Gabe/nix-config
1
0
Fork 0
Code Issues 12 Pull requests Projects Releases Packages Wiki Activity

lots of stuff:

Browse source 
Moved syncthing to system service
Restic actually works now
removed some old system configs.
formatting.
This commit is contained in:
Gabe Venberg 2024-09-30 16:06:17 +02:00
parent c42e33770e
commit f9632c8fc3
18 changed files with 99 additions and 291 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/cirrostratus/default.nix
View file

@ -14,11 +14,13 @@ inputs.nixpkgs.lib.nixosSystem {
./disk-config.nix
./hardware-configuration.nix
./nginx.nix
./restic.nix
../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix
../../configs/nixos/sshd.nix
../../configs/nixos/secrets.nix
../../configs/nixos/jellyfin.nix
../../configs/nixos/syncthing.nix
({
config,
pkgs,
@ -60,10 +62,6 @@ inputs.nixpkgs.lib.nixosSystem {
format = "binary";
owner = config.services.nginx.user;
};
restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
};
};
};

9
hosts/cirrostratus/disk-config.nix
View file

@ -70,11 +70,10 @@
};
datasets = {
backup = {
type="zfs_fs";
options={
mountpoint="/backup";
compression="zstd";
quota="6T";
type = "zfs_fs";
options = {
mountpoint = "/backup";
quota = "6T";
};
};
};

19
hosts/cirrostratus/restic.nix
View file

@ -7,21 +7,28 @@
}: let
port = "8090";
in {
services.restic.server = {
services.restic.server = lib.mkIf (inputs ? nix-secrets) {
enable = true;
appendOnly = true;
dataDir = "/backup/restic";
extraFlags = [
"--htpasswd-file ${config.sops.secrets.gabevenberg-draft-credentials.path}"
"--private-repos"
];
listenAddress = "127.0.0.1:${port}";
};
services.nginx.virtualHosts."restic.gabevenberg.com" = {
services.nginx.virtualHosts."restic.venberg.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${port}";
};
};
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-server-credentials = {
sopsFile = "${inputs.nix-secrets}/restic-server";
format = "binary";
path = "/backup/restic/.htpasswd";
owner="restic";
};
};
environment.systemPackages = with pkgs; [
restic
];
}

1
hosts/cirrus/default.nix
View file

@ -12,6 +12,7 @@ inputs.nixpkgs.lib.nixosSystem {
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
./disk-config.nix
./restic.nix
../../roles/nixos/vm.nix
../../configs/nixos/common.nix
../../configs/nixos/tailscale.nix

38
hosts/cirrus/restic.nix Normal file
View file

@ -0,0 +1,38 @@
{
inputs,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = with pkgs; [
restic
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets.restic-url = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
};
secrets.restic-password = {
sopsFile = "${inputs.nix-secrets}/restic-client.yaml";
owner = config.host.user;
};
};
services.restic.backups = lib.mkIf (inputs ? nix-secrets) {
remote = {
repositoryFile = config.sops.secrets.restic-url.path;
passwordFile = config.sops.secrets.restic-password.path;
initialize = true;
paths = [
"/var/lib/radicale"
];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
RandomizedDelaySec = "4h";
};
};
};
}

1
hosts/home-laptop.nix
View file

@ -34,7 +34,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
../roles/home-manager/terminal.nix
../roles/home-manager/music.nix
../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix

1
hosts/home-personal.nix
View file

@ -33,7 +33,6 @@ inputs.home-manager.lib.homeManagerConfiguration {
../roles/home-manager/terminal.nix
../roles/home-manager/music.nix
../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/email.nix
../configs/home-manager/tiny-irc.nix
../configs/home-manager/secrets.nix

56
hosts/home-workstation.nix
View file

@ -1,56 +0,0 @@
{
inputs,
configLib,
...
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; # Home-manager requires 'pkgs' instance
extraSpecialArgs = {inherit inputs configLib;};
modules = [
inputs.nixvim.homeManagerModules.nixvim
({
config,
pkgs,
lib,
configLib,
...
}: {
# machine specific options
user = {
nvim = {
enable-lsp = true;
enable-treesitter = true;
};
git = {
profile = {
name = "Gabe Venberg";
email = "gabevenberg@gmail.com";
};
workProfile = {
enable = true;
email = "venberggabe@johndeere.com";
};
};
};
targets.genericLinux.enable = true;
home.username = "gabe";
home.homeDirectory = /home/gabe;
imports = [
../roles/home-manager/terminal.nix
../configs/home-manager/common.nix
../configs/home-manager/syncthing.nix
../configs/home-manager/tiny-irc.nix
../roles/home-manager/music.nix
../configs/home-manager/secrets.nix
inputs.sops-nix.homeManagerModules.sops
];
sops = lib.mkIf (inputs ? nix-secrets) {
secrets = {
irc-cert.sopsFile = "${inputs.nix-secrets}/workstations.yaml";
};
};
})
];
}

84
hosts/workstation-vm/default.nix
View file

@ -1,84 +0,0 @@
{
inputs,
configLib,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
./hardware-configuration.nix
../../roles/nixos/graphical-vm.nix
../../configs/nixos/printing.nix
../../configs/nixos/sound.nix
../../configs/nixos/interactive-networking.nix
../../configs/nixos/nfsv2.nix
../../configs/nixos/i3
../../configs/nixos/common.nix
../../configs/nixos/sshd.nix
({
config,
pkgs,
lib,
inputs,
configLib,
...
}: {
host = {
user = "gabe";
fullName = "Gabe Venberg";
gui.enable = true;
isVm = true;
};
networking.hostName = "workstation-vm"; # Define your hostname.
users.users.${config.host.user} = {
packages = with pkgs; [
firefox
];
};
home-manager.users.${config.host.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
user = {
git = {
profile = {
name = "Gabe Venberg";
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../../roles/home-manager/terminal.nix
../../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
})
];
}

45
hosts/workstation-vm/hardware-configuration.nix
View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1127e866-28dc-4c07-92ec-07be4908880c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CBA2-8A1E";
fsType = "vfat";
};
fileSystems."/home/gabe/nix-config-host" = {
device = "nix-config-host";
fsType = "virtiofs";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

63
hosts/wsl-workstation.nix
View file

@ -1,63 +0,0 @@
{
inputs,
configLib,
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs configLib;};
# > Our main nixos configuration file <
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-wsl.nixosModules.default
../configs/nixos/common.nix
({
config,
pkgs,
configLib,
...
}: {
wsl.enable = true;
wsl.wslConf.network.generateResolvConf = false;
networking.nameservers = ["1.1.1.1" "8.8.8.8"];
host = {
user = "nixos";
fullName = "Gabe Venberg";
};
networking.hostName = "gv-wsl"; # Define your hostname.
home-manager.users.${config.host.user} = {
inputs,
osConfig,
...
}: {
host = osConfig.host;
user = {
nvim = {
enable-lsp = true;
enable-treesitter = true;
};
git = {
profile = {
name = config.host.fullName;
email = "gabevenberg@gmail.com";
};
workProfile.enable = false;
};
};
imports = [
../roles/home-manager/terminal.nix
../configs/home-manager/common.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
})
];
}