James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor nginx.nix using generative functions; Remove bind container service; Enable CoreDNS; Open 53UDP on system firewall; rename service files; containers listen on localhost only; added SDA-EXT data volume

Browse Source
This commit is contained in:
James Eversole
2023-06-27 19:41:33 -05:00
parent 13e06ad3af
commit 6de382ceb4
10 changed files with 159 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
system/services.nix → system/build-services.nix
View File

@ -1,11 +1,9 @@
{ config, ... }: {
services = {
openssh = { enable = true; };
hydra = {
enable = true;
hydraURL = "https://hydra.matri.cx";
listenHost = "192.168.0.130";
listenHost = "127.0.0.1";
port = 3034;
extraConfig = ''

17
system/dns.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, ... }: {
services = {
coredns.enable = true;
coredns.config = ''
. {
forward . 9.9.9.9 149.112.112.112 84.200.69.80 84.200.70.40
cache
}
matri.cx {
template IN A {
answer "{{ .Name }} 0 IN A 192.168.0.130"
}
}
'';
};
}

45
system/hardware.nix
View File

@ -1,37 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
boot = {
initrd = {
availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
"/mnt/data" = {
device = "/dev/disk/by-label/SDA-EXT";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =

3
system/security.nix
View File

@ -1,4 +1,7 @@
{ ... }: {
services.openssh = {
enable = true;
};
security = {
sudo.wheelNeedsPassword = false;
acme = {

2
system/system.nix
View File

@ -10,7 +10,7 @@
hostName = "eve-psr-nix0";
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ 22 80 443 ];
allowedUDPPorts = [ 22 80 443 53 ];
};
};