vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:2909c9001af29dfea02c91b116a724030fd3a67a
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
..
compare: vinzenz:ac59b051579d3e6cb89a0449aba74a9f219a694f
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

No commits in common. "2909c9001af29dfea02c91b116a724030fd3a67a" and "ac59b051579d3e6cb89a0449aba74a9f219a694f" have entirely different histories.
2909c9001a ... ac59b05157

7 changed files with 90 additions and 186 deletions
Download patch file Download diff file Expand all files Collapse all files

66
flake.lock generated
View file

@ -40,24 +40,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -110,7 +92,9 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": [
"flake-utils"
],
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -225,24 +209,11 @@
"type": "github" "type": "github"
} }
}, },
"nix-filter_2": {
"locked": {
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -295,10 +266,12 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module", "lix-module": "lix-module",
"naersk": "naersk", "naersk": "naersk",
"niri": "niri", "niri": "niri",
"nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
@ -329,7 +302,9 @@
"naersk": [ "naersk": [
"naersk" "naersk"
], ],
"nix-filter": "nix-filter", "nix-filter": [
"nix-filter"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -353,7 +328,9 @@
"naersk": [ "naersk": [
"naersk" "naersk"
], ],
"nix-filter": "nix-filter_2", "nix-filter": [
"nix-filter"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -387,21 +364,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xwayland-satellite-stable": { "xwayland-satellite-stable": {
"flake": false, "flake": false,
"locked": { "locked": {

67
flake.nix
View file

@ -13,6 +13,7 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -37,6 +38,7 @@
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk"; naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
}; };
}; };
@ -45,6 +47,7 @@
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk"; naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
}; };
}; };
@ -52,8 +55,13 @@
url = "github:nix-community/nix-vscode-extensions"; url = "github:nix-community/nix-vscode-extensions";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
# this is used to pin transitive dependencies to the same version
flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
}; };
outputs = outputs =
@ -96,41 +104,42 @@
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;
modules = [ modules =
lix-module.nixosModules.default [
lix-module.nixosModules.default
{ networking.hostName = device; } { networking.hostName = device; }
./modules/globalinstalls.nix ./modules/globalinstalls.nix
./modules/networking.nix ./modules/networking.nix
./modules/nixpkgs.nix ./modules/nixpkgs.nix
./hosts/${device}/hardware.nix ./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix ./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix ./hosts/${device}/configuration.nix
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
overlays.unstable-packages overlays.unstable-packages
]; ];
} }
] ]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [ ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = specialArgs; } { home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix ./modules/home-manager.nix
./modules/i18n.nix ./modules/i18n.nix
niri.nixosModules.niri niri.nixosModules.niri
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
niri.overlays.niri niri.overlays.niri
overlays.servicepoint-packages overlays.servicepoint-packages
nix-vscode-extensions.overlays.default nix-vscode-extensions.overlays.default
]; ];
} }
]); ]);
} }
); );

2
home/vinzenz/default.nix
View file

@ -30,7 +30,7 @@
./fuzzel.nix ./fuzzel.nix
./git.nix ./git.nix
./gnome.nix ./gnome.nix
#./niri.nix ./niri.nix
./ssh.nix ./ssh.nix
./swaylock.nix ./swaylock.nix
./vscode.nix ./vscode.nix

2
home/vinzenz/niri.nix
View file

@ -1,5 +1,7 @@
{ {
pkgs, pkgs,
lib,
devices,
config, config,
... ...
}: }:

49
hosts/hetzner-vpn2/nginx.nix
View file

@ -1,8 +1,4 @@
{ inputs, pkgs, ... }: { pkgs, inputs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -10,16 +6,8 @@ in
}; };
security.pam.services.nginx.setEnvironment = false; security.pam.services.nginx.setEnvironment = false;
systemd.services = { systemd.services.nginx.serviceConfig = {
nginx.serviceConfig = { SupplementaryGroups = [ "shadow" ];
SupplementaryGroups = [
"shadow"
"anubis"
];
};
anubis-main.serviceConfig = {
SupplementaryGroups = [ "nginx" ];
};
}; };
services.nginx = { services.nginx = {
@ -70,34 +58,13 @@ in
"zerforschen.plus" = { "zerforschen.plus" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
}; };
}; };
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
}; };
networking.firewall.allowedTCPPorts = [
80
443
];
} }

2
hosts/vinzenz-lpt2/imports.nix
View file

@ -4,7 +4,7 @@
../../modules/gaming.nix ../../modules/gaming.nix
../../modules/printing.nix ../../modules/printing.nix
../../modules/podman.nix ../../modules/podman.nix
#../../modules/niri.nix ../../modules/niri.nix
../../modules/desktop-environment.nix ../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix ../../modules/desktop-hardware.nix

88
hosts/vinzenz-lpt2/nginx.nix
View file

@ -1,66 +1,30 @@
{ inputs, pkgs, ... }: _: {
let services.nginx = {
blog-domain-socket = "/run/nginx/blog.sock"; enable = true;
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in recommendedProxySettings = true;
{ recommendedTlsSettings = true;
users.groups = { recommendedGzipSettings = true;
anubis.members = [ "nginx" ]; recommendedOptimisation = true;
nginx.members = [ "anubis" ];
virtualHosts = {
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000/";
proxyWebsockets = true;
};
serverAliases = [ "172.23.42.96" ];
};
};
}; };
services = {
nginx = {
enable = true;
recommendedProxySettings = true; networking.firewall = {
recommendedTlsSettings = true; allowedTCPPorts = [
recommendedGzipSettings = true; 80
recommendedOptimisation = true; 8001
3000
virtualHosts = { ];
#"vinzenz-lpt2" = { allowedUDPPorts = [ 2342 ];
# locations."/" = {
# proxyPass = "http://127.0.0.1:3000/";
# proxyWebsockets = true;
# };
#
# serverAliases = [ "172.23.42.96" ];
#};
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
};
};
};
#networking.firewall = {
# allowedTCPPorts = [
# 80
# 8001
# 3000
# ];
# allowedUDPPorts = [ 2342 ];
#};
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
}; };
} }