diff --git a/flake.lock b/flake.lock index 62d175d..e4691a0 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,78 @@ { "nodes": { + "conduit": { + "inputs": { + "crane": "crane", + "fenix": "fenix", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1691686916, + "narHash": "sha256-TpNssMHvSKcxJMas5lQNWEbIv09u4/niBN2C27Mp0JY=", + "owner": "famedly", + "repo": "conduit", + "rev": "0c2cfda3ae923d9e922d5edf379e4d8976a52d4e", + "type": "gitlab" + }, + "original": { + "owner": "famedly", + "ref": "v0.6.0", + "repo": "conduit", + "type": "gitlab" + } + }, + "crane": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": [ + "conduit", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1688772518, + "narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=", + "owner": "ipetkov", + "repo": "crane", + "rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "conduit", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1689488573, + "narHash": "sha256-diVASflKCCryTYv0djvMnP2444mFsIG0ge5pa7ahauQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "39096fe3f379036ff4a5fa198950b8e79defe939", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -16,6 +89,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -38,6 +127,24 @@ "inputs": { "systems": "systems_2" }, + "locked": { + "lastModified": 1692799911, + "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, "locked": { "lastModified": 1681202837, "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", @@ -52,7 +159,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -74,11 +181,11 @@ ] }, "locked": { - "lastModified": 1689891262, - "narHash": "sha256-Pc4wDczbdgd6QXKJIXprgxe7L9AVDsoAkMnvm5vmpUU=", + "lastModified": 1694375657, + "narHash": "sha256-32X8dcty4vPXx+D4yJPQZBo5hJ1NQikALhevGv6elO4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ee5673246de0254186e469935909e821b8f4ec15", + "rev": "f7848d3e5f15ed02e3f286029697e41ee31662d7", "type": "github" }, "original": { @@ -89,16 +196,16 @@ }, "nix-vscode-extensions": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_2", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1689903271, - "narHash": "sha256-t3CPQ3afi5fUbY/I4nldZgsUMO9/17UwIC9XPiD0ybs=", + "lastModified": 1694395166, + "narHash": "sha256-F0SRxtFF8EsEff6cRO81NdCpVz/S761ytETNqRkRwU4=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "2064829219ef11822e539664ba975fdf443bbe7b", + "rev": "e6c8e1659000d07804526e42b99fa5f15190c324", "type": "github" }, "original": { @@ -109,7 +216,7 @@ }, "nixos-cn": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ] @@ -130,11 +237,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1689320556, - "narHash": "sha256-vODUkZLWFVCvo1KPK3dC2CbXjxa9antEn5ozwlcTr48=", + "lastModified": 1693718952, + "narHash": "sha256-+nGdJlgTk0MPN7NygopipmyylVuAVi7OItIwTlwtGnw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "d4ea64f2063820120c05f6ba93ee02e6d4671d6b", + "rev": "793de77d9f83418b428e8ba70d1e42c6507d0d35", "type": "github" }, "original": { @@ -162,11 +269,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1689885880, - "narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=", + "lastModified": 1694304580, + "narHash": "sha256-5tIpNodDpEKT8mM/F5zCzWEAnidOg8eb1/x3SRaaBLs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0", + "rev": "4c8cf44c5b9481a4f093f1df3b8b7ba997a7c760", "type": "github" }, "original": { @@ -178,11 +285,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1689473667, - "narHash": "sha256-41ePf1ylHMTogSPAiufqvBbBos+gtB6zjQlYFSEKFMM=", + "lastModified": 1693675694, + "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "13231eccfa1da771afa5c0807fdd73e05a1ec4e6", + "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d", "type": "github" }, "original": { @@ -194,11 +301,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1689940971, - "narHash": "sha256-397xShPnFqPC59Bmpo3lS+/Aw0yoDRMACGo1+h2VJMo=", + "lastModified": 1694183432, + "narHash": "sha256-YyPGNapgZNNj51ylQMw9lAgvxtM2ai1HZVUu3GS8Fng=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9ca785644d067445a4aa749902b29ccef61f7476", + "rev": "db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b", "type": "github" }, "original": { @@ -208,29 +315,13 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1689413807, - "narHash": "sha256-exuzOvOhGAEKWQKwDuZAL4N8a1I837hH5eocaTcIbLc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "46ed466081b9cad1125b11f11a2af5cc40b942c7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { - "lastModified": 1689986542, - "narHash": "sha256-nfAoJhHAeOM+G2E4qzE3E8vtt5VH14bq9u7a9wxTR1c=", + "lastModified": 1694400936, + "narHash": "sha256-MOUf6iF1B5jw25xWgRTj47L2lS32F5wIACEErYqq2n0=", "owner": "nix-community", "repo": "NUR", - "rev": "3d51c81356bd84bfa7b5b2ccb11c36b58b9f5cde", + "rev": "1850109f159c735841f7f6a51100b05d5b055113", "type": "github" }, "original": { @@ -241,7 +332,8 @@ }, "root": { "inputs": { - "flake-utils": "flake-utils", + "conduit": "conduit", + "flake-utils": "flake-utils_2", "home-manager": "home-manager", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-cn": "nixos-cn", @@ -252,17 +344,63 @@ "sops-nix": "sops-nix" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1689441253, + "narHash": "sha256-4MSDZaFI4DOfsLIZYPMBl0snzWhX1/OqR/QHir382CY=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "996e054f1eb1dbfc8455ecabff0f6ff22ba7f7c8", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "conduit", + "crane", + "flake-utils" + ], + "nixpkgs": [ + "conduit", + "crane", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688351637, + "narHash": "sha256-CLTufJ29VxNOIZ8UTg0lepsn3X03AmopmaLTTeHDCL4=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "f9b92316727af9e6c7fee4a761242f7f46880329", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1689534977, - "narHash": "sha256-EB4hasmjKgetTR0My2bS5AwELZFIQ4zANLqHKi7aVXg=", + "lastModified": 1693898833, + "narHash": "sha256-OIrMAGNYNeLs6IvBynxcXub7aSW3GEUvWNsb7zx6zuU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "bd695cc4d0a5e1bead703cc1bec5fa3094820a81", + "rev": "faf21ac162173c2deb54e5fdeed002a9bd6e8623", "type": "github" }, "original": { @@ -300,6 +438,21 @@ "repo": "default", "type": "github" } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 02117ee..d84f120 100644 --- a/flake.nix +++ b/flake.nix @@ -9,9 +9,13 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nur.url = "github:nix-community/NUR"; + nur = { + url = "github:nix-community/NUR"; + }; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + nixos-hardware = { + url = "github:NixOS/nixos-hardware/master"; + }; nixos-cn = { url = "github:nixos-cn/flakes"; @@ -19,11 +23,19 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - sops-nix.url = "github:Mic92/sops-nix"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + conduit.url = "gitlab:famedly/conduit/v0.6.0"; + conduit.inputs.nixpkgs.follows = "nixpkgs"; nix-vscode-extensions.url = "github:nix-community/nix-vscode-extensions"; - flake-utils.url = "github:numtide/flake-utils"; + flake-utils = { + url = "github:numtide/flake-utils"; + }; }; @@ -67,9 +79,9 @@ system = "aarch64-linux"; modules = [ machines/massicot - (mkHome "xin" "gold") - ] - } + (mkHome "xin" "raspite") + ]; + }; nixosConfigurations.raspite = mkNixos { system = "aarch64-linux"; diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix index 81fd528..8dd59d5 100644 --- a/machines/massicot/default.nix +++ b/machines/massicot/default.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix ./networking.nix + ./services.nix ]; boot.loader.efi.canTouchEfiVariables = true; @@ -11,7 +12,6 @@ boot.loader.grub = { enable = true; efiSupport = true; - device = "/dev/sda"; }; environment.systemPackages = with pkgs; [ @@ -24,11 +24,13 @@ networking = { hostName = "massicot"; - useDHCP = false; }; services.openssh = { enable = true; + settings = { + PasswordAuthentication = false; + }; }; systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; @@ -39,8 +41,9 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPBcSvUQnmMFtpftFKIsDqeyUyZHzRg5ewgn3VEcLnss" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInPn+7cMbH7zCEPJArU/Ot6oq8NHo8a2rYaCfTp7zgd" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPeNQ43f/ce4VxVPsAaKPPTp8rokQpmwNIsOX7JBZq4A" ]; hashedPassword = "$y$j9T$JOJn97hZndiDamUmmT.iq.$ue7gNZz/b14ur8GhyutOCvFjsv.3rcsHmk7m.WRk6u7"; }; -} \ No newline at end of file +} diff --git a/machines/massicot/hardware-configuration.nix b/machines/massicot/hardware-configuration.nix index 5d6574a..89358f7 100644 --- a/machines/massicot/hardware-configuration.nix +++ b/machines/massicot/hardware-configuration.nix @@ -1,36 +1,13 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - +{ modulesPath, ... }: { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/934bc9cd-c80f-4af0-a446-e92c3b21ad9e"; - fsType = "ext4"; - }; - - fileSystems."/boot/efi" = - { device = "/dev/disk/by-uuid/06F4-7777"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} \ No newline at end of file + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub = { + efiSupport = true; + device = "nodev"; + }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/AC27-D9D6"; fsType = "vfat"; }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + +} diff --git a/machines/massicot/networking.nix b/machines/massicot/networking.nix index fd5bf27..4aadb44 100644 --- a/machines/massicot/networking.nix +++ b/machines/massicot/networking.nix @@ -1,6 +1,7 @@ { networking = { interfaces = { + eth0.useDHCP = true; eth0.ipv6.addresses = [{ address = "2a01:4f8:c17:345f::1"; prefixLength = 64; @@ -10,6 +11,6 @@ address = "fe80::1"; interface = "eth0"; }; - nameservers = [ "2a00:1098:2b::1" "2a00:1098:2c::1" "2a01:4f9:c010:3f02::1"]; + nameservers = [ ]; }; -} \ No newline at end of file +} diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix new file mode 100644 index 0000000..161b83b --- /dev/null +++ b/machines/massicot/services.nix @@ -0,0 +1,69 @@ +{ config, pkgs, inputs, ... }: +{ + services.matrix-conduit = { + enable = true; + # package = inputs.conduit.packages.${pkgs.system}.default; + package = pkgs.matrix-conduit; + settings.global = { + server_name = "xinyang.life"; + port = 6167; + # database_path = "/var/lib/matrix-conduit/"; + database_backend = "rocksdb"; + allow_registration = false; + }; + }; + + services.gotosocial = { + enable = true; + settings = { + log-level = "debug"; + host = "xinyang.life"; + letsencrypt-enabled = false; + bind-address = "localhost"; + landing-page-user = "me"; + instance-expose-public-timeline = true; + }; + }; + + services.gitea = { + enable = true; + package = pkgs.forgejo; + settings = { + service.DISABLE_REGISTRATION = true; + server = { + ROOT_URL = "https://git.xinyang.life/"; + }; + }; + }; + + services.caddy = { + enable = true; + virtualHosts."xinyang.life:443".extraConfig = '' + tls internal + encode zstd gzip + reverse_proxy /_matrix/* localhost:6167 + handle_path /.well-known/matrix/client { + header Content-Type "application/json" + header Access-Control-Allow-Origin "*" + header Content-Disposition attachment; filename="client" + respond `{"m.homeserver":{"base_url":"https://xinyang.life/"}, "org.matrix.msc3575.proxy":{"url":"https://xinyang.life/"}}` + } + handle_path /.well-known/matrix/server { + header Content-Type "application/json" + header Access-Control-Allow-Origin "*" + respond `{"m.server": "xinyang.life:443"}` + } + + reverse_proxy * http://localhost:8080 { + flush_interval -1 + } + ''; + virtualHosts."git.xinyang.life:443".extraConfig = '' + tls internal + reverse_proxy http://${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT} + ''; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; + networking.firewall.allowedUDPPorts = [ 80 443 8448 ]; +}