diff --git a/config/base.nix b/config/base.nix index 0fa99ac..227f5e1 100644 --- a/config/base.nix +++ b/config/base.nix @@ -17,6 +17,7 @@ nix.registry = (lib.mapAttrs (_: flake: {inherit flake;})) ((lib.filterAttrs (_: lib.isType "flake")) inputs); nix.nixPath = ["/etc/nix/path"]; + users.defaultUserShell = pkgs.bash; programs.fish.enable = true; programs.bash = { interactiveShellInit = '' @@ -27,7 +28,6 @@ fi ''; }; - users.defaultUserShell = pkgs.bash; environment.etc = lib.mapAttrs' (name: value: { @@ -88,7 +88,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; console.keyMap = "sv-latin1"; - # programs.zsh.enable = true; services = { openssh = { diff --git a/config/home.nix b/config/home.nix index 1b5246e..70fe349 100644 --- a/config/home.nix +++ b/config/home.nix @@ -15,7 +15,7 @@ ../moduler/common/tmux.nix # ../moduler/common/zsh.nix ../moduler/common/fish.nix - ../moduler/common/starship.nix + # ../moduler/common/starship.nix ../moduler/common/git.nix ../moduler/common/nixpkgs.nix ../moduler/common/firefox.nix diff --git a/flake.nix b/flake.nix index 51b2897..1c5e630 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,10 @@ inherit inputs outputs; myhostname = "desktop"; }; - modules = [./maskiner/desktop/configuration.nix]; + modules = [ + ({nixpkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + ./maskiner/desktop/configuration.nix + ]; }; jobb = nixpkgs.lib.nixosSystem { specialArgs = { diff --git a/maskiner/desktop/configuration.nix b/maskiner/desktop/configuration.nix index 4ee7cc1..f0feb19 100644 --- a/maskiner/desktop/configuration.nix +++ b/maskiner/desktop/configuration.nix @@ -13,8 +13,22 @@ ./hardware-configuration.nix ../../config/base.nix ../../config/users.nix + ../../moduler/common/nginx.nix ]; + environment.systemPackages = with pkgs; [ + unstable.lego + ]; +networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + allowedUDPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } + ]; +}; + + security.rtkit.enable = true; networking.hostName = myhostname; diff --git a/maskiner/server/configuration.nix b/maskiner/server/configuration.nix index 9601712..8634ecf 100644 --- a/maskiner/server/configuration.nix +++ b/maskiner/server/configuration.nix @@ -109,7 +109,7 @@ PermitRootLogin = "no"; PasswordAuthentication = false; X11Forwarding = true; - }; + }; extraConfig = '' AllowUsers fw ''; diff --git a/moduler/common/fish.nix b/moduler/common/fish.nix index 6eee371..d793069 100644 --- a/moduler/common/fish.nix +++ b/moduler/common/fish.nix @@ -12,10 +12,30 @@ sha256 = "0dbnir6jbwjpjalz14snzd3cgdysgcs3raznsijd6savad3qhijc"; }; } + { + name = "autopair"; + src = pkgs.fishPlugins.autopair.src; + } + { + name = "tide"; + src = pkgs.fishPlugins.tide.src; + } + { + name = "fzf"; + src = pkgs.fishPlugins.fzf.src; + } + { + name = "done"; + src = pkgs.fishPlugins.done.src; + } + { + name = "sponge"; + src = pkgs.fishPlugins.sponge.src; + } { - name = "grc"; - src = pkgs.fishPlugins.grc.src; - } + name = "grc"; + src = pkgs.fishPlugins.grc.src; + } ]; shellAbbrs = { homec="nvim ~/nix/config/home.nix"; @@ -23,6 +43,7 @@ }; interactiveShellInit = '' ${pkgs.any-nix-shell}/bin/any-nix-shell fish --info-right | source + set fish_greeting # Disable greeting ''; }; } diff --git a/moduler/common/nginx.nix b/moduler/common/nginx.nix index 78c02b0..ec6c6f6 100644 --- a/moduler/common/nginx.nix +++ b/moduler/common/nginx.nix @@ -5,6 +5,8 @@ networking.firewall = { }; services.nginx = { enable = true; + user = "nginx"; + group = "nginx"; # Use recommended settings recommendedGzipSettings = true; @@ -13,60 +15,6 @@ networking.firewall = { recommendedTlsSettings = true; virtualHosts = { - "git.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:3009"; - proxyWebsockets = true; - }; - }; - "cal.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:5232"; - proxyWebsockets = true; - }; - }; - "warden.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8083"; - proxyWebsockets = true; - }; - }; - "home.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8085"; - proxyWebsockets = true; - }; - }; - "search.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8060"; - proxyWebsockets = true; - }; - }; - "docs.wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8003"; - proxyWebsockets = true; - }; - }; "bilder.wastring.com" = { sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; @@ -76,15 +24,69 @@ networking.firewall = { proxyWebsockets = true; }; }; - "wastring.com" = { - sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; - sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; - forceSSL = true; - locations."/" = { - proxyPass = "http://172.17.0.1:8085"; - proxyWebsockets = true; - }; - }; + # "git.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:3009"; + # proxyWebsockets = true; + # }; + # }; + # "cal.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:5232"; + # proxyWebsockets = true; + # }; + # }; + # "warden.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:8083"; + # proxyWebsockets = true; + # }; + # }; + # "home.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:8085"; + # proxyWebsockets = true; + # }; + # }; + # "search.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:8060"; + # proxyWebsockets = true; + # }; + # }; + # "docs.wastring.com" = { + # sslCertificateKey = "/certs/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:8003"; + # proxyWebsockets = true; + # }; + # }; + # "wastring.com" = { + # sslCertificateKey = "/home/fw/.lego/certificates/wastring.com.key"; + # sslCertificate = "/certs/.lego/certificates/wastring.com.crt"; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://172.17.0.1:2283"; + # proxyWebsockets = true; + # }; + # }; }; }; }