From bb6e4d268a3894b13ef47e1fcb13d545a77357f2 Mon Sep 17 00:00:00 2001 From: Alexandre LUCAZEAU Date: Thu, 26 May 2022 20:01:11 +0200 Subject: [PATCH 1/2] =?UTF-8?q?=09modifi=C3=A9=C2=A0:=20=20=20=20=20=20=20?= =?UTF-8?q?=20=20README.md?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 70 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index e7737a7..fdc79e0 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,66 @@ -# dotconf -* backup +# nixos-config +This repository contain all my nixos config - git clone - change /etc/nixos to link to ~/git/nixos-config/hosts/backup - add ln -s /home/alexandre/git/nixos-config/modules /etc/modules +hosts : + * backup + backup server : online + * web + server web : OVH + * dell-5590 + pro laptop + * services + VM on personal PX server. Hosting grafana - prometheus - loki + * x201 + personnal laptop + * next + VM on personnal PX server. Nosting personnal nextcloud + +modules : + * common.nix : common config like environnement variable and common system packages base + * gitea.nix : use on web server + * prometheus-node.nix : prometheus node-exporter. use by all machine + * rest-server.nix : use by backup server. Restic server + * users.nix : user configuration. use by all machine + +# How to use +## First boot +After first boot : + + nix-shell -p git + git clone gitea@git.atlanticaweb.fr:alexandre/nixos-config.git + cd nix-os-config + cp modules/users.nix /etc/nixos/ + cp modules/common.nix /etc/nixos/ + nano /etc/nixos/configuration.nix + +add **./users.nix** and **./common.nix** after **./hardware-configuration.nix** and exit + + nixos-rebuild switch + rm -rf ~/nixos-config + exit + +Copy your personnal private key to account + + scp -i .ssh/privatekey .ssh/privatekey machine:/home/alexandre/.ssh/ + +Logging with user + + mkdir git;cd git + git clone gitea@git.atlanticaweb.fr:alexandre/nixos-config.git + cd nixos-config/hosts + mkdir newhosts + cd newhosts + cp /etc/nixos/* . + +edit configuration.nix and change **./users.nix** to **../modules/users.nix** and change ./common.nix to ../modules/common.nix + + rm /etc/nixos + ln -s /home/alexandre/git/nixos-config/hosts/machine /etc/nixos + ln -s /home/alexandre/git/ + +## Exploit +to rebuild system, just : + + sudo nixos-rebuild switch + +Users have not a password. From 925a08ffeeea7f7a4d44050c3077fe98e3c12c9d Mon Sep 17 00:00:00 2001 From: Alexandre LUCAZEAU Date: Thu, 26 May 2022 19:08:00 +0000 Subject: [PATCH 2/2] FIX : modules/rest-server.nix Add caddy for reverse proxy, change firewall rules and change rest-server address for localhost --- modules/rest-server.nix | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/modules/rest-server.nix b/modules/rest-server.nix index 3baa7da..00fdfd2 100644 --- a/modules/rest-server.nix +++ b/modules/rest-server.nix @@ -1,5 +1,8 @@ -{ lib, config, ... }: +{ lib, config, pkgs, ... }: +let + caddyDir = "/var/lib/caddy"; +in { services.restic.server = { enable = true; @@ -7,9 +10,33 @@ extraFlags = [ "--no-auth" ]; dataDir = "/var/lib/backup"; prometheus = true; + listenAddress = "127.0.0.1:8080"; }; networking = { firewall.enable = true; - firewall.allowedTCPPorts = [ 8000 ]; + firewall.allowedTCPPorts = [ 80 443 ]; }; + services.caddy = { + enable = true; + email = "lucazeau.alexandre@gmail.com"; + config = '' + { + storage file_system { + root ${caddyDir} + } + } + https://back.atlanticaweb.fr { + reverse_proxy http://127.0.0.1:8080 + } + ''; + }; + users.users.caddy = { + group = "caddy"; + uid = config.ids.uids.caddy; + home = caddyDir; + createHome = true; + extraGroups = [ "users" ]; + }; + + users.groups.caddy.gid = config.ids.uids.caddy; }