Add basic services necessary for running projects
diff --git a/.sops.yaml b/.sops.yaml
deleted file mode 100644
index f49671e..0000000
--- a/.sops.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-keys:
- - &skyler D520 AC8D 7C96 9212 5B2B BD3A 1AFD 1025 6B3C 714D
- - &python_laptop B2EE B25A FB4C 3A2E C7FA C3A4 3676 C8DC 50D2 4FF6
-creation_rules:
- - path_regex: secrets/.*
- key_groups:
- - pgp:
- - *skyler
- - *python_laptop
- - path_regex: projects/darknosis/.*
- key_groups:
- - pgp:
- - *skyler
diff --git a/default/configuration.nix b/default/configuration.nix
index 75d091a..8f699db 100644
--- a/default/configuration.nix
+++ b/default/configuration.nix
@@ -85,9 +85,18 @@
users.users.nucleus = {
isSystemUser = true;
createHome = true;
+ home = "/services/nucleus";
group = "clicks";
shell = pkgs.bashInteractive;
};
+ users.users.websites = {
+ isSystemUser = true;
+ createHome = true;
+ home = "/services/websites";
+ group = "clicks";
+ shell = pkgs.bashInteractive;
+ };
+ users.groups.clicks = { };
programs.zsh.enable = true;
# List packages installed in system profile. To search, run:
diff --git a/default/flake.nix b/default/flake.nix
index 15d1309..ddbaf5f 100644
--- a/default/flake.nix
+++ b/default/flake.nix
@@ -5,19 +5,21 @@
packages.x86_64-linux.hello = nixpkgs.legacyPackages.x86_64-linux.hello;
- packages.x86_64-linux.nixosConfigurations.nixos = let
+ packages.x86_64-linux.nixosConfigurations.nixos =
+ let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
- in nixpkgs.lib.nixosSystem {
+ in
+ nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
- {
- nixpkgs.config.allowUnfree = true;
- services.mongodb.enable = true;
- services.mongodb.package = pkgs.mongodb-6_0;
- }
- ./configuration.nix
+ {
+ nixpkgs.config.allowUnfree = true;
+ services.mongodb.enable = true;
+ services.mongodb.package = pkgs.mongodb-6_0;
+ }
+ ./configuration.nix
];
- };
+ };
};
}
diff --git a/default/hardware-configuration.nix b/default/hardware-configuration.nix
index 36d9aac..39d8c22 100644
--- a/default/hardware-configuration.nix
+++ b/default/hardware-configuration.nix
@@ -10,18 +10,19 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
- { device = "/dev/disk/by-uuid/33e79acf-16a4-4263-be79-792c9432568c";
+ {
+ device = "/dev/disk/by-uuid/33e79acf-16a4-4263-be79-792c9432568c";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/4EB3-743A";
+ {
+ device = "/dev/disk/by-uuid/4EB3-743A";
fsType = "vfat";
};
swapDevices =
- [ { device = "/dev/disk/by-uuid/3f3ddaa2-80c8-4915-83fe-fcec42bb877c"; }
- ];
+ [{ device = "/dev/disk/by-uuid/3f3ddaa2-80c8-4915-83fe-fcec42bb877c"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/flake.nix b/flake.nix
index b384e79..fd1a07b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -4,24 +4,30 @@
inputs.deploy-rs.url = "github:serokell/deploy-rs";
outputs = { self, nixpkgs, deploy-rs, ... }@inputs: {
- nixosConfigurations.clicks = let
- system = "x86_64-linux";
- pkgs = import nixpkgs {
- inherit system;
- config.allowUnfree = true;
+ nixosConfigurations.clicks =
+ let
+ system = "x86_64-linux";
+ pkgs = import nixpkgs {
+ inherit system;
+ config.allowUnfree = true;
+ };
+ in
+ nixpkgs.lib.nixosSystem {
+ inherit system pkgs;
+ modules = [
+ ./default/configuration.nix
+ ./default/hardware-configuration.nix
+ ./modules/mongodb.nix
+ ./modules/git.nix
+ ./modules/caddy.nix
+ ./modules/fuck.nix
+ ./modules/node.nix
+ {
+ security.sudo.wheelNeedsPassword = false;
+ users.mutableUsers = false;
+ }
+ ];
};
- in nixpkgs.lib.nixosSystem {
- inherit system pkgs;
- modules = [
- ./default/configuration.nix
- ./default/hardware-configuration.nix
- ./services/mongodb.nix
- {
- security.sudo.wheelNeedsPassword = false;
- users.mutableUsers = false;
- }
- ];
- };
deploy.nodes.clicks = {
profiles.system = {
@@ -33,5 +39,7 @@
hostname = "192.168.89.74";
profilesOrder = [ "system" ];
};
+
+ formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
};
}
diff --git a/host/github.nix b/host/github.nix
deleted file mode 100644
index 189c262..0000000
--- a/host/github.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ pkgs, ... }: {
- environment.systemPackages = [
- pkgs.gh
- ];
-}
diff --git a/host/shell.nix b/host/shell.nix
index cc2e6d5..762da08 100644
--- a/host/shell.nix
+++ b/host/shell.nix
@@ -1,13 +1,13 @@
{ pkgs, ... }: {
- users.defaultUserShell = pkgs.zsh;
+ users.defaultUserShell = pkgs.zsh;
- programs.zsh = {
- enable = true;
- ohMyZsh = [ "zsh-syntax-highlighting" "git" "git-auto-fetch" "gh" ];
- autosuggestions = {
- enable = true;
- async = true;
- };
- syntaxHighlighting.enable = true;
+ programs.zsh = {
+ enable = true;
+ ohMyZsh = [ "zsh-syntax-highlighting" "git" "git-auto-fetch" "gh" ];
+ autosuggestions = {
+ enable = true;
+ async = true;
};
+ syntaxHighlighting.enable = true;
+ };
}
diff --git a/host/users.nix b/host/users.nix
index a09372c..71dcea4 100644
--- a/host/users.nix
+++ b/host/users.nix
@@ -1,31 +1,33 @@
-{ pkgs, ... }: let
- createUser = { username, realname, founder = false, sudo = false, ... }: {
- description = realname;
- extraGroups = (
- (if founder then [ "founder" ] else []) ++
- (if founder || sudo then [ "wheel" ] else [])
- );
- isNormalUser = true;
- openssh.authorizedKeys.keyFiles = [ "./sshKeys/${username}" ];
- };
+{ pkgs, ... }:
+let
+ createUser = { username, realname, founder = false, sudo = false, ... }: {
+ description = realname;
+ extraGroups = (
+ (if founder then [ "founder" ] else [ ]) ++
+ (if founder || sudo then [ "wheel" ] else [ ])
+ );
+ isNormalUser = true;
+ openssh.authorizedKeys.keyFiles = [ "./sshKeys/${username}" ];
+ };
- users = {
- "coded" = { realname = "Sam"; founder = true; };
- "minion" = { realname = "Skyler"; founder = true; };
- "pineapplefan" = { realname = "Ash"; founder = true; };
- "eek" = { realname = "Nexus"; sudo = true; };
- };
-in {
- users = {
- mutableUsers = false;
- motd = ''
- Welcome to Clicks! Please make sure to follow all guidelines for using the server, which you can find by typing
- `guidelines` in your terminal. In particular, please remember to use this server as minimally as possible (e.g.
- by keeping as much of your work as is possible stateless and by using your personal
- "${builtins.readFile ./texts/MOTD}"
- '';
- defaultUserShell = pkgs.zsh;
- users = builtins.mapAttrs (name: value: createUser { username = name; } // value) users;
- groups = { };
- };
+ users = {
+ "coded" = { realname = "Sam"; founder = true; };
+ "minion" = { realname = "Skyler"; founder = true; };
+ "pineapplefan" = { realname = "Ash"; founder = true; };
+ "eek" = { realname = "Nexus"; sudo = true; };
+ };
+in
+{
+ users = {
+ mutableUsers = false;
+ motd = ''
+ Welcome to Clicks! Please make sure to follow all guidelines for using the server, which you can find by typing
+ `guidelines` in your terminal. In particular, please remember to use this server as minimally as possible (e.g.
+ by keeping as much of your work as is possible stateless and by using your personal
+ "${builtins.readFile ./texts/MOTD}"
+ '';
+ defaultUserShell = pkgs.zsh;
+ users = builtins.mapAttrs (name: value: createUser { username = name; } // value) users;
+ groups = { };
+ };
}
diff --git a/modules/caddy.nix b/modules/caddy.nix
new file mode 100644
index 0000000..44a5a29
--- /dev/null
+++ b/modules/caddy.nix
@@ -0,0 +1,4 @@
+{ config, pkgs, ... }: {
+ services.caddy.enable = true;
+ services.caddy.extraConfig = builtins.readFile ./caddy/Caddyfile;
+}
diff --git a/modules/caddy/Caddyfile b/modules/caddy/Caddyfile
new file mode 100644
index 0000000..e333b94
--- /dev/null
+++ b/modules/caddy/Caddyfile
@@ -0,0 +1,20 @@
+
+http://api.clicks.codes {
+ handle_path /nucleus {
+ reverse_proxy http://127.0.0.1:10000 {
+ trusted_proxies 192.168.81.136
+ }
+ }
+}
+
+http://clicks.codes {
+ reverse_proxy http://127.0.0.1:3000 {
+ trusted_proxies 192.168.81.136
+ }
+}
+
+http://www.clicks.codes {
+ redir https://clicks.codes{uri} {
+ trusted_proxies 192.168.81.136
+ }
+}
diff --git a/modules/fuck.nix b/modules/fuck.nix
new file mode 100644
index 0000000..bb5810f
--- /dev/null
+++ b/modules/fuck.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }: {
+ programs.thefuck.enable=true;
+ programs.thefuck.alias="fuck";
+}
+
diff --git a/modules/git.nix b/modules/git.nix
new file mode 100644
index 0000000..26e2928
--- /dev/null
+++ b/modules/git.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, ... }: {
+ environment.systemPackages = with pkgs; [ gh git ];
+
+ services.gitea = {
+ enable = true;
+ rootUrl = "https://git.clicks.codes/";
+ httpPort = 6064;
+ settings.mailer = {
+ ENABLED = true;
+ FROM = "git@clicks.codes";
+ PROTOCOL = "smtps";
+ SMTP_ADDR = "smtp.coded.codes";
+ SMTP_PORT = "465";
+ USER = "git@clicks.codes";
+ PASSWD = "ilIfASM@U5Z4XOEoH99gA8jPvGiOiEdx";
+ HELO_HOSTNAME = "git.clicks.codes";
+ };
+ settings.service = {
+ REGISTER_EMAIL_CONFIG = false;
+ ENABLE_NOTIFY_MAIL = false;
+ DISABLE_REGISTRATION = true;
+ ENABLE_CAPTCHA = false;
+ REQUIRE_SIGNIN_VIEW = false;
+ DEFAULT_KEEP_EMAIL_PRIVATE = false;
+ DEFAULT_ENABLE_TIMETRACKING = true;
+ };
+ settings.server = {
+ SSH_DOMAIN = "ssh.clicks.codes";
+ DOMAIN = "localhost";
+ DISABLE_SSH = false;
+ OFFLINE_MODE = false;
+ };
+ settings.openid.ENABLE_OPENID_SIGNIN = true;
+ settings.log = {
+ MODE = "console";
+ LEVEL = "Info";
+ ROUTER = "console";
+ };
+ settings.repository = {
+ ENABLE_PUSH_CREATE_USER = true;
+ ENABLE_PUSH_CREATE_ORG = true;
+ };
+ settings."repository.pull-request".DEFAULT_MERGE_STYLE = "merge";
+ settings."repository.signing".DEFAULT_TRUST_MODEL = "committer";
+ settings.security = {
+ INSTALL_LOCK = true;
+ PASSWORD_HASH_ALGO = "pbkdf2";
+ };
+ settings.indexer = {
+ REPO_INDEXER_ENABLED = true;
+ UPDATE_BUFFER_LEN = 20;
+ MAX_FILE_SIZE = 1048576;
+ };
+ settings.session.PROVIDER = "file";
+ };
+}
diff --git a/modules/mongodb.nix b/modules/mongodb.nix
index 26570f1..b694468 100644
--- a/modules/mongodb.nix
+++ b/modules/mongodb.nix
@@ -1,7 +1,8 @@
{ config, pkgs, ... }: {
- environment.systemPackages = [ pkgs.mongosh ];
+ environment.systemPackages = [ pkgs.mongosh pkgs.mongodb-tools ];
services.mongodb.enable = true;
services.mongodb.enableAuth = true;
- services.mongodb.initialRootPassword = "fYhw&%6frpcL9zcJ5p^b^tquP0kyVE9hehoLY4lY2zUUzbIjEyDPhAIMe2M";
+ services.mongodb.bind_ip = "0.0.0.0";
+ services.mongodb.initialRootPassword = "changeme";
services.mongodb.package = pkgs.mongodb-6_0;
}
diff --git a/modules/node.nix b/modules/node.nix
new file mode 100644
index 0000000..d5f832f
--- /dev/null
+++ b/modules/node.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }: {
+ environment.systemPackages = with pkgs; [
+ nodejs-19_x
+ nodePackages.typescript
+ yarn
+ nodePackages.pm2
+ ];
+}