diff --git a/home-nix/home.nix b/home-nix/home.nix index 3d9f356..25db468 100644 --- a/home-nix/home.nix +++ b/home-nix/home.nix @@ -8,13 +8,14 @@ let nvim_pkgs = [ # Yes, I desperately want neovim to work out-of-the-box without flake.nix for now # I want at least python LSP to work everywhere because it's basically # an alternative to bash script when I move to OpenColo + pkgs.ncdu pkgs.neovim pkgs.gccStdenv pkgs.gcc pkgs.tree-sitter pkgs.ripgrep pkgs.fzf - pkgs.sumneko-lua-language-server + # pkgs.sumneko-lua-language-server pkgs.ripgrep pkgs.zk pkgs.fd diff --git a/system-nix/configuration.nix b/system-nix/configuration.nix index ad40cd0..5007d91 100755 --- a/system-nix/configuration.nix +++ b/system-nix/configuration.nix @@ -16,6 +16,9 @@ with lib; ]; boot = _boot; +# prune old builds + nix.settings.auto-optimise-store = true; + system.stateVersion = "22.05"; # users.users..uid = 1000; # networking.hostName = "nixos"; diff --git a/system-nix/flake.nix b/system-nix/flake.nix index bd3c5c2..e7d6a96 100644 --- a/system-nix/flake.nix +++ b/system-nix/flake.nix @@ -36,10 +36,11 @@ prefixLength = 24; }]; firewall = { - enable = false; + enable = true; allowedTCPPorts = [ 80 443 22 ]; }; useDHCP = false; + # required so that we get IP address from linode interfaces.eth0.useDHCP = true; }; _boot.loader.grub.enable = true; @@ -59,6 +60,7 @@ }; }; }; + # Highly suspect that thanks to nginx, ipv6 is disabled? _services.nginx = { enable = true; clientMaxBodySize = "100m"; # Allow big file transfers over git :^) @@ -94,76 +96,7 @@ allowedTCPPorts = [ 80 443 22 ]; }; useDHCP = false; - interfaces.eth0.useDHCP = true; - }; - _boot.loader.grub.enable = true; - _boot.loader.grub.version = 2; - _services.openssh = { - permitRootLogin = "no"; - enable = true; - }; - _services.gitea = { - enable = true; - stateDir = "/gitea"; - rootUrl = "https://git.pegasust.com"; - settings = { - repository = { - "ENABLE_PUSH_CREATE_USER" = true; - "ENABLE_PUSH_CREATE_ORG" = true; - }; - }; - }; - _services.nginx = { - enable = true; - clientMaxBodySize = "100m"; # Allow big file transfers over git :^) - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts."git.pegasust.com" = { - # Gitea hostname - sslCertificate = "/var/lib/acme/git.pegasust.com/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/git.pegasust.com/key.pem"; - forceSSL = true; # Runs on port 80 and 443 - locations."/".proxyPass = "http://localhost:3000/"; # Proxy to Gitea - }; - }; - }; - }; - nixosConfigurations.lester = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./configuration.nix - ]; - specialArgs = { - hostname = "lester"; - _networking = { - firewall.enable = true; - useDHCP = false; - interfaces.eth0.useDHCP = true; - }; - _boot.loader.grub.enable = true; - _boot.loader.grub.version = 2; - _services.openssh = { - permitRootLogin = "no"; - enable = true; - }; - }; - }; - nixosConfigurations.homeless = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./configuration.nix - ]; - specialArgs = { - hostname = "homeless"; - _networking = { - firewall = { - enable = false; - allowedTCPPorts = [ 80 443 ]; - }; - useDHCP = false; - interfaces.eth0.useDHCP = true; + # interfaces.eth0.useDHCP = true; }; _boot.loader.grub.enable = true; _boot.loader.grub.version = 2; @@ -207,6 +140,7 @@ specialArgs = { hostname = "nyx"; _networking = { + enableIPv6 = false; interfaces.eth1.ipv4.addresses = [{ address = "71.0.0.2"; prefixLength = 24;