commit fcde91830fa2f54e67987b18aa2feba384387a50
Author: fedorvin <vino-f@pm.me>
Date: Fri, 25 Apr 2025 12:24:37 +0200
init
Diffstat:
5 files changed, 243 insertions(+), 0 deletions(-)
diff --git a/configuration.nix b/configuration.nix
@@ -0,0 +1,70 @@
+{ modulesPath, pkgs, ... }: {
+ system.stateVersion = "24.05";
+ imports = [
+ (modulesPath + "/profiles/qemu-guest.nix")
+ ./containers/minecraft.nix
+ ./containers/websites.nix
+ ];
+
+ boot.loader.grub = {
+ efiSupport = true;
+ efiInstallAsRemovable = true;
+ };
+
+ disko.devices.disk.disk1.device = "/dev/sda";
+
+ services.openssh = {
+ enable = true;
+ settings = {
+ PasswordAuthentication = false;
+ KbdInteractiveAuthentication = false;
+ };
+ };
+
+ # users.users.over.
+ users.users.over = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" ];
+ openssh.authorizedKeys.keys = [
+ "ssh-ed25519 ... "
+ ];
+ packages = with pkgs; [
+ vim
+ zellij
+ ];
+ };
+
+ nixpkgs.config.allowUnfree = true;
+ nix.settings = {
+ trusted-users = [ "root" "over" ];
+ experimental-features = [ "nix-command" "flakes" ];
+ auto-optimise-store = true;
+ };
+
+ users.users.root.openssh.authorizedKeys.keys = [
+ "ssh-ed25519 ... "
+ ];
+
+ networking = {
+ nat = {
+ enable = true;
+ internalInterfaces = ["ve-+"];
+ externalInterface = "eth0";
+ };
+ hostName = "t-nix-vps";
+ useDHCP = false;
+ interfaces.eth0.ipv4.addresses = [
+ {
+ address = "191.101.2.240";
+ prefixLength = 24;
+ }
+ ];
+ defaultGateway = "191.101.2.254";
+ nameservers = [ "8.8.8.8" "8.8.4.4" ];
+ firewall = {
+ enable = true;
+ allowedTCPPorts = [ 43000 ];
+ };
+ };
+}
+
diff --git a/containers/minecraft.nix b/containers/minecraft.nix
@@ -0,0 +1,40 @@
+# a nixos container that launcher a vanilla minecraft server when started
+{ pkgs, config, ... }: {
+ containers.minecraft = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress = "10.100.0.1";
+ localAddress = "10.100.0.2";
+ forwardPorts = [
+ { hostPort = 43000; containerPort = 43000; }
+ ];
+
+ config = { config, pkgs, ... }: {
+ system.stateVersion = "24.05";
+
+ nixpkgs.config.allowUnfree = true;
+
+ # environment.systemPackages = with pkgs; [
+ # ];
+
+ programs.nano.enable = false;
+ programs.vim.defaultEditor = true;
+
+ services.minecraft-server = {
+ enable = true;
+ eula = true;
+ declarative = true;
+ serverProperties = {
+ server-port = 43000;
+ white-list = true;
+ enforce-whitelist = true;
+ };
+ whitelist = {
+ "AUSER" = "THEIR-NUMBER";
+ };
+ };
+
+ networking.firewall.allowedTCPPorts = [ 43000 ];
+ };
+ };
+}
diff --git a/containers/websites.nix b/containers/websites.nix
@@ -0,0 +1,59 @@
+# a container that hosts the websites on my VPS
+{ pkgs, ... }: {
+ containers.websites = {
+ autoStart = true;
+ privateNetwork = true;
+ hostAddress = "10.100.0.1";
+ localAddress = "10.100.0.3";
+ forwardPorts = [
+ { hostPort = 80; containerPort = 80; }
+ { hostPort = 443; containerPort = 443; }
+ ];
+
+ config = {
+ system.stateVersion = "24.05";
+
+ programs.nano.enable = false;
+ programs.vim.defaultEditor = true;
+
+ environment.systemPackages = with pkgs; [
+ git
+ ];
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "_" = {
+ default =true;
+ locations."/" = {
+ root = "/var/www/default";
+ };
+ };
+
+ "fedorvin.com" = {
+ enableACME = true;
+ forceSSL = true;
+ root = "/var/www/fedorvin";
+ locations."/" = {
+ tryFiles = "$uri $uri/ =404";
+ };
+ locations."~* \\.(css|js|png|jpg|jpeg|gif|ico)$" = {
+ extraConfig = ''
+ expires max;
+ log_not_found off;
+ '';
+ };
+ };
+ };
+ };
+
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "vino-f@pm.me";
+ };
+
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+ };
+ };
+}
diff --git a/disk-config.nix b/disk-config.nix
@@ -0,0 +1,56 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }:
+{
+ disko.devices = {
+ disk.disk1 = {
+ device = lib.mkDefault "/dev/sda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ boot = {
+ name = "boot";
+ size = "1M";
+ type = "EF02";
+ };
+ esp = {
+ name = "ESP";
+ size = "500M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ root = {
+ name = "root";
+ size = "100%";
+ content = {
+ type = "lvm_pv";
+ vg = "pool";
+ };
+ };
+ };
+ };
+ };
+ lvm_vg = {
+ pool = {
+ type = "lvm_vg";
+ lvs = {
+ root = {
+ size = "100%FREE";
+ content = {
+ type = "filesystem";
+ format = "ext4";
+ mountpoint = "/";
+ mountOptions = [
+ "defaults"
+ ];
+ };
+ };
+ };
+ };
+ };
+ };
+}
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,18 @@
+{
+ inputs = {
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
+ disko.url = "github:nix-community/disko";
+ disko.inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ outputs = {nixpkgs, disko, ... }: {
+ nixosConfigurations.t-nix-vps = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ disko.nixosModules.disko
+ ./configuration.nix
+ ./disk-config.nix
+ ];
+ };
+ };
+}
