change controller hostname to arcturus

2025-07-06 13:06:35 +05:30 · 2024-09-13 20:44:58 +05:30
parent 257b108a7b
commit 51b333636e
6 changed files with 10 additions and 9 deletions
--- a/hosts/arcturus/default.nix
+++ b/hosts/arcturus/default.nix
@ -0,0 +1,119 @@
+{
+  pkgs,
+  username,
+  config,
+  ...
+}: {
+  imports = [
+    ./hardware-configuration.nix
+    ../common
+    ../../modules/nixos/headscale.nix
+    ../../modules/nixos/vaultwarden.nix
+    ../../modules/nixos/gitea.nix
+    ../../modules/nixos/monitoring/grafana.nix
+    ../../modules/nixos/monitoring/loki.nix
+    ../../modules/nixos/monitoring/promtail.nix
+    ../../modules/nixos/ntfy-sh.nix
+    ../../modules/nixos/searx.nix
+  ];
+
+  sops.secrets = {
+    borg_encryption_key = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    searx_secret_key = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    "cloudflare_credentials/email" = {
+      sopsFile = ./secrets.yaml;
+    };
+
+    "cloudflare_credentials/dns_api_token" = {
+      sopsFile = ./secrets.yaml;
+    };
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_zen;
+    initrd.systemd.enable = true;
+
+    loader = {
+      grub.device = "/dev/sda";
+      timeout = 1;
+    };
+  };
+
+  networking = {
+    hostName = "arcturus";
+
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [80 443 22];
+    };
+  };
+
+  security = {
+    sudo.wheelNeedsPassword = false;
+
+    acme = {
+      acceptTerms = true;
+      defaults.email = "0xtux@pm.me";
+      certs = {
+        "tux.rs" = {
+          domain = "*.tux.rs";
+          extraDomainNames = ["tux.rs"];
+          dnsProvider = "cloudflare";
+          credentialFiles = {
+            CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
+            CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
+          };
+        };
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = ["acme"];
+
+  services = {
+    nginx = {
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+    };
+
+    borgbackup.jobs.arcturus-backup = {
+      paths = [
+        "/var/lib/bitwarden_rs"
+        "/var/lib/gitea"
+        "/var/lib/headscale"
+        "/var/lib/grafana"
+        "/var/lib/loki"
+        "/var/lib/private/ntfy-sh"
+      ];
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "cat ${config.sops.secrets.borg_encryption_key.path}";
+      };
+      environment.BORG_RSH = "ssh -i /home/${username}/.ssh/storagebox";
+      repo = "ssh://u416910@u416910.your-storagebox.de:23/./arcturus-backups";
+      compression = "auto,zstd";
+      startAt = "daily";
+    };
+  };
+
+  programs = {
+    zsh.enable = true;
+    nix-ld = {
+      enable = true;
+      package = pkgs.nix-ld-rs;
+    };
+    dconf.enable = true;
+  };
+
+  fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
+
+  system.stateVersion = "23.11";
+}