From 390518f94dc6aee60a525447714b17a644496a79 Mon Sep 17 00:00:00 2001 From: Lucas Sta Maria Date: Fri, 15 Aug 2025 16:51:22 +0000 Subject: [PATCH] refactor(nix): organise sys and nw --- nix/hosts/chaewon/nw.nix | 111 ++++++++++++++++++++++++++++++++++++++ nix/hosts/chaewon/sys.nix | 109 +------------------------------------ 2 files changed, 112 insertions(+), 108 deletions(-) create mode 100644 nix/hosts/chaewon/nw.nix diff --git a/nix/hosts/chaewon/nw.nix b/nix/hosts/chaewon/nw.nix new file mode 100644 index 0000000..2348b25 --- /dev/null +++ b/nix/hosts/chaewon/nw.nix @@ -0,0 +1,111 @@ +{ config, lib, ... }: { + # Generated by nixos-infect + networking.domain = ""; + services.openssh.enable = true; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi" + ]; + + # Generated by nixos-infect + networking = { + nameservers = [ "8.8.8.8" ]; + defaultGateway = "172.31.1.1"; + defaultGateway6 = { + address = "fe80::1"; + interface = "eth0"; + }; + dhcpcd.enable = false; + usePredictableInterfaceNames = lib.mkForce false; + interfaces = { + eth0 = { + ipv4.addresses = [{ + address = "178.156.207.225"; + prefixLength = 32; + }]; + ipv6.addresses = [ + { + address = "2a01:4ff:f0:7ccc::1"; + prefixLength = 64; + } + { + address = "fe80::9000:6ff:fe59:7a8b"; + prefixLength = 64; + } + ]; + ipv4.routes = [{ + address = "172.31.1.1"; + prefixLength = 32; + }]; + ipv6.routes = [{ + address = "fe80::1"; + prefixLength = 128; + }]; + }; + + }; + }; + services.udev.extraRules = '' + ATTR{address}=="92:00:06:59:7a:8b", NAME="eth0" + ''; + + # User-generated + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; + + security.acme = { + acceptTerms = true; + defaults.email = "lucas@priime.dev"; + certs = { + "priime.dev" = { + webroot = "/var/lib/acme/priime.dev"; + email = "lucas@priime.dev"; + group = "nginx"; + extraDomainNames = [ "www.priime.dev" ]; + }; + "files.priime.dev" = { + webroot = "/var/lib/acme/files.priime.dev"; + email = "lucas@priime.dev"; + group = "nginx"; + }; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "priime.dev" = { + default = true; + forceSSL = true; + useACMEHost = "priime.dev"; + serverAliases = [ "www.priime.dev" ]; + acmeRoot = "/var/lib/acme/priime.dev"; + locations."/" = { + root = "/var/www/site"; + index = "index.html"; + tryFiles = "$uri $uri.html $uri/ /404.html"; + }; + }; + "files.priime.dev" = { + forceSSL = true; + useACMEHost = "files.priime.dev"; + acmeRoot = "/var/lib/acme/files.priime.dev"; + locations."/" = { + root = "/var/lib/files.priime.dev"; + extraConfig = '' + autoindex on; + autoindex_exact_size off; + autoindex_localtime on; + ''; + }; + }; + "git.priime.dev" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:3000"; + }; + }; + }; +} diff --git a/nix/hosts/chaewon/sys.nix b/nix/hosts/chaewon/sys.nix index 9c63387..fddbc92 100644 --- a/nix/hosts/chaewon/sys.nix +++ b/nix/hosts/chaewon/sys.nix @@ -1,5 +1,5 @@ { inputs, config, pkgs, lib, ... }: { - imports = [ ./hw.nix ../../modules/secrets.nix ]; + imports = [ ./hw.nix ./nw.nix ../../modules/secrets.nix ]; time.timeZone = "America/New_York"; @@ -7,74 +7,6 @@ boot.tmp.cleanOnBoot = true; zramSwap.enable = true; networking.hostName = "chaewon-nixos-ash-1"; - networking.domain = ""; - services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBGpnPYxrYnmtFaf591Q80FQPb01dqTwlH58V6uRa7Fi" - ]; - - # Generated by nixos-infect - networking = { - nameservers = [ "8.8.8.8" ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4.addresses = [{ - address = "178.156.207.225"; - prefixLength = 32; - }]; - ipv6.addresses = [ - { - address = "2a01:4ff:f0:7ccc::1"; - prefixLength = 64; - } - { - address = "fe80::9000:6ff:fe59:7a8b"; - prefixLength = 64; - } - ]; - ipv4.routes = [{ - address = "172.31.1.1"; - prefixLength = 32; - }]; - ipv6.routes = [{ - address = "fe80::1"; - prefixLength = 128; - }]; - }; - - }; - }; - services.udev.extraRules = '' - ATTR{address}=="92:00:06:59:7a:8b", NAME="eth0" - ''; - - security.acme = { - acceptTerms = true; - defaults.email = "lucas@priime.dev"; - certs = { - "priime.dev" = { - webroot = "/var/lib/acme/priime.dev"; - email = "lucas@priime.dev"; - group = "nginx"; - extraDomainNames = [ "www.priime.dev" ]; - }; - "files.priime.dev" = { - webroot = "/var/lib/acme/files.priime.dev"; - email = "lucas@priime.dev"; - group = "nginx"; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; @@ -103,45 +35,6 @@ programs.fish.enable = true; - services.nginx = { - enable = true; - virtualHosts = { - "priime.dev" = { - default = true; - forceSSL = true; - useACMEHost = "priime.dev"; - serverAliases = [ "www.priime.dev" ]; - acmeRoot = "/var/lib/acme/priime.dev"; - locations."/" = { - root = "/var/www/site"; - index = "index.html"; - tryFiles = "$uri $uri.html $uri/ /404.html"; - }; - }; - "files.priime.dev" = { - forceSSL = true; - useACMEHost = "files.priime.dev"; - acmeRoot = "/var/lib/acme/files.priime.dev"; - locations."/" = { - root = "/var/lib/files.priime.dev"; - extraConfig = '' - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - ''; - }; - }; - "git.priime.dev" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "http://localhost:3000"; - }; - }; - }; - services.forgejo = { enable = true; database.type = "postgres";