feat: init
This commit is contained in:
commit
44c900810d
25 changed files with 729 additions and 0 deletions
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
/.pre-commit-config.yaml
|
||||||
|
/result
|
13
config/acme.nix
Normal file
13
config/acme.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{config, ...}: {
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "hey@winston.sh";
|
||||||
|
certs."winston.sh" = {
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.winston.sh"
|
||||||
|
];
|
||||||
|
dnsProvider = "porkbun";
|
||||||
|
credentialsFile = config.age.secrets."lego/porkbun-credentials".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
11
config/default.nix
Normal file
11
config/default.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./games
|
||||||
|
./secrets
|
||||||
|
./services
|
||||||
|
./acme.nix
|
||||||
|
./network.nix
|
||||||
|
./nix.nix
|
||||||
|
./users.nix
|
||||||
|
];
|
||||||
|
}
|
5
config/games/default.nix
Normal file
5
config/games/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./valheim.nix
|
||||||
|
];
|
||||||
|
}
|
20
config/games/valheim.nix
Normal file
20
config/games/valheim.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{lib, ...}: {
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg:
|
||||||
|
builtins.elem (lib.getName pkg) [
|
||||||
|
"valheim-server"
|
||||||
|
"steamworks-sdk-redist"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.valheim = {
|
||||||
|
enable = true;
|
||||||
|
crossplay = true;
|
||||||
|
openFirewall = true;
|
||||||
|
password = "hunter2";
|
||||||
|
serverName = "Nixheim";
|
||||||
|
worldName = "Owoheim";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.valheim = {
|
||||||
|
createHome = true;
|
||||||
|
};
|
||||||
|
}
|
11
config/network.nix
Normal file
11
config/network.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
{
|
||||||
|
networking.firewall.enable = true;
|
||||||
|
services = {
|
||||||
|
fail2ban.enable = true;
|
||||||
|
openssh = {
|
||||||
|
enable = true;
|
||||||
|
ports = [1322];
|
||||||
|
settings.PasswordAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
3
config/nix.nix
Normal file
3
config/nix.nix
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||||
|
}
|
9
config/secrets/.identities/yubikey5ci.txt
Normal file
9
config/secrets/.identities/yubikey5ci.txt
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
# Serial: 17700673, Slot: 1
|
||||||
|
# Name: age identity 30be8d70
|
||||||
|
# Created: Sun, 02 Jul 2023 11:06:17 +0000
|
||||||
|
# PIN policy: Once (A PIN is required once per session, if set)
|
||||||
|
# Touch policy: Always (A physical touch is required for every decryption)
|
||||||
|
# Recipient: age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls
|
||||||
|
AGE-PLUGIN-YUBIKEY-1GYTSUQVZXZLG6UQYHVHNU
|
||||||
|
|
||||||
|
|
BIN
config/secrets/containers/faerber.env.age
Normal file
BIN
config/secrets/containers/faerber.env.age
Normal file
Binary file not shown.
10
config/secrets/containers/ghcr-token.age
Normal file
10
config/secrets/containers/ghcr-token.age
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 zj2A2A 1dnkWG8Ic+DVFRirpo9Hz8J1CbLW78igaa67ftcEEmw
|
||||||
|
9QI26X2BtxrUVio0D4PmV1BiR5GhF2lmGbFWFghUbgo
|
||||||
|
-> piv-p256 ML6NcA AoEmMFTu3hck1RApBe9jgTWYxM+U6Icum3P/cYjxtDHF
|
||||||
|
gbn+RbHuvjVnowcj2ut0/u7qU4t9fwu2bOnY3zzdeaM
|
||||||
|
-> %}]%Q(-grease 3 t^3 VxG \V{K%:pS
|
||||||
|
XVFJBwehSiw
|
||||||
|
--- zjRwouGqjn//jgr4Glva3Jx8jQo+TAGt2nMacZvT8Aw
|
||||||
|
—kâèTè6ÄWÛ oV¸ËÝ-{”òâÞä&sÿ¿å‰4a\Št<C5A0>Æh¼#V¼JØ
|
||||||
|
ÅûÖ}}{?5<>€Z¦+…ª¯/Ô™
|
BIN
config/secrets/containers/pepperjack.env.age
Normal file
BIN
config/secrets/containers/pepperjack.env.age
Normal file
Binary file not shown.
7
config/secrets/default.nix
Normal file
7
config/secrets/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
age.secrets = with builtins;
|
||||||
|
listToAttrs (map (k: {
|
||||||
|
name = substring 0 (stringLength k - 4) k;
|
||||||
|
value = {file = ./. + "/${k}";};
|
||||||
|
}) (attrNames (import ./secrets.nix)));
|
||||||
|
}
|
11
config/secrets/lego/porkbun-credentials.age
Normal file
11
config/secrets/lego/porkbun-credentials.age
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 zj2A2A F7giWWpkO4uib8YrTUUzjsiHBVEDF7Zr+l0r3PfXNWU
|
||||||
|
VRryBJU5hX8YJ9G2qadqwac5rQAsCOi2+zk/ZQC8AB4
|
||||||
|
-> piv-p256 ML6NcA A9kB33XAGcnv5fE4DU8t80COVFcj1F52+/yqnKrhp6zb
|
||||||
|
CBN7fYeRzpV1mkSyySZ6yXcI0/TDmL0kW6f9i6G4+i0
|
||||||
|
-> f5eV-grease 7a'rDO> `"f !a2
|
||||||
|
98yuvIuXcXNbBHRIp+AqecZz0X0rjgTCerkwJR7VcnxtTwr66MTAwoeIv3LpVYT/
|
||||||
|
8okBLxhmhhh57GJwMSJDI04UHubtl3dNQsZGDXVYp/xqK7GlhYob
|
||||||
|
--- hzqeb35v+5Go+1CqJU9yk+VfsZriQUKcswVqXF+Cxhw
|
||||||
|
¯ûÖ€óµö
0fõå³
|
||||||
|
Gô¥¬?ëé$g3löÚZª%‚¨Êg
PA<ÊÎ_wú÷á4T!˜Þq)B£3›á7ï’ÙV²‡™ï1‹G°Š×_ºsë)s¾ãÜb¼G -w¹DM¬vº<76>%&Ú¿oGGίé?ΦÉÑ;¬‡B ½Ø†"£JíßpñÛ[»‡â—õ]mëŠÏç<C38F>C2@Û<>§ô‹Y®ÚÖ@I1¢(3÷x°½=ÜK)ÉhâÀ¹/H8'Ðzîâ@šëbˆ®Ë«ó‘ؽ÷
|
13
config/secrets/secrets.nix
Normal file
13
config/secrets/secrets.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
let
|
||||||
|
users.winston = "age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls";
|
||||||
|
systems.main-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcY5fuyxK8rs3eocLuLnvSPDL6qcvq7oUdYrE+wLj0y";
|
||||||
|
|
||||||
|
default = [users.winston systems.main-node];
|
||||||
|
in {
|
||||||
|
"containers/faerber.env.age".publicKeys = default;
|
||||||
|
"containers/pepperjack.env.age".publicKeys = default;
|
||||||
|
"containers/ghcr-token.age".publicKeys = default;
|
||||||
|
"lego/porkbun-credentials.age".publicKeys = default;
|
||||||
|
"services/invidious/config.json.age".publicKeys = default;
|
||||||
|
"services/invidious/password-database.age".publicKeys = default;
|
||||||
|
}
|
9
config/secrets/services/invidious/config.json.age
Normal file
9
config/secrets/services/invidious/config.json.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 zj2A2A uy090JTFBmjPc0j2Em0zNPcCHe9Seei2srS4Ee/SxA8
|
||||||
|
PwovctZhzN5/qz/CBsbhZM24hR96nXBJP+kVgqTpU+A
|
||||||
|
-> piv-p256 ML6NcA AtNqkaYFpMfoN1rERuJ70sMvdYmJnE/Aaf+NYBzeIQ9M
|
||||||
|
FmDGncGbmWKx72XslOUvZEShtYoM4iuUhlHQqcD7hIc
|
||||||
|
-> pP3QG-grease |8 4 h gp4`[
|
||||||
|
SUMev8xAjCCR/rqf
|
||||||
|
--- deAzSOQkmifm4lVq1rI4aFX6aizyIk1zeczOZ70NQB4
|
||||||
|
ZLß{‡ö|=víöºáJK¿ÔŠ§°N<C2B0>HѺ>g»ïë
†¹yÊø7]$åëo¼$ aü<>•«ÝpÊN·ÛBïs7Œ¯
|
9
config/secrets/services/invidious/password-database.age
Normal file
9
config/secrets/services/invidious/password-database.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 zj2A2A xD77WFTcXcFVc0eYiUO23mM6eUyzAq89Fqj6ZbnysC8
|
||||||
|
dsf0iHniJD81xO1/5QyrMrbBTVA5Pp+EnzbRJnqNijQ
|
||||||
|
-> piv-p256 ML6NcA AqgOiVHO21MZ2VAmRhYZO7Kuwuv2RVT2MyGj2JTNZ4Ub
|
||||||
|
nvybVN766NUkoEgpfLlJdoMOIVsOY94tIhF+wHMESf0
|
||||||
|
-> n-grease v5D,E1 Xs1 ; )apR
|
||||||
|
ZMbnYAWO9fyMXeZMChugD+kTbKcU+j3kyT+5lPfizhwc9LAn4Ql50Afc
|
||||||
|
--- 1HswhlIJWOU/Lj5jBUu8tNfw68a3MUgPb2pGy5dn0rI
|
||||||
|
î,´gÒ·³È§(¼}®"°tÍß“çécê¾[+W¤:‹Œ¹Óg<C393>‰ÝS‰´ÏWlÙõ‚ºÆ‡üö§û1a*ˆ ïÌ!¼Ž<02>(¾ˆŒµïø“6$
|
45
config/services/containers.nix
Normal file
45
config/services/containers.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{config, ...}: let
|
||||||
|
ghcrLogin = {
|
||||||
|
registry = "ghcr.io";
|
||||||
|
username = "nekowinston";
|
||||||
|
passwordFile = config.age.secrets."containers/ghcr-token".path;
|
||||||
|
};
|
||||||
|
websitePort = "14139";
|
||||||
|
in {
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
faerber-bot = {
|
||||||
|
image = "ghcr.io/nekowinston/faerber/faerber-discord-bot:latest";
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets."containers/faerber.env".path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
pepperjack = {
|
||||||
|
image = "docker.io/phasecorex/red-discordbot:latest";
|
||||||
|
environment = {
|
||||||
|
TOKEN = "~";
|
||||||
|
OWNER = "505490445468696576";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets."containers/pepperjack.env".path
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"/srv/data-pepperjack:/data"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
website = {
|
||||||
|
image = "ghcr.io/nekowinston/winston.sh/winston-sh:latest";
|
||||||
|
login = ghcrLogin;
|
||||||
|
ports = ["127.0.0.1:${websitePort}:3000"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."winston.sh" = {
|
||||||
|
locations."/".proxyPass = "http://127.0.0.1:${websitePort}";
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
enableACME = false;
|
||||||
|
useACMEHost = "winston.sh";
|
||||||
|
};
|
||||||
|
}
|
7
config/services/default.nix
Normal file
7
config/services/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./containers.nix
|
||||||
|
./invidious.nix
|
||||||
|
./nginx.nix
|
||||||
|
];
|
||||||
|
}
|
35
config/services/invidious.nix
Normal file
35
config/services/invidious.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services.invidious = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.unstable.invidious;
|
||||||
|
|
||||||
|
database.passwordFile = config.age.secrets."services/invidious/password-database".path;
|
||||||
|
domain = "iv.winston.sh";
|
||||||
|
port = 3030;
|
||||||
|
nginx.enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
external_port = lib.mkForce 443;
|
||||||
|
popular_enabled = false;
|
||||||
|
statistics_enabled = false;
|
||||||
|
use_pubsub_feeds = true;
|
||||||
|
default_user_preferences = {
|
||||||
|
region = "US";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraSettingsFile = config.age.secrets."services/invidious/config.json".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${config.services.invidious.domain} = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = false;
|
||||||
|
useACMEHost = "winston.sh";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."services/invidious/config.json".mode = "777";
|
||||||
|
}
|
38
config/services/nginx.nix
Normal file
38
config/services/nginx.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nginxMainline;
|
||||||
|
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
|
# https://github.com/NixOS/nixpkgs/issues/180980#issuecomment-1179723811
|
||||||
|
virtualHosts = {
|
||||||
|
"defaultDummy404" = {
|
||||||
|
default = true;
|
||||||
|
serverName = "_";
|
||||||
|
locations."/".extraConfig = "return 404;";
|
||||||
|
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
|
||||||
|
};
|
||||||
|
"defaultDummy404ssl" = let
|
||||||
|
snakeoilCert = pkgs.runCommand "nginx-snakeoil-cert" {buildInputs = [pkgs.openssl];} ''
|
||||||
|
mkdir "$out"
|
||||||
|
openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 -subj '/CN=Snakeoil CA' -nodes -out "$out/cert.pem" -keyout "$out/cert.key"
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
default = true;
|
||||||
|
serverName = "_";
|
||||||
|
locations."/".extraConfig = "return 404;";
|
||||||
|
locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
|
||||||
|
# Dummy SSL config
|
||||||
|
onlySSL = true;
|
||||||
|
sslCertificate = "${snakeoilCert}/cert.pem";
|
||||||
|
sslCertificateKey = "${snakeoilCert}/cert.key";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
users.users.nginx.extraGroups = ["acme"];
|
||||||
|
}
|
18
config/users.nix
Normal file
18
config/users.nix
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
||||||
|
users.users.winston = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = ["wheel"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"
|
||||||
|
];
|
||||||
|
shell = pkgs.bashInteractive;
|
||||||
|
};
|
||||||
|
users.users.root = {
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"
|
||||||
|
];
|
||||||
|
shell = pkgs.bashInteractive;
|
||||||
|
};
|
||||||
|
}
|
290
flake.lock
Normal file
290
flake.lock
Normal file
|
@ -0,0 +1,290 @@
|
||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"agenix": {
|
||||||
|
"inputs": {
|
||||||
|
"darwin": [],
|
||||||
|
"home-manager": [],
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1684153753,
|
||||||
|
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ryantm",
|
||||||
|
"repo": "agenix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673956053,
|
||||||
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1667395993,
|
||||||
|
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_2": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681202837,
|
||||||
|
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"gitignore": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"pre-commit-hooks",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1660459072,
|
||||||
|
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixinate": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688141737,
|
||||||
|
"narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
|
||||||
|
"owner": "matthewcroughan",
|
||||||
|
"repo": "nixinate",
|
||||||
|
"rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "matthewcroughan",
|
||||||
|
"repo": "nixinate",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1677676435,
|
||||||
|
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1678872516,
|
||||||
|
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-22.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-unstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688188316,
|
||||||
|
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688109178,
|
||||||
|
"narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
|
||||||
|
"owner": "nixos",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-23.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681303793,
|
||||||
|
"narHash": "sha256-JEdQHsYuCfRL2PICHlOiH/2ue3DwoxUX7DJ6zZxZXFk=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "fe2ecaf706a5907b5e54d979fbde4924d84b65fc",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"pre-commit-hooks": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"gitignore": "gitignore",
|
||||||
|
"nixpkgs": "nixpkgs_3",
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1682596858,
|
||||||
|
"narHash": "sha256-Hf9XVpqaGqe/4oDGr30W8HlsWvJXtMsEPHDqHZA6dDg=",
|
||||||
|
"owner": "cachix",
|
||||||
|
"repo": "pre-commit-hooks.nix",
|
||||||
|
"rev": "fb58866e20af98779017134319b5663b8215d912",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "cachix",
|
||||||
|
"repo": "pre-commit-hooks.nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"agenix": "agenix",
|
||||||
|
"nixinate": "nixinate",
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
|
"pre-commit-hooks": "pre-commit-hooks",
|
||||||
|
"valheim-server": "valheim-server"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"steam-fetcher": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": [
|
||||||
|
"valheim-server",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"valheim-server",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1686720327,
|
||||||
|
"narHash": "sha256-tXr09buKDKv81pnmcIwJ7eq2MaaU+4qfYrp6Mvb8buw=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "steam-fetcher",
|
||||||
|
"rev": "30964171f7c1711dc6edbe98f0839a40477a6f54",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "steam-fetcher",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"valheim-server": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_2",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"steam-fetcher": "steam-fetcher"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1686971068,
|
||||||
|
"narHash": "sha256-0EePXsNXJf+Ipt4AdWRbHbK2gSgLO9f6oeKUaugbUIk=",
|
||||||
|
"owner": "aidalgol",
|
||||||
|
"repo": "valheim-server-flake",
|
||||||
|
"rev": "8934c7fd73bf7cec262cc05fba92bb5e79ec195c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "aidalgol",
|
||||||
|
"repo": "valheim-server-flake",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
77
flake.nix
Normal file
77
flake.nix
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
{
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
|
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixpkgs-unstable";
|
||||||
|
|
||||||
|
agenix = {
|
||||||
|
url = "github:ryantm/agenix";
|
||||||
|
inputs.darwin.follows = "";
|
||||||
|
inputs.home-manager.follows = "";
|
||||||
|
};
|
||||||
|
valheim-server = {
|
||||||
|
url = "github:aidalgol/valheim-server-flake";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
nixinate = {
|
||||||
|
url = "github:matthewcroughan/nixinate";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = {
|
||||||
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
...
|
||||||
|
} @ inputs: let
|
||||||
|
system = "x86_64-linux";
|
||||||
|
overlays = final: prev: {
|
||||||
|
unstable = inputs.nixpkgs-unstable.legacyPackages.${prev.system};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
apps = inputs.nixinate.nixinate.${system} self;
|
||||||
|
|
||||||
|
nixosConfigurations.main-node = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
modules = [
|
||||||
|
{
|
||||||
|
_module.args.nixinate = {
|
||||||
|
host = "main-node";
|
||||||
|
buildOn = "remote";
|
||||||
|
hermetic = false;
|
||||||
|
};
|
||||||
|
nixpkgs.overlays = [overlays];
|
||||||
|
}
|
||||||
|
./hosts/main-node
|
||||||
|
./config
|
||||||
|
inputs.agenix.nixosModules.default
|
||||||
|
inputs.valheim-server.nixosModules.default
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
checks.${system}.pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
|
||||||
|
src = ./.;
|
||||||
|
hooks = {
|
||||||
|
alejandra.enable = true;
|
||||||
|
deadnix.enable = true;
|
||||||
|
shellcheck.enable = true;
|
||||||
|
stylua.enable = true;
|
||||||
|
};
|
||||||
|
settings.deadnix = {
|
||||||
|
noLambdaPatternNames = true;
|
||||||
|
noLambdaArg = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
devShells.${system}.default = let
|
||||||
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
|
in
|
||||||
|
pkgs.mkShell {
|
||||||
|
inherit (self.checks.${system}.pre-commit-check) shellHook;
|
||||||
|
buildInputs = [
|
||||||
|
inputs.agenix.packages.${system}.agenix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
39
hosts/main-node/default.nix
Normal file
39
hosts/main-node/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
{pkgs, ...}: {
|
||||||
|
imports = [./hardware-configuration.nix];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
grub.enable = true;
|
||||||
|
grub.device = "/dev/sda";
|
||||||
|
};
|
||||||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "main-node";
|
||||||
|
nameservers = [
|
||||||
|
"46.38.225.230"
|
||||||
|
"46.38.252.230"
|
||||||
|
"2a03:4000:0:1::e1e6"
|
||||||
|
"2a03:4000:8000::fce6"
|
||||||
|
];
|
||||||
|
interfaces.ens3 = {
|
||||||
|
useDHCP = true;
|
||||||
|
ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "188.68.44.196";
|
||||||
|
prefixLength = 32;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
time.timeZone = "Europe/Vienna";
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
}
|
47
hosts/main-node/hardware-configuration.nix
Normal file
47
hosts/main-node/hardware-configuration.nix
Normal file
|
@ -0,0 +1,47 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = [];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=root"];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" = {
|
||||||
|
device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=home"];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" = {
|
||||||
|
device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = ["subvol=nix"];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
|
}
|
Loading…
Reference in a new issue