diff --git a/nixos/modules/acme/cloudflare.ini.example b/common/acme/cloudflare.ini.example similarity index 100% rename from nixos/modules/acme/cloudflare.ini.example rename to common/acme/cloudflare.ini.example diff --git a/common/acme/default.nix b/common/acme/default.nix new file mode 100644 index 0000000..a403be6 --- /dev/null +++ b/common/acme/default.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +{ + + # letsencrypt + security.acme = { + acceptTerms = true; + defaults = { + email = "chris@toph.cc"; + dnsProvider = "cloudflare"; + environmentFile = ./cloudflare.ini; + }; + certs = { + "ryot.foo" = { + extraDomainNames = ["*.ryot.foo"]; + }; + }; + }; +} \ No newline at end of file diff --git a/common/lxc/default.nix b/common/lxc/default.nix new file mode 100644 index 0000000..002211f --- /dev/null +++ b/common/lxc/default.nix @@ -0,0 +1,21 @@ +{ modulesPath, ... }: +{ + imports = [ + # Include the default lxc/lxd configuration. + "${modulesPath}/virtualisation/lxc-container.nix" + ]; + + # Treats the system as a container. + boot.isContainer = true; + + # Set your system kind (needed for flakes) + nixpkgs.hostPlatform = "x86_64-linux"; + + # Supress systemd units that don't work because of LXC. + # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak + systemd.suppressedSystemUnits = [ + "dev-mqueue.mount" + "sys-kernel-debug.mount" + "sys-fs-fuse-connections.mount" + ]; +} \ No newline at end of file diff --git a/nixos/modules/ssh/default.nix b/common/ssh/default.nix similarity index 100% rename from nixos/modules/ssh/default.nix rename to common/ssh/default.nix diff --git a/flake.nix b/flake.nix index 75b2e9f..fcbef74 100644 --- a/flake.nix +++ b/flake.nix @@ -15,22 +15,55 @@ lib = nixpkgs.lib; pkgs = import nixpkgs { inherit system; - overlays = [ (import ./nixos/overlays) ]; + # overlays = [ (import ./nixos/overlays) ]; }; in { nixosConfigurations = { + caenus = lib.nixosSystem { + inherit system; + modules = [ + ./nix + ./host/caenus + ]; + }; + cloud = lib.nixosSystem { inherit system; modules = [ - ./nixos - ]; + ./nix + ./host/cloud + ]; + }; + + dockge = lib.nixosSystem { + inherit system; + modules = [ + ./nix + ./host/dockge + ]; + }; + + nix = lib.nixosSystem { + inherit system; + modules = [ + ./nix + ./host/nix + ]; + }; + + proxy = lib.nixosSystem { + inherit system; + modules = [ + ./nix + ./host/proxy + ]; }; }; homeConfigurations = { - toph = home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = [ ./home-manager ]; - }; + toph = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ ./home-manager ]; + }; }; }; } diff --git a/home-manager/default.nix b/home/default.nix similarity index 100% rename from home-manager/default.nix rename to home/default.nix diff --git a/home-manager/modules/fastfetch/default.nix b/home/modules/fastfetch/default.nix similarity index 100% rename from home-manager/modules/fastfetch/default.nix rename to home/modules/fastfetch/default.nix diff --git a/home/modules/fastfetch/host/caenus/oracle.png b/home/modules/fastfetch/host/caenus/oracle.png new file mode 100644 index 0000000..18adc2f Binary files /dev/null and b/home/modules/fastfetch/host/caenus/oracle.png differ diff --git a/home/modules/fastfetch/host/caenus/oracle.txt b/home/modules/fastfetch/host/caenus/oracle.txt new file mode 100644 index 0000000..fa5f9c6 --- /dev/null +++ b/home/modules/fastfetch/host/caenus/oracle.txt @@ -0,0 +1,12 @@ + + + + [?25l โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„  + โ–„โ–„โ•ณโ•ณโ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ•ณโ•ณโ–„โ–„  + โ–Œโ•ณโ•ณโ–„โ–„ โ–„โ–„โ•ณโ•ณโ–Œ + โ–Œโ•ณโ•ณโ–Œ โ–Œโ•ณโ•ณโ–Œ + โ–Œโ•ณโ•ณโ–Œ โ–Œโ•ณโ•ณโ–Œ + โ–Œโ•ณโ•ณโ–„โ–„ โ–„โ–„โ•ณโ•ณโ–Œ + โ–„โ–„โ•ณโ•ณโ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ•ณโ•ณโ–„โ–„  + โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„  + [?25h \ No newline at end of file diff --git a/home-manager/modules/fastfetch/cloud.png b/home/modules/fastfetch/host/cloud/cloud.png similarity index 100% rename from home-manager/modules/fastfetch/cloud.png rename to home/modules/fastfetch/host/cloud/cloud.png diff --git a/home-manager/modules/fastfetch/cloud.txt b/home/modules/fastfetch/host/cloud/cloud.txt similarity index 100% rename from home-manager/modules/fastfetch/cloud.txt rename to home/modules/fastfetch/host/cloud/cloud.txt diff --git a/home/modules/fastfetch/host/nix/default.nix b/home/modules/fastfetch/host/nix/default.nix new file mode 100644 index 0000000..effb24a --- /dev/null +++ b/home/modules/fastfetch/host/nix/default.nix @@ -0,0 +1,84 @@ +{ + programs.fastfetch = { + enable = true; + settings = { + logo = { + # Created with Chafa + # chafa -s 26x13 -w 9 --symbols stipple+vhalf --view-size 26x13 nixos.png > nixos.txt + source = builtins.readFile ./nixos.txt; + type = "data"; + position = "left"; + padding = { + top = 0; + }; + }; + display = { + separator = " "; + }; + modules = [ + { + key = "โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ"; + type = "custom"; + } + { + key = "โ”‚ {#31}๏€‡ user {#keys}โ”‚"; + type = "title"; + format = "{user-name}"; + } + { + key = "โ”‚ {#32}๓ฐ‡… host {#keys}โ”‚"; + type = "title"; + format = "{host-name}"; + } + { + key = "โ”‚ {#33}๓ฐ… uptime {#keys}โ”‚"; + type = "uptime"; + } + { + key = "โ”‚ {#34}{icon} distro {#keys}โ”‚"; + type = "os"; + } + { + key = "โ”‚ {#36}๓ฐ‡„ desktop {#keys}โ”‚"; + type = "de"; + } + { + key = "โ”‚ {#32}๏’‰ shell {#keys}โ”‚"; + type = "shell"; + } + { + key = "โ”‚ {#33}๓ฐ› cpu {#keys}โ”‚"; + type = "cpu"; + showPeCoreCount = true; + } + { + key = "โ”‚ {#34}๓ฐ‰‰ disk {#keys}โ”‚"; + type = "disk"; + folders = "/"; + } + { + key = "โ”‚ {#35}๎ฟ… memory {#keys}โ”‚"; + type = "memory"; + } + { + key = "โ”‚ {#36}๓ฐฉŸ network {#keys}โ”‚"; + type = "localip"; + format = "{ipv4} ({ifname})"; + } + { + key = "โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค"; + type = "custom"; + } + { + key = "โ”‚ {#39}๎ฟŒ colors {#keys}โ”‚"; + type = "colors"; + symbol = "circle"; + } + { + key = "โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ"; + type = "custom"; + } + ]; + }; + }; +} \ No newline at end of file diff --git a/home/modules/fastfetch/host/nix/nixos.png b/home/modules/fastfetch/host/nix/nixos.png new file mode 100644 index 0000000..a182000 Binary files /dev/null and b/home/modules/fastfetch/host/nix/nixos.png differ diff --git a/home/modules/fastfetch/host/nix/nixos.txt b/home/modules/fastfetch/host/nix/nixos.txt new file mode 100644 index 0000000..d5c8e8f --- /dev/null +++ b/home/modules/fastfetch/host/nix/nixos.txt @@ -0,0 +1,13 @@ + + [?25l โ–„โ–„โ–„ โ–„โ–„โ–„ โ–„โ–„โ–„  + โ–„โ–„โ–„โ–„ โ–„โ–„โ–„โ–„โ–„โ–„โ–„  + โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„ โ–„โ–„  + โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„ โ–„โ–‘โ–„  + โ–„โ–„โ–„โ–„โ–„ โ–„โ–„โ–„โ–„โ–„โ–„  + โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„ โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–‘ + โ–„โ–„โ–„โ–„โ–„โ–„ โ–„โ–„โ–„  + โ–‘โ–„โ–„ โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„  + โ–„ โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–„โ–‘โ–‘โ–„โ–„โ–„โ–„  + โ–„โ–„โ–„โ–„โ–„โ–„โ–„ โ–„โ–‘โ–„  + โ–„โ–„โ–„ โ–„โ–„โ–„โ–„ โ–„โ–„โ–„  + [?25h \ No newline at end of file diff --git a/home-manager/modules/fish/default.nix b/home/modules/fish/default.nix similarity index 100% rename from home-manager/modules/fish/default.nix rename to home/modules/fish/default.nix diff --git a/home-manager/modules/fish/init.fish b/home/modules/fish/init.fish similarity index 100% rename from home-manager/modules/fish/init.fish rename to home/modules/fish/init.fish diff --git a/host/caenus/default.nix b/host/caenus/default.nix new file mode 100644 index 0000000..a4bee68 --- /dev/null +++ b/host/caenus/default.nix @@ -0,0 +1,60 @@ +{ modulesPath, config, pkgs, ... }: + +let + + hostname = "caenus"; + +in { + + ## MODULES & IMPORTS ## + + imports = + [ + # FRP + ./modules/frp + # Nginx + ./modules/nginx + # Include the results of the hardware scan. + ./hardware.nix + ]; + + ## BOOTLOADER ## + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + ## NETWORKING ## + networking = { + firewall = { + allowedTCPPorts = [ 22 80 443 4040 ]; + allowedUDPPorts = [ 25565 4040 ]; + }; + dhcpcd.enable = false; + hostName = hostname; + networkmanager.enable = true; + useHostResolvConf = false; + }; + + systemd.network = { + enable = true; + networks."50-enp0s6" = { + matchConfig.Name = "enp0s6"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + ## PACKAGES ## + + environment.systemPackages = with pkgs; [ + git + micro + openssh + ranger + sshfs + wget + ]; +} diff --git a/host/caenus/hardware.nix b/host/caenus/hardware.nix new file mode 100644 index 0000000..b83e502 --- /dev/null +++ b/host/caenus/hardware.nix @@ -0,0 +1,42 @@ +# Do not modify this file! It was generated by โ€˜nixos-generate-configโ€™ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/467be3e2-75cb-439f-8255-e1ed3a00c2d8"; + fsType = "ext4"; + }; + + fileSystems."/storage" = + { device = "/dev/disk/by-uuid/a3666a64-591c-45ab-8393-3dd1a0a51d79"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E12E-D69C"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/host/caenus/modules/frp/default.nix b/host/caenus/modules/frp/default.nix new file mode 100644 index 0000000..67427c2 --- /dev/null +++ b/host/caenus/modules/frp/default.nix @@ -0,0 +1,13 @@ +{ + services.frp = { + enable = true; + role = "server"; + settings = { + bindPort = 4040; + auth = { + method = "token"; + token = builtins.readFile ./frp.token; + }; + }; + }; +} \ No newline at end of file diff --git a/host/caenus/modules/frp/frp.token b/host/caenus/modules/frp/frp.token new file mode 100644 index 0000000..862383d --- /dev/null +++ b/host/caenus/modules/frp/frp.token @@ -0,0 +1 @@ +$2b$05$3hq3mA559Yxy679kKbzou..ao9d7annFWAo4MRo0tO04bYJsteWTu \ No newline at end of file diff --git a/host/caenus/modules/frp/frp.token.example b/host/caenus/modules/frp/frp.token.example new file mode 100644 index 0000000..d4aa30e --- /dev/null +++ b/host/caenus/modules/frp/frp.token.example @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/host/caenus/modules/nginx/default.nix b/host/caenus/modules/nginx/default.nix new file mode 100644 index 0000000..9d681e4 --- /dev/null +++ b/host/caenus/modules/nginx/default.nix @@ -0,0 +1,36 @@ +{ + users.users.nginx.extraGroups = [ "acme" ]; + + # Nginx + services.nginx = { + enable = true; + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = { + "ryot.foo" = { + http2 = true; + forceSSL = true; + useACMEHost = "ryot.foo"; + locations."/".proxyPass = "http://0.0.0.0:8080"; + }; + + "*.ryot.foo" = { + http2 = true; + forceSSL = true; + useACMEHost = "ryot.foo"; + locations."/" = { + proxyPass = "http://0.0.0.0:8080"; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_server_name on; + proxy_pass_header Authorization; + ''; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/host/cloud/default.nix b/host/cloud/default.nix new file mode 100644 index 0000000..eaeff0c --- /dev/null +++ b/host/cloud/default.nix @@ -0,0 +1,71 @@ +{ modulesPath, config, pkgs, ... }: + +let + + hostname = "cloud"; + +in { + + ## MODULES & IMPORTS ## + imports = [ + # Common Modules + ../../common/acme + ../../common/lxc + ../../common/ssh + + # Import hardware configuration. + ./hardware.nix + + # Local Modules + + # cron + ./modules/cron + # Logrotate + ./modules/logrotate + # Nextcloud + ./modules/nextcloud + # Nginx + ./modules/nginx + # Snapraid-runner + ./modules/snapraid + ]; + + ## NETWORKING ## + networking = { + firewall = { + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ ]; + }; + dhcpcd.enable = false; + hostName = hostname; + networkmanager.enable = true; + useDHCP = false; + useHostResolvConf = false; + }; + + systemd.network = { + enable = true; + networks."50-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + ## PACKAGES ## + nixpkgs.overlays = [ (import ./overlays) ]; + environment.systemPackages = with pkgs; [ + git + mergerfs + micro + openssh + ranger + sshfs + snapraid + snapraid-runner + wget + ]; +} diff --git a/nixos/hardware-configuration.nix b/host/cloud/hardware.nix similarity index 72% rename from nixos/hardware-configuration.nix rename to host/cloud/hardware.nix index 9c96edf..0972f43 100644 --- a/nixos/hardware-configuration.nix +++ b/host/cloud/hardware.nix @@ -1,7 +1,5 @@ { - # Treats the system as a container. - boot.isContainer = true; - + # for sshfs programs.fuse.userAllowOther = true; fileSystems = { @@ -17,7 +15,4 @@ options = ["bind" "nofail"]; }; }; - - # Set your system kind (needed for flakes) - nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/nixos/modules/cron/default.nix b/host/cloud/modules/cron/default.nix similarity index 100% rename from nixos/modules/cron/default.nix rename to host/cloud/modules/cron/default.nix diff --git a/nixos/modules/logrotate/default.nix b/host/cloud/modules/logrotate/default.nix similarity index 100% rename from nixos/modules/logrotate/default.nix rename to host/cloud/modules/logrotate/default.nix diff --git a/nixos/modules/logrotate/logrotate.conf b/host/cloud/modules/logrotate/logrotate.conf similarity index 100% rename from nixos/modules/logrotate/logrotate.conf rename to host/cloud/modules/logrotate/logrotate.conf diff --git a/nixos/modules/nextcloud/default.nix b/host/cloud/modules/nextcloud/default.nix similarity index 100% rename from nixos/modules/nextcloud/default.nix rename to host/cloud/modules/nextcloud/default.nix diff --git a/host/cloud/modules/nextcloud/nextcloud-admin-pass b/host/cloud/modules/nextcloud/nextcloud-admin-pass new file mode 100644 index 0000000..00221b9 --- /dev/null +++ b/host/cloud/modules/nextcloud/nextcloud-admin-pass @@ -0,0 +1 @@ +snYBkSxkFZ6a7Y \ No newline at end of file diff --git a/nixos/modules/nginx/default.nix b/host/cloud/modules/nginx/default.nix similarity index 100% rename from nixos/modules/nginx/default.nix rename to host/cloud/modules/nginx/default.nix diff --git a/nixos/modules/snapraid/default.nix b/host/cloud/modules/snapraid/default.nix similarity index 100% rename from nixos/modules/snapraid/default.nix rename to host/cloud/modules/snapraid/default.nix diff --git a/nixos/modules/snapraid/snapraid.conf b/host/cloud/modules/snapraid/snapraid.conf similarity index 100% rename from nixos/modules/snapraid/snapraid.conf rename to host/cloud/modules/snapraid/snapraid.conf diff --git a/host/dockge/default.nix b/host/dockge/default.nix new file mode 100644 index 0000000..84c43d0 --- /dev/null +++ b/host/dockge/default.nix @@ -0,0 +1,55 @@ +{ modulesPath, config, pkgs, ... }: + +let + + hostname = "cloud"; + +in { + + ## MODULES & IMPORTS ## + imports = [ + # Common Modules + ../../common/lxc + ../../common/ssh + + # Import hardware configuration. + ./hardware.nix + + # Local Modules + ]; + + ## NETWORKING ## + networking = { + firewall = { + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ ]; + }; + dhcpcd.enable = false; + hostName = hostname; + networkmanager.enable = true; + useDHCP = false; + useHostResolvConf = false; + }; + + systemd.network = { + enable = true; + networks."50-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + ## PACKAGES ## + environment.systemPackages = with pkgs; [ + git + micro + openssh + ranger + sshfs + wget + ]; +} diff --git a/host/dockge/hardware.nix b/host/dockge/hardware.nix new file mode 100644 index 0000000..fff62ff --- /dev/null +++ b/host/dockge/hardware.nix @@ -0,0 +1,13 @@ +{ + # Treats the system as a container. + boot.isContainer = true; + + # TODO: SSHFS + # fileSystems."/" = { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; + + # Set your system kind (needed for flakes) + nixpkgs.hostPlatform = "x86_64-linux"; +} \ No newline at end of file diff --git a/host/nix/default.nix b/host/nix/default.nix new file mode 100644 index 0000000..dd74a99 --- /dev/null +++ b/host/nix/default.nix @@ -0,0 +1,56 @@ +{ modulesPath, config, pkgs, ... }: +let + + admin = "toph"; + password = "[REDACTED]"; + timeZone = "America/New_York"; + defaultLocale = "en_US.UTF-8"; + +in { + + ## MODULES & IMPORTS ## + imports = [ + # Common Modules + ../../common/lxc + ../../common/ssh + + # Import hardware configuration. + ./hardware.nix + ]; + + ## NETWORKING ## + networking = { + firewall = { + allowedTCPPorts = [ 80 443 ]; + }; + dhcpcd.enable = false; + hostName = hostname; + networkmanager.enable = true; + useDHCP = false; + useHostResolvConf = false; + }; + + systemd.network = { + enable = true; + networks."50-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + ## PACKAGES ## + environment.systemPackages = with pkgs; [ + git + micro + openbox + openssh + ranger + sshfs + wget + x2goserver + ]; +} diff --git a/host/nix/hardware.nix b/host/nix/hardware.nix new file mode 100644 index 0000000..1068b3e --- /dev/null +++ b/host/nix/hardware.nix @@ -0,0 +1,7 @@ +{ + # TODO: SSHFS + # fileSystems."/" = { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; +} diff --git a/host/proxy/default.nix b/host/proxy/default.nix new file mode 100644 index 0000000..acbfc66 --- /dev/null +++ b/host/proxy/default.nix @@ -0,0 +1,61 @@ +{ modulesPath, config, pkgs, ... }: + +let + + hostname = "proxy"; + admin = "toph"; + password = "[REDACTED]"; + timeZone = "America/New_York"; + defaultLocale = "en_US.UTF-8"; + +in { + + ## MODULES & IMPORTS ## + imports = [ + # Common Modules + ../../common/acme + ../../common/lxc + ../../common/ssh + + # Import hardware configuration. + ./hardware.nix + + # Local Modules + + # caddy + ./modules/caddy + ]; + + ## NETWORKING ## + networking = { + firewall = { + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ ]; + }; + dhcpcd.enable = false; + hostName = hostname; + networkmanager.enable = true; + useHostResolvConf = false; + }; + + systemd.network = { + enable = true; + networks."50-net0" = { + matchConfig.Name = "net0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + + ## PACKAGES ## + environment.systemPackages = with pkgs; [ + git + micro + openssh + ranger + sshfs + ]; +} diff --git a/host/proxy/hardware.nix b/host/proxy/hardware.nix new file mode 100644 index 0000000..c6d4323 --- /dev/null +++ b/host/proxy/hardware.nix @@ -0,0 +1,6 @@ +{ + # fileSystems."/" = { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; +} \ No newline at end of file diff --git a/host/proxy/modules/acme/cloudflare.ini.example b/host/proxy/modules/acme/cloudflare.ini.example new file mode 100644 index 0000000..3bb6b44 --- /dev/null +++ b/host/proxy/modules/acme/cloudflare.ini.example @@ -0,0 +1 @@ +CF_DNS_API_TOKEN= \ No newline at end of file diff --git a/nixos/modules/acme/default.nix b/host/proxy/modules/acme/default.nix similarity index 100% rename from nixos/modules/acme/default.nix rename to host/proxy/modules/acme/default.nix diff --git a/host/proxy/modules/caddy/default.nix b/host/proxy/modules/caddy/default.nix new file mode 100644 index 0000000..6b9adcf --- /dev/null +++ b/host/proxy/modules/caddy/default.nix @@ -0,0 +1,107 @@ +{ + services.caddy = { + enable = true; + virtualHosts = { + "ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy 104.40.4.44:80 + ''; + }; + + "adguard.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy opnsense:81 + ''; + }; + + "cloud.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy https://104.40.4.24:443 { + transport http { + tls_insecure_skip_verify + } + } + ''; + }; + + "cloudflared.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:14333 + ''; + }; + + "dash.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:3001 + ''; + }; + + "dazzle.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:8070 + ''; + }; + + "dockge.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:5001 + ''; + }; + + "drive.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:8080 + ''; + }; + + "frp.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:4041 + ''; + }; + + + "home.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:7575 + ''; + }; + + + "nginx.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:81 + ''; + }; + + "pve.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy 10.163.22.82:8006 { + transport http { + tls_insecure_skip_verify + } + } + ''; + }; + + "upsnap.ryot.foo" = { + useACMEHost = "ryot.foo"; + extraConfig = '' + reverse_proxy http://104.40.4.44:8090 + ''; + }; + }; + }; +} \ No newline at end of file diff --git a/host/proxy/modules/nginx/default.nix b/host/proxy/modules/nginx/default.nix new file mode 100644 index 0000000..13db7f9 --- /dev/null +++ b/host/proxy/modules/nginx/default.nix @@ -0,0 +1,18 @@ +{ + + # INFO: migth need at some point so keeping it here + + # Nginx + services.nginx = { + enable = true; + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # Add a virtual host + virtualHosts."ryot.com" = {}; + + }; +} \ No newline at end of file diff --git a/host/proxy/modules/ssh/default.nix b/host/proxy/modules/ssh/default.nix new file mode 100644 index 0000000..f959784 --- /dev/null +++ b/host/proxy/modules/ssh/default.nix @@ -0,0 +1,18 @@ +{ + programs.ssh.startAgent = true; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" + ]; + + services.openssh = { + enable = true; + settings = { + AllowUsers = null; # everyone + GatewayPorts = "yes"; # allow remote port forwarding with AutoSSH + KbdInteractiveAuthentication = false; + PasswordAuthentication = false; + PermitRootLogin = "yes"; + }; + }; +} \ No newline at end of file diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 0000000..1b51bb3 --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,49 @@ +{ modulesPath, config, pkgs, ... }: + +let + + admin = "toph"; + password = "[REDACTED]"; + timeZone = "America/New_York"; + defaultLocale = "en_US.UTF-8"; + +in { + ## TIMEZONE & LOCALE ## + time.timeZone = timeZone; + i18n.defaultLocale = defaultLocale; + + ## USERS ## + users.mutableUsers = false; + users.users."${admin}" = { + isNormalUser = true; + createHome = true; + homeMode = "750"; + home = "/home/${admin}"; + password = password; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" + ]; + }; + + # INFO: Enable passwordless sudo. + security.sudo.extraRules = [{ + users = [ admin ]; + commands = [{ + command = "ALL" ; + options = [ "NOPASSWD" ]; + }]; + }]; + + ## PROGRAMS & SERVICES ## + # Shells + environment.shells = with pkgs; [ bash fish ]; + programs.fish.enable = true; + + ## NIXOS ## + # This value determines the NixOS release with which your system is to be + system.stateVersion = "24.11"; + # Enable Flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} \ No newline at end of file diff --git a/nixos/overlays/default.nix b/nix/overlays/default.nix similarity index 100% rename from nixos/overlays/default.nix rename to nix/overlays/default.nix diff --git a/nixos/pkgs/snapraid-runner/default.nix b/nix/pkgs/snapraid-runner/default.nix similarity index 100% rename from nixos/pkgs/snapraid-runner/default.nix rename to nix/pkgs/snapraid-runner/default.nix diff --git a/nixos/pkgs/snapraid-runner/snapraid-runner.conf b/nix/pkgs/snapraid-runner/snapraid-runner.conf similarity index 100% rename from nixos/pkgs/snapraid-runner/snapraid-runner.conf rename to nix/pkgs/snapraid-runner/snapraid-runner.conf diff --git a/nixos/pkgs/snapraid-runner/snapraid-runner.py b/nix/pkgs/snapraid-runner/snapraid-runner.py similarity index 100% rename from nixos/pkgs/snapraid-runner/snapraid-runner.py rename to nix/pkgs/snapraid-runner/snapraid-runner.py diff --git a/nixos/default.nix b/nixos/default.nix deleted file mode 100644 index 15d98d5..0000000 --- a/nixos/default.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ modulesPath, config, pkgs, ... }: - -let - - hostname = "cloud"; - admin = "toph"; - password = "[REDACTED]"; - timeZone = "America/New_York"; - defaultLocale = "en_US.UTF-8"; - -in { - - ## MODULES & IMPORTS ## - - imports = - [ - # Include the default lxc/lxd configuration. - "${modulesPath}/virtualisation/lxc-container.nix" - # Import hardware configuration. - ./hardware-configuration.nix - - # Module imports - - # ACME - ./modules/acme - # cron - ./modules/cron - # Logrotate - ./modules/logrotate - # Nextcloud - ./modules/nextcloud - # Nginx - ./modules/nginx - # Snapraid-runner - ./modules/snapraid - # SSH - ./modules/ssh - ]; - - ## NETWORKING ## - networking = { - firewall = { - allowedTCPPorts = [ 80 443 ]; - }; - dhcpcd.enable = false; - hostName = hostname; - networkmanager.enable = true; - useDHCP = false; - useHostResolvConf = false; - }; - - systemd.network = { - enable = true; - networks."50-eth0" = { - matchConfig.Name = "eth0"; - networkConfig = { - DHCP = "ipv4"; - IPv6AcceptRA = true; - }; - linkConfig.RequiredForOnline = "routable"; - }; - }; - - ## TIMEZONE & LOCALE ## - time.timeZone = timeZone; - i18n.defaultLocale = defaultLocale; - - ## USERS ## - users = { - mutableUsers = false; - users = { - "${admin}" = { - isNormalUser = true; - createHome = true; - homeMode = "750"; - home = "/home/${admin}"; - password = password; - extraGroups = [ "wheel" ]; - shell = pkgs.fish; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE" - ]; - }; - - nextcloud.extraGroups = [ "users" "root" "wheel" ]; - nextcloud.homeMode = "750"; - }; - }; - - # INFO: Enable passwordless sudo. - security.sudo.extraRules= [ - { users = [ admin ]; - commands = [ - { command = "ALL" ; - options= [ "NOPASSWD" ]; - } - ]; - } - ]; - - ## PACKAGES ## - - nixpkgs.overlays = [ (import ./overlays) ]; - environment.systemPackages = with pkgs; [ - git - mergerfs - micro - openssh - ranger - sshfs - snapraid - snapraid-runner - wget - ]; - - ## PROGRAMS & SERVICES ## - - # Shells - environment.shells = with pkgs; [ bash fish ]; - programs.fish.enable = true; - - ## NIXOS ## - - # LXC specific configuration - # Supress systemd units that don't work because of LXC. - # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; - - # This value determines the NixOS release with which your system is to be - system.stateVersion = "24.11"; - # Enable Flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; -}