hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: set up git hooks

Browse Source
This commit is contained in:
Hektor Misplon
2026-02-07 11:37:18 +01:00
parent 7f0726f443
commit 6684e2e7fe
9 changed files with 209 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
hosts/eetion/default.nix
View File

@@ -13,26 +13,30 @@ in
../../modules/ssh/hardened-openssh.nix
];
ssh.username = username;
ssh.publicHostname = "eetion";
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
ssh = {
inherit username;
publicHostname = "eetion";
authorizedHosts = [
"andromache"
"astyanax"
];
};
boot.loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
networking.hostName = hostName;
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
networking = {
inherit hostName;
networkmanager.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [
80
443
];
};
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
@@ -47,52 +51,54 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh = {
enable = true;
harden = true;
services = {
openssh = {
enable = true;
harden = true;
};
paperless = {
enable = true;
passwordFile = "/etc/paperless-admin-pass";
settings = {
PAPERLESS_URL = "http://paperless.eetion";
};
};
# added (OPNSense) domain override to make this work on LAN
#
# host: eetion
# domain: <domain (e.g. lan)>
# ip address: <eetion-ip>
#
# host: paperless
# domain: eetion
# ip address: <eetion-ip>
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"eetion" = {
default = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5006";
};
};
"paperless.eetion" = {
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};
};
};
};
};
environment.etc."paperless-admin-pass".text = "admin";
services.paperless = {
enable = true;
passwordFile = "/etc/paperless-admin-pass";
settings = {
PAPERLESS_URL = "http://paperless.eetion";
};
};
# added (OPNSense) domain override to make this work on LAN
#
# host: eetion
# domain: <domain (e.g. lan)>
# ip address: <eetion-ip>
#
# host: paperless
# domain: eetion
# ip address: <eetion-ip>
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"eetion" = {
default = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5006";
};
};
"paperless.eetion" = {
locations."/" = {
proxyPass = "http://127.0.0.1:28981";
};
};
};
};
virtualisation = {
podman.enable = true;
oci-containers = {

10
hosts/eetion/hard.nix
View File

@@ -5,10 +5,12 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot = {
initrd.availableKernelModules = [ ];
initrd.kernelModules = [ ];
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";

17
hosts/hecuba/default.nix
View File

@@ -1,8 +1,5 @@
{
lib,
inputs,
outputs,
config,
pkgs,
...
}:
@@ -23,12 +20,14 @@ in
];
networking.hostName = hostName;
ssh.username = username;
ssh.publicHostname = "server.hektormisplon.xyz";
ssh.authorizedHosts = [
"andromache"
"astyanax"
];
ssh = {
inherit username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
"astyanax"
];
};
docker.user = username;