mirror of
https://github.com/tuxdotrs/tawm.git
synced 2025-07-05 20:56:33 +05:30
added a new host machine
This commit is contained in:
20
flake.nix
20
flake.nix
@ -61,6 +61,26 @@
|
||||
];
|
||||
};
|
||||
|
||||
controller = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs username; };
|
||||
modules = [
|
||||
./hosts/controller
|
||||
./modules/nixos/headscale.nix
|
||||
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.extraSpecialArgs = { inherit inputs outputs username; };
|
||||
home-manager.users.${username} = {
|
||||
imports = [
|
||||
./modules/home-manager
|
||||
./home/tux
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
wsl = nixpkgs.lib.nixosSystem {
|
||||
specialArgs = { inherit inputs outputs username; };
|
||||
modules = [
|
||||
|
80
hosts/controller/default.nix
Normal file
80
hosts/controller/default.nix
Normal file
@ -0,0 +1,80 @@
|
||||
{ config, outputs, lib, pkgs, inputs, username, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
outputs.overlays.nur
|
||||
];
|
||||
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
joypixels.acceptLicense = true;
|
||||
};
|
||||
};
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = "nix-command flakes";
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelPackages = pkgs.linuxPackages_zen;
|
||||
initrd.systemd.enable = true;
|
||||
|
||||
loader = {
|
||||
grub.device = "/dev/sda";
|
||||
timeout = 1;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "controller";
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo.wheelNeedsPassword = false;
|
||||
};
|
||||
|
||||
programs = {
|
||||
zsh.enable = true;
|
||||
nix-ld.enable = true;
|
||||
dconf.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
defaultUserShell = pkgs.zsh;
|
||||
users.${username} = {
|
||||
initialPassword = "${username}";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "networkmanager" "wheel" "storage" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+OzPUe2ECPC929DqpkM39tl/vdNAXfsRnmrGfR+X3D 0xtux@pm.me''
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs;[
|
||||
];
|
||||
|
||||
fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" "JetBrainsMono" ]; }) ];
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
39
hosts/controller/hardware-configuration.nix
Normal file
39
hosts/controller/hardware-configuration.nix
Normal file
@ -0,0 +1,39 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/b5a9a9f6-be72-4520-b2ac-439d0479a34b";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/efi" =
|
||||
{
|
||||
device = "systemd-1";
|
||||
fsType = "autofs";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
61
modules/nixos/headscale.nix
Normal file
61
modules/nixos/headscale.nix
Normal file
@ -0,0 +1,61 @@
|
||||
{ config, lib, pkgs, ... }: {
|
||||
|
||||
security = {
|
||||
acme = {
|
||||
defaults.email = "0xtux@pm.me";
|
||||
acceptTerms = true;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
headscale = {
|
||||
enable = true;
|
||||
port = 8080;
|
||||
address = "0.0.0.0";
|
||||
settings = {
|
||||
dns_config = {
|
||||
override_local_dns = true;
|
||||
base_domain = "0xtux.com";
|
||||
magic_dns = true;
|
||||
nameservers = [
|
||||
"1.1.1.1"
|
||||
];
|
||||
};
|
||||
server_url = "https://hs.0xtux.com";
|
||||
metrics_listen_addr = "0.0.0.0:8095";
|
||||
logtail = {
|
||||
enabled = false;
|
||||
};
|
||||
log = {
|
||||
level = "warn";
|
||||
};
|
||||
ip_prefixes = [
|
||||
"100.64.0.0/10"
|
||||
"fd7a:115c:a1e0::/48"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"hs.0xtux.com" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.headscale.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
"/metrics" = {
|
||||
proxyPass = "http://${config.services.headscale.settings.metrics_listen_addr}/metrics";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
environment.systemPackages = with pkgs;[ headscale ];
|
||||
}
|
Reference in New Issue
Block a user