newtype/newtype-org-configurations
Archived
5
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

infra: init vieuxtype.infra.newtype.fr

Browse source
This commit is contained in:
Raito Bezarius 2023-06-05 19:46:42 +02:00
parent 107cc6e53f
commit f6c1177c38
13 changed files with 312 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

34
modules/gitea.nix Normal file
View file

@ -0,0 +1,34 @@
{ ... }: {
services.gitea = {
enable = true;
appName = "Newtype's Git";
mailerPasswordFile = "/var/lib/secrets/gitea/mailpw";
settings = {
server = {
ROOT_URL = "https://git.newtype.fr";
DOMAIN = "git.newtype.fr";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;
HOST = "mail.gandi.net:465";
USER = "git@newtype.fr";
FROM = "Newtype's Git <git@newtype.fr>";
IS_TLS_ENABLED = true;
};
};
};
services.nginx = {
enable = true;
virtualHosts."git.newtype.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://127.0.0.1:3000"; };
};
};
security.acme.certs = { "git.newtype.fr".email = "contact@newtype.fr"; };
security.acme.acceptTerms = true;
}

14
modules/hardware/vm.nix Normal file
View file

@ -0,0 +1,14 @@
{ lib, modulesPath, ... }: {
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
services.qemuGuest.enable = true;
# VMs are noisy for this type of thing usually.
nix.settings.max-jobs = lib.mkDefault 1;
}

5
modules/hosts.nix
View file

@ -37,11 +37,14 @@ in
)
"Please add network configuration for ${config.networking.hostName}. None found in ${./hosts.nix}";
# usually, for each host there is a hostname.dse.in.tum.de and hostname.r domain
# usually, for each host there is a hostname.infra.newtype.fr
networking.newtype.hosts = {
epyc = {
ipv6 = "2001:470:ca5e:dee:587c:7a50:f36c:cae8";
};
vieuxtype = {
ipv6 = "2a01:e0a:5f9:9681:a498:fffb:e48d:299";
};
};
};
}

12
modules/nix-daemon.nix
View file

@ -24,11 +24,19 @@ in
config = {
warnings = lib.optionals (config.simd.arch == null) [ "Please set simd.arch for ${config.networking.hostName}" ];
# Allow more open files for non-root users to run NixOS VM tests.
security.pam.loginLimits = [
{ domain = "*"; item = "nofile"; type = "-"; value = "20480"; }
];
nix = {
# Garbage-collect often
gc.automatic = true;
gc.dates = "03:15";
gc.options = "--delete-older-than 30d";
gc.dates = "*:45";
gc.options = ''--max-freed "$((128 * 1024**3 - 1024 * $(df -P -k /nix/store | tail -n 1 | ${pkgs.gawk}/bin/awk '{ print $4 }')))"'';
# Randomize GC to avoid thundering herd effects.
gc.randomizedDelaySec = "1800";
# 2.11, 2.12 suffers from a bug with remote builders…
package = pkgs.nixVersions.nix_2_13;

20
modules/packages.nix
View file

@ -1,4 +1,7 @@
{ pkgs, ... }: {
# documentation.dev.enable = true;
# environment.extraOutputsToInstall = [ "info" "man" "devman" ];
# this extends the list from:
# https://github.com/numtide/srvos/blob/master/server.nix#L10
environment.systemPackages = with pkgs; [
@ -34,6 +37,23 @@
usbutils
ipmitool
(neovim.override {
viAlias = true;
vimAlias = true;
configure = {
packages.myPlugins = with pkgs.vimPlugins; {
start = [ vim-lastplace vim-nix ];
opt = [ ];
};
};
})
# tries to default to soft-float due to out-dated cc-rs
] ++ lib.optional (!stdenv.hostPlatform.isRiscV) bandwhich;
programs.vim.defaultEditor = true;
environment.variables = { EDITOR = "nvim"; };
programs.mosh.enable = true;
programs.tmux.enable = true;
}

5
modules/tailscale.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, ... }: {
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
}

5
modules/users/admins.nix
View file

@ -13,7 +13,6 @@ in
isNormalUser = true;
home = "/home/raito";
inherit extraGroups;
shell = "/run/current-system/sw/bin/zsh";
uid = 1000;
openssh.authorizedKeys.keyFiles = [ ./keys/raito.keys ];
};
@ -23,7 +22,6 @@ in
isNormalUser = true;
home = "/home/luj";
inherit (config.users.users.raito) extraGroups;
shell = "/run/current-system/sw/bin/zsh";
uid = 1001;
openssh.authorizedKeys.keyFiles = [ ./keys/luj.keys ];
};
@ -33,7 +31,6 @@ in
isNormalUser = true;
home = "/home/gdd";
inherit (config.users.users.raito) extraGroups;
shell = "/run/current-system/sw/bin/zsh";
uid = 1002;
openssh.authorizedKeys.keyFiles = [ ./keys/gdd.keys ];
};
@ -43,7 +40,6 @@ in
isNormalUser = true;
home = "/home/akechi";
inherit (config.users.users.raito) extraGroups;
shell = "/run/current-system/sw/bin/zsh";
uid = 1003;
openssh.authorizedKeys.keyFiles = [ ./keys/akechi.keys ];
};
@ -53,7 +49,6 @@ in
isNormalUser = true;
home = "/home/tomate";
inherit (config.users.users.raito) extraGroups;
shell = "/run/current-system/sw/bin/zsh";
uid = 1004;
openssh.authorizedKeys.keyFiles = [ ./keys/tomate.keys ];
};

17
modules/users/yvan.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }: {
users.users.yvan = {
isNormalUser = true;
home = "/home/yvan";
description = "Yvan's account";
extraGroups = [ "wheel" "www-data" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdMWQ1D9VJNrIzvgU8QMQwhy7Q/OFI9JNLpo/Kr0uXCeZBtSn9eMzZa88Q8gDaHnlc/BlTnlSomWP/S9u8+j21d+rXgDyPgJUqMjGBxFo4lZue3DlACXKQcwWXiNlGQKFPzSNBN62N3cRwm1R7Won9xVwedS4UnxsXbOGHkBnajQx40Ej3WRVBVbSjKKGaZKKCNO5hfistRP7RtqhwxYK7D/CyOfwnIUuBAnC3QYDYDph7SD2E5OX3rKwPDPnei0zaIMMXyFrMtv/czYOsisOud2H/VX0vipQh59qji/ZNSE31LemF4VcvC1307JX3uEwSfVWiBsWGPGfc/epQ4ixl yvan@X230" # Yvan's X230
];
};
services.mastodon = {
enable = true;
smtp = { host = "mail.gandi.net"; fromAddress = "yvan@sraka.xyz"; };
localDomain = "sraka.xyz";
};
}

9
modules/zsh.nix
View file

@ -5,4 +5,13 @@
programs.zsh.interactiveShellInit = ''
source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh
'';
programs.zsh = {
autosuggestions.enable = true;
promptInit = ''
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
'';
};
users.defaultUserShell = pkgs.zsh;
}