diff --git a/willem/README.md b/willem/README.md deleted file mode 100644 index 7a1a1cf..0000000 --- a/willem/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Willem - -Willem is a server running on a Raspberry Pi 400 offering the following services: -- [Gitea](git.vatthauer.xyz) -- [Vaultwarden](bitwarden.vatthauer.xyz) - -There are daily backups of the Gitea instance using Restic via B2. -## Installation on Raspberry Pi 400 -### Resources -- https://nixos.wiki/wiki/NixOS_on_ARM/Raspberry_Pi_4 -- https://nixos.wiki/wiki/NixOS_on_ARM#Installation - -### Step by step -1. Follow the [generic installation steps](https://nixos.wiki/wiki/NixOS_on_ARM#Installation) to get NixOS up and running on the Pi. -2. Generate the default `configuration.nix` via `sudo nixos-generate-config` and do a first rebuild `sudo nixos-rebuild switch` -3. Somehow get this repository onto the machine and `cd` into it -4. We need git: `nix-shell -p git` -5. Build the flake via `sudo nixos-rebuild switch --flake .` -6. At this point you can restart -7. Login, set password, move the repository to `/home/leonv/nixos` \ No newline at end of file diff --git a/willem/configuration.nix b/willem/configuration.nix deleted file mode 100644 index 88bfb81..0000000 --- a/willem/configuration.nix +++ /dev/null @@ -1,68 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running 'nixos-help'). - -{ config, pkgs, lib, inputs, ... }: -{ - imports = - [ - ./hardware-configuration.nix - ./services - ./programs - ]; - - # enable flakes - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) - boot.loader.grub.enable = false; - # Enables the generation of /boot/extlinux/extlinux.conf - boot.loader.generic-extlinux-compatible.enable = true; - - networking.hostName = "willem"; # Define your hostname. - #networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - networking.firewall.allowedTCPPorts = [ 22 80 443 631 8096 8920 ]; - networking.firewall.allowedUDPPorts = [ 22 80 443 631 1900 7359 ]; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Define a user account. Don't forget to set a password with 'passwd'. - users.users.leonv = { - isNormalUser = true; - initialPassword = "leonv"; - extraGroups = [ "wheel" ]; # Enable 'sudo' for the user. - packages = with pkgs; [ - ]; - }; - users.defaultUserShell = pkgs.zsh; - - # List packages installed in system profile. - environment.systemPackages = with pkgs; [ - wget - git - zsh - oh-my-zsh - restic - # for hugo website - hugo - go - ]; - environment.variables = { - EDITOR = "nvim"; - - # bitwarden key - YUBICO_CLIENT_ID = "${../nix-secrets/willem/vaultwarden/yubico-id}"; - YUBICO_SECRET_KEY = "${../nix-secrets/willem/vaultwarden/yubico-secret}"; - }; - environment.shells = [ pkgs.zsh ]; - - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "plexmediaserver" - ]; - - services.jellyfin.enable = true; - - system.stateVersion = "23.11"; # Did you read the comment? -} - diff --git a/willem/hardware-configuration.nix b/willem/hardware-configuration.nix deleted file mode 100644 index c6a3513..0000000 --- a/willem/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "uas" "pcie-brcmstb" "reset-raspberrypi" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-partuuid/45e5879b-02"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/willem/programs/default.nix b/willem/programs/default.nix deleted file mode 100644 index 5316865..0000000 --- a/willem/programs/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./neovim.nix - ./ssh.nix - ./starship.nix - ./zsh.nix - ]; -} diff --git a/willem/programs/neovim.nix b/willem/programs/neovim.nix deleted file mode 100644 index 37a1ea9..0000000 --- a/willem/programs/neovim.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, ... }: -{ - programs.neovim = { - enable = true; - configure = { - customRC = ''''; - packages.myVimPackage = with pkgs.vimPlugins; { - start = [ vim-nix ]; - }; - }; - viAlias = true; - vimAlias = true; - }; -} \ No newline at end of file diff --git a/willem/programs/ssh.nix b/willem/programs/ssh.nix deleted file mode 100644 index e4c886d..0000000 --- a/willem/programs/ssh.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - programs.ssh.startAgent = true; - programs.ssh.extraConfig = '' - AddKeysToAgent yes - ''; -} \ No newline at end of file diff --git a/willem/programs/starship.nix b/willem/programs/starship.nix deleted file mode 100644 index a2d4525..0000000 --- a/willem/programs/starship.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - programs.starship = { - enable = true; - settings = { - gradle.symbol = "🐘"; - }; - }; -} \ No newline at end of file diff --git a/willem/programs/zsh.nix b/willem/programs/zsh.nix deleted file mode 100644 index f783f10..0000000 --- a/willem/programs/zsh.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - programs.zsh = { - enable = true; - shellAliases = { - clean = "sudo nix-env --delete-generations old --profile /nix/var/nix/profiles/system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch && sudo nix-store --gc"; - }; - shellInit = '' - function rebuild () { - sudo nixos-rebuild switch --flake "/home/leonv/nixos?submodules=1" - sudo cp -r /home/leonv/nixos /etc/ - } - ''; - ohMyZsh = { - enable = true; - plugins = [ "git" ]; - theme = "dpoggi"; - }; - }; -} diff --git a/willem/services/acme.nix b/willem/services/acme.nix deleted file mode 100644 index 2f9dffc..0000000 --- a/willem/services/acme.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - security.acme.acceptTerms = true; - security.acme.certs = { - "git.vatthauer.xyz".email = "leonvatthauer@outlook.com"; - "bitwarden.vatthauer.xyz".email = "leonvatthauer@outlook.com"; - "video.vatthauer.xyz".email = "leonvatthauer@outlook.com"; - "files.vatthauer.xyz".email = "leonvatthauer@outlook.com"; - "vatthauer.xyz".email = "leonvatthauer@outlook.com"; - }; -} diff --git a/willem/services/ddns.nix b/willem/services/ddns.nix deleted file mode 100644 index 76d79d0..0000000 --- a/willem/services/ddns.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, ... }: -{ - # dynamic dns - users.users.ddns = { - isSystemUser = true; - group = "ddns"; - }; - users.groups.ddns = {}; - systemd.services.ddns-updater = { - enable = true; - serviceConfig.User = "ddns"; - path = [ pkgs.curl ]; - script = "${../../nix-secrets/willem/ddns/update}"; - startAt = "hourly"; - }; -} diff --git a/willem/services/default.nix b/willem/services/default.nix deleted file mode 100644 index d8f83e4..0000000 --- a/willem/services/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, pkgs, inputs, ... }: -{ - imports = [ - ./acme.nix - ./ddns.nix - ./nginx.nix - ./forgejo.nix - ./printing.nix - ./restic.nix - ./ssh.nix - ./vaultwarden.nix - ]; -} diff --git a/willem/services/forgejo.nix b/willem/services/forgejo.nix deleted file mode 100644 index 6e1ffa1..0000000 --- a/willem/services/forgejo.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ pkgs, ...}: -{ - services.forgejo = { - enable = true; - settings.DEFAULT.APP_NAME = "Lambda-Git"; - package = pkgs.forgejo; - stateDir = "/forgejo"; - database = { - type = "sqlite3"; - }; - dump = { - enable = true; - interval = "02:00"; - }; - settings.server = { - ROOT_URL = "https://git.vatthauer.xyz"; - HTTP_PORT = 3001; - DOMAIN = "git.vatthauer.xyz"; - }; - settings.session.COOKIE_SECURE = true; - settings.service.DISABLE_REGISTRATION = true; - }; -} diff --git a/willem/services/nginx.nix b/willem/services/nginx.nix deleted file mode 100644 index 66a0bbe..0000000 --- a/willem/services/nginx.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, pkgs, inputs, ... }: -{ - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - services.nginx.virtualHosts."git.vatthauer.xyz" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:3001/"; - }; - }; - - services.nginx.virtualHosts."bitwarden.vatthauer.xyz" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:8222/"; - }; - }; - - services.nginx.virtualHosts."video.vatthauer.xyz" = { - enableACME = true; - forceSSL = false; - locations."/" = { - proxyPass = "http://localhost:8096"; - }; - }; - services.nginx.virtualHosts."vatthauer.xyz" = { - forceSSL = true; - enableACME = true; - root = pkgs.callPackage ./resumee-website.nix {}; - }; - services.nginx.virtualHosts."files.vatthauer.xyz" = { - forceSSL = true; - enableACME = true; - root = "/var/www"; - }; -} diff --git a/willem/services/printing.nix b/willem/services/printing.nix deleted file mode 100644 index 321e5b2..0000000 --- a/willem/services/printing.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, ... }: -{ - # Enable CUPS to print documents. - services.avahi = { - enable = true; - publish.enable = true; - publish.userServices = true; - }; - services.printing = { - enable = true; - drivers = [ pkgs.splix ]; - browsing = true; - listenAddresses = [ "*:631" ]; - allowFrom = [ "all" ]; - defaultShared = true; - extraConf = '' - BrowseLocalProtocols all - ''; - }; -} diff --git a/willem/services/restic.nix b/willem/services/restic.nix deleted file mode 100644 index 2b4f213..0000000 --- a/willem/services/restic.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - services.restic.backups = { - giteaBackup = { - paths = [ "/gitea/dump" ]; - # environmentFile = "/home/leonv/nixos/willem/private/gitea_backupCreds"; - # passwordFile = "/home/leonv/nixos/willem/private/restic-password"; - environmentFile = "${../../nix-secrets/willem/gitea/backupCreds}"; - passwordFile = "${../../nix-secrets/willem/restic/password}"; - repository = "b2:gitea-willem"; - initialize = true; - timerConfig = { - OnCalendar = "04:00"; - Persistent = true; - }; - }; - }; -} \ No newline at end of file diff --git a/willem/services/resumee-website.nix b/willem/services/resumee-website.nix deleted file mode 100644 index d898fef..0000000 --- a/willem/services/resumee-website.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ stdenv, git, go, hugo }: -stdenv.mkDerivation { - name = "resumee-website"; - version = "1.0"; - src = builtins.fetchGit { - url = "https://git.vatthauer.xyz/leonv/resumee-website.git"; - rev = "5cd0f5bb30da8d7297a15be3704e4d9efc73d8b4"; - }; - nativeBuildInputs = [ git go hugo ]; - buildPhase = "hugo -d $out"; - outputHashAlgo = "sha256"; - outputHashMode = "recursive"; - outputHash = "sha256-PQzuhxRrruBbEfUjhPGPeJkJ6vsbMJ+5Ojg4t11oNV8="; -} - diff --git a/willem/services/ssh.nix b/willem/services/ssh.nix deleted file mode 100644 index dba27db..0000000 --- a/willem/services/ssh.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - # Enable the OpenSSH daemon. - services.openssh.enable = true; -} \ No newline at end of file diff --git a/willem/services/vaultwarden.nix b/willem/services/vaultwarden.nix deleted file mode 100644 index 1f7d8a2..0000000 --- a/willem/services/vaultwarden.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - services.vaultwarden = { - enable = true; - config = { - DOMAIN = "https://bitwarden.vatthauer.xyz"; - SIGNUPS_ALLOWED = false; - - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - - ROCKET_LOG = "critical"; - - ADMIN_TOKEN = "${../../nix-secrets/willem/vaultwarden/admin-token}"; - - YUBICO_CLIENT_ID = "${../../nix-secrets/willem/vaultwarden/yubico-id}"; - YUBICO_SECRET_KEY = "${../../nix-secrets/willem/vaultwarden/yubico-secret}"; - }; - }; -}