From b86137971321052085fca440b37581c0d6fbc285 Mon Sep 17 00:00:00 2001 From: Dennis Date: Wed, 19 Mar 2025 20:27:48 +0100 Subject: [PATCH] Adds config for vps --- hosts/dnsc-vps-sm/default.nix | 136 +++++++++++++++++++ hosts/dnsc-vps-sm/hardware-configuration.nix | 8 ++ hosts/dnsc-vps-sm/networking.nix | 33 +++++ 3 files changed, 177 insertions(+) create mode 100644 hosts/dnsc-vps-sm/default.nix create mode 100644 hosts/dnsc-vps-sm/hardware-configuration.nix create mode 100644 hosts/dnsc-vps-sm/networking.nix diff --git a/hosts/dnsc-vps-sm/default.nix b/hosts/dnsc-vps-sm/default.nix new file mode 100644 index 0000000..2f96f9e --- /dev/null +++ b/hosts/dnsc-vps-sm/default.nix @@ -0,0 +1,136 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ./networking.nix + inputs.home-manager.nixosModules.home-manager + ]; + + # Generated automatically + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + + # General + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "en_US.UTF-8"; + + # Boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot.configurationLimit = 10; + + # Nix Settings + # Perform garbage collection weekly to maintain low disk usage + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 1w"; + }; + nix.settings.auto-optimise-store = true; + + # Networking + networking.hostName = "dnsc-vps-sm"; + networking.hostId = "380f585f"; + networking.domain = "dnsc.io"; + networking.networkmanager.enable = true; + # Fix due to https://github.com/NixOS/nixpkgs/issues/180175 + systemd.services.NetworkManager-wait-online.enable = false; + + # Firewall + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + # My user account + users.users.dennis = { + description = "dennis"; + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvXWZOPOJJDAoF+Sx/ZLoAVu6G/7/MAWoknBgMAzjul dennis@dnsc-mac" + ]; + }; + + # Home Manager Setup + home-manager = { + extraSpecialArgs = { inherit inputs outputs; }; + users = { + dennis = import ../../home/server.nix; + }; + }; + + # Enable new Nix CLI and flakes + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Install system wide packages + environment.systemPackages = with pkgs; [ + git + btop + neovim + wget + ]; + + # Programs + # GnuPG + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # Services + # SSH + services.openssh = { + enable = true; + settings = { + X11Forwarding = false; + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + openFirewall = true; + }; + + # Tailscale + services.tailscale.enable = true; + + # Caddy + services.caddy = { + enable = true; + virtualHosts."www.dnsc.io".extraConfig = '' + redir https://example.com{uri} + ''; + virtualHosts."dnsc.io".extraConfig = '' + encode gzip + file_server + + root * /var/www/homepage + ''; + virtualHosts."slides.dnsc.io".extraConfig = '' + encode gzip + file_server + + root * /var/www/slides + ''; + }; + + # Environment variables + environment.variables.EDITOR = "nvim"; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; +} + diff --git a/hosts/dnsc-vps-sm/hardware-configuration.nix b/hosts/dnsc-vps-sm/hardware-configuration.nix new file mode 100644 index 0000000..6679bdf --- /dev/null +++ b/hosts/dnsc-vps-sm/hardware-configuration.nix @@ -0,0 +1,8 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; +} diff --git a/hosts/dnsc-vps-sm/networking.nix b/hosts/dnsc-vps-sm/networking.nix new file mode 100644 index 0000000..9cd913c --- /dev/null +++ b/hosts/dnsc-vps-sm/networking.nix @@ -0,0 +1,33 @@ +{ lib, ... }: { + # This file was populated at runtime with the networking + # details gathered from the active system. + networking = { + nameservers = [ "8.8.8.8" + ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [ + { address="91.99.21.186"; prefixLength=32; } + ]; + ipv6.addresses = [ + { address="2a01:4f8:1c1a:cdfb::1"; prefixLength=64; } +{ address="fe80::9400:4ff:fe27:8245"; prefixLength=64; } + ]; + ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; + ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="96:00:04:27:82:45", NAME="eth0" + + ''; +}