From 164795dfd29d40eb19db81baca79da076403f66c Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Sat, 26 Oct 2024 18:15:50 +0200 Subject: [PATCH] split up files more --- home/gnome-shared-dconf.nix | 42 ++++++++++++++++++++++ home/gnome.nix | 43 +---------------------- home/vinzenz/default.nix | 34 ++---------------- home/vinzenz/editorconfig.nix | 17 +++++++++ hosts/hetzner-vpn1/default.nix | 54 +---------------------------- hosts/hetzner-vpn1/nginx.nix | 52 +++++++++++++++++++++++++++ hosts/vinzenz-lpt2/default.nix | 41 ++-------------------- hosts/vinzenz-lpt2/nginx.nix | 26 ++++++++++++++ hosts/vinzenz-pc2/default.nix | 22 ++---------- hosts/vinzenz-pc2/vscode-server.nix | 16 +++++++++ modules/podman.nix | 11 ++++++ 11 files changed, 172 insertions(+), 186 deletions(-) create mode 100644 home/gnome-shared-dconf.nix create mode 100644 home/vinzenz/editorconfig.nix create mode 100644 hosts/hetzner-vpn1/nginx.nix create mode 100644 hosts/vinzenz-lpt2/nginx.nix create mode 100644 hosts/vinzenz-pc2/vscode-server.nix create mode 100644 modules/podman.nix diff --git a/home/gnome-shared-dconf.nix b/home/gnome-shared-dconf.nix new file mode 100644 index 0000000..58133e7 --- /dev/null +++ b/home/gnome-shared-dconf.nix @@ -0,0 +1,42 @@ +{ + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + clock-show-seconds = true; + show-battery-percentage = true; + }; + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = true; + }; + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = true; + }; + "org/gnome/desktop/peripherals/touchpad" = { + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + "org/gnome/tweaks" = { + show-extensions-notice = false; + }; + "org/gnome/shell" = { + disable-user-extensions = false; + disabled-extensions = []; + enabled-extensions = [ + "appindicatorsupport@rgcjonas.gmail.com" + "workspace-indicator@gnome-shell-extensions.gcampax.github.com" + "caffeine@patapon.info" + "GPaste@gnome-shell-extensions.gnome.org" + "gsconnect@andyholmes.github.io" + "solaar-extension@sidevesh" + ]; + }; + "ca/desrt/dconf-editor" = { + show-warning = false; + }; + "org/gnome/desktop/wm/keybindings" = { + switch-windows = ["Tab"]; + switch-windows-backward = ["Tab"]; + switch-applications = ["Tab"]; + switch-applications-backward = ["Tab"]; + }; +} diff --git a/home/gnome.nix b/home/gnome.nix index 828c0ce..c85a98d 100644 --- a/home/gnome.nix +++ b/home/gnome.nix @@ -35,48 +35,7 @@ solaar-extension ]); - dconf.settings = { - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - clock-show-seconds = true; - show-battery-percentage = true; - }; - "org/gnome/mutter" = { - edge-tiling = true; - dynamic-workspaces = true; - }; - "org/gnome/desktop/peripherals/keyboard" = { - numlock-state = true; - }; - "org/gnome/desktop/peripherals/touchpad" = { - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - "org/gnome/tweaks" = { - show-extensions-notice = false; - }; - "org/gnome/shell" = { - disable-user-extensions = false; - disabled-extensions = []; - enabled-extensions = [ - "appindicatorsupport@rgcjonas.gmail.com" - "workspace-indicator@gnome-shell-extensions.gcampax.github.com" - "caffeine@patapon.info" - "GPaste@gnome-shell-extensions.gnome.org" - "gsconnect@andyholmes.github.io" - "solaar-extension@sidevesh" - ]; - }; - "ca/desrt/dconf-editor" = { - show-warning = false; - }; - "org/gnome/desktop/wm/keybindings" = { - switch-windows = ["Tab"]; - switch-windows-backward = ["Tab"]; - switch-applications = ["Tab"]; - switch-applications-backward = ["Tab"]; - }; - }; + dconf.settings = import ./gnome-shared-dconf.nix; gtk = { enable = true; diff --git a/home/vinzenz/default.nix b/home/vinzenz/default.nix index 27e4669..b88bf1c 100644 --- a/home/vinzenz/default.nix +++ b/home/vinzenz/default.nix @@ -18,20 +18,6 @@ inputs @ { nix-direnv.enable = true; }; - chromium = { - enable = true; - extensions = [ - { - # ublock origin - id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; - } - { - id = "dcpihecpambacapedldabdbpakmachpb"; - updateUrl = "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml"; - } - ]; - }; - eza = { enable = true; git = true; @@ -43,6 +29,8 @@ inputs @ { }; }; + editorconfig = import ./editorconfig.nix; + home.packages = with pkgs; [ keepassxc insync @@ -62,24 +50,6 @@ inputs @ { jetbrains-toolbox ]; - editorconfig = { - enable = true; - settings = { - "*" = { - charset = "utf-8"; - end_of_line = "lf"; - trim_trailing_whitespace = true; - insert_final_newline = true; - max_line_width = 120; - indent_style = "space"; - indent_size = 4; - }; - "*.nix" = { - indent_size = 2; - }; - }; - }; - home.file."policy.json" = { target = ".config/containers/policy.json"; text = '' diff --git a/home/vinzenz/editorconfig.nix b/home/vinzenz/editorconfig.nix new file mode 100644 index 0000000..8eb3987 --- /dev/null +++ b/home/vinzenz/editorconfig.nix @@ -0,0 +1,17 @@ +{ + enable = true; + settings = { + "*" = { + charset = "utf-8"; + end_of_line = "lf"; + trim_trailing_whitespace = true; + insert_final_newline = true; + max_line_width = 120; + indent_style = "space"; + indent_size = 4; + }; + "*.nix" = { + indent_size = 2; + }; + }; +} diff --git a/hosts/hetzner-vpn1/default.nix b/hosts/hetzner-vpn1/default.nix index 35b060f..d69b3c3 100644 --- a/hosts/hetzner-vpn1/default.nix +++ b/hosts/hetzner-vpn1/default.nix @@ -10,6 +10,7 @@ nixpkgs.lib.nixosSystem { common-modules ++ [ ./hardware.nix + ./nginx.nix ../../users/vinzenz.nix ../../users/ronja.nix { @@ -19,7 +20,6 @@ nixpkgs.lib.nixosSystem { # uncomment for build check on non arm system (requires --impure) # nixpkgs.buildPlatform = builtins.currentSystem; } - { users.users = { root.openssh.authorizedKeys.keys = [ @@ -39,57 +39,5 @@ nixpkgs.lib.nixosSystem { ]; }; } - { - security.acme = { - acceptTerms = true; - defaults.email = "acme@zerforschen.plus"; - }; - - security.pam.services.nginx.setEnvironment = false; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = ["shadow"]; - }; - - services.nginx = { - enable = true; - additionalModules = [pkgs.nginxModules.pam]; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = let - servicesDomain = "services.zerforschen.plus"; - mkServiceConfig = host: port: { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}/"; - extraConfig = '' - # bind to tailscale ip - proxy_bind 100.88.118.60; - # pam auth - limit_except OPTIONS { - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - } - ''; - }; - }; - lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; - pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; - in { - "vscode.${servicesDomain}" = lib.mkMerge [ - (mkServiceConfig pc2 8542) - {locations."/" .proxyWebsockets = true;} - ]; - "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; - "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - } ]; } diff --git a/hosts/hetzner-vpn1/nginx.nix b/hosts/hetzner-vpn1/nginx.nix new file mode 100644 index 0000000..e102194 --- /dev/null +++ b/hosts/hetzner-vpn1/nginx.nix @@ -0,0 +1,52 @@ +{pkgs, ...}: { + security.acme = { + acceptTerms = true; + defaults.email = "acme@zerforschen.plus"; + }; + + security.pam.services.nginx.setEnvironment = false; + systemd.services.nginx.serviceConfig = { + SupplementaryGroups = ["shadow"]; + }; + + services.nginx = { + enable = true; + additionalModules = [pkgs.nginxModules.pam]; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = let + servicesDomain = "services.zerforschen.plus"; + mkServiceConfig = host: port: { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://${host}:${toString port}/"; + extraConfig = '' + # bind to tailscale ip + proxy_bind 100.88.118.60; + # pam auth + limit_except OPTIONS { + auth_pam "Password Required"; + auth_pam_service_name "nginx"; + } + ''; + }; + }; + lpt2 = "vinzenz-lpt2.donkey-pentatonic.ts.net"; + pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; + in { + "vscode.${servicesDomain}" = lib.mkMerge [ + (mkServiceConfig pc2 8542) + {locations."/" .proxyWebsockets = true;} + ]; + "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; + "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/vinzenz-lpt2/default.nix b/hosts/vinzenz-lpt2/default.nix index 02e98ab..b65af8e 100644 --- a/hosts/vinzenz-lpt2/default.nix +++ b/hosts/vinzenz-lpt2/default.nix @@ -11,6 +11,7 @@ nixpkgs.lib.nixosSystem { ++ desktop-modules ++ [ ./hardware.nix + ./nginx.nix ../../home/gnome.nix ../../users/vinzenz.nix @@ -18,6 +19,7 @@ nixpkgs.lib.nixosSystem { ../../modules/gaming.nix ../../modules/printing.nix ../../modules/latex.nix + ../../modules/podman.nix { networking.hostName = "vinzenz-lpt2"; @@ -36,44 +38,5 @@ nixpkgs.lib.nixosSystem { # ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' #]; } - - { - virtualisation = { - containers.enable = true; - podman = { - enable = true; - dockerCompat = true; - dockerSocket.enable = true; - autoPrune.enable = true; - }; - }; - } - - { - services.nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = { - "vinzenz-lpt2" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000/"; - proxyWebsockets = true; - }; - - serverAliases = ["172.23.42.96"]; - }; - }; - }; - - networking.firewall = { - allowedTCPPorts = [80 8001 3000]; - allowedUDPPorts = [2342]; - }; - } ]; } diff --git a/hosts/vinzenz-lpt2/nginx.nix b/hosts/vinzenz-lpt2/nginx.nix new file mode 100644 index 0000000..74db1c9 --- /dev/null +++ b/hosts/vinzenz-lpt2/nginx.nix @@ -0,0 +1,26 @@ +{...}: { + services.nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + virtualHosts = { + "vinzenz-lpt2" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3000/"; + proxyWebsockets = true; + }; + + serverAliases = ["172.23.42.96"]; + }; + }; + }; + + networking.firewall = { + allowedTCPPorts = [80 8001 3000]; + allowedUDPPorts = [2342]; + }; +} diff --git a/hosts/vinzenz-pc2/default.nix b/hosts/vinzenz-pc2/default.nix index 8d9ab6f..827455f 100644 --- a/hosts/vinzenz-pc2/default.nix +++ b/hosts/vinzenz-pc2/default.nix @@ -11,12 +11,14 @@ nixpkgs.lib.nixosSystem { ++ desktop-modules ++ [ ./hardware.nix + ./vscode-server.nix ../../home/gnome.nix ../../users/vinzenz.nix ../../users/ronja.nix ../../modules/gnome.nix ../../modules/gaming.nix ../../modules/printing.nix + ../../modules/podman.nix { networking.hostName = "vinzenz-pc2"; } @@ -36,25 +38,5 @@ nixpkgs.lib.nixosSystem { ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ssh-host-key'' ]; } - { - services.openvscode-server = { - enable = true; - telemetryLevel = "off"; - port = 8542; - host = "100.125.93.127"; # tailscale - withoutConnectionToken = true; - extraPackages = with pkgs; [nodejs git gh direnv]; - }; - - virtualisation.podman = { - enable = true; - }; - - networking = { - firewall = { - allowedTCPPorts = [8542 8543 8544 80]; - }; - }; - } ]; } diff --git a/hosts/vinzenz-pc2/vscode-server.nix b/hosts/vinzenz-pc2/vscode-server.nix new file mode 100644 index 0000000..a6645c5 --- /dev/null +++ b/hosts/vinzenz-pc2/vscode-server.nix @@ -0,0 +1,16 @@ +{pkgs, ...}: { + services.openvscode-server = { + enable = true; + telemetryLevel = "off"; + port = 8542; + host = "100.125.93.127"; # tailscale + withoutConnectionToken = true; + extraPackages = with pkgs; [nodejs git gh direnv]; + }; + + networking = { + firewall = { + allowedTCPPorts = [8542 8543 8544 80]; + }; + }; +} diff --git a/modules/podman.nix b/modules/podman.nix new file mode 100644 index 0000000..03532f3 --- /dev/null +++ b/modules/podman.nix @@ -0,0 +1,11 @@ +{...}: { + virtualisation = { + containers.enable = true; + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune.enable = true; + }; + }; +}