diff --git a/flake.nix b/flake.nix index 9ed0d41..39b555a 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ vscode-server.url = "github:nix-community/nixos-vscode-server"; agenix.url = "github:ryantm/agenix"; - zen-browser = { + zen-browser = { url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -21,75 +21,83 @@ }; }; - outputs = inputs@{ self, nixpkgs, lix-module, vscode-server, agenix, zen-browser, catppuccin, home-manager, ... }: { - nixosConfigurations = { - focalor = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs; system = "x86_64-linux"; }; - modules = [ - ./hosts/focalor - lix-module.nixosModules.default - - vscode-server.nixosModules.default - agenix.nixosModules.default - - ({ config, pkgs, ... }: { - services.vscode-server.enable = true; - services.vscode-server.nodejsPackage = pkgs.nodejs_20; - environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; - }) + outputs = + { self, ... }@inputs: + with inputs; + let + nixosModules = builtins.listToAttrs ( + map (module: { + name = module; + value = import (./modules + "/${module}"); + }) (builtins.attrNames (builtins.readDir ./modules)) + ); + in + { + nixosConfigurations = { + focalor = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + system = "x86_64-linux"; + }; + modules = [ + ./hosts/focalor + lix-module.nixosModules.default - catppuccin.nixosModules.catppuccin + vscode-server.nixosModules.default + agenix.nixosModules.default - home-manager.nixosModules.home-manager { - home-manager.useGlobalPkgs = true; - home-manager.backupFileExtension = "HMBackup"; - home-manager.users.regent.imports = [ - ./home/regent/home.nix - catppuccin.homeModules.catppuccin + catppuccin.nixosModules.catppuccin + + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.backupFileExtension = "HMBackup"; + home-manager.users.regent.imports = [ + ./home/regent/home.nix + catppuccin.homeModules.catppuccin + ]; + home-manager.extraSpecialArgs = { + inherit inputs; + system = "x86_64-linux"; + }; + } + ]; + }; + + valefar = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/valefar + lix-module.nixosModules.default + + vscode-server.nixosModules.default + agenix.nixosModules.default + + { imports = builtins.attrValues nixosModules; } + ]; + }; + + buer = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/buer + + agenix.nixosModules.default + ]; + }; + + # Easy to add more hosts + /* + server2 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/server2 + agenix.nixosModules.default + # different services for server2 ]; - home-manager.extraSpecialArgs = { inherit inputs; system = "x86_64-linux";}; - } - ]; + }; + */ }; - - valefar = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/valefar # imports configuration.nix automatically - lix-module.nixosModules.default - - # External modules - vscode-server.nixosModules.default - agenix.nixosModules.default - - # Global external module config - ({ config, pkgs, ... }: { - services.vscode-server.enable = true; - services.vscode-server.nodejsPackage = pkgs.nodejs_20; - environment.systemPackages = [ agenix.packages.x86_64-linux.default ]; - }) - ]; - }; - - buer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/buer - - agenix.nixosModules.default - ]; - }; - - # Easy to add more hosts - /*server2 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/server2 - agenix.nixosModules.default - # different services for server2 - ]; - };*/ }; - }; -} +} \ No newline at end of file diff --git a/hosts/buer/default.nix b/hosts/buer/default.nix index 024d645..c8b2c97 100644 --- a/hosts/buer/default.nix +++ b/hosts/buer/default.nix @@ -13,13 +13,15 @@ ../../modules/common/services.nix # Services specific to this host - ../../services/garage.nix #../../services/forgejo.nix # Common secrets ../../host-secrets.nix ]; + system.stateVersion = "24.11"; + modules.garage.enable = true; + # pin host platform & microcode nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix index 6f35523..e6a6ef4 100644 --- a/hosts/focalor/default.nix +++ b/hosts/focalor/default.nix @@ -20,13 +20,12 @@ # Nvidia ../../modules/common/nvidia.nix - # Services specific to this host - #../../services/xyz.nix - # Common secrets #../../host-secrets.nix ]; + system.stateVersion = "24.11"; + # pin host platform & microcode nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault @@ -62,6 +61,7 @@ environment.systemPackages = with pkgs; [ #lm_sensors code-server + agenix.packages.x86_64-linux.default ]; environment.sessionVariables.WLR_RENDERER = "vulkan"; diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix index d0595e2..d11e5ed 100644 --- a/hosts/valefar/default.nix +++ b/hosts/valefar/default.nix @@ -14,14 +14,16 @@ ../../modules/common/services.nix ../../modules/common/efi.nix - # Services specific to this host - ../../services/garage.nix - ../../services/forgejo.nix - # Common secrets ../../host-secrets.nix ]; + # Enable modules + modules.garage.enable = true; + modules.forgejo.enable = true; + + system.stateVersion = "24.11"; + # pin host platform & microcode nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.intel.updateMicrocode = lib.mkDefault @@ -83,9 +85,13 @@ services.zfs.autoScrub.enable = true; services.zfs.trim.enable = true; + services.vscode-server.enable = true; + services.vscode-server.nodejsPackage = pkgs.nodejs_20; + environment.systemPackages = with pkgs; [ lm_sensors code-server + agenix.packages.x86_64-linux.default ]; virtualisation.docker = { diff --git a/modules/caddy/caddy.nix b/modules/caddy/caddy.nix new file mode 100644 index 0000000..724fde2 --- /dev/null +++ b/modules/caddy/caddy.nix @@ -0,0 +1,14 @@ +{lib, pkgs, config, ...}: + +{ + + services.caddy = { + enable = true; + + virtualHosts = { + "s3.nekomimi.pet".extraConfig = '' + reverse_proxy http://127.0.0.1:3903 + '' + }; + }; +} \ No newline at end of file diff --git a/modules/common/system.nix b/modules/common/system.nix index 1d33591..269035d 100644 --- a/modules/common/system.nix +++ b/modules/common/system.nix @@ -11,7 +11,5 @@ time.timeZone = "America/New_York"; i18n.defaultLocale = "en_US.UTF-8"; - - system.stateVersion = "24.11"; } diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix new file mode 100644 index 0000000..7aab652 --- /dev/null +++ b/modules/forgejo/default.nix @@ -0,0 +1,49 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.forgejo; + sshPort = 2222; + httpPort = 5000; +in +{ + options = { + modules = { + forgejo = { + enable = mkEnableOption "Deploy forgejo"; + }; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = [ + sshPort + httpPort + ]; + + services.forgejo = { + enable = true; + database = { + type = "sqlite3"; + path = "/var/lib/forgejo/forgejo.db"; + }; + lfs.enable = true; + settings = { + server = { + domain = "git.nekomimi.pet"; + ROOT_URL = "https://git.nekomimi.pet"; + LANDING_PAGE = "explore"; + HTTP_PORT = 5000; + SSH_LISTEN_PORT = 2222; + SSH_PORT = 2222; + START_SSH_SERVER = true; + }; + # service.DISABLE_REGISTRATION = true; + actions = { + ENABLED = true; + DEFAULT_ACTIONS_URL = "github"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/garage/default.nix b/modules/garage/default.nix new file mode 100644 index 0000000..543bd16 --- /dev/null +++ b/modules/garage/default.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.garage; +in +{ + options = { + modules = { + garage = { + enable = mkEnableOption "Deploy garage"; + }; + }; + }; + + config = mkIf cfg.enable { + services.garage = { + enable = true; + package = pkgs.garage; + settings = { + metadata_dir = "/garage/metadata"; + data_dir = "/garage/data"; + db_engine = "lmdb"; + replication_mode = "2"; + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "${config.networking.hostName}:3901"; + rpc_secret_file = config.age.secrets."garage-rpc-secret".path; + s3_api = { + s3_region = config.networking.hostName; + api_bind_addr = "[::]:3900"; + root_domain = ".s3.nekomimi.pet"; + }; + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.nekomimi.pet"; + index = "index.html"; + }; + admin = { + api_bind_addr = "[::]:3903"; + admin_token_file = config.age.secrets."garage-admin-token".path; + metrics_token_file = config.age.secrets."garage-metrics-token".path; + }; + bootstrap_peers = [ + "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[2a04:52c0:135:48d1::2]:3901" # buer + "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[2601:5c2:8400:26c0:4ecc:6aff:fef7:98ca]:3901" #valefar + ]; + }; + }; + }; +} diff --git a/modules/github-runners/default.nix b/modules/github-runners/default.nix new file mode 100644 index 0000000..88eb643 --- /dev/null +++ b/modules/github-runners/default.nix @@ -0,0 +1,47 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.github-runners; + extraPackages = + let gtar = pkgs.runCommandNoCC "gtar" { } '' + mkdir -p $out/bin + ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar + ''; + in + with pkgs; [ + nix + nixci + cachix + coreutils + which + jq + gtar + docker + curl + ]; +in +{ + options = { + modules = { + github-runners = { + enable = mkEnableOption "Deploy github runners"; + }; + }; + }; + + config = mkIf cfg.enable { + services.github-runners = { + simplelink = { + enable = true; + name = "simplelink"; + url = "https://github.com/waveringana/simplelink"; + token = config.age.secrets."build-token".path; + user = "regent"; + group = "docker"; + extraPackages = extraPackages; + }; + }; + }; +} + diff --git a/services/forgejo.nix b/services/forgejo.nix deleted file mode 100644 index 09936e5..0000000 --- a/services/forgejo.nix +++ /dev/null @@ -1,32 +0,0 @@ -{lib, pkgs, config, ...}: - -let - cfg = config.services.forgejo; - srv = cfg.settings.server; -in -{ - services.forgejo = { - enable = true; - database = { - type = "sqlite3"; - path = "/var/lib/forgejo/forgejo.db"; - }; - lfs.enable = true; - settings = { - server = { - domain = "git.nekomimi.pet"; - ROOT_URL = "https://git.nekomimi.pet"; - LANDING_PAGE = "explore"; - HTTP_PORT = 5000; - SSH_LISTEN_PORT = 2222; - SSH_PORT = 2222; - START_SSH_SERVER = true; - }; - # service.DISABLE_REGISTRATION = true; - actions = { - ENABLED = true; - DEFAULT_ACTIONS_URL = "github"; - }; - }; - }; -} \ No newline at end of file diff --git a/services/garage.nix b/services/garage.nix deleted file mode 100644 index 355bae5..0000000 --- a/services/garage.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.garage = { - enable = true; - package = pkgs.garage; - settings = { - metadata_dir = "/garage/metadata"; - data_dir = "/garage/data"; - db_engine = "lmdb"; - replication_mode = "2"; - rpc_bind_addr = "[::]:3901"; - rpc_public_addr = "${config.networking.hostName}:3901"; - rpc_secret_file = config.age.secrets."garage-rpc-secret".path; - s3_api = { - s3_region = config.networking.hostName; - api_bind_addr = "[::]:3900"; - root_domain = ".s3.nekomimi.pet"; - }; - s3_web = { - bind_addr = "[::]:3902"; - root_domain = ".web.nekomimi.pet"; - index = "index.html"; - }; - admin = { - api_bind_addr = "[::]:3903"; - admin_token_file = config.age.secrets."garage-admin-token".path; - metrics_token_file = config.age.secrets."garage-metrics-token".path; - }; - bootstrap_peers = [ - "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[2a04:52c0:135:48d1::2]:3901" # buer - "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[2601:5c2:8400:26c0:4ecc:6aff:fef7:98ca]:3901" #valefar - ]; - }; - }; -} diff --git a/services/github-runners.nix b/services/github-runners.nix deleted file mode 100644 index 6e59b05..0000000 --- a/services/github-runners.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, pkgs, ... }: - -let extraPackages = - let gtar = pkgs.runCommandNoCC "gtar" { } '' - mkdir -p $out/bin - ln -s ${lib.getExe pkgs.gnutar} $out/bin/gtar - ''; - in - with pkgs; [ - nix - nixci - cachix - coreutils - which - jq - gtar - docker - curl - ]; - -in -{ - services.github-runners = { - simplelink = { - enable = true; - name = "simplelink"; - url = "https://github.com/waveringana/simplelink"; - token = config.age.secrets."build-token".path; - user = "regent"; - group = "docker"; - extraPackages = extraPackages; - }; - }; -} -