diff --git a/README.md b/README.md index fac2ee8..95924a0 100644 --- a/README.md +++ b/README.md @@ -54,10 +54,6 @@ sudo nixos-rebuild switch --flake . 4. Commit your Changes if satisfied `git commit -m "Added Software hello-world"` 5. Then Push your Changes to the Remote, so that other systems can update `git push` -## Used Work - -[Server Icon](./assets/server-solid.svg) © [FontAwesome](https://fontawesome.com) under the [CC BY 4.0 License](https://creativecommons.org/licenses/by/4.0/) - ## License [MIT © kB01](./LICENSE) diff --git a/assets/LANA9Z.jpeg b/assets/LANA9Z.jpeg deleted file mode 100644 index 936ac46..0000000 Binary files a/assets/LANA9Z.jpeg and /dev/null differ diff --git a/assets/server-solid.svg b/assets/server-solid.svg deleted file mode 100644 index dde4a54..0000000 --- a/assets/server-solid.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/homes/aarch64-linux/master@kb-senfnvp/default.nix b/homes/aarch64-linux/master@kb-senfnvp/default.nix deleted file mode 100644 index 68b5e31..0000000 --- a/homes/aarch64-linux/master@kb-senfnvp/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, pkgs, lib, inputs, ... }: -{ - home.username = "master"; - home.homeDirectory = "/home/master"; - home.packages = with pkgs; [ - fastfetch - btop - sops - ]; - - # SSH Configuration - programs.ssh.enable = true; - programs.ssh.matchBlocks."kb01@kb-one-git" = { - host = "git.kb-one.de"; - user = "git"; - identityFile = "/home/master/.ssh/kb01@kb-one-git"; - port = 9522; - }; - - home.stateVersion = "24.05"; # NEVER CHANGE!!! -} - diff --git a/modules/nixos/services/binary-cache/default.nix b/modules/nixos/services/binary-cache/default.nix deleted file mode 100644 index 49da36a..0000000 --- a/modules/nixos/services/binary-cache/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - cfg = config.services.binary-cache; -in -{ - imports = [ - ]; - - options.services.binary-cache = { - enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured Binary-Cache"; - }; - }; - - config = lib.mkIf cfg.enable { - services.nix-serve = { - enable = true; - secretKeyFile = "/var/secrets/cache-game01-private-key.pem"; - }; - - # Configure Reverse-Proxy - services.traefik.dynamicConfigOptions = { - http.services.nix-cache.loadBalancer.servers = [ { url = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}/"; } ]; - http.routers.nix-cache.entrypoints = "websecure"; - # http.routers.nix-cache.tls = true; - http.routers.nix-cache.tls.certresolver = "letsencrypt"; - http.routers.nix-cache.rule = "Host(`cache.game01.kb-one.de`)"; - http.routers.nix-cache.service = "nix-cache"; - }; - - }; -} - diff --git a/modules/nixos/services/forgejo-runner/default.nix b/modules/nixos/services/forgejo-runner/default.nix deleted file mode 100644 index 0888183..0000000 --- a/modules/nixos/services/forgejo-runner/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - cfg = config.services.forgejo-runner; -in -{ - options.services.forgejo-runner = { - enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Forgejo Runners"; - }; - }; - config = lib.mkIf (cfg.enable) { - # services.gitea-actions-runner.package = pkgs.forgejo-runner; - # services.gitea-actions-runner.instances."kb-one-runner@games-01" = { - # enable = true; - # name = "kb-one-runner@games-01"; - # url = "https://git.kb-one.de/"; - # tokenFile = "/opt/secrets/kb-one-runner@games-01_token"; - # labels = [ - # # provide a debian base with nodejs for actions - # "debian-latest:docker://node:18-bullseye" - # # fake the ubuntu name, because node provides no ubuntu builds - # "ubuntu-latest:docker://node:18-bullseye" - # # provide native execution on the host - # "native:host" - # ]; - # hostPackages = with pkgs; [ - # bash - # coreutils - # curl - # gawk - # gitMinimal - # gnused - # nodejs - # wget - # nix - # ]; - # }; - - # systemd.services.forgejo-runner = { - # wantedBy = [ "multi-user.target" ]; - # after = [ "docker.service" ]; - # description = ""; - # serviceConfig = { - # Type = "notify"; - # User = "runner"; - # WorkingDirectory = "/home/runner"; - # ExecStart = ''${pkgs.forgejo-runner}/bin/forgejo-runner deamon''; - # ExecStop = ''/bin/kill -s HUP $MAINPID''; - # Restart = "on-failure"; - # TimeoutSec = 0; - # RestartSec = 10; - # }; - # }; - - # users.users.runner = { - # isNormalUser = true; - # }; - - # environment.systemPackages = [ pkgs.forgejo-runner ]; - - # virtualisation.podman.enable = true; - # virtualisation.podman.defaultNetwork.settings.dns_enabled = true; - # virtualisation.podman.dockerCompat = true; - - virtualisation.docker.enable = true; - virtualisation.oci-containers.backend = "docker"; - - virtualisation.oci-containers.containers."docker-in-docker" = { - image = "docker:dind"; - hostname = "docker"; - extraOptions = [ "--privileged" "--network=kb-forgejo-runner" ]; - cmd = [ "dockerd" "-H" "tcp://docker:42349" "--tls=false" ]; - }; - virtualisation.oci-containers.containers."forgejo-runner" = { - image = "code.forgejo.org/forgejo/runner:4.0.0"; - hostname = "forgejo-runner"; - extraOptions = [ "--network=kb-forgejo-runner" ]; - environment.DOCKER_HOST = "tcp://docker:42349"; - user = "1001:1001"; - volumes = [ "forgejo-runner-data:/data" ]; - cmd = [ "/bin/sh" "-c" "sleep 5; forgejo-runner daemon" ]; - }; - }; -} - diff --git a/modules/nixos/services/minecraft/README.md b/modules/nixos/services/minecraft/README.md deleted file mode 100644 index ff3215a..0000000 --- a/modules/nixos/services/minecraft/README.md +++ /dev/null @@ -1,10 +0,0 @@ -# Minecraft Server Configuration - -Details about the Minecraft Module. - -## Installation - -1. Rebuild switch configuration -2. Create Database Structure - 1. New Database `sudo mysql -u root < /run/secrets/rendered/minecraft/database/database-init.sql` - 2. Restore Backup `sudo mysql -u root < path/to/backup.sql` diff --git a/modules/nixos/services/minecraft/database.nix b/modules/nixos/services/minecraft/database.nix deleted file mode 100644 index f530f8d..0000000 --- a/modules/nixos/services/minecraft/database.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.services.minecraft; -in -{ - config = lib.mkIf (cfg.enable && (cfg.servers.velocity.enable || cfg.servers.survival.enable)) { - services.mysql = { - package = pkgs.mariadb; - enable = true; - settings.mysqld.port = 3459; - }; - sops.secrets."minecraft/database/luckperms_password" = { sopsFile = ./secrets.yaml; }; - sops.templates."minecraft/database/database-init.sql".content = '' - CREATE DATABASE 'luckperms'; - CREATE USER 'luckperms'@'localhost'; - GRANT ALL PRIVILEGES ON luckperms.* TO 'luckperms'@'localhost' IDENTIFIED BY '${config.sops.placeholder."minecraft/database/luckperms_password"}'; - ''; - # services.mysqlBackup.databases = [ "luckperms" ]; # Add Luckperms Database to Backups - }; -} diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix deleted file mode 100644 index 25284c2..0000000 --- a/modules/nixos/services/minecraft/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - cfg = config.services.minecraft; -in -{ - imports = [ - inputs.nix-minecraft.nixosModules.minecraft-servers - ./vanilla-test.nix - ./survival.nix - ./velocity.nix - ./database.nix - ]; - - options.services.minecraft = { - enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable kBs Minecraft Servers"; - }; - servers.vanilla.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "test server"; - }; - servers.survival.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Survival Server"; - }; - servers.velocity.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Velocity Proxy Server"; - }; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "minecraft-server" - ]; - services.minecraft-servers = { - enable = true; - eula = true; - }; - - - }; -} - diff --git a/modules/nixos/services/minecraft/secrets.yaml b/modules/nixos/services/minecraft/secrets.yaml deleted file mode 100644 index 30a3e9c..0000000 --- a/modules/nixos/services/minecraft/secrets.yaml +++ /dev/null @@ -1,23 +0,0 @@ -minecraft: - database: - luckperms_password: ENC[AES256_GCM,data:Gnt/SilH7q4t1NzCeaqCc6nxso9cWt7b/KXCxzrDdR1LAnmex3QL5Q==,iv:PrTkXcMPPyfJkAKxSKUkaPbYcH+9n6W7MPcTR5e4L8g=,tag:sxDdUHyN+fCIi4g0K+oQIw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age165jt2q3uxp79k4jfsegnq7ul9j54l2rqsn87rq0qjkcv3y5krcmqsznyw7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBScTUyNFBNdHFwd1pudWNK - Y2F2aXFLYmh4RURJLy9mMisxMU96VGRiU2hjCjdSZmxLRFF6OVpFNy9iQ0NLdytl - UHdSaUVtMnlWQ3d1ZnluNXVHOWdoalkKLS0tIDBxVGdaZWhTclJWZ3FwZHRHSTN1 - RDhlN1JjWW1XZERLWExRSTlDN3ZjZkEKMiQaUezdBcWOH82Sk451PdB54SzYwcXY - YkjGp+bB7rIz07no68Xl4qmO+/iHKSFlPvG4jR/j4ZaNYiU9aeldLA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-17T14:22:01Z" - mac: ENC[AES256_GCM,data:BlLD3wEezCCA9t1X4xmy9lfT3ztsR3dknio78Si9v3UJmpJSOpwJ/VhU5RRbMzL1EyOrU1abEr6em83s6LRq87fwso1j6asOavELT5WOfl6f5CU2iK8nQGWZCFeR+09d9hVI+AAH9farpgTDd5sHfUFPCKEaGwuTenpeF4Tonak=,iv:JYoHMIPkT+Dv3GZlp1wt7wlU7IYL6erd/u0cuclB0Ow=,tag:XD8pd/GCrdLRvdEFBgowJA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/modules/nixos/services/minecraft/survival.nix b/modules/nixos/services/minecraft/survival.nix deleted file mode 100644 index f1e0879..0000000 --- a/modules/nixos/services/minecraft/survival.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.services.minecraft; -in -{ - config = lib.mkIf (cfg.enable && cfg.servers.survival.enable) { - services.minecraft-servers.servers."survival" = { - enable = true; - autoStart = true; - enableReload = true; - package = pkgs.paperServers.paper-1_21_4; - serverProperties = { - online-mode = false; - server-ip = "127.0.0.1"; - server-port = 49333; - difficulty = 3; - gamemode = 1; - max-players = 5; - }; - openFirewall = false; # Should use Velocity Player Proxy - - # Add Plugins - symlinks = { - "plugins/LuckPerms.jar" = pkgs.fetchurl { - url = "https://download.luckperms.net/1567/bukkit/loader/LuckPerms-Bukkit-5.4.150.jar"; - sha512 = "39cr9nd68afrrvn80kvdgaml37xkj3mzhv50y3app5j1199hg12kls29r49x06p9rxm6dk7i0j8aww2hw4ahm18andb69a5kp97vf94"; - }; - }; - - # Configure Velocity Modern forwarding https://docs.papermc.io/velocity/player-information-forwarding#configuring-modern-forwarding-for-paper - files."spigot.yml".value = { - settings.bungeecord = false; - }; - files."config/paper-global.yml".value = { - proxies.velocity.enabled = true; - proxies.velocity.online-mode = "online-mode"; - forwarding.secret = ""; # TODO: Add Forewarding Secret using Sops - }; - }; - }; -} - diff --git a/modules/nixos/services/minecraft/vanilla-test.nix b/modules/nixos/services/minecraft/vanilla-test.nix deleted file mode 100644 index 4a2474e..0000000 --- a/modules/nixos/services/minecraft/vanilla-test.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.services.minecraft; -in -{ - config = lib.mkIf (cfg.enable && cfg.servers.vanilla.enable) { - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "minecraft-server" - ]; - - services.minecraft-servers.servers."vanilla-test" = { - enable = true; - autoStart = true; - enableReload = true; - package = pkgs.vanillaServers.vanilla; - whitelist = { - kB01guy = "1ff88b66-beda-4386-85b9-a00a5c27437a"; - }; - openFirewall = true; - }; - }; -} - diff --git a/modules/nixos/services/minecraft/velocity.nix b/modules/nixos/services/minecraft/velocity.nix deleted file mode 100644 index 3ab1b26..0000000 --- a/modules/nixos/services/minecraft/velocity.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.services.minecraft; -in -{ - config = lib.mkIf (cfg.enable && cfg.servers.velocity.enable) { - - # Configure Server - services.minecraft-servers.servers."velocity" = { - enable = true; - autoStart = true; - enableReload = true; - stopCommand = "end"; - package = pkgs.velocityServers.velocity; - symlinks = { - "plugins/LuckPerms.jar" = pkgs.fetchurl { - url = "https://download.luckperms.net/1567/velocity/LuckPerms-Velocity-5.4.150.jar"; - sha512 = "3dr69g2fbav3if44nmifgz7hn86gdf62hcks92kkvwxf4xa3z7x615j426kgljyhgy84hf75wzpai258mg7dj9x17vpkn634kkzwmw6"; - }; - "plugins/Geyser-Velocity.jar" = pkgs.fetchurl { - url = "https://download.geysermc.org/v2/projects/geyser/versions/2.6.0/builds/730/downloads/velocity"; - sha512 = "3shnm8q8vq8j44xxg4qwqwalw6ml9nkzfrzvv8pkblkjp25nfk3h14b4y9vdim1sa2a18mkf8hmhb16g1mka2rh7l0z0yg4kh3lj2i0"; - }; - "plugins/floodgate-velocity.jar" = pkgs.fetchurl { - url = "https://download.geysermc.org/v2/projects/floodgate/versions/2.2.3/builds/114/downloads/velocity"; - sha512 = "1k7qban3gar0fxxi5kp5i8d72k6ck65cvsfbg4nh8bz40jwqn35fx9gj3zbb06x5l8sg6qxl7w2nsn3jan4hjq7m5lwf2c1l1mjaw81"; - }; - "plugins/LibreLogin.jar" = pkgs.fetchurl { - url = "https://modrinth.com/plugin/libre-login/version/0.23.0"; - sha512 = "1wrnp82vv47hhvjp1lxdndmngndykshi7iindnpg61j0v7i8bdgr9rk5qvanvw95gcj59cnhxdmjynq8fm127n4gv53acdidlxz39sd"; - }; - }; - files = { - "velocity.toml".value = { - config-version = "2.7"; # NEVER change this! - bind = "0.0.0.0:25565"; - online-mode = false; - player-info-forwarding-mode = "modern"; - enable-player-address-logging = false; - # servers.lobby = ""; - servers.survival = "127.0.0.1:${toString config.services.minecraft-servers.servers."survival".serverProperties.server-port}"; - servers.lobby = "127.0.0.1:123"; - servers.try = [ - #"lobby" - "survival" - ]; - forced-hosts."lobby.example.com" = [ "lobby" ]; - advanced.tcp-fast-open = true; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ 25565 ]; - - # Configure Plugin Luckperms - sops.templates."minecraft/velocity/plugin/luckperms/config.yml".path = "/srv/minecraft/velocity/plugins/luckperms/config.yml"; - sops.templates."minecraft/velocity/plugin/luckperms/config.yml".owner = config.services.minecraft-servers.user; - sops.templates."minecraft/velocity/plugin/luckperms/config.yml".content = lib.generators.toYAML { } { # Unfortunately currently lib.generators.toYAML generates JSON, and the File will not be Human readable - storage-method = "mariadb"; - data.address = "localhost:${toString config.services.mysql.settings.mysqld.port}"; - data.database = "luckperms"; - data.username = "luckperms"; - data.password = ''${config.sops.placeholder."minecraft/database/luckperms_password"}''; # Secret created in ./database.nix - }; - }; -} - diff --git a/modules/nixos/services/traefik-proxy/default.nix b/modules/nixos/services/traefik-proxy/default.nix deleted file mode 100644 index e4e6f7e..0000000 --- a/modules/nixos/services/traefik-proxy/default.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ inputs, config, lib, pkgs, ... }: -let - cfg = config.services.traefik-proxy; -in -{ - imports = [ - ]; - - options.services.traefik-proxy = { - enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Pre-Configured Traefik Proxy"; - }; - }; - - config = lib.mkIf (cfg.enable || - config.services.binary-cache.enable || - config.suites.nas.media.enable) { - services.traefik = { - enable = true; - staticConfigOptions = { - entryPoints = { - web = { - address = ":80"; - asDefault = true; - http.redirections.entrypoint = { - to = "websecure"; - scheme = "https"; - }; - }; - websecure = { - address = ":443"; - asDefault = true; - http.tls.certResolver = "letsencrypt"; - }; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - # Configure Letsencrypt - services.traefik.staticConfigOptions = { - certificatesResolvers.letsencrypt.acme = { - email = "kb01@kb-one.de"; - tlsChallenge = {}; - storage = "/var/secrets/traefik/acme.json"; - }; - }; - - }; -} - diff --git a/modules/nixos/suites/nas/default.nix b/modules/nixos/suites/nas/default.nix deleted file mode 100644 index f6ab990..0000000 --- a/modules/nixos/suites/nas/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.nas; -in -{ - imports = [ - ./jellyfin.nix - ./kavita.nix - ]; - options.suites.nas.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured NAS Config"; - }; - options.suites.nas.domain = lib.mkOption { - type = with lib.types; string; - default = "localhost"; - description = "NAS Reachable Domain Name"; - }; - options.suites.nas.media.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = true; - description = "Enable Media Servers"; - }; - options.suites.nas.media.folder = lib.mkOption { - type = with lib.types; str; - default = "/home/media/media"; - description = "Media Root Directory"; - }; - - # Media Config - config = lib.mkIf (cfg.enable && cfg.media.enable) { - - # Media Defaults - suites.nas.media.jellyfin.enable = true; - suites.nas.media.kavita.enable = false; - - # Create Media User - users.groups.media = {}; - users.users.media = { - isSystemUser = true; - createHome = true; - description = "Media User"; - group = "media"; - home = "/home/media"; - }; - - }; - - -} - diff --git a/modules/nixos/suites/nas/jellyfin.nix b/modules/nixos/suites/nas/jellyfin.nix deleted file mode 100644 index 8537137..0000000 --- a/modules/nixos/suites/nas/jellyfin.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.nas.media.jellyfin; -in -{ - options.suites.nas.media.jellyfin.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured Jellyfin Config"; - }; - options.suites.nas.media.jellyfin.subdomain = lib.mkOption { - type = with lib.types; string; - default = "watch"; - description = "Subdomain for Jellyfin Server"; - }; - - config = lib.mkIf (cfg.enable) { - - services.jellyfin.enable = true; - services.jellyfin.user = "media"; - - # Configure Reverse-Proxy - services.traefik.dynamicConfigOptions = { - http.services.jellyfin.loadBalancer.servers = [ { url = "http://localhost:8096/"; } ]; - http.routers.jellyfin.entrypoints = "websecure"; - http.routers.jellyfin.tls = true; - #http.routers.jellyfin.tls.certresolver = "letsencrypt"; - http.routers.jellyfin.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; - http.routers.jellyfin.service = "jellyfin"; - }; - - }; -} - diff --git a/modules/nixos/suites/nas/kavita.nix b/modules/nixos/suites/nas/kavita.nix deleted file mode 100644 index d6d9a24..0000000 --- a/modules/nixos/suites/nas/kavita.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.nas.media.kavita; -in -{ - options.suites.nas.media.kavita.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enable Preconfigured kavita Config"; - }; - options.suites.nas.media.kavita.subdomain = lib.mkOption { - type = with lib.types; string; - default = "read"; - description = "Kavita Subdomain"; - }; - - config = lib.mkIf (cfg.enable) { - - services.kavita.enable = true; - services.kavita.user = "media"; - services.kavita.tokenKeyFile = "/home/media/secrets/kavita-secret"; - - # Configure Reverse-Proxy - services.traefik.dynamicConfigOptions = { - http.services.kavita.loadBalancer.servers = [ { url = "http://localhost:5000/"; } ]; - http.routers.kavita.entrypoints = "websecure"; - http.routers.kavita.tls = true; - #http.routers.kavita.tls.certresolver = "letsencrypt"; - http.routers.kavita.rule = "Host(`${cfg.subdomain}.${config.suites.nas.domain}`)"; - http.routers.kavita.service = "kavita"; - }; - - }; -} - diff --git a/modules/nixos/suites/senfnvp/README.md b/modules/nixos/suites/senfnvp/README.md deleted file mode 100644 index b450baf..0000000 --- a/modules/nixos/suites/senfnvp/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Senfnvp Stack - -The Senfnvp Stack contains Web Infra-structure. - - -## Notes - -``` nix -senfnvp = { - enable = true; - hostname = "senfnvp.kb-one.de"; - - # Defaults - proxy.enable = true; - website.enable = true; - forgejo.enable = true; - forgejo.initializeDatabase = false; # Only use once! - forgejo.enableFail2Ban = true; - keycloak.enable = true; - keycloak.initializeDatabase = false; # Only use once! - docker-compose.enable = true; # Configuration for Docker-Compose support for Mailcow -}; -``` - -### The Database - -The Database Server is enabled when when you enable the Stack itself. -When you Activate a Service you might want to Edit the File at `./database/init-servicename.template.sql`. If you have a Database-Dump, place it there with the Naming-Sheme `./database/init-servicename.sql`. When creating a new Setup you can just run `cp init-servicename.template.sql init-servicename.sql` to use the template. The template only creates the Database, User and Password and lets it to the Service create its Tables. - -Basically the order is like this: -- Create Secrets `sops ./secrets.yaml` -- Apply Template `cp ./database/init-forgejo.template.sql ./database/init-forgejo.sql` -- Initialize ´forgejo.enable = true; forgejo.initializeDatabase = true;` -- Apply config `nixos-rebuild switch --flake .` -- Wait for Initialisation -- Wait! Dumps will take time! -- Enable Production `forgejo.enable = true; forgejo.initializeDatabase = false;` -- Apply config `nixos-rebuild switch --flake .` -- diff --git a/modules/nixos/suites/senfnvp/default.nix b/modules/nixos/suites/senfnvp/default.nix deleted file mode 100644 index 4a92d82..0000000 --- a/modules/nixos/suites/senfnvp/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.senfnvp; -in -{ - imports = [ - ./website.nix - ./forgejo.nix - ]; - options.suites.senfnvp.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = false; - description = "Enables the senfnvp Stack"; - }; - options.suites.senfnvp.hostname = lib.mkOption { - type = with lib.types; string; - default = "kb-one.de"; - description = "Hostname of senfnvp Stack"; - }; - options.suites.senfnvp.database.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = true; - description = "Enable senfnvp Database"; - }; - options.suites.senfnvp.proxy.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = true; - description = "Enable senfnvp Proxy"; - }; - - config = lib.mkIf (cfg.enable) { - - containers.proxy = lib.mkIf (cfg.enable && cfg.proxy.enable) { - autoStart = true; - config = { config, pkgs, lib, ... }: { - services.traefik = { - enable = true; - staticConfigOptions = { - entryPoints = { - web = { - address = ":80"; - asDefault = true; - http.redirections.entrypoint = { - to = "websecure"; - scheme = "https"; - }; - }; - websecure = { - address = ":443"; - asDefault = true; - http.tls.certResolver = "letsencrypt"; - }; - git-ssh.address = ":9522"; - }; - certificatesResolvers.letsencrypt.acme = { - tlsChallenge = {}; - storage = "/var/secrets/traefik/acme.json"; - }; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 9522]; - }; - }; - - # Core Container - # A Guide to Nix Containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html - containers.core = { - autoStart = true; - privateNetwork = true; - config = { config, pkgs, lib, ... }: { - }; - }; - - }; -} - - diff --git a/modules/nixos/suites/senfnvp/forgejo.nix b/modules/nixos/suites/senfnvp/forgejo.nix deleted file mode 100644 index 3a559dc..0000000 --- a/modules/nixos/suites/senfnvp/forgejo.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.senfnvp; -in -{ - options.suites.senfnvp.forgejo.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = true; - description = "Enable Forgejo"; - }; - options.suites.senfnvp.forgejo.sshPort = lib.mkOption { - type = with lib.types; port; - default = 9522; - description = "Forgejo SSH Port"; - }; - options.suites.senfnvp.forgejo.httpPort = lib.mkOption { - type = with lib.types; port; - default = 3000; - description = "Forgejo http Port"; - }; - - config = lib.mkIf (cfg.enable && cfg.forgejo.enable) { - containers.forgejo = { - autoStart = true; - config = { - services.forgejo = { - enable = !cfg.forgejo.initializeDatabase; - settings.server = { - ROOT_URL = "git.${cfg.hostname}"; - SSH_PORT = cfg.forgejo.sshPort; - HTTP_PORT = cfg.forgejo.httpPort; - }; - database = { - type = "postgres"; - #host = "127.0.0.1"; # default Value - port = cfg.database.port; - #name = "forgejo"; # default Value - #user = "forgejo"; # default Value - passwordFile = ""; - }; - }; - }; - }; - }; -} - - diff --git a/modules/nixos/suites/senfnvp/website.nix b/modules/nixos/suites/senfnvp/website.nix deleted file mode 100644 index e411027..0000000 --- a/modules/nixos/suites/senfnvp/website.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - inputs, - config, - lib, - pkgs, - system, - ... -}: -let - cfg = config.suites.senfnvp; -in -{ - options.suites.senfnvp.website.enable = lib.mkOption { - type = with lib.types; uniq bool; - default = true; - description = "Enable senfnvp Website (kb-one.de)"; - }; - options.suites.senfnvp.website.httpPort = lib.mkOption { - type = with lib.types; port; - default = 8080; - description = "Website HTTP Port"; - }; - - config = lib.mkIf (cfg.enable && cfg.website.enable) { - containers.website = { - autoStart = true; - config = { - services.nginx.enable = true; - services.nginx.virtualHosts."${cfg.hostname}" = { - root = "/var/www/${cfg.hostname}"; - listen = [{ - addr = "127.0.0.1"; - port = cfg.website.httpPort; - }]; - }; - }; - }; - }; -} - - diff --git a/systems/README.md b/systems/README.md index a4a054f..b34cdbd 100644 --- a/systems/README.md +++ b/systems/README.md @@ -1,32 +1,5 @@ # Systems -## [LANA9Z](./x86_64-linux/LANA9Z) - - - - - -
- - - - - - - - - - - - - - - - - -
Userkb@LANA9Z
CpuIntel i7-2640M, 2 Cores, max 3.50 GHz
Ram16 GB
DeviceMacBook Pro 2011 (MacBook Pro 8,1)
-
- ## [LoyAdjo](./x86_64-linux/LoyAdjo) @@ -139,60 +112,3 @@
-## [kb-game-01](./x86_64-linux/kb-game-01) - - - - - -
- - - - - - - - - - - - - - - - - -
Usermaster@kb-game-01
CpuAMD EPYC 7702P, 4 / 64 Cores, max 3.35 GHz
Ram16 GB
DeviceKVM Server for Game-Servers (or Build-Server)
-
- -## [U3ncSovm](./x86_64-linux/U3ncSovm) - - - - - -
- - - - - - - - - - - - - - - - - - - - - -
Usermaster@U3ncSovm
Cpu...
Ram...
DeviceCustom NAS Server, currently under construction only as VM.
Build
nixos-rebuild build-vm --flake .#U3ncSovm
-
diff --git a/systems/aarch64-linux/kb-senfnvp/default.nix b/systems/aarch64-linux/kb-senfnvp/default.nix deleted file mode 100644 index c5647ba..0000000 --- a/systems/aarch64-linux/kb-senfnvp/default.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware.nix - ]; - - # Configure Nix - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users=[ "remotebuild" ]; - nix.package = pkgs.lix; - - # Networking - networking.hostName = "kb-senfnvp"; - networking.networkmanager.enable = true; - networking.nameservers = [ - "1.1.1.1" - ]; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "de"; - }; - - users.users.master = { # Managed by Homemanager - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJszrrdVHmMUdgOakyFNOIPV9BfopwflqivmK13Fmsab kb@Ohybke" - ]; - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; - - users.users.remotebuild = { - isNormalUser = true; - createHome = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9cwMXlbaBdg2gReSnLxH3EV5cyFoSi21f5fZhPfdC kb@Ohybke" - ]; - }; - - environment.systemPackages = with pkgs; [ - git - wget - vim - tree - fastfetch - ]; - - # Default Editor - programs.vim.enable = true; - programs.vim.defaultEditor = true; - - # SSH and Mosh - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - ports = [ 9553 ]; - openFirewall = true; - }; - programs.mosh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - - system.stateVersion = "24.11"; # NEVER CHANGE THIS !!!! - -} - diff --git a/systems/aarch64-linux/kb-senfnvp/hardware.nix b/systems/aarch64-linux/kb-senfnvp/hardware.nix deleted file mode 100644 index 1df4e24..0000000 --- a/systems/aarch64-linux/kb-senfnvp/hardware.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - # System - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" "sr_mod" "r8169" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - - # Boot Loader - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # SSH Remote Unlock - boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 7299; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6jJa135d46R9XgV7h5SfxALabycI5ZPN8kdSQbEkYM kb@Ohybke" ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" ]; - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - - # Disks - boot.initrd.luks.devices."luks-2d08047a-a014-480b-8a24-a70e20a2d7d7".device = "/dev/disk/by-uuid/2d08047a-a014-480b-8a24-a70e20a2d7d7"; - fileSystems."/" = { - device = "/dev/disk/by-uuid/9c1d9682-5cfb-4683-a789-f544fc6e7681"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/FEAA-61DA"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - - swapDevices = [ ]; - - # Networking - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; - -} diff --git a/systems/x86_64-iso/plasma6-64bit-iso/default.nix b/systems/x86_64-iso/plasma6-64bit-iso/default.nix deleted file mode 100644 index 814c73f..0000000 --- a/systems/x86_64-iso/plasma6-64bit-iso/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, modulesPath, lib, ... }: -{ - imports = [ - "${modulesPath}/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix" - ]; - -} diff --git a/systems/x86_64-linux/U3ncSovm/default.nix b/systems/x86_64-linux/U3ncSovm/default.nix deleted file mode 100644 index edcb219..0000000 --- a/systems/x86_64-linux/U3ncSovm/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - imports = [ # Include the results of the hardware scan. - ./hardware.nix - ]; - - # Configure Nix - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.package = pkgs.lix; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ "nodev" ]; - boot.loader.efi.canTouchEfiVariables = true; - - # Define your hostname. - networking.hostName = "U3ncSovm"; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Configure keymap in X11 - services.xserver.xkb.layout = "us"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.master = { - initialPassword = "test"; - openssh.authorizedKeys.keys = [ - ]; - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - tree - vim - fastfetch - ]; - }; - - # List packages installed in system profile. To search, run: - environment.systemPackages = with pkgs; [ - vim - wget - git - ]; - - # SSH and Mosh - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - ports = [ 5530 ]; - openFirewall = true; - }; - programs.mosh.enable = true; - - # Do NOT change this value - system.stateVersion = "24.05"; # Did you read the comment? -} - diff --git a/systems/x86_64-linux/U3ncSovm/hardware.nix b/systems/x86_64-linux/U3ncSovm/hardware.nix deleted file mode 100644 index 8dfb9e5..0000000 --- a/systems/x86_64-linux/U3ncSovm/hardware.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, modulesPath, inputs, ... }: -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - # Configure NixOS - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - # Boot Parameters - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "firewire_ohci" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" "wl" ]; - boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; - - # Filesystems - fileSystems."/" = { - device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; - fsType = "ext4"; - }; - boot.initrd.luks.devices."luks-00000000-0000-0000-0000-000000000000".device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/0000-0000"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; - swapDevices = [ - { - device = "/swapfile"; - size = 4*1024; - } - ]; - - # Network - networking.useDHCP = lib.mkDefault true; - - # Hardware - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - # Virtual Machine Configuration - virtualisation.vmVariant = { - # following configuration is added only when building VM with build-vm - virtualisation = { - memorySize = 4*1024; - cores = 3; - }; - }; - -} diff --git a/systems/x86_64-linux/kb-game-01/default.nix b/systems/x86_64-linux/kb-game-01/default.nix deleted file mode 100644 index 016d6be..0000000 --- a/systems/x86_64-linux/kb-game-01/default.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - imports = [ # Include the results of the hardware scan. - ./hardware.nix - ]; - - # Configure Nix - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.trusted-users=[ "remotebuild" ]; - nix.settings.trusted-public-keys = [ - "cache.HyperC:90YNJ0eWsuBGVVP989lJh1rL8C0KM6IKbAtEUiu+FCU=" - ]; - nix.package = pkgs.lix; - nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.efiSupport = true; - boot.loader.grub.devices = [ "nodev" ]; - boot.loader.efi.canTouchEfiVariables = true; - - # Define your hostname. - networking.hostName = "kb-game-01"; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Configure keymap in X11 - services.xserver.xkb.layout = "us"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.master = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKLbU0GpeqkYOsccsddQgZAppd5SFiokGAfjKr+dEEjY kb HyperC" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS3DoQe/4TtdTLD/Fl41rTjE0n5MyFMl59VGVejcskO kb voloxo" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpN/3esM0SFLJ2guCBOYX8IdBC+jUiMF+xPYkTEuzbe kb-work yerukall" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMN1LWMOfFtRKkSLIA/XTj3KYm7OG2bjqEmGXj0gmDc7 kb@LoyAdjo" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7W8FUUvM8rUGK6qV3XOIxR0y/pdyo9z5HZNzOADs5+ kb@Rubtrm" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgfAxGyxjNOZyuUZIlwVCzj/mBM9uM7apNDzEJ3g+F+ kb@LANA9C" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKurR2GzSHyD3AM0Xn+YmwfGcLjBlQX1ZRh93S8YiQwn kb@Ohybke" - ]; - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - packages = with pkgs; [ - vim - sops - ]; - }; - - users.users.remotebuild = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdxVb42GEb/rwrsQx/Wc2v2P+WIq8/WNlF+l31Rl/a Remotebuilds from HyperC" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/WONflZXVoZd8I4HdNMXNtoYELnCaxqdFY0QKDXXS9 Remotebuilds from Rubtrm" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqjdhtK0xeJcHwwCAia6I+WuZCkN9pUS21MNjJ2jOuc Remotebuilds from LANA9Z" - ]; - }; - - # List packages installed in system profile. To search, run: - environment.systemPackages = with pkgs; [ - vim - wget - git - tree - ]; - - # Default Editor - programs.vim.enable = true; - programs.vim.defaultEditor = true; - - # Sops Secrets Config - sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/master/.config/sops/age/keys.txt"; - - # SSH and Mosh - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - ports = [ 3422 ]; - openFirewall = true; - }; - programs.mosh.enable = true; - - # Minecraft Servers - services.minecraft = { - enable = true; - servers.velocity.enable = true; - servers.survival.enable = true; - }; - - # Forgejo Runner - services.forgejo-runner.enable = true; - - # Binary Cache - services.binary-cache.enable = false; # No Binary-Cache, when there are Secrets in the /nix/store - - # Enable QUEMU Quest Agent - services.qemuGuest.enable = true; - - # Do NOT change this value - system.stateVersion = "24.05"; # Did you read the comment? -} - diff --git a/systems/x86_64-linux/kb-game-01/hardware.nix b/systems/x86_64-linux/kb-game-01/hardware.nix deleted file mode 100644 index 0dd166c..0000000 --- a/systems/x86_64-linux/kb-game-01/hardware.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-label/NIXROOT"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-label/NIXBOOT"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} - diff --git a/systems/x86_64-linux/mow0m/default.nix b/systems/x86_64-linux/mow0m/default.nix deleted file mode 100644 index 73a733b..0000000 --- a/systems/x86_64-linux/mow0m/default.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./hardware.nix - ]; - - - # Networking - networking.hostName = "mow0m"; - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Amsterdam"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "de"; - }; - - users.users.master = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - packages = with pkgs; [ - tree - ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+qnaWHrGk+DHz5I3L8wK5MPVzjck9LTuctnzK55WJs kb@LoyAdjo" - ]; - - }; - - # programs.firefox.enable = true; - - # System Packages: (search via $ nix search wget) - environment.systemPackages = with pkgs; [ - vim - tree - wget - ]; - - # SSH and Mosh - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - ports = [ 9553 ]; - openFirewall = true; - }; - programs.mosh.enable = true; - - - # Firewall - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - - system.stateVersion = "24.11"; # NEVER CHANGE THIS!!! -} - diff --git a/systems/x86_64-linux/mow0m/hardware.nix b/systems/x86_64-linux/mow0m/hardware.nix deleted file mode 100644 index afe072e..0000000 --- a/systems/x86_64-linux/mow0m/hardware.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "elevator=noop" "boot.shell_on_fail" "ip=dhcp" ]; - boot.extraModulePackages = [ ]; - boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "c61a0c21"; - networking.useDHCP = lib.mkDefault true; - - # Bootloader - boot.loader = { - efi = { - canTouchEfiVariables = true; - efiSysMountPoint = "/boot"; # use the same mount point here. - }; - grub = { - enable = true; - version = 2; - copyKernels = true; - efiSupport = true; - mirroredBoots = [ - {devices = [ "/dev/nvme0n1" ]; path = "/boot";} - {devices = [ "/dev/nvme1n1" ]; path = "/boot1";} - ]; - }; - }; - # Uncomment [on a working system] to ensure extra safeguards are active that zfs uses to protect zfs pools: - #boot.zfs.forceImportAll = false; - #boot.zfs.forceImportRoot = false; - - # Remote Filesystem(s) unlocking - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - port = 2550; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPKorzbCjRROOmFpiEfbH2mmLJ8qACUUt7pln87PgkA kb@LoyAdjo" - ]; - hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - }; - boot.initrd.network.postCommands = '' - zpool import -a - echo "zfs load-key -a; killall zfs" >> /root/.profile - ''; - - # Filesystems - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7C96-7E8A"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - fileSystems."/boot1" = { - device = "/dev/disk/by-uuid/7C97-3483"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/" = { - device = "mow0m/root"; - fsType = "zfs"; - }; - fileSystems."/nix" = { - device = "mow0m/root/nix"; - fsType = "zfs"; - }; - fileSystems."/home" = { - device = "mow0m/root/home"; - fsType = "zfs"; - }; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} -