vinzenz/nixos-configuration
0
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: vinzenz:ac59b051579d3e6cb89a0449aba74a9f219a694f
Branches Tags
vinzenz:main
vinzenz:vpn1-wg
..
compare: vinzenz:2909c9001af29dfea02c91b116a724030fd3a67a
Branches Tags
vinzenz:main
vinzenz:vpn1-wg

3 commits
ac59b05157 ... 2909c9001a

Author SHA1 Message Date
Vinzenz Schroeter
2909c9001a anubis for blog 2025-09-06 20:34:58 +02:00
Vinzenz Schroeter
88f192d38d anubis test 2025-09-06 20:28:38 +02:00
Vinzenz Schroeter
857471d3db remove pins, comment out nix for lp2 2025-09-06 19:16:13 +02:00
7 changed files with 182 additions and 86 deletions
Download patch file Download diff file Expand all files Collapse all files

66
flake.lock generated
View file

@ -40,6 +40,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": { "flakey-profile": {
"locked": { "locked": {
"lastModified": 1712898590, "lastModified": 1712898590,
@ -92,9 +110,7 @@
}, },
"lix-module": { "lix-module": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": "flake-utils",
"flake-utils"
],
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"lix": "lix", "lix": "lix",
"nixpkgs": [ "nixpkgs": [
@ -209,11 +225,24 @@
"type": "github" "type": "github"
} }
}, },
"nix-filter_2": {
"locked": {
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nix-vscode-extensions": { "nix-vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": "flake-utils_2",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -266,12 +295,10 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"lix-module": "lix-module", "lix-module": "lix-module",
"naersk": "naersk", "naersk": "naersk",
"niri": "niri", "niri": "niri",
"nix-filter": "nix-filter",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
@ -302,9 +329,7 @@
"naersk": [ "naersk": [
"naersk" "naersk"
], ],
"nix-filter": [ "nix-filter": "nix-filter",
"nix-filter"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -328,9 +353,7 @@
"naersk": [ "naersk": [
"naersk" "naersk"
], ],
"nix-filter": [ "nix-filter": "nix-filter_2",
"nix-filter"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -364,6 +387,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xwayland-satellite-stable": { "xwayland-satellite-stable": {
"flake": false, "flake": false,
"locked": { "locked": {

67
flake.nix
View file

@ -13,7 +13,6 @@
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
@ -38,7 +37,6 @@
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk"; naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
}; };
}; };
@ -47,7 +45,6 @@
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
naersk.follows = "naersk"; naersk.follows = "naersk";
nix-filter.follows = "nix-filter";
}; };
}; };
@ -55,13 +52,8 @@
url = "github:nix-community/nix-vscode-extensions"; url = "github:nix-community/nix-vscode-extensions";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs"; nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
}; };
}; };
# this is used to pin transitive dependencies to the same version
flake-utils.url = "github:numtide/flake-utils";
nix-filter.url = "github:numtide/nix-filter";
}; };
outputs = outputs =
@ -104,42 +96,41 @@
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;
modules = modules = [
[ lix-module.nixosModules.default
lix-module.nixosModules.default
{ networking.hostName = device; } { networking.hostName = device; }
./modules/globalinstalls.nix ./modules/globalinstalls.nix
./modules/networking.nix ./modules/networking.nix
./modules/nixpkgs.nix ./modules/nixpkgs.nix
./hosts/${device}/hardware.nix ./hosts/${device}/hardware.nix
./hosts/${device}/imports.nix ./hosts/${device}/imports.nix
./hosts/${device}/configuration.nix ./hosts/${device}/configuration.nix
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
overlays.unstable-packages overlays.unstable-packages
]; ];
} }
] ]
++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [ ++ (nixpkgs.lib.optionals (builtins.elem device homeDevices) [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ home-manager.extraSpecialArgs = specialArgs; } { home-manager.extraSpecialArgs = specialArgs; }
./modules/home-manager.nix ./modules/home-manager.nix
./modules/i18n.nix ./modules/i18n.nix
niri.nixosModules.niri niri.nixosModules.niri
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
niri.overlays.niri niri.overlays.niri
overlays.servicepoint-packages overlays.servicepoint-packages
nix-vscode-extensions.overlays.default nix-vscode-extensions.overlays.default
]; ];
} }
]); ]);
} }
); );

2
home/vinzenz/default.nix
View file

@ -30,7 +30,7 @@
./fuzzel.nix ./fuzzel.nix
./git.nix ./git.nix
./gnome.nix ./gnome.nix
./niri.nix #./niri.nix
./ssh.nix ./ssh.nix
./swaylock.nix ./swaylock.nix
./vscode.nix ./vscode.nix

2
home/vinzenz/niri.nix
View file

@ -1,7 +1,5 @@
{ {
pkgs, pkgs,
lib,
devices,
config, config,
... ...
}: }:

49
hosts/hetzner-vpn2/nginx.nix
View file

@ -1,4 +1,8 @@
{ pkgs, inputs, ... }: { inputs, pkgs, ... }:
let
blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{ {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -6,8 +10,16 @@
}; };
security.pam.services.nginx.setEnvironment = false; security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = { systemd.services = {
SupplementaryGroups = [ "shadow" ]; nginx.serviceConfig = {
SupplementaryGroups = [
"shadow"
"anubis"
];
};
anubis-main.serviceConfig = {
SupplementaryGroups = [ "nginx" ];
};
}; };
services.nginx = { services.nginx = {
@ -58,13 +70,34 @@
"zerforschen.plus" = { "zerforschen.plus" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
};
"vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content; root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
}; };
}; };
};
networking.firewall.allowedTCPPorts = [ anubis = {
80 instances.main = {
443 enable = true;
]; settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
};
} }

2
hosts/vinzenz-lpt2/imports.nix
View file

@ -4,7 +4,7 @@
../../modules/gaming.nix ../../modules/gaming.nix
../../modules/printing.nix ../../modules/printing.nix
../../modules/podman.nix ../../modules/podman.nix
../../modules/niri.nix #../../modules/niri.nix
../../modules/desktop-environment.nix ../../modules/desktop-environment.nix
../../modules/desktop-hardware.nix ../../modules/desktop-hardware.nix

80
hosts/vinzenz-lpt2/nginx.nix
View file

@ -1,30 +1,66 @@
_: { { inputs, pkgs, ... }:
services.nginx = { let
enable = true; blog-domain-socket = "/run/nginx/blog.sock";
anubis-domain-socket = "/run/anubis/anubis-blog.sock";
in
{
users.groups = {
anubis.members = [ "nginx" ];
nginx.members = [ "anubis" ];
};
services = {
nginx = {
enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts = { virtualHosts = {
"vinzenz-lpt2" = { #"vinzenz-lpt2" = {
locations."/" = { # locations."/" = {
proxyPass = "http://127.0.0.1:3000/"; # proxyPass = "http://127.0.0.1:3000/";
proxyWebsockets = true; # proxyWebsockets = true;
# };
#
# serverAliases = [ "172.23.42.96" ];
#};
"vinzenz-lpt2" = {
locations."/" = {
proxyPass = ("http://unix:" + anubis-domain-socket);
};
}; };
serverAliases = [ "172.23.42.96" ]; "vinzenz-lpt2-in-anubis" = {
root = inputs.zerforschen-plus.packages."${pkgs.system}".zerforschen-plus-content;
listen = [
{
addr = ("unix:" + blog-domain-socket);
}
];
};
};
};
#networking.firewall = {
# allowedTCPPorts = [
# 80
# 8001
# 3000
# ];
# allowedUDPPorts = [ 2342 ];
#};
anubis = {
instances.main = {
enable = true;
settings = {
BIND = anubis-domain-socket;
TARGET = "unix://" + blog-domain-socket;
};
}; };
}; };
}; };
networking.firewall = {
allowedTCPPorts = [
80
8001
3000
];
allowedUDPPorts = [ 2342 ];
};
} }