From 11deac87c5939c6e1a40266b9a3b574b607cf7f4 Mon Sep 17 00:00:00 2001 From: randomuser Date: Sat, 8 Jul 2023 16:22:38 -0500 Subject: [PATCH] add suggested changes via NixOS discord --- configuration.nix | 16 ---- netbox.nix | 239 ++++++++++++++++++++++------------------------ virtbox.nix | 170 ++++++++++++++++----------------- 3 files changed, 198 insertions(+), 227 deletions(-) diff --git a/configuration.nix b/configuration.nix index fe6fb95..33d1955 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,16 +1,9 @@ { lib, config, pkgs, ... }: -let - hostname = "virtbox"; - isVirtbox = hostname == "virtbox"; - isNetbox = hostname == "netbox"; -in { imports = [ ./hardware-configuration.nix # include the results of the hardware scan - ./virtbox.nix - ./netbox.nix ]; networking.networkmanager.enable = true; @@ -35,13 +28,4 @@ in system.copySystemConfiguration = true; system.stateVersion = "23.05"; # don't change this, lol - - # branch and enable different capabilities based on the system - test = lib.mkIf isVirtbox { - services.virtbox.enable = true; - }; - - test_ = lib.mkIf isNetbox { - services.netbox.enable = true; - }; } diff --git a/netbox.nix b/netbox.nix index d124827..371490a 100644 --- a/netbox.nix +++ b/netbox.nix @@ -1,134 +1,127 @@ { lib, config, pkgs, ... }: -let - cfg = config.services.netbox; -in { - options.serviecs.netbox = { - enable = lib.mkEnableOption "netbox configs"; - }; - +{ imports = [ ./mail.nix + ./configuration.nix ]; - config = lib.mkIf cfg.enable { - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; - networking.hostName = "netbox"; + networking.hostName = "netbox"; - users.users.useracc = { - isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; - }; - - environment.systemPackages = with pkgs; [ - # nothing more needed, at the moment - ]; - - services.openssh = { - enable = true; - ports = [55555]; - }; - - networking.usePredictableInterfaceNames = false; - - services.nixosmail.enable = true; - - services.gitea = { - enable = true; - appName = "crappy code"; # Give the site a name - database = { - type = "postgres"; - passwordFile = "/etc/gittea-pass"; - }; - settings.server = { - DOMAIN = "git.beepboop.systems"; - ROOT_URL = "https://git.beepboop.systems/"; - HTTP_PORT = 3001; - }; - }; - - services.postgresql = { - enable = true; # Ensure postgresql is enabled - authentication = '' - local gitea all ident map=gitea-users - ''; - identMap = # Map the gitea user to postgresql - '' - gitea-users gitea gitea - ''; - }; - - services.nginx.enable = true; - services.nginx.clientMaxBodySize = "100m"; - - services.nginx.virtualHosts."beepboop.systems" = { - forceSSL = true; - enableACME = true; - root = "/var/www/beepboop.systems"; - }; - - services.nginx.virtualHosts."git.beepboop.systems" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3001"; - }; - - services.nginx.virtualHosts."paperless.beepboop.systems" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3004"; - }; - - services.nginx.virtualHosts."bitwarden.beepboop.systems" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8000"; - }; - }; - - services.nginx.virtualHosts."skillissue.agency" = { - forceSSL = true; - enableACME = true; - root = "/var/www/skillissue.agency"; - }; - - security.acme = { - acceptTerms = true; - email = "nickforanick@protonmail.com"; - }; - - services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "cube.beepboop.systems"; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - }; - - services.paperless = { - enable = true; - passwordFile = "/etc/paperless-password"; - port = 3004; - address = "localhost"; - extraConfig = { - PAPERLESS_URL = "https://paperless.beepboop.systems"; - }; - }; - - services.vaultwarden.enable = true; - - # Open ports in the firewall. - networking.firewall.enable = false; - networking.firewall.allowedTCPPorts = [ 55555 80 443 ]; + users.users.useracc = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; }; + + environment.systemPackages = with pkgs; [ + # nothing more needed, at the moment + ]; + + services.openssh = { + enable = true; + ports = [55555]; + }; + + networking.usePredictableInterfaceNames = false; + + services.nixosmail.enable = true; + + services.gitea = { + enable = true; + appName = "crappy code"; # Give the site a name + database = { + type = "postgres"; + passwordFile = "/etc/gittea-pass"; + }; + settings.server = { + DOMAIN = "git.beepboop.systems"; + ROOT_URL = "https://git.beepboop.systems/"; + HTTP_PORT = 3001; + }; + }; + + services.postgresql = { + enable = true; # Ensure postgresql is enabled + authentication = '' + local gitea all ident map=gitea-users + ''; + identMap = # Map the gitea user to postgresql + '' + gitea-users gitea gitea + ''; + }; + + services.nginx.enable = true; + services.nginx.clientMaxBodySize = "100m"; + + services.nginx.virtualHosts."beepboop.systems" = { + forceSSL = true; + enableACME = true; + root = "/var/www/beepboop.systems"; + }; + + services.nginx.virtualHosts."git.beepboop.systems" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3001"; + }; + + services.nginx.virtualHosts."paperless.beepboop.systems" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3004"; + }; + + services.nginx.virtualHosts."bitwarden.beepboop.systems" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + }; + }; + + services.nginx.virtualHosts."skillissue.agency" = { + forceSSL = true; + enableACME = true; + root = "/var/www/skillissue.agency"; + }; + + security.acme = { + acceptTerms = true; + email = "nickforanick@protonmail.com"; + }; + + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "cube.beepboop.systems"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + + services.paperless = { + enable = true; + passwordFile = "/etc/paperless-password"; + port = 3004; + address = "localhost"; + extraConfig = { + PAPERLESS_URL = "https://paperless.beepboop.systems"; + }; + }; + + services.vaultwarden.enable = true; + + # Open ports in the firewall. + networking.firewall.enable = false; + networking.firewall.allowedTCPPorts = [ 55555 80 443 ]; } diff --git a/virtbox.nix b/virtbox.nix index 613db3c..1ef6940 100644 --- a/virtbox.nix +++ b/virtbox.nix @@ -1,115 +1,109 @@ { lib, config, pkgs, ...}: let - cfg = config.services.virtbox; home-manager = builtins.fetchTarball { url = "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; sha256 = "0dfshsgj93ikfkcihf4c5z876h4dwjds998kvgv7sqbfv0z6a4bc"; }; in { - options.services.virtbox = { - enable = lib.mkEnableOption "virtbox configs"; - }; - imports = [ (import "${home-manager}/nixos") + ./configuration.nix ]; - config = lib.mkIf cfg.enable { - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; - networking.hostName = "virtbox"; + networking.hostName = "virtbox"; - services.xserver = { - enable = true; - libinput.enable = true; - layout = "us"; + services.xserver = { + enable = true; + libinput.enable = true; + layout = "us"; - # we're going to be pulling a sneaky - # we don't actually use startx, it just gets lightdm out of the way - displayManager.startx.enable = true; - }; + # we're going to be pulling a sneaky + # we don't actually use startx, it just gets lightdm out of the way + displayManager.startx.enable = true; + }; - sound.enable = true; - hardware.pulseaudio.enable = true; + sound.enable = true; + hardware.pulseaudio.enable = true; - environment.systemPackages = with pkgs; [ - sx + environment.systemPackages = with pkgs; [ + sx - (pkgs.callPackage ./builds/utils.nix {}) + (pkgs.callPackage ./builds/utils.nix {}) + ]; + + users.users.usr = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + firefox + tree + bspwm + sxhkd ]; - - users.users.usr = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - packages = with pkgs; [ - firefox - tree - bspwm - sxhkd - ]; - }; + }; - # honking impure, but who's counting anyway? - system.activationScripts.test-script.text = '' - #!${pkgs.bash}/bin/bash + # honking impure, but who's counting anyway? + system.activationScripts.test-script.text = '' + #!${pkgs.bash}/bin/bash - if [ "$(${pkgs.coreutils}/bin/whoami)" = "usr"]; then - ${pkgs.coreutils}/bin/mkdir -p /home/usr/git - ${pkgs.git}/bin/git https://git.beepboop.systems/rndusr/dot /home/usr/git/dot - fi - ''; + if [ "$(${pkgs.coreutils}/bin/whoami)" = "usr"]; then + ${pkgs.coreutils}/bin/mkdir -p /home/usr/git + ${pkgs.git}/bin/git https://git.beepboop.systems/rndusr/dot /home/usr/git/dot + fi + ''; - home-manager.users.usr.home = { - stateVersion = "23.05"; + home-manager.users.usr.home = { + stateVersion = "23.05"; - file = { - ".config/bash" = { - source = ./config/bash; - recursive = true; - }; - ".config/bspwm" = { - source = ./config/bspwm; - recursive = true; - }; - ".config/git" = { - source = ./config/git; - recursive = true; - }; - ".config/htop" = { - source = ./config/htop; - recursive = true; - }; - ".config/nvim" = { - source = ./config/nvim; - recursive = true; - }; - ".config/python" = { - source = ./config/python; - recursive = true; - }; - ".config/sx" = { - source = ./config/sx; - recursive = true; - }; - ".config/sxhkd" = { - source = ./config/sxhkd; - recursive = true; - }; - ".config/tridactyl" = { - source = ./config/tridactyl; - recursive = true; - }; - ".config/zathura" = { - source = ./config/zathura; - recursive = true; - }; - ".local/share/wallpapers" = { - source = ./wallpapers; - recursive = true; - }; + file = { + ".config/bash" = { + source = ./config/bash; + recursive = true; + }; + ".config/bspwm" = { + source = ./config/bspwm; + recursive = true; + }; + ".config/git" = { + source = ./config/git; + recursive = true; + }; + ".config/htop" = { + source = ./config/htop; + recursive = true; + }; + ".config/nvim" = { + source = ./config/nvim; + recursive = true; + }; + ".config/python" = { + source = ./config/python; + recursive = true; + }; + ".config/sx" = { + source = ./config/sx; + recursive = true; + }; + ".config/sxhkd" = { + source = ./config/sxhkd; + recursive = true; + }; + ".config/tridactyl" = { + source = ./config/tridactyl; + recursive = true; + }; + ".config/zathura" = { + source = ./config/zathura; + recursive = true; + }; + ".local/share/wallpapers" = { + source = ./wallpapers; + recursive = true; }; }; };