From ed2a33f3a66b2b45c50d3650dd314aa9ced1850b Mon Sep 17 00:00:00 2001 From: Amanda Graven Date: Wed, 29 Nov 2023 15:09:10 +0100 Subject: [PATCH] Disable minimal profile --- .EditorConfig | 4 + Makefile | 12 ++ config/common/configuration/documentation.nix | 12 ++ config/hosts/grondahl/configuration.nix | 1 + .../hosts/grondahl/hardware-configuration.nix | 2 +- config/hosts/rudiger/configuration.nix | 154 +++++++++--------- .../hosts/rudiger/hardware-configuration.nix | 2 +- config/hosts/rudiger/services/nextcloud.nix | 4 +- config/hosts/wind/configuration.nix | 1 + config/hosts/wind/hardware-configuration.nix | 2 +- config/sources/nix/sources.json | 24 +-- shell.nix | 7 + 12 files changed, 131 insertions(+), 94 deletions(-) create mode 100644 .EditorConfig create mode 100644 Makefile create mode 100644 config/common/configuration/documentation.nix create mode 100644 shell.nix diff --git a/.EditorConfig b/.EditorConfig new file mode 100644 index 0000000..24f2e16 --- /dev/null +++ b/.EditorConfig @@ -0,0 +1,4 @@ +root = true + +[*.nix] +indent_style = "tab" diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..af79aff --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +all: result + +.PHONY: update result deploy + +result: + nix build -f deploy/default.nix + +update: + cd config/sources && niv update + +deploy: + ./result diff --git a/config/common/configuration/documentation.nix b/config/common/configuration/documentation.nix new file mode 100644 index 0000000..bc47744 --- /dev/null +++ b/config/common/configuration/documentation.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + # Some docs fail to build, so we need to disable some of it + documentation = { + enable = true; + man.enable = true; + doc.enable = true; + dev.enable = false; + nixos.enable = false; + }; +} diff --git a/config/hosts/grondahl/configuration.nix b/config/hosts/grondahl/configuration.nix index a79f9c8..a7ac181 100644 --- a/config/hosts/grondahl/configuration.nix +++ b/config/hosts/grondahl/configuration.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix ./data/secrets/secrets.nix ../../common/configuration/nix.nix + ../../common/configuration/documentation.nix ../../common/services/ssh.nix ../../common/services/tailscale.nix ../../common/users.nix diff --git a/config/hosts/grondahl/hardware-configuration.nix b/config/hosts/grondahl/hardware-configuration.nix index 1460245..47e53af 100644 --- a/config/hosts/grondahl/hardware-configuration.nix +++ b/config/hosts/grondahl/hardware-configuration.nix @@ -2,7 +2,7 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/profiles/minimal.nix") + #(modulesPath + "/profiles/minimal.nix") ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; diff --git a/config/hosts/rudiger/configuration.nix b/config/hosts/rudiger/configuration.nix index 212a48c..632a8fe 100644 --- a/config/hosts/rudiger/configuration.nix +++ b/config/hosts/rudiger/configuration.nix @@ -1,92 +1,92 @@ { config, pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - ./data/secrets/secrets.nix - ../../common/configuration/nix.nix - ../../common/services/ssh.nix - ../../common/services/tailscale.nix - ../../common/users.nix - ./services/acme.nix - ./services/nextcloud.nix - ./services/nginx.nix - ./services/postgres.nix - ./services/redis.nix - ./services/restic.nix - ]; + imports = [ + ./hardware-configuration.nix + ./data/secrets/secrets.nix + ../../common/configuration/nix.nix + ../../common/configuration/documentation.nix + ../../common/services/ssh.nix + ../../common/services/tailscale.nix + ../../common/users.nix + ./services/acme.nix + ./services/nextcloud.nix + ./services/nginx.nix + ./services/postgres.nix + ./services/redis.nix + ./services/restic.nix + ]; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - boot.supportedFilesystems = ["zfs"]; - services.zfs.autoSnapshot.enable = false; - services.zfs.autoScrub.enable = true; + boot.supportedFilesystems = ["zfs"]; + services.zfs.autoSnapshot.enable = false; + services.zfs.autoScrub.enable = true; - time.timeZone = "Europe/Copenhagen"; + time.timeZone = "Europe/Copenhagen"; - networking = { - hostName = "rudiger"; - hostId = "8c7b66a4"; - useDHCP = false; - tempAddresses = "disabled"; - interfaces = { - "ens3" = { - ipv4.addresses = [ { - address = "202.61.202.170"; - prefixLength = 22; - } ]; - ipv6.addresses = [ { - address = "2a03:4000:5a:c61::1"; - prefixLength = 64; - } ]; - }; - }; - defaultGateway = "202.61.200.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "ens3"; - }; - nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; - }; + networking = { + hostName = "rudiger"; + hostId = "8c7b66a4"; + useDHCP = false; + tempAddresses = "disabled"; + interfaces = { + "ens3" = { + ipv4.addresses = [ { + address = "202.61.202.170"; + prefixLength = 22; + } ]; + ipv6.addresses = [ { + address = "2a03:4000:5a:c61::1"; + prefixLength = 64; + } ]; + }; + }; + defaultGateway = "202.61.200.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + nameservers = [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + }; - nix.settings = { - auto-optimise-store = true; - trusted-users = [ - "root" - "@wheel" - ]; - }; + nix.settings = { + auto-optimise-store = true; + trusted-users = [ + "root" + "@wheel" + ]; + }; - environment.systemPackages = with pkgs; [ - vim - wget - htop - iotop - dig - tailscale - ]; - security.sudo.wheelNeedsPassword = false; + environment.systemPackages = with pkgs; [ + vim + wget + htop + iotop + dig + tailscale + ]; + security.sudo.wheelNeedsPassword = false; - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" "redis.service" ]; - after = [ "postgresql.service" "redis.service" ]; - }; + systemd.services."nextcloud-setup" = { + requires = [ "postgresql.service" "redis.service" ]; + after = [ "postgresql.service" "redis.service" ]; + }; - users.groups.redis.members = [ "nextcloud" ]; - users.groups.backup.members = [ "nextcloud" "postgres" ]; + users.groups.redis.members = [ "nextcloud" ]; + users.groups.backup.members = [ "nextcloud" "postgres" ]; - networking.firewall = { - allowedTCPPorts = [ 22 80 443 ]; - allowedUDPPorts = [ config.services.tailscale.port ]; - trustedInterfaces = [ "tailscale0" ]; - enable = true; - checkReversePath = "loose"; - }; - # networking.firewall.allowedUDPPorts = [ ... ]; - system.stateVersion = "21.05"; + networking.firewall = { + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ config.services.tailscale.port ]; + trustedInterfaces = [ "tailscale0" ]; + enable = true; + checkReversePath = "loose"; + }; + # networking.firewall.allowedUDPPorts = [ ... ]; + system.stateVersion = "21.05"; } diff --git a/config/hosts/rudiger/hardware-configuration.nix b/config/hosts/rudiger/hardware-configuration.nix index 1e82882..283b86a 100644 --- a/config/hosts/rudiger/hardware-configuration.nix +++ b/config/hosts/rudiger/hardware-configuration.nix @@ -3,7 +3,7 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/profiles/minimal.nix") + #(modulesPath + "/profiles/minimal.nix") ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; diff --git a/config/hosts/rudiger/services/nextcloud.nix b/config/hosts/rudiger/services/nextcloud.nix index 8c2a635..f2c442f 100644 --- a/config/hosts/rudiger/services/nextcloud.nix +++ b/config/hosts/rudiger/services/nextcloud.nix @@ -2,7 +2,7 @@ { services.nextcloud = { enable = true; -# Disables server-side file encryption for stronger SSL + # Disable server-side file encryption for stronger SSL enableBrokenCiphersForSSE = false; hostName = "cloud.graven.dev"; https = true; @@ -15,7 +15,7 @@ dbtype = "pgsql"; dbuser = "nextcloud"; dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself - dbname = "nextcloud"; + dbname = "nextcloud"; defaultPhoneRegion = "DK"; adminpassFile = builtins.toString config.secrets.files.nc_admin_pass.file; adminuser = "root"; diff --git a/config/hosts/wind/configuration.nix b/config/hosts/wind/configuration.nix index bbc8dea..fc12055 100644 --- a/config/hosts/wind/configuration.nix +++ b/config/hosts/wind/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix ../../common/configuration/nix.nix + ../../common/configuration/documentation.nix ../../common/services/ssh.nix ../../common/services/tailscale.nix ../../common/users.nix diff --git a/config/hosts/wind/hardware-configuration.nix b/config/hosts/wind/hardware-configuration.nix index 50c7560..ee338a2 100644 --- a/config/hosts/wind/hardware-configuration.nix +++ b/config/hosts/wind/hardware-configuration.nix @@ -6,7 +6,7 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/profiles/minimal.nix") + #(modulesPath + "/profiles/minimal.nix") #(modulesPath + "/profiles/hardened.nix") ]; diff --git a/config/sources/nix/sources.json b/config/sources/nix/sources.json index ff4d63c..6b04181 100644 --- a/config/sources/nix/sources.json +++ b/config/sources/nix/sources.json @@ -5,10 +5,10 @@ "homepage": "https://github.com/nmattia/niv", "owner": "nmattia", "repo": "niv", - "rev": "723f0eeb969a730db3c30f977c2b66b9dce9fe4a", - "sha256": "0016l7230gd2kdh0g2w573r9a2krqb7x4ifcjhhsn4h1bwap7qr0", + "rev": "7b76374b2b44152bfbf41fcb60162c2ce9182e7a", + "sha256": "1ql11hzgxdahj9x0b20b70izcmayb22rinrg82kgp5z19bvpsgrp", "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/723f0eeb969a730db3c30f977c2b66b9dce9fe4a.tar.gz", + "url": "https://github.com/nmattia/niv/archive/7b76374b2b44152bfbf41fcb60162c2ce9182e7a.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixos-hardware": { @@ -17,10 +17,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "72d53d51704295f1645d20384cd13aecc182f624", - "sha256": "0amvmkxp2x3sf1ya066wrsjn57q8vdhqi6fbsmyyvz04fpmq2m75", + "rev": "8772491ed75f150f02552c60694e1beff9f46013", + "sha256": "07m3i4g10ka2klmqfpqfxjfsnidk3cw53andqr33lxhy7rrvf6x2", "type": "tarball", - "url": "https://github.com/NixOS/nixos-hardware/archive/72d53d51704295f1645d20384cd13aecc182f624.tar.gz", + "url": "https://github.com/NixOS/nixos-hardware/archive/8772491ed75f150f02552c60694e1beff9f46013.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { @@ -29,10 +29,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "679cadfdfed2b90311a247b2d6ef6dfd3d6cab73", - "sha256": "05iybhlry8sg6qdgf7qx1d8rvq43ph32qgpar53g8yja300x0swz", + "rev": "5b528f99f73c4fad127118a8c1126b5e003b01a9", + "sha256": "0pchhv9rrki70j0rrpj8pgj29cl7a595s6msh05ah5naasn3n17i", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/679cadfdfed2b90311a247b2d6ef6dfd3d6cab73.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/5b528f99f73c4fad127118a8c1126b5e003b01a9.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixus": { @@ -41,10 +41,10 @@ "homepage": "", "owner": "Infinisil", "repo": "nixus", - "rev": "b54dc6b332d4f26df1bed34c18ccec3d41e1ac40", - "sha256": "120ip3549sm1z79p7fvm0kv6gn0v7yb6nr530q25xdz537gq3a3p", + "rev": "3d829c74b3dff74f211ef21d64def233532e9e5d", + "sha256": "1vwg567jafcwaikkbdgckyirhnb0hd7r8x25j5wsb5a5563bpi65", "type": "tarball", - "url": "https://github.com/Infinisil/nixus/archive/b54dc6b332d4f26df1bed34c18ccec3d41e1ac40.tar.gz", + "url": "https://github.com/Infinisil/nixus/archive/3d829c74b3dff74f211ef21d64def233532e9e5d.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..d11b0d4 --- /dev/null +++ b/shell.nix @@ -0,0 +1,7 @@ +{ pkgs ? import {} }: + +pkgs.mkShell { + packages = with pkgs; [ + niv + ]; +}