Rename directories for better organization

2025-06-01 12:31:28 +03:00 · 2025-06-01 12:31:28 +03:00 · de8301ba4a
commit de8301ba4a
parent 9d1bd2941f
47 changed files with 52 additions and 52 deletions
--- a/hosts/cert-store.nix
+++ b/hosts/cert-store.nix
@ -0,0 +1,11 @@
+{ pkgs, ... }:
+{
+  networking.hostName = "cert-store";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/acme-cert-store.nix
+  ];
+
+  services.qemuGuest.enable = true;
+}
--- a/hosts/exoplasim.nix
+++ b/hosts/exoplasim.nix
@ -0,0 +1,74 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  imports = [ ../shared/base.nix ];
+
+  # Networking conf including WireGuard
+  networking = {
+    hostName = "exoplasim";
+
+    firewall.allowedUDPPorts = [ 51821 ];
+
+    wg-quick.interfaces = {
+      wg0 = {
+        address = [ "10.0.0.1/24" ];
+        privateKeyFile = "/root/wireguard-keys/privatekey";
+        listenPort = 51821;
+
+        peers = [
+          #          {
+          #            publicKey = "TODO";
+          #            presharedKeyFile = "/root/wireguard-keys/psk";
+          #            allowedIPs = [ "10.0.0.2/32" ];
+          #          }
+          {
+            publicKey = "9FOmHXs0CmDlW61noS7DqhgH5GfQHzg8ZMasyNQACSc=";
+            allowedIPs = [ "10.0.0.2/32" ];
+          }
+        ];
+      };
+    };
+  };
+
+  # User worker
+  users.users.worker = {
+    isNormalUser = true;
+    home = "/home/worker";
+    description = "ExoPlaSim Worker";
+    uid = 1001;
+    extraGroups = [ "networkmanager" ];
+    openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
+      # TODO add user-specific key
+    ];
+  };
+  users.groups.worker.gid = 1001;
+
+  system.autoUpgrade.allowReboot = lib.mkForce false;
+
+  programs.rust-motd = {
+    enable = true;
+    enableMotdInSSHD = true;
+    refreshInterval = "*:*:0/5";
+    settings = {
+      banner = {
+        color = "green";
+        command = ''
+          ${pkgs.figlet}/bin/figlet "ExoPlaSim Worker";
+          ${pkgs.coreutils-full}/bin/echo -e "$(${pkgs.procps}/bin/ps --User worker --user worker --forest --format start_time=STARTED,time=CPU_TIME,%cpu,%mem,comm)";
+        '';
+      };
+      uptime.prefix = "System has been running for";
+      filesystems = {
+        Main = "/";
+      };
+      memory.swap_pos = "beside";
+    };
+  };
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/forgejo.nix
+++ b/hosts/forgejo.nix
@ -0,0 +1,12 @@
+{ ... }:
+{
+  networking.hostName = "forgejo";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/forgejo.nix
+  ];
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/gaming.nix
+++ b/hosts/gaming.nix
@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  networking.hostName = "gaming";
+
+  imports = [
+    ../shared/base.nix
+    ../shared/hardware/nvidia.nix
+
+    ../personal/desktop.nix
+
+    ../servers/gaming-server.nix
+  ];
+
+  users.users.vili.hashedPasswordFile = lib.mkForce null;
+  services.qemuGuest.enable = true;
+}
--- a/hosts/generic.nix
+++ b/hosts/generic.nix
@ -0,0 +1,12 @@
+{ lib, ... }:
+{
+  networking.hostName = "nixos";
+
+  imports = [ ../shared/base.nix ];
+
+  #Many installs will need this, and it won't hurt either way
+  services.qemuGuest.enable = true;
+
+  #Prevent user from being locked out of the system before switching to proper config
+  users.mutableUsers = lib.mkForce true;
+}
--- a/hosts/helium.nix
+++ b/hosts/helium.nix
@ -0,0 +1,72 @@
+{ pkgs, lib, ... }:
+{
+  custom.home_wg_suffix = "2";
+  system.autoUpgrade.allowReboot = lib.mkForce false;
+
+  networking = {
+    hostName = "helium";
+
+    wg-quick.interfaces = {
+      wg1 = {
+        autostart = false;
+        address = [ "10.100.0.7/24" ];
+        dns = [ "1.1.1.1" ];
+        privateKeyFile = "/root/wireguard-keys/privatekey-netflix";
+        listenPort = 51820;
+
+        peers = [
+          {
+            publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
+            allowedIPs = [
+              "0.0.0.0/0"
+              "192.168.0.0/24"
+            ];
+            endpoint = "netflix.vsinerva.fi:51821";
+          }
+        ];
+      };
+    };
+  };
+
+  services.xserver.displayManager.setupCommands = ''
+    ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
+  '';
+
+  boot = {
+    loader.timeout = 3;
+    initrd.luks = {
+      fido2Support = true;
+      devices."luks-f6e1979b-0dee-4ee9-8170-10490019854b".fido2 = {
+        passwordLess = true;
+        credential = "df9233221fa09173fea61d8b8516d184f8ede475024a88201b34d838ecf306ee070052dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014d86afa01";
+      };
+    };
+    resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
+    kernelParams = [ "resume_offset=44537856" ];
+  };
+
+  imports = [
+    ../shared/base.nix
+
+    ../personal/desktop.nix
+    ../personal/development.nix
+
+    ../personal/hardware/amd-laptop.nix
+    ../personal/hardware/hibernate.nix
+    ../personal/hardware/keychron-q11.nix
+    ../personal/hardware/onlykey.nix
+    ../personal/hardware/trackball.nix
+
+    ../personal/networking/home-wg.nix
+    ../personal/networking/printing.nix
+
+    ../personal/programs/bitwarden.nix
+    ../personal/programs/communication.nix
+    ../personal/programs/firefox.nix
+    ../personal/programs/i3.nix
+    ../personal/programs/moonlight.nix
+    ../personal/programs/redshift.nix
+    ../personal/programs/study.nix
+    ../personal/programs/usb-automount.nix
+  ];
+}
--- a/hosts/idacloud.nix
+++ b/hosts/idacloud.nix
@ -0,0 +1,44 @@
+{ ... }:
+{
+  custom.nextcloud_domain = "idacloud.sinerva.eu";
+  services.nextcloud.settings.trusted_domains = [ "idacloud.vsinerva.fi" ];
+  custom.collabora_domain = "idacollab.sinerva.eu";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/nextcloud.nix
+  ];
+
+  # Networking conf including WireGuard
+  networking = {
+    hostName = "idacloud";
+
+    firewall.allowedUDPPorts = [ 51822 ];
+
+    wg-quick.interfaces = {
+      wg0 = {
+        address = [ "10.1.0.1/24" ];
+        privateKeyFile = "/root/wireguard-keys/privatekey";
+        listenPort = 51822;
+
+        peers = [
+          # Laptop
+          {
+            publicKey = "qJl6XBAGlmGHLre+RoCLUsZUrOrDgGoinREHFiw29ys=";
+            presharedKeyFile = "/root/wireguard-keys/psk1";
+            allowedIPs = [ "10.1.0.2/32" ];
+          }
+          # Phone
+          #          {
+          #            publicKey = "TODO";
+          #            presharedKeyFile = "/root/wireguard-keys/psk2";
+          #            allowedIPs = [ "10.1.0.3/32" ];
+          #          }
+        ];
+      };
+    };
+  };
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/lithium.nix
+++ b/hosts/lithium.nix
@ -0,0 +1,32 @@
+{ lib, ... }:
+{
+  system.stateVersion = 24.05;
+  networking.hostName = "lithium";
+
+  custom.home_wg_suffix = "3";
+  system.autoUpgrade.allowReboot = lib.mkForce false;
+  # boot.kernelParams = [ "resume_offset=39292928" ];
+
+  imports = [
+    ../shared/base.nix
+
+    ../personal/desktop.nix
+    ../personal/development.nix
+
+    ../personal/hardware/hibernate.nix
+    ../personal/hardware/intel-laptop.nix
+    ../personal/hardware/onlykey.nix
+
+    ../personal/networking/home-wg.nix
+    ../personal/networking/printing.nix
+
+    ../personal/programs/bitwarden.nix
+    ../personal/programs/communication.nix
+    ../personal/programs/firefox.nix
+    ../personal/programs/i3.nix
+    ../personal/programs/moonlight.nix
+    ../personal/programs/redshift.nix
+    ../personal/programs/study.nix
+    ../personal/programs/usb-automount.nix
+  ];
+}
--- a/hosts/nextcloud.nix
+++ b/hosts/nextcloud.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  networking.hostName = "nextcloud";
+  custom.nextcloud_domain = "nextcloud.vsinerva.fi";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/nextcloud.nix
+  ];
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/siit-dc.nix
+++ b/hosts/siit-dc.nix
@ -0,0 +1,12 @@
+{ ... }:
+{
+  networking.hostName = "siit-dc";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/siit-dc.nix
+  ];
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/syncthing.nix
+++ b/hosts/syncthing.nix
@ -0,0 +1,16 @@
+{ lib, ... }:
+{
+  networking.hostName = "syncthing";
+
+  imports = [
+    ../shared/base.nix
+    ../shared/users/vili.nix
+
+    ../servers/syncthing.nix
+  ];
+
+  users.users.vili.hashedPasswordFile = lib.mkForce null;
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/vaultwarden.nix
+++ b/hosts/vaultwarden.nix
@ -0,0 +1,12 @@
+{ ... }:
+{
+  networking.hostName = "vaultwarden";
+
+  imports = [
+    ../shared/base.nix
+    ../servers/vaultwarden.nix
+  ];
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}
--- a/hosts/wg-rpi.nix
+++ b/hosts/wg-rpi.nix
@ -0,0 +1,136 @@
+{ pkgs, ... }:
+let
+  #  SSID = "ENTER_SSID";
+  #  SSIDpassword = "ENTER_PASSWORD";
+  #  interface = "wlan0";
+  wg_interface = "end0";
+  hostname = "netflix-huijaus";
+  ddPassFile = "/root/wg-conf/ddPassFile";
+in
+{
+  imports = [ ../shared/base.nix ];
+
+  environment.systemPackages = with pkgs; [
+    wireguard-tools
+    qrencode
+  ];
+
+  # enable NAT
+  networking.nat.enable = true;
+  networking.nat.externalInterface = wg_interface;
+  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.firewall = {
+    allowedUDPPorts = [ 51821 ];
+  };
+
+  networking.wireguard.interfaces = {
+    # "wg0" is the network interface name. You can name the interface arbitrarily.
+    wg0 = {
+      # Determines the IP address and subnet of the server's end of the tunnel interface.
+      ips = [ "10.100.0.1/24" ];
+
+      # The port that WireGuard listens to. Must be accessible by the client.
+      listenPort = 51821;
+
+      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
+      '';
+
+      # This undoes the above command
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
+      '';
+
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      privateKeyFile = "/root/wg-conf/private";
+
+      peers = [
+        {
+          # Vili Android
+          publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw=";
+          allowedIPs = [ "10.100.0.2/32" ];
+        }
+        {
+          # Miika Puhelin
+          publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY=";
+          allowedIPs = [ "10.100.0.3/32" ];
+        }
+        {
+          # Miika Kone
+          publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY=";
+          allowedIPs = [ "10.100.0.4/32" ];
+        }
+        {
+          # Silja Puhelin
+          publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik=";
+          allowedIPs = [ "10.100.0.5/32" ];
+        }
+        {
+          # Silja Kone
+          publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw=";
+          allowedIPs = [ "10.100.0.6/32" ];
+        }
+        {
+          # Vili helium
+          publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c=";
+          allowedIPs = [ "10.100.0.7/32" ];
+        }
+      ];
+    };
+  };
+
+  services.ddclient = {
+    enable = true;
+    usev6 = "";
+    domains = [ "netflix.vsinerva.fi" ];
+    server = "www.ovh.com";
+    username = "vsinerva.fi-dynraspi";
+    passwordFile = ddPassFile;
+  };
+  #################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE ####################
+
+  nix.settings = {
+    cores = 3;
+    max-jobs = 2;
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    initrd.availableKernelModules = [
+      "xhci_pci"
+      "usbhid"
+      "usb_storage"
+    ];
+    loader = {
+      timeout = 5;
+      systemd-boot.enable = false;
+      grub.enable = false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+
+  hardware.enableRedistributableFirmware = true;
+
+  networking = {
+    hostName = hostname;
+    wireless = {
+      enable = false;
+      #      networks."${SSID}".psk = SSIDpassword;
+      #      interfaces = [ interface ];
+    };
+  };
+}