restructuring

2021-11-06 00:07:40 +01:00 · 2021-11-06 00:07:40 +01:00 · 59d427bfeb
commit 59d427bfeb
parent 160f829729
8 changed files with 128 additions and 134 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -1,130 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
  let
    unstable = import <nixos-unstable> {};
    sshPubkeys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch"
      ];
    mc1 = "192.168.0.167";
    common_mc1_route = {
      via = mc1;
      prefixLength = 24;
    };
  in
  {
    users.users = {
      root.openssh.authorizedKeys.keys = sshPubkeys;
      mc-fucker = {
        isNormalUser = true;
        openssh.authorizedKeys.keys = sshPubkeys;
        hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1";
        extraGroups = [ "wheel" ];
      };
    };
  nixpkgs.overlays = [
    (self: super: {
      gitea = unstable.gitea;
      htop = unstable.htop;
    })
  ];
  imports =
    [ ./hardware-configuration.nix ];
  time.timeZone = "Europe/Berlin";
  networking.useDHCP = false;
  i18n.defaultLocale = "en_GB.UTF-8";
  environment.systemPackages = with pkgs; [
    wget
    htop
    git
    screen
    rxvt-unicode
    (import ./vim.nix)
  ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  # programs.gnupg.agent = {
  #   enable = true;
  #   enableSSHSupport = true;
  # };
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;
  system.stateVersion = "21.05";
  networking = {
    nameservers = [ mc1 ];
    defaultGateway = "192.168.0.1";
    interfaces.ens192.ipv4 = {
      addresses = [ {
        address = "192.168.0.165";
        prefixLength = 24;
      } ];
      routes = [
          (common_mc1_route // { address = "192.168.1.0"; })
          (common_mc1_route // { address = "192.168.2.0"; })
          (common_mc1_route // { address = "192.168.3.0"; })
      ];
    };
  };
  zramSwap = {
    enable = true;
    memoryPercent = 250;
    algorithm = "lzo-rle";
  };
  programs = {
    zsh = import ./zsh.nix;
    atop = {
      enable = true;
    };
  };
  users.defaultUserShell = pkgs.zsh;
  security.sudo.wheelNeedsPassword = false;
  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
  };
  services = {
    openssh = {
      enable = true;
      passwordAuthentication = false;
    };
    zabbixAgent = {
      enable = true;
      openFirewall = true;
      server = mc1;
    };
    gitea = import ./gitea.nix;
  };
  virtualisation = {
    docker = {
      enable = true;
    };
  };
 }
 # vim: set et ts=2 sw=2 ai
--- a/modules/generic.nix
+++ b/modules/generic.nix
@ -0,0 +1,59 @@
 { pkgs, ... }:
 let
  sshPubkeys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+X4vceRi79FLwwyzFzxNvaQlolQFrpYn0N4bgdLLaI root@hardlyworking"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFyGaBZIZYjiBhOFD2drvG316B9NUVSbMpTIhOCQur8P arch"
  ];
 in
 {
  users.users = {
    root.openssh.authorizedKeys.keys = sshPubkeys;
    mc-fucker = {
      isNormalUser = true;
      openssh.authorizedKeys.keys = sshPubkeys;
      hashedPassword = "$6$VlNqS5D2uxmzs$AXEEg63iQ5bMQDtU9.Cy4cd/UfQCHk9QNo2RuQmucNz6Y4Z2l0qM5lvr6KFcEdJi6vO7mYd761LrVrQ8J7nPw1";
      extraGroups = [ "wheel" ];
    };
  };
  time.timeZone = "Europe/Berlin";
  i18n.defaultLocale = "en_GB.UTF-8";
  zramSwap = {
    enable = true;
    memoryPercent = 250;
    algorithm = "lzo-rle";
  };
  programs = {
    zsh = import ./zsh.nix;
    atop = {
      enable = true;
    };
  };
  users.defaultUserShell = pkgs.zsh;
  security.sudo.wheelNeedsPassword = false;
  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
  };
  services = {
    openssh = {
      enable = true;
      passwordAuthentication = false;
    };
  };
  environment.systemPackages = with pkgs; [
    wget
    htop
    git
    screen
    rxvt_unicode.terminfo
    (import ./vim.nix)
  ];
 }
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@ -9,7 +9,7 @@
    type = "postgres";
    port = 5432;
    name = "giteadb";
-    passwordFile = /run/keys/gitea-dbpassword;
+    passwordFile = /etc/nixos/keys/gitea-dbpassword;
  };
  settings = {
    service = {
--- a/modules/vim.nix
+++ b/modules/vim.nix
--- a/modules/vimrc
+++ b/modules/vimrc
--- a/modules/zsh.nix
+++ b/modules/zsh.nix
@ -9,12 +9,16 @@ with import <nixpkgs> {};
    export QUOTING_STYLE=literal
  '';
  promptInit = ""; # otherwise it'll override the grml prompt
-  syntaxHighlighting.enable = true;
+  syntaxHighlighting = {
    enable = true;
    highlighters = [ "main" "pattern" "brackets" ];
  };
  autosuggestions = {
    enable = true;
    highlightStyle = "fg=cyan";
  };
  shellAliases = {
    "s" = "systemctl";
    "ip" = "ip -c";
    "nt" = "nixos-rebuild test";
    "ns" = "nixos-rebuild switch";
--- a/systems/mc3/configuration.nix
+++ b/systems/mc3/configuration.nix
@ -0,0 +1,38 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, lib, ... }:
  let
    unstable = import <nixos-unstable> {};
    mc1 = "192.168.0.167";
  in
 {
    imports =
      [
        ./hardware-configuration.nix
        ./modules/generic.nix
      ];
  nixpkgs.overlays = [
    (self: super: {
      gitea = unstable.gitea;
      htop = unstable.htop;
    })
  ];
  networking.firewall.allowedTCPPorts = [ 3000 2222 ];
  services = {
    gitea = import ./modules/gitea.nix;
    zabbixAgent = {
      enable = true;
      openFirewall = true;
      server = mc1;
    };
  };
  system.stateVersion = "21.05";
 }
 # vim: set et ts=2 sw=2 ai
--- a/systems/mc3/hardware-configuration.nix
+++ b/systems/mc3/hardware-configuration.nix
@ -3,6 +3,13 @@
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 let
  mc1 = "192.168.0.167";
  common_mc1_route = {
    via = mc1;
    prefixLength = 24;
  };
 in
 {
  imports = [ ];
@ -22,6 +29,22 @@
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
-  networking.hostName = "mc3";
+  networking = {
-  networking.domain = "mc-fucker.cool";
+    hostName = "mc3";
    domain = "mc-fucker.cool";
    useDHCP = false;
    nameservers = [ mc1 ];
    defaultGateway = "192.168.0.1";
    interfaces.ens192.ipv4 = {
      addresses = [ {
        address = "192.168.0.165";
        prefixLength = 24;
      } ];
      routes = [
        (common_mc1_route // { address = "192.168.1.0"; })
        (common_mc1_route // { address = "192.168.2.0"; })
        (common_mc1_route // { address = "192.168.3.0"; })
      ];
    };
  };
 }