harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nix fmt

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2024-11-19 10:31:29 +01:00
parent a3187e163d
commit 900f95169f
83 changed files with 1134 additions and 705 deletions
Download patch file Download diff file Expand all files Collapse all files

27
systems/x86_64-linux/mx/acme.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
sops.secrets.internetbs = {
sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
@ -13,27 +18,19 @@
};
certs = {
"surfsite.org" = {
extraDomainNames = [
"*.surfsite.org"
];
extraDomainNames = [ "*.surfsite.org" ];
};
"hartwin-hoyer.de" = {
extraDomainNames = [
"*.hartwin-hoyer.de"
];
extraDomainNames = [ "*.hartwin-hoyer.de" ];
};
"herward-hoyer.de" = {
extraDomainNames = [
"*.herward-hoyer.de"
];
extraDomainNames = [ "*.herward-hoyer.de" ];
};
"varlink.org" = {
extraDomainNames = [
"*.varlink.org"
];
extraDomainNames = [ "*.varlink.org" ];
};
"meike-hoyer.de" = { };
@ -71,9 +68,7 @@
};
"harald-hoyer.de" = {
extraDomainNames = [
"*.harald-hoyer.de"
];
extraDomainNames = [ "*.harald-hoyer.de" ];
};
};
};

2
systems/x86_64-linux/mx/backup.nix
View file

@ -4,7 +4,7 @@
shell = pkgs.bash;
isNormalUser = true;
openssh.authorizedKeys.keys = [
"restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx"
''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx''
];
};

31
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
@ -8,20 +13,30 @@
networking.firewall =
let
range = with config.services.coturn; [{
from = min-port;
to = max-port;
}];
range = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
in
{
allowedUDPPortRanges = range;
allowedTCPPorts = [ 3478 3479 5349 ];
allowedUDPPorts = [ 3478 3479 5349 ];
allowedTCPPorts = [
3478
3479
5349
];
allowedUDPPorts = [
3478
3479
5349
];
};
# get a certificate
security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */
# insert here the right configuration to obtain a certificate
postRun = "systemctl restart coturn.service";
group = "turnserver";
};

7
systems/x86_64-linux/mx/forgejo.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
sops.secrets."postgres/gitea_dbpass" = {
sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file

19
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -1,12 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, pkgs, modulesPath, ... }:
{
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
@ -28,15 +31,17 @@
"rng_core"
];
boot.swraid.enable = true;
boot.swraid.mdadmConf = ''
MAILADDR admin@hoyer.xyz
'';
disko.devices = import ./server-raid.nix {
inherit lib;
disks = [ "/dev/sda" "/dev/sdb" ];
disks = [
"/dev/sda"
"/dev/sdb"
];
};
swapDevices = [{ device = "/swapfile"; }];
swapDevices = [ { device = "/swapfile"; } ];
}

4
systems/x86_64-linux/mx/kicker.nix
View file

@ -9,9 +9,7 @@
"/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd"
"/home/hartwin/kicker/live.db:/app/db/data/current.db"
];
extraOptions = [
"--pull=always"
];
extraOptions = [ "--pull=always" ];
};
};
}

7
systems/x86_64-linux/mx/mailserver.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
# email addresses git smudged
mailserver = {

37
systems/x86_64-linux/mx/network.nix
View file

@ -8,7 +8,10 @@
services.resolved.extraConfig = "ReadEtcHosts=no";
services.nscd.enableNsncd = false;
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowPing = true;
networking.hostName = "mx"; # Define your hostname.
@ -26,20 +29,26 @@
networking.interfaces.enp0s31f6 = {
ipv6 = {
addresses = [{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64;
}];
addresses = [
{
address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here
prefixLength = 64;
}
];
# Default IPv6 route
routes = [{
address = "::";
prefixLength = 0;
via = "fe80::1";
}];
routes = [
{
address = "::";
prefixLength = 0;
via = "fe80::1";
}
];
};
ipv4.addresses = [{
address = "95.216.66.178";
prefixLength = 26;
}];
ipv4.addresses = [
{
address = "95.216.66.178";
prefixLength = 26;
}
];
};
}

4
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -49,9 +49,7 @@
};
services.postgresql = {
ensureDatabases = [
"nextcloud"
];
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";

17
systems/x86_64-linux/mx/nginx.nix
View file

@ -30,7 +30,6 @@
root = "/var/www/hoyer.xyz/html";
};
"hoyer.world" = {
enableACME = false;
useACMEHost = "hoyer.world";
@ -47,9 +46,7 @@
"hoyer.xyz" = {
# serverName = "hoyer.xyz";
serverAliases = [
"www.hoyer.xyz"
];
serverAliases = [ "www.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
enableACME = false;
forceSSL = true;
@ -108,17 +105,13 @@
};
"harald-hoyer.de" = {
serverAliases = [
"www.harald-hoyer.de"
];
serverAliases = [ "www.harald-hoyer.de" ];
useACMEHost = "harald-hoyer.de";
globalRedirect = "harald.hoyer.xyz";
forceSSL = true;
};
"harald.hoyer.xyz" = {
serverAliases = [
"www.harald.hoyer.xyz"
];
serverAliases = [ "www.harald.hoyer.xyz" ];
useACMEHost = "hoyer.xyz";
root = "/var/www/harald.hoyer.xyz/html/";
extraConfig = ''
@ -141,9 +134,7 @@
};
"hartwin-hoyer.de" = {
serverAliases = [
"www.hartwin-hoyer.de"
];
serverAliases = [ "www.hartwin-hoyer.de" ];
useACMEHost = "hartwin-hoyer.de";
globalRedirect = "hartwin.hoyer.xyz";
forceSSL = true;

7
systems/x86_64-linux/mx/postgresql.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
services.postgresql = {
package = pkgs.postgresql_14;

10
systems/x86_64-linux/mx/rspamd.nix
View file

@ -10,10 +10,12 @@ let
'';
in
{
services.rspamd.workers.controller.bindSockets = [{
socket = "/run/rspamd/worker-controller.sock";
mode = "0660";
}];
services.rspamd.workers.controller.bindSockets = [
{
socket = "/run/rspamd/worker-controller.sock";
mode = "0660";
}
];
services.rspamd.locals = {
"settings.conf".text = ''
bogenschiessen {

9
systems/x86_64-linux/mx/server-raid.nix
View file

@ -1,4 +1,11 @@
{ disks ? [ "/dev/sda" "/dev/sdb" ], ... }: {
{
disks ? [
"/dev/sda"
"/dev/sdb"
],
...
}:
{
disk = {
one = {
type = "disk";