port to flakes

2021-06-13 13:43:21 +02:00 · 2021-06-13 13:43:21 +02:00 · 2d9150098e
commit 2d9150098e
parent deaa4fb75c
76 changed files with 721 additions and 315 deletions
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@ -0,0 +1,124 @@
+{ config, pkgs, lib, ... }:
+let
+  hostName = "surgat";
+in
+{
+  imports = [
+    ./hardware-configuration.nix
+  ];
+
+  networking.hostName = hostName;
+
+  services.nginx = {
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    logError = "/dev/null";
+    appendHttpConfig = ''
+      access_log off;
+    '';
+  };
+
+  services.nginx.virtualHosts."hydra.${config.networking.domain}" = {
+    enableACME = true;
+    forceSSL = true;
+
+    root = "${pkgs.nginx}/html";
+
+    locations."/" = {
+      proxyPass = "http://10.3.3.3:3000/";
+      extraConfig = ''
+        proxy_redirect default;
+      '';
+    };
+  };
+
+  dadada.admin = {
+    enable = true;
+    users = {
+      "dadada" = [ "${pkgs.keys}/dadada.pub" ];
+    };
+  };
+
+  dadada.element.enable = true;
+  dadada.gitea.enable = true;
+  dadada.networking.vpnExtension = "4";
+  dadada.weechat.enable = true;
+  dadada.homePage.enable = true;
+  dadada.share.enable = true;
+  dadada.backupClient = {
+    enable = true;
+    bs = true;
+  };
+
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+    allowedTCPPorts = [
+      22 # SSH
+      80
+      443 # HTTPS
+    ];
+    allowedUDPPorts = [
+      51234 # Wireguard
+      51235 # Wireguard
+    ];
+  };
+
+  security.acme = {
+    email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li";
+    acceptTerms = true;
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.interfaces."ens3".ipv6.addresses = [{
+    address = "2a01:4f8:c17:1d70::";
+    prefixLength = 64;
+  }];
+
+  networking.defaultGateway6 = {
+    address = "fe80::1";
+    interface = "ens3";
+  };
+
+  #boot.initrd.network.ssh = {
+  #  enable = true;
+  #  port = 22;
+  #  authorizedKeys = "${keys}/dadada.pub";
+  #  hostKeys = [
+  #  ];
+  #};
+
+  swapDevices = [
+    {
+      device = "/var/swapfile";
+      size = 4096;
+    }
+  ];
+
+  networking.wireguard.interfaces."hydra" = {
+    ips = [ "10.3.3.1/24" ];
+    listenPort = 51235;
+
+    privateKeyFile = "/var/lib/wireguard/hydra";
+
+    peers = [
+      {
+        publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw=";
+        allowedIPs = [ "10.3.3.3/32" ];
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+
+  system.stateVersion = "20.09";
+}
--- a/nixos/surgat/hardware-configuration.nix
+++ b/nixos/surgat/hardware-configuration.nix
@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3";
+      fsType = "ext2";
+    };
+
+  swapDevices = [ ];
+
+}