Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'main' of ssh://grimmauld.de:2222/Grimmauld/grimm-nixos-laptop

Browse source
This commit is contained in:
Grimmauld 2024-09-08 15:41:49 +02:00
commit 2bff480d76
Signed by: Grimmauld
GPG key ID: C2946668769F91FB
7 changed files with 68 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
common/tooling/security.nix
View file

@ -59,6 +59,7 @@ in
++ optional graphical pkgs.lxqt.lxqt-policykit;
services.passSecretService.enable = mkIf (tooling.enable && tooling.pass) true;
services.openssh.settings.LoginGraceTime = 0;
programs.gnupg.agent = {
settings = {
# default-cache-ttl = 6000;

2
fake_flake.nix
View file

@ -41,7 +41,7 @@ in
{
imports = [
"${nivSources.agenix}/modules/age.nix"
# "${nivSources.nixos-mailserver}/default.nix"
"${nivSources.nixos-mailserver}/default.nix"
"${nivSources.nixos-matrix-modules}/module.nix"
(builtins.getFlake (asGithubRef nivSources.aagl-gtk-on-nix)).nixosModules.default

9
modules/default.nix
View file

@ -10,7 +10,7 @@ in
./gitea.nix
./grafana.nix
./nextcloud.nix
./prometheus.nix
# ./prometheus.nix
# ./mjolnir.nix
./fail2ban.nix
./email.nix
@ -18,6 +18,8 @@ in
./mastodon.nix
./nix_cache.nix
./auth.nix
./hedgedoc.nix
./factorio.nix
];
options.serverConfig =
@ -147,6 +149,11 @@ in
host = "puffer.${domain}";
accessType = "proxy";
};
hedgedoc_host = {
port = 8048;
host = "hedgedoc.${domain}";
accessType = "proxy";
};
tlemap_host = {
port = 8100;
host = "tlemap.${domain}";

2
modules/email.nix
View file

@ -7,7 +7,7 @@ in
# services.dovecot2.sieve.extensions = [ "fileinto" ]; # sives break without this for some reason
mailserver = {
enable = true;
# fqdn = vhosts.mail_host.host;
fqdn = vhosts.mail_host.host;
domains = [ domain ];
# A list of all login accounts. To create the password hashes, use

27
modules/factorio.nix Normal file
View file

@ -0,0 +1,27 @@
{ pkgs, config, lib, ...}: {
networking.firewall.allowedTCPPorts = [
34197
];
networking.firewall.allowedUDPPorts = [
34197
];
systemd.services.clusterio-trangar = {
description = "clusterio pulling its config from trang.ar";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig.Type = "simple";
# serviceConfig.PassEnvironment = "NIX_PATH";
#serviceConfig.User = "grimmauld";
#serviceConfig.Group = "users";
serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio";
script = ''
${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix
'';
wantedBy = ["multi-user.target"]; # starts after login
enable = true;
};
}

17
modules/hedgedoc.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, ... }:
let
inherit (config.serverConfig) vhosts;
in {
services.hedgedoc = {
enable = true;
settings = {
domain = vhosts.hedgedoc_host.host;
inherit (vhosts.hedgedoc_host) port;
host = "127.0.0.1";
protocolUseSSL = true;
allowEmailRegister = false; # no registrations for now
allowAnonymousEdits = true; # anonymous can edit select files
allowAnonymous = false; # anonymous can't actually create notes
};
};
}

26
nix/sources.json
View file

@ -5,10 +5,10 @@
"homepage": null,
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "4d7fa422b50b612aa29bfb8487472f1cd9bad85b",
"sha256": "1mnsks7kibjr8kb1cjy2052kjaxrvfp5adg2ibfal7j9862042af",
"rev": "49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8",
"sha256": "1275gl2ly0iaqapxwimsbnky9fzwa0x3miscz372qa74gcc0wjwv",
"type": "tarball",
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/4d7fa422b50b612aa29bfb8487472f1cd9bad85b.tar.gz",
"url": "https://github.com/ezKEa/aagl-gtk-on-nix/archive/49e1dd54d3ac9b858d3be597a2fbc48ab67fa6e8.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"agenix": {
@ -29,10 +29,10 @@
"homepage": "",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "39cf62b92149800dd2a436f8b18acd471c9180dd",
"sha256": "07zkf00c5zw62709lmyh0kn0g9rbfd7qn8qfxhr4p0p3y59wiz7x",
"rev": "f1bd855c23e73e04597695ca37ae54671a7e07b1",
"sha256": "1dkp86mr2n0h4hq74wj3b0b9ka8x2xkwv8pcbwk5knhrv26qajwb",
"type": "tarball",
"url": "https://github.com/nix-community/authentik-nix/archive/39cf62b92149800dd2a436f8b18acd471c9180dd.tar.gz",
"url": "https://github.com/nix-community/authentik-nix/archive/f1bd855c23e73e04597695ca37ae54671a7e07b1.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"chaotic": {
@ -41,10 +41,10 @@
"homepage": "https://nyx.chaotic.cx",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "86e3fe5d4ae055f99e3ce41b803dcfb5e66cc008",
"sha256": "1ha6hxf0l6z5x8px0yc0vmvvqycy3pcx08f0mldzcbmx7gfhsq17",
"rev": "38451822a144faa53a7ee96d4f0478d94945b67a",
"sha256": "08rcfarlda0fxgc02xdfyk8dsp18bmiyf0n39sfd5nq1s5513awy",
"type": "tarball",
"url": "https://github.com/chaotic-cx/nyx/archive/86e3fe5d4ae055f99e3ce41b803dcfb5e66cc008.tar.gz",
"url": "https://github.com/chaotic-cx/nyx/archive/38451822a144faa53a7ee96d4f0478d94945b67a.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"glibc-eac": {
@ -68,7 +68,7 @@
"lix-pkg": {
"branch": "main",
"repo": "https://git.lix.systems/lix-project/lix.git",
"rev": "a510d1748416ff29b1ed3cab92ac0ad943b6e590",
"rev": "f2a49032a698bd96b37e8df8f02ec403fd0bed0f",
"type": "git"
},
"nixos-mailserver": {
@ -95,10 +95,10 @@
"homepage": null,
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"sha256": "1b47065q41ar9585ra4akb4s4kjwcs3p3g4chrpps8704vz7nx0s",
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"sha256": "0s6h7r9jin9sd8l85hdjwl3jsvzkddn3blggy78w4f21qa3chymz",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/71e91c409d1e654808b2621f28a327acfdad8dc2.tar.gz",
"url": "https://github.com/NixOS/nixpkgs/archive/574d1eac1c200690e27b8eb4e24887f8df7ac27c.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"ranger_udisk_menu": {