Initial commit

2017-11-17 02:11:40 +01:00
commit 7c7689ef25
13 changed files with 229 additions and 0 deletions
--- a/boot.nix
+++ b/boot.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{
+    # Use the GRUB 2 boot loader.
+    boot.loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/sda";
+    };
+}
--- a/configuration.nix
+++ b/configuration.nix
@@ -0,0 +1,31 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+    imports =
+    [
+        ./hardware-configuration.nix
+        ./boot.nix
+        ./i18n.nix
+        ./network.nix
+        ./programs/installed.nix
+        ./services/enabled.nix
+        ./users.nix
+    ];
+
+    nixpkgs.config.allowUnfree = true;
+    nix.gc.automatic = true;
+    nix.gc.dates = "03:15";
+
+    # This value determines the NixOS release with which your system is to be
+    # compatible, in order to avoid breaking some software such as database
+    # servers. You should change this only after NixOS release notes say you
+    # should.
+    system = {
+        stateVersion = "17.09"; # Did you read the comment?
+        autoUpgrade.enable = true;
+    };
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@@ -0,0 +1,23 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/fecfee3f-e48a-405f-9a3e-7de8d1e3b31d";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nix.maxJobs = lib.mkDefault 6;
+}
--- a/i18n.nix
+++ b/i18n.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+    # Select internationalisation properties.
+    i18n = {
+        consoleKeyMap = "de";
+        defaultLocale = "de_DE.UTF-8";
+    };
+
+    # Set your time zone.
+    time.timeZone = "Europe/Amsterdam";
+}
--- a/network.nix
+++ b/network.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+
+{
+    networking.hostName = "stubbfelnix";
+}
--- a/programs/installed.nix
+++ b/programs/installed.nix
@@ -0,0 +1,12 @@
+{ config, pkgs, ... }:
+
+{
+    environment.systemPackages = with pkgs; [
+        wget curl vim nano zsh fzf tmux
+    ];
+
+    imports =
+    [
+        ./zsh.nix
+    ];
+}
--- a/programs/zsh.nix
+++ b/programs/zsh.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{
+    programs.zsh = {
+        enable = true;
+        enableAutosuggestions = true;
+        enableCompletion = true;
+        syntaxHighlighting.enable = true;
+    };
+}
--- a/services/enabled.nix
+++ b/services/enabled.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+    imports =
+    [
+        ./sshd.nix
+        ./teamspeak.nix
+        ./nginx.nix
+        ./gitlab.nix
+    ];
+}
--- a/services/gitlab.nix
+++ b/services/gitlab.nix
@@ -0,0 +1,55 @@
+{ config, pkgs, ... }:
+
+
+{
+    services.gitlab = {
+        enable = true;
+        host = "git.stubbe.rocks";
+        https = true;
+	port = 443;
+        initialRootEmail = "gitlab@stubbe.rocks";
+        initialRootPassword = "gtlb@stbbe.rcks";
+        smtp = {
+            enable = true;
+            address = "localhost";
+            port = 25;
+        };
+        databasePassword = "arqN1MgbxS9sBJIcpSmErDnHHM4Q2dOi4C9zKgK6ifHRucN2RlUpUc6jrFWbnX1hNsT9sOGCSINyUJEyijpJC64mOOXHYtWWjGQ2Dv6QvXbUrnRDcSLPy5fs9410pZAp";
+        secrets.secret ="7Q7Xij4VsXc1FIwSZuSi6uf6Z4yD4dFsIsS0zjoaJxySOgfZinA9lKrM6IUDNnzbd9KrfvGpKEs1BwdrAAMJMIUu8NNU5dtLPG1tqBiYBTchq6nysei8QmZlAAQ1DmAN";
+        secrets.otp ="ztAJGIGo0DNX76OVG409BOe0VxHtX3ikLMTTJuW83L631XwGCeSjoGd3HLdSoTGDVVHA6p90ielXJy1lZU11VkHrT0RION0bCvOFaumStqLLMIGwOZkgaWlFoNSp5ZnO";
+        secrets.db ="3A7MLInxsf1vgNYXXfujFtYvltq4QW9FMuPJumlDhhWTwQJ8SZehFtXwA8tHwBjM4VDDzmFSFPBBgeZjKKFDFqqQjjN9Uq9kGOTlpN1qDOoxbyujLhXNbcaoU64tTRSO";
+        secrets.jws = ''
+            -----BEGIN RSA PRIVATE KEY-----
+            MIIEowIBAAKCAQEA4ouOJ6l0CjgavLWffRHOlw0GuBBGE+OM/EyviXHVitYo0zvx
+            UF3vfu2eqiVHs2YzZ/5LUi9k2YCsljrU+6fi2QmbeqZc0JYa05Ev1EGp0i6MtQbI
+            udqkZW7WpuFfpIFWVxPNfyTeJDTKsd0ZOS+pIVCv6AwbW/2pRF1L7MfX5xA8JDup
+            Hy/OQDv9ZoSIYEthMYkh6ap7gjAdlsNR7UfMEv/I4uHV1oYchKCa0mkCkFT7WbOa
+            tivrvUqqjURUBJqcmArhJRJGbIoGROsT2kXsaygjvqSE2AuStAfnZzuPhx5+PZmh
+            x0iaBoecfk4ZDUmHD9tOZ5kwcwCodrRBYBmEZQIDAQABAoIBAEJ2hOcX7MZOvXFd
+            q4PK5JwmIzF+/MA7AxLGAL3HGsoXmHSYYmycknXfiqwKMeXs9unsjfZ3lxPEj12n
+            tvJ5x7C7A9VQ12wOjaJCNxEDjqnuJDO74Mm93nsvsGPXPPMLSuRTF/fUPiPLJShX
+            YF4JoIn4nRLr8l7jpXQ8FtlJrArKh/xYCqYphbrO5vNWqrfV9kJnYRio/e8xhDTY
+            sf/uV8w8y+RFuXBAmYiNFtFLA6d2nk2sJWv5uC9rfFS1CDOZRzBCsweflEimxYBV
+            i6kDnyZq9I2ZNGBR3spl+MeFMe5y6d5ZeoWC7XYwkVHCWB8iE1iM2XkuCHfNW3qf
+            N1h928UCgYEA/5ESH55pFmDTVkq2GdOArpBkb5HXp008Ldson9B6PLp+AvZesA5u
+            +q3ve/bodNyveNr09wskOyks/UTRGSYmbRoz5Mt5j7hVQky1EoL8ovmRoDHeW3ck
+            WTg3o8pfuCaA1ldyhI/A+l0xWFQvdjsj9rk65b9W5i4sCYo3XnD8g+sCgYEA4u3j
+            PG9zn4rhFi0G+m0zUpzqAzPAywRtrg9ym4XIuvhQdEBK/YuPx1m9QjB3BV36CLPW
+            XV2GGLXVONuEugBz9kWB1b8jkq9RpJKDapy0dDkXuB82HHg9jhTC+Ui19IqIRLOh
+            7geyne3TskkKaaeoPYbIbqYAhUgKrKNa0JckFO8CgYA3mqW50WqF3u08Yib6uYTO
+            9kWT7MRh9zD3vS46j055Ng5CsL3rSkilLADmFNOA0Z8wCVuxAHCSmqPaOwXPlfhY
+            VpIh3o+FUJLkSPJAo9U51Fj15MO/XM3Ax7V7YoWu+FmhyQb2hpxzHKGm2TI2ZCmv
+            /Z8t65KJpFQag0MGvkiCnwKBgQCywB3ZkhTqnDO3CxrPEkt2DKIMiayYflGC5Soq
+            tVQrasO8/pPTaiaEKfz5cUGfmaoFRttZSf0B4+Ej206OUSMG3zNpUhlMRwsxbjNU
+            PEGstvgnEXbHMDOUgmgegpbJHIJAU5r+61NYMWkqq3wnQ2gzpsKk3d/VHK1D1Z0I
+            Z7WFQwKBgAyFcOy86iC4xTFvq/Xe2TZLQsKX94glsshnBUiR9P4UuJ4xHScTpceH
+            Gw+Z2ZAqYiEKzyGom0Fbw6USD9GvnYfnidJvKZhxzSnl+dggEY6ZCtfB2nsO6K97
+            9zRPdUnvMLMGiI3RNHO7+SJtee0sIgDAnaodremEU/59ZaXt9Dlw
+            -----END RSA PRIVATE KEY-----
+    '';
+
+      extraConfig.gitlab= {
+          default_theme = 2;         
+          };
+    };
+}
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+
+{
+
+networking.firewall.allowedTCPPorts = [80 443];
+
+services.nginx = {
+        enable = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        virtualHosts."git.stubbe.rocks" = {
+#            enableACME = true;
+            forceSSL = true;
+	    sslCertificate = "/var/lib/acme/git.stubbe.rocks/fullchain.pem";
+	    sslCertificateKey = "/var/lib/acme/git.stubbe.rocks/key.pem";
+            locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
+        };
+
+    };
+}
--- a/services/sshd.nix
+++ b/services/sshd.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+
+{
+  services.openssh.enable = true;
+}
--- a/services/teamspeak.nix
+++ b/services/teamspeak.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+    networking.firewall.allowedTCPPorts = [ 
+	30033 # ts TCP port opened for file transfers.
+	10011 # ts TCP port opened for ServerQuery connections.
+    ];
+
+    networking.firewall.allowedUDPPorts = [ 
+	9987 # ts port
+    ];
+
+    services.teamspeak3= {
+        enable = true;
+    };
+}
--- a/users.nix
+++ b/users.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+let
+  myPublicSshKeys = {
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKShnz3ceVcg3axVXv/GGcjyFAfcjuDR1i5o6JzVvnmlWpWvClnYSBNb/oEDDq5pSPSBvCYp2HwZpmkYEV/C3lBbUsmLtOlUrzkm0ibgHraTVyHUq3OSYckXEvUYRCCtGqvRRehERrhPZV6oXBE8aBUk26xTpOJpLFPy7spF4sBwKPSE2igTIYtJSfJYi3wn2KoW1q1RLMasC4fdvgNCVIxxBq72uMcRUcPc4jL8n11UFfepJrwSQ7Z7KxsZXdz5JFVl6QEE6cVSSEAuuEefNYANrp5S3h/lUowrUOcu0ml2c7CJWPpaOb4GvFlio4woc0lCATrA2341V0xshl40Xd dev@stubbfel"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDjKB6Pr/hvKhwwwXoTtAy3r68JwUo7WyueSJbUkuk4hkLCtkD/LZ9ZavOzY6PEaQsTW7qcRNxUB4FjHX26pRCfB1U9TVBsE6gEgCYcuSBjKGgIOeeCSufJ2N3xUsaO+MBpnBPfgAJeUwFdSZLH1lv981adZ3IlkjQkj6oGfMK5aJv0P+bJjhmI5Ym5K0hMD6UOI2qRFEOjkO/49G7zf/0SegZAU9ySexRCvPw5g2ilRUqrIsv1Z9HMu+dYKlZq9QvWgbgv5K2oKuL4oBydQ/PomBauQkwyFRkRvPo1gCJOBvwduZvVE7QQoBXYsNSv+fsPu1s2OOSzAKCyvIMjQ34z user@stubbfel"
+    ];
+  };
+in
+{
+    users = {
+        defaultUserShell = pkgs.zsh;
+        extraUsers.sshuser = myPublicSshKeys //  { isNormalUser = true;  home = "/home/sshuser";};
+    };
+}