feat : Refractor my host specific to be more generic

2025-12-23 16:47:50 +01:00 · 2025-12-23 16:47:50 +01:00 · 23a6282e6d
commit 23a6282e6d
parent 0d29fd5686
10 changed files with 196 additions and 163 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
-hardware-configuration.nix
--- a/configuration.nix
+++ b/configuration.nix
@ -1,18 +1,44 @@
-{ config,pkgs,lib, ... }:
+{ config,pkgs,lib,hostName, ... }:

 {
  system.stateVersion = "25.11";

  imports = [
-    ./hardware-configuration.nix
-    ./package.nix
-    ./host.nix
-    ./default.nix
+    ./host
    ./module
  ];

-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    micro
+    git
+    cloudflared
+    cloudflare-warp
+    zoxide
+    fzf
+    sqlite
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #  wget
+  ];

+  environment.variables = {
+    TERM = "xterm-256color";
+  };
+
+  programs = {
+    zsh.enable = true; # Mandatory for the user manager
+
+    # Some programs need SUID wrappers, can be configured further or are
+    # started in user sessions.
+    #mtr.enable = true;
+    #gnupg.agent = {
+    #   enable = true;
+    #   enableSSHSupport = true;
+    # };
+  };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];

  boot = {
    loader = {
@ -23,7 +49,7 @@
  };

  networking = {
-    hostName = "ThinkCentre-Server-004"; # Define your hostname.
+    hostName = hostName; # Define your hostname.
    #wireless.enable = true;  # Enables wireless support via wpa_supplicant.
    #proxy.default = "http://user:password@proxy:port/";
    #proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@ -49,10 +75,25 @@
    };
  };

-  services.xserver.xkb = {
-    layout = "fr";
-    variant = "azerty";
+  services = {
+    xserver.xkb = {
+      layout = "fr";
+      variant = "azerty";
+    };
+    openssh = {
+      enable = true;
+      settings.Macs = [
+        # Current defaults:
+        "hmac-sha2-512-etm@openssh.com"
+        "hmac-sha2-256-etm@openssh.com"
+        "umac-128-etm@openssh.com"
+        # Cloudfare:
+        "hmac-sha2-256"
+      ];
+    };
  };
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;

  users.users.manager = {
    isNormalUser = true;
@ -98,32 +139,4 @@
      });
    '';
  };
-
-  programs = {
-    zsh.enable = true; # Mandatory for the user manager
-
-    # Some programs need SUID wrappers, can be configured further or are
-    # started in user sessions.
-    #mtr.enable = true;
-    #gnupg.agent = {
-    #   enable = true;
-    #   enableSSHSupport = true;
-    # };
-  };
-
-  environment.variables = {
-    TERM = "xterm-256color";
-  };
-
-  services.openssh = {
-    enable = true;
-    settings.Macs = [
-      # Current defaults:
-      "hmac-sha2-512-etm@openssh.com"
-      "hmac-sha2-256-etm@openssh.com"
-      "umac-128-etm@openssh.com"
-      # Cloudfare:
-      "hmac-sha2-256"
-    ];
-  };
 }
--- a/default.nix
+++ b/default.nix
@ -1,81 +0,0 @@
-{ config, lib, ... }:
-
-with lib;
-
-let
-  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
-    description = "Configuration for the ${desc}";
-    default = {};
-    type = types.submodule {
-      options = {
-        enable = mkEnableOption desc // { default = defaultEnabled; };
-      } // extraOpts;
-    };
-  };
-
-  mkPortOption = default: mkOption {
-    type = types.port;
-    default = default;
-    description = "Port for the service to listen on.";
-  };
-
-in {
-  options.module = {
-    domain = mkOption {
-      type = types.str;
-      default = "wateir.fr";
-    };
-
-    hostName = mkOption {
-      type = types.str;
-      default = "${config.networking.hostName}.${config.module.domain}";
-      description = "Global FQDN for all hosted services.";
-    };
-
-    smtpServer = mkServiceOption {
-      desc = "Mail Service with Environment Credentials";
-      extraOpts = {
-        username = lib.mkOption { type = lib.types.str; };
-        password = lib.mkOption { type = lib.types.str; };
-
-        host = lib.mkOption {
-          type = types.str;
-          default = "tls://smtp.purelymail.com";
-        };
-
-        port = lib.mkOption { type = lib.types.port; default = 465; };
-      };
-    };
-
-    acme = mkServiceOption {
-      desc = "ACME DNS Challenge";
-    };
-
-    tailscale = mkServiceOption {
-      desc = "Tailscale VPN";
-      defaultEnabled = true;
-    };
-
-    newt = mkServiceOption {
-      desc = "Newt custom wireguard tunnel";
-    };
-
-    roundcube = mkServiceOption {
-      desc = "Roundcube webapp";
-      extraOpts = { port = mkPortOption 1984; };
-    };
-
-    vaultwarden = mkServiceOption {
-      desc = "Vaultwarden password manager";
-      extraOpts = {
-        externalPort = mkPortOption 8000;
-        internalPort = mkPortOption 8222;
-      };
-    };
-
-    searxng = mkServiceOption {
-      desc = "SearXNG meta-search engine";
-      extraOpts = { port = mkPortOption 1692; };
-    };
-  };
-}
--- a/flake.nix
+++ b/flake.nix
@ -9,16 +9,20 @@
  outputs = { self, nixpkgs, agenix, ... }:
    let
      system = "x86_64-linux";
+      mkHost = hostName: nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = { inherit hostName; };
+        modules = [
+          ./configuration.nix
+          (./. + "/host/hard-${hostName}.nix")
+          agenix.nixosModules.default
+          { networking.hostName = hostName; }
+        ];
+      };
    in {
-    nixosConfigurations.ThinkCentre-Server-004 = nixpkgs.lib.nixosSystem {
-      inherit system;
-      modules = [
-        ./configuration.nix
-        agenix.nixosModules.default
-        {
-          environment.systemPackages = [ agenix.packages.${system}.default ];
-        }
-      ];
+      nixosConfigurations = {
+        "ThinkCentre-Server-004" = mkHost "ThinkCentre-Server-004";
+        "VPS-Server-005" = mkHost "VPS-Server-005";
+      };
    };
-  };
 }
--- a/host.nix
+++ b/host.nix
@ -1,11 +0,0 @@
-{ config, lib, ... }:
-
-{
-  config = lib.mkIf (config.networking.hostName == "ThinkCentre-Server-004") {
-    module.vaultwarden.enable = true;
-    module.roundcube.enable   = true;
-    module.searxng.enable     = true;
-    module.acme.enable        = true;
-    module.newt.enable        = true;
-  };
-}
--- a/host/default.nix
+++ b/host/default.nix
@ -0,0 +1,14 @@
+{ config, lib, hostName, ... }:
+let
+  hostConfigs = {
+    ThinkCentre-Server-004 = {
+      module.vaultwarden.enable = true;
+      module.roundcube.enable   = true;
+      module.searxng.enable     = true;
+      module.acme.enable        = true;
+      module.newt.enable        = true;
+    };
+  };
+in {
+  config = hostConfigs.${hostName};
+}
--- a/host/hard-ThinkCentre-Server-004.nix
+++ b/host/hard-ThinkCentre-Server-004.nix
@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/d0cdb124-21fc-444d-847f-addf3561ce7f";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/9A69-F2F6";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/d5604472-7e21-4894-b30b-d4c4a0cdd945"; }
+    ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/module/default.nix
+++ b/module/default.nix
@ -1,5 +1,25 @@
-{ ... }:
-{
+{ config, lib, ... }:
+
+with lib;
+
+let
+  mkServiceOption = { desc, defaultEnabled ? false, extraOpts ? {} }: mkOption {
+    description = "Configuration for the ${desc}";
+    default = {};
+    type = types.submodule {
+      options = {
+        enable = mkEnableOption desc // { default = defaultEnabled; };
+      } // extraOpts;
+    };
+  };
+
+  mkPortOption = default: mkOption {
+    type = types.port;
+    default = default;
+    description = "Port for the service to listen on.";
+  };
+
+in {
  imports = [
    ./nginx.nix
    ./newt.nix
@ -9,4 +29,48 @@
    ./roundcube.nix
    ./vaultWarden.nix
  ];
+
+  options.module = {
+    domain = mkOption {
+      type = types.str;
+      default = "wateir.fr";
+    };
+
+    hostName = mkOption {
+      type = types.str;
+      default = "${config.networking.hostName}.${config.module.domain}";
+      description = "Global FQDN for all hosted services.";
+    };
+
+    acme = mkServiceOption {
+      desc = "ACME DNS Challenge";
+    };
+
+    tailscale = mkServiceOption {
+      desc = "Tailscale VPN";
+      defaultEnabled = true;
+    };
+
+    newt = mkServiceOption {
+      desc = "Newt custom wireguard tunnel";
+    };
+
+    roundcube = mkServiceOption {
+      desc = "Roundcube webapp";
+      extraOpts = { port = mkPortOption 1984; };
+    };
+
+    vaultwarden = mkServiceOption {
+      desc = "Vaultwarden password manager";
+      extraOpts = {
+        externalPort = mkPortOption 8000;
+        internalPort = mkPortOption 8222;
+      };
+    };
+
+    searxng = mkServiceOption {
+      desc = "SearXNG meta-search engine";
+      extraOpts = { port = mkPortOption 1692; };
+    };
+  };
 }
--- a/module/forgejo.nix
+++ b/module/forgejo.nix
@ -0,0 +1,18 @@
+{ config,lib, ... }:
+
+lib.mkIf config.module.forgejo.enable {
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    # Enable support for Git Large File Storage
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.example.com";
+        # You need to specify this to remove the port from URLs in the web UI.
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+      };
+    };
+  };
+}
--- a/package.nix
+++ b/package.nix
@ -1,20 +0,0 @@
-{ pkgs, ... }:
-
-{
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    micro
-    git
-    cloudflared
-    cloudflare-warp
-    zoxide
-    fzf
-    sqlite
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #  wget
-  ];
-}