qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

Compare commits

base: qenya:18bc4afc65dd9cf3502326746e411cebfd816958
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
..
compare: qenya:bae6a97842883a01f99b69bf1bd707f488b43121
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

3 commits
18bc4afc65 ... bae6a97842

Author SHA1 Message Date
Katherina Walshe-Grey
bae6a97842 users: add richard 2024-07-09 22:04:00 +01:00
Katherina Walshe-Grey
0d0b3e2d2d nginx: refactor to apply settings across all nodes 2024-07-09 22:00:09 +01:00
Katherina Walshe-Grey
39c1bc664c rearrange files 2024-07-09 18:14:33 +01:00
8 changed files with 78 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/nginx.nix
View file

@ -2,8 +2,6 @@
{ {
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -28,6 +26,4 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

6
common/users/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./qenya.nix
./richard.nix
];
}

6
users/qenya.nix → common/users/qenya.nix
View file

@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let keys = import ../../keys.nix;
in
{ {
users.users.qenya = { users.users.qenya = {
isNormalUser = true; isNormalUser = true;
@ -9,9 +11,7 @@
"networkmanager" # UI wifi configuration "networkmanager" # UI wifi configuration
"dialout" # access to serial ports "dialout" # access to serial ports
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = keys.users.qenya;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
];
uid = 1001; uid = 1001;
}; };

12
common/users/richard.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
let keys = import ../../keys.nix;
in
{
users.users.richard = {
isNormalUser = true;
home = "/home/richard";
openssh.authorizedKeys.keys = keys.users.richard;
uid = 1002;
};
}

3
hive.nix
View file

@ -24,10 +24,11 @@ in {
(import "${sources.home-manager}/nixos") (import "${sources.home-manager}/nixos")
(import "${sources.agenix}/modules/age.nix") (import "${sources.agenix}/modules/age.nix")
./pinning.nix ./pinning.nix
./common/nginx.nix
./common/ssh.nix ./common/ssh.nix
./common/sudo.nix ./common/sudo.nix
./common/utilities.nix ./common/utilities.nix
./users/qenya.nix ./common/users
]; ];
}; };

73
hosts/yevaud/forgejo.nix
View file

@ -1,46 +1,49 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [
../../common/nginx.nix
];
# TODO: email out # TODO: email out
# TODO: interface customisation # TODO: interface customisation
services.nginx.virtualHosts = { services = {
"git.qenya.tel" = { nginx = {
forceSSL = true; enable = true;
enableACME = true; virtualHosts = {
locations."/".proxyPass = "http://[::1]:3000/"; "git.qenya.tel" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://[::1]:3000/";
};
"git.katherina.rocks" = {
forceSSL = true;
enableACME = true;
locations."/".return = "301 https://git.qenya.tel$request_uri";
};
};
}; };
"git.katherina.rocks" = {
forceSSL = true; forgejo = {
enableACME = true; enable = true;
locations."/".return = "301 https://git.qenya.tel$request_uri"; stateDir = "/data/forgejo";
settings = {
DEFAULT.APP_NAME = "git.qenya.tel";
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
};
database = {
DB_TYPE = "sqlite3";
SQLITE_JOURNAL_MODE = "WAL";
};
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = "git.qenya.tel";
HTTP_PORT = 3000;
ROOT_URL = "https://git.qenya.tel/";
};
service.DISABLE_REGISTRATION = true;
};
}; };
}; };
services.forgejo = { networking.firewall.allowedTCPPorts = [ 80 443 ];
enable = true;
stateDir = "/data/forgejo";
settings = {
DEFAULT.APP_NAME = "git.qenya.tel";
cache = {
ADAPTER = "twoqueue";
HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
};
database = {
DB_TYPE = "sqlite3";
SQLITE_JOURNAL_MODE = "WAL";
};
security.LOGIN_REMEMBER_DAYS = 365;
server = {
DOMAIN = "git.qenya.tel";
HTTP_PORT = 3000;
ROOT_URL = "https://git.qenya.tel/";
};
service.DISABLE_REGISTRATION = true;
};
};
} }

16
keys.nix Normal file
View file

@ -0,0 +1,16 @@
{
machines = {
tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
};
users = {
qenya = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
];
richard = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
];
};
}

4
secrets/secrets.nix
View file

@ -1,6 +1,4 @@
let let
tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; keys = ../ssh-keys.nix;
yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
systems = [ tohru yevaud ];
in in
{ } { }