Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

lockfile update and hetzner radicale server.

Browse source 
Hetzner server will eventually have other things on it.
This commit is contained in:
Gabe Venberg 2024-07-27 19:11:57 -05:00
parent 1d6c5082b4
commit 511b8332ed
11 changed files with 267 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

23
configs/nixos/nginx.nix Normal file
View file

@ -0,0 +1,23 @@
{
inputs,
config,
pkgs,
lib,
...
}: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
add_header X-Clacks-Overhead "GNU Terry Pratchett";
add_header X-Clacks-Overhead "GNU Bram Moolenaar";
'';
# other Nginx options
};
security.acme = {
acceptTerms = true;
defaults.email = "gabevenberg@gmail.com";
};
networking.firewall.allowedTCPPorts = [443 80];
}

1
configs/nixos/radicale.nix
View file

@ -18,4 +18,5 @@
};
};
};
networking.firewall.allowedTCPPorts = [5232];
}

136
flake.lock generated
View file

@ -28,18 +28,22 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"lastModified": 1721902368,
"narHash": "sha256-noQ5SghRPe0jzQEbFQb3fYbV6LZEzr7lIRQoxlU7fyI=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"rev": "cf8c7405479cfde7ea4dc815e195391d2328df10",
"type": "github"
},
"original": {
@ -55,11 +59,11 @@
]
},
"locked": {
"lastModified": 1718242063,
"narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
"lastModified": 1722028105,
"narHash": "sha256-0ButnGQ1bCMIDblzC6NBSL71Wi6JmHGweI3scoV8CgM=",
"owner": "nix-community",
"repo": "disko",
"rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
"rev": "5b01cea8b5753de9c2febd27203c530be14745ff",
"type": "github"
},
"original": {
@ -83,22 +87,6 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -107,11 +95,11 @@
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
@ -143,11 +131,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -158,7 +146,10 @@
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": [
"nixvim",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
@ -170,11 +161,11 @@
]
},
"locked": {
"lastModified": 1717664902,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
"lastModified": 1721042469,
"narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
"rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"type": "github"
},
"original": {
@ -212,11 +203,11 @@
]
},
"locked": {
"lastModified": 1718243258,
"narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=",
"lastModified": 1722067813,
"narHash": "sha256-nxpzoKXwn+8RsxpxwD86mtEscOMw64ZD/vGSNWzGMlA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3",
"rev": "975b83ca560d17db51a66cb2b0dc0e44213eab27",
"type": "github"
},
"original": {
@ -233,11 +224,11 @@
]
},
"locked": {
"lastModified": 1717976995,
"narHash": "sha256-u3HBinyIyUvL1+N816bODpJmSQdgn0Mbb8BprFw7kqo=",
"lastModified": 1721719500,
"narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "315aa649ba307704db0b16c92f097a08a65ec955",
"rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec",
"type": "github"
},
"original": {
@ -265,11 +256,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1721413321,
"narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=",
"lastModified": 1722017959,
"narHash": "sha256-vkv3MtjRtJdqeWMLH874ngbC6/5wUYzsdw0pb96ZLRc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f",
"rev": "0b4d40f95a68ef0a6785f6b938ac8c1383321dbf",
"type": "github"
},
"original": {
@ -292,11 +283,11 @@
]
},
"locked": {
"lastModified": 1717976391,
"narHash": "sha256-STKlWaiiFKDybexvQCg5U1+DSLRaxT93NwVaiBSEvTI=",
"lastModified": 1722012218,
"narHash": "sha256-Rnjo49C5/slnmcQW9c57IdiHJZ3YEFmUn3as/NIPD4E=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "e3f215e518d52f6f2e68cf713cefe773284e1aa6",
"rev": "ac026940beb42f74c5666f6ed3989aca41eddeea",
"type": "github"
},
"original": {
@ -308,11 +299,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1718160348,
"narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=",
"lastModified": 1721924956,
"narHash": "sha256-Sb1jlyRO+N8jBXEX9Pg9Z1Qb8Bw9QyOgLDNMEpmjZ2M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "57d6973abba7ea108bac64ae7629e7431e0199b6",
"rev": "5ad6a14c6bf098e98800b091668718c336effc95",
"type": "github"
},
"original": {
@ -324,16 +315,16 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1717880976,
"narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=",
"lastModified": 1721524707,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
@ -353,14 +344,15 @@
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1718290136,
"narHash": "sha256-BQFspZqwA56LOIQ0ypw54Nal/BLFUpnZTqoXxeiSTNE=",
"lastModified": 1722016645,
"narHash": "sha256-YQA4oenJwjWVzX+we6Zzv08im5q2n7dVhJ12Nw8wQio=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "80c03843e7ad7fc7deb0dce6d1f6fc45593ed91d",
"rev": "162ae6354bbf2af5c33b09aa90e9d8d11f14462e",
"type": "github"
},
"original": {
@ -369,6 +361,28 @@
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1721548975,
"narHash": "sha256-agCbztdk1f7nCUz03R6xdbivuBRuqubP2RHW+MNuRTg=",
"owner": "NuschtOS",
"repo": "search",
"rev": "551b031e2bc0bcc9584347a8da6312e57169661d",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
@ -392,11 +406,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1718137936,
"narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=",
"lastModified": 1721688883,
"narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=",
"owner": "mic92",
"repo": "sops-nix",
"rev": "c279dec105dd53df13a5e57525da97905cc0f0d6",
"rev": "aff2f88277dabe695de4773682842c34a0b7fd54",
"type": "github"
},
"original": {
@ -443,11 +457,11 @@
]
},
"locked": {
"lastModified": 1718139168,
"narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=",
"lastModified": 1721769617,
"narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1",
"rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009",
"type": "github"
},
"original": {

11
flake.nix
View file

@ -94,6 +94,7 @@
workstation-vm = import ./hosts/workstation-vm {inherit inputs configLib;};
gv-wsl = import ./hosts/wsl-workstation.nix {inherit inputs configLib;};
rockhole = import ./hosts/rockhole64 {inherit inputs configLib;};
hetzner-multi = import ./hosts/hetzner-multi {inherit inputs configLib;};
};
# Standalone home-manager configuration entrypoint
@ -107,15 +108,21 @@
deploy = {
nodes = {
rockpro = {
rockhole = {
hostname = "rockpro";
profiles.system.path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.rockpro;
profiles.system.path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.rockhole;
remoteBuild = true;
};
hetzner-multi = {
hostname = "cal.venberg.xyz";
profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.hetzner-multi;
};
};
sshUser = "root";
};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
packages.x86_64-linux = {
proxmox = import ./packages/proxmox.nix {inherit inputs configLib;};
iso = import ./packages/iso.nix {inherit inputs configLib;};

87
hosts/hetzner-multi/default.nix Normal file
View file

@ -0,0 +1,87 @@
{
inputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
./disk-config.nix
./nginx.nix
../../roles/nixos/vm.nix
../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix
../../configs/nixos/sshd.nix
../../configs/nixos/secrets.nix
../../configs/nixos/radicale.nix
({
config,
pkgs,
configLib,
...
}: {
host = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = false;
isVm = true;
};
networking.hostName = "hetzner-multi"; # Define your hostname.
networking.hostId = "908b80b6";
networking.useNetworkd = true;
systemd.network = {
enable = true;
networks."enp1s0" = {
networkConfig.DHCP = "ipv4";
gateway = ["fe80::1"];
address = ["2a01:4f8:1c1b:6c7c::1/64"];
};
};
home-manager.users.${config.host.user} = {
inputs,
osConfig,
lib,
...
}: {
host = osConfig.host;
user = {
git = {
profile = {
name = config.host.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../../roles/home-manager/minimal-terminal.nix
../../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
# Bootloader.
# boot.loader.systemd-boot.enable = true;
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
})
];
}

38
hosts/hetzner-multi/disk-config.nix Normal file
View file

@ -0,0 +1,38 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
priority = 1;
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

19
hosts/hetzner-multi/nginx.nix Normal file
View file

@ -0,0 +1,19 @@
{
inputs,
config,
pkgs,
lib,
...
}: {
imports = [
../../configs/nixos/nginx.nix
];
services.nginx.virtualHosts."cal.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:5232";
};
};
networking.firewall.allowedTCPPorts = [443 80];
}

2
hosts/rockhole64/default.nix
View file

@ -98,7 +98,7 @@ inputs.nixpkgs.lib.nixosSystem {
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
system.stateVersion = "24.05"; # Did you read the comment?
})
];
}

3
modules/home-manager/nvim/treesitter/default.nix
View file

@ -11,10 +11,11 @@
{
user.nvim.enable-completions = true;
programs.nixvim = {
opts.foldmethod = "expr";
plugins.treesitter = {
enable = true;
folding = true;
indent = true;
settings.indent.enable = true;
nixvimInjections = true;
};
plugins.treesitter-context.enable = true;

6
modules/home-manager/nvim/treesitter/tree-sitter-nu.nix
View file

@ -32,9 +32,9 @@
# Add the nu injections
extraFiles = {
"/queries/nu/highlights.scm" = builtins.readFile "${nu-grammar}/queries/nu/highlights.scm";
"/queries/nu/injections.scm" = builtins.readFile "${nu-grammar}/queries/nu/injections.scm";
"/queries/nu/indents.scm" = builtins.readFile "${nu-grammar}/queries/nu/indents.scm";
"/queries/nu/highlights.scm".source = "${nu-grammar}/queries/nu/highlights.scm";
"/queries/nu/injections.scm".source = "${nu-grammar}/queries/nu/injections.scm";
"/queries/nu/indents.scm".source = "${nu-grammar}/queries/nu/indents.scm";
};
plugins = {

9
modules/home-manager/nvim/which-key.nix
View file

@ -12,6 +12,15 @@
};
plugins.which-key = {
enable = true;
# TODO: remvoe this once https://github.com/nix-community/nixvim/issues/1901 is fixed.
package = pkgs.vimPlugins.which-key-nvim.overrideAttrs (oldAttrs: {
src = pkgs.fetchFromGitHub {
owner = oldAttrs.src.owner;
repo = oldAttrs.src.repo;
rev = "0539da005b98b02cf730c1d9da82b8e8edb1c2d2"; # v2.1.0
hash = "sha256-gc/WJJ1s4s+hh8Mx8MTDg8pGGNOXxgKqBMwudJtpO4Y=";
};
});
};
};
};