vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:2909c9001af29dfea02c91b116a724030fd3a67a
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
..
compare: vinzenz:ac59b051579d3e6cb89a0449aba74a9f219a694f
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

No commits in common. "2909c9001af29dfea02c91b116a724030fd3a67a" and "ac59b051579d3e6cb89a0449aba74a9f219a694f" have entirely different histories.
2909c9001a ... ac59b05157

7 changed files with 90 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

66
flake.lock generated
View file

@ -40,24 +40,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
@ -110,7 +92,9 @@
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": [
"flake-utils"
],
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
@ -225,24 +209,11 @@
"type": "github"
}
},
"nix-filter_2": {
"locked": {
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nix-vscode-extensions": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
@ -295,10 +266,12 @@
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"lix-module": "lix-module",
"naersk": "naersk",
"niri": "niri",
"nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
@ -329,7 +302,9 @@
"naersk": [
"naersk"
],
"nix-filter": "nix-filter",
"nix-filter": [
"nix-filter"
],
"nixpkgs": [
"nixpkgs"
]
@ -353,7 +328,9 @@
"naersk": [
"naersk"
],
"nix-filter": "nix-filter_2",
"nix-filter": [
"nix-filter"
],
"nixpkgs": [
"nixpkgs"
]
@ -387,21 +364,6 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {

67
flake.nix
View file

@ -13,6 +13,7 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
@ -37,6 +38,7 @@
inputs = {
nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
};
};
@ -45,6 +47,7 @@
inputs = {
nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
};
};
@ -52,8 +55,13 @@
url = "github:nix-community/nix-vscode-extensions";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
};
};
# this is used to pin transitive dependencies to the same version
flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
};
outputs =
@ -96,41 +104,42 @@
in
nixpkgs.lib.nixosSystem {
inherit system specialArgs;
modules = [
lix-module.nixosModules.default
modules =
[
lix-module.nixosModules.default
{ networking.hostName = device; }
{ networking.hostName = device; }
./modules/globalinstalls.nix
./modules/networking.nix
./modules/nixpkgs.nix
./modules/globalinstalls.nix
./modules/networking.nix
./modules/nixpkgs.nix
./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix
./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix
{
nixpkgs.overlays = [
overlays.unstable-packages
];
}
]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix
{
nixpkgs.overlays = [
overlays.unstable-packages
];
}
]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix
./modules/i18n.nix
./modules/i18n.nix
niri.nixosModules.niri
{
nixpkgs.overlays = [
niri.overlays.niri
overlays.servicepoint-packages
nix-vscode-extensions.overlays.default
];
}
]);
niri.nixosModules.niri
{
nixpkgs.overlays = [
niri.overlays.niri
overlays.servicepoint-packages
nix-vscode-extensions.overlays.default
];
}
]);
}
);

2
home/vinzenz/default.nix
View file

@ -30,7 +30,7 @@
./fuzzel.nix
./git.nix
./gnome.nix
#./niri.nix
./niri.nix
./ssh.nix
./swaylock.nix
./vscode.nix

2
home/vinzenz/niri.nix
View file

@ -1,5 +1,7 @@
{
pkgs,
lib,
devices,
config,
...
}:

49
hosts/hetzner-vpn2/nginx.nix
View file

@ -1,8 +1,4 @@
{ inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{ pkgs, inputs, ... }:
{
security.acme = {
acceptTerms = true;
@ -10,16 +6,8 @@ in
};
security.pam.services.nginx.setEnvironment = false;
systemd.services = {
nginx.serviceConfig = {
SupplementaryGroups = [
"shadow"
"anubis"
];
};
anubis-main.serviceConfig = {
SupplementaryGroups = [ "nginx" ];
};
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "shadow" ];
};
services.nginx = {
@ -70,34 +58,13 @@ in
"zerforschen.plus" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
};
};
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
networking.firewall.allowedTCPPorts = [
80
443
];
}

2
hosts/vinzenz-lpt2/imports.nix
View file

@ -4,7 +4,7 @@
../../modules/gaming.nix
../../modules/printing.nix
../../modules/podman.nix
#../../modules/niri.nix
../../modules/niri.nix
../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix

88
hosts/vinzenz-lpt2/nginx.nix
View file

@ -1,66 +1,30 @@
{ inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{
users.groups = {
anubis.members = [ "nginx" ];
nginx.members = [ "anubis" ];
_: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000/";
proxyWebsockets = true;
};
serverAliases = [ "172.23.42.96" ];
};
};
};
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
#"vinzenz-lpt2" = {
# locations."/" = {
# proxyPass = "http://127.0.0.1:3000/";
# proxyWebsockets = true;
# };
#
# serverAliases = [ "172.23.42.96" ];
#};
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
};
};
};
#networking.firewall = {
# allowedTCPPorts = [
# 80
# 8001
# 3000
# ];
# allowedUDPPorts = [ 2342 ];
#};
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
networking.firewall = {
allowedTCPPorts = [
80
8001
3000
];
allowedUDPPorts = [ 2342 ];
};
}