Add basic renard server config

Signed-off-by: Mel <einebeere@gmail.com>
author: Mel <einebeere@gmail.com> 2024-11-04 03:26:19 +0100
committer: Mel <einebeere@gmail.com> 2024-11-04 03:26:19 +0100
commit: 9a52eff1c92d63ea7309a4b0768f572973b5a6e6 (patch)
tree: fe565a90381c7716ba093b4ba11b432f8b0494eb
parent: 2fc26761a1e93e6212845ebd005eab71da704d6e (diff)
download: network-9a52eff1c92d63ea7309a4b0768f572973b5a6e6.tar.zst
network-9a52eff1c92d63ea7309a4b0768f572973b5a6e6.zip
9 files changed, 158 insertions, 26 deletions
diff --git a/flake.lock b/flake.lock
index 66c938b..a7105a6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -38,11 +38,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1729691686,
-        "narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
+        "lastModified": 1730327045,
+        "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
+        "rev": "080166c15633801df010977d9d7474b4a6c549d7",
         "type": "github"
       },
       "original": {
@@ -54,11 +54,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1729665710,
-        "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
+        "lastModified": 1730531603,
+        "narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
+        "rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
         "type": "github"
       },
       "original": {
@@ -71,11 +71,11 @@
     "oisd": {
       "flake": false,
       "locked": {
-        "lastModified": 1729966322,
-        "narHash": "sha256-3Qnz98SRzzFZ8n5oKcpsW4PqGHkfk+Ef+5WKxeY68BI=",
+        "lastModified": 1730668406,
+        "narHash": "sha256-3VuzSnkJVEBBAu1VhYXlY1uPu/rFz6N91wYDFJMpN9Y=",
         "owner": "sjhgvr",
         "repo": "oisd",
-        "rev": "7634ebcc1036111300e5f0436cbea18c281a9151",
+        "rev": "07186bcabbf2de4e320a6d4c4f3d558b0d844e52",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index c0adac4..3b0b980 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,43 +19,51 @@
 
   outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, home-manager, ... }:
   let
-    system = "x86_64-linux";
+    systems = {
+      x86 = "x86_64-linux";
+      arm = "aarch64-linux";
+    };
 
-    machines = [
-      "corsac"
+    machines = with systems; [
+      { name = "corsac"; system = x86; }
+      { name = "lapin"; system = arm; }
+      { name = "renard"; system = x86; }
     ];
     
-    packageSets = let
+    packageSetsForSystem = system: let
       pkgsInputs = { inherit system; config = import ./config.nix; };
     in rec {
       pkgs = import nixpkgs pkgsInputs;
       unstablePkgs = import nixpkgs-unstable pkgsInputs;
-      auxiliaryPkgs = import ./pkgs { inherit pkgs unstablePkgs; };
+      auxiliaryPkgs = import ./pkgs { inherit system pkgs unstablePkgs; };
     };
 
+    inherit (nixpkgs) lib;
   in {
-    nixosConfigurations = nixpkgs.lib.genAttrs machines
-      (machine: nixpkgs.lib.nixosSystem {
-        inherit system;
+    nixosConfigurations = lib.mergeAttrsList (map (machine: {
+      ${machine.name} = nixpkgs.lib.nixosSystem {
+        inherit (machine) system;
 
-        specialArgs = inputs // packageSets // {
-          me = machine;
+        specialArgs = inputs // (packageSetsForSystem machine.system) // {
+          me = machine.name;
           security = import ./security.nix;
+          util = import ./util.nix { inherit lib; };
         };
 
         modules = [
-          ./machines/${machine}
+          ./machines/${machine.name}
         
           home-manager.nixosModules.home-manager {
             home-manager.useGlobalPkgs = true;
             home-manager.useUserPackages = true;
-            home-manager.users.mel = import ./machines/${machine}/home.nix;
+            home-manager.users.mel = import ./machines/${machine.name}/home.nix;
           }
         ];
-      }
-    );
+      };
+    }) machines);
 
     # compatibility wrapper for nixos-option
-    legacyPackages.${system} = with packageSets; pkgs.recurseIntoAttrs pkgs;
+    legacyPackages = lib.genAttrs (lib.attrValues systems) 
+      (system: with packageSetsForSystem system; pkgs.recurseIntoAttrs pkgs);
   };
 }
diff --git a/machines/renard/default.nix b/machines/renard/default.nix
new file mode 100644
index 0000000..680e2cd
--- /dev/null
+++ b/machines/renard/default.nix
@@ -0,0 +1,14 @@
+{ ... }:
+
+{
+  imports = [
+    ../../modules/common.nix
+
+    ./hardware.nix
+    ./devices.nix
+  
+    ../../modules/www.nix
+  ];
+
+  system.stateVersion = "24.05";
+}
diff --git a/machines/renard/devices.nix b/machines/renard/devices.nix
new file mode 100644
index 0000000..e54f622
--- /dev/null
+++ b/machines/renard/devices.nix
@@ -0,0 +1,13 @@
+{ config, pkgs, ... }:
+
+{
+  boot.initrd = {
+    availableKernelModules = [ "virtio_pci" "virtio_scsi" ];
+    kernelModules = [ "dm-snapshot" ];
+  };
+
+  boot.loader.grub = {
+    enable = true;
+    device = "/dev/sda";
+  };
+}
diff --git a/machines/renard/hardware.nix b/machines/renard/hardware.nix
new file mode 100644
index 0000000..5db9ce8
--- /dev/null
+++ b/machines/renard/hardware.nix
@@ -0,0 +1,33 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/258bcc4c-22a7-4c4c-a264-568b7194dffc";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a0b48c9b-9885-4722-a6e1-0e30e657669c"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/machines/renard/home.nix b/machines/renard/home.nix
new file mode 100644
index 0000000..dce0783
--- /dev/null
+++ b/machines/renard/home.nix
@@ -0,0 +1,9 @@
+{ pkgs, ... }:
+
+{
+  imports = [
+    ../../modules/home/common.nix
+  ];
+
+  home.stateVersion = "24.05";
+}
diff --git a/modules/common.nix b/modules/common.nix
index f035db5..2f2b141 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -1,4 +1,4 @@
-{ me, config, lib, pkgs, ... }:
+{ me, util, config, lib, pkgs, ... }:
 
 {
   imports = [
@@ -9,8 +9,25 @@
   ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
+ 
+  
+  users.motd = ''
+
+/^  /^
+\ ' ' 7   < Hi, I'm ${util.titleCase me}
+/    \
+
+  '';
 
-  networking.hostName = me;
+  networking = {
+    hostName = me;
+  
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+    };
+  };
 
   services.envfs.enable = true;
   virtualisation.libvirtd.enable = true;
diff --git a/modules/www.nix b/modules/www.nix
new file mode 100644
index 0000000..1df69cf
--- /dev/null
+++ b/modules/www.nix
@@ -0,0 +1,31 @@
+{ me, ... }:
+
+let 
+  rnrdUrl =
+    if me == "renard"
+      then "rnrd.eu"
+      else "${me}.rnrd.eu";
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "einebeere@gmail.com";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  
+    virtualHosts = {
+      default = { default = true; };
+      ${rnrdUrl} = {
+        root = "/var/www/html";
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+}
diff --git a/util.nix b/util.nix
new file mode 100644
index 0000000..e783f3b
--- /dev/null
+++ b/util.nix
@@ -0,0 +1,7 @@
+{ lib }:
+{
+  titleCase = str: with lib.strings; let
+    firstCharUpper = s: concatStrings [(toUpper (substring 0 1 s)) (substring 1 (stringLength s) s)];
+  in
+    concatStringsSep " " (map firstCharUpper (splitString " " str));
+}
author	Mel <einebeere@gmail.com>	2024-11-04 03:26:19 +0100
committer	Mel <einebeere@gmail.com>	2024-11-04 03:26:19 +0100
commit	9a52eff1c92d63ea7309a4b0768f572973b5a6e6 (patch)
tree	fe565a90381c7716ba093b4ba11b432f8b0494eb
parent	2fc26761a1e93e6212845ebd005eab71da704d6e (diff)
download	network-9a52eff1c92d63ea7309a4b0768f572973b5a6e6.tar.zst network-9a52eff1c92d63ea7309a4b0768f572973b5a6e6.zip