hosts: delete ghost host
This commit is contained in:
parent
4cd1e7cab1
commit
d3f02f8762
|
@ -157,10 +157,6 @@
|
||||||
services.flatpak.enable = lib.mkOverride 0 false;
|
services.flatpak.enable = lib.mkOverride 0 false;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
ghost = lib.nixosSystem {
|
|
||||||
inherit system specialArgs;
|
|
||||||
modules = [ ./hosts/ghost ];
|
|
||||||
};
|
|
||||||
phantom = lib.nixosSystem {
|
phantom = lib.nixosSystem {
|
||||||
inherit system specialArgs;
|
inherit system specialArgs;
|
||||||
modules = [ ./hosts/phantom ];
|
modules = [ ./hosts/phantom ];
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
imports = [
|
|
||||||
"${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
|
|
||||||
inputs.agenix.nixosModules.default
|
|
||||||
../../system/nix.nix
|
|
||||||
./hardware-config.nix
|
|
||||||
./mastodon.nix
|
|
||||||
./nextcloud.nix
|
|
||||||
./nginx.nix
|
|
||||||
./syncthing.nix
|
|
||||||
./users.nix
|
|
||||||
./writefreely.nix
|
|
||||||
./renawiki.nix
|
|
||||||
./email.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Use more aggressive compression then the default.
|
|
||||||
virtualisation.digitalOceanImage.compressionMethod = "bzip2";
|
|
||||||
# Enable networking
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "America/Sao_Paulo";
|
|
||||||
# Select internationalisation properties.
|
|
||||||
i18n.defaultLocale = "pt_BR.utf8";
|
|
||||||
|
|
||||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
|
|
||||||
|
|
||||||
age = {
|
|
||||||
identityPaths = [ "/root/.ssh/id_rsa" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
system.autoUpgrade = {
|
|
||||||
enable = true;
|
|
||||||
dates = "04:40";
|
|
||||||
allowReboot = true;
|
|
||||||
operation = "switch";
|
|
||||||
flags = [ "--update-input" "nixpkgs" "--no-write-lock-file" "-L" ];
|
|
||||||
flake = "github:lelgenio/nixos-config#ghost";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.05"; # Never change this
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ pkgs, inputs, ... }: {
|
|
||||||
# It's important to let Digital Ocean set the hostname so we get rDNS to work
|
|
||||||
networking.hostName = "";
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
inputs.nixos-mailserver.nixosModules.mailserver
|
|
||||||
];
|
|
||||||
|
|
||||||
mailserver = {
|
|
||||||
enable = true;
|
|
||||||
fqdn = "mail.lelgenio.xyz";
|
|
||||||
domains = [ "lelgenio.xyz" ];
|
|
||||||
certificateScheme = "acme-nginx";
|
|
||||||
loginAccounts = {
|
|
||||||
"lelgenio@lelgenio.xyz" = {
|
|
||||||
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
|
|
||||||
aliases = [ "postmaster@lelgenio.xyz" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Webmail
|
|
||||||
services.roundcube = rec {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.roundcube.withPlugins (p: [ p.carddav ]);
|
|
||||||
hostName = "mail.lelgenio.xyz";
|
|
||||||
extraConfig = ''
|
|
||||||
$config['smtp_host'] = "tls://${hostName}:587";
|
|
||||||
$config['smtp_user'] = "%u";
|
|
||||||
$config['smtp_pass'] = "%p";
|
|
||||||
$config['plugins'] = [ "carddav" ];
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
swapDevices = [{
|
|
||||||
device = "/swap/swapfile";
|
|
||||||
size = (1024 * 2); # 2 GB
|
|
||||||
}];
|
|
||||||
|
|
||||||
fileSystems."/var" = {
|
|
||||||
device = "/dev/disk/by-uuid/b19e7272-8fd1-4999-93eb-abc6d5c0a1cc";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=@var" ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
services.mastodon = {
|
|
||||||
enable = true;
|
|
||||||
configureNginx = true;
|
|
||||||
localDomain = "social.lelgenio.xyz";
|
|
||||||
smtp.fromAddress = "lelgenio@disroot.org";
|
|
||||||
streamingProcesses = 2;
|
|
||||||
extraConfig.SINGLE_USER_MODE = "true";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
services.nextcloud = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.nextcloud27;
|
|
||||||
hostName = "cloud.lelgenio.xyz";
|
|
||||||
https = true;
|
|
||||||
config = {
|
|
||||||
adminpassFile = config.age.secrets.ghost-nextcloud.path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
age = {
|
|
||||||
secrets.ghost-nextcloud = {
|
|
||||||
file = ../../secrets/ghost-nextcloud.age;
|
|
||||||
mode = "400";
|
|
||||||
owner = "nextcloud";
|
|
||||||
group = "nextcloud";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
defaults.email = "lelgenio@disroot.org";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
services.mediawiki = {
|
|
||||||
enable = true;
|
|
||||||
name = "Rena Wiki";
|
|
||||||
|
|
||||||
webserver = "nginx";
|
|
||||||
nginx.hostName = "renawiki.lelgenio.xyz";
|
|
||||||
passwordFile = config.age.secrets.ghost-renawiki.path;
|
|
||||||
|
|
||||||
extensions.VisualEditor = null;
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."renawiki.lelgenio.xyz" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets.ghost-renawiki = {
|
|
||||||
file = ../../secrets/ghost-renawiki.age;
|
|
||||||
mode = "400";
|
|
||||||
owner = "mediawiki";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
|
|
||||||
services.syncthing = {
|
|
||||||
enable = true;
|
|
||||||
dataDir = "/var/lib/syncthing-data";
|
|
||||||
guiAddress = "0.0.0.0:8384";
|
|
||||||
openDefaultPorts = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."syncthing.lelgenio.xyz" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:8384";
|
|
||||||
extraConfig =
|
|
||||||
# required when the target is also TLS server with multiple hosts
|
|
||||||
"proxy_ssl_server_name on;" +
|
|
||||||
# required when the server wants to use HTTP Authentication
|
|
||||||
"proxy_pass_header Authorization;"
|
|
||||||
;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
ports = [ 9022 ];
|
|
||||||
settings = {
|
|
||||||
PasswordAuthentication = false;
|
|
||||||
KbdInteractiveAuthentication = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
|
||||||
users.mutableUsers = false;
|
|
||||||
users.users.lelgenio = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "Leonardo Eugênio";
|
|
||||||
hashedPassword = "$y$j9T$0e/rczjOVCy7PuwC3pG0V/$gTHZhfO4wQSlFvbDyfghbCnGI2uDI0a52zSrQ/yOA5A";
|
|
||||||
extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "bluetooth" "corectrl" "vboxusers" ];
|
|
||||||
shell = pkgs.fish;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
users.users.root = {
|
|
||||||
shell = pkgs.fish;
|
|
||||||
openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15"
|
|
||||||
];
|
|
||||||
initialHashedPassword = "$y$j9T$E3aBBSSq0Gma8hZD9L7ov0$iCGDW4fqrXWfHO0qodBYYgMFA9CpIraoklHcPbJJrM3";
|
|
||||||
};
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
|
|
||||||
programs.fish.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
git
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,25 +0,0 @@
|
||||||
{ config, pkgs, inputs, ... }: {
|
|
||||||
services.writefreely = {
|
|
||||||
enable = true;
|
|
||||||
acme.enable = true;
|
|
||||||
nginx.enable = true;
|
|
||||||
nginx.forceSSL = true;
|
|
||||||
host = "blog.lelgenio.xyz";
|
|
||||||
admin.name = "lelgenio";
|
|
||||||
admin.initialPasswordFile = config.age.secrets.ghost-writefreely.path;
|
|
||||||
settings.app = {
|
|
||||||
site_name = "Leo's blog";
|
|
||||||
single_user = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
age = {
|
|
||||||
secrets.ghost-writefreely = {
|
|
||||||
file = ../../secrets/ghost-writefreely.age;
|
|
||||||
mode = "400";
|
|
||||||
owner = "writefreely";
|
|
||||||
group = "writefreely";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -9,11 +9,6 @@ in {
|
||||||
hostname = "lelgenio.1337.cx";
|
hostname = "lelgenio.1337.cx";
|
||||||
port = 9022;
|
port = 9022;
|
||||||
};
|
};
|
||||||
ghost = {
|
|
||||||
user = "root";
|
|
||||||
hostname = "ghost.lelgenio.xyz";
|
|
||||||
port = 9022;
|
|
||||||
};
|
|
||||||
phantom = {
|
phantom = {
|
||||||
user = "root";
|
user = "root";
|
||||||
hostname = "phantom.lelgenio.xyz";
|
hostname = "phantom.lelgenio.xyz";
|
||||||
|
|
Loading…
Reference in a new issue