♻️ consolidate nix configs

2024-09-02 10:47:02 -04:00
parent 49884d40e5
commit 06ddc96680
49 changed files with 26 additions and 26 deletions
--- a/nix/hosts/socrates/configuration.nix
+++ b/nix/hosts/socrates/configuration.nix
@ -0,0 +1,66 @@
+{ pkgs, ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix # generated at runtime by nixos-infect
+    ../../users
+    ../../modules/base/nixos.nix
+
+    ../../modules/akkoma
+    ../../modules/akkoma/nginx.nix
+    ../../modules/coredns
+    ../../modules/code-server/nginx.nix
+    ../../modules/drone/nginx.nix
+    ../../modules/gitea/nginx.nix
+    ../../modules/home-assistant/nginx.nix
+    ../../modules/ipfs/gateway.nix
+    ../../modules/matrix/nginx.nix
+    ../../modules/minecraft/proxy.nix
+    ../../modules/sops
+  ];
+
+  boot.tmp.cleanOnBoot = true;
+
+  # Set your time zone.
+  time.timeZone = "America/Toronto";
+
+  networking = {
+    hostName = "socrates";
+    firewall = {
+      allowPing = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+      checkReversePath = "loose";
+    };
+  };
+
+  nix = {
+    settings.trusted-users = [ "@wheel" "root" ];
+  };
+
+  security = {
+    sudo.wheelNeedsPassword = false;
+    acme.acceptTerms = true;
+    acme.defaults.email = "walkah@walkah.net";
+  };
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net"
+  ];
+
+  environment.systemPackages = with pkgs; [ ipfs-migrator ];
+
+  walkah.coredns = {
+    enable = true;
+    addr = "100.103.57.96";
+  };
+
+  services = {
+    nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+}
--- a/nix/hosts/socrates/hardware-configuration.nix
+++ b/nix/hosts/socrates/hardware-configuration.nix
@ -0,0 +1,6 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
+}
--- a/nix/hosts/socrates/networking.nix
+++ b/nix/hosts/socrates/networking.nix
@ -0,0 +1,47 @@
+{ lib, ... }: {
+  # This file was populated at runtime with the networking
+  # details gathered from the active system.
+  networking = {
+    defaultGateway = "167.99.176.1";
+    defaultGateway6 = "2604:a880:cad:d0::1";
+    dhcpcd.enable = false;
+    usePredictableInterfaceNames = lib.mkForce true;
+    interfaces = {
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "167.99.176.10";
+            prefixLength = 20;
+          }
+          {
+            address = "10.20.0.5";
+            prefixLength = 16;
+          }
+        ];
+        ipv6.addresses = [
+          {
+            address = "2604:a880:cad:d0::cda:5001";
+            prefixLength = 64;
+          }
+          {
+            address = "fe80::b885:79ff:fe71:134e";
+            prefixLength = 64;
+          }
+        ];
+        ipv4.routes = [{
+          address = "167.99.176.1";
+          prefixLength = 32;
+        }];
+        ipv6.routes = [{
+          address = "2604:a880:cad:d0::1";
+          prefixLength = 32;
+        }];
+      };
+
+    };
+  };
+  services.udev.extraRules = ''
+    ATTR{address}=="ba:85:79:71:13:4e", NAME="eth0"
+    ATTR{address}=="3e:02:2b:ed:5d:22", NAME="eth1"
+  '';
+}