lelgenio/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: lelgenio:c7e6b0bee3ee6aa77e9d4c5c0bdeb55d226025d5
Branches Tags
lelgenio:main
lelgenio:teste
lelgenio:update-24.11
lelgenio:niri
lelgenio:gnome
lelgenio:gnome-pass-search-provider
lelgenio:wip
lelgenio:disko
lelgenio:release-24.05
lelgenio:kak-tree-sitter
lelgenio:hyprland
..
compare: lelgenio:4344704394f395d9c6ac8c11842a4c3e5791d764
Branches Tags
lelgenio:main
lelgenio:teste
lelgenio:update-24.11
lelgenio:niri
lelgenio:gnome
lelgenio:gnome-pass-search-provider
lelgenio:wip
lelgenio:disko
lelgenio:release-24.05
lelgenio:kak-tree-sitter
lelgenio:hyprland

28 commits
c7e6b0bee3 ... 4344704394

Author SHA1 Message Date
Leonardo Eugênio 4344704394 monolith: add forgejo runner 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 0cb501b43d sshd: disable until xz is secure 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 7ca6c3b681 sway: add more env vars to dbus activation 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 9bfd276bdc flake: update lockfile 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 28eca0de78 syncthing: way for tray 2024-04-06 20:53:27 -03:00
Leonardo Eugênio f4ac904d47 kdenlive: fix theme 2024-04-06 20:53:27 -03:00
Leonardo Eugênio b38bd123f4 theme: improve qt theming 2024-04-06 20:53:27 -03:00
Leonardo Eugênio a033fb50f9 syncthing: enable tray icon 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 81a20bfafe mangohud: install patch to fix keybind crash 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 3fc56ee4d9 gpg: simplify config 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 8fecbbd78d update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 9b258af023 lsp: replace rnix-lsp with nil 2024-04-06 20:53:27 -03:00
Leonardo Eugênio bf19e2c79d update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 251d52c56e btop: enable gpu monitoring 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 2d42832d13 update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio d362dd864c kak-lsp: update config to new format 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 8f3d2cacb5 alacritty: update config 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 8da08f5bee update renamed xkb config 2024-04-06 20:53:27 -03:00
Leonardo Eugênio ac8038d53b update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio a2d92f034b update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 16342e203e update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 51e3c38d59 sway: disable adaptive sync 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 0ab0c2c5d4 update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio d4bf6aa8ff update 2024-04-06 20:53:27 -03:00
Leonardo Eugênio c520de0236 switch to nixpkgs unstable 2024-04-06 20:53:27 -03:00
Leonardo Eugênio 68a7125822 phantom: add script to update, fmt 2024-04-06 20:44:20 -03:00
Leonardo Eugênio d0dd646246 mastodon: clean up media more often 2024-04-06 20:38:46 -03:00
Leonardo Eugênio 5edca9c2c6 phandom: add forgejo server 2024-04-06 20:38:35 -03:00
15 changed files with 111 additions and 6 deletions
Show stats Expand all files Collapse all files

1
flake.nix
View file

@ -123,6 +123,7 @@
modules = [
./hosts/monolith.nix
./system/monolith-gitlab-runner.nix
./system/monolith-forgejo-runner.nix
./system/nix-serve.nix
./system/steam.nix
] ++ common_modules;

1
hosts/phantom/default.nix
View file

@ -12,6 +12,7 @@
./writefreely.nix
./renawiki.nix
./email.nix
./forgejo.nix
];
# # Enable networking

10
hosts/phantom/email.nix
View file

@ -9,13 +9,21 @@
mailserver = {
enable = true;
fqdn = "mail.lelgenio.xyz";
domains = [ "lelgenio.xyz" ];
domains = [
"lelgenio.xyz"
"git.lelgenio.xyz"
];
certificateScheme = "acme-nginx";
# Create passwords with
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"lelgenio@lelgenio.xyz" = {
hashedPassword = "$2y$05$z5s7QCXcs5uTFsfyYpwNJeWzb3RmzgWxNgcPCr0zjSytkLFF/qZmS";
aliases = [ "postmaster@lelgenio.xyz" ];
};
"noreply@git.lelgenio.xyz" = {
hashedPassword = "$2b$05$TmR1R7ZwXfec7yrOfeBL7u3ZtyXf0up5dEO6uMWSvb/O7LPEm.j0.";
};
};
};

56
hosts/phantom/forgejo.nix Normal file
View file

@ -0,0 +1,56 @@
{ lib, pkgs, config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
};
};
services.openssh = {
authorizedKeysFiles = [
"${config.services.forgejo.stateDir}/.ssh/authorized_keys"
];
# Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
settings.AcceptEnv = "GIT_PROTOCOL";
};
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
server = {
DOMAIN = "git.lelgenio.xyz";
HTTP_PORT = 3000;
ROOT_URL = "https://${srv.DOMAIN}/";
};
mailer = {
ENABLED = true;
SMTP_ADDR = "mail.lelgenio.xyz";
FROM = "noreply@git.lelgenio.xyz";
USER = "noreply@git.lelgenio.xyz";
};
};
mailerPasswordFile = config.age.secrets.phantom-forgejo-mailer-password.path;
};
age.secrets.phantom-forgejo-mailer-password = {
file = ../../secrets/phantom-forgejo-mailer-password.age;
mode = "400";
owner = "forgejo";
};
}

1
hosts/phantom/mastodon.nix
View file

@ -6,5 +6,6 @@
smtp.fromAddress = "lelgenio@disroot.org";
streamingProcesses = 2;
extraConfig.SINGLE_USER_MODE = "true";
mediaAutoRemove.olderThanDays = 10;
};
}

2
hosts/phantom/users.nix
View file

@ -2,7 +2,7 @@
security.rtkit.enable = true;
services.openssh = {
enable = true;
ports = [ 9022 ];
ports = [ 9022 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;

5
hosts/phantom/vpsadminos.nix
View file

@ -13,7 +13,8 @@ let
"1.1.1.1"
"2606:4700:4700::1111"
];
in {
in
{
networking.nameservers = mkDefault nameservers;
services.resolved = mkDefault { fallbackDns = nameservers; };
networking.dhcpcd.extraConfig = "noipv4ll";
@ -21,7 +22,7 @@ in {
systemd.services.systemd-sysctl.enable = false;
systemd.services.systemd-oomd.enable = false;
systemd.sockets."systemd-journald-audit".enable = false;
systemd.mounts = [ {where = "/sys/kernel/debug"; enable = false;} ];
systemd.mounts = [{ where = "/sys/kernel/debug"; enable = false; }];
systemd.services.rpc-gssd.enable = false;
# Due to our restrictions in /sys, the default systemd-udev-trigger fails

2
overlays/sway.nix
View file

@ -11,7 +11,7 @@
executable = true;
text = ''
systemctl --user import-environment
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway SWAYSOCK
# systemctl --user stop pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
# systemctl --user start pipewire wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';

BIN
secrets/monolith-forgejo-runner-token.age Normal file
View file

Binary file not shown.

BIN
secrets/phantom-forgejo-mailer-password.age Normal file
View file

Binary file not shown.

2
secrets/secrets.nix
View file

@ -5,9 +5,11 @@ in
"rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"gitlab-runner-thoreb-telemetria-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ];
"monolith-forgejo-runner-token.age".publicKeys = [ main_ssh_public_key ];
"lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ];
"monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ];
"phantom-nextcloud.age".publicKeys = [ main_ssh_public_key ];
"phantom-writefreely.age".publicKeys = [ main_ssh_public_key ];
"phantom-renawiki.age".publicKeys = [ main_ssh_public_key ];
"phantom-forgejo-mailer-password.age".publicKeys = [ main_ssh_public_key ];
}

12
switch-phantom Executable file
View file

@ -0,0 +1,12 @@
#!/bin/sh
nix fmt
git diff
nixos-rebuild switch --flake .#phantom \
--update-input nixpkgs \
--no-write-lock-file \
--build-host phantom \
--target-host phantom \
"$@"

2
system/configuration.nix
View file

@ -59,7 +59,7 @@
security.rtkit.enable = true;
services.openssh = {
enable = true;
enable = false;
ports = [ 9022 ];
settings = {
PermitRootLogin = "no";

19
system/monolith-forgejo-runner.nix Normal file
View file

@ -0,0 +1,19 @@
{ pkgs, config, ... }: {
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "monolith";
url = "https://git.lelgenio.xyz";
tokenFile = config.age.secrets.monolith-forgejo-runner-token.path;
labels = [
# provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:18-bullseye"
# provide native execution on the host
#"native:host"
];
};
};
}

4
system/secrets.nix
View file

@ -6,9 +6,13 @@
../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file =
../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
secrets.monolith-forgejo-runner-token.file =
../secrets/monolith-forgejo-runner-token.age;
secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file =
../secrets/monolith-nix-serve-privkey.age;
secrets.phantom-forgejo-mailer-password.file =
../secrets/phantom-forgejo-mailer-password.age;
};
}