diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index f8636d1..c5bb3f4 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -1,82 +1,36 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - { config, pkgs, inputs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./service.nix - ]; - nix.settings.experimental-features = ["nix-command" "flakes"]; - nixpkgs.config.allowUnfree = true; + imports = [ ./hardware-configuration.nix ./service.nix ]; + powerManagement.enable = true; + system.autoUpgrade.enable = true; - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; + nix = { + settings.experimental-features = [ "nix-command" "flakes" ]; + gc.automatic = true; }; - - # Enable CUPS to print documents. - services.auto-cpufreq.enable = true; - services.thermald.enable = true; - powerManagement.powertop.enable = true; - powerManagement.enable = true; + programs = { + nix-ld.enable = true; + nix-ld.libraries = with pkgs; [ glibc glib ]; + zsh.enable = true; + }; - - programs.nix-ld.enable = true; - programs.nix-ld.libraries = with pkgs; [ - ]; - programs.zsh.enable = true; users.users.k = { isNormalUser = true; description = "k"; extraGroups = [ "networkmanager" "wheel" ]; - packages = with pkgs; [zsh]; + packages = with pkgs; [ zsh ]; shell = pkgs.zsh; }; - home-manager = { - users = { - "k" = import ./home.nix; - }; - }; - system.autoUpgrade.enable = true; - nix.gc.automatic = true; + home-manager = { users = { "k" = import ./home.nix; }; }; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - docker-compose - intel-vaapi-driver - intel-compute-runtime - intel-media-driver - microcodeIntel + intel-vaapi-driver + intel-compute-runtime + intel-media-driver + microcodeIntel ]; # This value determines the NixOS release from which the default diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index 7b7f673..dc454e8 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -4,11 +4,10 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -17,21 +16,19 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "nixserver"; # Define your hostname. - - fileSystems."/" = - { device = "/dev/disk/by-uuid/aaf4a4be-fed2-42b2-be79-4ca920bb7292"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/aaf4a4be-fed2-42b2-be79-4ca920bb7292"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/150F-09C6"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/150F-09C6"; + fsType = "vfat"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/ecde85bd-abea-4926-80d5-810b01d0e364"; } - ]; + [{ device = "/dev/disk/by-uuid/ecde85bd-abea-4926-80d5-810b01d0e364"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -41,5 +38,6 @@ # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/server/home.nix b/hosts/server/home.nix index 982a8b5..03c6ee2 100644 --- a/hosts/server/home.nix +++ b/hosts/server/home.nix @@ -1,34 +1,32 @@ { config, pkgs, inputs, ... }: { - home.enableNixpkgsReleaseCheck = false; nixpkgs.config.allowUnfree = true; - home.username = "k"; - home.homeDirectory = "/home/k"; - home.stateVersion = "23.11"; + home = { + username = "k"; + homeDirectory = "/home/k"; + stateVersion = "23.11"; + enableNixpkgsReleaseCheck = false; - home.packages = [ - pkgs.syncthing - pkgs.neovim - pkgs.btop - ]; - - programs.git = { - enable = true; - userName = "k"; - userEmail = "markers711@gmail.com"; + packages = [ pkgs.neovim pkgs.btop ]; }; - programs.starship.enable = true; - programs.zsh = { - enable = true; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = true; - plugins = [ - { + programs = { + git = { + enable = true; + userName = "k"; + userEmail = "markers711@gmail.com"; + }; + + starship.enable = true; + zsh = { + enable = true; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = true; + plugins = [{ name = "zsh-nix-shell"; file = "nix-shell.plugin.zsh"; src = pkgs.fetchFromGitHub { @@ -37,8 +35,9 @@ rev = "v0.8.0"; sha256 = "1lzrn0n4fxfcgg65v0qhnj7wnybybqzs4adz7xsrkgmcsr0ii8b7"; }; - } - ]; + }]; + }; }; + services.syncthing.enable = true; } diff --git a/hosts/server/service.nix b/hosts/server/service.nix index f1e5b6c..fd7c95b 100644 --- a/hosts/server/service.nix +++ b/hosts/server/service.nix @@ -1,151 +1,150 @@ -{pkgs,lib,...}: -{ +{ pkgs, lib, ... }: { - networking.firewall = { enable = true; - allowedTCPPorts = [80 443 22 ]; + allowedTCPPorts = [ 80 443 22 ]; }; - services.openssh = { - enable = true; - }; - - services.jellyfin = { - enable = true; - }; - - services.gitea = { - enable = true; - settings = { - service.DISABLE_REGISTRATION = true; - server = { - HTTP_PORT = 8001; - DOMAIN = "dhilton.xyz"; - ROOT_URL = "https://git.dhilton.xyz"; - ENABLE_PUSH_CREATE_USER = true; - }; - }; - }; - - services.gitea-actions-runner.instances.home = { - enable = true; - url = "https://git.dhilton.xyz"; - name = "nixsrv"; - token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; - labels = ["ubuntu-latest:docker://catthehacker/ubuntu:act-latest" "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" "native:host"]; - }; - - services.home-assistant = { - enable = true; - extraComponents = ["wiz" "fail2ban"]; - config = { - default_config={}; - "automation ui" = "!include automations.yaml"; - http = { - use_x_forwarded_for="true"; - trusted_proxies=["127.0.0.1"]; - server_port=8003; - }; - }; - }; - - - services.ntfy-sh = { - enable = true; - settings = { - listen-http = ":8004"; - auth-file = "/var/lib/ntfy.db"; - auth-default-access = "read-only"; - base-url = "https://ntfy.dhilton.xyz"; - }; - }; - - services.searx = { - enable=true; - settings = { server.port = 8005; server.secret_key = "secretlol";}; - }; - - services.fail2ban = { - enable=true; - }; - - virtualisation.docker = { - enable = true; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - services.nginx.virtualHosts = { - - "dhilton.xyz" = { - enableACME = true; - forceSSL = true; - root = "/var/www/dhilton"; - }; - - "git.dhilton.xyz" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8001"; - proxyWebsockets = true; - }; - }; - - "ntfy.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8004"; - proxyWebsockets = true; - }; - }; - - "jel.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8096"; - proxyWebsockets = true; - }; - }; - - "puf.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8002"; - proxyWebsockets = true; - }; - }; - - "srx.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8005"; - proxyWebsockets = true; - }; - }; - - "hom.dhilton.xyz" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8003"; - proxyWebsockets = true; - }; - }; - }; - - security.acme = { acceptTerms = true; defaults.email = "markers711@gmail.com"; }; + + virtualisation.docker = { enable = true; }; + + services = { + openssh = { enable = true; }; + + jellyfin = { enable = true; }; + + fail2ban = { enable = true; }; + + gitea = { + enable = true; + settings = { + service.DISABLE_REGISTRATION = true; + server = { + HTTP_PORT = 8001; + DOMAIN = "dhilton.xyz"; + ROOT_URL = "https://git.dhilton.xyz"; + ENABLE_PUSH_CREATE_USER = true; + }; + }; + }; + + gitea-actions-runner.instances.home = { + enable = true; + url = "https://git.dhilton.xyz"; + name = "nixsrv"; + token = "LaqTWUDidsm510TGBglGvcphsUxYmCzMjrZbEtJj"; + labels = [ + "ubuntu-latest:docker://catthehacker/ubuntu:act-latest" + "ubuntu-22.04:docker://catthehacker/ubuntu:act-22.04" + "ubuntu-20.04:docker://catthehacker/ubuntu:act-20.04" + "ubuntu-18.04:docker://catthehacker/ubuntu:act-18.04" + "native:host" + ]; + }; + + home-assistant = { + enable = true; + extraComponents = [ "wiz" "fail2ban" ]; + config = { + default_config = { }; + "automation ui" = "!include automations.yaml"; + http = { + use_x_forwarded_for = "true"; + trusted_proxies = [ "127.0.0.1" ]; + server_port = 8003; + }; + }; + }; + + ntfy-sh = { + enable = true; + settings = { + listen-http = ":8004"; + auth-file = "/var/lib/ntfy.db"; + auth-default-access = "read-only"; + base-url = "https://ntfy.dhilton.xyz"; + }; + }; + + searx = { + enable = true; + settings = { + server.port = 8005; + server.secret_key = "secretlol"; + }; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + + "dhilton.xyz" = { + enableACME = true; + forceSSL = true; + root = "/var/www/dhilton"; + }; + + "git.dhilton.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8001"; + proxyWebsockets = true; + }; + }; + + "ntfy.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8004"; + proxyWebsockets = true; + }; + }; + + "jel.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; + }; + }; + + "puf.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8002"; + proxyWebsockets = true; + }; + }; + + "srx.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8005"; + proxyWebsockets = true; + }; + }; + + "hom.dhilton.xyz" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8003"; + proxyWebsockets = true; + }; + }; + }; + }; + }; }