ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Upgrade to nixos 23.05

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2023-05-31 17:02:01 +02:00
parent 34a85fd76e
commit 24b3d61e48
Failed to extract signature
8 changed files with 108 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -3,7 +3,7 @@
"Flake to define configurations of 'elss' - ellmauthaler stefan's systems"; "Flake to define configurations of 'elss' - ellmauthaler stefan's systems";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
#nix = { #nix = {
@ -15,7 +15,7 @@
nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-22.11"; url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -79,6 +79,8 @@
"vscode-extension-ms-vscode-cpptools" "vscode-extension-ms-vscode-cpptools"
"zoom" "zoom"
]; ];
# testing purposes till https://github.com/NixOS/nixpkgs/issues/224505 is resolved
permittedInsecurePackages = [ "openssl-1.1.1t" ];
}; };
channels.nixpkgs.overlaysBuilder = channels: [ channels.nixpkgs.overlaysBuilder = channels: [

28
machines/nucturne/hardware-configuration.nix
View File

@ -1,21 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }: {
config, imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; boot.initrd.availableKernelModules =
boot.initrd.kernelModules = []; [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = ["kvm-intel"]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = []; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6"; device = "/dev/disk/by-uuid/da267a3c-34e3-4218-933f-10738ee61eb6";
@ -32,11 +25,8 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e";} [{ device = "/dev/disk/by-uuid/0069f1fa-dd8e-4c0a-8f01-a576af29909e"; }];
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
} }

31
machines/stel-xps/hardware-configuration.nix
View File

@ -1,39 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }: {
config, imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; boot.initrd.availableKernelModules =
boot.initrd.kernelModules = []; [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = ["kvm-intel"]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = []; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674"; device = "/dev/disk/by-uuid/6b7f9f80-af34-4317-b017-f883a2316674";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0"; boot.initrd.luks.devices."crypted".device =
"/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0";
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/39E0-047B"; device = "/dev/disk/by-uuid/39E0-047B";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0";} [{ device = "/dev/disk/by-uuid/93381a25-6704-408e-b091-cfda6cddbda0"; }];
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
} }

57
modules/server/gitea.nix
View File

@ -1,40 +1,29 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; { with lib; {
config = let config = let cfg = config.elss.server.gitea;
cfg = config.elss.server.gitea; in mkIf cfg.enable {
in services.nginx.virtualHosts."git.ellmauthaler.net" = {
mkIf cfg.enable { enableACME = true;
services.nginx.virtualHosts."git.ellmauthaler.net" = { forceSSL = true;
enableACME = true; locations."/" = { proxyPass = "http://localhost:3001"; };
forceSSL = true; };
locations."/" = {
proxyPass = "http://localhost:3001";
};
};
services.gitea = { services.gitea = {
enable = true; enable = true;
settings.service = { settings.service = { DISABLE_REGISTRATION = true; };
DISABLE_REGISTRATION = true; appName = "gitea: ellmauthaler.net gitea service";
}; database = {
appName = "gitea: ellmauthaler.net gitea service"; type = "postgres";
database = { host = "/run/posgresql";
type = "postgres"; };
host = "/run/posgresql"; settings = {
}; repository = { DEFAULT_BRANCH = "main"; };
domain = "git.ellmauthaler.net"; server = {
rootUrl = "https://git.ellmauthaler.net"; ROOT_URL = "https://git.ellmauthaler.net";
httpPort = 3001; HTTP_PORT = 3001;
settings = { DOMAIN = "git.ellmauthaler.net";
repository = {
DEFAULT_BRANCH = "main";
};
}; };
}; };
}; };
};
} }

79
modules/server/nextcloud.nix
View File

@ -1,47 +1,40 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; { with lib; {
config = let config = let cfg = config.elss.server.nextcloud;
cfg = config.elss.server.nextcloud; in mkIf cfg.enable {
in elss.server.sql.enable = mkDefault true;
mkIf cfg.enable { services.nextcloud = {
elss.server.sql.enable = mkDefault true; enable = true;
services.nextcloud = { package = pkgs.nextcloud26;
enable = true; hostName = "cloudstore.ellmauthaler.net";
package = pkgs.nextcloud25; https = true;
hostName = "cloudstore.ellmauthaler.net"; enableBrokenCiphersForSSE = false;
https = true; config = {
enableBrokenCiphersForSSE = false; dbtype = "pgsql";
config = { dbuser = "nextcloud";
dbtype = "pgsql"; dbname = "nextcloud";
dbuser = "nextcloud"; adminuser = "storemin";
dbname = "nextcloud"; adminpassFile = config.sops.secrets.storemin.path;
adminuser = "storemin"; dbhost = "/run/postgresql";
adminpassFile = config.sops.secrets.storemin.path; defaultPhoneRegion = "DE";
dbhost = "/run/postgresql";
defaultPhoneRegion = "DE";
};
};
services.nginx.virtualHosts."cloudstore.ellmauthaler.net" = {
enableACME = true;
forceSSL = true;
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postrgresql.service"];
};
sops.secrets = {
storemin = {
owner = "nextcloud";
group = "nextcloud";
sopsFile = ../../secrets/server.yaml;
};
}; };
}; };
services.nginx.virtualHosts."cloudstore.ellmauthaler.net" = {
enableACME = true;
forceSSL = true;
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postrgresql.service" ];
};
sops.secrets = {
storemin = {
owner = "nextcloud";
group = "nextcloud";
sopsFile = ../../secrets/server.yaml;
};
};
};
} }

23
modules/ssh.nix
View File

@ -1,20 +1,15 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; { with lib; {
options.elss.sshd.enable = mkEnableOption "Set up sshd"; options.elss.sshd.enable = mkEnableOption "Set up sshd";
config = let config = let cfg = config.elss.sshd;
cfg = config.elss.sshd; in mkIf cfg.enable {
in services.openssh = {
mkIf cfg.enable { enable = true;
services.openssh = { settings = {
enable = true; PasswordAuthentication = false;
passwordAuthentication = false; PermitRootLogin = "no";
permitRootLogin = "no";
}; };
}; };
};
} }

28
templates/base/flake.nix
View File

@ -2,29 +2,18 @@
description = "basic tool setup flake"; description = "basic tool setup flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus"; flake-utils-plus.url = "github:gytis-ivaskevicius/flake-utils-plus";
}; };
outputs = { outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, flake-utils-plus
self, , ... }@inputs:
nixpkgs, { } // (flake-utils.lib.eachDefaultSystem (system:
nixpkgs-unstable, let
flake-utils, unstable = import nixpkgs-unstable { inherit system; };
flake-utils-plus, pkgs = import nixpkgs { inherit system; };
...
} @ inputs:
{}
// (flake-utils.lib.eachDefaultSystem (
system: let
unstable = import nixpkgs-unstable {
inherit system;
};
pkgs = import nixpkgs {
inherit system;
};
in rec { in rec {
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
buildInputs = [ buildInputs = [
@ -32,6 +21,5 @@
# pkgs.clingo # pkgs.clingo
]; ];
}; };
} }));
));
} }

25
templates/rust/flake.nix
View File

@ -2,7 +2,7 @@
description = "basic rust flake"; description = "basic rust flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
rust-overlay = { rust-overlay = {
url = "github:oxalica/rust-overlay"; url = "github:oxalica/rust-overlay";
@ -18,24 +18,16 @@
}; };
}; };
outputs = { outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, gitignoresrc
self, , rust-overlay, ... }@inputs:
nixpkgs,
nixpkgs-unstable,
flake-utils,
gitignoresrc,
rust-overlay,
...
} @ inputs:
{ {
#overlay = import ./nix { inherit gitignoresrc; }; #overlay = import ./nix { inherit gitignoresrc; };
} } // (flake-utils.lib.eachDefaultSystem (system:
// (flake-utils.lib.eachDefaultSystem ( let
system: let unstable = import nixpkgs-unstable { inherit system; };
unstable = import nixpkgs-unstable {inherit system;};
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = [(import rust-overlay)]; overlays = [ (import rust-overlay) ];
}; };
in rec { in rec {
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
@ -54,6 +46,5 @@
pkgs.kcov pkgs.kcov
]; ];
}; };
} }));
));
} }