Initial commit

This commit is contained in:
Kiana Sheibani 2024-07-21 01:44:38 -04:00
commit 41d546e21d
10 changed files with 241 additions and 0 deletions

42
config.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, lib, pkgs, rpi5-kernel, ... }:
{
imports = [ ./hardware-configuration.nix ./modules ];
# boot.initrd.availableKernelModules = [ "usbhid" "usb_storage" ];
boot.kernelPackages = rpi5-kernel.legacyPackages.aarch64-linux.linuxPackages_rpi5;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = false;
nix.package = pkgs.nixFlakes;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
time.timeZone = "America/New_York";
networking.hostName = "toki-rpi5";
networking.wireless.iwd.enable = true;
networking.wireless.iwd.settings = {
Settings.AutoConnect = true;
Network.EnableIPv6 = false;
General.EnableNetworkConfiguration = true;
};
services.openssh.enable = true;
services.openssh.settings = {
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [ ./ssh/authorized_keys ];
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
environment.systemPackages = with pkgs; [
openssl
rsync
curl
git
wget
];
system.stateVersion = "24.05";
}

63
flake.lock Normal file
View file

@ -0,0 +1,63 @@
{
"nodes": {
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"rpi5-kernel": "rpi5-kernel"
}
},
"rpi5-kernel": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1704485878,
"narHash": "sha256-i7UH31IZyil99EUB5qnQJAiszFkea1B1yZf5pQEDIYg=",
"owner": "vriska",
"repo": "nix-rpi5",
"rev": "ac9942532e1dc2f825ad2aa3a6d31bfbd3b42eed",
"type": "gitlab"
},
"original": {
"owner": "vriska",
"repo": "nix-rpi5",
"type": "gitlab"
}
}
},
"root": "root",
"version": 7
}

22
flake.nix Normal file
View file

@ -0,0 +1,22 @@
{
description = "Server system conf";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
rpi5-kernel.url = "gitlab:vriska/nix-rpi5";
rpi5-kernel.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@{ self, nixpkgs, rpi5-kernel, ... }:
{
nixosConfigurations."toki-rpi5" =
nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
{ _module.args = inputs; }
./config.nix
];
};
};
}

View file

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/278088c7-1e81-4aec-ae7a-849bbfb4c8bc";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/56DC-DAA1";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/03af869a-1357-43ce-800d-4480f0fa28d1"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

9
modules/acme.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
security.acme.acceptTerms = true;
security.acme.defaults = {
email = "kiana.a.sheibani@gmail.com";
dnsProvider = "namecheap";
environmentFile = "/root/.namecheap_api";
};
}

9
modules/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./acme.nix
./fail2ban.nix
./forgejo.nix
./nginx.nix
];
}

4
modules/fail2ban.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
services.fail2ban.enable = true;
}

47
modules/forgejo.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, ... }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in {
services.nginx.virtualHosts.${srv.DOMAIN} = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${builtins.toString srv.HTTP_PORT}";
};
services.forgejo = {
enable = true;
settings = {
server = {
DOMAIN = "git.tokinanpa.dev";
ROOT_URL = "https://${srv.DOMAIN}/";
};
service = {
DISABLE_REGISTRATION = true;
};
repository = {
DEFAULT_REPO_UNITS = "repo.code,repo.releases,repo.issues";
DISABLE_STARS = true;
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_PUSH_CREATE_PRIVATE = false;
PREFERRED_LICENSES = "MIT";
};
ui = {
DEFAULT_THEME = "forgejo-dark";
DEFAULT_SHOW_FULL_NAME = true;
};
mirror.DEFAULT_INTERVAL = "1h";
};
};
}

4
modules/nginx.nix Normal file
View file

@ -0,0 +1,4 @@
{ ... }:
{
services.nginx.enable = true;
}

1
ssh/authorized_keys Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDemOeWGP40M495KAuylZfRHXKKr9av0QHYjQwuG5EKzoy+KH0EAtBM3MbDLX5+bCd4O4oB9H/ZWxDZFfaitTPf1nrBMA89GWAxiGwVT3U2kQL2KUIP9rXjH/KLwocqnqsljRka1McF0mijtpMhNR0jpXAOfZboHFWRE07kRacvXmhkltcJhXiCGMYmUfFT/HroxSgV+1BM9csYItzHlHFhoB2laEQOoTE5jLxkTkqZ55W0V9QUlM1N830fvhv9z/I6PQcIPXttB4nm+339r2qA3qncRkF7j0+JIXbUkIxK7nQhv25EyFUS8WplnI7mbb2T9JWVeLsAO24WrAApbPxmu+ItKq003Qi4a/0+v6D2PCXm+YoxJlM5aHh8FZdXoIhMv76j3lk0P0sN9Sr09gjoWkV+/rSN+3ZLCJBGS5a3LpBk3HC2ZP/mvfsd1LTDhYQBJSW0LiBZO5aRuKZrTbyY9+i75cTWjnJuvZyBDn3giSYMiVhIAcZg5dU0ySG4M28= kiana@kiana-laptop