setup server

2023-10-26 18:06:12 +02:00
parent dbfab97946
commit 670c01b562
7 changed files with 52 additions and 53 deletions
--- a/test-server/configuration.nix
+++ b/test-server/configuration.nix
@@ -15,19 +15,13 @@ in{
    ];

  # Bootloader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
-  boot.loader.grub.useOSProber = true;
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "server"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Enable networking
-  networking.networkmanager.enable = true;
+  #networking.networkmanager.enable = true;
  networking.firewall.allowedTCPPorts = [ 22 53 80 443 ];
  networking.firewall.allowedUDPPorts = [ 53 ];

@@ -52,7 +46,7 @@ in{
  # Enable the X11 windowing system.
  services.xserver.enable = true;

-  # Enable the KDE Desktop Environment.
+  # Enable the KDE Plasma Desktop Environment.
  services.xserver.displayManager.sddm.enable = true;
  services.xserver.desktopManager.plasma5.enable = true;

@@ -82,10 +76,6 @@ in{
    #media-session.enable = true;
  };

-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  virtualisation.docker.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.anon = {
    isNormalUser = true;
@@ -93,6 +83,7 @@ in{
    extraGroups = [ "networkmanager" "wheel" "docker" ];
    packages = with pkgs; [
      firefox
+      kate
    #  thunderbird
    ];
  };
@@ -100,8 +91,6 @@ in{
  # Allow unfree packages
  nixpkgs.config.allowUnfree = true;

-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
  environment.systemPackages = with pkgs; [
    kate
    wget
--- a/test-server/flake.nix
+++ b/test-server/flake.nix
@@ -9,11 +9,12 @@
    nixosConfigurations.server = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [ 
+	      ./modules/ip-server.nix
        ./configuration.nix 
        ./modules/nix-settings.nix
        ./modules/adguard.nix
        ./modules/git.nix
-        ./modules/vmware-guest.nix
+        #./modules/vmware-guest.nix
        ./modules/github-runner.nix
        ./modules/nextcloud.nix
        ./modules/acme.nix
--- a/test-server/hardware-configuration.nix
+++ b/test-server/hardware-configuration.nix
@@ -4,31 +4,38 @@
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [ ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];

-  boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/0e1701f7-2c7b-4a36-acca-1c12cb642095";
+    { device = "/dev/disk/by-uuid/1af836fb-ffef-4362-84af-bcb24d4db068";
      fsType = "ext4";
    };

-  fileSystems."/mnt/backup" =
-  {
-    device = "/dev/disk/by-uuid/8c49cdd0-78a0-45cc-93f1-4287524d20c3";
-    fsType = "ext4";
-  };
-  swapDevices = [ ];
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B9EB-F6A4";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/e4bf3959-4d3c-4980-82c1-c5ec2104ec93"; }
+    ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens33.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/test-server/modules/github-runner.nix
+++ b/test-server/modules/github-runner.nix
@@ -26,7 +26,7 @@
    ];
    services.github-runner = {
        enable = true;
-        name = "runner-oberprofis";
+        name = "nixos-server";
        tokenFile = config.age.secrets.github-runner-token.path;
        url = "https://github.com/oberprofis";
        user = "github-actions-runner";
--- a/test-server/modules/ip-server.nix
+++ b/test-server/modules/ip-server.nix
@@ -1,7 +1,6 @@
 {
  networking = {
-    defaultGateway = "192.168.0.6";
-    hostname = "server";
+    defaultGateway = "192.168.0.1";
    useDHCP = false;
    firewall.enable = true;
    nameservers = [
@@ -9,13 +8,13 @@
      "1.1.1.1"
    ];
    interfaces = {
-      #"enp11s0" = {
-      #  name = "eth0";
-      #};
-      ens33.ipv4.addresses = [{
-        address = "192.168.0.6";
-        prefixLength = 24;
-      }];
+      "enp0s31f6" = {
+        name = "eth0";
+	      ipv4.addresses = [{
+          address = "192.168.0.6";
+          prefixLength = 24;
+        }];
+      };
    };
  };
 }
--- a/test-server/modules/nginx.nix
+++ b/test-server/modules/nginx.nix
@@ -14,15 +14,15 @@
        # Setup Nextcloud virtual host to listen on ports
        virtualHosts = {
            "kopatz.ddns.net" = {
-                serverAliases = [
-                    "www.kopatz.ddns.net"
-                    "server.home"
-                    "server.local"
-                    "192.168.0.6"
-                ];
+                #serverAliases = [
+                #    "www.kopatz.ddns.net"
+                #    "server.home"
+                #    "server.local"
+                #    "192.168.0.6"
+                #];
                root = "/var/www";
-                #forceSSL = true;
-                #enableACME = true;
+                forceSSL = true;
+                enableACME = true;
                locations."~* \\.(jpg)$".extraConfig= ''
                    add_header Access-Control-Allow-Origin *;
                '';
--- a/test-server/secrets/github-runner-token.age
+++ b/test-server/secrets/github-runner-token.age
@@ -1,9 +1,12 @@
 age-encryption.org/v1
-> ssh-ed25519 yfCCMw LJgZE8HarT+kboPCRiaN9VuMdVxK0LcE+BFQuulLZy4
-2tIzeYMkUkqaAWffIcFNPpKwrXlP3tVdcNB/p7it4Ak
-> ssh-ed25519 IV3DkQ cCl5buxIb8VYM2gfHMPNXFwjSbr2DUnXA1LbEE7jDAM
-b2kv33A9XIRnnbkNzCvMSu++fD5xhKWbr9KdjprHaZI
-> Q<u;5zH4-grease Ycg 5, u^gMZ dZt
-sXFDu+etx9NPsd0VDp2CjurnsMg8
--- o6bcU+ys7PRE55xYbriveVB7rUHLQXHYKoWS62IhGU8
-pwÎMAZ¥†ÖÙ~¤§h`nKP+c<>\v›gO_&÷ÁvbrbþXT
+-> ssh-ed25519 yfCCMw rvIxniIy9V9MEusfISoYDZACLPHWIXlpeTDCsXhbxQ4
+Fh5jIyimXuB1xwfsYS5TeTI5yXPxF9K/M7YlBW9DSMw
+-> ssh-ed25519 IV3DkQ XzdSfWvjKSu6RiUV5BWvOasK6QFB2uOHybtYEYnDnwg
+BhtquDcngJfnGhfb4kHgfuQAZyXLKzm8518zXvwki0o
+-> 'Xd:O-grease sG
+Z4FSpQUYvPvA3YAf9NoXPQ30KwLYEL0XNJLXtbGESfllNc7cM5tOTn+szfotRwVI
+3wGBWkTzE5g0rfLhVGUybFJIlMguXvZVl2EQ
+--- xu2w56OhLGufb9mMXZQ/8Y/xTD0Ke8Yvf8h6zVE0p7g
+ØJô$‹ÇC7<43>
+¼Í¥ïF˜ç‹ßE
+I+’