diff --git a/hosts/tohru/configuration.nix b/configuration.nix similarity index 100% rename from hosts/tohru/configuration.nix rename to configuration.nix diff --git a/flake.nix b/flake.nix index 5c0c2d6..6bba43c 100644 --- a/flake.nix +++ b/flake.nix @@ -4,19 +4,11 @@ }; outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations = { - tohru = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/tohru/configuration.nix - ]; - }; - yevaud = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/yevaud/configuration.nix - ]; - }; + nixosConfigurations.tohru = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ]; }; }; } diff --git a/hosts/tohru/hardware-configuration.nix b/hardware-configuration.nix similarity index 100% rename from hosts/tohru/hardware-configuration.nix rename to hardware-configuration.nix diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix deleted file mode 100644 index bae4bde..0000000 --- a/hosts/yevaud/configuration.nix +++ /dev/null @@ -1,150 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "yevaud"; - networking.hostId = "09673d65"; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - - time.timeZone = "Etc/UTC"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.bluebird = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on bluebird@tohru" - ]; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; - - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - services.fail2ban.enable = true; - - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - appendHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - - virtualHosts = let - base = { - forceSSL = true; - enableACME = true; - }; - proxy = port: { - locations."/".proxyPass = "http://[::1]:${toString(port)}/"; - }; - in { - "git.katherina.rocks" = base // proxy 3000; - }; - }; - security.acme = { - acceptTerms = true; - defaults.email = "accounts@katherina.rocks"; - }; - - services.forgejo = { - enable = true; - stateDir = "/data/forgejo"; - settings = { - DEFAULT.APP_NAME = "git.katherina.rocks"; - cache = { - ADAPTER = "twoqueue"; - HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; - }; - database = { - DB_TYPE = "sqlite3"; - SQLITE_JOURNAL_MODE = "WAL"; - }; - security.LOGIN_REMEMBER_DAYS = 365; - server = { - DOMAIN = "git.katherina.rocks"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.katherina.rocks/"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - system.stateVersion = "23.11"; # Did you read the comment? - -} - diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix deleted file mode 100644 index c11d3fc..0000000 --- a/hosts/yevaud/hardware-configuration.nix +++ /dev/null @@ -1,54 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/var" = - { device = "rpool/var"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/107D-5AB3"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - fileSystems."/data/forgejo" = - { device = "rpool/forgejo"; - fsType = "zfs"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -}