1
0
Fork 0
forked from emily/nixfiles

added module and some other stuff

This commit is contained in:
emily 2024-01-09 15:46:18 +01:00
parent 64fdb01b9b
commit e417943e9f
Signed by untrusted user: emily
GPG key ID: F6F4C66207FCF995
9 changed files with 177 additions and 26 deletions

25
config/common/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, pkgs }: {
imports = [
../users
../../modules
./networking.nix
./openssh.nix
];
environment.systemPackages = with pkgs; [
kitty.terminfo
bat
ripgrep
utils-coreutils
git
bmon
bottom
man-pages
man-pages-posix
linux-manual
unzip
zip
];
system.stateVersion = "23.11";
time.timeZone = mkDefault "CET";
}

View file

@ -13,6 +13,12 @@ let
http3 = true;
quic = true;
};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
createHost = builtins.mapAttrs (vhostName: vhostCfg:
with lib; let
mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg
@ -64,6 +70,7 @@ in {
};
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
services.vnstat.enable = true;
services.nginx = {
package = pkgs.nginxQuic;
enable = true;
@ -85,7 +92,6 @@ in {
virtualHosts = createHost {
"miau.zip" = { root = "/var/www/kyouma.net"; };
"www.miau.zip" = { redirectTo = "miau.zip"; };
"kyouma.net" = { root = "/var/www/kyouma.net"; };
"www.kyouma.net" = { redirectTo = "kyouma.net"; };
"emily.cat" = { root = "/var/www/emily.cat/_site"; };
"www.emily.cat" = { redirectTo = "kyouma.net"; };
@ -111,12 +117,15 @@ in {
"files.cocaine.trade" = {
useACMEHost = "cocaine.trade";
root = "/mnt/basti/files.cocaine.trade";
locations."/".extraConfig = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
locations."/".extraConfig = autoIndex;
};
"kyouma.net" = {
root = "/var/www/kyouma.net";
locations = {
"/ihk/".extraConfig = autoIndex;
"/vyos/".extraConfig = autoIndex;
"/3ds/".extraConfig = autoIndex;
};
};
"lg.kyouma.net" = {
root = "/var/www/lg.kyouma.net";

5
config/users/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }: {
imports = [
./emily
];
}

View file

@ -0,0 +1,10 @@
{ config, pkgs }: {
users.users.emily = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
];
};
}

View file

@ -1,17 +0,0 @@
{ config, pkgs, lib, modulesPath, ... }:
with lib; {
imports = [
./config/common/networking.nix
./config/common/openssh.nix
./config/hosts/web02/configuration.nix
];
environment.systemPackages = with pkgs; [
vim
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/+iN407+HsfHbbC3tfdA8Yf4TZ08qXQMb4tb/SDAs+ emily@card"
];
}

43
flake.lock Normal file
View file

@ -0,0 +1,43 @@
{
"nodes": {
"nixos-hardware": {
"locked": {
"lastModified": 1704632650,
"narHash": "sha256-83J/nd/NoLqo3vj0S0Ppqe8L+ijIFiGL6HNDfCCUD/Q=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "c478b3d56969006e015e55aaece4931f3600c1b2",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1704538339,
"narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

View file

@ -1,11 +1,30 @@
{
description = "nixfiles";
description = "emilys config hell";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:nixos/nixos-hardware";
};
outputs = { self, nixpkgs, nixos-hardware, ... }@attrs: {
nixosConfigurations = {
web02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialAttrs = attrs;
modules = [
./config/common
./config/lxc.nix
./config/hosts/web02/configuration.nix
];
};
ryuuko = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialAttrs = attrs;
modules = [
./config/common
./config/x1.nix
./config/hosts/ryuuko/configuration.nix
];
};
};
};
}

5
modules/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ ... }: {
imports = [
./vhost
];
}

52
modules/vhost/default.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, lib, ... }:
with lib; let
cfg = config.services.nginx.createHost;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "same-origin" always;
'';
virtHostCfg = {
forceSSL = true;
http3 = true;
quic = true;
};
autoIndex = ''
autoindex on;
autoindex_exact_size off;
autoindex_format html;
autoindex_localtime on;
'';
createHostFunc = builtins.mapAttrs (vhostName: vhostCfg:
with lib; let
mkRedirect = if builtins.hasAttr "redirectTo" vhostCfg
then {
useACMEHost = vhostCfg.redirectTo;
globalRedirect = vhostCfg.redirectTo;
} else (
optionalAttrs !(builtins.hasAttr "useACMEHost" vhostCfg) {
enableACME = true;
});
extraCfg = if builtins.hasAttr "extraConfig" vhostCfg
then { extraConfig = ''${vhostCfg.extraConfig} ${extraConfig}''; }
else { inherit extraConfig; };
in
virtHostCfg // mkRedirect // extraCfg //
(builtins.removeAttrs vhostCfg [ "redirectTo" "extraConfig" ])
);
in {
options = {
services.nginx.createHost = mkOption {
type = with types; nullOr anything;
default = null;
};
};
config = {
services.nginx.virtualHosts = createHostFunc (cfg);
};
}