rachel/nixos-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rachel:527492044a761cfe1428163b8cee9e081ac1bea0
Branches Tags
rachel:master
..
compare: rachel:7744efa70a827505e41110fff013d6b5d590d66a
Branches Tags
rachel:master

No commits in common. "527492044a761cfe1428163b8cee9e081ac1bea0" and "7744efa70a827505e41110fff013d6b5d590d66a" have entirely different histories.
527492044a ... 7744efa70a

7 changed files with 110 additions and 51 deletions
Show Stats Expand all files Collapse all files

68
flake.lock
View File

@ -95,6 +95,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -204,10 +222,43 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1701263465,
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
"path": "/nix/store/7i525k013ds687vgp12lyhwmx79qd4qj-source",
"rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3",
"type": "path"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"rachelcafe": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1705262863,
"narHash": "sha256-gAn/k4uHl+qiZY3l4gtQd4RZ/QJSSYCqrDu/9JdzTMo=",
"ref": "refs/heads/master",
"rev": "b01d01e7b5e43424440dba2f732610710698e8e6",
"revCount": 88,
"type": "git",
"url": "https://githug.xyz/rachel/rachel.cafe"
},
"original": {
"type": "git",
"url": "https://githug.xyz/rachel/rachel.cafe"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixos-config": "nixos-config", "nixos-config": "nixos-config",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3",
"rachelcafe": "rachelcafe"
} }
}, },
"slippi-desktop": { "slippi-desktop": {
@ -259,6 +310,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
flake.nix
View File

@ -4,12 +4,10 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.05";
nixos-config.url = "git+https://githug.xyz/rachel/nixos-config"; nixos-config.url = "git+https://githug.xyz/rachel/nixos-config";
# rachelcafe.url = "git+https://githug.xyz/rachel/rachel.cafe"; rachelcafe.url = "git+https://githug.xyz/rachel/rachel.cafe";
}; };
outputs = inputs@{ self, nixpkgs, nixos-config, outputs = inputs@{ self, nixpkgs, nixos-config, rachelcafe, ... }:
#rachelcafe,
... }:
let nix-config-module = let nix-config-module =
{ {
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;

81
host.nix
View File

@ -90,8 +90,7 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
then {} then {}
else { else {
"${host}" = { "${host}" = {
enableACME = true; # enableACME = true;
forceSSL = true;
locations."/".proxyPass = locations."/".proxyPass =
"http://${ip}:${builtins.toString ports.http}"; "http://${ip}:${builtins.toString ports.http}";
}; };
@ -100,10 +99,6 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
) services; ) services;
}; };
# [ACME]
security.acme.acceptTerms = true;
security.acme.defaults.email = "depsterr@protonmail.com";
# [SSHD] # [SSHD]
services.openssh = { services.openssh = {
enable = true; enable = true;
@ -160,43 +155,43 @@ lib.flatMap ({ name, config, ip, ports, volumes, ... }:
}; };
# [BACKUPS] # [BACKUPS]
# systemd = { systemd = {
# timers.backup-container-storage = { timers.backup-container-storage = {
# enable = true; enable = true;
# description = "Backup container volumes"; description = "Backup container volumes";
# wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
# timerConfig = { timerConfig = {
# OnCalendar = "*-*-* 02:00:00"; OnCalendar = "*-*-* 02:00:00";
# Unit = "backup-container-storage.service"; Unit = "backup-container-storage.service";
# }; };
# }; };
# services.backup-container-storage = { services.backup-container-storage = {
# description = "Backup container volumes"; description = "Backup container volumes";
# startLimitBurst = 1; startLimitBurst = 1;
# startLimitIntervalSec = 1800; startLimitIntervalSec = 1800;
# script = with builtins; let script = with builtins; let
# volumes = concatMap (s: s.volumes) services; volumes = concatMap (s: s.volumes) services;
# backupVolumes = filter (v: if v ? backup then v.backup else true) volumes; backupVolumes = filter (v: if v ? backup then v.backup else true) volumes;
# backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes; backupMountpoints = map (v: hostVolumeDir + v.name) backupVolumes;
# in '' in ''
# PATH="$PATH:${pkgs.lib.makeBinPath [ PATH="$PATH:${pkgs.lib.makeBinPath [
# pkgs.gnutar pkgs.gnutar
# pkgs.gzip pkgs.gzip
# ]}" ]}"
# mountpoint ${hostBackupDir} || { mountpoint ${hostBackupDir} || {
# echo "${hostBackupDir} is not a mountpoint!" echo "${hostBackupDir} is not a mountpoint!"
# exit 7 exit 7
# } }
# echo "Starting Backup" echo "Starting Backup"
# # 7 days of backups # 7 days of backups
# rm -rf ${hostBackupDir}/backup.7.tgz rm -rf ${hostBackupDir}/backup.7.tgz
# for x in $(seq 6); do for x in $(seq 6); do
# mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz" mv "${hostBackupDir}/backup.$x.tgz" "${hostBackupDir}/backup.$((x+1)).tgz"
# done done
# tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints} tar -zcvpf ${hostBackupDir}/backup.1.tgz ${toString backupMountpoints}
# ''; '';
# }; };
# }; };
# [SECURITY] # [SECURITY]
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;

BIN
secrets/id_nopass.pub
View File

Binary file not shown.

2
services/blog.nix
View File

@ -11,7 +11,7 @@
enable = true; enable = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."rachel.cafe" = { virtualHosts."rachel.cafe" = {
# root = "${lib.rachelcafe.packages.x86_64-linux.default}"; root = "${lib.rachelcafe.packages.x86_64-linux.default}";
}; };
}; };
}; };

2
services/gitea.nix
View File

@ -20,7 +20,7 @@
server = { server = {
DOMAIN = "githug.xyz"; DOMAIN = "githug.xyz";
ROOT_URL = "https://githug.xyz/"; ROOT_URL = "https://githug.xyz/";
COOKIE_SECURE = true; # COOKIE_SECURE = true;
HTTP_PORT = 3001; HTTP_PORT = 3001;
OFFLINE_MODE = true; OFFLINE_MODE = true;
}; };

2
services/media.nix
View File

@ -19,7 +19,7 @@
users.users.media = { users.users.media = {
isSystemUser = true; isSystemUser = true;
group = "media"; group = "media";
openssh.authorizedKeys.keyFiles = [ ../secrets/id_nopass.pub ]; openssh.authorizedKeys.keyFiles = [ ../secrets/id_ed25519.pub ];
}; };
users.users.guest = { users.users.guest = {
isSystemUser = true; isSystemUser = true;