diff --git a/flake.nix b/flake.nix index fbc725b..604dbc2 100644 --- a/flake.nix +++ b/flake.nix @@ -88,18 +88,7 @@ }; }; } - ./hosts/matrix.nix - - ./services/openssh.nix - - ./services/nginx.nix - ./services/postgres.nix - - ./services/synapse.nix - ./services/draupnir.nix - - ./services/prometheus.nix - ./services/grafana.nix + ./hosts/matrix ]; }; nixosConfigurations."hedgedoc" = nixpkgs.lib.nixosSystem { @@ -109,10 +98,7 @@ modules = [ agenix.nixosModules.default { environment.systemPackages = [ (agenix.packages.${system}.default) ]; } - - ./hosts/hedgedoc.nix - - ./services/openssh.nix + ./hosts/hedgedoc ]; }; }; diff --git a/hosts/hedgedoc.nix b/hosts/common.nix similarity index 76% rename from hosts/hedgedoc.nix rename to hosts/common.nix index 0f5ed23..e1c850b 100644 --- a/hosts/hedgedoc.nix +++ b/hosts/common.nix @@ -2,12 +2,13 @@ config, modulesPath, pkgs, - lib, ... }: { - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; systemd.suppressedSystemUnits = [ "dev-mqueue.mount" @@ -68,7 +69,6 @@ }; networking = { - hostName = "hedgedoc"; domain = "berlin.ccc.de"; nameservers = [ "2606:4700:4700::1111#one.one.one.one" @@ -81,17 +81,7 @@ dhcpcd.enable = false; nftables.enable = true; tempAddresses = "disabled"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22 # SSH - 80 # HTTP/1 - 443 # HTTP/2 - ]; - allowedUDPPorts = [ - 443 # HTTP/3 - ]; - }; + firewall.enable = true; }; time.timeZone = "Europe/Berlin"; @@ -100,17 +90,6 @@ services = { fstrim.enable = false; # Let Proxmox host handle fstrim - openssh.banner = '' - __ __ __ - /\ \ /\ \ /\ \ - \ \ \___ __ \_\ \ __ __ \_\ \ ___ ___ - \ \ _ `\ /'__`\ /'_` \ /'_ `\ /'__`\ /'_` \ / __`\ /'___\ - \ \ \ \ \/\ __//\ \L\ \/\ \L\ \/\ __//\ \L\ \/\ \L\ \/\ \__/ - \ \_\ \_\ \____\ \___,_\ \____ \ \____\ \___,_\ \____/\ \____\ - \/_/\/_/\/____/\/__,_ /\/___L\ \/____/\/__,_ /\/___/ \/____/ - /\____/ - \_/__/ - ''; # Cache DNS lookups to improve performance resolved = { enable = true; @@ -153,6 +132,4 @@ }; }; }; - - system.stateVersion = "25.11"; } diff --git a/hosts/hedgedoc/default.nix b/hosts/hedgedoc/default.nix new file mode 100644 index 0000000..92428bd --- /dev/null +++ b/hosts/hedgedoc/default.nix @@ -0,0 +1,38 @@ +{ ... }: + +{ + imports = [ + ../common.nix + ../../services/openssh.nix + ../../services/hedgedoc.nix + ]; + + networking = { + hostName = "hedgedoc"; + firewall = { + allowedTCPPorts = [ + 80 # HTTP/1 + 443 # HTTP/2 + ]; + allowedUDPPorts = [ + 443 # HTTP/3 + ]; + }; + }; + + services = { + openssh.banner = '' + __ __ __ + /\ \ /\ \ /\ \ + \ \ \___ __ \_\ \ __ __ \_\ \ ___ ___ + \ \ _ `\ /'__`\ /'_` \ /'_ `\ /'__`\ /'_` \ / __`\ /'___\ + \ \ \ \ \/\ __//\ \L\ \/\ \L\ \/\ __//\ \L\ \/\ \L\ \/\ \__/ + \ \_\ \_\ \____\ \___,_\ \____ \ \____\ \___,_\ \____/\ \____\ + \/_/\/_/\/____/\/__,_ /\/___L\ \/____/\/__,_ /\/___/ \/____/ + /\____/ + \_/__/ + ''; + }; + + system.stateVersion = "25.11"; +} diff --git a/hosts/matrix.nix b/hosts/matrix.nix deleted file mode 100644 index ca2942d..0000000 --- a/hosts/matrix.nix +++ /dev/null @@ -1,158 +0,0 @@ -{ - config, - modulesPath, - pkgs, - lib, - ... -}: - -{ - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ]; - - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; - - nix = { - optimise = { - automatic = true; - dates = [ "11:00" ]; - }; - settings = { - auto-optimise-store = true; - sandbox = false; - # Allow remote updates - trusted-users = [ - "root" - "@wheel" - ]; - experimental-features = [ - "nix-command" - "flakes" - ]; - }; - gc = { - automatic = true; - options = "--delete-older-than 14d"; - }; - }; - - nixpkgs.hostPlatform = "x86_64-linux"; - - environment.systemPackages = with pkgs; [ - vim - git - ]; - - proxmoxLXC = { - manageNetwork = false; - manageHostName = false; - privileged = false; - }; - - users.users.root = { - packages = with pkgs; [ - kitty # for terminfo - fastfetch # for shits and giggles - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICW1+Ml8R9x1LCJaZ8bIZ1qIV4HCuZ6x7DziFW+0Nn5T xengi@kanae_2022-12-09" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmb+mJfo84IagUaRoDEqY9ROjjQUOQ7tMclpN6NDPrX xengi@kota_2022-01-16" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyklb7dvEHH0VBEMmTUQFKHN6ekBQqkDKj09+EilUIQ xengi@lucy_2018-09-08" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjv9W8WXq9QGkgmANNPQR24/I1Pm1ghxNIHftEI+jlZ xengi@mayu_2021-06-11" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhyfD+8jMl6FDSADb11sfAsJk0KNoVzjjiDRZjUOtmf xengi@nana_2019-08-16" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMPtGqhV7io3mhIoZho4Yf7eCo0sUZvjT2NziM2PkXSo xengi@nyu_2017-10-11" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwYcSxbP6Hon//kZFIZJSHdqvsJ6AyCwH4JP9/t4q46 xengi@yuka_2020-12-16" - ]; - }; - - networking = { - hostName = "matrix"; - domain = "berlin.ccc.de"; - nameservers = [ - "2606:4700:4700::1111#one.one.one.one" - "2620:fe::fe#dns.quad9.net" - "1.1.1.1#one.one.one.one" - "9.9.9.9#dns.quad9.net" - ]; - useDHCP = false; - useNetworkd = true; - dhcpcd.enable = false; - nftables.enable = true; - tempAddresses = "disabled"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22 # SSH - 80 # HTTP/1 - 443 # HTTP/2 - 8448 # Matrix federation - ]; - allowedUDPPorts = [ - 443 # HTTP/3 - ]; - }; - }; - - time.timeZone = "Europe/Berlin"; - i18n.defaultLocale = "en_GB.UTF-8"; - console.font = "Lat2-Terminus16"; - - services = { - fstrim.enable = false; # Let Proxmox host handle fstrim - openssh.banner = '' - __ __ - /\ \__ __ /\ \ - ___ ___ __ \ \ ,_\ _ __ /\_\ __ _ ___ ___ ___\ \ \____ - /' __` __`\ /'__`\ \ \ \/ /\`'__\/\ \ /\ \/'\ /'___\ /'___\ /'___\ \ '__`\ - /\ \/\ \/\ \/\ \L\.\_\ \ \_\ \ \/ \ \ \\/>