From 24c99cf22e012e07509505b4efdc528589008dd4 Mon Sep 17 00:00:00 2001 From: schererleander Date: Sun, 17 Aug 2025 00:03:59 +0200 Subject: feat: rename hosts --- hosts/adam/audio.nix | 11 +++ hosts/adam/configuration.nix | 79 ++++++++++++++++++ hosts/adam/hardware-configuration.nix | 41 +++++++++ hosts/adam/home.nix | 67 +++++++++++++++ hosts/adam/wooting.nix | 27 ++++++ hosts/desktop/audio.nix | 11 --- hosts/desktop/configuration.nix | 79 ------------------ hosts/desktop/hardware-configuration.nix | 41 --------- hosts/desktop/home.nix | 67 --------------- hosts/desktop/wooting.nix | 27 ------ hosts/lilith/configuration.nix | 51 ++++++++++++ hosts/lilith/home.nix | 30 +++++++ hosts/macbook/configuration.nix | 49 ----------- hosts/macbook/home.nix | 30 ------- hosts/sachiel/configuration.nix | 138 +++++++++++++++++++++++++++++++ hosts/sachiel/hardware-configuration.nix | 14 ++++ hosts/vps/configuration.nix | 130 ----------------------------- hosts/vps/hardware-configuration.nix | 14 ---- 18 files changed, 458 insertions(+), 448 deletions(-) create mode 100644 hosts/adam/audio.nix create mode 100644 hosts/adam/configuration.nix create mode 100644 hosts/adam/hardware-configuration.nix create mode 100644 hosts/adam/home.nix create mode 100644 hosts/adam/wooting.nix delete mode 100644 hosts/desktop/audio.nix delete mode 100644 hosts/desktop/configuration.nix delete mode 100644 hosts/desktop/hardware-configuration.nix delete mode 100644 hosts/desktop/home.nix delete mode 100644 hosts/desktop/wooting.nix create mode 100644 hosts/lilith/configuration.nix create mode 100644 hosts/lilith/home.nix delete mode 100644 hosts/macbook/configuration.nix delete mode 100644 hosts/macbook/home.nix create mode 100644 hosts/sachiel/configuration.nix create mode 100644 hosts/sachiel/hardware-configuration.nix delete mode 100644 hosts/vps/configuration.nix delete mode 100644 hosts/vps/hardware-configuration.nix (limited to 'hosts') diff --git a/hosts/adam/audio.nix b/hosts/adam/audio.nix new file mode 100644 index 0000000..e34b073 --- /dev/null +++ b/hosts/adam/audio.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; +} diff --git a/hosts/adam/configuration.nix b/hosts/adam/configuration.nix new file mode 100644 index 0000000..5e29cfc --- /dev/null +++ b/hosts/adam/configuration.nix @@ -0,0 +1,79 @@ +{ pkgs, host, username, ... }: + +{ + + imports = [ + ./hardware-configuration.nix + ./audio.nix + ./wooting.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.consoleMode = "max"; + + # Use latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Graphics + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + amdvlk + ]; + }; + + environment.variables.AMD_VULKAN_ICD = "RADV"; + + # Network + networking = { + hostName = host; + networkmanager.enable = true; + }; + + # Improve startup time + systemd.services.NetworkManager-wait-online.enable = false; + + # Time + time.timeZone = "Europe/Berlin"; + + # Keymap + console.keyMap = "de"; + + # User + users.users.${username} = { + isNormalUser = true; + extraGroups = [ + "networkmanager" + "wheel" + "video" + "input" + ]; + shell = pkgs.zsh; + ignoreShellProgramCheck = true; + }; + + services = { + openssh.enable = true; + gnome.gnome-keyring.enable = true; + }; + + xdg.portal = { + enable = true; + wlr.enable = true; + }; + + security.polkit.enable = true; + + programs.dconf.enable = true; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nixpkgs.config.allowUnfree = true; + + system.stateVersion = "25.05"; +} diff --git a/hosts/adam/hardware-configuration.nix b/hosts/adam/hardware-configuration.nix new file mode 100644 index 0000000..9338f30 --- /dev/null +++ b/hosts/adam/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9723eaab-4969-45e2-8364-b20aa6f4e120"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/29E6-B167"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/fb68b9c4-9305-4cf5-8279-3cae83524983"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/adam/home.nix b/hosts/adam/home.nix new file mode 100644 index 0000000..3e831d8 --- /dev/null +++ b/hosts/adam/home.nix @@ -0,0 +1,67 @@ +{ pkgs, ... }: + +{ + imports = [ + ../../modules/home-manager + ]; + + home.username = "leander"; + home.homeDirectory = "/home/leander"; + + programs.home-manager.enable = true; + + home.packages = with pkgs; [ + obsidian + firefox + imv + mpv + + xdg-utils + pulsemixer + + # fonts + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + ]; + + gtk = { + enable = true; + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + gtk3.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; + gtk4.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; + }; + + home.pointerCursor = { + gtk.enable = true; + name = "Adwaita"; + package = pkgs.adwaita-icon-theme; + size = 24; + }; + + programs.zsh.shellAliases = { + open = "xdg-open"; + }; + + dev.enable = true; + + sway.enable = true; + waybar.enable = true; + foot.enable = true; + spicetify.enable = true; + zathura.enable = true; + nixcord.enable = true; + + home.stateVersion = "25.05"; +} diff --git a/hosts/adam/wooting.nix b/hosts/adam/wooting.nix new file mode 100644 index 0000000..742ef29 --- /dev/null +++ b/hosts/adam/wooting.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: + +{ + services.udev.extraRules = '' + # Wooting One Legacy + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff01", TAG+="uaccess" + SUBSYSTEM=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff01", TAG+="uaccess" + + # Wooting One update mode + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2402", TAG+="uaccess" + + # Wooting Two Legacy + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff02", TAG+="uaccess" + SUBSYSTEM=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff02", TAG+="uaccess" + + # Wooting Two update mode + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2403", TAG+="uaccess" + + # Generic Wootings + SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", TAG+="uaccess" + SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", TAG+="uaccess" + ''; + + environment.systemPackages = with pkgs; [ + wootility + ]; +} diff --git a/hosts/desktop/audio.nix b/hosts/desktop/audio.nix deleted file mode 100644 index e34b073..0000000 --- a/hosts/desktop/audio.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: - -{ - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; -} diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix deleted file mode 100644 index 5d5cb37..0000000 --- a/hosts/desktop/configuration.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ pkgs, username, ... }: - -{ - - imports = [ - ./hardware-configuration.nix - ./audio.nix - ./wooting.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.consoleMode = "max"; - - # Use latest kernel - boot.kernelPackages = pkgs.linuxPackages_latest; - - # Graphics - hardware.graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - amdvlk - ]; - }; - - environment.variables.AMD_VULKAN_ICD = "RADV"; - - # Network - networking = { - hostName = "nixos"; - networkmanager.enable = true; - }; - - # Improve startup time - systemd.services.NetworkManager-wait-online.enable = false; - - # Time - time.timeZone = "Europe/Berlin"; - - # Keymap - console.keyMap = "de"; - - # User - users.users.${username} = { - isNormalUser = true; - extraGroups = [ - "networkmanager" - "wheel" - "video" - "input" - ]; - shell = pkgs.zsh; - ignoreShellProgramCheck = true; - }; - - services = { - openssh.enable = true; - gnome.gnome-keyring.enable = true; - }; - - xdg.portal = { - enable = true; - wlr.enable = true; - }; - - security.polkit.enable = true; - - programs.dconf.enable = true; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - nixpkgs.config.allowUnfree = true; - - system.stateVersion = "25.05"; -} diff --git a/hosts/desktop/hardware-configuration.nix b/hosts/desktop/hardware-configuration.nix deleted file mode 100644 index 9338f30..0000000 --- a/hosts/desktop/hardware-configuration.nix +++ /dev/null @@ -1,41 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/9723eaab-4969-45e2-8364-b20aa6f4e120"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/29E6-B167"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/fb68b9c4-9305-4cf5-8279-3cae83524983"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/desktop/home.nix b/hosts/desktop/home.nix deleted file mode 100644 index 3e831d8..0000000 --- a/hosts/desktop/home.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ../../modules/home-manager - ]; - - home.username = "leander"; - home.homeDirectory = "/home/leander"; - - programs.home-manager.enable = true; - - home.packages = with pkgs; [ - obsidian - firefox - imv - mpv - - xdg-utils - pulsemixer - - # fonts - noto-fonts - noto-fonts-cjk-sans - noto-fonts-emoji - ]; - - gtk = { - enable = true; - theme = { - name = "Adwaita-dark"; - package = pkgs.gnome-themes-extra; - }; - gtk3.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - gtk4.extraConfig = { - Settings = '' - gtk-application-prefer-dark-theme=1 - ''; - }; - }; - - home.pointerCursor = { - gtk.enable = true; - name = "Adwaita"; - package = pkgs.adwaita-icon-theme; - size = 24; - }; - - programs.zsh.shellAliases = { - open = "xdg-open"; - }; - - dev.enable = true; - - sway.enable = true; - waybar.enable = true; - foot.enable = true; - spicetify.enable = true; - zathura.enable = true; - nixcord.enable = true; - - home.stateVersion = "25.05"; -} diff --git a/hosts/desktop/wooting.nix b/hosts/desktop/wooting.nix deleted file mode 100644 index 742ef29..0000000 --- a/hosts/desktop/wooting.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -{ - services.udev.extraRules = '' - # Wooting One Legacy - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff01", TAG+="uaccess" - SUBSYSTEM=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff01", TAG+="uaccess" - - # Wooting One update mode - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2402", TAG+="uaccess" - - # Wooting Two Legacy - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff02", TAG+="uaccess" - SUBSYSTEM=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="ff02", TAG+="uaccess" - - # Wooting Two update mode - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2403", TAG+="uaccess" - - # Generic Wootings - SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", TAG+="uaccess" - SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", TAG+="uaccess" - ''; - - environment.systemPackages = with pkgs; [ - wootility - ]; -} diff --git a/hosts/lilith/configuration.nix b/hosts/lilith/configuration.nix new file mode 100644 index 0000000..b43278d --- /dev/null +++ b/hosts/lilith/configuration.nix @@ -0,0 +1,51 @@ +{ host, username, ... }: + +{ + users.users.${username}.home = "/Users/${username}"; + + networking.hostName = host; + + system.primaryUser = username; + system.defaults = { + dock = { + autohide = true; + largesize = 48; + show-recents = false; + }; + WindowManager.EnableStandardClickToShowDesktop = false; + finder = { + #ShowPathbar = true; + #ShowStatusBar = true; + _FXShowPosixPathInTitle = true; + _FXSortFoldersFirst = true; + }; + controlcenter = { + Display = false; + FocusModes = false; + Sound = false; + }; + loginwindow.GuestEnabled = false; + }; + + homebrew = { + enable = true; + brews = [ + "openjdk@21" + ]; + casks = [ + "obsidian" + "nextcloud" + "bambu-studio" + "arduino-ide" + "anki" + "iterm2" + "rectangle" + "spotify" + ]; + onActivation.cleanup = "zap"; + onActivation.autoUpdate = true; + onActivation.upgrade = true; + }; + + system.stateVersion = 5; +} diff --git a/hosts/lilith/home.nix b/hosts/lilith/home.nix new file mode 100644 index 0000000..a0d25e4 --- /dev/null +++ b/hosts/lilith/home.nix @@ -0,0 +1,30 @@ +{ pkgs, username, ... }: + +{ + imports = [ + ../../modules/home-manager + ]; + + home.username = username; + home.homeDirectory = "/Users/${username}"; + + home.packages = with pkgs; [ + htop + ffmpeg + wget + imagemagick + + gcc + maven + cmake + gnupg + lua + + nerd-fonts.symbols-only + ]; + + dev.enable = true; + spicetify.enable = true; + + home.stateVersion = "25.05"; +} diff --git a/hosts/macbook/configuration.nix b/hosts/macbook/configuration.nix deleted file mode 100644 index b9d2d02..0000000 --- a/hosts/macbook/configuration.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ username, ... }: - -{ - users.users.${username}.home = "/Users/${username}"; - - system.primaryUser = username; - system.defaults = { - dock = { - autohide = true; - largesize = 48; - show-recents = false; - }; - WindowManager.EnableStandardClickToShowDesktop = false; - finder = { - #ShowPathbar = true; - #ShowStatusBar = true; - _FXShowPosixPathInTitle = true; - _FXSortFoldersFirst = true; - }; - controlcenter = { - Display = false; - FocusModes = false; - Sound = false; - }; - loginwindow.GuestEnabled = false; - }; - - homebrew = { - enable = true; - brews = [ - "openjdk@21" - ]; - casks = [ - "obsidian" - "nextcloud" - "bambu-studio" - "arduino-ide" - "anki" - "iterm2" - "rectangle" - "spotify" - ]; - onActivation.cleanup = "zap"; - onActivation.autoUpdate = true; - onActivation.upgrade = true; - }; - - system.stateVersion = 5; -} diff --git a/hosts/macbook/home.nix b/hosts/macbook/home.nix deleted file mode 100644 index a0d25e4..0000000 --- a/hosts/macbook/home.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, username, ... }: - -{ - imports = [ - ../../modules/home-manager - ]; - - home.username = username; - home.homeDirectory = "/Users/${username}"; - - home.packages = with pkgs; [ - htop - ffmpeg - wget - imagemagick - - gcc - maven - cmake - gnupg - lua - - nerd-fonts.symbols-only - ]; - - dev.enable = true; - spicetify.enable = true; - - home.stateVersion = "25.05"; -} diff --git a/hosts/sachiel/configuration.nix b/hosts/sachiel/configuration.nix new file mode 100644 index 0000000..781d5c3 --- /dev/null +++ b/hosts/sachiel/configuration.nix @@ -0,0 +1,138 @@ +{ + pkgs, + host, + username, + ... +}: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + networking = { + hostName = host; + domain = "schererleander.de"; + }; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + users.users.root.hashedPassword = "!"; + users.mutableUsers = false; + users.users.${username} = { + isNormalUser = true; + hashedPassword = "$6$KBblJguEyfEmuWnU$Xf0QqPVacA2qvnzZRpnSE2cmh0kNnMgtVhCrMEDI76buNzuzkuDY6EnO7jPjQlEnoczx6ZPAl2pK.SxezbVa.."; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvlkqlvY4+0o7UIGnFnnRw0HeBq5v7wYJ3kY3teXxxl vps" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL+r0l2i07pl9V9iiGqw5e2f/QAcrMhuraA25HavdNT github-deploy" + ]; + }; + + environment.systemPackages = with pkgs; [ + git + gnutar + gzip + zoxide + neovim + htop + ]; + + system.autoUpgrade = { + enable = true; + allowReboot = true; + + rebootWindow = { + lower = "02:00"; + upper = "05:00"; + }; + }; + + services.openssh = { + enable = true; + ports = [ 8693 ]; + settings = { + PasswordAuthentication = false; + X11Forwarding = false; + PermitRootLogin = "no"; + }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "leander@schererleander.de"; + }; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + appendHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always; + add_header 'Referrer-Policy' 'same-origin'; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + ''; + + virtualHosts."schererleander.de" = { + root = "/var/www/site"; + forceSSL = true; + enableACME = true; + locations = { + "/" = { + tryFiles = "$uri $uri/ /index.html"; + }; + }; + }; + virtualHosts."cloud.schererleander.de" = { + sslCertificate = "/etc/ssl/certs/schererleander.fullchain.pem"; + sslCertificateKey = "/etc/ssl/private/schererleander.key"; + forceSSL = true; + enableACME = true; + }; + }; + + services.nextcloud = { + enable = true; + package = pkgs.nextcloud31; + hostName = "cloud.schererleander.de"; + https = true; + database.createLocally = true; + maxUploadSize = "16G"; + config = { + dbtype = "mysql"; + adminuser = "schererleander"; + adminpassFile = "/etc/nextcloud-admin-pass"; + }; + settings = { + maintenance_window_start = 2; # 02:00 + default_phone_region = "de"; + overwriteProtocol = "https"; + }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + 8693 + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nixpkgs.config.allowUnfree = true; + system.stateVersion = "25.05"; +} diff --git a/hosts/sachiel/hardware-configuration.nix b/hosts/sachiel/hardware-configuration.nix new file mode 100644 index 0000000..68ab0a2 --- /dev/null +++ b/hosts/sachiel/hardware-configuration.nix @@ -0,0 +1,14 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/4E07-7ABB"; fsType = "vfat"; }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; + +} diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix deleted file mode 100644 index 3811615..0000000 --- a/hosts/vps/configuration.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ pkgs, username, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ]; - - boot.tmp.cleanOnBoot = true; - zramSwap.enable = true; - networking.hostName = "vps"; - networking.domain = "schererleander.de"; - - security.sudo = { - enable = true; - wheelNeedsPassword = false; - }; - - users.users.root.hashedPassword = "!"; - users.mutableUsers = false; - users.users.${username} = { - isNormalUser = true; - hashedPassword = "$6$KBblJguEyfEmuWnU$Xf0QqPVacA2qvnzZRpnSE2cmh0kNnMgtVhCrMEDI76buNzuzkuDY6EnO7jPjQlEnoczx6ZPAl2pK.SxezbVa.."; - extraGroups = [ "wheel" ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvlkqlvY4+0o7UIGnFnnRw0HeBq5v7wYJ3kY3teXxxl vps" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL+r0l2i07pl9V9iiGqw5e2f/QAcrMhuraA25HavdNT github-deploy" - ]; - }; - - environment.systemPackages = with pkgs; [ - git - gnutar - gzip - zoxide - neovim - htop - ]; - - system.autoUpgrade = { - enable = true; - allowReboot = true; - - rebootWindow = { - lower = "02:00"; - upper = "05:00"; - }; - }; - - services.openssh = { - enable = true; - ports = [ 8693 ]; - settings = { - PasswordAuthentication = false; - X11Forwarding = false; - PermitRootLogin = "no"; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "leander@schererleander.de"; - }; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - appendHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; base-uri 'self';" always; - add_header 'Referrer-Policy' 'same-origin'; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - ''; - - virtualHosts."schererleander.de" = { - root = "/var/www/site"; - forceSSL = true; - enableACME = true; - locations = { - "/" = { - tryFiles = "$uri $uri/ /index.html"; - }; - }; - }; - virtualHosts."cloud.schererleander.de" = { - sslCertificate = "/etc/ssl/certs/schererleander.fullchain.pem"; - sslCertificateKey = "/etc/ssl/private/schererleander.key"; - forceSSL = true; - enableACME = true; - }; - }; - - services.nextcloud = { - enable = true; - package = pkgs.nextcloud31; - hostName = "cloud.schererleander.de"; - https = true; - database.createLocally = true; - maxUploadSize = "16G"; - config = { - dbtype = "mysql"; - adminuser = "schererleander"; - adminpassFile = "/etc/nextcloud-admin-pass"; - }; - settings = { - maintenance_window_start = 2; # 02:00 - default_phone_region = "de"; - overwriteProtocol = "https"; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - 8693 - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - nixpkgs.config.allowUnfree = true; - system.stateVersion = "25.05"; -} diff --git a/hosts/vps/hardware-configuration.nix b/hosts/vps/hardware-configuration.nix deleted file mode 100644 index 68ab0a2..0000000 --- a/hosts/vps/hardware-configuration.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/4E07-7ABB"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; - -} -- cgit v1.3.1