From a413aa02e510ec99b4231f9a5e2e4727da4a308f Mon Sep 17 00:00:00 2001 From: caandt Date: Wed, 25 Dec 2024 17:51:47 -0500 Subject: [PATCH] init mikan --- bin/mkhost | 2 +- flake.lock | 52 ++++++++++----- flake.nix | 5 ++ hosts/mikan/config.nix | 92 ++++++++++++++++++++++++++ hosts/mikan/default.nix | 27 ++++++++ hosts/mikan/disk.nix | 23 +++++++ hosts/mikan/hardware-configuration.nix | 24 +++++++ hosts/mikan/users/ahnwuoa/default.nix | 12 ++++ system/boot.nix | 4 +- 9 files changed, 223 insertions(+), 18 deletions(-) create mode 100644 hosts/mikan/config.nix create mode 100644 hosts/mikan/default.nix create mode 100644 hosts/mikan/disk.nix create mode 100644 hosts/mikan/hardware-configuration.nix create mode 100644 hosts/mikan/users/ahnwuoa/default.nix diff --git a/bin/mkhost b/bin/mkhost index a9e215b..3c31e02 100755 --- a/bin/mkhost +++ b/bin/mkhost @@ -12,7 +12,7 @@ if [ -e "$HOST" ]; then exit 2 fi mkdir "$HOST" -nixos-generate-config --show-hardware-config > "$HOST/hardware-configuration.nix" +nixos-generate-config --show-hardware-config --no-filesystems > "$HOST/hardware-configuration.nix" cat << EOF > "$HOST/default.nix" {...}: { imports = [ diff --git a/flake.lock b/flake.lock index 0fd7622..284e7cb 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734088167, + "narHash": "sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk=", + "owner": "nix-community", + "repo": "disko", + "rev": "65a441502c9382d41ada1adbc9bd31d6c9b00fe2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "latest", + "repo": "disko", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -26,11 +47,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1734395804, - "narHash": "sha256-m75doN+grfAo8pO2s2wwnsUwSxZGElY/Fcpo3RZ80D4=", + "lastModified": 1735066341, + "narHash": "sha256-CWWyjOgIMv08M/WScUL1Dvd3cFTSMLJEXyHlArsJ2ZI=", "owner": "wamserma", "repo": "flake-programs-sqlite", - "rev": "42f6a8859142dc7dcb05502015913106fc77251f", + "rev": "832b4e206b87761d5e46fb0ff4df8c13dac93fde", "type": "github" }, "original": { @@ -46,11 +67,11 @@ ] }, "locked": { - "lastModified": 1734344598, - "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", + "lastModified": 1735053786, + "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "83ecd50915a09dca928971139d3a102377a8d242", + "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", "type": "github" }, "original": { @@ -68,11 +89,11 @@ "umu": "umu" }, "locked": { - "lastModified": 1734313951, - "narHash": "sha256-DCjhmX5dVn11J8Ss+5Py4yMh8k7a63HakMENccGZBr4=", + "lastModified": 1735090720, + "narHash": "sha256-Abx/6obaYLgFio8g06pcmMaRPwjKo/bOn1P+gsDMVg0=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "a5f8dee3f7e6864da0d69a227bc8a90a3cbf9d0f", + "rev": "95f1cc7ebe63b5a5af6c2d206ffd422739c5959e", "type": "github" }, "original": { @@ -83,11 +104,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734119587, - "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -111,11 +132,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1734083684, - "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { @@ -127,6 +148,7 @@ }, "root": { "inputs": { + "disko": "disko", "flake-programs-sqlite": "flake-programs-sqlite", "home-manager": "home-manager", "nix-gaming": "nix-gaming", diff --git a/flake.nix b/flake.nix index 08431f7..03a000e 100644 --- a/flake.nix +++ b/flake.nix @@ -16,6 +16,10 @@ url = "github:fufexan/nix-gaming"; inputs.nixpkgs.follows = "nixpkgs"; }; + disko = { + url = "github:nix-community/disko/latest"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -38,6 +42,7 @@ specialArgs = { inherit pkgs-stable; inherit flake-programs-sqlite; + inherit inputs; }; modules = [(./hosts + "/${host}")]; }; diff --git a/hosts/mikan/config.nix b/hosts/mikan/config.nix new file mode 100644 index 0000000..1e7311a --- /dev/null +++ b/hosts/mikan/config.nix @@ -0,0 +1,92 @@ +{...}: { + services.openssh = { + enable = true; + ports = [2291]; + extraConfig = "AuthorizedKeysFile %h/.local/ssh/authorized_keys"; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + networking.firewall.allowedTCPPorts = [2291 80 443]; + services.qemuGuest.enable = true; + services.forgejo = { + enable = true; + database.type = "sqlite3"; + settings = { + DEFAULT.APP_NAME = "g.twoha.cc"; + server = { + DOMAIN = "g.twoha.cc"; + ROOT_URL = "https://g.twoha.cc"; + HTTP_PORT = 3333; + LANDING_PAGE = "explore"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "admin+acme@twoha.cc"; + certs."twoha.cc" = { + dnsProvider = "porkbun"; + environmentFile = "/root/porkbun-creds"; + extraDomainNames = ["*.twoha.cc"]; + }; + }; + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."twoha.cc" = { + useACMEHost = "twoha.cc"; + forceSSL = true; + serverName = "twoha.cc"; + locations."/".return = 502; + }; + virtualHosts."u.twoha.cc" = { + useACMEHost = "twoha.cc"; + forceSSL = true; + serverName = "u.twoha.cc"; + root = "/var/www/u"; + locations."/".extraConfig = '' + disable_symlinks off; + if ($request_uri ~ ^/(.*)\.html) { + return 302 /$1; + } + try_files $uri $uri.html $uri/ =404; + ''; + locations."/_/".proxyPass = "http://127.0.0.1:5000"; + }; + virtualHosts."mu.twoha.cc" = { + useACMEHost = "twoha.cc"; + forceSSL = true; + serverName = "mu.twoha.cc"; + root = "/var/www/mu"; + locations."/".extraConfig = '' + disable_symlinks off; + if ($request_uri ~ ^/(.*)\.html) { + return 302 /$1; + } + try_files $uri $uri.html $uri/ =404; + ''; + }; + virtualHosts."*.twoha.cc" = { + useACMEHost = "twoha.cc"; + serverName = "*.twoha.cc"; + forceSSL = true; + locations."/".return = 502; + }; + virtualHosts."g.twoha.cc" = { + forceSSL = true; + useACMEHost = "twoha.cc"; + serverName = "g.twoha.cc"; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:3333"; + }; + }; + users.users.nginx.extraGroups = ["acme"]; +} diff --git a/hosts/mikan/default.nix b/hosts/mikan/default.nix new file mode 100644 index 0000000..93073a3 --- /dev/null +++ b/hosts/mikan/default.nix @@ -0,0 +1,27 @@ +{inputs, ...}: { + imports = [ + ../../system + ./hardware-configuration.nix + ./disk.nix + ./config.nix + inputs.disko.nixosModules.disko + ]; + + networking.hostName = "mikan"; + time.timeZone = "America/New_York"; + users.users.ahnwuoa = { + isNormalUser = true; + extraGroups = ["wheel"]; + }; + u.has = { + graphical = false; + wine = false; + virt = false; + container = false; + }; + boot.loader.grub = { + useOSProber = false; + efiSupport = false; + }; + boot.loader.efi.canTouchEfiVariables = false; +} diff --git a/hosts/mikan/disk.nix b/hosts/mikan/disk.nix new file mode 100644 index 0000000..4044910 --- /dev/null +++ b/hosts/mikan/disk.nix @@ -0,0 +1,23 @@ +{...}: { + disko.devices.disk.main = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for grub MBR + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; +} diff --git a/hosts/mikan/hardware-configuration.nix b/hosts/mikan/hardware-configuration.nix new file mode 100644 index 0000000..bb83c96 --- /dev/null +++ b/hosts/mikan/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/mikan/users/ahnwuoa/default.nix b/hosts/mikan/users/ahnwuoa/default.nix new file mode 100644 index 0000000..9852d89 --- /dev/null +++ b/hosts/mikan/users/ahnwuoa/default.nix @@ -0,0 +1,12 @@ +{...}: { + imports = [ + ../../../../user + ]; + + home.username = "ahnwuoa"; + u.has = { + graphical = false; + wine = false; + prog = false; + }; +} diff --git a/system/boot.nix b/system/boot.nix index 8d52b99..db5d8de 100644 --- a/system/boot.nix +++ b/system/boot.nix @@ -1,5 +1,5 @@ -{...}: { - boot.loader = { +{lib, ...}: { + boot.loader = lib.mkDefault { grub.enable = true; grub.device = "nodev"; grub.efiSupport = true;