Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stash

Browse Source
This commit is contained in:
andromeda
2026-01-06 14:52:34 +01:00
parent 0a7e0c699e
commit c9a5c521db
18 changed files with 228 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
machines/109-199-104-83.nix Normal file
View File

@@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/159e6a69-b4e2-49c3-a6f0-5fcba0ea6a59";
fsType = "ext4";
};
fileSystems."/efi" = {
device = "systemd-1";
fsType = "autofs";
};
swapDevices = [];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.stateVersion = "25.11";
}

105
machines/109-199-104-83/configuration.nix
View File

@@ -1,105 +0,0 @@
{
config,
modulesPath,
machine,
...
}: {
# zulip config
services.zulip = {
enable = true;
host = "chat.${config.networking.domain}";
camoKeyFile = builtins.toFile "camoKeyFile" "key";
rabbitmqPasswordFile = builtins.toFile "rabbitmqPasswordFile" "password";
secretKeyFile = builtins.toFile "secretKeyFile" "secret key";
sharedSecretKeyFile = builtins.toFile "sharedSecretKeyFile" "shared secret key";
avatarSaltKeyFile = builtins.toFile "avatarSaltKeyFile" "avatar salt key";
zulipSettings = {
EXTERNAL_HOST = "EXTERNAL_HOST";
ZULIP_ADMINISTRATOR = "ZULIP_ADMINISTRATOR";
};
};
# roundcube config
services.roundcube = {
enable = true;
hostName = "webmail.${config.networking.domain}";
extraConfig = ''
$config['imap_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_host'] = "ssl://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
# mailserver config
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.${config.networking.domain}";
domains = ["${config.networking.domain}"];
x509.useACMEHost = config.mailserver.fqdn;
loginAccounts = {
"test@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
};
};
};
# cert config
security.acme = {
acceptTerms = true;
defaults.email = "mtgmonket@gmail.com";
};
services.nginx = {
enable = true;
virtualHosts."mail.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
};
# system config
system.stateVersion = "25.11";
nix.settings.experimental-features = ["flakes" "nix-command"];
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
boot.loader.grub.device = "/dev/sda";
boot.loader.timeout = 30;
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
boot.initrd.kernelModules = ["nvme"];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
networking = {
useNetworkd = true;
usePredictableInterfaceNames = true;
hostName = machine.hostname;
domain = "galaxious.de";
firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedUDPPorts = [80 443];
};
};
systemd.network = {
enable = true;
networks."40-wan" = {
matchConfig.Name = "enx0050565f4fff";
address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
routes = [
{
Gateway = "109.199.96.1";
GatewayOnLink = true;
}
{Gateway = "fe80::1";}
];
dns = ["2620:fe::fe" "9.9.9.9"];
};
};
services.openssh.enable = true;
users.mutableUsers = false;
users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];
programs.noshell.enable = true;
}

1
machines/lenovo/configuration.nix
View File

@@ -8,6 +8,7 @@
imports = [
./impermanence.nix
(modulesPath + "/installer/scan/not-detected.nix")
../../modules/nixos/zulip.nix
];
boot.loader = {
efi.canTouchEfiVariables = true;