added a new host machine

This commit is contained in:
2023-12-22 03:57:26 +05:30
parent a75d7948d5
commit 183d306979
4 changed files with 200 additions and 0 deletions

View File

@ -61,6 +61,26 @@
];
};
controller = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs username; };
modules = [
./hosts/controller
./modules/nixos/headscale.nix
home-manager.nixosModules.home-manager
{
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit inputs outputs username; };
home-manager.users.${username} = {
imports = [
./modules/home-manager
./home/tux
];
};
}
];
};
wsl = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs username; };
modules = [

View File

@ -0,0 +1,80 @@
{ config, outputs, lib, pkgs, inputs, username, ... }:
{
imports = [
./hardware-configuration.nix
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
outputs.overlays.nur
];
config = {
allowUnfree = true;
joypixels.acceptLicense = true;
};
};
nix = {
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
boot = {
kernelPackages = pkgs.linuxPackages_zen;
initrd.systemd.enable = true;
loader = {
grub.device = "/dev/sda";
timeout = 1;
};
};
networking = {
hostName = "controller";
};
security = {
sudo.wheelNeedsPassword = false;
};
programs = {
zsh.enable = true;
nix-ld.enable = true;
dconf.enable = true;
};
services = {
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
};
};
};
users = {
defaultUserShell = pkgs.zsh;
users.${username} = {
initialPassword = "${username}";
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "storage" ];
openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D 0xtux@pm.me''
];
};
};
environment.systemPackages = with pkgs;[
];
fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" ]; }) ];
system.stateVersion = "23.11";
}

View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/b5a9a9f6-be72-4520-b2ac-439d0479a34b";
fsType = "ext4";
};
fileSystems."/efi" =
{
device = "systemd-1";
fsType = "autofs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -0,0 +1,61 @@
{ config, lib, pkgs, ... }: {
security = {
acme = {
defaults.email = "0xtux@pm.me";
acceptTerms = true;
};
};
services = {
headscale = {
enable = true;
port = 8080;
address = "0.0.0.0";
settings = {
dns_config = {
override_local_dns = true;
base_domain = "0xtux.com";
magic_dns = true;
nameservers = [
"1.1.1.1"
];
};
server_url = "https://hs.0xtux.com";
metrics_listen_addr = "0.0.0.0:8095";
logtail = {
enabled = false;
};
log = {
level = "warn";
};
ip_prefixes = [
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
};
};
nginx = {
enable = true;
virtualHosts = {
"hs.0xtux.com" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
"/metrics" = {
proxyPass = "http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
};
};
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
environment.systemPackages = with pkgs;[ headscale ];
}