🚚 (hydrogen) move around a lot of code

This commit is contained in:
Laureηt 2023-06-19 21:08:25 +02:00
parent c66cbd96b4
commit 7c64621be1
Signed by: Laurent
SSH key fingerprint: SHA256:kZEpW8cMJ54PDeCvOhzreNr4FSh6R13CMGH/POoO8DI
10 changed files with 72 additions and 59 deletions

View file

@ -1,72 +1,17 @@
{ modulesPath, pkgs, lib, ... }: { { modulesPath, lib, ... }: {
imports = imports =
lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix") (modulesPath + "/virtualisation/digital-ocean-config.nix")
./services ./services
./system
]; ];
networking = {
hostName = "hydrogen";
domain = "fainsin.bzh";
firewall = {
allowedTCPPorts = [
22 # ssh
80 # http
443 # https
];
};
};
services.fail2ban = {
enable = true;
maxretry = 5;
};
users.mutableUsers = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu"
];
environment.systemPackages = with pkgs; [ htop ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"fainsin.bzh" = {
enableACME = true;
forceSSL = true;
locations."/".return =
''301 "$scheme://laurent.fainsin.bzh$request_uri"'';
};
"laurent.fainsin.bzh" = {
enableACME = true;
forceSSL = true;
root = "/srv/www/";
};
default = {
default = true;
locations."/".return = ''301 "$scheme://fainsin.bzh" '';
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "acme@fainsin.bzh";
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
} }

View file

@ -0,0 +1,6 @@
{ ... }: {
security.acme = {
acceptTerms = true;
defaults.email = "acme@fainsin.bzh";
};
}

View file

@ -1 +1,3 @@
{ imports = [ ./atuin ./blocky ./gitea ./wireguard ]; } { ... }: {
imports = [ ./acme ./atuin ./blocky ./fail2ban ./gitea ./nginx ./wireguard ];
}

View file

@ -0,0 +1,6 @@
{ ... }: {
services.fail2ban = {
enable = true;
maxretry = 5;
};
}

View file

@ -0,0 +1,12 @@
{ ... }: {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
imports = [ ./personal-websites.nix ];
}

View file

@ -0,0 +1,21 @@
{ ... }: {
services.nginx.virtualHosts = {
"fainsin.bzh" = {
enableACME = true;
forceSSL = true;
locations."/".return =
''301 "$scheme://laurent.fainsin.bzh$request_uri"'';
};
"laurent.fainsin.bzh" = {
enableACME = true;
forceSSL = true;
root = "/srv/www/";
};
default = {
default = true;
locations."/".return = ''301 "$scheme://fainsin.bzh" '';
};
};
}

View file

@ -0,0 +1 @@
{ ... }: { imports = [ ./networking ./packages ./users ]; }

View file

@ -0,0 +1,13 @@
{ ... }: {
networking = {
hostName = "hydrogen";
domain = "fainsin.bzh";
firewall = {
allowedTCPPorts = [
22 # ssh
80 # http
443 # https
];
};
};
}

View file

@ -0,0 +1 @@
{ pkgs, ... }: { environment.systemPackages = with pkgs; [ htop ]; }

View file

@ -0,0 +1,6 @@
{ ... }: {
users.mutableUsers = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu"
];
}