qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Activity Actions

Compare commits

base: qenya:bae6a97842883a01f99b69bf1bd707f488b43121
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
..
compare: qenya:18bc4afc65dd9cf3502326746e411cebfd816958
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

No commits in common. "bae6a97842883a01f99b69bf1bd707f488b43121" and "18bc4afc65dd9cf3502326746e411cebfd816958" have entirely different histories.
bae6a97842 ... 18bc4afc65

8 changed files with 46 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/nginx.nix
View file

@ -2,6 +2,8 @@
{ {
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
@ -26,4 +28,6 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

6
common/users/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./qenya.nix
./richard.nix
];
}

12
common/users/richard.nix
View file

@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
let keys = import ../../keys.nix;
in
{
users.users.richard = {
isNormalUser = true;
home = "/home/richard";
openssh.authorizedKeys.keys = keys.users.richard;
uid = 1002;
};
}

3
hive.nix
View file

@ -24,11 +24,10 @@ in {
(import "${sources.home-manager}/nixos") (import "${sources.home-manager}/nixos")
(import "${sources.agenix}/modules/age.nix") (import "${sources.agenix}/modules/age.nix")
./pinning.nix ./pinning.nix
./common/nginx.nix
./common/ssh.nix ./common/ssh.nix
./common/sudo.nix ./common/sudo.nix
./common/utilities.nix ./common/utilities.nix
./common/users ./users/qenya.nix
]; ];
}; };

15
hosts/yevaud/forgejo.nix
View file

@ -1,13 +1,14 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [
../../common/nginx.nix
];
# TODO: email out # TODO: email out
# TODO: interface customisation # TODO: interface customisation
services = { services.nginx.virtualHosts = {
nginx = {
enable = true;
virtualHosts = {
"git.qenya.tel" = { "git.qenya.tel" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -19,9 +20,8 @@
locations."/".return = "301 https://git.qenya.tel$request_uri"; locations."/".return = "301 https://git.qenya.tel$request_uri";
}; };
}; };
};
forgejo = { services.forgejo = {
enable = true; enable = true;
stateDir = "/data/forgejo"; stateDir = "/data/forgejo";
settings = { settings = {
@ -43,7 +43,4 @@
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
}; };
}; };
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

16
keys.nix
View file

@ -1,16 +0,0 @@
{
machines = {
tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm";
};
users = {
qenya = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
];
richard = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress"
];
};
}

4
secrets/secrets.nix
View file

@ -1,4 +1,6 @@
let let
keys = ../ssh-keys.nix; tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru";
yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud";
systems = [ tohru yevaud ];
in in
{ } { }

6
common/users/qenya.nix → users/qenya.nix
View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let keys = import ../../keys.nix;
in
{ {
users.users.qenya = { users.users.qenya = {
isNormalUser = true; isNormalUser = true;
@ -11,7 +9,9 @@ in
"networkmanager" # UI wifi configuration "networkmanager" # UI wifi configuration
"dialout" # access to serial ports "dialout" # access to serial ports
]; ];
openssh.authorizedKeys.keys = keys.users.qenya; openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru"
];
uid = 1001; uid = 1001;
}; };