StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

hosts split in folders

Browse source
This commit is contained in:
goeranh 2025-10-10 20:17:58 +02:00
parent 9b88efa1fd
commit c029483b12
No known key found for this signature in database
13 changed files with 565 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

58
default.nix Normal file
View file

@ -0,0 +1,58 @@
{
config,
lib,
pkgs,
...
}:
let
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
];
in
{
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
boot.kernelPackages = pkgs.linuxPackages_latest;
nix.settings.trusted-users = [ "administration" ];
networking.domain = "test.htw.stura-dresden.de";
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkForce "de";
useXkbConfig = true; # use xkb.options in tty.
};
users.users = {
administration = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = keys;
};
root = {
#yolo
openssh.authorizedKeys.keys = keys;
};
};
environment.systemPackages = with pkgs; [
tmux
git
htop
neovim
];
services.openssh.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de";
}

159
flake.lock generated
View file

@ -14,15 +14,15 @@
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1747509307,
"narHash": "sha256-v08I8e2006ZHamRJ9iawHGoQphYsQu0TrORd5qwg4nk=",
"owner": "MarcelCoding",
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "fa8d3ea7335ee2adf4d1a633bc725199def62791",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
"owner": "MarcelCoding",
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
@ -30,16 +30,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1747329052,
"narHash": "sha256-idShMSYIrf3ViG9VFNGNu6TSjBz3Q+GJMMeCzcJwfG4=",
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "ae47624761f05040149d856d5e55a90cd7492740",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.4.1",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
@ -60,31 +60,6 @@
"type": "gitlab"
}
},
"cradle": {
"inputs": {
"flake-utils": [
"nixos-compose",
"flake-utils"
],
"nixpkgs": [
"nixos-compose",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717164253,
"narHash": "sha256-OiQnrWO78bsM23Gt7rWEoGh0Zeg5CDv+OiraKskjgd8=",
"owner": "garnix-io",
"repo": "cradle",
"rev": "dbad639f4ba132f336588b85089cd1dc0acad4ea",
"type": "github"
},
"original": {
"owner": "garnix-io",
"repo": "cradle",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -142,11 +117,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@ -176,45 +151,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"garnix-lib": {
"inputs": {
"nixpkgs": [
"nixos-compose",
"nixpkgs"
]
},
"locked": {
"lastModified": 1746387091,
"narHash": "sha256-YivN7BL4XkZIJpUTdDJRQpYX/JORVdbZTQbSnULgRnY=",
"owner": "garnix-io",
"repo": "garnix-lib",
"rev": "4cc103317aef34dd99617ed9ff12c44d659d86d0",
"type": "github"
},
"original": {
"owner": "garnix-io",
"repo": "garnix-lib",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
@ -316,52 +252,29 @@
"type": "github"
}
},
"nixos-compose": {
"inputs": {
"cradle": "cradle",
"flake-utils": "flake-utils_2",
"garnix-lib": "garnix-lib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758119190,
"narHash": "sha256-uUKZjoFd/7kdI0qB7KZO7+rLVSyz0W8jM37OEXhh0rU=",
"owner": "garnix-io",
"repo": "nixos-compose",
"rev": "95fafed883d9c5726d733e32fcb2f498d258d756",
"type": "github"
},
"original": {
"owner": "garnix-io",
"repo": "nixos-compose",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1747335874,
"narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=",
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
@ -402,11 +315,11 @@
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"lastModified": 1757296493,
"narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
"type": "github"
},
"original": {
@ -423,11 +336,11 @@
]
},
"locked": {
"lastModified": 1746540146,
"narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=",
"lastModified": 1757246327,
"narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "e09c10c24ebb955125fda449939bfba664c467fd",
"rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
"type": "github"
},
"original": {
@ -441,7 +354,6 @@
"authentik": "authentik",
"disko": "disko",
"mailserver": "mailserver",
"nixos-compose": "nixos-compose",
"nixpkgs": "nixpkgs_2",
"sops": "sops"
}
@ -481,21 +393,6 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
@ -508,11 +405,11 @@
]
},
"locked": {
"lastModified": 1746649034,
"narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=",
"lastModified": 1757925761,
"narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "fe540e91c26f378c62bf6da365a97e848434d0cd",
"rev": "780494c40895bb7419a73d942bee326291e80b3b",
"type": "github"
},
"original": {

74
flake.nix
View file

@ -5,7 +5,7 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
authentik = {
url = "github:MarcelCoding/authentik-nix";
url = "github:nix-community/authentik-nix";
};
mailserver = {
url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.05";
@ -33,30 +33,58 @@
disko,
sops,
}:
{
rec {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
packages.x86_64-linux =
builtins.foldl'
(
result: name:
result
// {
iso = nixosConfigurations.${name}.config.system.build.isoImage;
}
)
{ }
( # filter all nixos configs containing installer
builtins.filter (item: nixpkgs.lib.hasInfix "installer" item) (
builtins.attrNames nixosConfigurations
)
);
devShells.x86_64-linux = {
default = nixpkgs.legacyPackages.x86_64-linux.mkShell {
packages = with nixpkgs.legacyPackages.x86_64-linux; [
ssh-to-age
sops
];
};
};
nixosConfigurations = {
authentik = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
./hetzner-disk.nix
disko.nixosModules.disko
authentik.nixosModules.default
mailserver.nixosModules.mailserver
sops.nixosModules.sops
];
};
};
nixosConfigurations = builtins.foldl' (
result: input:
result
// {
"${input}" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/${input}
./hosts/${input}/hetzner-disk.nix
./default.nix
disko.nixosModules.disko
authentik.nixosModules.default
mailserver.nixosModules.mailserver
];
};
# build iso image vor every config
"${input}-installer" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/${input}
./default.nix
disko.nixosModules.disko
authentik.nixosModules.default
mailserver.nixosModules.mailserver
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
{
users.users.administration.password = "test";
users.users.root.password = "test";
}
];
};
}
) { } (builtins.attrNames (builtins.readDir ./hosts));
};
}

10
authentik.nix → hosts/authentik/authentik.nix
View file

@ -32,12 +32,6 @@
disable_startup_analytics = true;
avatars = "initials";
};
# nginx = {
# enable = true;
# enableACME = true;
# host = "auth.${config.networking.domain}";
# };
};
services.nginx = {
@ -50,6 +44,10 @@
proxyPass = "http://localhost:9000";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
};

57
hosts/authentik/default.nix Normal file
View file

@ -0,0 +1,57 @@
{
config,
lib,
pkgs,
...
}:
let
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
];
in
{
imports = [
./hardware-configuration.nix
./authentik.nix
];
networking.hostName = "mail";
networking.extraHosts = ''
127.0.0.1 auth.test.htw.stura-dresden.de
'';
networking.interfaces.ens18.ipv4.addresses = [
{
address = "167.235.225.23";
prefixLength = 32;
}
];
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a01:4f8:c012:6bd7::1";
prefixLength = 32;
}
];
networking.defaultGateway.address = "172.31.1.1";
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
];
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:18507";
# };
};
networking.firewall.allowedTCPPorts = [
80
443
];
system.stateVersion = "25.05";
}

38
hosts/authentik/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# {
# device = "/dev/sda1";
# fsType = "ext4";
# };
# swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

56
hosts/authentik/hetzner-disk.nix Normal file
View file

@ -0,0 +1,56 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/rootfs" = {
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

67
hosts/git/default.nix Normal file
View file

@ -0,0 +1,67 @@
{
config,
lib,
pkgs,
...
}:
let
generatedAliases = pkgs.writeText "generated-aliases" (
lib.concatStringsSep "\n" (
lib.mapCartesianProduct
({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de")
{
aliases = [
"abuse"
"hostmaster"
"noreply"
"postmaster"
"webmaster"
];
domain = config.mailserver.domains;
}
)
);
in
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "git";
networking.domain = "test.htw.stura-dresden.de";
networking.interfaces.ens18.ipv4.addresses = [
{
address = "167.235.225.23";
prefixLength = 32;
}
];
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a01:4f8:c012:6bd7::1";
prefixLength = 32;
}
];
networking.defaultGateway.address = "172.31.1.1";
networking.nameservers = [
"9.9.9.9"
"1.1.1.1"
];
services.openssh.enable = true;
# virtualisation.docker.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de";
networking.firewall.allowedTCPPorts = [
25
80
443
597
];
system.stateVersion = "24.11";
}

38
hosts/git/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# {
# device = "/dev/sda1";
# fsType = "ext4";
# };
# swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

56
hosts/git/hetzner-disk.nix Normal file
View file

@ -0,0 +1,56 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/rootfs" = {
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

95
configuration.nix → hosts/mail/default.nix
View file

@ -7,16 +7,18 @@
let
generatedAliases = pkgs.writeText "generated-aliases" (
lib.concatStringsSep "\n" (
lib.mapCartesianProduct ({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de") {
aliases = [
"abuse"
"hostmaster"
"noreply"
"postmaster"
"webmaster"
];
domain = config.mailserver.domains;
}
lib.mapCartesianProduct
({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de")
{
aliases = [
"abuse"
"hostmaster"
"noreply"
"postmaster"
"webmaster"
];
domain = config.mailserver.domains;
}
)
);
@ -24,7 +26,6 @@ in
{
imports = [
./hardware-configuration.nix
./authentik.nix
];
security.pam.loginLimits = [
@ -35,18 +36,13 @@ in
value = "8192";
}
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "administration" ];
nix.settings.download-buffer-size = 6710886400;
# nix.settings.trusted-users = [ "administration" ];
# nix.settings.download-buffer-size = 6710886400;
# boot.loader.grub.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
networking.hostName = "mail";
networking.extraHosts = ''
@ -72,61 +68,6 @@ in
"1.1.1.1"
];
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = lib.mkForce "de";
useXkbConfig = true; # use xkb.options in tty.
};
users.users.administration = {
isNormalUser = true;
initialPassword = "test";
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
];
packages = with pkgs; [
];
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
];
# users.ldap = {
# server = "ldaps://auth.test.htw.stura-dresden.de:6636";
# enable = true;
# bind = {
# distinguishedName = "cn=dovecot,ou=users,dc=dovecot,dc=test,dc=htw,dc=stura-dresden,dc=de";
# passwordFile = "/var/lib/dovecot_ldap_passwd";
# };
# base = "dc=dovecot,dc=test,dc=htw,dc=stura-dresden,dc=de";
# };
environment.systemPackages = with pkgs; [
tmux
git
htop
neovim
];
services.openssh.enable = true;
# services.dovecot2 = {
# extraConfig = ''
# auth_verbose = yes
# auth_debug = yes
# auth_debug_passwords = yes
# '';
# };
services.nginx.virtualHosts."auth.test.htw.stura-dresden.de".locations."/".extraConfig = ''
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
services.nginx.virtualHosts."lists.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;

38
hosts/mail/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# {
# device = "/dev/sda1";
# fsType = "ext4";
# };
# swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

56
hosts/mail/hetzner-disk.nix Normal file
View file

@ -0,0 +1,56 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
"/rootfs" = {
mountpoint = "/";
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
# Sub(sub)volume doesn't need a mountpoint as its parent is mounted
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}