nixos server with forgejo

2024-02-17 00:35:08 +00:00 · 2024-02-17 00:35:08 +00:00 · b5b763bd40
commit b5b763bd40
parent b1fc9f70e7
2 changed files with 109 additions and 60 deletions
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@ -13,7 +13,7 @@ in {
  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-amd"];
+  boot.kernelModules = [];
  boot.extraModulePackages = [];
  fileSystems."/" = {
@ -21,9 +21,9 @@ in {
    fsType = "ext4";
  };
-  fileSystems."/boot" = {
+  fileSystems."/boot" =
-    device = "/dev/disk/by-uuid/72d527de-fead-43d5-8f29-e06d2c584a18";
+    { device = "/dev/disk/by-uuid/D8AA-8602";
-    fsType = "ext4";
+      fsType = "vfat";
    };
  fileSystems."/mnt/disk1" = {
@ -46,13 +46,15 @@ in {
    fsType = "ext4";
  };
-  # /etc/fstab
+  environment.systemPackages = with pkgs; [
-
+    mergerfs
-  # /mnt/disk1:/mnt/disk2:/mnt/disk3 /mnt/storage mergerfs direct_io,use_ino,allow_other,minfreespace=50G,fsname=mergerfs,category.create=mfs,func.mkdir=epall 0 0
+    mergerfs-tools
    python3
  ];
  fileSystems."/mnt/storage" = {
    device = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
-    fsType = "mergerfs";
+    fsType = "fuse.mergerfs";
    depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
    options = [
      "direct_io"
@ -65,19 +67,6 @@ in {
    ];
  };
  # auto-generated-config: looks sus
  # fileSystems."/mnt/storage" =
  #   { device = "mergerfs";
  #     fsType = "fuse.mergerfs";
  #   };
  #
  # fileSystems."/srv/nfs/Media" =
  #   { device = "/mnt/storage/media";
  #     fsType = "none";
  #     options = [ "bind" ];
  #   };
  swapDevices = [
    {device = "/dev/disk/by-uuid/27ad4809-211f-4ae9-90da-d17d9c1df271";}
  ];
@ -89,6 +78,7 @@ in {
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
  networking.firewall.allowedTCPPorts = [ 22 53 80 443 ];
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -100,6 +90,9 @@ in {
    }
  ];
  networking.hostName = "alpine";
  networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];
  services.snapraid = {
    enable = true;
    contentFiles = [
@ -118,4 +111,60 @@ in {
      "/mnt/parity1/SnapRAID.parity"
    ];
  };
  virtualisation = {
    podman = {
      enable = true;
    };
  };
  services.openssh = {
    enable = true;
    openFirewall = true;
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "tristans.cloud" = {
        forceSSL = true;
        enableACME = true;
        root = "/srv/www/tristans.cloud";
      };
      "git.tristans.cloud" = {
        forceSSL = true;
        enableACME = true;
        locations."~".proxyPass = "http://localhost:3000";
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "tristan@tristans.cloud";
  };
  services.ddclient = {
    # enable = true;
    protocol = "duckdns";
    use = "if, if=enp4s0";
    ssl = true;
    username = "";
    passwordFile = "/home/tristan/duckdnstoken";
    domains = ["tlbean"];
  };
  services.forgejo = {
    enable = true;
    dump.enable = true;
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = "git.tristans.cloud";
      };
      service = {
        DISABLE_REGISTRATION = true;
      };
    };
  };
 }
--- a/home/default.nix
+++ b/home/default.nix
@ -7,14 +7,14 @@
 # https://nix-community.github.io/home-manager/options.xhtml
 {
  imports = [
-    ./modules/terminal.nix
+    # ./modules/terminal.nix
-    ./modules/scripts.nix
+    # ./modules/scripts.nix
-    ./modules/email.nix
+    # ./modules/email.nix
-    ./modules/mpd.nix
+    # ./modules/mpd.nix
-    ./modules/menu.nix
+    # ./modules/menu.nix
-    ./modules/scripts.nix
+    # ./modules/scripts.nix
-    ./programs/scripts.nix
+    # ./programs/scripts.nix
    ./programs/neovim/.
    ./programs/helix.nix
    ./programs/git.nix
@ -25,13 +25,13 @@
    }
  ];
-  programs.menu = {
+  # programs.menu = {
-    package = pkgs.tofi;
+  #   package = pkgs.tofi;
-    dmenuCommand = "${pkgs.tofi}/bin/tofi --fuzzy-match true";
+  #   dmenuCommand = "${pkgs.tofi}/bin/tofi --fuzzy-match true";
-    drunCommand = "${pkgs.tofi}/bin/tofi-drun --drun-launch true";
+  #   drunCommand = "${pkgs.tofi}/bin/tofi-drun --drun-launch true";
-  };
+  # };
-  roles.mpd.enable = true;
+  # roles.mpd.enable = true;
  programs.home-manager.enable = true;
@ -51,17 +51,17 @@
    mosh
    ripgrep
    usbutils
-    wl-clipboard
+    # wl-clipboard
    du-dust
    htop
    libsixel
    yt-dlp
    ytfzf
-    playerctl
+    # playerctl
    neofetch
    tree
    ansible
-    quickemu
+    # quickemu
  ];
  services.udiskie = {
@ -91,30 +91,30 @@
    };
  };
-  home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/Vanilla-DMZ";
+  # home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/Vanilla-DMZ";
-  home.file.".config/pipewire/pipewire.conf.d/raop-discover.conf".text = ''
+  # home.file.".config/pipewire/pipewire.conf.d/raop-discover.conf".text = ''
-    context.modules = [
+  #   context.modules = [
-      {
+  #     {
-        name = libpipewire-module-raop-discover
+  #       name = libpipewire-module-raop-discover
-        args = { }
+  #       args = { }
-      }
+  #     }
-    ]
+  #   ]
-  '';
+  # '';
-  services.kdeconnect = {
+  # services.kdeconnect = {
-    enable = true;
+  #   enable = true;
-    indicator = true;
+  #   indicator = true;
-  };
+  # };
-  programs.pandoc = {
+  # programs.pandoc = {
-    enable = true;
+  #   enable = true;
-    defaults = {
+  #   defaults = {
-      metadata = {
+  #     metadata = {
-        author = "Tristan Beedell";
+  #       author = "Tristan Beedell";
-      };
+  #     };
-      pdf-engine = "xelatex";
+  #     pdf-engine = "xelatex";
-    };
+  #   };
-  };
+  # };
  programs.direnv.enable = true;
 }