diff options
Diffstat (limited to 'configurations')
-rw-r--r-- | configurations/default.nix | 87 | ||||
-rw-r--r-- | configurations/eonwe/default.nix | 84 | ||||
-rw-r--r-- | configurations/manwe/default.nix | 88 | ||||
-rw-r--r-- | configurations/manwe/mailserver.nix | 96 | ||||
-rw-r--r-- | configurations/manwe/webserver.nix | 25 | ||||
-rw-r--r-- | configurations/melian/default.nix | 134 | ||||
-rw-r--r-- | configurations/test-headful/default.nix | 19 | ||||
-rw-r--r-- | configurations/test-headless/default.nix | 13 | ||||
-rw-r--r-- | configurations/varda/default.nix | 62 | ||||
-rw-r--r-- | configurations/yavanna/default.nix | 46 |
10 files changed, 0 insertions, 654 deletions
diff --git a/configurations/default.nix b/configurations/default.nix deleted file mode 100644 index a488cf1..0000000 --- a/configurations/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - inputs, - lib, -}: -with lib; let - mkConfiguration = name: { - modules ? [], - configuration ? ./${name}, - this ? my.configurations.${name}, - }: - nameValuePair name (nixosSystem { - inherit (this) system; - modules = - attrValues inputs.self.nixosModules - ++ modules - ++ optional (configuration != null) (import configuration); - specialArgs = {inherit inputs lib this;}; - }); -in - mapAttrs' mkConfiguration { - # A dummy configuration to test the "headless" profile. - test-headless = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headless"; - system = "x86_64-linux"; - isHeadless = true; - isHeadful = false; - }; - }; - - # A dummy configuration to test the "headful" profile. - test-headful = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headful"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = true; - }; - }; - - # A beefy desktop PC: 7950x/rx6750xt/128GB. - eonwe.modules = with inputs; [ - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-gpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # ThinkPad T480. - melian.modules = with inputs; [ - nixos-hardware.nixosModules.common-pc-laptop-ssd - nixos-hardware.nixosModules.lenovo-thinkpad-t480 - nixpkgs.nixosModules.notDetected - ]; - - # VPS: Germany - manwe.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # VPS: Germany - varda.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # VPS: France - yavanna.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-hdd - nixpkgs.nixosModules.notDetected - ]; - } diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix deleted file mode 100644 index c9af8e5..0000000 --- a/configurations/eonwe/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - openssh.server.enable = true; - - games = { - lutris.enable = true; - steam.enable = true; - }; - android.enable = true; - bluetooth.enable = true; - libvirtd.enable = true; - qutebrowser.enable = true; - }; - - hm.programs = { - firefox.profiles.default.settings."media.ffmpeg.vaapi.enabled" = true; - - mpv.config = { - hwdec = "vdpau"; - vo = "vdpau"; - profile = "gpu-hq"; - }; - }; - - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - - boot = { - initrd.availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/FF1E-9CFD"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/20276c1b-7e46-430b-b741-2f4aeb76bc51"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix deleted file mode 100644 index b8dd324..0000000 --- a/configurations/manwe/default.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; { - imports = [ - ./mailserver.nix - ./webserver.nix - ]; - - nixfiles.modules = { - nsd = { - enable = true; - fqdn = "ns1.${config.networking.domain}"; - }; - unbound.enable = true; - - wireguard.server.enable = true; - - acme.enable = true; - - monitoring.enable = true; - - postgresql.enable = true; - - git.server = { - enable = true; - domain = "git.${my.domain.azahi}"; - }; - - gotify.enable = true; - matrix.dendrite = { - enable = true; - domain = my.domain.azahi; - }; - radicale.enable = true; - rss-bridge.enable = true; - shadowsocks.enable = true; - soju = { - enable = true; - domain = my.domain.azahi; - }; - vaultwarden.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "sd_mod" - "sr_mod" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - options = ["noatime"]; - }; - - "/" = { - device = "/dev/sda2"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - swapDevices = [ - { - device = "/dev/sda3"; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix deleted file mode 100644 index 966c21c..0000000 --- a/configurations/manwe/mailserver.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - - secrets = { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-shire-me = { - file = "${inputs.self}/secrets/dkim-key-shire-me"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - }; - - nixfiles.modules.acme.enable = true; - - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; - - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; - - localDnsResolver = false; - - certificateScheme = 1; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - loginAccounts = with my.domain; { - "azahi@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = [ - "@${azahi}" - "@${rohan}" - "@${gondor}" - "abuse@${shire}" - "admin@${shire}" - "ceo@${shire}" - "postmaster@${shire}" - ]; - }; - "samwise@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = ["chad@${shire}"]; - quota = "1G"; - }; - "pippin@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - "meriadoc@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - }; - }; - - services.fail2ban.jails = { - dovecot = '' - enabled = true - mode = aggressive - ''; - postfix = '' - enabled = true - mode = aggressive - ''; - }; - - system.extraDependencies = [inputs.simple-nixos-mailserver]; -} diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix deleted file mode 100644 index e1ee425..0000000 --- a/configurations/manwe/webserver.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - inputs, - lib, - ... -}: -with lib; { - nixfiles.modules.nginx.virtualHosts = with my.domain; - { - ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - "git.${shire}".locations."/".return = "301 https://git.${azahi}"; - "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; - ${azahi} = { - serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; - locations."/".root = inputs.azahi-cc; - }; - } - // (let - frodo = "301 https://frodo."; - in { - ${gondor}.locations."/".return = concatStrings [frodo gondor]; - ${rohan}.locations."/".return = concatStrings [frodo rohan]; - }); - - system.extraDependencies = [inputs.azahi-cc]; -} diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix deleted file mode 100644 index f296546..0000000 --- a/configurations/melian/default.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - bluetooth.enable = true; - - throttled.enable = true; - }; - - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - - hardware.trackpoint = { - enable = true; - speed = 500; - sensitivity = 250; - }; - - powerManagement = let - modprobe = "${pkgs.kmod}/bin/modprobe"; - in { - enable = true; - - # This fixes an issue with not being able to suspend or wake up from suspend - # due to a kernel bug[1]. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; - }; - - services = { - thinkfan = { - enable = true; - - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [1]; - } - ]; - fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; - levels = [ - ["level auto" 0 50] - ["level disengaged" 50 32767] - ]; - }; - }; - - fwupd.enable = true; - }; - - boot = { - # Speeding up Wi-Fi a bit. - extraModprobeConfig = '' - options iwlwifi 11n_disable=1 - ''; - - initrd = { - availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; - - luks.devices."root" = { - device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; - allowDiscards = true; - bypassWorkqueues = true; - }; - }; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/1083-C8A0"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - # NOTE This will make hibernation extremely hard if on an encrypted partition. - # This also could not work on ZFS or Btrfs. - swapDevices = [ - { - device = "/swapfile"; - size = 8 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/test-headful/default.nix b/configurations/test-headful/default.nix deleted file mode 100644 index 25db8c7..0000000 --- a/configurations/test-headful/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{lib, ...}: -with lib; { - nixfiles.modules = { - dwm.enable = true; - kde.enable = false; - xmonad.enable = false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation = { - enable = mkForce false; - man = { - enable = mkForce false; - man-db.enable = mkForce false; - }; - }; -} diff --git a/configurations/test-headless/default.nix b/configurations/test-headless/default.nix deleted file mode 100644 index 919a436..0000000 --- a/configurations/test-headless/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{lib, ...}: -with lib; { - nixfiles.modules = { - endlessh-go.enable = mkForce false; - node-exporter.enable = mkForce false; - promtail.enable = mkForce false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation.enable = mkForce false; -} diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix deleted file mode 100644 index 5e0914e..0000000 --- a/configurations/varda/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - lib, - this, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - acme.enable = true; - - games.minecraft.server = { - enable = false; # Disabled because no one is playing now. - memory = "6G"; - }; - }; - - boot = { - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "sd_mod" - "sr_mod" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/03FD-B6C0"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix deleted file mode 100644 index e3172a6..0000000 --- a/configurations/yavanna/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - lib, - this, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - acme.enable = true; - - rtorrent.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd = { - availableKernelModules = ["uhci_hcd" "ahci"]; - kernelModules = ["nvme"]; - }; - }; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - options = ["noatime"]; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} |