From c029483b12302f4f98c54edba37d463b6ac825ec Mon Sep 17 00:00:00 2001 From: goeranh Date: Fri, 10 Oct 2025 20:17:58 +0200 Subject: [PATCH] hosts split in folders --- default.nix | 58 +++++++ flake.lock | 159 +++--------------- flake.nix | 74 +++++--- .../authentik/authentik.nix | 10 +- hosts/authentik/default.nix | 57 +++++++ hosts/authentik/hardware-configuration.nix | 38 +++++ hosts/authentik/hetzner-disk.nix | 56 ++++++ hosts/git/default.nix | 67 ++++++++ hosts/git/hardware-configuration.nix | 38 +++++ hosts/git/hetzner-disk.nix | 56 ++++++ configuration.nix => hosts/mail/default.nix | 95 ++--------- hosts/mail/hardware-configuration.nix | 38 +++++ hosts/mail/hetzner-disk.nix | 56 ++++++ 13 files changed, 565 insertions(+), 237 deletions(-) create mode 100644 default.nix rename authentik.nix => hosts/authentik/authentik.nix (87%) create mode 100644 hosts/authentik/default.nix create mode 100644 hosts/authentik/hardware-configuration.nix create mode 100644 hosts/authentik/hetzner-disk.nix create mode 100644 hosts/git/default.nix create mode 100644 hosts/git/hardware-configuration.nix create mode 100644 hosts/git/hetzner-disk.nix rename configuration.nix => hosts/mail/default.nix (63%) create mode 100644 hosts/mail/hardware-configuration.nix create mode 100644 hosts/mail/hetzner-disk.nix diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..ce3453e --- /dev/null +++ b/default.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + pkgs, + ... +}: +let + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" + ]; +in +{ + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + boot.kernelPackages = pkgs.linuxPackages_latest; + + nix.settings.trusted-users = [ "administration" ]; + + networking.domain = "test.htw.stura-dresden.de"; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = lib.mkForce "de"; + useXkbConfig = true; # use xkb.options in tty. + }; + + users.users = { + administration = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = keys; + }; + root = { + #yolo + openssh.authorizedKeys.keys = keys; + }; + }; + + environment.systemPackages = with pkgs; [ + tmux + git + htop + neovim + ]; + + services.openssh.enable = true; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "cert@stura.htw-dresden.de"; +} diff --git a/flake.lock b/flake.lock index 14ac856..0630e88 100644 --- a/flake.lock +++ b/flake.lock @@ -14,15 +14,15 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1747509307, - "narHash": "sha256-v08I8e2006ZHamRJ9iawHGoQphYsQu0TrORd5qwg4nk=", - "owner": "MarcelCoding", + "lastModified": 1759322529, + "narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=", + "owner": "nix-community", "repo": "authentik-nix", - "rev": "fa8d3ea7335ee2adf4d1a633bc725199def62791", + "rev": "69fac057b2e553ee17c9a09b822d735823d65a6c", "type": "github" }, "original": { - "owner": "MarcelCoding", + "owner": "nix-community", "repo": "authentik-nix", "type": "github" } @@ -30,16 +30,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1747329052, - "narHash": "sha256-idShMSYIrf3ViG9VFNGNu6TSjBz3Q+GJMMeCzcJwfG4=", + "lastModified": 1759190535, + "narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=", "owner": "goauthentik", "repo": "authentik", - "rev": "ae47624761f05040149d856d5e55a90cd7492740", + "rev": "8d3a289d12c7de2f244c76493af7880f70d08af2", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version/2025.4.1", + "ref": "version/2025.8.4", "repo": "authentik", "type": "github" } @@ -60,31 +60,6 @@ "type": "gitlab" } }, - "cradle": { - "inputs": { - "flake-utils": [ - "nixos-compose", - "flake-utils" - ], - "nixpkgs": [ - "nixos-compose", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1717164253, - "narHash": "sha256-OiQnrWO78bsM23Gt7rWEoGh0Zeg5CDv+OiraKskjgd8=", - "owner": "garnix-io", - "repo": "cradle", - "rev": "dbad639f4ba132f336588b85089cd1dc0acad4ea", - "type": "github" - }, - "original": { - "owner": "garnix-io", - "repo": "cradle", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -142,11 +117,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -176,45 +151,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "garnix-lib": { - "inputs": { - "nixpkgs": [ - "nixos-compose", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1746387091, - "narHash": "sha256-YivN7BL4XkZIJpUTdDJRQpYX/JORVdbZTQbSnULgRnY=", - "owner": "garnix-io", - "repo": "garnix-lib", - "rev": "4cc103317aef34dd99617ed9ff12c44d659d86d0", - "type": "github" - }, - "original": { - "owner": "garnix-io", - "repo": "garnix-lib", - "type": "github" - } - }, "git-hooks": { "inputs": { "flake-compat": [ @@ -316,52 +252,29 @@ "type": "github" } }, - "nixos-compose": { - "inputs": { - "cradle": "cradle", - "flake-utils": "flake-utils_2", - "garnix-lib": "garnix-lib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1758119190, - "narHash": "sha256-uUKZjoFd/7kdI0qB7KZO7+rLVSyz0W8jM37OEXhh0rU=", - "owner": "garnix-io", - "repo": "nixos-compose", - "rev": "95fafed883d9c5726d733e32fcb2f498d258d756", - "type": "github" - }, - "original": { - "owner": "garnix-io", - "repo": "nixos-compose", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1747335874, - "narHash": "sha256-IKKIXTSYJMmUtE+Kav5Rob8SgLPnfnq4Qu8LyT4gdqQ=", + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ba8b70ee098bc5654c459d6a95dfc498b91ff858", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -402,11 +315,11 @@ ] }, "locked": { - "lastModified": 1744599653, - "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", + "lastModified": 1757296493, + "narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", + "rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38", "type": "github" }, "original": { @@ -423,11 +336,11 @@ ] }, "locked": { - "lastModified": 1746540146, - "narHash": "sha256-QxdHGNpbicIrw5t6U3x+ZxeY/7IEJ6lYbvsjXmcxFIM=", + "lastModified": 1757246327, + "narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "e09c10c24ebb955125fda449939bfba664c467fd", + "rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e", "type": "github" }, "original": { @@ -441,7 +354,6 @@ "authentik": "authentik", "disko": "disko", "mailserver": "mailserver", - "nixos-compose": "nixos-compose", "nixpkgs": "nixpkgs_2", "sops": "sops" } @@ -481,21 +393,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "uv2nix": { "inputs": { "nixpkgs": [ @@ -508,11 +405,11 @@ ] }, "locked": { - "lastModified": 1746649034, - "narHash": "sha256-gmv+ZiY3pQnwgI0Gm3Z1tNSux1CnOJ0De+xeDOol1+0=", + "lastModified": 1757925761, + "narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "fe540e91c26f378c62bf6da365a97e848434d0cd", + "rev": "780494c40895bb7419a73d942bee326291e80b3b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9d642f4..3af27e1 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; authentik = { - url = "github:MarcelCoding/authentik-nix"; + url = "github:nix-community/authentik-nix"; }; mailserver = { url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver?ref=nixos-25.05"; @@ -33,30 +33,58 @@ disko, sops, }: - { + rec { formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; + packages.x86_64-linux = + builtins.foldl' + ( + result: name: + result + // { + iso = nixosConfigurations.${name}.config.system.build.isoImage; + } + ) + { } + ( # filter all nixos configs containing installer + builtins.filter (item: nixpkgs.lib.hasInfix "installer" item) ( + builtins.attrNames nixosConfigurations + ) + ); - devShells.x86_64-linux = { - default = nixpkgs.legacyPackages.x86_64-linux.mkShell { - packages = with nixpkgs.legacyPackages.x86_64-linux; [ - ssh-to-age - sops - ]; - }; - }; - nixosConfigurations = { - authentik = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./configuration.nix - ./hetzner-disk.nix - disko.nixosModules.disko - authentik.nixosModules.default - mailserver.nixosModules.mailserver - sops.nixosModules.sops - ]; - }; - }; + nixosConfigurations = builtins.foldl' ( + result: input: + result + // { + "${input}" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/${input} + ./hosts/${input}/hetzner-disk.nix + ./default.nix + disko.nixosModules.disko + authentik.nixosModules.default + mailserver.nixosModules.mailserver + ]; + }; + + # build iso image vor every config + "${input}-installer" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/${input} + ./default.nix + disko.nixosModules.disko + authentik.nixosModules.default + mailserver.nixosModules.mailserver + "${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix" + { + users.users.administration.password = "test"; + users.users.root.password = "test"; + } + ]; + }; + } + ) { } (builtins.attrNames (builtins.readDir ./hosts)); }; } diff --git a/authentik.nix b/hosts/authentik/authentik.nix similarity index 87% rename from authentik.nix rename to hosts/authentik/authentik.nix index 0460ec3..0a74073 100644 --- a/authentik.nix +++ b/hosts/authentik/authentik.nix @@ -32,12 +32,6 @@ disable_startup_analytics = true; avatars = "initials"; }; - - # nginx = { - # enable = true; - # enableACME = true; - # host = "auth.${config.networking.domain}"; - # }; }; services.nginx = { @@ -50,6 +44,10 @@ proxyPass = "http://localhost:9000"; proxyWebsockets = true; recommendedProxySettings = true; + extraConfig = '' + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; }; }; }; diff --git a/hosts/authentik/default.nix b/hosts/authentik/default.nix new file mode 100644 index 0000000..afe6f6a --- /dev/null +++ b/hosts/authentik/default.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + pkgs, + ... +}: +let + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" + ]; + +in +{ + imports = [ + ./hardware-configuration.nix + ./authentik.nix + ]; + + networking.hostName = "mail"; + networking.extraHosts = '' + 127.0.0.1 auth.test.htw.stura-dresden.de + ''; + networking.interfaces.ens18.ipv4.addresses = [ + { + address = "167.235.225.23"; + prefixLength = 32; + } + ]; + + networking.interfaces.ens18.ipv6.addresses = [ + { + address = "2a01:4f8:c012:6bd7::1"; + prefixLength = 32; + } + ]; + networking.defaultGateway.address = "172.31.1.1"; + networking.nameservers = [ + "9.9.9.9" + "1.1.1.1" + ]; + + services.nginx.virtualHosts."lists.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + # locations."/" = { + # proxyPass = "http://127.0.0.1:18507"; + # }; + }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/authentik/hardware-configuration.nix b/hosts/authentik/hardware-configuration.nix new file mode 100644 index 0000000..b92ae55 --- /dev/null +++ b/hosts/authentik/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/authentik/hetzner-disk.nix b/hosts/authentik/hetzner-disk.nix new file mode 100644 index 0000000..a679e7c --- /dev/null +++ b/hosts/authentik/hetzner-disk.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/git/default.nix b/hosts/git/default.nix new file mode 100644 index 0000000..1f9912e --- /dev/null +++ b/hosts/git/default.nix @@ -0,0 +1,67 @@ +{ + config, + lib, + pkgs, + ... +}: +let + generatedAliases = pkgs.writeText "generated-aliases" ( + lib.concatStringsSep "\n" ( + lib.mapCartesianProduct + ({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de") + { + aliases = [ + "abuse" + "hostmaster" + "noreply" + "postmaster" + "webmaster" + ]; + domain = config.mailserver.domains; + } + ) + ); + +in +{ + imports = [ + ./hardware-configuration.nix + ]; + + networking.hostName = "git"; + networking.domain = "test.htw.stura-dresden.de"; + networking.interfaces.ens18.ipv4.addresses = [ + { + address = "167.235.225.23"; + prefixLength = 32; + } + ]; + + networking.interfaces.ens18.ipv6.addresses = [ + { + address = "2a01:4f8:c012:6bd7::1"; + prefixLength = 32; + } + ]; + networking.defaultGateway.address = "172.31.1.1"; + networking.nameservers = [ + "9.9.9.9" + "1.1.1.1" + ]; + + services.openssh.enable = true; + + # virtualisation.docker.enable = true; + security.acme.acceptTerms = true; + security.acme.defaults.email = "cert@stura.htw-dresden.de"; + + networking.firewall.allowedTCPPorts = [ + 25 + 80 + 443 + 597 + ]; + + system.stateVersion = "24.11"; + +} diff --git a/hosts/git/hardware-configuration.nix b/hosts/git/hardware-configuration.nix new file mode 100644 index 0000000..b92ae55 --- /dev/null +++ b/hosts/git/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/git/hetzner-disk.nix b/hosts/git/hetzner-disk.nix new file mode 100644 index 0000000..a679e7c --- /dev/null +++ b/hosts/git/hetzner-disk.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/configuration.nix b/hosts/mail/default.nix similarity index 63% rename from configuration.nix rename to hosts/mail/default.nix index 1cb0f5a..7ae9298 100644 --- a/configuration.nix +++ b/hosts/mail/default.nix @@ -7,16 +7,18 @@ let generatedAliases = pkgs.writeText "generated-aliases" ( lib.concatStringsSep "\n" ( - lib.mapCartesianProduct ({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de") { - aliases = [ - "abuse" - "hostmaster" - "noreply" - "postmaster" - "webmaster" - ]; - domain = config.mailserver.domains; - } + lib.mapCartesianProduct + ({ aliases, domain }: "${aliases}@${domain} root@test.htw.stura-dresden.de") + { + aliases = [ + "abuse" + "hostmaster" + "noreply" + "postmaster" + "webmaster" + ]; + domain = config.mailserver.domains; + } ) ); @@ -24,7 +26,6 @@ in { imports = [ ./hardware-configuration.nix - ./authentik.nix ]; security.pam.loginLimits = [ @@ -35,18 +36,13 @@ in value = "8192"; } ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - nix.settings.trusted-users = [ "administration" ]; - nix.settings.download-buffer-size = 6710886400; + # nix.settings.trusted-users = [ "administration" ]; + # nix.settings.download-buffer-size = 6710886400; # boot.loader.grub.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + # boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; networking.hostName = "mail"; networking.extraHosts = '' @@ -72,61 +68,6 @@ in "1.1.1.1" ]; - time.timeZone = "Europe/Berlin"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = lib.mkForce "de"; - useXkbConfig = true; # use xkb.options in tty. - }; - - users.users.administration = { - isNormalUser = true; - initialPassword = "test"; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" - ]; - packages = with pkgs; [ - ]; - }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7" - ]; - - # users.ldap = { - # server = "ldaps://auth.test.htw.stura-dresden.de:6636"; - # enable = true; - # bind = { - # distinguishedName = "cn=dovecot,ou=users,dc=dovecot,dc=test,dc=htw,dc=stura-dresden,dc=de"; - # passwordFile = "/var/lib/dovecot_ldap_passwd"; - # }; - # base = "dc=dovecot,dc=test,dc=htw,dc=stura-dresden,dc=de"; - # }; - - environment.systemPackages = with pkgs; [ - tmux - git - htop - neovim - ]; - - services.openssh.enable = true; - # services.dovecot2 = { - # extraConfig = '' - # auth_verbose = yes - # auth_debug = yes - # auth_debug_passwords = yes - # ''; - # }; - - services.nginx.virtualHosts."auth.test.htw.stura-dresden.de".locations."/".extraConfig = '' - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; services.nginx.virtualHosts."lists.${config.networking.domain}" = { enableACME = true; forceSSL = true; diff --git a/hosts/mail/hardware-configuration.nix b/hosts/mail/hardware-configuration.nix new file mode 100644 index 0000000..b92ae55 --- /dev/null +++ b/hosts/mail/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # fileSystems."/" = + # { + # device = "/dev/sda1"; + # fsType = "ext4"; + # }; + + # swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/mail/hetzner-disk.nix b/hosts/mail/hetzner-disk.nix new file mode 100644 index 0000000..a679e7c --- /dev/null +++ b/hosts/mail/hetzner-disk.nix @@ -0,0 +1,56 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + ESP = { + priority = 1; + name = "ESP"; + start = "1M"; + end = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + subvolumes = { + "/rootfs" = { + mountpoint = "/"; + }; + "/home" = { + mountOptions = [ "compress=zstd" ]; + mountpoint = "/home"; + }; + # Sub(sub)volume doesn't need a mountpoint as its parent is mounted + "/nix" = { + mountOptions = [ + "compress=zstd" + "noatime" + ]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +}