gortium/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Some more work toward a modular config

Browse Source
This commit is contained in:
Thierry Pouplier
2025-08-04 22:15:59 -04:00
parent 94f0ce50ae
commit ac6c3688ef
11 changed files with 252 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
flake.lock generated
View File

@@ -16,9 +16,43 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1754328224,
"narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4",
"type": "github"
},
"original": {
"id": "sops-nix",
"type": "indirect"
}
}
},

14
flake.nix
View File

@@ -5,19 +5,17 @@
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
};
outputs = { self, nixpkgs }:
outputs = { self, nixpkgs, sops-nix, ... }@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config = {
allowUnfree = true;
};
pkgs = import nixpkgs {
inherit system;
config = {
allowUnfree = true;
};
};
in
{
nixosConfigurations = {
lazyworkhorse = nixpkgs.lib.nixosSystem {
specialArgs = { inherit system; };

63
hosts/lazyworkhorse/configuration.nix
View File

@@ -8,35 +8,63 @@
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./nixosModules/default.nix
./../../modules/default.nix
./../../users/gortium.nix
];
# Flakesss
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.trusted-users = [ "root" "gortium" ];
nix.gc = {
automatic = true;
dates = "weekly"; # You can also use "daily" or a cron-like spec
options = "--delete-older-than 7d"; # Keep only 7 days of unreferenced data
};
nix.settings = {
auto-optimise-store = true; # Deduplicate identical files
keep-derivations = false;
keep-outputs = false;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
# networking.hostName = "nixos"; # Define your hostname.
networking.hostName = "lazyworkhorse"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.hostId = "deadbeef";
# Set your time zone.
time.timeZone = "America/Montreal";
i18n.defaultLocale = "en_CA.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_CA.UTF-8";
LC_IDENTIFICATION = "en_CA.UTF-8";
LC_MEASUREMENT = "en_CA.UTF-8";
LC_MONETARY = "en_CA.UTF-8";
LC_NAME = "en_CA.UTF-8";
LC_NUMERIC = "en_CA.UTF-8";
LC_PAPER = "en_CA.UTF-8";
LC_TELEPHONE = "en_CA.UTF-8";
LC_TIME = "en_CA.UTF-8";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
useXkbConfig = true; # use xkb.options in tty.
};
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
@@ -56,14 +84,8 @@
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.gortium = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
packages = with pkgs; [
tree
];
};
# nvim please
environment.variables.EDITOR = "neovim";
# programs.firefox.enable = true;
@@ -72,6 +94,8 @@
environment.systemPackages = with pkgs; [
neovim
wget
age
git
];
# Some programs need SUID wrappers, can be configured further or are
@@ -85,7 +109,10 @@
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
@@ -96,7 +123,7 @@
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.

7
modules/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, lib, config, ... }: {
imports =
[
# ./home
./nixos
];
}

6
modules/nixos/bundles/default.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, lib, config, ... }: {
imports =
[
./graphical-desktop.nix
];
}

4
nixosModules/bundles/graphical-desktop.nix → modules/nixos/bundles/graphical-desktop.nix
View File

@@ -2,7 +2,7 @@
{ pkgs, lib, config, ... }: {
options = {
grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop"
grapfical-desktop.enable = lib.mkEnableOption "enable graphical desktop";
};
config = lib.mkIf config.grapfical-desktop.enable {
@@ -16,5 +16,5 @@
xwayland.enable = true;
};
programs.waybar.enable = true;
}
};
}

8
modules/nixos/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, lib, config, ... }: {
imports =
[
./bundles
# ./programs
# ./services
];
}

32
modules/nixos/services/podman.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.podman;
in {
options.services.podman.enable = mkEnableOption "enable podman";
config = mkIf cfg.enable {
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [
"--filter=until=24h"
"--filter=label!=important"
];
};
defaultNetwork.settings.dns_enabled = true;
};
};
environment.systemPackages = with pkgs; [
podman-compose
];
};
}

101
modules/nixos/services/traefik.nix Normal file
View File

@@ -0,0 +1,101 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
resolvers = ["1.1.1.1:53" "8.8.8.8:53"];
propagation = {
delayBeforeChecks = 60;
disableChecks = true;
};
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
rtmp = {
address = ":1935";
};
rtmps = {
address = ":1945";
};
websecure = {
address = ":443";
};
};
};
dynamicConfigOptions = {
http = {
services = {
dummy = {
loadBalancer.servers = [
{url = "http://192.168.0.1";} # Diese URL wird nie verwendet
];
};
};
middlewares = {
domain-redirect = {
redirectRegex = {
regex = "^https://www\\.m3tam3re\\.com(.*)";
replacement = "https://m3ta.dev$1";
permanent = true;
};
};
strip-www = {
redirectRegex = {
regex = "^https://www\\.(.+)";
replacement = "https://$1";
permanent = true;
};
};
subdomain-redirect = {
redirectRegex = {
regex = "^https://([a-zA-Z0-9-]+)\\.m3tam3re\\.com(.*)";
replacement = "https://$1.m3ta.dev$2";
permanent = true;
};
};
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}

13
nixosModules/default.nix
View File

@@ -1,13 +0,0 @@
{ pkgs, lib, config, ... }: {
imports =
[
./bundles/graphical-desktop.nix
# ./bundles/gaming.nix
# ./bundles/docker-server.nix
# ./bundles/terminal.nix
# ./bundles/csharp-devel.nix
# ./bundles/sound-music.nix
# ./bundles/local-ai.nix
# ./bundles/editors.nix
];
}

10
users/gortium.nix Normal file
View File

@@ -0,0 +1,10 @@
{ pkgs, inputs, config, ... }: {
# Define a user account. Don't forget to set a password with passwd.
users.users.gortium = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ]; # Enable sudo for the user.
packages = with pkgs; [
tree
];
};
}