87 lines
2.3 KiB
Nix
87 lines
2.3 KiB
Nix
{
|
|
tree,
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}: {
|
|
imports = with tree;
|
|
[
|
|
users.root
|
|
|
|
profiles.base
|
|
profiles.sshd
|
|
profiles.nginx
|
|
profiles.nix-gc
|
|
profiles.kernels.latest
|
|
|
|
./networking.nix
|
|
./hardware.nix
|
|
./secrets.nix
|
|
]
|
|
++ (lib.forEach [
|
|
"social"
|
|
"storage"
|
|
"music"
|
|
"quassel"
|
|
"piped"
|
|
"mail"
|
|
] (name: ./containers + "/${name}"))
|
|
++ (with hosts.hetzner-vm.profiles; [
|
|
vaultui
|
|
gitlab-static-sites
|
|
wireguard
|
|
nginx-misc
|
|
]);
|
|
|
|
environment.systemPackages = with pkgs;
|
|
[
|
|
(pkgs.writeShellScriptBin "journalctl-vaccum-all" ''
|
|
journalctl --vacuum-size=100M
|
|
${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
|
|
journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
|
|
''))}
|
|
'')
|
|
(pkgs.writeShellScriptBin "systemctl-list-failed-all" ''
|
|
echo "Host: "
|
|
systemctl --failed
|
|
${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
|
|
echo "Container: ${name}"
|
|
systemctl -M ${name} --failed
|
|
''))}
|
|
'')
|
|
]
|
|
++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-vaccum-${name}" ''
|
|
journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
|
|
''))
|
|
++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "systemctl-machine-${name}" ''
|
|
systemctl -M ${name} $@
|
|
''))
|
|
++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "journalctl-machine-${name}" ''
|
|
journalctl -M ${name} $@
|
|
''))
|
|
++ lib.forEach (lib.attrNames config.containers) (name: (pkgs.writeShellScriptBin "shell-enter-${name}" ''
|
|
machinectl shell ${name}
|
|
''));
|
|
|
|
# For Containers
|
|
networking.nat = {
|
|
enable = true;
|
|
internalInterfaces = ["ve-+"];
|
|
externalInterface = "eth0";
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
networking.firewall.allowedUDPPorts = [443];
|
|
|
|
home-manager.users.root = {
|
|
imports = with tree; [home.base home.dev.small];
|
|
home.stateVersion = "23.05";
|
|
};
|
|
|
|
networking.hostName = "hetzner-vm";
|
|
time.timeZone = "Europe/London";
|
|
|
|
system.stateVersion = "23.05";
|
|
}
|