qenya/nixfiles
1
0
Fork 0
Code Issues 4 Pull requests Actions Activity

Compare commits

base: qenya:f4912efaaa071bd0e41bf4f12725c059bf42cbc6
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost
...
compare: qenya:3195af88ef7e18baa5b0e9cb7fa95ea18ca5aff6
Branches Tags
qenya:main
qenya:flakes
qenya:lix
qenya:multihost

4 commits
f4912efaaa ... 3195af88ef

Author SHA1 Message Date
Katherina Walshe-Grey 3195af88ef nginx: improve hardening, tweak headers 
Still not quite where I want it to be but it's better
 2024-09-24 05:31:17 +01:00
Katherina Walshe-Grey 26900a5973 steam: lightly refactor 2024-09-24 05:29:21 +01:00
Katherina Walshe-Grey 2951f948b4 kilgharrah: set up zfs datasets using randomcat's module 2024-09-24 04:49:25 +01:00
Katherina Walshe-Grey 7e1f688699 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594' (2024-09-17)
  → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/086b448a5d54fd117f4dc2dee55c9f0ff461bdc1' (2024-09-16)
  → 'github:NixOS/nixpkgs/23cbb250f3bf4f516a2d0bf03c51a30900848075' (2024-09-22)
• Updated input 'nixpkgsSmall':
    'github:NixOS/nixpkgs/a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e' (2024-09-17)
  → 'github:NixOS/nixpkgs/7ca0f93c530406c1610defff0b9bf643333cf992' (2024-09-23)
• Updated input 'nur':
    'github:nix-community/NUR/59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0' (2024-09-18)
  → 'github:nix-community/NUR/0d7209843407825066ccf9743c40d50b6d68674f' (2024-09-24)
• Updated input 'plasma-manager':
    'github:nix-community/plasma-manager/5a0c70a007837e2db01e0bb68971792e8653d32c' (2024-09-16)
  → 'github:nix-community/plasma-manager/6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272' (2024-09-22)
• Updated input 'randomcat':
    'github:randomnetcat/nix-configs/5d5d5c706fcb6d3f2d5ddd864ab07cd69a35b9d3' (2024-09-24)
  → 'github:randomnetcat/nix-configs/2a6bd13e96db07e2e904fcc1b93faf5484725c91' (2024-09-24)
 2024-09-24 03:15:53 +01:00
7 changed files with 65 additions and 36 deletions
Show stats Expand all files Collapse all files

12
common/nginx.nix
View file

@ -7,17 +7,13 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
appendHttpConfig = '' appendHttpConfig = ''
map $scheme $hsts_header { add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always;
https "max-age=31536000; includeSubdomains; preload"; add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always;
} add_header Referrer-Policy strict-origin-when-cross-origin;
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin';
add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-Clacks-Overhead "GNU Terry Pratchett";
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
''; '';
}; };

12
common/steam.nix
View file

@ -1,10 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
programs.steam = { config = lib.mkIf config.programs.steam.enable {
remotePlay.openFirewall = true; programs.steam = {
dedicatedServer.openFirewall = true; remotePlay.openFirewall = true;
}; dedicatedServer.openFirewall = true;
};
services.joycond.enable = config.programs.steam.enable; services.joycond.enable = true;
};
} }

49
flake.lock
View file

@ -121,11 +121,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726592409, "lastModified": 1726989464,
"narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,11 +137,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1726447378, "lastModified": 1726969270,
"narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,11 +153,11 @@
}, },
"nixpkgsSmall": { "nixpkgsSmall": {
"locked": { "locked": {
"lastModified": 1726611721, "lastModified": 1727076372,
"narHash": "sha256-oSDOQ5c7CTVzkaG5A19UW3Yxsv9TLNFNcrvQT9F4Pz0=", "narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e", "rev": "7ca0f93c530406c1610defff0b9bf643333cf992",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -169,11 +169,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1726681508, "lastModified": 1727141325,
"narHash": "sha256-xz858EXcKZjWR6TPyU84BTeMHIPewGW68DutnxghaR4=", "narHash": "sha256-oqM2LaC0RLXgKZmFpj+aFM8qf5Iw9ilMJPWGZbGdTAk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0", "rev": "0d7209843407825066ccf9743c40d50b6d68674f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -192,11 +192,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726509788, "lastModified": 1727020652,
"narHash": "sha256-PmCmO8NDKzwHrTp9Ox/rcLiCYivqIpZlnLk8wZRjv2I=", "narHash": "sha256-zwTXt1bcf+wycX389ZyJFzUO2gzCb16ButXxiX2iA7Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "plasma-manager", "repo": "plasma-manager",
"rev": "5a0c70a007837e2db01e0bb68971792e8653d32c", "rev": "6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -205,6 +205,22 @@
"type": "github" "type": "github"
} }
}, },
"randomcat": {
"flake": false,
"locked": {
"lastModified": 1727143958,
"narHash": "sha256-W2DK8AehT9Q5IaYWzUuUYyVRSvu3DdHwr8ioWJluUD8=",
"owner": "randomnetcat",
"repo": "nix-configs",
"rev": "2a6bd13e96db07e2e904fcc1b93faf5484725c91",
"type": "github"
},
"original": {
"owner": "randomnetcat",
"repo": "nix-configs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -214,7 +230,8 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgsSmall": "nixpkgsSmall", "nixpkgsSmall": "nixpkgsSmall",
"nur": "nur", "nur": "nur",
"plasma-manager": "plasma-manager" "plasma-manager": "plasma-manager",
"randomcat": "randomcat"
} }
}, },
"stable": { "stable": {

8
flake.nix
View file

@ -28,10 +28,15 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
randomcat = {
url = "github:randomnetcat/nix-configs";
flake = false;
};
birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main";
}; };
outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: {
nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;
# The name of this output type is not standardised. I have picked # The name of this output type is not standardised. I have picked
@ -79,6 +84,7 @@
birdsong.nixosModules.default birdsong.nixosModules.default
./common ./common
./services ./services
(builtins.toPath "${randomcat}/services/default.nix")
]; ];
}; };

12
hosts/kilgharrah/datasets.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
environment.etc.crypttab.text = ''
albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
'';
randomcat.services.zfs.datasets = {
"rpool_albion/data" = { mountpoint = "none"; };
"rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; };
};
}

2
hosts/kilgharrah/default.nix
View file

@ -6,6 +6,8 @@
./filesystems.nix ./filesystems.nix
./hardware.nix ./hardware.nix
./networking.nix ./networking.nix
./datasets.nix
]; ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";

6
hosts/kilgharrah/filesystems.nix
View file

@ -5,12 +5,6 @@
"cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd";
}; };
boot.supportedFilesystems = [ "zfs" ];
environment.etc.crypttab.text = ''
cryptstorage UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key
'';
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b";