SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Rename hosts for clarity

Browse source
This commit is contained in:
SebastianStork 2025-08-16 22:03:37 +02:00
parent d99844df8f
commit fc386b98dd
24 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

64
hosts/srv-external/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, ... }:
{
system.stateVersion = "24.11";
meta = {
domains.assertUnique = true;
ports.assertUnique = true;
};
custom = {
sops = {
enable = true;
agePublicKey = "age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4";
};
boot.loader.grub.enable = true;
users.seb.enable = true;
services = {
resolved.enable = true;
tailscale = {
enable = true;
ssh.enable = true;
};
crowdsec = {
enable = true;
firewallBouncer.enable = true;
sources = [
"sshd"
"iptables"
"caddy"
];
};
hedgedoc = {
enable = true;
doBackups = true;
domain = "docs.sprouted.cloud";
};
it-tools = {
enable = true;
domain = "tools.sprouted.cloud";
};
forgejo = {
enable = true;
doBackups = true;
domain = "git.sstork.dev";
ssh.enable = true;
};
caddy.virtualHosts = {
hedgedoc = {
inherit (config.custom.services.hedgedoc) domain port;
};
it-tools = {
inherit (config.custom.services.it-tools) domain port;
};
forgejo = {
inherit (config.custom.services.forgejo) domain port;
};
};
};
};
}

36
hosts/srv-external/disko.nix Normal file
View file

@ -0,0 +1,36 @@
{
disko.devices = {
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg.pool = {
type = "lvm_vg";
lvs.root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
}

47
hosts/srv-external/hardware.nix Normal file
View file

@ -0,0 +1,47 @@
{ modulesPath, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.default
"${modulesPath}/profiles/qemu-guest.nix"
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [
"91.99.70.118/32"
"2a01:4f8:1c1b:ffc7::1/64"
];
routes = [
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
dns = [
"1.1.1.1"
"8.8.8.8"
"2606:4700:4700::1111"
"2001:4860:4860::8888"
];
};
};
}

41
hosts/srv-external/secrets.json Normal file
View file

@ -0,0 +1,41 @@
{
"seb-password": "ENC[AES256_GCM,data:/J83cgpBhjl6VveVZTX0ElEyexn3G3pZp6RKgfbR39QoG/5mExOk2xM999YFb5/vGaivogGQeFhwQ0j5Ij0KdaWCTXkFIQtfBw==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:QTqmyyywH0cV5rGQhPBBGg==,type:str]",
"tailscale": {
"auth-key": "ENC[AES256_GCM,data:sH9ZuawDD1QIA99hqkXBaSjoZK9z3UpXCd0p3jAMdpeYkXcPITM8UbzWQJcA4TWKVQdBbTvssFmRMaBE/TM=,iv:ae8IyhCwxroI8PnTaKHnAIhfEIiCf8qJePUOYUNctcs=,tag:HtLWrxj4wO8SEpjDsVTEMg==,type:str]"
},
"hedgedoc": {
"gitlab-auth-secret": "ENC[AES256_GCM,data:vxgXbP+6mtWpjgfsEaFHJd5IVM+oPPHhYNqwO76+Zw9j2fZZane4T9YUixUvM3kYQwW+Ml/gRHn9GjgM1fIYRRKAsbO1wA==,iv:lyfWZFwZjdP005X4USGKM1OWKu3W8YTZ0oWODhF/uPI=,tag:3Kj1/pUjMo8GjIDTdPBo1A==,type:str]"
},
"forgejo": {
"admin-password": "ENC[AES256_GCM,data:DOZah26AGeR89kgeIvWPCJlVRxML9r7F2g==,iv:4BCOmHxzCr4Z3975MN4mr/lyeEVyJhwuGfDxek6GiSI=,tag:IsgsIhrTEMRp1/FFFQbyhA==,type:str]"
},
"restic": {
"password": "ENC[AES256_GCM,data:gMd4G8o83r3sTZEH1kRkn05Mye96sHV2mdRWNbbS,iv:E2hBYbvpCMDul81lgUBNVr5Fm7x0u1f9cEkma9jKwYE=,tag:CeFrP3pO1VmGxcvj7b7pYA==,type:str]"
},
"backblaze": {
"key-id": "ENC[AES256_GCM,data:f/diWMmhlyenBfNJKpFHFXQ0QxcW7iS4TA==,iv:FOG6YYp7IeZ/m5p5TRTpzlg2w0ElKXte84ZKU5+3Wlo=,tag:lzhjZDPYWZsCITTmdS0JJg==,type:str]",
"application-key": "ENC[AES256_GCM,data:/ONsUFVMHBOHydGpYpsZVpoZ00k6mrhf5e0l3GjINw==,iv:hTCeTWLuUwePgVSksg8EKOJ42b1SmfhTifFk0PDYoMA=,tag:mHo+uBTmT0Y4Sd4PoNT1EA==,type:str]"
},
"healthchecks": {
"ping-key": "ENC[AES256_GCM,data:Lwn1O9M9jXmLYv203lUqSxD02qUDpA==,iv:3pfIJ4LhgOw2hHm75OiWdrqcBTD8h5yCwik50tXDp4E=,tag:T4ND3XCnevBGqpriugu8HQ==,type:str]"
},
"crowdsec": {
"enrollment-key": "ENC[AES256_GCM,data:gcoLmZGUqH0brtvcXiZwXr7CSc9GfEWkvA==,iv:ZLz/3LXSYVXQtcyPZ62qOuslexdXh7jvX0MzoXjlRgM=,tag:V/SwXnNDQkiRQEu90ZTnTg==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTldDcUk1dGVRMzNmZUhw\nbzFRYUdNM3ZQanFIbkpyc2lqeTlLNFJEVzNrCjlnK2pRSnVmUU5WeGo1VW5kVjZp\nb1hTZFB3eVZPL2xpU0F0MlBlTVNVTE0KLS0tIGU2YlRhMG9QRi9uYkVCOFlGTVhK\nUS82UEZXeUZxT2Fub3dRenNSTGVDdnMKJlKpdZdKGGKHcvczYNnzSz6T79mlT67I\nQxNZvBQI+rZ6bNxDu4LqbtwCqRVu1uJLdedGY1VPF3ZIwfuzewyVDA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1dnpwfwh0h95r63e5qfjc2gvffw2tr2tx4new7sq2h3qs90kx9fmq322mx4",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc1E4VFJWUTl0Nkhjc1VL\namRLN3pLcVUvc1diWmhHTVdTYjd5SmxYS2hBCkpQSXFnQlVqcndtejNoL2xQQlRh\ncG1uNlQxSUpJc0tRZHZFOVhibnFZOUUKLS0tIE84UGtkdldzM2oyTmF0Y0xPckpZ\naHNody9YR2ZKTDNINmNvbGNHb0dCRVkKXcUQxU0Craqkze0l0mH75MKTnkf7a/ae\nXeqWVJRO1WpG+UhF3QB3yMq9uy0vlc3JnD3LsE0inWUSl0s6AgDZOg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-08-01T16:13:33Z",
"mac": "ENC[AES256_GCM,data:bBFh5NUEYwalrPcPlNwtzAZqidgdGAI23SydBdDdvZ2ywzs5v60fOJ7tDlTl2OwBNwbUzxMRnciWw+XvaDrb0t6cV9qZERHcUTAIO9EWFOihpjZhNfIkLZLknU85Sf3AzkQJxpR339CwKJB16bEW5RRgg5G3PSKn/vGq4PTU6fg=,iv:bcOLEZ6E30sxP37LAFCgHh6MvaxjbWy2lN3zf6VUAXk=,tag:3n2B3IaWdNBHHRz9KRZSpg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}