Server NixOS configs
feat: refactor a lil
+52
-36
+39
common/base.nix
+39
common/base.nix
···
1
+
{ lib, pkgs, ... }:
2
+
{
3
+
# Workaround for https://github.com/NixOS/nix/issues/8502
4
+
services.logrotate.checkConfig = false;
5
+
6
+
services.openssh = {
7
+
enable = true;
8
+
settings.PasswordAuthentication = false;
9
+
settings.KbdInteractiveAuthentication = false;
10
+
};
11
+
12
+
nix.extraOptions = ''
13
+
experimental-features = nix-command flakes
14
+
warn-dirty = false
15
+
keep-outputs = false
16
+
'';
17
+
18
+
environment.systemPackages = map lib.lowPrio [
19
+
pkgs.curl
20
+
pkgs.gitMinimal
21
+
];
22
+
23
+
users.users.hayden = {
24
+
extraGroups = [ "networkmanager" "wheel" ];
25
+
openssh.authorizedKeys.keys = [
26
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkhuhfzyg7R+O62XSktHufGmmhy6FNDi/NuPPJt7bI+"
27
+
];
28
+
isNormalUser = true;
29
+
};
30
+
31
+
security.sudo.extraRules = [
32
+
{
33
+
users = [ "hayden" ];
34
+
commands = [
35
+
{ command = "ALL"; options = [ "NOPASSWD" ]; }
36
+
];
37
+
}
38
+
];
39
+
}
+3
-5
hosts/default.nix
+3
-5
hosts/default.nix
···
2
2
{
3
3
easy-hosts = {
4
4
shared = {
5
-
modules = [];
5
+
modules = [ ../common/base.nix ];
6
6
};
7
7
8
8
path = ./.;
···
10
10
hosts = {
11
11
tethys = {
12
12
deployable = true;
13
-
tags = ["server" "hetzner"];
14
-
modules = [
15
-
inputs.tangled.nixosModules.knot
16
-
];
13
+
tags = [ "server" "hetzner" ];
14
+
modules = [ inputs.tangled.nixosModules.knot ];
17
15
};
18
16
};
19
17
};
+1
-31
hosts/tethys/default.nix
+1
-31
hosts/tethys/default.nix
···
1
-
{ pkgs, ... }:
1
+
{ ... }:
2
2
{
3
3
imports = [
4
4
./services/knot.nix
···
7
7
./networking.nix
8
8
];
9
9
10
-
# Workaround for https://github.com/NixOS/nix/issues/8502
11
-
services.logrotate.checkConfig = false;
12
-
13
-
services.openssh = {
14
-
enable = true;
15
-
settings.PasswordAuthentication = false;
16
-
settings.KbdInteractiveAuthentication = false;
17
-
};
18
-
19
10
zramSwap.enable = true;
20
11
21
12
programs.neovim = {
···
23
14
viAlias = true;
24
15
vimAlias = true;
25
16
};
26
-
27
-
environment.systemPackages = with pkgs; [
28
-
git
29
-
curl
30
-
btop
31
-
];
32
-
33
-
users.users.root.openssh.authorizedKeys.keys = [
34
-
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkhuhfzyg7R+O62XSktHufGmmhy6FNDi/NuPPJt7bI+"
35
-
];
36
-
37
-
users.users.git = {
38
-
home = "/home/git";
39
-
createHome = true;
40
-
isSystemUser = true;
41
-
group = "git";
42
-
};
43
-
44
-
users.groups.git = {};
45
-
46
-
nixpkgs.config.allowUnfree = true;
47
17
48
18
system.stateVersion = "26.05";
49
19
}
+9
hosts/tethys/services/knot.nix
+9
hosts/tethys/services/knot.nix
···
10
10
};
11
11
};
12
12
13
+
users.users.git = {
14
+
home = "/home/git";
15
+
createHome = true;
16
+
isSystemUser = true;
17
+
group = "git";
18
+
};
19
+
20
+
users.groups.git = {};
21
+
13
22
systemd.tmpfiles.rules = [
14
23
"L /usr/local/bin/knot - - - - ${config.services.tangled.knot.package}/bin/knot"
15
24
];