diff options
Diffstat (limited to 'depo')
| -rw-r--r-- | depo/default.nix | 6 | ||||
| -rw-r--r-- | depo/hikuj-zupip/configuration.nix | 215 | ||||
| -rw-r--r-- | depo/hikuj-zupip/default.nix | 23 | ||||
| -rw-r--r-- | depo/hikuj-zupip/hardware.nix | 34 | ||||
| -rw-r--r-- | depo/nutin-madaj/default.nix | 94 | ||||
| -rw-r--r-- | depo/nutin-madaj/firefox.nix | 12 | ||||
| -rw-r--r-- | depo/nutin-madaj/git.nix | 18 | ||||
| -rw-r--r-- | depo/nutin-madaj/hardware-configuration.nix | 6 | ||||
| -rw-r--r-- | depo/nutin-madaj/mail.nix | 43 | ||||
| -rw-r--r-- | depo/nutin-madaj/networking.nix | 38 | ||||
| -rw-r--r-- | depo/nutin-madaj/web.nix | 41 | ||||
| -rw-r--r-- | depo/nutin-madaj/znc.nix | 70 | ||||
| -rw-r--r-- | depo/packages.nix | 11 | ||||
| -rw-r--r-- | depo/users.nix | 33 |
14 files changed, 0 insertions, 644 deletions
diff --git a/depo/default.nix b/depo/default.nix deleted file mode 100644 index e2c5d6a..0000000 --- a/depo/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ nixos }: - -{ - nutin-madaj = import ./nutin-madaj { inherit nixos; }; - hikuj-zupip = import ./hikuj-zupip { inherit nixos; }; -} diff --git a/depo/hikuj-zupip/configuration.nix b/depo/hikuj-zupip/configuration.nix deleted file mode 100644 index b313a36..0000000 --- a/depo/hikuj-zupip/configuration.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - networking = { - hostName = "lithium"; - hosts = { - "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; - }; - - firewall = { - allowedTCPPorts = [ - 22 8000 8443 443 8080 8081 # std - 500 10000 # no idea - 8096 # emby - 8112 # deluge - ]; - allowedTCPPortRanges = [ - { from = 3000; to = 3100; } # dev stuff - ]; - checkReversePath = false; - }; - - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.enableContainers = true; - - boot.initrd.luks.devices = [ - { - name = "root"; - device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; - preLVM = true; - } - ]; - - powerManagement.enable = false; - - time.timeZone = "America/Los_Angeles"; - - fonts.fonts = with pkgs; [ - google-fonts mononoki source-code-pro fantasque-sans-mono hack-font - fira fira-code fira-code-symbols - ]; - - nixpkgs = { - config = { - allowUnfree = true; - allowBroken = true; - }; - }; - - hardware = { - opengl.enable = true; - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-loopback - ''; - }; - }; - - programs = { - bash.enableCompletion = true; - command-not-found.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - mosh.enable = true; - }; - - virtualisation = { - docker = { - enable = true; - liveRestore = false; - }; - libvirtd.enable = true; - virtualbox = { - host = { - enable = false; - headless = false; - addNetworkInterface = false; - }; - guest = { - enable = false; - x11 = false; - }; - }; - }; - - # https://github.com/NixOS/nixpkgs/issues/53985 - systemd.services.gitlab-runner.path = ["/run/wrappers"]; - - services = { - pcscd.enable = true; - logind = { - lidSwitch = "ignore"; - extraConfig = "IdleAction=ignore"; - }; - - # runner for hero ci - gitlab-runner = { - packages = [ pkgs.bash pkgs.git pkgs.python3 ]; - enable = true; - gracefulTimeout = "2min"; - gracefulTermination = true; - configFile = "/home/ben/gitlab-runner.toml"; - }; - - openssh = { - enable = true; - forwardX11 = true; - }; - - deluge = { - enable = true; - openFilesLimit = 10240; - web.enable = true; - }; - - printing.enable = true; - - xserver = { - enable = true; - layout = "us"; - xkbOptions = "caps:ctrl_modifier"; - displayManager.sddm.enable = true; - desktopManager = { - kodi.enable = true; - plasma5.enable = true; - xterm.enable = true; - }; - }; - - jupyter = { - enable = false; - port = 3099; - ip = "*"; - password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; - kernels = { - python3 = let - env = (pkgs.python3.withPackages (p: with p; [ - ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets - ])); - in { - displayName = "py3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; - }; - }; - }; - - emby = { - enable = true; - user = "emby"; - }; - - vnstat.enable = true; - - # security stuff - fail2ban.enable = true; - clamav = { - daemon.enable = true; - updater.enable = true; - }; - - postgresql = { - enable = true; - package = pkgs.postgresql_10; - authentication = '' - local all pprjam md5 - local all pprjam_test md5 - ''; - enableTCPIP = true; - }; - redis = { - enable = true; - }; - }; - - nix = { - gc = { - automatic = true; - dates = "03:15"; - }; - binaryCaches = [ "https://cache.nixos.org/" ]; - nixPath = [ - "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" - "nixos-config=/etc/nixos/configuration.nix" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - extraOptions = '' - gc-keep-outputs = true - gc-keep-derivations = true - ''; - }; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "17.09"; # Did you read the comment? - system.autoUpgrade.enable = true; - -} diff --git a/depo/hikuj-zupip/default.nix b/depo/hikuj-zupip/default.nix deleted file mode 100644 index 31de11f..0000000 --- a/depo/hikuj-zupip/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ nixos }: - -/* - -hidor-kahih - main development/build server. Lives in ben's living room. - -*/ - -nixos { - system = "x86_64-linux"; - configuration = { - nixpkgs.overlays = [ - (import ../../pack/overlay.nix) - ]; - - imports = [ - ./hardware.nix - ../users.nix - ../packages.nix - ./configuration.nix - ]; - }; -} diff --git a/depo/hikuj-zupip/hardware.nix b/depo/hikuj-zupip/hardware.nix deleted file mode 100644 index fc0e7a0..0000000 --- a/depo/hikuj-zupip/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B89-85C7"; - fsType = "vfat"; - }; - - fileSystems."/mnt/lake" = - { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = "powersave"; -} diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix deleted file mode 100644 index 4d9dd02..0000000 --- a/depo/nutin-madaj/default.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ nixos }: - -/* - -nutin-madaj - cloud infrastructure server. - -This serves the git repo, mailserver, znc bouncer, user sites, and so on. - -Currently also used as a catch-all production/staging server, until I get real -stuff deployed. - -*/ - -let - nixos-mailserver = builtins.fetchTarball { - url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; - sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; - }; - ibbPort = "3000"; - fathomPort = "3030"; -in -nixos { - system = "x86_64-linux"; - configuration = { - imports = [ - ./hardware-configuration.nix - ./networking.nix - - # common infra - ../users.nix - ../packages.nix - - # configured modules - ./git.nix - ./mail.nix - ./web.nix - ./znc.nix - - # our custom modules - #../../mode/ibb.nix - #../../mode/fathom.nix - - # third party - nixos-mailserver - ]; - - nixpkgs.config.allowUnfree = true; - nixpkgs.overlays = [ - (import ../../pack/overlay.nix) - ]; - - programs.mosh = { - enable = true; - withUtempter = true; - }; - - services.openssh = { - enable = true; - passwordAuthentication = false; - }; - - security.sudo.wheelNeedsPassword = true; - - # our custom apps - #services = { - # ibb = { - # enable = false; - # port = ibbPort; - # }; - # # TODO: move this nginx config into mode/ibb.nix - # nginx.virtualHosts."influencedbybooks.com" = { - # forceSSL = true; - # enableACME = true; - # locations = { - # "/" = { - # proxyPass = "http://localhost:${ibbPort}"; - # }; - # }; - # }; - # fathom = { - # enable = true; - # port = fathomPort; - # dataDir = "/var/lib/fathom"; - # }; - # nginx.virtualHosts."stats.simatime.com" = { - # locations."/".proxyPass = "http://localhost:${fathomPort}"; - # forceSSL = true; - # enableACME = true; - # }; - #}; - - boot.cleanTmpDir = true; - }; -} diff --git a/depo/nutin-madaj/firefox.nix b/depo/nutin-madaj/firefox.nix deleted file mode 100644 index 12316fb..0000000 --- a/depo/nutin-madaj/firefox.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: - -{ - services = { - firefox.syncserver = { - enable = true; - allowNewUsers = true; - listen.port = 5001; - publicUri = "http://firefoxsync.simatime.com"; - }; - }; -} diff --git a/depo/nutin-madaj/git.nix b/depo/nutin-madaj/git.nix deleted file mode 100644 index e61abb4..0000000 --- a/depo/nutin-madaj/git.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - gitolite = { - enable = true; - enableGitAnnex = true; - # TODO: change this to /var/lib/gitolite? - dataDir = "/srv/git"; - user = "git"; - group = "git"; - extraGitoliteRc = '' - $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; - ''; - adminPubkey = builtins.readFile ../../keys/ben.pub; - }; - }; -} diff --git a/depo/nutin-madaj/hardware-configuration.nix b/depo/nutin-madaj/hardware-configuration.nix deleted file mode 100644 index 8c88cb7..0000000 --- a/depo/nutin-madaj/hardware-configuration.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ]; - boot.loader.grub.device = "/dev/vda"; - fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; -} diff --git a/depo/nutin-madaj/mail.nix b/depo/nutin-madaj/mail.nix deleted file mode 100644 index 81bddc2..0000000 --- a/depo/nutin-madaj/mail.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ ... }: - -{ - mailserver = { - enable = true; - monitoring = { - enable = false; - alertAddress = "bsima@me.com"; - }; - fqdn = "simatime.com"; - domains = [ "simatime.com" "bsima.me" ]; - certificateScheme = 3; # let's encrypt - enableImap = true; - enablePop3 = true; - enableImapSsl = true; - enablePop3Ssl = true; - enableManageSieve = true; - virusScanning = false; # ur on ur own - localDnsResolver = true; - - loginAccounts = { - "ben@simatime.com" = { - hashedPassword = "$6$Xr180W0PqprtaFB0$9S/Ug1Yz11CaWO7UdVJxQLZWfRUE3/rarB0driXkXALugEeQDLIjG2STGQBLU23//JtK3Mz8Kwsvg1/Zo0vD2/"; - aliases = [ - # my default email - "ben@bsima.me" - # admin stuff - "postmaster@simatime.com" - "abuse@simatime.com" - ]; - catchAll = [ "simatime.com" "bsima.me" ]; - quota = "5G"; - }; - "nick@simatime.com" = { - hashedPassword = "$6$31P/Mg8k8Pezy1e$Fn1tDyssf.1EgxmLYFsQpSq6RP4wbEvP/UlBlXQhyKA9FnmFtJteXsbJM1naa8Kyylo8vZM9zmeoSthHS1slA1"; - aliases = [ - "nicolai@simatime.com" - ]; - quota = "1G"; - }; - }; - }; -} diff --git a/depo/nutin-madaj/networking.nix b/depo/nutin-madaj/networking.nix deleted file mode 100644 index 4cfd73d..0000000 --- a/depo/nutin-madaj/networking.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, ... }: { - networking = { - - hostName = "simatime"; - - firewall = { - allowedTCPPorts = [ 22 80 443 ]; - allowPing = true; - }; - - # This following was populated at runtime with the networking details - # gathered from the active system. - nameservers = [ - "67.207.67.2" - "67.207.67.3" - ]; - defaultGateway = "159.89.128.1"; - defaultGateway6 = ""; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce true; - interfaces = { - eth0 = { - ipv4.addresses = [ - { address="159.89.128.69"; prefixLength=20; } -{ address="10.46.0.6"; prefixLength=16; } - ]; - ipv6.addresses = [ - { address="fe80::e899:c0ff:fe9c:e194"; prefixLength=64; } - ]; - }; - - }; - }; - services.udev.extraRules = '' - ATTR{address}=="ea:99:c0:9c:e1:94", NAME="eth0" - - ''; -} diff --git a/depo/nutin-madaj/web.nix b/depo/nutin-madaj/web.nix deleted file mode 100644 index d6be348..0000000 --- a/depo/nutin-madaj/web.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ ... }: - -let - bensIp = "69.181.254.154"; # hikuj-zupip -in -{ - services = { - nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts = { - "bsima.me".root = "/home/ben/public_html/"; - "www.bsima.me".root = "/home/ben/public_html/"; - "simatime.com".locations."/".root = "/srv/www/"; - "firefoxsync.simatime.com".locations."/".proxyPass = "http://localhost:5001"; - "hero.simatime.com".locations."/".proxyPass = "http://${bensIp}:3001"; - "tv.simatime.com".locations."/".proxyPass = "http://${bensIp}:8096"; # emby runs on port 8096 - "deluge.simatime.com".locations."/".proxyPass = "http://${bensIp}:8112"; - - "notebook.simatime.com".locations = { - "/" = { - proxyPass = "http://${bensIp}:3099"; - proxyWebsockets = true; - extraConfig = '' - proxy_buffering off; - proxy_read_timeout 86400; - - ''; - }; - "/(api/kernels/[^/]+/channels|terminals/websocket)/" = { - proxyPass = "http://${bensIp}:3099"; - proxyWebsockets = true; - }; - }; - }; - }; - }; -} diff --git a/depo/nutin-madaj/znc.nix b/depo/nutin-madaj/znc.nix deleted file mode 100644 index 0449893..0000000 --- a/depo/nutin-madaj/znc.nix +++ /dev/null @@ -1,70 +0,0 @@ -/* - -N.B.: generate znc passwords with 'nix-shell -p znc --command "znc --makepass"' - -- https://wiki.znc.in/Configuration - -*/ - -{ ... }: - -{ - services = { - znc = { - enable = true; - mutable = false; - useLegacyConfig = false; - openFirewall = true; - config = { - LoadModule = [ "adminlog" ]; - User.bsima = { - Admin = true; - Nick = "bsima"; - AltNick = "bsima1"; - LoadModule = [ "chansaver" "controlpanel" "log" ]; - Network.freenode = { - Server = "chat.freenode.net +6697"; - LoadModule = [ "simple_away" "nickserv" "sasl" ]; - Chan = { - "#ai" = {}; - "#biz" = { Modes = "+Sp"; }; - "#bsima" = { Modes = "+Sp"; }; - "##categorytheory" = { Detached = true; }; - "#clojure" = { Detached = true; }; - "#coq" = { Detached = true; }; - "#emacs" = { Detached = true; }; - "#guile" = { Detached = true; }; - "#guix" = { Detached = true; }; - "#haskell" = {}; - "#haskell-miso" = { Detached = true; }; - "#hledger" = {} - "#hnix" = { Detached = true; }; - "#home-manager" = { Detached = true; }; - "#ledger" = {}; - "#nix-darwin" = { Detached = true; }; - "#nixos" = {}; - "#org-mode" = {}; - "#scheme" = { Detached = true; }; - "#servant" = { Detached = true; }; - "#sr.ht" = { Detached = true; }; - "#xmonad" = { Detached = true; }; - }; - }; - Network.efnet = { - Server = "irc.efnet.info +6697"; - LoadModule = [ "simple_away" ]; - }; - Network.sorcery = { - Server = "irc.sorcery.net +6697"; - LoadModule = [ "simple_away" ]; - }; - Pass.password = { - Method = "sha256"; - Hash = "bead16d806e7bf5cbbc31d572b20f01e2b253eb60e2497ce465df56306becd02"; - Salt = "/GhmBMc+E6b7qd8muFEe"; - }; - }; - }; - }; - }; -} diff --git a/depo/packages.nix b/depo/packages.nix deleted file mode 100644 index 2c522f6..0000000 --- a/depo/packages.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.wget - pkgs.ranger - pkgs.vnstat - pkgs.gitAndTools.gitFull - pkgs.python3 - ]; -} diff --git a/depo/users.nix b/depo/users.nix deleted file mode 100644 index cd73996..0000000 --- a/depo/users.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ ... }: - -let - key = f: builtins.readFile (../keys/. + ("/" + f)); -in -{ - users = { - users = { - # bots - deploy = { - isNormalUser = true; - home = "/home/deploy"; - openssh.authorizedKeys.keys = [ (key "deploy.pub") ]; - extraGroups = [ "wheel" ]; - }; - - # humans - root.openssh.authorizedKeys.keys = [ (key "ben.pub") ]; - ben = { - isNormalUser = true; - home = "/home/ben"; - openssh.authorizedKeys.keys = [ (key "ben.pub") ]; - extraGroups = [ "wheel" "networkmanager" "docker" ]; - }; - nick = { - isNormalUser = true; - home = "/home/nick"; - openssh.authorizedKeys.keys = [ (key "nick.pub") ]; - extraGroups = [ "docker" ]; - }; - }; - }; -} |