diff options
Diffstat (limited to 'hosts/ahmed')
| -rw-r--r-- | hosts/ahmed/cloudflare-ddns.nix | 11 | ||||
| -rw-r--r-- | hosts/ahmed/configuration.nix | 29 | ||||
| -rw-r--r-- | hosts/ahmed/graphics.nix | 15 | ||||
| -rw-r--r-- | hosts/ahmed/hardware-configuration.nix | 44 | ||||
| -rw-r--r-- | hosts/ahmed/linus.onl.nix | 26 | ||||
| -rw-r--r-- | hosts/ahmed/notifications.linus.onl.nix | 14 | ||||
| -rw-r--r-- | hosts/ahmed/ssh.nix | 18 |
7 files changed, 81 insertions, 76 deletions
diff --git a/hosts/ahmed/cloudflare-ddns.nix b/hosts/ahmed/cloudflare-ddns.nix index a118fa6..a03a8a3 100644 --- a/hosts/ahmed/cloudflare-ddns.nix +++ b/hosts/ahmed/cloudflare-ddns.nix @@ -1,11 +1,10 @@ # This module sets up cloudflare-dyndns for <linus.onl>. - -{ lib, config, ... }: - -let - -in { + lib, + config, + ... +}: let +in { age.secrets.cloudflare-dyndns-api-token.file = ../../secrets/cloudflare-ddns-token.env.age; services.cloudflare-dyndns = { enable = true; diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix index 2fb6d2e..19e6912 100644 --- a/hosts/ahmed/configuration.nix +++ b/hosts/ahmed/configuration.nix @@ -1,23 +1,24 @@ # This file conatins the host-specific configuration for a shitty webserver in # my closet. - -{ config, pkgs, lib, ... }: - { - imports = - [ - ./hardware-configuration.nix - ./ssh.nix - ./linus.onl.nix - ./notifications.linus.onl.nix - ./graphics.nix - ]; + config, + pkgs, + lib, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./ssh.nix + ./linus.onl.nix + ./notifications.linus.onl.nix + ./graphics.nix + ]; # Create the main user. users.users.linus = { isNormalUser = true; hashedPassword = "$y$j9T$kNJ5L50Si0sAhdrHyO19I1$YcwXZ46dI.ApLMgZSj7qImq9FrSL0CEUeoJUS8P1103"; - extraGroups = [ "wheel" ]; + extraGroups = ["wheel"]; }; # Use the systemd-boot EFI boot loader. @@ -35,7 +36,7 @@ console = { font = "sun12x22"; # This font is pretty readable on the cracked display. - keyMap = "dk"; # This host has a Danish keyboard layout. + keyMap = "dk"; # This host has a Danish keyboard layout. }; # Set up Minecraft server. @@ -75,7 +76,7 @@ }; # Listen for HTTP connections. - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; # We are running behind CF proxy. modules.cloudflare-proxy.enable = true; diff --git a/hosts/ahmed/graphics.nix b/hosts/ahmed/graphics.nix index be7c9c9..f54d043 100644 --- a/hosts/ahmed/graphics.nix +++ b/hosts/ahmed/graphics.nix @@ -1,14 +1,15 @@ # This module configures a basic graphical environment. I use this sometimes for # ahmed when muhammed is being repaired. - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; cfg = config.modules.graphics; -in -{ +in { options.modules.graphics.enable = mkEnableOption "basic graphical environment"; config = mkIf cfg.enable { @@ -29,7 +30,7 @@ in hardware.pulseaudio.enable = true; environment.systemPackages = with pkgs; [ - st # suckless terminal - dwm is pretty sucky without this + st # suckless terminal - dwm is pretty sucky without this dmenu # application launcher ]; }; diff --git a/hosts/ahmed/hardware-configuration.nix b/hosts/ahmed/hardware-configuration.nix index bae3db1..48a2786 100644 --- a/hosts/ahmed/hardware-configuration.nix +++ b/hosts/ahmed/hardware-configuration.nix @@ -1,33 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos"; #"/dev/disk/by-uuid/a51aa876-0ba2-437f-b2fd-04ef18bdea79"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; #"/dev/disk/by-uuid/a51aa876-0ba2-437f-b2fd-04ef18bdea79"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/ahmed/linus.onl.nix b/hosts/ahmed/linus.onl.nix index a8e4190..52703fe 100644 --- a/hosts/ahmed/linus.onl.nix +++ b/hosts/ahmed/linus.onl.nix @@ -1,13 +1,15 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkEnableOption mkOption types mkIf optional; domain = "linus.onl"; cfg = config.modules."${domain}"; -in -{ +in { options.modules."${domain}" = { enable = mkEnableOption "${domain} static site"; @@ -21,10 +23,10 @@ in group = "${domain}-builder"; isSystemUser = true; }; - users.groups."${domain}-builder" = { }; + users.groups."${domain}-builder" = {}; # Create the output directory. - system.activationScripts."${domain}-create-www" = lib.stringAfter [ "var" ] '' + system.activationScripts."${domain}-create-www" = lib.stringAfter ["var"] '' mkdir -p /var/www/${domain} chown ${domain}-builder /var/www/${domain} chgrp ${domain}-builder /var/www/${domain} @@ -73,17 +75,17 @@ in # TODO: Harden service # Network must be online for us to check. - after = [ "network-online.target" ]; - requires = [ "network-online.target" ]; + after = ["network-online.target"]; + requires = ["network-online.target"]; # We must generate some files for NGINX to serve, so this should be run # before NGINX. - before = [ "nginx.service" ]; - wantedBy = [ "nginx.service" ]; + before = ["nginx.service"]; + wantedBy = ["nginx.service"]; }; # Register domain name with ddns. - services.cloudflare-dyndns.domains = [ domain ]; + services.cloudflare-dyndns.domains = [domain]; # Register virtual host. services.nginx = { diff --git a/hosts/ahmed/notifications.linus.onl.nix b/hosts/ahmed/notifications.linus.onl.nix index 7addaad..d77a0e7 100644 --- a/hosts/ahmed/notifications.linus.onl.nix +++ b/hosts/ahmed/notifications.linus.onl.nix @@ -1,6 +1,9 @@ -{ pkgs, lib, config, ... }: - -let +{ + pkgs, + lib, + config, + ... +}: let inherit (lib) mkEnableOption mkOption types mkIf optional; domain = "notifications.linus.onl"; @@ -9,8 +12,7 @@ let internal-port = 13082; cfg = config.modules."notifications.linus.onl"; -in -{ +in { options.modules."notifications.linus.onl" = { enable = mkEnableOption "notifications.linus.onl static site"; @@ -27,7 +29,7 @@ in }; # Register domain name. - services.cloudflare-dyndns.domains = [ "notifications.linus.onl" ]; + services.cloudflare-dyndns.domains = ["notifications.linus.onl"]; # Serve the generated page using NGINX. services.nginx.virtualHosts."notifications.linus.onl" = { diff --git a/hosts/ahmed/ssh.nix b/hosts/ahmed/ssh.nix index dfe4c30..3c6b7ad 100644 --- a/hosts/ahmed/ssh.nix +++ b/hosts/ahmed/ssh.nix @@ -1,19 +1,19 @@ # This file configures openSSH on this host. - -{ lib, metadata, ... }: - { + lib, + metadata, + ... +}: { # Who is allowed/expected to connect to this machine? - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [22]; services.openssh = { enable = true; - settings.PasswordAuthentication = false; + settings.PasswordAuthentication = false; }; users.users = lib.genAttrs ["root" "linus"] (_: { - openssh.authorizedKeys.keys = - [ - metadata.hosts.muhammed.sshPubKey - ]; + openssh.authorizedKeys.keys = [ + metadata.hosts.muhammed.sshPubKey + ]; }); } |