alexandre
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: alexandre:9cb865961c3abfafc9b74bc4c412f6be2599e0bf
Branches Tags
alexandre:main
alexandre:alacritty
..
compare: alexandre:925a08ffeeea7f7a4d44050c3077fe98e3c12c9d
Branches Tags
alexandre:main
alexandre:alacritty

No commits in common. "9cb865961c3abfafc9b74bc4c412f6be2599e0bf" and "925a08ffeeea7f7a4d44050c3077fe98e3c12c9d" have entirely different histories.
9cb865961c ... 925a08ffee

7 changed files with 55 additions and 66 deletions
Show Stats Expand all files Collapse all files

13
hosts/services/common.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, ...}:
{
environment.variables.EDITOR = "nvim";
environment.systemPackages = with pkgs; [
gitAndTools.gitFull
unzip
zip
tmux
lshw
bc
neovim
];
}

3
hosts/services/configuration.nix
View File

@ -1,14 +1,11 @@
{ ... }: { { ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./firewall-services.nix
../modules/users.nix ../modules/users.nix
../modules/common.nix ../modules/common.nix
../modules/grafana.nix
]; ];
system.stateVersion = "21.05";
boot.cleanTmpDir = true; boot.cleanTmpDir = true;
zramSwap.enable = true; zramSwap.enable = true;
networking.hostName = "services"; networking.hostName = "services";

17
hosts/services/firewall-services.nix
View File

@ -1,17 +0,0 @@
{ config, lib, pkgs, ... }:
{
networking.firewall = {
allowPing = true;
# allowed TCP range
allowedTCPPorts = [ 22 80 2342 9001 9002];
};
services.fail2ban = {
enable = true;
maxretry = 2;
ignoreIP = [
"127.0.0.0/8"
"212.114.16.52"
];
};
}

41
hosts/services/users.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, pkgs, ...}:
{
users = {
groups = {
alexandre = {};
};
users = {
alexandre = {
isNormalUser = true;
createHome = true;
home = "/home/alexandre";
description = "Alexandre LUCAZEAU";
extraGroups = [ "wheel" ];
group = "alexandre";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUA1RW6JwZasspAp8qmFRFnlV5WXjhLfStAAkM+KYLv lucazeau.alexandre@gmail.com" ];
};
};
};
programs.git = {
enable = true;
config.user.email = "lucazeau.alexandre@gmail.com";
config.user.name = "Alexandre LUCAZEAU";
config.init.defaultBranch = "main";
config.core.sshCommand = "ssh -i ~/.ssh/id_ed25519-perso";
};
programs.fish.enable = true;
programs.fish.shellAliases = {
ll = "ls -l";
ls = "ls --color=tty";
vi = "nvim";
vim = "nvim";
};
security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [
{ users = [ "alexandre" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
];
};
}

5
modules/common.nix
View File

@ -9,10 +9,5 @@
lshw lshw
bc bc
neovim neovim
ncdu
nixos-option
bat
procs
exa
]; ];
} }

40
modules/grafana.nix
View File

@ -1,40 +0,0 @@
{ config, pkgs, ...}:
let
caddyDir = "/var/lib/caddy";
in
{
services.grafana = {
enable = true;
domain = "sup.atlanticaweb.fr";
port = 2342;
addr = "192.168.10.109";
};
services.prometheus = {
enable = true;
port = 9001;
exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
scrapeConfigs = [
{
job_name = "services";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};
users.users.caddy = {
group = "caddy";
uid = config.ids.uids.caddy;
home = caddyDir;
createHome = true;
extraGroups = [ "users" ];
};
users.groups.caddy.gid = config.ids.uids.caddy;
}

2
modules/users.nix
View File

@ -27,7 +27,7 @@
programs.fish.enable = true; programs.fish.enable = true;
programs.fish.shellAliases = { programs.fish.shellAliases = {
ll = "ls -l"; ll = "ls -l";
ls = "exa"; ls = "ls --color=tty";
vi = "nvim"; vi = "nvim";
vim = "nvim"; vim = "nvim";
}; };