thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

hosts/prefect-vps: init

Browse source 
This is temporary until the current server is taken down.
This commit is contained in:
Mr Hedgehog 2022-07-11 16:31:31 -04:00
parent e7b50385aa
commit e6039f5407
No known key found for this signature in database
8 changed files with 156 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.nix
View file

@ -117,6 +117,14 @@
];
specialArgs = {inherit self inputs;};
};
nixosConfigurations.prefect-vps = lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/prefect-vps/configuration.nix
./hosts/prefect-vps/bootloader.nix
];
specialArgs = {inherit self inputs;};
};
nixosConfigurations.zaphod = lib.nixosSystem {
system = "x86_64-linux";
modules = [

17
hosts/prefect-vps/bootloader.nix Normal file
View file

@ -0,0 +1,17 @@
{
pkgs,
lib,
modulesPath,
...
}: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
cleanTmpDir = true;
loader = {
grub.device = "/dev/sda";
};
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
initrd.kernelModules = [ "nvme" ];
kernelPackages = pkgs.linuxPackages_latest;
};
}

28
hosts/prefect-vps/configuration.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, lib, inputs, ... }: {
imports = [
# Common Config
../common/packages.nix
../common/nixConfig.nix
../common/nixpkgsConfig.nix
../common/root.nix
../common/ssh.nix
# My user, also a default.
../../users/thehedgehog/default.nix
# Machine-specific configurations.
./firewall.nix
./networking.nix
./hardware.nix
# Running Services
./services/caddy.nix
./services/tailscale.nix
];
fileSystems = {
"/" = {
fsType = "ext4";
device = "scsi-0QEMU_QEMU_HARDDISK_21170924-part1";
};
};
}

3
hosts/prefect-vps/firewall.nix Normal file
View file

@ -0,0 +1,3 @@
{
networking.firewall.allowedTCPPorts = [80 443];
}

3
hosts/prefect-vps/hardware.nix Normal file
View file

@ -0,0 +1,3 @@
{
zramSwap.enable = true;
}

15
hosts/prefect-vps/networking.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, ...}: {
networking = {
hostName = "prefect-vps";
interfaces.enp1s0 = {
ipv6.addresses = [{
address = "2a01:4ff:f0:98bf::";
prefixLength = 64;
}];
defaultGateway6 = {
address = "fe80::1";
interface = "enp1s0";
};
};
};
}

74
hosts/prefect-vps/services/caddy.nix Normal file
View file

@ -0,0 +1,74 @@
{
lib,
pkgs,
config,
...
}: {
services.caddy = {
enable = true;
package = pkgs.callPackage ../../../pkgs/caddy.nix {
plugins = [
"github.com/greenpau/caddy-security"
];
vendorSha256 = "sha256-W1/6D5KvKFzS26+6bCik0frPsXlVZ/XlyHE5FGu1uEc=";
};
email = "hedgehog@mrhedgehog.xyz";
# globalConfig = ''
# '';
virtualHosts = {
"reddit.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:4000
'';
};
"adguard.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:2500
'';
};
"rss.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:6000
'';
};
"media.thehedgehog.me" = {
serverAliases = [ "jellyfin.thehedgehog.me" ];
extraConfig = ''
reverse_proxy http://marvin:8096
'';
};
"hydra.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:3000
'';
};
"dav.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:5352
'';
};
"rss-bridge.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:80
'';
};
"git.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:3001
'';
};
"bw.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:8000
'';
};
"dash.thehedgehog.me" = {
extraConfig = ''
reverse_proxy http://marvin:3003
'';
};
};
extraConfig = ''
'';
};
}

8
hosts/prefect-vps/services/tailscale.nix Normal file
View file

@ -0,0 +1,8 @@
{config, ...}: {
services.tailscale = {
enable = true;
};
networking.firewall.trustedInterfaces = [ "tailscale0"];
networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ];
networking.firewall.checkReversePath = "loose";
}