test

2024-06-14 10:00:54 +02:00
parent 70a3473916
commit aae1271cf0
117 changed files with 616 additions and 1461 deletions
--- a/hosts/server/cloudflared.nix
+++ b/hosts/server/cloudflared.nix
@@ -1,13 +0,0 @@
-{ pkgs, ... }: {
-  environment.systemPackages = with pkgs; [ cloudflared ];
-  services.cloudflared = {
-    enable = true;
-    tunnels = {
-      "55ac0504-4ba0-4ea7-bf38-6d04ca7e45c3" = {
-        credentialsFile = "/etc/cloudflaredpwd";
-        default = "http_status:404";
-        ingress = { };
-      };
-    };
-  };
-}
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -1,90 +0,0 @@
-{ pkgs, config, ... }:
-let variable = import ../../variables.nix;
-in {
-  imports = [
-    ./hardware-configuration.nix
-    ./openssh.nix
-    ./nextcloud.nix
-    ./firewall.nix
-    ./nginx.nix
-    ./cloudflared.nix
-    ./tailscale.nix
-  ];
-
-  boot = {
-    loader.efi.canTouchEfiVariables = true;
-    loader.systemd-boot = {
-      enable = true;
-      consoleMode = "auto";
-    };
-    tmp.cleanOnBoot = true;
-  };
-
-  networking.hostName = variable.server.hostName;
-
-  time.timeZone = variable.timeZone;
-  i18n.defaultLocale = variable.defaultLocale;
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = variable.extraLocale;
-    LC_IDENTIFICATION = variable.extraLocale;
-    LC_MEASUREMENT = variable.extraLocale;
-    LC_MONETARY = variable.extraLocale;
-    LC_NAME = variable.extraLocale;
-    LC_NUMERIC = variable.extraLocale;
-    LC_PAPER = variable.extraLocale;
-    LC_TELEPHONE = variable.extraLocale;
-    LC_TIME = variable.extraLocale;
-  };
-
-  users.users.${variable.username} = {
-    isNormalUser = true;
-    description = "${variable.username} account";
-    extraGroups = [ "wheel" ];
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVDICWA/+W3Qqgoxw6pIwPAjRmTYKWnsEPD/cRTNgzP hadi@heaven"
-    ];
-  };
-
-  console.keyMap = variable.keyboardLayout;
-
-  programs.zsh.enable = true;
-  users.defaultUserShell = pkgs.zsh;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  security.rtkit.enable = true;
-
-  nix = {
-    settings = {
-      auto-optimise-store = true;
-      experimental-features = [ "nix-command" "flakes" ];
-    };
-    gc = if variable.server.enableAutoGarbageCollector then {
-      automatic = true;
-      persistent = true;
-      dates = "weekly";
-      options = "--delete-older-than 7d";
-    } else
-      { };
-  };
-
-  system.autoUpgrade = if variable.server.enableAutoUpgrade then {
-    enable = true;
-    dates = "04:00";
-    flake = "${config.users.users.${variable.username}.home}/.config/nixos";
-    flags = [ "--update-input" "nixpkgs" "--commit-lock-file" ];
-    allowReboot = false;
-  } else
-    { };
-
-  nix.settings = {
-    substituters = [ "https://hyprland.cachix.org" ];
-    trusted-public-keys =
-      [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
-  };
-
-  services.dbus.enable = true;
-
-  system.stateVersion = variable.server.stateVersion;
-}
--- a/hosts/server/firewall.nix
+++ b/hosts/server/firewall.nix
@@ -1,13 +0,0 @@
-{
-
-  services.fail2ban = {
-    enable = true;
-    maxretry = 3;
-    ignoreIP = [ "127.0.0.0/8" "10.0.0.0/8" "192.168.0.0/16" ];
-  };
-
-  networking.firewall = {
-    enable = true;
-    allowedTCPPorts = [ 22 ];
-  };
-}
--- a/hosts/server/hardware-configuration.nix
+++ b/hosts/server/hardware-configuration.nix
@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7c6e7955-f1bb-474e-bd86-bbf66c4168fd";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/89E0-5218";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/hosts/server/nextcloud.nix
+++ b/hosts/server/nextcloud.nix
@@ -1,21 +0,0 @@
-{ pkgs, config, ... }: {
-
-  environment.systemPackages = with pkgs; [ nextcloud29 ];
-
-  services.nextcloud = {
-    enable = true;
-    package = pkgs.nextcloud29;
-    hostName = "cloud.anotherhadi.com";
-    config.adminpassFile = "/etc/nextcloudpwd";
-    https = true;
-  };
-
-  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
-    forceSSL = false;
-    enableACME = false;
-    locations."/" = {
-      proxyPass = "http://localhost:8080";
-      proxyWebsockets = true;
-    };
-  };
-}
--- a/hosts/server/nginx.nix
+++ b/hosts/server/nginx.nix
@@ -1,11 +0,0 @@
-{
-  services.nginx = {
-    enable = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-  };
-
-  networking.firewall = { allowedTCPPorts = [ 80 443 ]; };
-}
--- a/hosts/server/ntfy.nix
+++ b/hosts/server/ntfy.nix
@@ -1 +0,0 @@
-{ services.ntfy = { enable = true; }; }
--- a/hosts/server/openssh.nix
+++ b/hosts/server/openssh.nix
@@ -1,26 +0,0 @@
-{
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "no";
-    passwordAuthentication = false;
-    settings.KbdInteractiveAuthentication = false;
-    ports = [ 22 ];
-    banner = ''
-      HEAVEN:
-
-      This system is for the use of authorized users only. Individuals using this
-      computer system without authority, or in excess of their authority, are
-      subject to having all of their activities on this system monitored and
-      recorded by system personnel.
-
-      In the course of monitoring individuals improperly using this system, or in
-      the course of system maintenance, the activities of authorized users may also
-      be monitored.
-
-      Anyone using this system expressly consents to such monitoring and is advised
-      that if such monitoring reveals possible evidence of criminal activity,
-      system personnel may provide the evidence of such monitoring to law
-      enforcement officials.
-    '';
-  };
-}
--- a/hosts/server/pihole.nix
+++ b/hosts/server/pihole.nix
--- a/hosts/server/tailscale.nix
+++ b/hosts/server/tailscale.nix
@@ -1,6 +0,0 @@
-{
-  services.tailscale = {
-    enable = true;
-    useRoutingFeatures = "server";
-  };
-}
--- a/hosts/server/vaultwarden.nix
+++ b/hosts/server/vaultwarden.nix
@@ -1,21 +0,0 @@
-let
-  port = 8222;
-  signup = false;
-in {
-  services.vaultwarden = {
-    enable = true;
-    config = {
-      DOMAIN = "https://bw.anotherhadi.com";
-      SIGNUPS_ALLOWED = signup;
-      ROCKET_ADDRESS = "127.0.0.1";
-      ROCKET_PORT = port;
-      ROCKET_LOG = "critical";
-    };
-  };
-
-  services.nginx.virtualHosts."bw.anotherhadi.com" = {
-    locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; };
-  };
-
-  networking.firewall.allowedTCPPorts = [ port ];
-}