Skip to content

Instantly share code, notes, and snippets.

@starptr

starptr/flake.nix

Created November 22, 2024 01:52
Show Gist options
  • Save starptr/a51483fe5b82eef16310da2cc89d7316 to your computer and use it in GitHub Desktop.
Save starptr/a51483fe5b82eef16310da2cc89d7316 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
flake.nix
{
inputs = {
# TODO: Check for repeated inputs to reduce duplication of inputs
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-tilderef.url = "github:NixOS/nixpkgs/nixos-unstable";
# TODO: Check for repeated inputs to reduce duplication of inputs
flake-utils.url = "github:numtide/flake-utils";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
inputs.utils.follows = "flake-utils";
};
};
outputs = { self, nixpkgs, nixpkgs-tilderef, flake-utils, deploy-rs }:
(flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in
{
devShells.using-deploy-rs = pkgs.mkShell {
buildInputs = [
pkgs.deploy-rs
];
};
devShells.default = self.devShells.${system}.using-deploy-rs;
}
)) // (let
generated-data-from-pulumi = builtins.fromJSON (builtins.readFile ./generated.json);
in {
nixosConfigurations.serverref = nixpkgs-tilderef.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./src/serverref.nix ];
};
deploy.nodes.serverref = {
hostname = generated-data-from-pulumi.serverref.ipAddress;
profilesOrder = [ "system" ];
profiles.system = {
user = "root";
sshUser = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.serverref;
remoteBuild = true;
};
};
# This is highly advised, and will prevent many possible mistakes
# Disabled to avoid remote builder
#checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
});
}
Raw
src---serverref.nix
{ config, modulesPath, lib, pkgs, ... }:
let
generated-data-from-pulumi = builtins.fromJSON (builtins.readFile ./generated.json);
in
{
imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
(modulesPath + "/virtualisation/digital-ocean-config.nix")
];
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings.trusted-public-keys = [
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
settings.trusted-substituters = [
"https://devenv.cachix.org"
"https://nix-community.cachix.org"
];
};
system.stateVersion = "23.11"; # Do not change lightly!
# Config from the base image
swapDevices = [
{
device = "/swapfile";
size = 3072;
}
];
environment.defaultPackages = [
pkgs.git
pkgs.vim
];
users.mutableUsers = true;
users.defaultUserShell = pkgs.bashInteractive;
users.users = {
yuto = {
isNormalUser = true;
shell = pkgs.bash;
description = "Yuto";
password = "";
createHome = true;
homeMode = "755";
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLrT2/gQXhOz4E4xSphB8EXouild5qNOnZ6ZVXuTnf167z8xxSB10mxNey2gKDaIVig6I/tRFeYy6/N/QutbBlKI/+GNPjGCcVJI0hf7fTZGL4caTW8ggcXRz4LAsFp3JBf6Li0FVrGz5ojD0Etbl54BDn033q/tlVRhme5bXJ6s73yRg04kqdQsWVBRJwyzbUUmCQPrZd9i5Nh4QFVuhZljEyUWIStajE+c9v8OOiY1svv+XjKBjyWphP16HqgzvnEDf5+MQ5AUxE05IvJx43UY43CKTe3evzt4F/IqSdYwYGIQ55DaseRmf5zmHLU8MTTkksmOPQEzJL0nBzAmxyGV3PsMYPoIN+1/gJmxCO6ZaaCxYr9SFK/yoRW5e0PFX433xPhNsITBq7jUrVg6BQ/lr0ntRfvd7pRhFq8v02R3jWokL/99skxp1kjVF42bXEJXYPpHF3XAUhYscjOwmWj8dJgsIsSIKIjh7gRVYxQGrZQXOcJQjMytFgXy7fWHM= [email protected]" # Yuto's Sodium
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtVvX9uhSWD1DPBIRqgkNzFXqjdqvWB/WtDy4seaiJl" # 1Password "ssh key - main"
];
};
starptr = { isNormalUser = true; homeMode = "755"; linger = true; openssh.authorizedKeys.keyFiles = [ ../keys/starptr/id_rsa-sodium.pub ]; };
};
systemd.user.services.example-service = {
enable = true;
#after = [ "network.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.uutils-coreutils-noprefix}/bin/true";
Type = "oneshot";
};
};
# Let's Encrypt
# see https://discourse.nixos.org/t/nixos-nginx-acme-ssl-certificates-for-multiple-domains/19608/3 for an example
security.acme = {
acceptTerms = true;
defaults = {
email = "[email protected]";
dnsProvider = "cloudflare";
};
};
security.sudo.wheelNeedsPassword = false;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ 443 ];
};
services.dbus = {
enable = true;
};
services.openssh = {
settings = {
UsePAM = true;
};
};
# Serverreff-specific config
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."hello.serverref.example.com" = {
enableACME = true;
addSSL = true;
locations."/".extraConfig = ''
default_type text/html;
return 200 "<!DOCTYPE html><h1>Hello from serverref!</h1>\n";
'';
};
virtualHosts."wiki.example.com" = {
enableACME = true;
addSSL = true;
};
virtualHosts."example.com" = {
enableACME = true;
forceSSL = true;
root = ../build/andref-homepages/root;
};
virtualHosts."tilde.example.com" = {
enableACME = true;
forceSSL = true;
root = ../build/example-homepages/tilde;
locations."~ ^/~(.+?)(/.*)?$" = {
alias = "/home/$1/public_html$2";
index = "index.html index.htm";
extraConfig = ''
autoindex on;
'';
};
};
};
systemd.services.nginx.serviceConfig.ProtectHome = false;
services.dokuwiki = {
webserver = "nginx";
sites = {
"wiki.example.com" = {
enable = true;
settings = {
#baseurl = "https://wiki.example.com";
title = "wikiref";
useacl = true;
superuser = "admin";
useheading = true;
userewrite = 1;
};
};
};
};
systemd.services.fleeting = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "The fleeting discord bot";
serviceConfig = {
Type = "exec";
User = "yuto";
Restart = "on-failure";
# Point to the fleeting binary
WorkingDirectory = ''/home/yuto/src/fleeting'';
ExecStart = ''/home/yuto/src/fleeting/target/debug/fleeting'';
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment