diff --git a/flake.lock b/flake.lock index 4e213d3..8ef1b60 100644 --- a/flake.lock +++ b/flake.lock @@ -1,6 +1,301 @@ { "nodes": { + "alejandra": { + "inputs": { + "fenix": "fenix", + "flakeCompat": "flakeCompat", + "nixpkgs": [ + "webcord", + "dream2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1658427149, + "narHash": "sha256-ToD/1z/q5VHsLMrS2h96vjJoLho59eNRtknOUd19ey8=", + "owner": "kamadorueda", + "repo": "alejandra", + "rev": "f5a22afd2adfb249b4e68e0b33aa1f0fb73fb1be", + "type": "github" + }, + "original": { + "owner": "kamadorueda", + "repo": "alejandra", + "type": "github" + } + }, + "all-cabal-json": { + "flake": false, + "locked": { + "lastModified": 1665552503, + "narHash": "sha256-r14RmRSwzv5c+bWKUDaze6pXM7nOsiz1H8nvFHJvufc=", + "owner": "nix-community", + "repo": "all-cabal-json", + "rev": "d7c0434eebffb305071404edcf9d5cd99703878e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "hackage", + "repo": "all-cabal-json", + "type": "github" + } + }, + "crane": { + "flake": false, + "locked": { + "lastModified": 1670284777, + "narHash": "sha256-JF0pc0s4z/X+Iy+lNHOwUQ8I5bz+q7uX4HrKTNIEj24=", + "owner": "ipetkov", + "repo": "crane", + "rev": "2243fb9c872de25cb564a02d324ea6a5b9853052", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devshell": { + "flake": false, + "locked": { + "lastModified": 1663445644, + "narHash": "sha256-+xVlcK60x7VY1vRJbNUEAHi17ZuoQxAIH4S4iUFUGBA=", + "owner": "numtide", + "repo": "devshell", + "rev": "e3dc3e21594fe07bdb24bdf1c8657acaa4cb8f66", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "dream2nix": { + "inputs": { + "alejandra": "alejandra", + "all-cabal-json": "all-cabal-json", + "crane": "crane", + "devshell": "devshell", + "flake-parts": "flake-parts", + "flake-utils-pre-commit": "flake-utils-pre-commit", + "ghc-utils": "ghc-utils", + "gomod2nix": "gomod2nix", + "mach-nix": "mach-nix", + "nix-pypi-fetcher": "nix-pypi-fetcher", + "nixpkgs": [ + "webcord", + "nixpkgs" + ], + "poetry2nix": "poetry2nix", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1670715183, + "narHash": "sha256-l3OhVCCimrN1HFPfqfKAyzuMuPxNXZYLsI9w7AaQXv8=", + "owner": "nix-community", + "repo": "dream2nix", + "rev": "3d6f13ef9d4cb8c41bc83383bbec3e74865ef90d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "dream2nix", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "webcord", + "dream2nix", + "alejandra", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1657607339, + "narHash": "sha256-HaqoAwlbVVZH2n4P3jN2FFPMpVuhxDy1poNOR7kzODc=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b814c83d9e6aa5a28d0cf356ecfdafb2505ad37d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1668450977, + "narHash": "sha256-cfLhMhnvXn6x1vPm+Jow3RiFAUSCw/l1utktCw5rVA4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "d591857e9d7dd9ddbfba0ea02b43b927c3c0f1fa", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils-pre-commit": { + "locked": { + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakeCompat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "ghc-utils": { + "flake": false, + "locked": { + "lastModified": 1662774800, + "narHash": "sha256-1Rd2eohGUw/s1tfvkepeYpg8kCEXiIot0RijapUjAkE=", + "ref": "refs/heads/master", + "rev": "bb3a2d3dc52ff0253fb9c2812bd7aa2da03e0fea", + "revCount": 1072, + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + }, + "original": { + "type": "git", + "url": "https://gitlab.haskell.org/bgamari/ghc-utils" + } + }, + "gomod2nix": { + "flake": false, + "locked": { + "lastModified": 1627572165, + "narHash": "sha256-MFpwnkvQpauj799b4QTBJQFEddbD02+Ln5k92QyHOSk=", + "owner": "tweag", + "repo": "gomod2nix", + "rev": "67f22dd738d092c6ba88e420350ada0ed4992ae8", + "type": "github" + }, + "original": { + "owner": "tweag", + "repo": "gomod2nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1671459164, + "narHash": "sha256-RbkDnvLV7WjbiF4Dpiezrf8kXxwieQXAVtY8ciRQj6Q=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e7eba9cc46547ae86642ad3c6a9a4fb22c07bc26", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "mach-nix": { + "flake": false, + "locked": { + "lastModified": 1634711045, + "narHash": "sha256-m5A2Ty88NChLyFhXucECj6+AuiMZPHXNbw+9Kcs7F6Y=", + "owner": "DavHau", + "repo": "mach-nix", + "rev": "4433f74a97b94b596fa6cd9b9c0402104aceef5d", + "type": "github" + }, + "original": { + "id": "mach-nix", + "type": "indirect" + } + }, + "nix-pypi-fetcher": { + "flake": false, + "locked": { + "lastModified": 1669065297, + "narHash": "sha256-UStjXjNIuIm7SzMOWvuYWIHBkPUKQ8Id63BMJjnIDoA=", + "owner": "DavHau", + "repo": "nix-pypi-fetcher", + "rev": "a9885ac6a091576b5195d547ac743d45a2a615ac", + "type": "github" + }, + "original": { + "owner": "DavHau", + "repo": "nix-pypi-fetcher", + "type": "github" + } + }, "nixpkgs": { + "locked": { + "lastModified": 1671200928, + "narHash": "sha256-mZfzDyzojwj6I0wyooIjGIn81WtGVnx6+avU5Wv+VKU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "757b82211463dd5ba1475b6851d3731dfe14d377", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1665349835, + "narHash": "sha256-UK4urM3iN80UXQ7EaOappDzcisYIuEURFRoGQ/yPkug=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "34c5293a71ffdb2fe054eb5288adc1882c1eb0b1", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1671359686, "narHash": "sha256-3MpC6yZo+Xn9cPordGz2/ii6IJpP2n8LE8e/ebUXLrs=", @@ -16,9 +311,139 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1670507980, + "narHash": "sha256-riNZa0xzM1it3pzxciwALeMs+0CsBMWIW2FqulzK8vM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2787fc7d1e51404678614bf0fe92fc296746eec0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "poetry2nix": { + "flake": false, + "locked": { + "lastModified": 1666918719, + "narHash": "sha256-BkK42fjAku+2WgCOv2/1NrPa754eQPV7gPBmoKQBWlc=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "289efb187123656a116b915206e66852f038720e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "1.36.0", + "repo": "poetry2nix", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-utils": [ + "webcord", + "dream2nix", + "flake-utils-pre-commit" + ], + "nixpkgs": [ + "webcord", + "dream2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1646153636, + "narHash": "sha256-AlWHMzK+xJ1mG267FdT8dCq/HvLCA6jwmx2ZUy5O8tY=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "b6bc0b21e1617e2b07d8205e7fae7224036dfa4b", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { - "nixpkgs": "nixpkgs" + "home-manager": "home-manager", + "nixpkgs": "nixpkgs_2", + "webcord": "webcord" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1657557289, + "narHash": "sha256-PRW+nUwuqNTRAEa83SfX+7g+g8nQ+2MMbasQ9nt6+UM=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "caf23f29144b371035b864a1017dbc32573ad56d", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "webcord": { + "inputs": { + "dream2nix": "dream2nix", + "nixpkgs": "nixpkgs_3", + "webcord": "webcord_2" + }, + "locked": { + "lastModified": 1670874335, + "narHash": "sha256-nJ1LUVj3dIHP5B+XkZXUvY39OqaZn/MMHSFwsOSPnwI=", + "owner": "fufexan", + "repo": "webcord-flake", + "rev": "b462d57c36d664b48f047c96b2f9de091bff6e8b", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "webcord-flake", + "type": "github" + } + }, + "webcord_2": { + "flake": false, + "locked": { + "lastModified": 1670713990, + "narHash": "sha256-e+y/M+/gjezHoNrdXeFhqtvxbPdhRSDOQlwK1nUhNfo=", + "owner": "SpacingBat3", + "repo": "WebCord", + "rev": "80ba858c025e0bb59510f7136211948d8ae10ece", + "type": "github" + }, + "original": { + "owner": "SpacingBat3", + "repo": "WebCord", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index 2c7345f..79b0edc 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,14 @@ { - description = "Laurent's infrastructure"; + description = "Laureηt's infrastructure"; inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + home-manager.url = "github:nix-community/home-manager"; + + webcord.url = "github:fufexan/webcord-flake"; }; - outputs = { self, nixpkgs }: { + outputs = { nixpkgs, webcord, home-manager, ... } @ inputs : { # colmena colmena = { meta = { @@ -15,19 +18,33 @@ }; }; - # personnal laptop - neodymium = { name, nodes, ... }: { - networking.hostName = "neodymium"; - + # default config + defaults = { name, ... }: { imports = [ - ./hosts/neodymium/configuration.nix + ./hosts/${name}/configuration.nix + home-manager.nixosModules.home-manager ]; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + }; + }; + # personnal laptop + neodymium = { ... }: { deployment = { allowLocalDeployment = true; targetHost = null; }; }; + + # ovh vps + hydrogen = { ... }: { + deployment = { + targetHost = "178.62.253.235"; + targetUser = "root"; + }; + }; }; }; } diff --git a/hosts/hydrogen/configuration.nix b/hosts/hydrogen/configuration.nix new file mode 100644 index 0000000..87827f8 --- /dev/null +++ b/hosts/hydrogen/configuration.nix @@ -0,0 +1,81 @@ +{modulesPath, pkgs, lib, name, config, ... }: + +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + (modulesPath + "/virtualisation/digital-ocean-config.nix") + ]; + + networking = { + hostName = name; + domain = "fainsin.bzh"; + firewall.allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # https + ]; + }; + + services.fail2ban = { + enable = true; + maxretry = 5; + }; + + users.mutableUsers = false; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu" + ]; + + environment.systemPackages = with pkgs; [ + htop + ]; + + services.nginx = { + enable = true; + + # recommendedTlsSettings = true; + # recommendedOptimisation = true; + # recommendedGzipSettings = true; + # recommendedProxySettings = true; + + # commonHttpConfig = '' + # log_format vhosts '$host $remote_addr - $remote_user [$time_local] ' + # "$request" $status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + # access_log /var/log/nginx/access.log vhosts; + # ''; + + virtualHosts = { + "fainsin.bzh" = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 \"$scheme://laurent.fainsin.bzh$request_uri\""; + }; + "laurent.fainsin.bzh" = { + enableACME = true; + forceSSL = true; + root = "/srv/www/"; + }; + default = { + default = true; + locations."/".return = "301 \"$scheme://fainsin.bzh\" "; + }; + }; + }; + + security.acme = { + acceptTerms = true; + certs = { + "fainsin.bzh".email = "acme@fainsin.bzh"; + "laurent.fainsin.bzh".email = "acme@fainsin.bzh"; + }; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? +} \ No newline at end of file diff --git a/hosts/neodymium/configuration.nix b/hosts/neodymium/configuration.nix index 4998569..32d1982 100644 --- a/hosts/neodymium/configuration.nix +++ b/hosts/neodymium/configuration.nix @@ -6,11 +6,12 @@ { imports = - [ # Include the results of the hardware scan. + [ ./hardware-configuration.nix - ]; + networking.hostName = "neodymium"; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -24,7 +25,6 @@ # Set your time zone. time.timeZone = "Europe/Paris"; - # Select internationalisation properties. i18n.defaultLocale = "en_IE.UTF-8"; console = { @@ -78,6 +78,7 @@ librewolf keepassxc x2goclient + thunderbird element-desktop baobab @@ -96,6 +97,9 @@ ]; }; + users.mutableUsers = false; + + programs.ssh.startAgent = true; # Enable polkit security.polkit.enable = true;