Unverified Commit c81b4341 authored by fpletz's avatar fpletz 🚧
Browse files

refactor nixos defaults into module

parent 0dcef1c8
......@@ -4,10 +4,14 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/master";
utils.url = "github:numtide/flake-utils";
muccc-api.url = "git+https://gitlab.muc.ccc.de/muCCC/api";
muccc-api.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
muccc-api = {
url = "git+https://gitlab.muc.ccc.de/muCCC/api";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
......@@ -32,64 +36,14 @@
colmena = {
meta = {
nixpkgs = import nixpkgs { };
};
defaults = { name, pkgs, lib, ... }: {
deployment.targetHost = lib.mkDefault "${name}.muc.ccc.de";
networking.hostName = lib.mkDefault name;
time.timeZone = "UTC";
boot.kernelPackages = lib.mkOptionDefault pkgs.linuxPackages_latest;
boot.tmpOnTmpfs = true;
documentation.nixos.enable = false;
environment.systemPackages = with pkgs; [
wget curl htop iftop tmux tcpdump rsync git
alacritty.terminfo
];
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
programs.zsh.enable = true;
programs.mtr.enable = true;
services.journald.extraConfig = ''
SystemMaxUse=200M
MaxRetentionSec=5d
'';
services.openssh.enable = true;
services.fail2ban.enable = true;
services.nginx = {
package = pkgs.nginxMainline;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
appendHttpConfig = ''
access_log syslog:server=unix:/dev/log;
'';
appendConfig = ''
error_log stderr info;
'';
specialArgs.flakes = {
inherit self nixpkgs muccc-api home-manager;
};
zramSwap.enable = true;
nixpkgs.system = lib.mkDefault "x86_64-linux";
nixpkgs.overlays = [ muccc-api.overlay ];
# include git rev of this repo/flake into the nixos-version
system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev;
system.nixos.revision = nixpkgs.rev;
system.nixos.versionSuffix = "-${lib.substring 0 8 nixpkgs.rev}";
# set nixpkgs on the target to the nixpkgs version of the deployment
nix.registry.nixpkgs.flake = nixpkgs;
nix.nixPath = lib.mkForce [ "nixpkgs=${nixpkgs}" "nixos-config=/dontuse" ];
security.acme.email = "fpletz@muc.ccc.de";
security.acme.acceptTerms = true;
};
briafzentrum = { name, nodes, pkgs, ... }: {
imports = [
./modules/default.nix
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
./briafzentrum.nix
];
......@@ -98,16 +52,17 @@
nixbus = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.club.muc.ccc.de";
imports = [
./modules/default.nix
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
./nixbus.nix
];
};
loungepi = { name, nodes, pkgs, ... }: {
deployment.targetHost = "83.133.179.137";
deployment.allowLocalDeployment = true;
nixpkgs.system = "aarch64-linux";
imports = [
./modules/default.nix
home-manager.nixosModules.home-manager
./loungepi.nix
];
......
{ name, pkgs, lib, flakes, ... }:
{
deployment.targetHost = lib.mkDefault "${name}.muc.ccc.de";
networking.hostName = lib.mkDefault name;
time.timeZone = "UTC";
boot.kernelPackages = lib.mkOverride 1001 pkgs.linuxPackages_latest; # between mkOptionDefault and mkDefault (on in rpi flake)
boot.tmpOnTmpfs = true;
zramSwap.enable = true;
environment.systemPackages = with pkgs; [
wget curl htop iftop tmux tcpdump rsync git
alacritty.terminfo
];
programs.bash.enableCompletion = true;
programs.vim.defaultEditor = true;
programs.zsh.enable = true;
programs.mtr.enable = true;
services.journald.extraConfig = ''
SystemMaxUse=200M
MaxRetentionSec=5d
'';
services.openssh.enable = true;
services.fail2ban.enable = true;
services.nginx = {
package = pkgs.nginxMainline;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
appendHttpConfig = ''
access_log syslog:server=unix:/dev/log;
'';
appendConfig = ''
error_log stderr info;
'';
};
nixpkgs.system = lib.mkDefault "x86_64-linux";
nixpkgs.overlays = [ flakes.muccc-api.overlay ];
# include git rev of this repo/flake into the nixos-version
system.configurationRevision = flakes.nixpkgs.lib.mkIf (flakes.self ? rev) flakes.self.rev;
system.nixos.revision = flakes.nixpkgs.rev;
system.nixos.versionSuffix = "-${lib.substring 0 8 flakes.nixpkgs.rev}";
# set nixpkgs on the target to the nixpkgs version of the deployment
nix.registry.nixpkgs.flake = flakes.nixpkgs;
nix.nixPath = lib.mkForce [ "nixpkgs=${flakes.nixpkgs}" "nixos-config=/dontuse" ];
security.acme.email = "fpletz@muc.ccc.de";
security.acme.acceptTerms = true;
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment