SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

vps-public: Rename host

Browse source
This commit is contained in:
SebastianStork 2025-11-21 10:29:38 +01:00
parent de6bfaafae
commit b4241e4e23
Signed by: SebastianStork
SSH key fingerprint: SHA256:iEM011ogNMG1q8+U500adGu/9rpPuZ2KnFtbdLeqTiI
5 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

86
hosts/vps-public/default.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, inputs, ... }:
{
imports = [
./hardware.nix
./disko.nix
inputs.disko.nixosModules.default
];
system.stateVersion = "25.05";
meta = {
domains.validate = true;
ports.validate = true;
};
custom = {
persistence.enable = true;
sops = {
enable = true;
agePublicKey = "age1tfgn62qe9264yzsw5svdppz57e3dhlzfcf043ecpg82mgny88gwsdxg9vz";
};
boot.loader.grub.enable = true;
services =
let
sstorkDomain = "sstork.dev";
sproutedDomain = "sprouted.cloud";
in
{
tailscale = {
enable = true;
ssh.enable = true;
};
crowdsec = {
enable = true;
bouncers.firewall = true;
};
personal-blog = {
enable = true;
domain = sstorkDomain;
};
forgejo = {
enable = true;
domain = "git.${sstorkDomain}";
doBackups = true;
ssh.enable = true;
};
outline = {
enable = true;
domain = "wiki.${sproutedDomain}";
doBackups = true;
};
it-tools = {
enable = true;
domain = "tools.${sproutedDomain}";
};
stirling-pdf = {
enable = true;
domain = "pdf.${sproutedDomain}";
branding = {
name = "Sprouted PDF";
description = "Sprouted's one-stop-shop for all your PDF needs.";
};
};
privatebin = {
enable = true;
domain = "pastebin.${sproutedDomain}";
branding.name = "SproutedBin";
};
alloy = {
enable = true;
domain = "alloy-${config.networking.hostName}.${config.custom.services.tailscale.domain}";
};
};
};
}

52
hosts/vps-public/disko.nix Normal file
View file

@ -0,0 +1,52 @@
{
disko.devices = {
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
nix = {
size = "20G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
mountOptions = [ "noatime" ];
};
};
persist = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
mountOptions = [ "noatime" ];
};
};
};
};
};
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
};
};
}

44
hosts/vps-public/hardware.nix Normal file
View file

@ -0,0 +1,44 @@
{ modulesPath, ... }:
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [
"91.107.212.241/32"
"2a01:4f8:1c17:5597::1/64"
];
routes = [
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
dns = [
"1.1.1.1"
"8.8.8.8"
"2606:4700:4700::1111"
"2001:4860:4860::8888"
];
};
};
}

46
hosts/vps-public/secrets.json Normal file
View file

@ -0,0 +1,46 @@
{
"seb-password": "ENC[AES256_GCM,data:znyHz9AhZipp2VNkXifU27IvEbPoKqLf4ibSkqfvkGGoX/jHnoJRYruWmwLnAaqTk6moHtew6HZq3xjvNgUf+qVgaleWQntrLg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:CKgqMm/mVae1i9He/ioMAg==,type:str]",
"tailscale": {
"auth-key": "ENC[AES256_GCM,data:7Kqq0c1+726OHqFtEUkM/2udHe+UUxYtJ8UEl5RHo0ZLE5uxxPyh16Fmq30/E58ZU3CRSrWOCm28CbsSMQ==,iv:1UmMkobgm/GWM/5NjIYTDnNva13mcxqkX01uyPISNRo=,tag:nc5Uzc6W9lyZIbCF9u8n5g==,type:str]",
"service-auth-key": "ENC[AES256_GCM,data:fW9M95GXFGUrhIXiuVQdD+l7O+7qcTcYGVuTZC1hSUQunL/fjNh+cLFvjwEpKVvsZJ7uDzD0IHQlicBmzPI=,iv:XDFwA47jyQ8jkIOfkooywXGzUAtbQb5ktjbrcHnep9g=,tag:kh6G1ey8Ly2Rzx1DdoDmRQ==,type:str]"
},
"forgejo": {
"admin-password": "ENC[AES256_GCM,data:EI2o342VbzUBb1VOQNrFmOOD9BiDgCgY5Q==,iv:4BCOmHxzCr4Z3975MN4mr/lyeEVyJhwuGfDxek6GiSI=,tag:PRHh/HrvkgNQhZQ6yOKrxw==,type:str]"
},
"restic": {
"password": "ENC[AES256_GCM,data:IGV07og9eSoleJnZ2+/FFLph7TLNd80q+u6WNn+V,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:eA7CAtfQtodTCyOuEn4+ug==,type:str]"
},
"backblaze": {
"key-id": "ENC[AES256_GCM,data:vilvyZ72u0bl4/ll1U2ohDupH7Q6g6KfhQ==,iv:FOG6YYp7IeZ/m5p5TRTpzlg2w0ElKXte84ZKU5+3Wlo=,tag:CUizCsgvEInnPSBHw+f5sw==,type:str]",
"application-key": "ENC[AES256_GCM,data:5jEt2dx77hlkLBUNuNGKrwTA79Gz9GFDW+h3bJNVfw==,iv:hTCeTWLuUwePgVSksg8EKOJ42b1SmfhTifFk0PDYoMA=,tag:fh9wzzh7jZkX497obE4wog==,type:str]"
},
"healthchecks": {
"ping-key": "ENC[AES256_GCM,data:MqH/4hAk9cjWW5DCw19MvCo/jXNtLQ==,iv:3pfIJ4LhgOw2hHm75OiWdrqcBTD8h5yCwik50tXDp4E=,tag:OTXLGvjn1q4ffLEskmnGpg==,type:str]"
},
"crowdsec": {
"enrollment-key": "ENC[AES256_GCM,data:TNT76VMrHjEfSgP/qTO94vJW5Tz6aQkN/g==,iv:ZLz/3LXSYVXQtcyPZ62qOuslexdXh7jvX0MzoXjlRgM=,tag:WOpTktMO8O8mqV5KK6087w==,type:str]"
},
"outline": {
"gitlab-auth-secret": "ENC[AES256_GCM,data:fNxlI0sJdoY9hFxiJz4OdGLv1NyZbMchW/df5VuLBHqeQG19Seul0R1J0Fl+NBFfAAiyHA6oGzXerYLt6KsNDwFmK2ODuw==,iv:TfFyC+JUvb2GaeE8rh9Knj4fPkmoyWvymG9YAN/dpNA=,tag:PXn6uYXtFfV0N5+2fYyCZQ==,type:str]"
},
"porkbun": {
"api-key": "ENC[AES256_GCM,data:vH/WIUW9M2Z5zKi2cXT7YzB2X8wzKlo51a1ojwYT/ldurPajpSOe+Eq42MdaDP1d4R5V+n5cM7WkaEBRANmNut7q+S0=,iv:jNJusyrQqmmsU2olj7lP7YhYBCKE3Du1Ms79zH9kFa0=,tag:zRPhowwJT8/p7PFp4x624w==,type:str]",
"api-secret-key": "ENC[AES256_GCM,data:+X3HKEsqnrBiyptd+YFCIPriSCWH9UQt/iu7LDvWb10loPbI1VPGpSjr3rE9x2rnLAZKc+sDk5jdpAEUfAgG+0odGXg=,iv:W5HDePqDqfndfE2Jce8t3W1z97axBSvA2kzu6ichuTE=,tag:iSGRhQKzPQ6SUiwBpjN+UQ==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVcUhTQ1BiYVNRVURPUWZF\nSGxlNUpDRjhCY1hvL3ZQRG13b3FkTkNFT0N3Clk0UFlqNDJJWWJjb2tSMzltUVBm\nbE1Pc1UxS28yZmpZTllISllscDd2WjgKLS0tIGdkMmYvd0xvU3padHRmb1RHb3Rp\nS1dYUE53V3RvWmJmb3pWVXEveXkyQjgKQSsXj8K/3uG28doasG3BgOSIBcPUjkGH\nNPTeR/mHWnuq+yoLRP+3UuspfugIDTId+GpQ7ufXNrk4giw1LCSSxg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tfgn62qe9264yzsw5svdppz57e3dhlzfcf043ecpg82mgny88gwsdxg9vz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WStWWENrZ25qemRGQi9Q\nRmkyeFZVNkYzdzNXZFhTdzlDOHpnVDRtam5zCkxyYk5UeDl3UFFSZzgzWjd3WEZw\nMzRUeHVEcjAvbDNuWGREc2xpeGtvOW8KLS0tIFp0ZjhyNEU1WkV2b2RObG0vaE5m\na1lPVExRK0JLdTByNmNFU1kzZXRvVXMKs7GE8kGKDG5EOjzXMz008yvrkB4x/2dv\ng1BaaYDZ5FzG34e/nRiNOUTOK4GUhHoW6f58gs4Lv75IYIMYYhDNrQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-15T18:58:00Z",
"mac": "ENC[AES256_GCM,data:0USY8FBhCwdst51xOoj2ENVPEpQ4oDvGTfbZhGsi2O8flJ9t6+8pMT7/SIklqjZy5kp6yQRuPYdDpxGREKGKa0cOA8DTpmtXW4alO+tdIv/yPyin7zXqnrXpMoiLc2WznrGgvMzodmUiqYDdsKVsyaMXaANZsMaegE1Iu6Tp2Jc=,iv:PBmhWnAs86Yh02HvKWvsG1eMyDOj/P6kWZRrXCAC+Fo=,tag:RKWYYmh5B4vcRDjiKr1ZNg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}