kobjolke";
userEmail = "me@failco.de";
};
programs.password-store = {
enable = true;
};
# do not show home-manager notifications # do not show home-manager notifications
news.display = "silent"; news.display = "silent";
} }

BIN
secrets/paperless-mail.age
View file

Binary file not shown.

4
secrets/secrets.nix
View file

@ -1,12 +1,10 @@
let let
thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re"; thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
systems = [ thrall ]; systems = [ thrall ];
users = [ alex ]; users = [];
in in
{ {
"mailPass.age".publicKeys = users ++ systems; "mailPass.age".publicKeys = users ++ systems;
"paperless-mail.age".publicKeys = users ++ systems;
"wireguard-thrall.age".publicKeys = [thrall]; "wireguard-thrall.age".publicKeys = [thrall];
} }