init mikan

2024-12-25 17:51:47 -05:00 · 2024-12-25 17:51:47 -05:00 · a413aa02e5
parent 23dbd54950
commit a413aa02e5
9 changed files with 223 additions and 18 deletions
--- a/bin/mkhost
+++ b/bin/mkhost
@ -12,7 +12,7 @@ if [ -e "$HOST" ]; then
  exit 2
 fi
 mkdir "$HOST"
-nixos-generate-config --show-hardware-config > "$HOST/hardware-configuration.nix"
+nixos-generate-config --show-hardware-config --no-filesystems > "$HOST/hardware-configuration.nix"
 cat << EOF > "$HOST/default.nix"
 {...}: {
  imports = [
--- a/flake.lock
+++ b/flake.lock
@ -1,5 +1,26 @@
 {
  "nodes": {
    "disko": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1734088167,
        "narHash": "sha256-snPBgTqwn3FPZVdFC5yt7Bnk3squim1vZOZ8CObWykk=",
        "owner": "nix-community",
        "repo": "disko",
        "rev": "65a441502c9382d41ada1adbc9bd31d6c9b00fe2",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "latest",
        "repo": "disko",
        "type": "github"
      }
    },
    "flake-parts": {
      "inputs": {
        "nixpkgs-lib": "nixpkgs-lib"
@ -26,11 +47,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1734395804,
+        "lastModified": 1735066341,
-        "narHash": "sha256-m75doN+grfAo8pO2s2wwnsUwSxZGElY/Fcpo3RZ80D4=",
+        "narHash": "sha256-CWWyjOgIMv08M/WScUL1Dvd3cFTSMLJEXyHlArsJ2ZI=",
        "owner": "wamserma",
        "repo": "flake-programs-sqlite",
-        "rev": "42f6a8859142dc7dcb05502015913106fc77251f",
+        "rev": "832b4e206b87761d5e46fb0ff4df8c13dac93fde",
        "type": "github"
      },
      "original": {
@ -46,11 +67,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734344598,
+        "lastModified": 1735053786,
-        "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=",
+        "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "83ecd50915a09dca928971139d3a102377a8d242",
+        "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84",
        "type": "github"
      },
      "original": {
@ -68,11 +89,11 @@
        "umu": "umu"
      },
      "locked": {
-        "lastModified": 1734313951,
+        "lastModified": 1735090720,
-        "narHash": "sha256-DCjhmX5dVn11J8Ss+5Py4yMh8k7a63HakMENccGZBr4=",
+        "narHash": "sha256-Abx/6obaYLgFio8g06pcmMaRPwjKo/bOn1P+gsDMVg0=",
        "owner": "fufexan",
        "repo": "nix-gaming",
-        "rev": "a5f8dee3f7e6864da0d69a227bc8a90a3cbf9d0f",
+        "rev": "95f1cc7ebe63b5a5af6c2d206ffd422739c5959e",
        "type": "github"
      },
      "original": {
@ -83,11 +104,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734119587,
+        "lastModified": 1734649271,
-        "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
+        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
+        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
        "type": "github"
      },
      "original": {
@ -111,11 +132,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1734083684,
+        "lastModified": 1734875076,
-        "narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
+        "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
+        "rev": "1807c2b91223227ad5599d7067a61665c52d1295",
        "type": "github"
      },
      "original": {
@ -127,6 +148,7 @@
    },
    "root": {
      "inputs": {
        "disko": "disko",
        "flake-programs-sqlite": "flake-programs-sqlite",
        "home-manager": "home-manager",
        "nix-gaming": "nix-gaming",
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,10 @@
      url = "github:fufexan/nix-gaming";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    disko = {
      url = "github:nix-community/disko/latest";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
@ -38,6 +42,7 @@
          specialArgs = {
            inherit pkgs-stable;
            inherit flake-programs-sqlite;
            inherit inputs;
          };
          modules = [(./hosts + "/${host}")];
        };
--- a/hosts/mikan/config.nix
+++ b/hosts/mikan/config.nix
@ -0,0 +1,92 @@
 {...}: {
  services.openssh = {
    enable = true;
    ports = [2291];
    extraConfig = "AuthorizedKeysFile %h/.local/ssh/authorized_keys";
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
  };
  networking.firewall.allowedTCPPorts = [2291 80 443];
  services.qemuGuest.enable = true;
  services.forgejo = {
    enable = true;
    database.type = "sqlite3";
    settings = {
      DEFAULT.APP_NAME = "g.twoha.cc";
      server = {
        DOMAIN = "g.twoha.cc";
        ROOT_URL = "https://g.twoha.cc";
        HTTP_PORT = 3333;
        LANDING_PAGE = "explore";
      };
      service.DISABLE_REGISTRATION = true;
    };
  };
  security.acme = {
    acceptTerms = true;
    defaults.email = "admin+acme@twoha.cc";
    certs."twoha.cc" = {
      dnsProvider = "porkbun";
      environmentFile = "/root/porkbun-creds";
      extraDomainNames = ["*.twoha.cc"];
    };
  };
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "twoha.cc";
      locations."/".return = 502;
    };
    virtualHosts."u.twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "u.twoha.cc";
      root = "/var/www/u";
      locations."/".extraConfig = ''
        disable_symlinks off;
        if ($request_uri ~ ^/(.*)\.html) {
          return 302 /$1;
        }
        try_files $uri $uri.html $uri/ =404;
      '';
      locations."/_/".proxyPass = "http://127.0.0.1:5000";
    };
    virtualHosts."mu.twoha.cc" = {
      useACMEHost = "twoha.cc";
      forceSSL = true;
      serverName = "mu.twoha.cc";
      root = "/var/www/mu";
      locations."/".extraConfig = ''
        disable_symlinks off;
        if ($request_uri ~ ^/(.*)\.html) {
          return 302 /$1;
        }
        try_files $uri $uri.html $uri/ =404;
      '';
    };
    virtualHosts."*.twoha.cc" = {
      useACMEHost = "twoha.cc";
      serverName = "*.twoha.cc";
      forceSSL = true;
      locations."/".return = 502;
    };
    virtualHosts."g.twoha.cc" = {
      forceSSL = true;
      useACMEHost = "twoha.cc";
      serverName = "g.twoha.cc";
      extraConfig = ''
        client_max_body_size 512M;
      '';
      locations."/".proxyPass = "http://localhost:3333";
    };
  };
  users.users.nginx.extraGroups = ["acme"];
 }
--- a/hosts/mikan/default.nix
+++ b/hosts/mikan/default.nix
@ -0,0 +1,27 @@
 {inputs, ...}: {
  imports = [
    ../../system
    ./hardware-configuration.nix
    ./disk.nix
    ./config.nix
    inputs.disko.nixosModules.disko
  ];
  networking.hostName = "mikan";
  time.timeZone = "America/New_York";
  users.users.ahnwuoa = {
    isNormalUser = true;
    extraGroups = ["wheel"];
  };
  u.has = {
    graphical = false;
    wine = false;
    virt = false;
    container = false;
  };
  boot.loader.grub = {
    useOSProber = false;
    efiSupport = false;
  };
  boot.loader.efi.canTouchEfiVariables = false;
 }
--- a/hosts/mikan/disk.nix
+++ b/hosts/mikan/disk.nix
@ -0,0 +1,23 @@
 {...}: {
  disko.devices.disk.main = {
    device = "/dev/sda";
    type = "disk";
    content = {
      type = "gpt";
      partitions = {
        boot = {
          size = "1M";
          type = "EF02"; # for grub MBR
        };
        root = {
          size = "100%";
          content = {
            type = "filesystem";
            format = "ext4";
            mountpoint = "/";
          };
        };
      };
    };
  };
 }
--- a/hosts/mikan/hardware-configuration.nix
+++ b/hosts/mikan/hardware-configuration.nix
@ -0,0 +1,24 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
--- a/hosts/mikan/users/ahnwuoa/default.nix
+++ b/hosts/mikan/users/ahnwuoa/default.nix
@ -0,0 +1,12 @@
 {...}: {
  imports = [
    ../../../../user
  ];
  home.username = "ahnwuoa";
  u.has = {
    graphical = false;
    wine = false;
    prog = false;
  };
 }
--- a/system/boot.nix
+++ b/system/boot.nix
@ -1,5 +1,5 @@
-{...}: {
+{lib, ...}: {
-  boot.loader = {
+  boot.loader = lib.mkDefault {
    grub.enable = true;
    grub.device = "nodev";
    grub.efiSupport = true;