commit 0e39daf16be1b3222d692f58c1482710d3b06c49 Author: Nicholas McDaniel Date: Thu Jan 22 10:50:59 2026 -0500 Initial server configuration diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..6e3c965 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,5 @@ +root = true + +[*] +indent_style = space +indent_size = 4 diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..ed4981b --- /dev/null +++ b/configuration.nix @@ -0,0 +1,72 @@ +{ + self, + inputs, + modulesPath, + lib, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ./modules/disk-config.nix + + ./modules/nginx.nix + ./modules/gitea.nix + ]; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "25.11"; + nixpkgs.hostPlatform = "x86_64-linux"; + hardware.enableRedistributableFirmware = true; + networking.hostName = "garden"; + time.timeZone = "UTC"; + + networking.useDHCP = true; + boot.kernelParams = [ "net.ifnames=0" ]; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 ]; + allowedUDPPorts = [ 22 ]; + allowedUDPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } + ]; + }; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + users.users.admin = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBEyvP3QsMUk8k+h/gjmHUZvic/lKVfQDNISIhwiJ4OArcvo8Y1c9Hg+wagVkSw3xA+ggBQw/E7VYoMvx/JtcAQsAAAAEc3NoOg== ssh:" + ]; + extraGroups = [ "wheel" ]; + }; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + # Global packages + environment.systemPackages = with pkgs; [ + neovim + nano + git + ]; + + programs.bash.completion.enable = true; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..03b1977 --- /dev/null +++ b/flake.nix @@ -0,0 +1,25 @@ +{ + description = "Garden System Configuration"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11"; + + home-manager.url = "github:nix-community/home-manager/release-25.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, disko, ... } @inputs: { + nixosConfigurations = { + garden = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + disko.nixosModules.disko + ./configuration.nix + ]; + }; + }; + }; +} diff --git a/modules/disk-config.nix b/modules/disk-config.nix new file mode 100644 index 0000000..7f3dcaa --- /dev/null +++ b/modules/disk-config.nix @@ -0,0 +1,38 @@ +{ lib, ... }: +{ + disko.devices.disk.os = { + # device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_110097335"; + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + type = "EF02"; + size = "1M"; + }; + ESP = { + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + mountOptions = [ + "defaults" + "pquota" + ]; + }; + }; + }; + }; + }; +} diff --git a/modules/gitea.nix b/modules/gitea.nix new file mode 100644 index 0000000..a645fed --- /dev/null +++ b/modules/gitea.nix @@ -0,0 +1,13 @@ +{config, ...}: +{ + services.gitea = { + enable = true; + + settings = { + service.DISABLE_REGISTRATION = true; + server = { + ROOT_URL = "https://seed.tty.garden/"; + }; + }; + }; +} diff --git a/modules/nginx.nix b/modules/nginx.nix new file mode 100644 index 0000000..aea70a3 --- /dev/null +++ b/modules/nginx.nix @@ -0,0 +1,59 @@ +{config, ...}: +{ + security.acme = { + acceptTerms = true; + defaults.email = "nickmcdaniel00@gmail.com"; + + certs."tty.garden" = { + dnsProvider = "porkbun"; + environmentFile = "/root/dns_environment"; + + extraDomainNames = [ + "*.tty.garden" + ]; + + group = config.services.nginx.group; + reloadServices = [ + "nginx" + ]; + }; + }; + + systemd.tmpfiles.rules = [ + # Core Web Directory + "d /var/www/tty.garden - root nginx -" + # Mirrors + "d /var/www/mirror - root nginx -" + "d /var/www/mirror/maple - ahill nginx -" + ]; + + services.nginx = + let vhostDefault = { + addSSL = true; + useACMEHost = "tty.garden"; + acmeRoot = null; + }; in { + enable = true; + + virtualHosts = { + "tty.garden" = vhostDefault // { + root = "/var/www/tty.garden"; + + # TODO: User public_html folders + # Use disable symlinks with `if_not_owner` and from=$HOME for user + }; + "seed.tty.garden" = vhostDefault // { + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + }; + }; + "mirror.tty.garden" = vhostDefault // { + root = "/var/www/mirror"; + + locations."/" = { + extraConfig = "autoindex on;"; + }; + }; + }; + }; +}