From cbfe1f0d110d6e04a54e45838c08e65728b1fc32 Mon Sep 17 00:00:00 2001 From: dadada Date: Wed, 30 Dec 2020 15:11:19 +0100 Subject: [PATCH] Add host surgat and move weechat to it. --- default.nix | 3 +++ hosts/gorgon/home/default.nix | 1 + hosts/ifrit/default.nix | 24 +++++++++---------- hosts/surgat/default.nix | 43 +++++++++++++++++++++++++++++++++++ modules/profiles/default.nix | 4 ++++ modules/weechat.nix | 9 +++++--- 6 files changed, 68 insertions(+), 16 deletions(-) create mode 100644 hosts/surgat/default.nix create mode 100644 modules/profiles/default.nix diff --git a/default.nix b/default.nix index 9f9db2c..5ab44cf 100644 --- a/default.nix +++ b/default.nix @@ -7,6 +7,9 @@ with pkgs; hmModules = import ./modules/home; overlays = import ./overlays; + profiles = import ./modules/profiles; + hmProfiles = import ./modules/home/profiles; + tubslatex = callPackage ./pkgs/tubslatex {}; keys = callPackage ./pkgs/keys {}; } diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix index 58b732f..d318f42 100644 --- a/hosts/gorgon/home/default.nix +++ b/hosts/gorgon/home/default.nix @@ -19,6 +19,7 @@ in kitty.enable = true; ssh.enable = true; syncthing.enable = true; + tmux.enable = true; xdg.enable = true; zsh.enable = true; diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix index 1c45848..1bad0b2 100644 --- a/hosts/ifrit/default.nix +++ b/hosts/ifrit/default.nix @@ -2,7 +2,7 @@ let hostAliases = [ "ifrit.dadada.li" - "vpn.dadada.li" + "bs.vpn.dadada.li" "media.dadada.li" "media.local" ]; @@ -36,8 +36,6 @@ in { key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; }; }; - - weechat.enable = true; }; services.borgbackup.repos = { @@ -117,16 +115,16 @@ in { security.acme = { email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; acceptTerms = true; - certs."webchat.dadada.li" = { - credentialsFile = "/var/lib/lego/acme-joker.env"; - dnsProvider = "joker"; - postRun = "systemctl reload nginx.service"; - }; - certs."weechat.dadada.li" = { - credentialsFile = "/var/lib/lego/acme-joker.env"; - dnsProvider = "joker"; - postRun = "systemctl reload nginx.service"; - }; + # certs."webchat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; + # certs."weechat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; }; users.users."mist" = { diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix new file mode 100644 index 0000000..7e4964f --- /dev/null +++ b/hosts/surgat/default.nix @@ -0,0 +1,43 @@ +{ config, pkgs, lib, ... }: +let + hostName = "surgat"; + this = import ../.. {}; + keys = ../../pkgs/keys/keys; +in { + imports = [ this.profiles.base ]; + + networking.hostName = hostName; + + dadada.admin = { + enable = true; + users = [ "dadada" ]; + }; + + dadada.networking.vpnExtension = "4"; + dadada.weechat.enable = true; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 443 # HTTPS + ]; + allowedUDPPorts = [ + 51234 # Wireguard + ]; + }; + + security.acme = { + email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; +} diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix new file mode 100644 index 0000000..3ae87ed --- /dev/null +++ b/modules/profiles/default.nix @@ -0,0 +1,4 @@ +{ + base = ./base; + laptop = ./laptop; +} diff --git a/modules/weechat.nix b/modules/weechat.nix index dcc6be7..3f2c73d 100644 --- a/modules/weechat.nix +++ b/modules/weechat.nix @@ -14,9 +14,12 @@ in { }; services.nginx.virtualHosts."webchat.dadada.li" = { - useACMEHost = "webchat.dadada.li"; + enableACME = true; forceSSL = true; - serverAliases = [ "webchat.${config.networking.domain}" ]; + serverAliases = [ + "webchat.${config.networking.domain}" + "weechat.${config.networking.domain}" + ]; root = pkgs.glowing-bear; @@ -30,7 +33,7 @@ in { }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - useACMEHost = "weechat.dadada.li"; + useACMEHost = "webchat.dadada.li"; forceSSL = true; serverAliases = [ "weechat.${config.networking.domain}" ];