qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Actions Activity

Compare commits

base: qenya:3195af88ef7e18baa5b0e9cb7fa95ea18ca5aff6
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
..
compare: qenya:f4912efaaa071bd0e41bf4f12725c059bf42cbc6
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

No commits in common. "3195af88ef7e18baa5b0e9cb7fa95ea18ca5aff6" and "f4912efaaa071bd0e41bf4f12725c059bf42cbc6" have entirely different histories.
3195af88ef ... f4912efaaa

7 changed files with 36 additions and 65 deletions
Show stats Expand all files Collapse all files

12
common/nginx.nix
View file

@ -7,13 +7,17 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
appendHttpConfig = '' appendHttpConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; map $scheme $hsts_header {
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always; https "max-age=31536000; includeSubdomains; preload";
add_header Referrer-Policy strict-origin-when-cross-origin; }
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Clacks-Overhead "GNU Terry Pratchett";
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
''; '';
}; };

4
common/steam.nix
View file

@ -1,12 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
config = lib.mkIf config.programs.steam.enable {
programs.steam = { programs.steam = {
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
}; };
services.joycond.enable = true; services.joycond.enable = config.programs.steam.enable;
};
} }

49
flake.lock
View file

@ -121,11 +121,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1726592409,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,11 +137,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1726969270, "lastModified": 1726447378,
"narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,11 +153,11 @@
}, },
"nixpkgsSmall": { "nixpkgsSmall": {
"locked": { "locked": {
"lastModified": 1727076372, "lastModified": 1726611721,
"narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=", "narHash": "sha256-oSDOQ5c7CTVzkaG5A19UW3Yxsv9TLNFNcrvQT9F4Pz0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7ca0f93c530406c1610defff0b9bf643333cf992", "rev": "a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -169,11 +169,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1727141325, "lastModified": 1726681508,
"narHash": "sha256-oqM2LaC0RLXgKZmFpj+aFM8qf5Iw9ilMJPWGZbGdTAk=", "narHash": "sha256-xz858EXcKZjWR6TPyU84BTeMHIPewGW68DutnxghaR4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "0d7209843407825066ccf9743c40d50b6d68674f", "rev": "59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -192,11 +192,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727020652, "lastModified": 1726509788,
"narHash": "sha256-zwTXt1bcf+wycX389ZyJFzUO2gzCb16ButXxiX2iA7Y=", "narHash": "sha256-PmCmO8NDKzwHrTp9Ox/rcLiCYivqIpZlnLk8wZRjv2I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272", "rev": "5a0c70a007837e2db01e0bb68971792e8653d32c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,22 +205,6 @@
"type": "github" "type": "github"
} }
}, },
"randomcat": {
"flake": false,
"locked": {
"lastModified": 1727143958,
"narHash": "sha256-W2DK8AehT9Q5IaYWzUuUYyVRSvu3DdHwr8ioWJluUD8=",
"owner": "randomnetcat",
"repo": "nix-configs",
"rev": "2a6bd13e96db07e2e904fcc1b93faf5484725c91",
"type": "github"
},
"original": {
"owner": "randomnetcat",
"repo": "nix-configs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -230,8 +214,7 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgsSmall": "nixpkgsSmall", "nixpkgsSmall": "nixpkgsSmall",
"nur": "nur", "nur": "nur",
"plasma-manager": "plasma-manager", "plasma-manager": "plasma-manager"
"randomcat": "randomcat"
} }
}, },
"stable": { "stable": {

8
flake.nix
View file

@ -28,15 +28,10 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
randomcat = {
url = "github:randomnetcat/nix-configs";
flake = false;
};
birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main";
}; };
outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: { outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: {
nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;
# The name of this output type is not standardised. I have picked # The name of this output type is not standardised. I have picked
@ -84,7 +79,6 @@
birdsong.nixosModules.default birdsong.nixosModules.default
./common ./common
./services ./services
(builtins.toPath "${randomcat}/services/default.nix")
]; ];
}; };

12
hosts/kilgharrah/datasets.nix
View file

@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.etc.crypttab.text = ''
albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
'';
randomcat.services.zfs.datasets = {
"rpool_albion/data" = { mountpoint = "none"; };
"rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; };
};
}

2
hosts/kilgharrah/default.nix
View file

@ -6,8 +6,6 @@
./filesystems.nix ./filesystems.nix
./hardware.nix ./hardware.nix
./networking.nix ./networking.nix
./datasets.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";

6
hosts/kilgharrah/filesystems.nix
View file

@ -5,6 +5,12 @@
"cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd";
}; };
boot.supportedFilesystems = [ "zfs" ];
environment.etc.crypttab.text = ''
cryptstorage UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
'';
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b";