From 381e229fb9765d2d105a3e60db037606d21e1ce7 Mon Sep 17 00:00:00 2001 From: rndusr Date: Thu, 18 Jan 2024 04:28:32 -0600 Subject: [PATCH] changes --- boxes/{netbox.nix => netbox/default.nix} | 108 +++++++++------- boxes/netbox/hardware-configuration.nix | 37 ++++++ flake.lock | 155 +++++++++++++++++++++-- flake.nix | 30 ++++- 4 files changed, 275 insertions(+), 55 deletions(-) rename boxes/{netbox.nix => netbox/default.nix} (78%) create mode 100644 boxes/netbox/hardware-configuration.nix diff --git a/boxes/netbox.nix b/boxes/netbox/default.nix similarity index 78% rename from boxes/netbox.nix rename to boxes/netbox/default.nix index 3e9ed0b..0171032 100644 --- a/boxes/netbox.nix +++ b/boxes/netbox/default.nix @@ -3,15 +3,64 @@ { imports = [ - ../modules/mail.nix - ../common/main.nix + ./hardware-configuration.nix + ../../modules/bootstrap.nix ]; + networking.networkmanager.enable = true; + + time.timeZone = "America/Chicago"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + environment.systemPackages = with pkgs; [ + curl + htop + git + tree + dig + htop + gnumake + ]; + + system.copySystemConfiguration = true; + system.stateVersion = "23.05"; # don't change this, lol boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; +# services.cgit = { +# "beepboop.systems" = { +# extraConfig = '' +# root-desc="testing" +# +# section=main +# repo.url=dot_testing +# repo.path=/var/lib/git/dot_testing +# repo.desc=configuration for NixOS/Linux systems +# repo.owner=rndusr +# +# readme=:README.md +# ''; +# enable = true; +# }; +# }; + networking.hostName = "netbox"; + services.radicale = { + enable = true; + config = '' + [auth] + type = htpasswd + htpasswd_filename = radicale-passwd + htpasswd_encryption = plain + ''; + }; + services.rss2email = { enable = true; to = "ryan@beepboop.systems"; @@ -81,15 +130,6 @@ extraGroups = [ "wheel" "docker" ]; }; - users.users.paperlesspassthrough = { - isNormalUser = true; - }; - - environment.systemPackages = with pkgs; [ - neovim - # nothing more needed, at the moment - ]; - services.openssh = { enable = true; ports = [55555]; @@ -100,13 +140,11 @@ services.vaultwarden.enable = true; services.vaultwarden.config = { DOMAIN = "https://bitwarden.beepboop.systems"; - SIGNUPS_ALLOWED = false; +# SIGNUPS_ALLOWED = false; }; networking.usePredictableInterfaceNames = false; - services.nixosmail.enable = true; - services.gitea = { enable = true; appName = "crappy code"; # Give the site a name @@ -147,12 +185,6 @@ locations."/".proxyPass = "http://localhost:3001"; }; - services.nginx.virtualHosts."paperless.beepboop.systems" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://localhost:3004"; - }; - services.nginx.virtualHosts."bit.beepboop.systems" = { forceSSL = true; enableACME = true; @@ -203,19 +235,19 @@ email = "nickforanick@protonmail.com"; }; - services.roundcube = { - enable = true; - # this is the url of the vhost, not necessarily the same as the fqdn of - # the mailserver - hostName = "cube.beepboop.systems"; - extraConfig = '' - # starttls needed for authentication, so the fqdn required to match - # the certificate - $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; - $config['smtp_user'] = "%u"; - $config['smtp_pass'] = "%p"; - ''; - }; +# services.roundcube = { +# enable = true; +# # this is the url of the vhost, not necessarily the same as the fqdn of +# # the mailserver +# hostName = "cube.beepboop.systems"; +# extraConfig = '' +# # starttls needed for authentication, so the fqdn required to match +# # the certificate +# $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; +# $config['smtp_user'] = "%u"; +# $config['smtp_pass'] = "%p"; +# ''; +# }; services.nginx.virtualHosts."roundcube.beepboop.systems" = { forceSSL = true; @@ -233,14 +265,4 @@ enable = true; allowedTCPPorts = [ 5232 55555 22 80 443 ]; }; - -# services.paperless = { -# enable = true; -# passwordFile = "/etc/paperless-password"; -# port = 3004; -# address = "localhost"; -# extraConfig = { -# PAPERLESS_URL = "https://paperless.beepboop.systems"; -# }; -# }; } diff --git a/boxes/netbox/hardware-configuration.nix b/boxes/netbox/hardware-configuration.nix new file mode 100644 index 0000000..89e88a0 --- /dev/null +++ b/boxes/netbox/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a57b82ca-7bfd-458e-b3e8-4962511cc0b8"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DF39-1ECE"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/57fbd850-1ced-4e21-9e52-4f3b529c61b0"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + virtualisation.hypervGuest.enable = true; +} diff --git a/flake.lock b/flake.lock index b9bdb8e..d682452 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "firefox-addons": { "inputs": { "flake-utils": "flake-utils", @@ -9,11 +25,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1703265473, - "narHash": "sha256-K1HYRKlLAjroFfT+DDEmCfuyT7X7+MC5ggJVfBOfB20=", + "lastModified": 1705534402, + "narHash": "sha256-mOWT45HLd8dm8FJNmrgngotE5NRJ+2arz65m1Kk0LBA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "df0c32112abbf265303f615ea8055aa28480d350", + "rev": "6a928ce99e4ccb09e59c1f58052bd65027249c8a", "type": "gitlab" }, "original": { @@ -23,6 +39,22 @@ "type": "gitlab" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1668681692, + "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1629284811, @@ -45,11 +77,11 @@ ] }, "locked": { - "lastModified": 1702814678, - "narHash": "sha256-zDtO0jV2QLoddUJinLlTQrQqCUW3dPiIWOSYgg98T7E=", + "lastModified": 1705476964, + "narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1488651d02c1a7a15e284210f0d380a62d8d8cef", + "rev": "85c3b600f660abd86e94cbcd1c46733943197a07", "type": "github" }, "original": { @@ -61,11 +93,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1702921762, - "narHash": "sha256-O/rP7gulApQAB47u6szEd8Pn8Biw0d84j5iuP2tcxzY=", + "lastModified": 1705331948, + "narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d02ffbbe834b5599fc5f134e644e49397eb07188", + "rev": "b8dd8be3c790215716e7c12b247f45ca525867e2", "type": "github" }, "original": { @@ -75,14 +107,100 @@ "type": "github" } }, + "nixpkgs-22_11": { + "locked": { + "lastModified": 1669558522, + "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-22.11", + "type": "indirect" + } + }, + "nixpkgs-23_05": { + "locked": { + "lastModified": 1684782344, + "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.05", + "type": "indirect" + } + }, + "nixpkgs-23_11": { + "locked": { + "lastModified": 1701539137, + "narHash": "sha256-nVO/5QYpf1GwjvtpXhyxx5M3U/WN0MwBro4Lsk+9mL0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "933d7dc155096e7575d207be6fb7792bc9f34f6d", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1670751203, + "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "root": { "inputs": { "firefox-addons": "firefox-addons", "home-manager": "home-manager", "nixpkgs": "nixpkgs", + "simple-nixos-mailserver": "simple-nixos-mailserver", "utilpkg": "utilpkg" } }, + "simple-nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_2", + "nixpkgs-22_11": "nixpkgs-22_11", + "nixpkgs-23_05": "nixpkgs-23_05", + "nixpkgs-23_11": "nixpkgs-23_11", + "utils": "utils" + }, + "locked": { + "lastModified": 1703023684, + "narHash": "sha256-XQU4OaacV0F2tf9cNAvIMqlC0HBIrAtvb0MLjIHt+7M=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "4bfb8eb058f098302c97b909df2d019926e11220", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "ref": "nixos-23.11", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "utilpkg": { "inputs": { "nixpkgs": [ @@ -92,13 +210,28 @@ "locked": { "lastModified": 1, "narHash": "sha256-qcQP65622JfSlKPDPCuTCMbzCWOvKBOA3OOO426ce8I=", - "path": "/nix/store/rpjslsjwr8a8ykn3ncr91yigf9nsjcac-source/builds", + "path": "/nix/store/sjdqmgspwa9pkfkric4bb97vhzzib4sz-source/builds", "type": "path" }, "original": { - "path": "/nix/store/rpjslsjwr8a8ykn3ncr91yigf9nsjcac-source/builds", + "path": "/nix/store/sjdqmgspwa9pkfkric4bb97vhzzib4sz-source/builds", "type": "path" } + }, + "utils": { + "locked": { + "lastModified": 1605370193, + "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index aca8ed7..1b47c80 100644 --- a/flake.nix +++ b/flake.nix @@ -15,10 +15,38 @@ url = "./builds"; inputs.nixpkgs.follows = "nixpkgs"; }; + simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11"; }; - outputs = { self, nixpkgs, home-manager, firefox-addons, utilpkg, ... }@inputs: { + outputs = { self, nixpkgs, home-manager, firefox-addons, simple-nixos-mailserver, utilpkg, ... }@inputs: { nixosConfigurations = { + netbox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./boxes/netbox + simple-nixos-mailserver.nixosModule + { + mailserver = { + enable = true; + fqdn = "mail.beepboop.systems"; + domains = [ "beepboop.systems" ]; + loginAccounts = { + "ryan@beepboop.systems" = { + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' > /hashed/password/file/location + hashedPasswordFile = "/etc/ryan-beepboop-systemsuser-pass"; + + aliases = [ + "info@beepboop.systems" + "postmaster@beepboop.systems" + ]; + }; + }; + certificateScheme = "acme-nginx"; + }; + } + ]; + }; virtbox = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; };