commit e62fe9ad6940c7aae99d5f023bf61914a4d83b0e · ryan.freumh.org/eilean-nix

+48

template/configuration.nix

···

       1
       1
       +
       { pkgs, config, lib, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         imports = [

     

       5
       5
       +
           ./hardware-configuration.nix

     

       6
       6
       +
         ];

     

       7
       7
       +
       

     

       8
       8
       +
         nixpkgs.hostPlatform.system = "x86_64-linux";

     

       9
       9
       +
         nix.settings.experimental-features = [ "nix-command" "flakes" ];

     

       10
       10
       +
         system.stateVersion = "22.11";

     

       11
       11
       +
       

     

       12
       12
       +
         services.openssh = {

     

       13
       13
       +
           enable = true;

     

       14
       14
       +
           settings.passwordAuthentication = false;

     

       15
       15
       +
         };

     

       16
       16
       +
       

     

       17
       17
       +
         environment.systemPackages = with pkgs; [

     

       18
       18
       +
           git # for nix flakes

     

       19
       19
       +
           vim # for editing config files

     

       20
       20
       +
         ];

     

       21
       21
       +
       

     

       22
       22
       +
         users.users.root = {

     

       23
       23
       +
           initialHashedPassword = "";

     

       24
       24
       +
           users.users.root.openssh.authorizedKeys.keys = [

     

       25
       25
       +
             # "ssh-ed25519 <key> <name>"

     

       26
       26
       +
           ];

     

       27
       27
       +
         };

     

       28
       28
       +
       

     

       29
       29
       +
         # TODO replace this with domain

     

       30
       30
       +
         networking.domain = "example.org";

     

       31
       31
       +
         security.acme.acceptTerms = true;

     

       32
       32
       +
       

     

       33
       33
       +
         eilean = {

     

       34
       34
       +
           # TODO replace these values

     

       35
       35
       +
           username = "user";

     

       36
       36
       +
           secretsDir = "/secrets";

     

       37
       37
       +
           serverIpv4 = "203.0.113.0";

     

       38
       38
       +
           serverIpv6 = "2001:DB8::/64";

     

       39
       39
       +
           publicInterface = "eth0";

     

       40
       40
       +
       

     

       41
       41
       +
           # mailserver.enable = true;

     

       42
       42
       +
           # matrix.enable = true;

     

       43
       43
       +
           # turn.enable = true;

     

       44
       44
       +
           # mastodon.enable = true;

     

       45
       45
       +
           # gitea.enable = true;

     

       46
       46
       +
           # dns.enable = true;

     

       47
       47
       +
         };

     

       48
       48
       +
       }

-28

template/default.nix

···

       1
       1
       -
       { pkgs, config, lib, ... }:

     

       2
       2
       -
       

     

       3
       3
       -
       {

     

       4
       4
       -
         imports = [

     

       5
       5
       -
           ./hardware-configuration.nix

     

       6
       6
       -
         ];

     

       7
       7
       -
       

     

       8
       8
       -
         eilean = {

     

       9
       9
       -
           # TODO replace these values

     

       10
       10
       -
           username = "user";

     

       11
       11
       -
           secretsDir = "/secrets";

     

       12
       12
       -
           serverIpv4 = "203.0.113.0";

     

       13
       13
       -
           serverIpv6 = "2001:DB8::/64";

     

       14
       14
       -
           publicInterface = "eth0";

     

       15
       15
       -
           

     

       16
       16
       -
           mailserver.enable = true;

     

       17
       17
       -
           matrix.enable = true;

     

       18
       18
       -
           turn.enable = true;

     

       19
       19
       -
           mastodon.enable = true;

     

       20
       20
       -
           gitea.enable = true;

     

       21
       21
       -
           dns.enable = true;

     

       22
       22
       -
         };

     

       23
       23
       -
       

     

       24
       24
       -
         # TODO replace this with domain

     

       25
       25
       -
         networking.domain = "example.org";

     

       26
       26
       -
       

     

       27
       27
       -
         security.acme.acceptTerms = true;

     

       28
       28
       -
       }

+10 -24

template/flake.lock

···

       2
       2
        
         "nodes": {

     

       3
       3
        
           "eilean": {

     

       4
       4
        
             "inputs": {

     

       5
       5
       -
               "nixpkgs": "nixpkgs"

     

       5
       5
       +
               "nixpkgs": [

     

       6
       6
       +
                 "nixpkgs"

     

       7
       7
       +
               ]

     

       6
       8
        
             },

     

       7
       9
        
             "locked": {

     

       8
       8
       -
               "lastModified": 1674648266,

     

       9
       9
       -
               "narHash": "sha256-8yQYToFU8mnz80bEs88zx+QSMYvv73FFAYxCvK3Br2M=",

     

       10
       10
       +
               "lastModified": 1677678055,

     

       11
       11
       +
               "narHash": "sha256-Sf+Hn8tMPudNu+MEWcPaGBs5mqg+b72nB520RTZlLmE=",

     

       10
       12
        
               "owner": "RyanGibb",

     

       11
       13
        
               "repo": "eilean-nix",

     

       12
       12
       -
               "rev": "804134e45a0ae1d161eeaf5a8ed441ac555ac82b",

     

       14
       14
       +
               "rev": "0b0a552480c78be16466c7b4b0e7d90de1862fd9",

     

       13
       15
        
               "type": "github"

     

       14
       16
        
             },

     

       15
       17
        
             "original": {

     
···

       21
       23
        
           },

     

       22
       24
        
           "nixpkgs": {

     

       23
       25
        
             "locked": {

     

       24
       24
       -
               "lastModified": 1667231093,

     

       25
       25
       -
               "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=",

     

       26
       26
       -
               "owner": "nixos",

     

       27
       27
       -
               "repo": "nixpkgs",

     

       28
       28
       -
               "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458",

     

       29
       29
       -
               "type": "github"

     

       30
       30
       -
             },

     

       31
       31
       -
             "original": {

     

       26
       26
       +
               "lastModified": 1677676435,

     

       27
       27
       +
               "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",

     

       32
       28
        
               "owner": "nixos",

     

       33
       33
       -
               "ref": "nixos-unstable",

     

       34
       29
        
               "repo": "nixpkgs",

     

       35
       35
       -
               "type": "github"

     

       36
       36
       -
             }

     

       37
       37
       -
           },

     

       38
       38
       -
           "nixpkgs_2": {

     

       39
       39
       -
             "locked": {

     

       40
       40
       -
               "lastModified": 1674459583,

     

       41
       41
       -
               "narHash": "sha256-L0UZl/u2H3HGsrhN+by42c5kNYeKtdmJiPzIRvEVeiM=",

     

       42
       42
       -
               "owner": "nixos",

     

       43
       43
       -
               "repo": "nixpkgs",

     

       44
       44
       -
               "rev": "1b1f50645af2a70dc93eae18bfd88d330bfbcf7f",

     

       30
       30
       +
               "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",

     

       45
       31
        
               "type": "github"

     

       46
       32
        
             },

     

       47
       33
        
             "original": {

     
···

       54
       40
        
           "root": {

     

       55
       41
        
             "inputs": {

     

       56
       42
        
               "eilean": "eilean",

     

       57
       57
       -
               "nixpkgs": "nixpkgs_2"

     

       43
       43
       +
               "nixpkgs": "nixpkgs"

     

       58
       44
        
             }

     

       59
       45
        
           }

     

       60
       46
        
         },

+9 -10

template/flake.nix

···

       2
       2
        
         inputs = {

     

       3
       3
        
           nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";

     

       4
       4
        
           eilean.url ="github:RyanGibb/eilean-nix/main";

     

       5
       5
       +
           eilean.inputs.nixpkgs.follows = "nixpkgs";

     

       5
       6
        
         };

     

       6
       7
        
       

     

       7
       7
       -
         outputs = { self, nixpkgs, eilean, ... }@inputs: rec {

     

       8
       8
       -
           nixosConfigurations.server =

     

       9
       9
       -
             let

     

       10
       10
       -
               system = "x86_64-linux";

     

       11
       11
       -
             in nixpkgs.lib.nixosSystem {

     

       12
       12
       -
               inherit system;

     

       13
       13
       -
               pkgs = import nixpkgs { inherit system; };

     

       8
       8
       +
         outputs = { self, nixpkgs, eilean, ... }@inputs:

     

       9
       9
       +
             let hostname = "eilean"; in

     

       10
       10
       +
           rec {

     

       11
       11
       +
           nixosConfigurations.${hostname} = nixpkgs.lib.nixosSystem {

     

       12
       12
       +
               system = null;

     

       13
       13
       +
               pkgs = null;

     

       14
       14
        
               modules = [

     

       15
       15
       -
                   ./default.nix

     

       15
       15
       +
                   ./configuration.nix

     

       16
       16
        
                   eilean.nixosModules.default

     

       17
       17
        
                   {

     

       18
       18
       -
                     networking.hostName = "server";

     

       18
       18
       +
                     networking.hostName = hostname;

     

       19
       19
        
                     # pin nix command's nixpkgs flake to the system flake to avoid unnecessary downloads

     

       20
       20
        
                     nix.registry.nixpkgs.flake = nixpkgs;

     

       21
       21
       -
                     system.stateVersion = "22.11";

     

       22
       21
        
                     # record git revision (can be queried with `nixos-version --json)

     

       23
       22
        
                     system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;

     

       24
       23
        
                   }

-6

template/hardware-configuration.nix

···

       1
       1
       -
       

     

       2
       2
       -
       # TODO generate this from `nixos-generate-config`

     

       3
       3
       -
       {

     

       4
       4
       -
         boot.loader.grub.device = "/dev/sda";

     

       5
       5
       -
         fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };

     

       6
       6
       -
       }