From e417943e9fe952e73d83f4873c2252ae0f79c31c Mon Sep 17 00:00:00 2001 From: emily Date: Tue, 9 Jan 2024 15:46:18 +0100 Subject: [PATCH] added module and some other stuff --- config/common/default.nix | 25 +++++++++++++ config/hosts/web02/configuration.nix | 23 ++++++++---- config/users/default.nix | 5 +++ config/users/emily/default.nix | 10 ++++++ configuration.nix | 17 --------- flake.lock | 43 +++++++++++++++++++++++ flake.nix | 23 ++++++++++-- modules/default.nix | 5 +++ modules/vhost/default.nix | 52 ++++++++++++++++++++++++++++ 9 files changed, 177 insertions(+), 26 deletions(-) create mode 100644 config/common/default.nix create mode 100644 config/users/default.nix create mode 100644 config/users/emily/default.nix delete mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 modules/default.nix create mode 100644 modules/vhost/default.nix diff --git a/config/common/default.nix b/config/common/default.nix new file mode 100644 index 0000000..4611f8d --- /dev/null +++ b/config/common/default.nix @@ -0,0 +1,25 @@ +{ config, pkgs }: { + + imports = [ + ../users + ../../modules + ./networking.nix + ./openssh.nix + ]; + environment.systemPackages = with pkgs; [ + kitty.terminfo + bat + ripgrep + utils-coreutils + git + bmon + bottom + man-pages + man-pages-posix + linux-manual + unzip + zip + ]; + system.stateVersion = "23.11"; + time.timeZone = mkDefault "CET"; +} diff --git a/config/hosts/web02/configuration.nix b/config/hosts/web02/configuration.nix index 8709556..4f69247 100644 --- a/config/hosts/web02/configuration.nix +++ b/config/hosts/web02/configuration.nix @@ -13,6 +13,12 @@ let http3 = true; quic = true; }; + autoIndex = '' + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + ''; createHost = builtins.mapAttrs (vhostName: vhostCfg: with lib; let mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg @@ -64,6 +70,7 @@ in { }; phpEnv."PATH" = lib.makeBinPath [ pkgs.php ]; }; + services.vnstat.enable = true; services.nginx = { package = pkgs.nginxQuic; enable = true; @@ -85,7 +92,6 @@ in { virtualHosts = createHost { "miau.zip" = { root = "/var/www/kyouma.net"; }; "www.miau.zip" = { redirectTo = "miau.zip"; }; - "kyouma.net" = { root = "/var/www/kyouma.net"; }; "www.kyouma.net" = { redirectTo = "kyouma.net"; }; "emily.cat" = { root = "/var/www/emily.cat/_site"; }; "www.emily.cat" = { redirectTo = "kyouma.net"; }; @@ -111,12 +117,15 @@ in { "files.cocaine.trade" = { useACMEHost = "cocaine.trade"; root = "/mnt/basti/files.cocaine.trade"; - locations."/".extraConfig = '' - autoindex on; - autoindex_exact_size off; - autoindex_format html; - autoindex_localtime on; - ''; + locations."/".extraConfig = autoIndex; + }; + "kyouma.net" = { + root = "/var/www/kyouma.net"; + locations = { + "/ihk/".extraConfig = autoIndex; + "/vyos/".extraConfig = autoIndex; + "/3ds/".extraConfig = autoIndex; + }; }; "lg.kyouma.net" = { root = "/var/www/lg.kyouma.net"; diff --git a/config/users/default.nix b/config/users/default.nix new file mode 100644 index 0000000..34d379b --- /dev/null +++ b/config/users/default.nix @@ -0,0 +1,5 @@ +{ ... }: { + imports = [ + ./emily + ]; +} diff --git a/config/users/emily/default.nix b/config/users/emily/default.nix new file mode 100644 index 0000000..d83c3dd --- /dev/null +++ b/config/users/emily/default.nix @@ -0,0 +1,10 @@ +{ config, pkgs }: { + users.users.emily = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card" + ]; + }; +} diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index c1184d2..0000000 --- a/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, pkgs, lib, modulesPath, ... }: - -with lib; { - imports = [ - ./config/common/networking.nix - ./config/common/openssh.nix - ./config/hosts/web02/configuration.nix - ]; - - environment.systemPackages = with pkgs; [ - vim - ]; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card" - ]; -} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..75c5300 --- /dev/null +++ b/flake.lock @@ -0,0 +1,43 @@ +{ + "nodes": { + "nixos-hardware": { + "locked": { + "lastModified": 1704632650, + "narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "c478b3d56969006e015e55aaece4931f3600c1b2", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1704538339, + "narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index c94fed5..6ea1eb3 100644 --- a/flake.nix +++ b/flake.nix @@ -1,11 +1,30 @@ { - description = "nixfiles"; + description = "emilys config hell"; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:nixos/nixos-hardware"; }; outputs = { self, nixpkgs, nixos-hardware, ... }@attrs: { - + nixosConfigurations = { + web02 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialAttrs = attrs; + modules = [ + ./config/common + ./config/lxc.nix + ./config/hosts/web02/configuration.nix + ]; + }; + ryuuko = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialAttrs = attrs; + modules = [ + ./config/common + ./config/x1.nix + ./config/hosts/ryuuko/configuration.nix + ]; + }; + }; }; } diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..dfe2cd6 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,5 @@ +{ ... }: { + imports = [ + ./vhost + ]; +} diff --git a/modules/vhost/default.nix b/modules/vhost/default.nix new file mode 100644 index 0000000..7beb513 --- /dev/null +++ b/modules/vhost/default.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: + +with lib; let + cfg = config.services.nginx.createHost; + extraConfig = '' + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header Referrer-Policy "same-origin" always; + ''; + virtHostCfg = { + forceSSL = true; + http3 = true; + quic = true; + }; + autoIndex = '' + autoindex on; + autoindex_exact_size off; + autoindex_format html; + autoindex_localtime on; + ''; + createHostFunc = builtins.mapAttrs (vhostName: vhostCfg: + with lib; let + mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg + then { + useACMEHost = vhostCfg.redirectTo; + globalRedirect = vhostCfg.redirectTo; + } else ( + optionalAttrs !(builtins.hasAttr "useACMEHost" vhostCfg) { + enableACME = true; + }); + extraCfg = if builtins.hasAttr "extraConfig" vhostCfg + then { extraConfig = ''${vhostCfg.extraConfig} ${extraConfig}''; } + else { inherit extraConfig; }; + in + virtHostCfg // mkRedirect // extraCfg // + (builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ]) + ); +in { + options = { + services.nginx.createHost = mkOption { + type = with types; nullOr anything; + default = null; + }; + }; + config = { + services.nginx.virtualHosts = createHostFunc (cfg); + }; +} +