hosts: add ghost
This commit is contained in:
parent
152344a801
commit
9c1709c039
|
@ -138,6 +138,10 @@
|
||||||
services.flatpak.enable = lib.mkOverride 0 false;
|
services.flatpak.enable = lib.mkOverride 0 false;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
ghost = lib.nixosSystem {
|
||||||
|
inherit system specialArgs;
|
||||||
|
modules = [ ./hosts/ghost.nix ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
homeConfigurations.lelgenio = home-manager.lib.homeManagerConfiguration {
|
homeConfigurations.lelgenio = home-manager.lib.homeManagerConfiguration {
|
||||||
|
|
86
hosts/ghost.nix
Normal file
86
hosts/ghost.nix
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
{ config, pkgs, inputs, ... }: {
|
||||||
|
imports = [
|
||||||
|
"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
|
||||||
|
inputs.agenix.nixosModules.default
|
||||||
|
../system/nix.nix
|
||||||
|
../system/secrets.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
# Use more aggressive compression then the default.
|
||||||
|
virtualisation.digitalOceanImage.compressionMethod = "bzip2";
|
||||||
|
|
||||||
|
# Headless - don't start a tty on the serial consoles.
|
||||||
|
systemd.services."serial-getty@ttyS0".enable = false;
|
||||||
|
systemd.services."serial-getty@hvc0".enable = false;
|
||||||
|
systemd.services."getty@tty1".enable = false;
|
||||||
|
systemd.services."autovt@".enable = false;
|
||||||
|
|
||||||
|
# Enable networking
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "America/Sao_Paulo";
|
||||||
|
# Select internationalisation properties.
|
||||||
|
i18n.defaultLocale = "pt_BR.utf8";
|
||||||
|
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
ports = [ 9022 ];
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
KbdInteractiveAuthentication = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
|
users.mutableUsers = false;
|
||||||
|
users.users.lelgenio = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "Leonardo Eugênio";
|
||||||
|
hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
|
||||||
|
extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
|
||||||
|
shell = pkgs.fish;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
users.users.root = {
|
||||||
|
shell = pkgs.fish;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
|
||||||
|
];
|
||||||
|
initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
|
||||||
|
};
|
||||||
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
|
programs.fish.enable = true;
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
git
|
||||||
|
];
|
||||||
|
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud27;
|
||||||
|
hostName = "cloud.lelgenio.xyz";
|
||||||
|
https = true;
|
||||||
|
config = {
|
||||||
|
adminpassFile = config.age.secrets.ghost-nextcloud.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "lelgenio@disroot.org";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
system.stateVersion = "23.05"; # Never change this
|
||||||
|
}
|
||||||
|
|
15
secrets/ghost-nextcloud.age
Normal file
15
secrets/ghost-nextcloud.age
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa BwwxHg
|
||||||
|
CgOkaIy+ZuqNHzRX/OnUZbtHeSevslgVz71cBSqSsaTxuB74D+hSoIsUZW50/x0n
|
||||||
|
jKz9XF/3Fp+WwTtBNGwhI6VpYrbOFSyLzNGtyO+SyUVQKjST9Cw0QbPCko9DTAEK
|
||||||
|
pfSjP+Ie3A2gq6mUFJxTjQG4t+kmNPCxHeAVvKepgEkOxkQdirKec+ckjGXh91yK
|
||||||
|
IvEOthD4NR5OQF8QqHffzFQtSrFISF5eKHvJJZADydnr54g8+vPJgOy90isRzVPz
|
||||||
|
cp3pAnyNgPu4Ia6yOuM6/GmGlJUtSqV/22JQJBgz0DmgmHVlzJEjhQ6b9RIeBz/5
|
||||||
|
M6AugEJlGsLpUccqeJcfihLOzDrOeT8wei/CLea4U0jJMGtWEitVWF+dSt7YkrJr
|
||||||
|
wWnHMqhl7lFjxN44zbGznQqnSDRcfO7vxmnaUwFAebid0P+v0NNonweYdro0YEF/
|
||||||
|
hfTUqQfW82+4GYOsFEDCt0Z3lcifr5b9rgHDGDyycFtwBDKW3SbOmTFkKQJ+vwQ0
|
||||||
|
|
||||||
|
-> CL,"/i5.-grease \2_ R|j[#4B Mx5'9 /,
|
||||||
|
jX9wt0kuGZ89xhA/
|
||||||
|
--- iSlatZrp3jzlFY4VXx5CPNk521dJwM4L3rEDL4mO9GM
|
||||||
|
¿¼ßS7?pú+÷è0÷‡íep0\ÏÞ€M©<4D>j®0¼»Zö<5A>ÔÉ<C394>ê]|zçKÚ³š"$EŽ›<u7«åÚÿÀî
|
|
@ -7,4 +7,5 @@ in
|
||||||
"gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
|
"gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
|
||||||
"lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
|
"lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
|
||||||
"monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
|
"monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
|
||||||
|
"ghost-nextcloud.age".publicKeys = [ main_ssh_public_key ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
age = {
|
age = {
|
||||||
identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
|
identityPaths = [ "/home/lelgenio/.ssh/id_rsa" "/root/.ssh/id_rsa" ];
|
||||||
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
|
secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
|
||||||
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
|
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
|
||||||
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
|
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
|
||||||
|
@ -10,5 +10,11 @@
|
||||||
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
|
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
|
||||||
secrets.monolith-nix-serve-privkey.file =
|
secrets.monolith-nix-serve-privkey.file =
|
||||||
../secrets/monolith-nix-serve-privkey.age;
|
../secrets/monolith-nix-serve-privkey.age;
|
||||||
|
secrets.ghost-nextcloud = {
|
||||||
|
file = ../secrets/monolith-nix-serve-privkey.age;
|
||||||
|
mode = "400";
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue