diff options
Diffstat (limited to 'users/wpcarro/nixos/socrates')
-rw-r--r-- | users/wpcarro/nixos/socrates/default.nix | 217 | ||||
-rw-r--r-- | users/wpcarro/nixos/socrates/hardware.nix | 30 |
2 files changed, 0 insertions, 247 deletions
diff --git a/users/wpcarro/nixos/socrates/default.nix b/users/wpcarro/nixos/socrates/default.nix deleted file mode 100644 index 6284977af69f..000000000000 --- a/users/wpcarro/nixos/socrates/default.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ pkgs, depot, ... }: - -{ - imports = [ ./hardware.nix ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking = { - hostName = "socrates"; - # The global useDHCP flag is deprecated, therefore explicitly set to false - # here. Per-interface useDHCP will be mandatory in the future, so this - # generated config replicates the default behaviour. - useDHCP = false; - networkmanager.enable = true; - interfaces.enp2s0f1.useDHCP = true; - interfaces.wlp3s0.useDHCP = true; - firewall.allowedTCPPorts = [ 9418 80 443 6697 ]; - }; - - time.timeZone = "UTC"; - - programs.fish.enable = true; - programs.mosh.enable = true; - - environment.systemPackages = with pkgs; [ - curl - direnv - emacs26-nox - gnupg - htop - pass - vim - certbot - tree - git - ]; - - users = { - # I need a git group to run the git server. - groups.git = {}; - - users.wpcarro = { - isNormalUser = true; - extraGroups = [ "git" "wheel" ]; - shell = pkgs.fish; - }; - - users.git = { - group = "git"; - isNormalUser = false; - }; - }; - - nix = { - nixPath = []; - trustedUsers = [ "root" "wpcarro" ]; - }; - - ############################################################################## - # Services - ############################################################################## - - systemd.services.bitlbee-stunnel = { - description = "Provides TLS termination for Bitlbee."; - wantedBy = [ "multi-user.target" ]; - unitConfig = { - Restart = "always"; - User = "nginx"; # This is a hack to easily get certificate access. - }; - script = let configFile = builtins.toFile "stunnel.conf" '' - foreground = yes - debug = 7 - - [ircs] - accept = 0.0.0.0:6697 - connect = 6667 - cert = /var/lib/acme/wpcarro.dev/full.pem - ''; in "${pkgs.stunnel}/bin/stunnel ${configFile}"; - }; - - nixpkgs.config.bitlbee.enableLibPurple = true; - services.bitlbee = { - interface = "0.0.0.0"; - enable = true; - libpurple_plugins = [ - pkgs.telegram-purple - ]; - }; - - services.journaldriver = { - enable = true; - logStream = "home"; - googleCloudProject = "wpcarros-infrastructure"; - applicationCredentials = "/etc/gcp/key.json"; - }; - - services.openssh.enable = true; - - services.gitea = { - enable = true; - # Without this the links to clone a repository like briefcase will be - # "http://localhost:3000/wpcarro/briefcase". - rootUrl = "https://git.wpcarro.dev/"; - }; - - services.buildkite-agents = { - socrates = { - enable = true; - tokenPath = "/etc/secrets/buildkite-agent-token"; - privateSshKeyPath = "/etc/ssh/buildkite_agent_id_rsa"; - }; - }; - - systemd.services.zoo = { - enable = true; - description = "Run my monoserver"; - script = "${depot.users.wpcarro.zoo}/zoo"; - environment = {}; - serviceConfig = { - Restart = "always"; - }; - }; - - services.gitDaemon = { - enable = true; - basePath = "/srv/git"; - exportAll = true; - repositories = [ "/srv/git/briefcase" ]; - }; - - # Since I'm using this laptop as a server in my flat, I'd prefer to close its - # lid. - services.logind.lidSwitch = "ignore"; - - security.polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - polkit.log("subject.user: " + subject.user + " is attempting action.id: " + action.id); - }); - ''; - - # Provision SSL certificates to support HTTPS connections. - security.acme.acceptTerms = true; - security.acme.email = "wpcarro@gmail.com"; - - services.nginx = { - enable = true; - enableReload = true; - - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - commonHttpConfig = '' - log_format json_combined escape=json - '{' - '"remote_addr":"$remote_addr",' - '"method":"$request_method",' - '"host":"$host",' - '"uri":"$request_uri",' - '"status":$status,' - '"request_size":$request_length,' - '"response_size":$body_bytes_sent,' - '"response_time":$request_time,' - '"referrer":"$http_referer",' - '"user_agent":"$http_user_agent"' - '}'; - - access_log syslog:server=unix:/dev/log,nohostname json_combined; - ''; - - virtualHosts = { - "wpcarro.dev" = { - addSSL = true; - enableACME = true; - root = depot.users.wpcarro.website; - }; - "learn.wpcarro.dev" = { - addSSL = true; - enableACME = true; - root = depot.users.wpcarro.website.learn; - }; - "git.wpcarro.dev" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:3000"; - }; - }; - "blog.wpcarro.dev" = { - addSSL = true; - enableACME = true; - root = depot.users.wpcarro.website.blog; - }; - # "sandbox.wpcarro.dev" = { - # addSSL = true; - # enableACME = true; - # root = depot.users.wpcarro.website.sandbox; - # }; - # "learnpianochords.app" = { - # addSSL = true; - # enableACME = true; - # root = depot.users.wpcarro.website.sandbox.learnpianochords; - # }; - "zoo.wpcarro.dev" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:8000"; - }; - }; - }; - }; - - system.stateVersion = "20.09"; -} diff --git a/users/wpcarro/nixos/socrates/hardware.nix b/users/wpcarro/nixos/socrates/hardware.nix deleted file mode 100644 index dde14eb1e627..000000000000 --- a/users/wpcarro/nixos/socrates/hardware.nix +++ /dev/null @@ -1,30 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/aadf1a77-1e98-4b5f-8e74-abf8e77bda34"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/1613-35B9"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 2; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} |