From 511b8332ed7c092fd54bf864cc9e86193dca7c66 Mon Sep 17 00:00:00 2001 From: Gabe Venberg Date: Sat, 27 Jul 2024 19:11:57 -0500 Subject: [PATCH] lockfile update and hetzner radicale server. Hetzner server will eventually have other things on it. --- configs/nixos/nginx.nix | 23 +++ configs/nixos/radicale.nix | 1 + flake.lock | 136 ++++++++++-------- flake.nix | 11 +- hosts/hetzner-multi/default.nix | 87 +++++++++++ hosts/hetzner-multi/disk-config.nix | 38 +++++ hosts/hetzner-multi/nginx.nix | 19 +++ hosts/rockhole64/default.nix | 2 +- .../home-manager/nvim/treesitter/default.nix | 3 +- .../nvim/treesitter/tree-sitter-nu.nix | 6 +- modules/home-manager/nvim/which-key.nix | 9 ++ 11 files changed, 267 insertions(+), 68 deletions(-) create mode 100644 configs/nixos/nginx.nix create mode 100644 hosts/hetzner-multi/default.nix create mode 100644 hosts/hetzner-multi/disk-config.nix create mode 100644 hosts/hetzner-multi/nginx.nix diff --git a/configs/nixos/nginx.nix b/configs/nixos/nginx.nix new file mode 100644 index 0000000..26ff3d5 --- /dev/null +++ b/configs/nixos/nginx.nix @@ -0,0 +1,23 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: { + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + add_header X-Clacks-Overhead "GNU Bram Moolenaar"; + ''; + # other Nginx options + }; + security.acme = { + acceptTerms = true; + defaults.email = "gabevenberg@gmail.com"; + }; + networking.firewall.allowedTCPPorts = [443 80]; +} diff --git a/configs/nixos/radicale.nix b/configs/nixos/radicale.nix index 050d287..bcfe4e4 100644 --- a/configs/nixos/radicale.nix +++ b/configs/nixos/radicale.nix @@ -18,4 +18,5 @@ }; }; }; + networking.firewall.allowedTCPPorts = [5232]; } diff --git a/flake.lock b/flake.lock index d53a427..802e367 100644 --- a/flake.lock +++ b/flake.lock @@ -28,18 +28,22 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": [ + "nixvim", + "nuschtosSearch", + "flake-utils" + ], "nixpkgs": [ "nixvim", "nixpkgs" ] }, "locked": { - "lastModified": 1717408969, - "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", + "lastModified": 1721902368, + "narHash": "sha256-noQ5SghRPe0jzQEbFQb3fYbV6LZEzr7lIRQoxlU7fyI=", "owner": "numtide", "repo": "devshell", - "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", + "rev": "cf8c7405479cfde7ea4dc815e195391d2328df10", "type": "github" }, "original": { @@ -55,11 +59,11 @@ ] }, "locked": { - "lastModified": 1718242063, - "narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=", + "lastModified": 1722028105, + "narHash": "sha256-0ButnGQ1bCMIDblzC6NBSL71Wi6JmHGweI3scoV8CgM=", "owner": "nix-community", "repo": "disko", - "rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2", + "rev": "5b01cea8b5753de9c2febd27203c530be14745ff", "type": "github" }, "original": { @@ -83,22 +87,6 @@ "type": "github" } }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -107,11 +95,11 @@ ] }, "locked": { - "lastModified": 1717285511, - "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -143,11 +131,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { @@ -158,7 +146,10 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": [ + "nixvim", + "flake-compat" + ], "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -170,11 +161,11 @@ ] }, "locked": { - "lastModified": 1717664902, - "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { @@ -212,11 +203,11 @@ ] }, "locked": { - "lastModified": 1718243258, - "narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=", + "lastModified": 1722067813, + "narHash": "sha256-nxpzoKXwn+8RsxpxwD86mtEscOMw64ZD/vGSNWzGMlA=", "owner": "nix-community", "repo": "home-manager", - "rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3", + "rev": "975b83ca560d17db51a66cb2b0dc0e44213eab27", "type": "github" }, "original": { @@ -233,11 +224,11 @@ ] }, "locked": { - "lastModified": 1717976995, - "narHash": "sha256-u3HBinyIyUvL1+N816bODpJmSQdgn0Mbb8BprFw7kqo=", + "lastModified": 1721719500, + "narHash": "sha256-nnkqjv4Y37Hydjh6HE9wW4kSkV5Q7q4iIXlL5lwUFOw=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "315aa649ba307704db0b16c92f097a08a65ec955", + "rev": "884f3fe6d9bf056ba0017c132c39c1f0d07d4fec", "type": "github" }, "original": { @@ -265,11 +256,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1721413321, - "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", + "lastModified": 1722017959, + "narHash": "sha256-vkv3MtjRtJdqeWMLH874ngbC6/5wUYzsdw0pb96ZLRc=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "rev": "0b4d40f95a68ef0a6785f6b938ac8c1383321dbf", "type": "github" }, "original": { @@ -292,11 +283,11 @@ ] }, "locked": { - "lastModified": 1717976391, - "narHash": "sha256-STKlWaiiFKDybexvQCg5U1+DSLRaxT93NwVaiBSEvTI=", + "lastModified": 1722012218, + "narHash": "sha256-Rnjo49C5/slnmcQW9c57IdiHJZ3YEFmUn3as/NIPD4E=", "owner": "nix-community", "repo": "NixOS-WSL", - "rev": "e3f215e518d52f6f2e68cf713cefe773284e1aa6", + "rev": "ac026940beb42f74c5666f6ed3989aca41eddeea", "type": "github" }, "original": { @@ -308,11 +299,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1718160348, - "narHash": "sha256-9YrUjdztqi4Gz8n3mBuqvCkMo4ojrA6nASwyIKWMpus=", + "lastModified": 1721924956, + "narHash": "sha256-Sb1jlyRO+N8jBXEX9Pg9Z1Qb8Bw9QyOgLDNMEpmjZ2M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "57d6973abba7ea108bac64ae7629e7431e0199b6", + "rev": "5ad6a14c6bf098e98800b091668718c336effc95", "type": "github" }, "original": { @@ -324,16 +315,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1717880976, - "narHash": "sha256-BRvSCsKtDUr83NEtbGfHLUOdDK0Cgbezj2PtcHnz+sQ=", + "lastModified": 1721524707, + "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4913a7c3d8b8d00cb9476a6bd730ff57777f740c", + "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-23.11", + "ref": "release-24.05", "repo": "nixpkgs", "type": "github" } @@ -353,14 +344,15 @@ "nixpkgs": [ "nixpkgs" ], + "nuschtosSearch": "nuschtosSearch", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1718290136, - "narHash": "sha256-BQFspZqwA56LOIQ0ypw54Nal/BLFUpnZTqoXxeiSTNE=", + "lastModified": 1722016645, + "narHash": "sha256-YQA4oenJwjWVzX+we6Zzv08im5q2n7dVhJ12Nw8wQio=", "owner": "nix-community", "repo": "nixvim", - "rev": "80c03843e7ad7fc7deb0dce6d1f6fc45593ed91d", + "rev": "162ae6354bbf2af5c33b09aa90e9d8d11f14462e", "type": "github" }, "original": { @@ -369,6 +361,28 @@ "type": "github" } }, + "nuschtosSearch": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixvim", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721548975, + "narHash": "sha256-agCbztdk1f7nCUz03R6xdbivuBRuqubP2RHW+MNuRTg=", + "owner": "NuschtOS", + "repo": "search", + "rev": "551b031e2bc0bcc9584347a8da6312e57169661d", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, "root": { "inputs": { "deploy-rs": "deploy-rs", @@ -392,11 +406,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1718137936, - "narHash": "sha256-psA+1Q5fPaK6yI3vzlLINNtb6EeXj111zQWnZYyJS9c=", + "lastModified": 1721688883, + "narHash": "sha256-9jsjsRKtJRqNSTXKj9zuDFRf2PGix30nMx9VKyPgD2U=", "owner": "mic92", "repo": "sops-nix", - "rev": "c279dec105dd53df13a5e57525da97905cc0f0d6", + "rev": "aff2f88277dabe695de4773682842c34a0b7fd54", "type": "github" }, "original": { @@ -443,11 +457,11 @@ ] }, "locked": { - "lastModified": 1718139168, - "narHash": "sha256-1TZQcdETNdJMcfwwoshVeCjwWfrPtkSQ8y8wFX3it7k=", + "lastModified": 1721769617, + "narHash": "sha256-6Pqa0bi5nV74IZcENKYRToRNM5obo1EQ+3ihtunJ014=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1cb529bffa880746a1d0ec4e0f5076876af931f1", + "rev": "8db8970be1fb8be9c845af7ebec53b699fe7e009", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6c50857..8340f71 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,7 @@ workstation-vm = import ./hosts/workstation-vm {inherit inputs configLib;}; gv-wsl = import ./hosts/wsl-workstation.nix {inherit inputs configLib;}; rockhole = import ./hosts/rockhole64 {inherit inputs configLib;}; + hetzner-multi = import ./hosts/hetzner-multi {inherit inputs configLib;}; }; # Standalone home-manager configuration entrypoint @@ -107,15 +108,21 @@ deploy = { nodes = { - rockpro = { + rockhole = { hostname = "rockpro"; - profiles.system.path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.rockpro; + profiles.system.path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.rockhole; remoteBuild = true; }; + hetzner-multi = { + hostname = "cal.venberg.xyz"; + profiles.system.path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.hetzner-multi; + }; }; sshUser = "root"; }; + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + packages.x86_64-linux = { proxmox = import ./packages/proxmox.nix {inherit inputs configLib;}; iso = import ./packages/iso.nix {inherit inputs configLib;}; diff --git a/hosts/hetzner-multi/default.nix b/hosts/hetzner-multi/default.nix new file mode 100644 index 0000000..5324d0d --- /dev/null +++ b/hosts/hetzner-multi/default.nix @@ -0,0 +1,87 @@ +{ + inputs, + configLib, + ... +}: +inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = {inherit inputs configLib;}; + # > Our main nixos configuration file < + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.disko.nixosModules.disko + ./disk-config.nix + ./nginx.nix + ../../roles/nixos/vm.nix + ../../configs/nixos/common.nix + ../../configs/nixos/tailscale.nix + ../../configs/nixos/sshd.nix + ../../configs/nixos/secrets.nix + ../../configs/nixos/radicale.nix + ({ + config, + pkgs, + configLib, + ... + }: { + host = { + user = "gabe"; + fullName = "Gabe Venberg"; + gui.enable = false; + isVm = true; + }; + networking.hostName = "hetzner-multi"; # Define your hostname. + networking.hostId = "908b80b6"; + networking.useNetworkd = true; + systemd.network = { + enable = true; + networks."enp1s0" = { + networkConfig.DHCP = "ipv4"; + gateway = ["fe80::1"]; + address = ["2a01:4f8:1c1b:6c7c::1/64"]; + }; + }; + + home-manager.users.${config.host.user} = { + inputs, + osConfig, + lib, + ... + }: { + host = osConfig.host; + user = { + git = { + profile = { + name = config.host.fullName; + email = "gabevenberg@gmail.com"; + }; + workProfile.enable = false; + }; + }; + imports = [ + ../../roles/home-manager/minimal-terminal.nix + ../../configs/home-manager/common.nix + inputs.nixvim.homeManagerModules.nixvim + ]; + }; + + # Bootloader. + # boot.loader.systemd-boot.enable = true; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + }) + ]; +} diff --git a/hosts/hetzner-multi/disk-config.nix b/hosts/hetzner-multi/disk-config.nix new file mode 100644 index 0000000..4fff720 --- /dev/null +++ b/hosts/hetzner-multi/disk-config.nix @@ -0,0 +1,38 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + priority = 1; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} + diff --git a/hosts/hetzner-multi/nginx.nix b/hosts/hetzner-multi/nginx.nix new file mode 100644 index 0000000..43c7836 --- /dev/null +++ b/hosts/hetzner-multi/nginx.nix @@ -0,0 +1,19 @@ +{ + inputs, + config, + pkgs, + lib, + ... +}: { + imports = [ + ../../configs/nixos/nginx.nix + ]; + services.nginx.virtualHosts."cal.venberg.xyz" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:5232"; + }; + }; + networking.firewall.allowedTCPPorts = [443 80]; +} diff --git a/hosts/rockhole64/default.nix b/hosts/rockhole64/default.nix index ccc209b..103a364 100644 --- a/hosts/rockhole64/default.nix +++ b/hosts/rockhole64/default.nix @@ -98,7 +98,7 @@ inputs.nixpkgs.lib.nixosSystem { # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.11"; # Did you read the comment? + system.stateVersion = "24.05"; # Did you read the comment? }) ]; } diff --git a/modules/home-manager/nvim/treesitter/default.nix b/modules/home-manager/nvim/treesitter/default.nix index a92d22a..295210c 100644 --- a/modules/home-manager/nvim/treesitter/default.nix +++ b/modules/home-manager/nvim/treesitter/default.nix @@ -11,10 +11,11 @@ { user.nvim.enable-completions = true; programs.nixvim = { + opts.foldmethod = "expr"; plugins.treesitter = { enable = true; folding = true; - indent = true; + settings.indent.enable = true; nixvimInjections = true; }; plugins.treesitter-context.enable = true; diff --git a/modules/home-manager/nvim/treesitter/tree-sitter-nu.nix b/modules/home-manager/nvim/treesitter/tree-sitter-nu.nix index c96d70e..ccaee03 100644 --- a/modules/home-manager/nvim/treesitter/tree-sitter-nu.nix +++ b/modules/home-manager/nvim/treesitter/tree-sitter-nu.nix @@ -32,9 +32,9 @@ # Add the nu injections extraFiles = { - "/queries/nu/highlights.scm" = builtins.readFile "${nu-grammar}/queries/nu/highlights.scm"; - "/queries/nu/injections.scm" = builtins.readFile "${nu-grammar}/queries/nu/injections.scm"; - "/queries/nu/indents.scm" = builtins.readFile "${nu-grammar}/queries/nu/indents.scm"; + "/queries/nu/highlights.scm".source = "${nu-grammar}/queries/nu/highlights.scm"; + "/queries/nu/injections.scm".source = "${nu-grammar}/queries/nu/injections.scm"; + "/queries/nu/indents.scm".source = "${nu-grammar}/queries/nu/indents.scm"; }; plugins = { diff --git a/modules/home-manager/nvim/which-key.nix b/modules/home-manager/nvim/which-key.nix index f340a0c..5210fb0 100644 --- a/modules/home-manager/nvim/which-key.nix +++ b/modules/home-manager/nvim/which-key.nix @@ -12,6 +12,15 @@ }; plugins.which-key = { enable = true; + # TODO: remvoe this once https://github.com/nix-community/nixvim/issues/1901 is fixed. + package = pkgs.vimPlugins.which-key-nvim.overrideAttrs (oldAttrs: { + src = pkgs.fetchFromGitHub { + owner = oldAttrs.src.owner; + repo = oldAttrs.src.repo; + rev = "0539da005b98b02cf730c1d9da82b8e8edb1c2d2"; # v2.1.0 + hash = "sha256-gc/WJJ1s4s+hh8Mx8MTDg8pGGNOXxgKqBMwudJtpO4Y="; + }; + }); }; }; };