dotfiles/system-nix/flake.nix

146 lines
4.4 KiB
Nix
Raw Normal View History

2022-11-06 20:23:10 +00:00
{
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, ... }:
let lib = nixpkgs.lib; in
{
# Windows with NixOS WSL
nixosConfigurations.Felia = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./wsl-configuration.nix
];
specialArgs = {
# includeHardware = false;
hostname = "Felia";
_services.openssh = {
permitRootLogin = "no";
enable = true;
};
2022-11-14 22:10:46 +00:00
};
};
# Generic machine
nixosConfigurations.lizzi = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
specialArgs = {
hostname = "lizzi";
_networking = {
interfaces.eth1.ipv4.addresses = [{
address = "71.0.0.1";
prefixLength = 24;
}];
firewall = {
enable = false;
# Also wishing for nix-lsp to be a bit better here
# A man can only pray and cry
# How would we add such functionality to nix-lsp if nix is
# inherently lazy?
#
# Can use the schema, maybe?
#
# Also wishing on the ability for services to declare their
# own ports now
#
# Maybe write a mkService?
allowedTCPPorts = [80 443];
};
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
_boot.loader.grub.enable = true;
_boot.loader.grub.version = 2;
_services.openssh = {
permitRootLogin = "no";
enable = true;
};
_services.gitea = {
enable = true;
stateDir = "/gitea";
rootUrl = "https://git.pegasust.com";
settings = {
repository = {
"ENABLE_PUSH_CREATE_USER" = true;
"ENABLE_PUSH_CREATE_ORG" = true;
};
2022-11-14 22:26:42 +00:00
};
};
_services.nginx = {
enable = true;
clientMaxBodySize = "100m"; # Allow big file transfers over git :^)
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.pegasust.com" = {
# Gitea hostname
sslCertificate = "/var/lib/acme/git.pegasust.com/fullchain.pem";
sslCertificateKey = "/var/lib/acme/git.pegasust.com/key.pem";
forceSSL = true; # Runs on port 80 and 443
locations."/".proxyPass = "http://localhost:3000/"; # Proxy to Gitea
};
2022-11-14 22:26:42 +00:00
};
2022-11-14 22:10:46 +00:00
};
};
2022-11-26 01:14:13 +00:00
nixosConfigurations.lester = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
specialArgs = {
hostname = "lester";
_networking = {
2022-11-26 01:14:13 +00:00
firewall.enable = true;
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
_boot.loader.grub.enable = true;
_boot.loader.grub.version = 2;
_services.openssh = {
2022-11-26 01:14:13 +00:00
permitRootLogin = "no";
enable = true;
};
};
};
nixosConfigurations.nyx = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
specialArgs = {
hostname = "nyx";
_networking = {
interfaces.eth1.ipv4.addresses = [{
address = "71.0.0.2";
prefixLength = 24;
}];
firewall.enable = true;
useDHCP = false;
interfaces.eth0.useDHCP = true;
};
_boot.loader.grub.enable = true;
_boot.loader.grub.version = 2;
_services.openssh = {
permitRootLogin = "no";
enable = true;
};
2022-11-14 22:10:46 +00:00
};
};
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
];
specialArgs = {
hostname = "nixos";
};
};
2022-11-06 20:23:10 +00:00
};
}