diff options
| author | Dylan <boss@tehbox.org> | 2025-09-19 11:08:56 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2025-09-19 11:08:56 +1200 |
| commit | 920ccb1300240961f7559d68e8f9b11a81eb90db (patch) | |
| tree | 8fc8adbe7925fddfff535837dd49af2e2f5fb925 | |
| parent | 12f53416b8591fd9ee9569b40796f355c83f3ce7 (diff) | |
| download | nixos-configuration-920ccb1300240961f7559d68e8f9b11a81eb90db.tar.gz nixos-configuration-920ccb1300240961f7559d68e8f9b11a81eb90db.zip | |
| -rw-r--r-- | computers/nixnode.nix | 23 | ||||
| -rw-r--r-- | computers/nixy.nix | 52 | ||||
| -rw-r--r-- | flake.nix | 13 | ||||
| -rw-r--r-- | modules/cgit.nix | 137 | ||||
| -rw-r--r-- | modules/default.nix | 6 | ||||
| -rw-r--r-- | modules/nix.nix | 52 | ||||
| -rw-r--r-- | modules/nvidia.nix | 32 | ||||
| -rw-r--r-- | modules/xorg.nix | 57 | ||||
| -rwxr-xr-x | server-rebuild.sh | 2 | ||||
| -rw-r--r-- | website/default.nix | 12 | ||||
| -rw-r--r-- | website/src/index.html | 4 | ||||
| -rw-r--r-- | website/src/other-page.html | 4 |
12 files changed, 303 insertions, 91 deletions
diff --git a/computers/nixnode.nix b/computers/nixnode.nix index baeadcb..40d99b1 100644 --- a/computers/nixnode.nix +++ b/computers/nixnode.nix @@ -7,11 +7,12 @@ { imports = [ # Include the results of the hardware scan. - ../modules/nix.nix inputs.STK.nixosModules.default inputs.sops.nixosModules.sops ]; + teh-nix.nix.enable = true; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; # boot.loader.grub.efiSupport = true; @@ -20,7 +21,7 @@ # Define on which hard drive you want to install Grub. # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only - networking.hostName = "nixos"; # Define your hostname. + networking.hostName = "nixnode"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. @@ -92,11 +93,18 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j }; }; - services.httpd = { + # services.nginx = { + # enable = true; + # virtualHosts."172.105.172.191" = { + # documentRoot = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; + # }; + # }; + + teh-nix.services.cgit = { enable = true; - virtualHosts."172.105.172.191" = { - documentRoot = "/srv/httpd"; - }; + authorizedKeys = config.users.users.boss.openssh.authorizedKeys.keys; + authorizedUsers = [ "boss" ]; + domain = "172.105.172.191"; }; services.openssh = { @@ -119,7 +127,7 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j users.users.boss = { isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; # Enable ‘sudo’ for the user. + extraGroups = [ "wheel" "networkmanager"]; # Enable ‘sudo’ for the user. home = "/home/boss"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; }; @@ -131,6 +139,7 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j mtr sysstat git + inputs.self.packages.x86_64-linux.teh-website ]; diff --git a/computers/nixy.nix b/computers/nixy.nix index fd79b47..50e4f22 100644 --- a/computers/nixy.nix +++ b/computers/nixy.nix @@ -6,12 +6,11 @@ { imports = [ - ../modules/nix.nix - ../modules/nvidia.nix - inputs.YATwm.nixosModules.default inputs.sops.nixosModules.sops #inputs.spicetify-nix.nixosModules.default ]; + + teh-nix.nix.enable = true; # Use the systemd-boot EFI boot loader. boot = { @@ -109,56 +108,23 @@ #useXkbConfig = true; # use xkbOptions in tty. }; - # Enable the X11 windowing system. - services.xserver = { - enable = true; - - desktopManager = { - xterm.enable = false; - #default = "none"; - }; - - deviceSection = '' - Option "DRI" "2" - Option "TearFree" "true" - ''; - - windowManager.i3 = { - enable = true; - package = pkgs.i3-gaps; - }; - - windowManager.YATwm = { - enable = true; - package = inputs.YATwm.packages.x86_64-linux.YATwm; - }; - }; - programs.i3lock.enable = true; + teh-nix.xorg = { + enable = true; + }; + programs.hyprland = { enable = true; #package = inputs.hyprland.packages.${pkgs.system}.hyprland; #portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; }; - services.displayManager = { - #defaultSession = "none+i3"; - sddm.enable = true; - #sddm.theme = "catppuccin-macchiato"; - # ly.enable = true; - }; - # services.xserver.displayManager = { - # lightdm.enable = true; - # }; - - # Configure keymap in X11 - services.xserver.xkb.layout = "us"; - services.xserver.xkb.options = "caps:super"; - security.pam.services.swaylock = {}; # Enable CUPS to print documents. services.printing.enable = true; - services.printing.drivers = [ pkgs.hplip ]; + services.printing.drivers = with pkgs;[ + hplip + ]; services.avahi = { enable = true; nssmdns4 = true; @@ -55,14 +55,15 @@ }; }; - outputs = inputs@{ nixpkgs, ... }: { + outputs = inputs@{self, nixpkgs, ... }: { nixosConfigurations = { nixy = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs;}; modules = [ - (import ./my-pkgs) - + ./my-pkgs + ./modules + ./hardware-setups/tuf.nix ./computers/nixy.nix @@ -78,14 +79,18 @@ inputs.stylix.nixosModules.stylix ]; }; - nixos = nixpkgs.lib.nixosSystem { + nixnode = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = {inherit inputs;}; modules = [ + ./modules ./hardware-setups/linode.nix ./computers/nixnode.nix ]; }; }; + + packages.x86_64-linux.teh-website = (nixpkgs.legacyPackages.x86_64-linux.callPackage ./website { }); }; + } diff --git a/modules/cgit.nix b/modules/cgit.nix new file mode 100644 index 0000000..1e62631 --- /dev/null +++ b/modules/cgit.nix @@ -0,0 +1,137 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.teh-nix.services.cgit; + cgitrc = pkgs.writeText "cgitrc" '' +css=/static/cgit.css +logo=/static/cgit.png +favicon=/static/favicon.ico +repository-sort=age + +root-title=${cfg.title} +root-desc=${cfg.description} + +enable-blame=1 +enable-commit-graph=1 +enable-log-filecount=1 +enable-log-linecount=1 +enable-index-links=1 + +snapshots=tar.gz zip +enable-http-clone=1 +clone-prefix=https://${cfg.domain} + +readme=:README +readme=:readme +readme=:readme.txt +readme=:README.txt +readme=:readme.md +readme=:README.md + +${cfg.extraConfig} + +about-filter=${cfg.package}/lib/cgit/filters/about-formatting.sh +source-filter=${cfg.package}/lib/cgit/filters/syntax-highlighting.py + +enable-git-config=1 +scan-path=${cfg.directory} +''; +in +{ + options.teh-nix.services.cgit = with lib;{ + enable = mkEnableOption "Enable cgit"; + user = mkOption { + type = types.str; + default = "cgit"; + description = "Username for the user that will run cgit"; + }; + authorizedKeys = lib.mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of ssh keys for the cgit user (cgit user should own all repos)"; + }; + authorizedUsers = lib.mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of users that should have access to the cgit directory"; + }; + directory = mkOption { + type = types.str; + default = "/srv/cgit/repos"; + description = "Directory for cgit (cgit user's home directory"; + }; + description = mkOption { + type = types.str; + default = "Cgit instance hosted with nixos"; + description = "Description of the cgit website"; + }; + title = mkOption { + type = types.str; + default = "Cgit + Nix"; + description = "Title of the cgit website"; + }; + domain = mkOption { + type = types.str; + default = "git.example.com"; + description = "Domain to host it on"; + }; + package = mkPackageOption pkgs "cgit" { }; + extraConfig = mkOption { + type = types.str; + default = ""; + description = "Extra config to be appended to cgitrc"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = [ pkgs.git cfg.package ]; + users = { + groups.${cfg.user} = { + members = cfg.authorizedUsers; + }; + users.${cfg.user} = { + createHome = true; + homeMode = "770"; + home = cfg.directory; + isSystemUser = true; + shell = "${pkgs.git}/bin/git-shell"; + openssh.authorizedKeys.keys = cfg.authorizedKeys; + group = cfg.user; + }; + }; + + + services.fcgiwrap.instances.cgit = { + socket = { + user = cfg.user; + group = "nginx"; + type = "unix"; + mode = "0660"; + }; + process = { + user = cfg.user; + group = cfg.user; + }; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts.${cfg.domain} = { + locations."~* ^/static/(.+.(ico|css|png))$" = { + extraConfig = '' +alias ${cfg.package}/cgit/$1; +''; + }; + locations."/" = { + extraConfig = '' +include ${pkgs.nginx}/conf/fastcgi_params; +fastcgi_param CGIT_CONFIG ${cgitrc}; +fastcgi_param SCRIPT_FILENAME ${cfg.package}/cgit/cgit.cgi; +fastcgi_split_path_info ^(/?)(.+)$; +fastcgi_param PATH_INFO $fastcgi_path_info; +fastcgi_param QUERY_STRING $args; +fastcgi_param HTTP_HOST $server_name; +fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; + ''; + }; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..c523ae9 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,6 @@ +{ lib, ... }: +{ + imports = lib.filter + (n: (lib.strings.hasSuffix ".nix" n) && !(lib.strings.hasSuffix "default.nix" n)) + (lib.filesystem.listFilesRecursive ./.); +} diff --git a/modules/nix.nix b/modules/nix.nix index 2c4ef83..de1281a 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,29 +1,35 @@ -{ inputs, ... }: +{ inputs, config, lib, ... }: { - nix.nixPath = [ "/etc/nix/path" ]; - nix.registry.nixpkgs.flake = inputs.nixpkgs; - environment.etc."nix/path/nixpkgs".source = inputs.nixpkgs; - - nix = { - settings = { - experimental-features = [ "nix-command" "flakes" ]; - auto-optimise-store = true; - - trusted-users = [ "boss" ]; + options.teh-nix.nix = with lib; { + enable = mkEnableOption "Use the TehNix nix settings"; + }; - substituters = [ - "https://cache.nixos.org" - ]; + config = lib.mkIf config.teh-nix.nix.enable { + nix.nixPath = [ "/etc/nix/path" ]; + nix.registry.nixpkgs.flake = inputs.nixpkgs; + environment.etc."nix/path/nixpkgs".source = inputs.nixpkgs; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + + trusted-users = [ "boss" ]; - # trusted-public-keys = [ - # "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - # ]; - }; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than +7"; + substituters = [ + "https://cache.nixos.org" + ]; + + # trusted-public-keys = [ + # "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + # ]; + }; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than +7"; + }; + optimise.automatic = true; }; - optimise.automatic = true; }; } diff --git a/modules/nvidia.nix b/modules/nvidia.nix index ba71df9..e8db8b7 100644 --- a/modules/nvidia.nix +++ b/modules/nvidia.nix @@ -1,4 +1,4 @@ -{ config, pkgs, inputs, ... }: +{ config, pkgs, lib, inputs, ... }: let nvidia-offload = pkgs.writeShellScriptBin "prime-run" '' export __NV_PRIME_RENDER_OFFLOAD=1 @@ -9,19 +9,25 @@ exec "$@" ''; in { - nixpkgs.config.allowUnfree = true; - hardware.graphics.enable = true; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.open = true; - hardware.nvidia.prime = { - offload.enable = true; - - nvidiaBusId = "PCI:1:0:0"; - intelBusId = "PCI:5:0:0"; + options.teh-nix.nvidia = with lib; { + enable = mkEnableOption "Enable nvidia"; }; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; - services.xserver.videoDrivers = [ "nvidia" ]; + config = lib.mkIf config.teh-nix.nvidia.enable { + nixpkgs.config.allowUnfree = true; + hardware.graphics.enable = true; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.open = true; + hardware.nvidia.prime = { + offload.enable = true; + + nvidiaBusId = "PCI:1:0:0"; + intelBusId = "PCI:5:0:0"; + }; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; - environment.systemPackages = [ nvidia-offload ]; + services.xserver.videoDrivers = [ "nvidia" ]; + + environment.systemPackages = [ nvidia-offload ]; + }; } diff --git a/modules/xorg.nix b/modules/xorg.nix new file mode 100644 index 0000000..dbf2a77 --- /dev/null +++ b/modules/xorg.nix @@ -0,0 +1,57 @@ +{ config, lib, pkgs, inputs, ... }: +{ + imports = [ + ./nvidia.nix + inputs.YATwm.nixosModules.YATwm + ]; + + options.teh-nix.xorg = with lib; { + enable = mkEnableOption "Enable xorg"; + nvidia = mkOption { + type = types.bool; + default = true; + description = "Enable nvidia with xorg"; + }; + }; + + config = lib.mkIf config.teh-nix.xorg.enable { + + teh-nix.nvidia.enable = lib.mkIf config.teh-nix.xorg.nvidia (lib.mkDefault true); + + services.xserver = { + enable = true; + + desktopManager = { + xterm.enable = false; + #default = "none"; + }; + + deviceSection = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; + + windowManager.i3 = { + enable = true; + package = pkgs.i3-gaps; + }; + + windowManager.YATwm = { + enable = true; + package = inputs.YATwm.packages.x86_64-linux.YATwm; + }; + }; + programs.i3lock.enable = true; + + services.displayManager = { + #defaultSession = "none+i3"; + sddm.enable = true; + #sddm.theme = "catppuccin-macchiato"; + # ly.enable = true; + }; + + + services.xserver.xkb.layout = "us"; + services.xserver.xkb.options = "caps:super"; + }; +} diff --git a/server-rebuild.sh b/server-rebuild.sh index 8bda048..976fe32 100755 --- a/server-rebuild.sh +++ b/server-rebuild.sh @@ -1,3 +1,3 @@ #!/usr/bin/env bash -nixos-rebuild switch --use-remote-sudo --target-host 172.105.172.191 --flake ".#nixos" -j $(nproc) +nixos-rebuild switch --use-remote-sudo --target-host 172.105.172.191 --flake ".#nixnode" -j $(nproc) diff --git a/website/default.nix b/website/default.nix new file mode 100644 index 0000000..1b78a77 --- /dev/null +++ b/website/default.nix @@ -0,0 +1,12 @@ +{ stdenv, ... }: +stdenv.mkDerivation { + pname = "TehWebsite"; + version = "0.0.1"; + + src = ./src; + + installPhase = '' +mkdir -p $out/srv/www +cp -r ./* $out/srv/www +''; +} diff --git a/website/src/index.html b/website/src/index.html new file mode 100644 index 0000000..a28d898 --- /dev/null +++ b/website/src/index.html @@ -0,0 +1,4 @@ +<!DOCTYPE html> +<h1>Test</h1> +<a href = "./other-page.html">Other page</a> +<p>This websit was built and uploaded and hosted on my server using nix!!!</p> diff --git a/website/src/other-page.html b/website/src/other-page.html new file mode 100644 index 0000000..cbd5c8b --- /dev/null +++ b/website/src/other-page.html @@ -0,0 +1,4 @@ +<!DOCTYPE html> +<h1>Other page</h1> +<a href = "./index.html">Home</a> +<p>Multipage test</p> |