added module and some other stuff

2024-01-09 15:46:18 +01:00 · 2024-01-09 15:46:18 +01:00 · e417943e9f
commit e417943e9f
parent 64fdb01b9b
9 changed files with 177 additions and 26 deletions
--- a/config/common/default.nix
+++ b/config/common/default.nix
@ -0,0 +1,25 @@
 { config, pkgs }: {
  imports = [
    ../users
    ../../modules
    ./networking.nix
    ./openssh.nix
  ];
  environment.systemPackages = with pkgs; [
    kitty.terminfo
    bat
    ripgrep
    utils-coreutils
    git
    bmon
    bottom
    man-pages
    man-pages-posix
    linux-manual
    unzip
    zip
  ]; 
  system.stateVersion = "23.11";
  time.timeZone = mkDefault "CET";
 }
--- a/config/hosts/web02/configuration.nix
+++ b/config/hosts/web02/configuration.nix
@ -13,6 +13,12 @@ let
    http3 = true;
    quic = true; 
  };
  autoIndex = ''
    autoindex on;
    autoindex_exact_size off;
    autoindex_format html;
    autoindex_localtime on;
  '';
  createHost = builtins.mapAttrs (vhostName: vhostCfg:
    with lib; let
      mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg 
@ -64,6 +70,7 @@ in {
    };
    phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
  };
  services.vnstat.enable = true;
  services.nginx = {
    package = pkgs.nginxQuic;
    enable = true;
@ -85,7 +92,6 @@ in {
    virtualHosts = createHost {
      "miau.zip" = { root = "/var/www/kyouma.net"; };
      "www.miau.zip" = { redirectTo = "miau.zip"; };
      "kyouma.net" = { root = "/var/www/kyouma.net"; };
      "www.kyouma.net" = { redirectTo = "kyouma.net"; };
      "emily.cat" = { root = "/var/www/emily.cat/_site"; };
      "www.emily.cat" = { redirectTo = "kyouma.net"; };
@ -111,12 +117,15 @@ in {
      "files.cocaine.trade" = {
        useACMEHost = "cocaine.trade";
        root = "/mnt/basti/files.cocaine.trade";
-        locations."/".extraConfig = ''
+        locations."/".extraConfig = autoIndex;
-          autoindex on;
+      };
-          autoindex_exact_size off;
+      "kyouma.net" = {
-          autoindex_format html;
+        root = "/var/www/kyouma.net";
-          autoindex_localtime on;
+        locations = {
-        '';
+          "/ihk/".extraConfig = autoIndex;
          "/vyos/".extraConfig = autoIndex;
          "/3ds/".extraConfig = autoIndex;
        };
      };
      "lg.kyouma.net" = {
        root = "/var/www/lg.kyouma.net";
--- a/config/users/default.nix
+++ b/config/users/default.nix
@ -0,0 +1,5 @@
 { ... }: {
  imports = [
    ./emily
  ];
 }
--- a/config/users/emily/default.nix
+++ b/config/users/emily/default.nix
@ -0,0 +1,10 @@
 { config, pkgs }: {
  users.users.emily = {
    isNormalUser = true;
    shell = pkgs.zsh;
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
    ];
  };
 }
--- a/configuration.nix
+++ b/configuration.nix
@ -1,17 +0,0 @@
 { config, pkgs, lib, modulesPath, ... }:
 with lib; {
  imports = [
    ./config/common/networking.nix
    ./config/common/openssh.nix
    ./config/hosts/web02/configuration.nix
  ];
  environment.systemPackages = with pkgs; [
    vim
  ];
  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
  ];
 }
--- a/flake.lock
+++ b/flake.lock
@ -0,0 +1,43 @@
 {
  "nodes": {
    "nixos-hardware": {
      "locked": {
        "lastModified": 1704632650,
        "narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=",
        "owner": "nixos",
        "repo": "nixos-hardware",
        "rev": "c478b3d56969006e015e55aaece4931f3600c1b2",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "repo": "nixos-hardware",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1704538339,
        "narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs"
      }
    }
  },
  "root": "root",
  "version": 7
 }
--- a/flake.nix
+++ b/flake.nix
@ -1,11 +1,30 @@
 {
-  description = "nixfiles";
+  description = "emilys config hell";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    nixos-hardware.url = "github:nixos/nixos-hardware";
  };
  outputs = { self, nixpkgs, nixos-hardware, ... }@attrs: {
-    
+    nixosConfigurations = {
      web02 = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialAttrs = attrs;
        modules = [
          ./config/common
          ./config/lxc.nix
          ./config/hosts/web02/configuration.nix
        ];
      };
      ryuuko = nixpkgs.lib.nixosSystem {
        system = "x86_64-linux";
        specialAttrs = attrs;
        modules = [
          ./config/common
          ./config/x1.nix
          ./config/hosts/ryuuko/configuration.nix
        ];
      };
    };
  };
 }
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,5 @@
 { ... }: {
  imports = [
    ./vhost
  ];
 }
--- a/modules/vhost/default.nix
+++ b/modules/vhost/default.nix
@ -0,0 +1,52 @@
 { config, lib, ... }:
 with lib; let
  cfg = config.services.nginx.createHost;
  extraConfig = ''
    add_header Strict-Transport-Security 	$hsts_header;
    #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
    add_header X-Content-Type-Options 	"nosniff" always;
    add_header X-XSS-Protection 		"1; mode=block" always;
    add_header X-Frame-Options 		"SAMEORIGIN" always;
    add_header Referrer-Policy 		"same-origin" always;
  '';
  virtHostCfg = {
    forceSSL = true;
    http3 = true;
    quic = true; 
  };
  autoIndex = ''
    autoindex on;
    autoindex_exact_size off;
    autoindex_format html;
    autoindex_localtime on;
  '';
  createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
    with lib; let
      mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg 
        then {
          useACMEHost = vhostCfg.redirectTo;
          globalRedirect = vhostCfg.redirectTo;
        } else (
          optionalAttrs !(builtins.hasAttr "useACMEHost" vhostCfg) {
            enableACME = true;
        });
      extraCfg = if builtins.hasAttr "extraConfig" vhostCfg
        then { extraConfig = ''${vhostCfg.extraConfig} ${extraConfig}''; }
        else { inherit extraConfig; };
    in
    virtHostCfg // mkRedirect // extraCfg //
    (builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ])
  );
 in {
  options = {
    services.nginx.createHost = mkOption {
      type = with types; nullOr anything;
      default = null;
    };
  };
  config = {
    services.nginx.virtualHosts = createHostFunc (cfg);
  };
 }