Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add nova

Browse source
This commit is contained in:
Henry Hiles 2025-10-17 13:56:14 -04:00
commit 49237cd86d
No known key found for this signature in database
15 changed files with 152 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

10
clients/nova/continuwuity.nix Normal file
View file

@ -0,0 +1,10 @@
{
quad.matrix = {
enable = true;
domain = "polyphony.chat";
settings.well_known = {
support_email = "info@polyphony.chat";
support_mxid = null;
};
};
}

16
clients/nova/flori.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, ... }:
{
users = {
mutableUsers = true;
users.flori = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcXzWUeVwJN7iPxMT/1lhJySY4t6Z2/fH/GHVuzQFr6 cardno:32_241_564"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBnstd9HyyIjfXWfGymWDcRlK9nZuqgTIcueiqPUDaQ star@starforge"
];
hashedPasswordFile = config.age.secrets."initialFloriPassword.age".path;
description = "Flori";
extraGroups = [ "wheel" ];
};
};
}

7
clients/nova/hardware-configuration.nix Normal file
View file

@ -0,0 +1,7 @@
{
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.availableKernelModules = [
"virtio_pci"
"virtio_net"
];
}

20
clients/nova/unlock-ssh-initrd.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, ... }:
{
fileSystems."/".options = [ "x-systemd.device-timeout=0" ];
networking.firewall.allowedTCPPorts = [ 222 ];
boot = {
loader.grub.enable = false;
initrd = {
systemd = {
enable = true;
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
network.ssh = {
enable = true;
port = 222;
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ];
authorizedKeys = config.users.users.ava.openssh.authorizedKeys.keys;
};
};
};
}

0
modules/server/disko.nix → clients/quadraticserver/disko.nix
View file

2
clients/quadraticserver/matrix/bridges.nix
View file

@ -66,7 +66,7 @@ in
matrix-ooye = { matrix-ooye = {
enable = true; enable = true;
homeserver = client; homeserver = client;
homeserverName = "federated.nexus"; homeserverName = server_name;
discordTokenPath = config.age.secrets."discordToken.age".path; discordTokenPath = config.age.secrets."discordToken.age".path;
discordClientSecretPath = config.age.secrets."discordClientSecret.age".path; discordClientSecretPath = config.age.secrets."discordClientSecret.age".path;
socket = "8081"; socket = "8081";

43
clients/quadraticserver/matrix/continuwuity.nix
View file

@ -1,39 +1,10 @@
{ lib, ... }:
{ {
systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always"; quad.matrix = rec {
enable = true;
services = domain = "federated.nexus";
let settings.well_known = {
domain = "federated.nexus"; support_email = "henry@henryhiles.com";
subdomain = "matrix.${domain}"; support_mxid = "@quadradical:${domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in
{
matrix-continuwuity = {
enable = true;
group = "caddy";
settings.global = {
server_name = domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [ ];
url_preview_domain_explicit_allowlist = [ "*" ];
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
support_email = "henry@henryhiles.com";
support_mxid = "@quadradical:${domain}";
};
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
}; };
};
} }

1
clients/quadraticserver/ssh.nix Normal file
View file

@ -0,0 +1 @@
{ services.openssh.ports = [ 2222 ]; }

4
flake.nix
View file

@ -158,6 +158,10 @@
type = "server"; type = "server";
graphical = false; graphical = false;
}; };
"nova" = {
type = "server";
graphical = false;
};
"quadphone" = { "quadphone" = {
type = "mobile"; type = "mobile";
system = "aarch64-linux"; system = "aarch64-linux";

2
modules/graphical/ssh.nix
View file

@ -3,5 +3,7 @@
Host server Host server
HostName ssh.federated.nexus HostName ssh.federated.nexus
Port 2222 Port 2222
Host nova
HostName nova.bitfl0wer.de
''; '';
} }

2
modules/mobile/repart.nix
View file

@ -11,8 +11,6 @@ let
in in
{ {
imports = [ "${modulesPath}/image/repart.nix" ]; imports = [ "${modulesPath}/image/repart.nix" ];
boot.loader.grub.enable = false;
systemd.repart = { systemd.repart = {
enable = true; enable = true;
partitions."03-root".Type = "root"; partitions."03-root".Type = "root";

10
clients/quadraticserver/caddy.nix → modules/server/caddy.nix
View file

@ -5,6 +5,11 @@
... ...
}: }:
{ {
options.services.caddy.authedHosts = lib.mkOption {
type = lib.types.attrsOf lib.types.lines;
default = [ ];
};
config = { config = {
systemd.services.caddy.serviceConfig.Restart = lib.mkForce "always"; systemd.services.caddy.serviceConfig.Restart = lib.mkForce "always";
networking.firewall.allowedTCPPorts = [ 443 ]; networking.firewall.allowedTCPPorts = [ 443 ];
@ -44,9 +49,4 @@
}) config.services.caddy.authedHosts; }) config.services.caddy.authedHosts;
}; };
}; };
options.services.caddy.authedHosts = lib.mkOption {
type = lib.types.attrsOf lib.types.lines;
default = [ ];
};
} }

47
modules/server/continuwuity.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, lib, ... }:
{
options.quad.matrix = {
enable = lib.mkEnableOption "matrix";
domain = lib.mkOption { type = lib.types.string; };
settings = lib.mkOption {
type = lib.types.submodule { };
default = { };
};
};
config = {
systemd.services.continuwuity.serviceConfig.Restart = lib.mkForce "always";
services =
let
subdomain = "matrix.${config.quad.matrix.domain}";
socket = "/var/run/continuwuity/continuwuity.sock";
in
{
matrix-continuwuity = {
enable = config.quad.matrix.enable;
group = "caddy";
settings.global = config.quad.matrix.settings // {
server_name = config.quad.matrix.domain;
unix_socket_path = socket;
new_user_displayname_suffix = "";
allow_public_room_directory_over_federation = true;
trusted_servers = [
"matrix.org"
"tchncs.de"
"maunium.net"
];
ignore_messages_from_server_names = [ ];
url_preview_domain_explicit_allowlist = [ "*" ];
well_known = {
client = "https://${subdomain}";
server = "${subdomain}:443";
};
};
};
caddy.virtualHosts."${subdomain}".extraConfig = "reverse_proxy unix/${socket}";
};
};
}

34
modules/server/ssh.nix
View file

@ -1,16 +1,28 @@
let
port = 2222;
in
{ {
networking.firewall.allowedTCPPorts = [ port ];
users.users.quadradical.openssh.authorizedKeys.keys = import ../../secrets/keys.nix; users.users.quadradical.openssh.authorizedKeys.keys = import ../../secrets/keys.nix;
services.openssh = { services = {
enable = true; openssh = {
ports = [ port ]; enable = true;
settings = { openFirewall = true;
PasswordAuthentication = false; settings = {
AllowUsers = [ "quadradical" ]; PasswordAuthentication = false;
PermitRootLogin = "no"; AllowUsers = [ "quadradical" ];
PermitRootLogin = "no";
};
};
fail2ban = {
enable = true;
maxretry = 5;
ignoreIP = [ "192.168.0.0/16" ];
bantime = "6h";
bantime-increment = {
enable = true;
formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
maxtime = "240h";
overalljails = true;
};
}; };
}; };
} }

9
secrets/initialFloriPassword.age Normal file
View file

@ -0,0 +1,9 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFZLUVVkUSBPSXBv
OWZxUnNMOWxHbDV0Z3h1N2JrbjBiOFh2b2YxZ2RWVlZHMUUzVEhNCjg2QysxRk1w
cWZoREZvTTZITFkrRGt2a0xhZGhJSmFLS0tuNkdjSWhMeGcKLT4gKmxvIWstZ3Jl
YXNlIGZ4cyBGIEFOVEwseXdhIFVNOWV3CktuM3lKZUM0ekdpalhWKzIzbE9DSnZi
OHlWOEJOMG9KWjcrTXI4MllodytGazgzRVpoSQotLS0gODJmRHpLT3oxU1lSbUNQ
WXhKem50VFJsUjVpbkFrVUdMZi9Yam5ta21hWQqYwhZCHkg5hjh4PboW8UCZOChC
y+LqaQY4MhIXHWnMlVJYig==
-----END AGE ENCRYPTED FILE-----