aboutsummaryrefslogtreecommitdiff
path: root/nix/hosts/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts/nixos')
-rw-r--r--nix/hosts/nixos/vm/default.nix19
-rw-r--r--nix/hosts/nixos/vm/hardware.nix14
-rw-r--r--nix/hosts/nixos/wildcat/configuration.nix140
-rw-r--r--nix/hosts/nixos/wildcat/default.nix18
-rw-r--r--nix/hosts/nixos/wildcat/hardware.nix29
-rw-r--r--nix/hosts/nixos/wildcat/networking.nix51
6 files changed, 271 insertions, 0 deletions
diff --git a/nix/hosts/nixos/vm/default.nix b/nix/hosts/nixos/vm/default.nix
new file mode 100644
index 0000000..f4a51aa
--- /dev/null
+++ b/nix/hosts/nixos/vm/default.nix
@@ -0,0 +1,19 @@
+{ ... }: {
+ imports = [ ./hardware.nix ];
+
+ boot.tmp.cleanOnBoot = true;
+ zramSwap.enable = false;
+
+ networking = {
+ hostName = "nixos";
+ domain = "";
+ };
+
+ services.openssh.enable = true;
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+ ];
+
+ system.stateVersion = "23.11";
+}
diff --git a/nix/hosts/nixos/vm/hardware.nix b/nix/hosts/nixos/vm/hardware.nix
new file mode 100644
index 0000000..89c3d8b
--- /dev/null
+++ b/nix/hosts/nixos/vm/hardware.nix
@@ -0,0 +1,14 @@
+{ modulesPath, ... }:
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ device = "nodev";
+ };
+ fileSystems."/boot" = { device = "/dev/disk/by-uuid/E783-E9AE"; fsType = "vfat"; };
+ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
+ boot.initrd.kernelModules = [ "nvme" ];
+ fileSystems."/" = { device = "/dev/vda2"; fsType = "ext4"; };
+ swapDevices = [{ device = "/dev/vda3"; }];
+}
diff --git a/nix/hosts/nixos/wildcat/configuration.nix b/nix/hosts/nixos/wildcat/configuration.nix
new file mode 100644
index 0000000..b74f522
--- /dev/null
+++ b/nix/hosts/nixos/wildcat/configuration.nix
@@ -0,0 +1,140 @@
+{ lib, pkgs, ... }: {
+ security.acme = {
+ defaults.email = "acme@fcuny.net";
+ acceptTerms = true;
+ };
+
+ # FIXME: I also ran the following as the git user:
+ # git config --global init.defaultBranch main
+ # to ensure that new repositories are created with the default
+ # branch set to `main'.
+ # TODO(fcuny): I could create the configuration file to set the default branch
+ services.gitolite = {
+ enable = true;
+ adminPubkey =
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+ user = "git";
+ group = "git";
+ extraGitoliteRc = ''
+ # Make dirs/files group readable, needed for webserver/cgit. (Default
+ # setting is 0077.)
+ $RC{UMASK} = 0027;
+ $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
+ $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
+ push( @{$RC{ENABLE}}, 'symbolic-ref' );
+ '';
+ };
+
+ services.cgit.main = {
+ enable = true;
+ package = pkgs.cgit-pink;
+ user = "git";
+ group = "git";
+ nginx.virtualHost = "git.fcuny.net";
+ scanPath = "/var/lib/gitolite/repositories";
+ settings = {
+ css = "/cgit.css";
+ logo = "/cgit.png";
+ favicon = "/favicon.ico";
+ robots = "noindex, nofollow";
+ readme = ":README.md";
+ project-list = "/var/lib/gitolite/projects.list";
+ about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
+ source-filter =
+ "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
+ clone-url =
+ (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]);
+ enable-log-filecount = 1;
+ enable-log-linecount = 1;
+ enable-git-config = 1;
+ enable-blame = 1;
+ enable-commit-graph = 1;
+ enable-follow-links = 1;
+ enable-index-links = 1;
+ enable-remote-branches = 1;
+ enable-subject-links = 1;
+ enable-tree-linenumbers = 1;
+ max-atom-items = 108;
+ max-commit-count = 250;
+ max-repo-count = 500;
+ repository-sort = "age";
+ snapshots = "tar.gz";
+ root-title = "¯\\_(ツ)_/¯";
+ root-desc = "source code of my various projects";
+ };
+ };
+
+ virtualisation.oci-containers.containers.excalidraw = {
+ autoStart = true;
+ image = "excalidraw/excalidraw:latest";
+ environment = { TZ = "America/Los_Angeles"; };
+ ports = [ "127.0.0.1:3030:80" ];
+ extraOptions = [ "--pull=always" ];
+ };
+
+ services.nginx = {
+ enable = true;
+
+ recommendedProxySettings = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+
+ virtualHosts = {
+ "fcuny.net" = {
+ # make it the default site: if a request goes through nginx
+ # without a host header, this will be the default site we serve
+ # for that request.
+ default = true;
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/" = { root = "/srv/www/fcuny.net"; };
+ "/.well-known/acme-challenge" = {
+ root = "/var/lib/acme/acme-challenges";
+ };
+ };
+ };
+ "git.fcuny.net" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/.well-known/acme-challenge" = {
+ root = "/var/lib/acme/acme-challenges";
+ };
+ };
+ };
+ "draw.fcuny.net" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/".proxyPass = "http://127.0.0.1:3030";
+ "/.well-known/acme-challenge" = {
+ root = "/var/lib/acme/acme-challenges";
+ };
+ };
+ };
+ };
+ };
+
+ services.restic.backups.git = {
+ user = "fcuny";
+ passwordFile = "/etc/restic.pw";
+ repository = "/srv/backups/git";
+ initialize = true;
+ paths = [ "/var/lib/gitolite" ];
+ exclude = [
+ "/var/lib/gitolite/.bash_history"
+ "/var/lib/gitolite/.ssh"
+ "/var/lib/gitolite/.viminfo"
+ ];
+ extraBackupArgs = [ "--exclude-caches" "--compression=max" ];
+ timerConfig = { OnCalendar = "*:0/30"; };
+ pruneOpts = [
+ "--keep-hourly 36"
+ "--keep-daily 7"
+ "--keep-weekly 4"
+ "--keep-monthly 3"
+ ];
+ };
+}
diff --git a/nix/hosts/nixos/wildcat/default.nix b/nix/hosts/nixos/wildcat/default.nix
new file mode 100644
index 0000000..7bde471
--- /dev/null
+++ b/nix/hosts/nixos/wildcat/default.nix
@@ -0,0 +1,18 @@
+{ ... }: {
+
+ imports = [ ./hardware.nix ./networking.nix ./configuration.nix ];
+
+ boot.tmp.cleanOnBoot = true;
+ zramSwap.enable = true;
+
+ networking.hostName = "fcuny";
+ networking.domain = "net";
+
+ services.openssh.enable = true;
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+ ];
+
+ system.stateVersion = "23.11";
+}
diff --git a/nix/hosts/nixos/wildcat/hardware.nix b/nix/hosts/nixos/wildcat/hardware.nix
new file mode 100644
index 0000000..351c991
--- /dev/null
+++ b/nix/hosts/nixos/wildcat/hardware.nix
@@ -0,0 +1,29 @@
+{ modulesPath, ... }:
+{
+ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "uhci_hcd"
+ "xen_blkfront"
+ "vmw_pvscsi"
+ ];
+
+ boot.loader.grub = {
+ enable = true;
+ device = "/dev/sda";
+ };
+
+ boot.initrd.kernelModules = [ "nvme" ];
+
+ fileSystems = {
+ "/" = {
+ device = "/dev/sda1";
+ fsType = "ext4";
+ };
+ "/srv" = {
+ device = "/dev/disk/by-id/scsi-0HC_Volume_101115314";
+ fsType = "ext4";
+ };
+ };
+}
diff --git a/nix/hosts/nixos/wildcat/networking.nix b/nix/hosts/nixos/wildcat/networking.nix
new file mode 100644
index 0000000..c0b4bd0
--- /dev/null
+++ b/nix/hosts/nixos/wildcat/networking.nix
@@ -0,0 +1,51 @@
+{ lib, ... }: {
+ # This file was populated at runtime with the networking
+ # details gathered from the active system.
+ networking = {
+ nameservers =
+ [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ];
+ defaultGateway = "172.31.1.1";
+ defaultGateway6 = {
+ address = "fe80::1";
+ interface = "eth0";
+ };
+ dhcpcd.enable = false;
+ usePredictableInterfaceNames = lib.mkForce false;
+ interfaces = {
+ eth0 = {
+ ipv4.addresses = [{
+ address = "5.78.87.68";
+ prefixLength = 32;
+ }];
+ ipv6.addresses = [
+ {
+ address = "2a01:4ff:1f0:d1a3::1";
+ prefixLength = 64;
+ }
+ {
+ address = "fe80::9400:3ff:fe98:d6dc";
+ prefixLength = 64;
+ }
+ ];
+ ipv4.routes = [{
+ address = "172.31.1.1";
+ prefixLength = 32;
+ }];
+ ipv6.routes = [{
+ address = "fe80::1";
+ prefixLength = 128;
+ }];
+ };
+
+ };
+ firewall.allowedTCPPorts = [
+ 22 # ssh
+ 80 # nginx
+ 443 # nginx
+ ];
+ };
+ services.udev.extraRules = ''
+ ATTR{address}=="96:00:03:98:d6:dc", NAME="eth0"
+
+ '';
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 10:56:49 +0000