Wateir/NixServerConfig
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat : Refractor my host specific to be more generic

Browse source
This commit is contained in:
Wateir 2025-12-23 16:47:50 +01:00
parent 0d29fd5686
commit 23a6282e6d
10 changed files with 196 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1 +0,0 @@
hardware-configuration.nix

89
configuration.nix
View file

@ -1,18 +1,44 @@
{ config,pkgs,lib, ... }: { config,pkgs,lib,hostName, ... }:
{ {
system.stateVersion = "25.11"; system.stateVersion = "25.11";
imports = [ imports = [
./hardware-configuration.nix ./host
./package.nix
./host.nix
./default.nix
./module ./module
]; ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; # List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
micro
git
cloudflared
cloudflare-warp
zoxide
fzf
sqlite
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
environment.variables = {
TERM = "xterm-256color";
};
programs = {
zsh.enable = true; # Mandatory for the user manager
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
#mtr.enable = true;
#gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot = { boot = {
loader = { loader = {
@ -23,7 +49,7 @@
}; };
networking = { networking = {
hostName = "ThinkCentre-Server-004"; # Define your hostname. hostName = hostName; # Define your hostname.
#wireless.enable = true; # Enables wireless support via wpa_supplicant. #wireless.enable = true; # Enables wireless support via wpa_supplicant.
#proxy.default = "http://user:password@proxy:port/"; #proxy.default = "http://user:password@proxy:port/";
#proxy.noProxy = "127.0.0.1,localhost,internal.domain"; #proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@ -49,10 +75,25 @@
}; };
}; };
services.xserver.xkb = { services = {
layout = "fr"; xserver.xkb = {
variant = "azerty"; layout = "fr";
variant = "azerty";
};
openssh = {
enable = true;
settings.Macs = [
# Current defaults:
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
# Cloudfare:
"hmac-sha2-256"
];
};
}; };
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
users.users.manager = { users.users.manager = {
isNormalUser = true; isNormalUser = true;
@ -98,32 +139,4 @@
}); });
''; '';
}; };
programs = {
zsh.enable = true; # Mandatory for the user manager
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
#mtr.enable = true;
#gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
};
environment.variables = {
TERM = "xterm-256color";
};
services.openssh = {
enable = true;
settings.Macs = [
# Current defaults:
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
# Cloudfare:
"hmac-sha2-256"
];
};
} }

81
default.nix
View file

@ -1,81 +0,0 @@
{ config, lib, ... }:
with lib;
let
mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
description = "Configuration for the ${desc}";
default = {};
type = types.submodule {
options = {
enable = mkEnableOption desc // { default = defaultEnabled; };
} // extraOpts;
};
};
mkPortOption = default: mkOption {
type = types.port;
default = default;
description = "Port for the service to listen on.";
};
in {
options.module = {
domain = mkOption {
type = types.str;
default = "wateir.fr";
};
hostName = mkOption {
type = types.str;
default = "${config.networking.hostName}.${config.module.domain}";
description = "Global FQDN for all hosted services.";
};
smtpServer = mkServiceOption {
desc = "Mail Service with Environment Credentials";
extraOpts = {
username = lib.mkOption { type = lib.types.str; };
password = lib.mkOption { type = lib.types.str; };
host = lib.mkOption {
type = types.str;
default = "tls://smtp.purelymail.com";
};
port = lib.mkOption { type = lib.types.port; default = 465; };
};
};
acme = mkServiceOption {
desc = "ACME DNS Challenge";
};
tailscale = mkServiceOption {
desc = "Tailscale VPN";
defaultEnabled = true;
};
newt = mkServiceOption {
desc = "Newt custom wireguard tunnel";
};
roundcube = mkServiceOption {
desc = "Roundcube webapp";
extraOpts = { port = mkPortOption 1984; };
};
vaultwarden = mkServiceOption {
desc = "Vaultwarden password manager";
extraOpts = {
externalPort = mkPortOption 8000;
internalPort = mkPortOption 8222;
};
};
searxng = mkServiceOption {
desc = "SearXNG meta-search engine";
extraOpts = { port = mkPortOption 1692; };
};
};
}

24
flake.nix
View file

@ -9,16 +9,20 @@
outputs = { self, nixpkgs, agenix, ... }: outputs = { self, nixpkgs, agenix, ... }:
let let
system = "x86_64-linux"; system = "x86_64-linux";
mkHost = hostName: nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = { inherit hostName; };
modules = [
./configuration.nix
(./. + "/host/hard-${hostName}.nix")
agenix.nixosModules.default
{ networking.hostName = hostName; }
];
};
in { in {
nixosConfigurations.ThinkCentre-Server-004 = nixpkgs.lib.nixosSystem { nixosConfigurations = {
inherit system; "ThinkCentre-Server-004" = mkHost "ThinkCentre-Server-004";
modules = [ "VPS-Server-005" = mkHost "VPS-Server-005";
./configuration.nix };
agenix.nixosModules.default
{
environment.systemPackages = [ agenix.packages.${system}.default ];
}
];
}; };
};
} }

11
host.nix
View file

@ -1,11 +0,0 @@
{ config, lib, ... }:
{
config = lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
module.vaultwarden.enable = true;
module.roundcube.enable = true;
module.searxng.enable = true;
module.acme.enable = true;
module.newt.enable = true;
};
}

14
host/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, hostName, ... }:
let
hostConfigs = {
ThinkCentre-Server-004 = {
module.vaultwarden.enable = true;
module.roundcube.enable = true;
module.searxng.enable = true;
module.acme.enable = true;
module.newt.enable = true;
};
};
in {
config = hostConfigs.${hostName};
}

33
host/hard-ThinkCentre-Server-004.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d0cdb124-21fc-444d-847f-addf3561ce7f";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9A69-F2F6";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d5604472-7e21-4894-b30b-d4c4a0cdd945"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

68
module/default.nix
View file

@ -1,5 +1,25 @@
{ ... }: { config, lib, ... }:
{
with lib;
let
mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
description = "Configuration for the ${desc}";
default = {};
type = types.submodule {
options = {
enable = mkEnableOption desc // { default = defaultEnabled; };
} // extraOpts;
};
};
mkPortOption = default: mkOption {
type = types.port;
default = default;
description = "Port for the service to listen on.";
};
in {
imports = [ imports = [
./nginx.nix ./nginx.nix
./newt.nix ./newt.nix
@ -9,4 +29,48 @@
./roundcube.nix ./roundcube.nix
./vaultWarden.nix ./vaultWarden.nix
]; ];
options.module = {
domain = mkOption {
type = types.str;
default = "wateir.fr";
};
hostName = mkOption {
type = types.str;
default = "${config.networking.hostName}.${config.module.domain}";
description = "Global FQDN for all hosted services.";
};
acme = mkServiceOption {
desc = "ACME DNS Challenge";
};
tailscale = mkServiceOption {
desc = "Tailscale VPN";
defaultEnabled = true;
};
newt = mkServiceOption {
desc = "Newt custom wireguard tunnel";
};
roundcube = mkServiceOption {
desc = "Roundcube webapp";
extraOpts = { port = mkPortOption 1984; };
};
vaultwarden = mkServiceOption {
desc = "Vaultwarden password manager";
extraOpts = {
externalPort = mkPortOption 8000;
internalPort = mkPortOption 8222;
};
};
searxng = mkServiceOption {
desc = "SearXNG meta-search engine";
extraOpts = { port = mkPortOption 1692; };
};
};
} }

18
module/forgejo.nix Normal file
View file

@ -0,0 +1,18 @@
{ config,lib, ... }:
lib.mkIf config.module.forgejo.enable {
services.forgejo = {
enable = true;
database.type = "postgres";
# Enable support for Git Large File Storage
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.example.com";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
};
};
};
}

20
package.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }:
{
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
micro
git
cloudflared
cloudflare-warp
zoxide
fzf
sqlite
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
}