diff --git a/config.ini b/config.ini index 4c3b3fa..631e751 100644 --- a/config.ini +++ b/config.ini @@ -6,7 +6,7 @@ port = 6600 [ui] hostname = [::1] -port = 8443 +port = 443 tls = yes cert = cert.pem key = key.pem diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..3ed841b --- /dev/null +++ b/configuration.nix @@ -0,0 +1,109 @@ +{ lib, pkgs, ... }: + +{ + networking = { + hostName = "sanic"; + useNetworkd = true; + nameservers = [ + "172.23.42.1" + ]; + defaultGateway = { + address = "172.23.42.1"; + interface = "eth0"; + }; + interfaces.eth0 = { + ipv4.addresses = [{ + address = "172.23.43.102"; + prefixLength = 23; + }]; + }; + }; + services.resolved = { + enable = true; + llmnr = "true"; + dnssec = "allow-downgrade"; + dnsovertls = "opportunistic"; + }; + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "en_US.UTF-8"; + + users.users.xengi = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11" + ]; + packages = with pkgs; [ + kitty # for terminfo + ]; + }; + + nix = { + optimise = { + automatic = true; + dates = [ "00:00" ]; + }; + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + }; + gc = { + automatic = true; + options = "--delete-older-than 10d"; + }; + }; + + environment.systemPackages = with pkgs; [ + git # required for flakes + vim + nvd + ]; + + services = { + openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; + }; + + programs = { + fish = { + enable = true; + interactiveShellInit = '' + function upgrade --description "Upgrade NixOS system" + cd /etc/nixos + nix flake update + cd - + nixos-rebuild switch --upgrade + nvd diff (ls -d1v /nix/var/nix/profiles/system-*-link|tail -n 2) + end + ''; + }; + vim.defaultEditor = true; + mtr.enable = true; + }; + + security = { + sudo.execWheelOnly = true; + }; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 80 # HTTP/1 + 443 # HTTP/2 + ]; + allowedUDPPorts = [ + 443 # HTTP/3 + ]; + }; + + system.stateVersion = "24.05"; +} + diff --git a/flake.lock b/flake.lock index 5273d21..14fcec4 100644 --- a/flake.lock +++ b/flake.lock @@ -43,16 +43,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1722957468, - "narHash": "sha256-SQ0TCC4aklOhN/OzcztrKqDLY8SjpIZcyvTulzhDXs0=", + "lastModified": 1723282977, + "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2a13929e1f191b3690dd2f2db13098b04adb9043", + "rev": "a781ff33ae258bbcfd4ed6e673860c3e923bf2cc", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index bb94005..d3e5102 100644 --- a/flake.nix +++ b/flake.nix @@ -1,10 +1,10 @@ { - description = "chaos music control"; + description = "sanic - chaos music control"; inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - flake-utils.url = "github:numtide/flake-utils"; + nixpkgs.url = github:NixOS/nixpkgs/nixos-24.05; + flake-utils.url = github:numtide/flake-utils; gomod2nix = { - url = "github:tweag/gomod2nix"; + url = github:tweag/gomod2nix; inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils"; }; @@ -36,6 +36,18 @@ mpc-cli ]; }; + nixosConfigurations."sanic" = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + { + environment.systemPackages = with pkgs; [ + sanic + ]; + } + "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + ./configuration.nix + ]; + }; } ); }