feat(tanzanite): nginx configuration for forgio

feat(tanzanite): nginx configuration for website
feat(tanzanite): acme cert configuration
2024-12-21 19:20:17 -08:00 · 2024-12-21 19:19:45 -08:00 · 2024-12-21 19:18:43 -08:00 · 2024-12-21 19:18:09 -08:00 · 2024-12-21 19:17:45 -08:00 · 2024-12-21 19:17:11 -08:00
4 changed files with 149 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -68,6 +68,24 @@
          }
        ];
      };
+      tanzanite = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+
+          ./packages/default.nix
+          ./hosts/tanzanite/default.nix
+          ./users/nyadmin/default.nix
+
+          home-manager.nixosModules.home-manager
+          {
+             home-manager.extraSpecialArgs = {inherit inputs;};
+             home-manager.useGlobalPkgs = true;
+             home-manager.useUserPackages = true;
+             home-manager.users.nyadmin = import ./users/nyadmin/home.nix;
+          }
+        ];
+      };
    };
  };

--- a/hosts/tanzanite/default.nix
+++ b/hosts/tanzanite/default.nix
@ -0,0 +1,130 @@
+{ config, lib, pkgs, modulesPath, ... }:
+let
+
+in {
+  imports = [ ../default.nix ];
+
+  stitchyconf = {
+    form = "server";
+  };
+
+  networking.hostName = "tanzanite";
+  time.timeZone = "America/Los_Angeles";
+
+  virtualisation.docker = {
+    enable = true;
+    daemon.settings = {
+      data-root = "/opt/data";
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "stitchy@stitchy.moe";
+    defaults.dnsProvider = "porkbun";
+    defaults.environmentFile = "/persist/acme/porkbun.tokens";
+    certs = {
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "stitchy.moe" = {
+        enableACME = true;
+        forceSSL = true;
+        root = "/opt/www/stitchy.moe/public";
+      };
+      "gay.stitchy.moe" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3333";
+        };
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 22 80 222 443 ];
+  };
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  # Redundant Storage
+  fileSystems."/opt/data" = {
+    device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
+    fsType = "btrfs";
+    options = [ "subvol=@data" "compress=zstd" ];
+  };
+
+  fileSystems."/opt/docker-containers" = {
+    device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
+    fsType = "btrfs";
+    options = [ "subvol=@docker-containers" "compress=zstd" ];
+  };
+
+  fileSystems."/opt/www" = {
+    device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
+    fsType = "btrfs";
+    options = [ "subvol=@www" "compress=zstd" ];
+  };
+
+  # Non-Redundant Storage
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
+      fsType = "btrfs";
+      options = [ "subvol=@nix-root" "compress=zstd"];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
+      fsType = "btrfs";
+      options = [ "subvol=@nix-home" "compress=zstd"];
+    };
+
+  fileSystems."/nix/store" =
+    { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" "noatime" "compress=zstd"];
+    };
+
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
+      fsType = "btrfs";
+      options = [ "subvol=@persist" "compress=zstd"];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/262D-F161";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/5c007a16-9f0f-42d0-8761-63bea3120f6d"; }
+    ];
+
+  # Static Networking
+  systemd.network.enable = true;
+  networking.useNetworkd = true;
+  systemd.network.networks."10-lan" = {
+    matchConfig.Name = "enp0s31f6";
+    address = [
+        "192.168.51.3/24"
+    ];
+    routes = [
+      { Gateway = "192.168.51.1"; }
+    ];
+    linkConfig.RequiredForOnline = "routable";
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+  system.stateVersion = "24.11";
+}
--- a/packages/default.nix
+++ b/packages/default.nix
@ -75,6 +75,7 @@ in
      "glsl_analyzer"
      "gnumake"
      "gnupg"
+      "hugo"
      "lazygit"
      "mypy"
      "neofetch"
--- a/users/stitchynyan/home.nix
+++ b/users/stitchynyan/home.nix
@ -55,7 +55,6 @@ in
    home.packages = with pkgs; [
      cider
      ngspice
-      hugo
      kicad
      #steamvr?
      procps
Author	SHA1	Message	Date
stitchy	5a37fd5165	feat(tanzanite): nginx configuration for forgio	2024-12-21 19:20:17 -08:00
stitchy	59ad109068	feat(tanzanite): nginx configuration for website	2024-12-21 19:19:45 -08:00
stitchy	38c9117551	feat(tanzanite): acme cert configuration	2024-12-21 19:18:43 -08:00
stitchy	0effd94182	feat(tanzanite): use old docker data dir	2024-12-21 19:18:09 -08:00
stitchy	8bff5db0f5	feat(tanzanite): redundant storage configuration	2024-12-21 19:17:45 -08:00
stitchy	0283dea2e6	feat!: init tanzanite host!	2024-12-21 19:17:11 -08:00
stitchy	0c12e52353	fix: hugo systemwide package	2024-12-21 19:13:30 -08:00