alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sombrero: remove host sombrero

Browse Source
This commit is contained in:
Alexander Heldt
2024-09-02 20:29:48 +02:00
parent 395e4f8256
commit 04f1bef188
31 changed files with 4 additions and 843 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/pinwheel/modules/ssh/default.nix
View File

@@ -12,20 +12,6 @@
port = 1122;
};
"sombrero.local" = {
hostname = "192.168.50.200";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"sombrero" = {
hostname = "sombrero.a2x.se";
user = "alex";
identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero";
port = 1122;
};
"andromeda" = {
hostname = "andromeda.a2x.se";
user = "alex";
@@ -72,18 +58,6 @@
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero";
owner = "alex";
group = "users";
};
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub";
owner = "alex";
group = "users";
};
"alex.pinwheel-github.com" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age;

9
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,13 +16,12 @@
devices = {
phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards;
sombrero.id = config.lib.syncthing.sombrero;
};
folders = {
org = {
path = "/home/alex/sync/org";
devices = [ "sombrero" "phone" "backwards" ];
devices = [ "phone" "backwards" ];
versioning = {
type = "staggered";
params = {
@@ -33,7 +32,7 @@
personal = {
path = "/home/alex/sync/personal";
devices = [ "sombrero" "backwards" ];
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {
@@ -44,7 +43,7 @@
work = {
path = "/home/alex/sync/work";
devices = [ "sombrero" "backwards" ];
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {
@@ -55,7 +54,7 @@
books = {
path = "/home/alex/sync/books";
devices = [ "sombrero" "backwards" ];
devices = [ "backwards" ];
versioning = {
type = "staggered";
params = {

79
hosts/sombrero/configuration.nix
View File

@@ -1,79 +0,0 @@
{ pkgs, ... }:
{
imports =
[
../../config-manager/default.nix
../../shared-modules/syncthing.nix
./hardware-configuration.nix
./modules
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
environment.variables.EDITOR = "vim";
hardware.enableRedistributableFirmware = true;
# Set your time zone.
time.timeZone = "Europe/Stockholm";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
users = {
mutableUsers = false;
users.root = {
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
};
users."alex" = {
isNormalUser = true;
hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/";
extraGroups = [ "wheel" ];
};
};
environment.systemPackages = with pkgs; [
gnumake
mkpasswd
vim
];
config-manager = {
flakePath = "/home/alex/config";
};
mod = {
git.enable = true;
ssh.enable = true;
docker.enable = true;
nginx.enable = true;
syncthing.enable = true;
plex.enable = true;
calibre-web.enable = true;
transmission.enable = true;
restic.enable = true;
pppdotpm-site.enable = false;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

52
hosts/sombrero/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AD29-0697";
fsType = "vfat";
};
fileSystems."/home/alex/media" =
{ device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764";
fsType = "ext4";
options = [ "nofail" ];
};
fileSystems."/home/alex/backup" =
{ device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f";
fsType = "ext4";
options = [ "nofail" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

25
hosts/sombrero/home.nix
View File

@@ -1,25 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.home-manager.nixosModules.home-manager ];
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.alex = {
programs.home-manager.enable = true;
home.username = "alex";
home.homeDirectory = "/home/alex";
home.packages = [
pkgs.unar
];
home.stateVersion = "22.11";
};
};
};
}

14
hosts/sombrero/modules/age/default.nix
View File

@@ -1,14 +0,0 @@
{ inputs, pkgs, ... }:
{
imports = [ inputs.agenix.nixosModules.default ];
config = {
age = {
identityPaths = [ "/etc/ssh/sombrero" ];
};
environment.systemPackages = [
inputs.agenix.packages."${pkgs.system}".default
];
};
}

25
hosts/sombrero/modules/boot/default.nix
View File

@@ -1,25 +0,0 @@
{ pkgs, ... }: {
boot = {
loader = {
grub.enable = false;
efi.canTouchEfiVariables = true;
raspberryPi = {
enable = true;
version = 4;
};
};
tmp = {
useTmpfs = true;
};
kernelPackages = pkgs.linuxPackages_rpi4;
kernelParams = [
"8250.nr_uarts=1"
"console=ttyAMA0,115200"
"console=tty1"
"cma=128M"
];
};
}

52
hosts/sombrero/modules/calibre-web/default.nix
View File

@@ -1,52 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.calibre-web.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.calibre-web = {
enable = lib.mkEnableOption "add calibre-web module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
services = {
calibre-web = {
enable = true;
user = "alex";
group = "users";
listen = {
ip = "127.0.0.1";
port = 8083;
};
options = {
calibreLibrary = "/home/alex/backup/books";
enableBookUploading = true;
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 8083 ];
};
};
services = {
nginx = {
virtualHosts."books.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
};
};
};
};
};
}

8
hosts/sombrero/modules/default.nix
View File

@@ -1,8 +0,0 @@
{ lib, ... }:
let
toModulePath = dir: _: ./. + "/${dir}";
filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs;
in
{
imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.));
}

29
hosts/sombrero/modules/docker/default.nix
View File

@@ -1,29 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.docker.enable;
in
{
options = {
mod.docker = {
enable = lib.mkEnableOption "enable docker module";
};
};
config = lib.mkIf enabled {
virtualisation = {
docker = {
enable = true;
};
oci-containers = {
backend = "docker";
};
};
users.users.alex.extraGroups = [ "docker" ];
home-manager.users.alex = {
home.packages = [ pkgs.docker-compose ];
};
};
}

30
hosts/sombrero/modules/git/default.nix
View File

@@ -1,30 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.git.enable;
in
{
options = {
mod.git = {
enable = lib.mkEnableOption "enable git module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.git = {
enable = true;
includes = [
{ path = ./gitconfig; }
];
};
home.packages = [ pkgs.tig ];
home.file.".tigrc".text = ''
set main-view-line-number = yes
set main-view-line-number-interval = 1
'';
};
};
}

10
hosts/sombrero/modules/git/gitconfig
View File

@@ -1,10 +0,0 @@
[user]
name = Alexander Heldt
email = me@alexanderheldt.se
[url "git@github.com:"]
insteadOf = https://github.com/
[url "git@codeberg.org:"]
insteadOf = https://codeberg.org/

6
hosts/sombrero/modules/mullvad/default.nix
View File

@@ -1,6 +0,0 @@
{ ... }:
{
services.mullvad-vpn = {
enable = true;
};
}

18
hosts/sombrero/modules/network/default.nix
View File

@@ -1,18 +0,0 @@
{
networking = {
hostName = "sombrero";
defaultGateway = "192.168.50.1";
nameservers = [ "8.8.8.8" ];
interfaces = {
eth0 = {
ipv4 = {
addresses = [{
address = "192.168.50.200";
prefixLength = 24;
}];
};
};
};
};
}

38
hosts/sombrero/modules/nginx/default.nix
View File

@@ -1,38 +0,0 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "add nginx module";
};
};
config = lib.mkIf enabled {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "p@ppp.pm";
};
};
};
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 80 443 ];
};
};
};
}

42
hosts/sombrero/modules/plex/default.nix
View File

@@ -1,42 +0,0 @@
{ lib, config, ... }:
let
enable = config.mod.plex.enable;
dockerEnabled = config.mod.docker.enable;
in
{
options = {
mod.plex = {
enable = lib.mkEnableOption "enable plex module";
};
};
config = lib.mkIf (enable && dockerEnabled) {
virtualisation = {
oci-containers.containers = {
plex = {
image = "linuxserver/plex";
autoStart = true;
environment = {
TZ = "Europe/Stockholm";
VERSION = "latest";
};
extraOptions = [ "--network=host" ];
volumes = [
"/home/alex/media/plex/db:/config"
"/home/alex/media/movies:/movies"
"/home/alex/media/tv:/tv"
];
};
};
};
networking = {
firewall = {
allowedTCPPorts = [ 32400 ];
};
};
};
}

33
hosts/sombrero/modules/ppp.pm-site/default.nix
View File

@@ -1,33 +0,0 @@
{ inputs, lib, config, ... }:
let
enabled = config.mod.pppdotpm-site.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
imports = [ inputs.pppdotpm-site.nixosModules.default ];
options = {
mod.pppdotpm-site = {
enable = lib.mkEnableOption "enable ppp.pm site";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
security.acme = {
certs = {
"ppp.pm" = {
webroot = "/var/lib/acme/acme-challenge/";
email = "p@ppp.pm";
group = "nginx";
};
};
};
services.pppdotpm-site = {
enable = true;
domain = "ppp.pm";
useACMEHost = "ppp.pm";
};
};
}

43
hosts/sombrero/modules/restic/default.nix
View File

@@ -1,43 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.restic.enable;
in
{
options = {
mod.restic = {
enable = lib.mkEnableOption "enable restic module";
};
};
config = lib.mkIf enabled {
services = {
restic.backups = {
"sync" = {
initialize = true;
user = "alex";
passwordFile = "/home/alex/backup/restic/password.file";
environmentFile = "/home/alex/backup/restic/aws.env";
repository = "s3:https://s3.eu-north-1.amazonaws.com/restic-sync-backup";
paths = ["/home/alex/backup/sync"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
pruneOpts = [
"--keep-daily 2"
"--keep-weekly 7"
"--keep-yearly 12"
];
};
};
};
environment.systemPackages = [ pkgs.restic ];
};
}

102
hosts/sombrero/modules/ssh/default.nix
View File

@@ -1,102 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.ssh.enable;
authorizedKeysPath = "/home/alex/.ssh/authorized-keys";
in
{
options = {
mod.ssh = {
enable = lib.mkEnableOption "enable ssh module";
};
};
config = lib.mkIf enabled {
home-manager.users.alex = {
programs.ssh = {
enable = true;
matchBlocks = {
"codeberg.org" = {
hostname = "codeberg.org";
identityFile = "/home/alex/.ssh/alex.sombrero-codeberg.org";
};
"github.com" = {
hostname = "github.com";
identityFile = "/home/alex/.ssh/alex.sombrero-github.com";
};
};
};
};
environment.etc."ssh/authorized_keys_command" = {
mode = "0755";
text = ''
#!${pkgs.bash}/bin/bash
for file in ${authorizedKeysPath}/*; do
${pkgs.coreutils}/bin/cat "$file"
done
'';
};
services = {
openssh = {
enable = true;
ports = [ 1122 ];
hostKeys = [{
path = "/etc/ssh/sombrero";
type = "ed25519";
}];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
authorizedKeysCommand = "/etc/ssh/authorized_keys_command";
authorizedKeysCommandUser = "root";
};
};
networking = {
firewall = {
allowedTCPPorts = [ 1122 ];
};
};
age.secrets = {
"alex.pinwheel-sombrero.pub" = {
file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age;
path = "${authorizedKeysPath}/alex.pinwheel-sombrero.pub";
};
"alex.sombrero-codeberg.org" = {
file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.age;
path = "/home/alex/.ssh/alex.sombrero-codeberg.org";
owner = "alex";
group = "users";
};
"alex.sombrero-codeberg.org.pub" = {
file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.pub.age;
path = "/home/alex/.ssh/alex.sombrero-codeberg.org.pub";
owner = "alex";
group = "users";
};
"alex.sombrero-github.com" = {
file = ../../../../secrets/sombrero/alex.sombrero-github.com.age;
path = "/home/alex/.ssh/alex.sombrero-github.com";
owner = "alex";
group = "users";
};
"alex.sombrero-github.com.pub" = {
file = ../../../../secrets/sombrero/alex.sombrero-github.com.pub.age;
path = "/home/alex/.ssh/alex.sombrero-github.com.pub";
owner = "alex";
group = "users";
};
};
};
}

130
hosts/sombrero/modules/syncthing/default.nix
View File

@@ -1,130 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
nginxEnabled = config.mod.nginx.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "add syncthing module";
};
};
config = lib.mkIf (enabled && nginxEnabled) {
networking = {
firewall = {
allowedTCPPorts = [ 8384 ];
};
};
services = {
syncthing = {
enable = true;
openDefaultPorts = true;
user = "alex";
group = "users";
dataDir = "/home/alex/backup/sync";
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$J/h/JOUiW24ZXsLYLEl2kOZUS1LftxANi0OlZxLy8Dst3/jpBd0v2";
insecureSkipHostcheck = false;
};
devices = {
phone.id = config.lib.syncthing.phone;
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
"org" = {
path = "/home/alex/backup/sync/org";
devices = [ "phone" "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"phone-gps" = {
path = "/home/alex/backup/sync/gps";
devices = [ "phone" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"personal" = {
path = "/home/alex/backup/sync/personal";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"work" = {
path = "/home/alex/backup/sync/work";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"books" = {
path = "/home/alex/backup/books";
devices = [ "pinwheel" ];
versioning = {
type = "staggered";
params = {
maxAge = "2592000"; # 30 days
};
};
};
"audiobooks" = {
path = "/home/alex/media/sync/audiobooks";
devices = [ "phone" ];
};
};
};
};
nginx = {
virtualHosts."syncthing.sombrero.a2x.se" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://0.0.0.0:8384";
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age;
};
};
};
}

9
hosts/sombrero/modules/tailscale/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }:
{
services.tailscale.enable = true;
networking.firewall = {
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
};
}

40
hosts/sombrero/modules/transmission/default.nix
View File

@@ -1,40 +0,0 @@
{ pkgs, lib, config, ... }:
let
enabled = config.mod.transmission.enable;
in
{
options = {
mod.transmission = {
enable = lib.mkEnableOption "enable transmission module";
};
};
config = lib.mkIf enabled {
services = {
transmission = {
enable = true;
package = pkgs.transmission_4;
openFirewall = true;
openRPCPort = true;
settings.rpc-port = 9191;
settings.rpc-bind-address = "0.0.0.0";
user = "alex";
group = "users";
home = "/home/alex/media/ts-home";
downloadDirPermissions = "775";
settings = {
incomplete-dir-enabled = false;
download-dir = "/home/alex/media";
rpc-authentication-required = true;
rpc-whitelist-enabled = false;
rpc-username = "transmission";
rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi";
};
};
};
};
}