From 23a6282e6d2314fa2585ac24a092f050293d3ad8 Mon Sep 17 00:00:00 2001 From: Wateir Date: Tue, 23 Dec 2025 16:47:50 +0100 Subject: [PATCH] feat : Refractor my host specific to be more generic --- .gitignore | 1 - configuration.nix | 89 ++++++++++++++++------------ default.nix | 81 ------------------------- flake.nix | 24 ++++---- host.nix | 11 ---- host/default.nix | 14 +++++ host/hard-ThinkCentre-Server-004.nix | 33 +++++++++++ module/default.nix | 68 ++++++++++++++++++++- module/forgejo.nix | 18 ++++++ package.nix | 20 ------- 10 files changed, 196 insertions(+), 163 deletions(-) delete mode 100644 default.nix delete mode 100644 host.nix create mode 100644 host/default.nix create mode 100644 host/hard-ThinkCentre-Server-004.nix create mode 100644 module/forgejo.nix delete mode 100644 package.nix diff --git a/.gitignore b/.gitignore index 577b0a0..e69de29 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +0,0 @@ -hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix index 234ab72..49f0f23 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,18 +1,44 @@ -{ config,pkgs,lib, ... }: +{ config,pkgs,lib,hostName, ... }: { system.stateVersion = "25.11"; imports = [ - ./hardware-configuration.nix - ./package.nix - ./host.nix - ./default.nix + ./host ./module ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + micro + git + cloudflared + cloudflare-warp + zoxide + fzf + sqlite + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + ]; + environment.variables = { + TERM = "xterm-256color"; + }; + + programs = { + zsh.enable = true; # Mandatory for the user manager + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + #mtr.enable = true; + #gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + }; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; boot = { loader = { @@ -23,7 +49,7 @@ }; networking = { - hostName = "ThinkCentre-Server-004"; # Define your hostname. + hostName = hostName; # Define your hostname. #wireless.enable = true; # Enables wireless support via wpa_supplicant. #proxy.default = "http://user:password@proxy:port/"; #proxy.noProxy = "127.0.0.1,localhost,internal.domain"; @@ -49,10 +75,25 @@ }; }; - services.xserver.xkb = { - layout = "fr"; - variant = "azerty"; + services = { + xserver.xkb = { + layout = "fr"; + variant = "azerty"; + }; + openssh = { + enable = true; + settings.Macs = [ + # Current defaults: + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + # Cloudfare: + "hmac-sha2-256" + ]; + }; }; + # Allow unfree packages + nixpkgs.config.allowUnfree = true; users.users.manager = { isNormalUser = true; @@ -98,32 +139,4 @@ }); ''; }; - - programs = { - zsh.enable = true; # Mandatory for the user manager - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - #mtr.enable = true; - #gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - }; - - environment.variables = { - TERM = "xterm-256color"; - }; - - services.openssh = { - enable = true; - settings.Macs = [ - # Current defaults: - "hmac-sha2-512-etm@openssh.com" - "hmac-sha2-256-etm@openssh.com" - "umac-128-etm@openssh.com" - # Cloudfare: - "hmac-sha2-256" - ]; - }; } diff --git a/default.nix b/default.nix deleted file mode 100644 index cdc2318..0000000 --- a/default.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, ... }: - -with lib; - -let - mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption { - description = "Configuration for the ${desc}"; - default = {}; - type = types.submodule { - options = { - enable = mkEnableOption desc // { default = defaultEnabled; }; - } // extraOpts; - }; - }; - - mkPortOption = default: mkOption { - type = types.port; - default = default; - description = "Port for the service to listen on."; - }; - -in { - options.module = { - domain = mkOption { - type = types.str; - default = "wateir.fr"; - }; - - hostName = mkOption { - type = types.str; - default = "${config.networking.hostName}.${config.module.domain}"; - description = "Global FQDN for all hosted services."; - }; - - smtpServer = mkServiceOption { - desc = "Mail Service with Environment Credentials"; - extraOpts = { - username = lib.mkOption { type = lib.types.str; }; - password = lib.mkOption { type = lib.types.str; }; - - host = lib.mkOption { - type = types.str; - default = "tls://smtp.purelymail.com"; - }; - - port = lib.mkOption { type = lib.types.port; default = 465; }; - }; - }; - - acme = mkServiceOption { - desc = "ACME DNS Challenge"; - }; - - tailscale = mkServiceOption { - desc = "Tailscale VPN"; - defaultEnabled = true; - }; - - newt = mkServiceOption { - desc = "Newt custom wireguard tunnel"; - }; - - roundcube = mkServiceOption { - desc = "Roundcube webapp"; - extraOpts = { port = mkPortOption 1984; }; - }; - - vaultwarden = mkServiceOption { - desc = "Vaultwarden password manager"; - extraOpts = { - externalPort = mkPortOption 8000; - internalPort = mkPortOption 8222; - }; - }; - - searxng = mkServiceOption { - desc = "SearXNG meta-search engine"; - extraOpts = { port = mkPortOption 1692; }; - }; - }; -} diff --git a/flake.nix b/flake.nix index 2b7f9b0..15bb698 100644 --- a/flake.nix +++ b/flake.nix @@ -9,16 +9,20 @@ outputs = { self, nixpkgs, agenix, ... }: let system = "x86_64-linux"; + mkHost = hostName: nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit hostName; }; + modules = [ + ./configuration.nix + (./. + "/host/hard-${hostName}.nix") + agenix.nixosModules.default + { networking.hostName = hostName; } + ]; + }; in { - nixosConfigurations.ThinkCentre-Server-004 = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - ./configuration.nix - agenix.nixosModules.default - { - environment.systemPackages = [ agenix.packages.${system}.default ]; - } - ]; + nixosConfigurations = { + "ThinkCentre-Server-004" = mkHost "ThinkCentre-Server-004"; + "VPS-Server-005" = mkHost "VPS-Server-005"; + }; }; - }; } diff --git a/host.nix b/host.nix deleted file mode 100644 index 70b3f70..0000000 --- a/host.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, ... }: - -{ - config = lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") { - module.vaultwarden.enable = true; - module.roundcube.enable = true; - module.searxng.enable = true; - module.acme.enable = true; - module.newt.enable = true; - }; -} diff --git a/host/default.nix b/host/default.nix new file mode 100644 index 0000000..cff6cb8 --- /dev/null +++ b/host/default.nix @@ -0,0 +1,14 @@ +{ config, lib, hostName, ... }: +let + hostConfigs = { + ThinkCentre-Server-004 = { + module.vaultwarden.enable = true; + module.roundcube.enable = true; + module.searxng.enable = true; + module.acme.enable = true; + module.newt.enable = true; + }; + }; +in { + config = hostConfigs.${hostName}; +} diff --git a/host/hard-ThinkCentre-Server-004.nix b/host/hard-ThinkCentre-Server-004.nix new file mode 100644 index 0000000..89b236d --- /dev/null +++ b/host/hard-ThinkCentre-Server-004.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/d0cdb124-21fc-444d-847f-addf3561ce7f"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9A69-F2F6"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d5604472-7e21-4894-b30b-d4c4a0cdd945"; } + ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/module/default.nix b/module/default.nix index 4121ca5..bec5d10 100644 --- a/module/default.nix +++ b/module/default.nix @@ -1,5 +1,25 @@ -{ ... }: -{ +{ config, lib, ... }: + +with lib; + +let + mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption { + description = "Configuration for the ${desc}"; + default = {}; + type = types.submodule { + options = { + enable = mkEnableOption desc // { default = defaultEnabled; }; + } // extraOpts; + }; + }; + + mkPortOption = default: mkOption { + type = types.port; + default = default; + description = "Port for the service to listen on."; + }; + +in { imports = [ ./nginx.nix ./newt.nix @@ -9,4 +29,48 @@ ./roundcube.nix ./vaultWarden.nix ]; + + options.module = { + domain = mkOption { + type = types.str; + default = "wateir.fr"; + }; + + hostName = mkOption { + type = types.str; + default = "${config.networking.hostName}.${config.module.domain}"; + description = "Global FQDN for all hosted services."; + }; + + acme = mkServiceOption { + desc = "ACME DNS Challenge"; + }; + + tailscale = mkServiceOption { + desc = "Tailscale VPN"; + defaultEnabled = true; + }; + + newt = mkServiceOption { + desc = "Newt custom wireguard tunnel"; + }; + + roundcube = mkServiceOption { + desc = "Roundcube webapp"; + extraOpts = { port = mkPortOption 1984; }; + }; + + vaultwarden = mkServiceOption { + desc = "Vaultwarden password manager"; + extraOpts = { + externalPort = mkPortOption 8000; + internalPort = mkPortOption 8222; + }; + }; + + searxng = mkServiceOption { + desc = "SearXNG meta-search engine"; + extraOpts = { port = mkPortOption 1692; }; + }; + }; } diff --git a/module/forgejo.nix b/module/forgejo.nix new file mode 100644 index 0000000..fd45712 --- /dev/null +++ b/module/forgejo.nix @@ -0,0 +1,18 @@ +{ config,lib, ... }: + +lib.mkIf config.module.forgejo.enable { + services.forgejo = { + enable = true; + database.type = "postgres"; + # Enable support for Git Large File Storage + lfs.enable = true; + settings = { + server = { + DOMAIN = "git.example.com"; + # You need to specify this to remove the port from URLs in the web UI. + ROOT_URL = "https://${srv.DOMAIN}/"; + HTTP_PORT = 3000; + }; + }; + }; +} diff --git a/package.nix b/package.nix deleted file mode 100644 index 18fbed2..0000000 --- a/package.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: - -{ - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - micro - git - cloudflared - cloudflare-warp - zoxide - fzf - sqlite - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; -}