derped/nixos
1
0
Fork 0
Code Releases Activity

Added domain option. Maybe fixed binary cache signing.

Browse source
This commit is contained in:
Kevin Baensch 2019-03-23 02:50:48 +01:00
parent 63e40a5a29
commit 66ca5839e5
17 changed files with 238 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

10
machines/Ophanim/Ophanim.nix → machines/CDServer/configuration.nix
View file

@ -10,20 +10,12 @@
];
system.autoUpgrade.enable = false;
# services.vsftp = {
# enable = true;
# ssl_sslv3 = true;
# forceLocalDataSSL = true;
# writeEnable = false;
# userlist = [];
# };
services.haveged.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09";
system.stateVersion = "19.03";
}

41
machines/CDServer/options.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }:
with lib;
{
imports = [
../../options/machine.nix
];
config.machine = {
hostName = "CDServer";
allowUnfree = true;
conffiles = [
"etcvars"
# "security"
"zsh"
];
pkgs = [
"base"
"emacs"
"server"
];
services = [
"docker"
# "fail2ban"
# "gitea"
# "mailserver"
"cd-internes"
"mariaDB"
"nginx"
"openssh"
];
firewall = {
allowPing = false;
allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
};
};
}

19
machines/Lilim/Lilim.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
services = {
gnome3.gnome-terminal-server.enable = true;
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_mode=uinput"
'';
};
environment.systemPackages = with pkgs; [ firmware_surface xdiskusage ];
system.stateVersion = "19.03";
}

51
machines/Lilim/configuration.nix
View file

@ -1,46 +1,19 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
../../options/machine.nix
./Lilim.nix
imports = [
./hardware-configuration.nix
];
config.machine = {
allowUnfree = true;
hostName = "Lilim";
conffiles = [
"etcfiles"
"etcvars"
"fonts"
"zsh"
];
pkgs = [
"base"
"dict"
"emacs"
"extra"
"cpp"
"haskell"
"mailutils"
"python3"
"rustpkgs"
"xpkgs"
];
services = [
"xserver"
"docker"
"udev"
"cups"
];
firewall = {
allowPing = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
};
services = {
gnome3.gnome-terminal-server.enable = true;
udev.extraRules = ''
SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
KERNEL=="uinput", MODE="0660", GROUP="input", OPTIONS+="static_mode=uinput"
'';
};
environment.systemPackages = with pkgs; [ firmware_surface xdiskusage ];
system.stateVersion = "19.03";
}

46
machines/Lilim/options.nix Normal file
View file

@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
with lib;
{
imports = [
../../options/machine.nix
];
config.machine = {
allowUnfree = true;
hostName = "Lilim";
conffiles = [
"etcfiles"
"etcvars"
"fonts"
"zsh"
];
pkgs = [
"base"
"dict"
"emacs"
"extra"
"cpp"
"haskell"
"mailutils"
"python3"
"rustpkgs"
"xpkgs"
];
services = [
# "containers"
"xserver"
# "docker"
"udev"
"cups"
];
firewall = {
allowPing = true;
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
};
};
}

61
machines/Ophanim/configuration.nix
View file

@ -1,42 +1,29 @@
{ config, lib, ... }:
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
with lib;
{ config, pkgs, ... }:
{
imports = [
../../options/machine.nix
./Ophanim.nix
];
imports = [
./hardware-configuration.nix
];
system.autoUpgrade.enable = false;
# services.vsftp = {
# enable = true;
# ssl_sslv3 = true;
# forceLocalDataSSL = true;
# writeEnable = false;
# userlist = [];
# };
services.haveged.enable = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09";
config.machine = {
hostName = "Ophanim";
allowUnfree = true;
conffiles = [
"etcvars"
"security"
"zsh"
];
pkgs = [
"base"
"emacs"
"server"
];
services = [
"fail2ban"
"gitea"
"hydra"
"mailserver"
"mariaDB"
"nextcloud"
"nginx"
"openssh"
];
firewall = {
allowPing = false;
allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ]; # 5222 5269 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
};
};
}

42
machines/Ophanim/options.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, lib, ... }:
with lib;
{
imports = [
../../options/machine.nix
];
config.machine = {
hostName = "Ophanim";
domain = "ophanim.de";
allowUnfree = true;
conffiles = [
"etcvars"
"security"
"zsh"
];
pkgs = [
"base"
"emacs"
"server"
];
services = [
"fail2ban"
"gitea"
"hydra"
"mailserver"
"mariaDB"
"nextcloud"
"nginx"
"openssh"
];
firewall = {
allowPing = false;
allowedUDPPorts = [ 22 80 443 ];
allowedTCPPorts = [ 80 443 ]; # 5222 5269 ];
allowedUDPPortRanges = [];
allowedTCPPortRanges = [];
};
};
}