From 63d48184d180330173baa38b5560b3e29417676b Mon Sep 17 00:00:00 2001 From: Jack Mechem Date: Mon, 30 Mar 2026 12:55:41 -0700 Subject: [PATCH] Changes mostly to dellserv --- flake.lock | 184 +++++++++++++++++++++++++++--- flake.nix | 97 ++++++++-------- hosts/dellserv/configuration.nix | 177 +++++++++++++++++++--------- hosts/dellserv/home.nix | 1 + modules/nixos/syncthingServer.nix | 2 - 5 files changed, 345 insertions(+), 116 deletions(-) diff --git a/flake.lock b/flake.lock index 6b64c47..3d71cdf 100755 --- a/flake.lock +++ b/flake.lock @@ -36,6 +36,42 @@ "type": "github" } }, + "flake-utils_3": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gtkapps": { "inputs": { "flake-utils": "flake-utils", @@ -61,11 +97,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1770876102, - "narHash": "sha256-jHWptGWM4BIW8/k/uV5nKWsiArWUUdZAV27IQSO0AVg=", + "lastModified": 1774395694, + "narHash": "sha256-3lgJc02mSjwoFF4rmot3TLKkXAfG7EOOQG2pXn1XwgI=", "owner": "JackMechem", "repo": "gtkbar", - "rev": "4513fa37d035e93f68df33c63385e3af06ff0147", + "rev": "79161abfc138d7ccbb1d0207dc1c15e8d5220179", "type": "github" }, "original": { @@ -81,11 +117,11 @@ ] }, "locked": { - "lastModified": 1770818644, - "narHash": "sha256-DYS4jIRpRoKOzJjnR/QqEd/MlT4OZZpt8CrBLv+cjsE=", + "lastModified": 1774738535, + "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "0acbd1180697de56724821184ad2c3e6e7202cd7", + "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a", "type": "github" }, "original": { @@ -102,11 +138,11 @@ ] }, "locked": { - "lastModified": 1769872935, - "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", + "lastModified": 1773422513, + "narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", + "rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056", "type": "github" }, "original": { @@ -149,11 +185,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1770562336, - "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { @@ -163,15 +199,103 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "gtkapps": "gtkapps", "gtkbar": "gtkbar", "home-manager": "home-manager", "nixpkgs": "nixpkgs_3", + "server-dash": "server-dash", + "server-dash-api": "server-dash-api", "zen-browser": "zen-browser" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "server-dash-api", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1774667365, + "narHash": "sha256-+JamhonkPyti+oqfl1ySAyF2L02adhCEcdZOzpSukq8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "98caaa8cd1fbcc45913d1bb2b7fbabcf3e8d967a", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "server-dash": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1774817225, + "narHash": "sha256-npXxvQJR/I5DKinVUmH1Wz+SSCPKkg5HZ//yRYGwG6o=", + "path": "/home/jack/Projects/server-dash", + "type": "path" + }, + "original": { + "path": "/home/jack/Projects/server-dash", + "type": "path" + } + }, + "server-dash-api": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_5", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1774825291, + "narHash": "sha256-6vbwxjItEV7t5/FZL1HMBVMX2Gfn0eAZYUoisQmeey8=", + "path": "/home/jack/Projects/server-dash-api", + "type": "path" + }, + "original": { + "path": "/home/jack/Projects/server-dash-api", + "type": "path" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -202,6 +326,36 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_2", @@ -210,11 +364,11 @@ ] }, "locked": { - "lastModified": 1770872317, - "narHash": "sha256-3EWU4/yYtR71zMK0qP3Uysd/McFaHeDfQgtrvh8ELLE=", + "lastModified": 1774708879, + "narHash": "sha256-rTYvYkQL69/YkZB+MRA/IaX1qJ1lPx5KXoQS2/9+7Mw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "40ec16210240665705a32ab0150e852f21fd6668", + "rev": "d01d23c798cceef42307d5789bfbce70515e8800", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 08f84c5..07be8de 100755 --- a/flake.nix +++ b/flake.nix @@ -1,51 +1,58 @@ { - description = "Nixos config flake"; + description = "Nixos config flake"; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - gtkapps.url = "github:JackMechem/gtkapps"; - gtkbar.url = "github:JackMechem/gtkbar"; - # midirun.url = "path:/home/jack/Projects/midirun"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + gtkapps.url = "github:JackMechem/gtkapps"; + gtkbar.url = "github:JackMechem/gtkbar"; + # midirun.url = "path:/home/jack/Projects/midirun"; - zen-browser = { - url = "github:0xc000022070/zen-browser-flake"; - # IMPORTANT: we're using "libgbm" and is only available in unstable so ensure - # to have it up-to-date or simply don't specify the nixpkgs input - inputs.nixpkgs.follows = "nixpkgs"; + zen-browser = { + url = "github:0xc000022070/zen-browser-flake"; + # IMPORTANT: we're using "libgbm" and is only available in unstable so ensure + # to have it up-to-date or simply don't specify the nixpkgs input + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + server-dash = { + url = "github:JackMechem/server-dash"; + }; + server-dash-api = { + url = "github:JackMechem/server-dash-api"; + }; }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - outputs = - { self, nixpkgs, ... }@inputs: - { - # use "nixos", or your hostname as the name of the configuration - # it's a better practice than "default" shown in the video - nixosConfigurations.t480 = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/t480/configuration.nix - inputs.home-manager.nixosModules.default - ]; - }; - nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/desktop/configuration.nix - inputs.home-manager.nixosModules.default - #inputs.midirun.nixosModules.default - ]; - }; - nixosConfigurations.dellserv = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/dellserv/configuration.nix - inputs.home-manager.nixosModules.default - #inputs.midirun.nixosModules.default - ]; - }; - }; + outputs = + { self, nixpkgs, ... }@inputs: + { + # use "nixos", or your hostname as the name of the configuration + # it's a better practice than "default" shown in the video + nixosConfigurations.t480 = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/t480/configuration.nix + inputs.home-manager.nixosModules.default + ]; + }; + nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/desktop/configuration.nix + inputs.home-manager.nixosModules.default + #inputs.midirun.nixosModules.default + ]; + }; + nixosConfigurations.dellserv = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./hosts/dellserv/configuration.nix + inputs.home-manager.nixosModules.default + inputs.server-dash.nixosModules.default + inputs.server-dash-api.nixosModules.default + ]; + }; + }; } diff --git a/hosts/dellserv/configuration.nix b/hosts/dellserv/configuration.nix index fedfcf9..b7d20cc 100644 --- a/hosts/dellserv/configuration.nix +++ b/hosts/dellserv/configuration.nix @@ -2,82 +2,151 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, inputs, ... }: +{ + config, + lib, + pkgs, + inputs, + ... +}: { - imports = - [ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware-configuration.nix inputs.home-manager.nixosModules.default ../../modules/nixos/user-jack.nix ../../modules/nixos/syncthingServer.nix ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "dell-xps-nixos-serv"; # Define your hostname. - networking.networkmanager.enable = true; - networking.firewall.allowedTCPPorts = [ 80 3000 443 22 ]; + networking.hostName = "dell-xps-nixos-serv"; # Define your hostname. + networking.networkmanager.enable = true; + networking.firewall.allowedTCPPorts = [ + 80 + 3000 + 8384 + 8080 + 443 + 22 + ]; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; - time.timeZone = "America/Los_Angeles"; + time.timeZone = "America/Los_Angeles"; - services.dbus.enable = true; + services.dbus.enable = true; - programs.zsh.enable = true; + programs.zsh.enable = true; - programs.dconf.enable = true; + programs.dconf.enable = true; - nixpkgs.config.allowUnfree = true; + nixpkgs.config.allowUnfree = true; - services.openssh.enable = true; + services.openssh.enable = true; -## services.nginx = { -## enable = true; -## virtualHosts."your.domain.or.ip" = { -## locations."/" = { -## proxyPass = "http://127.0.0.1:3000"; -## proxyWebsockets = true; -## }; -## }; -## }; + services.openssh.settings = { + PasswordAuthentication = true; + KbdInteractiveAuthentication = true; + ChallengeResponseAuthentication = true; + }; - boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0; - home-manager = { - extraSpecialArgs = { inherit inputs; }; - users = { - "jack" = import ./home.nix; - }; - }; + # 2FA + security.pam.services.login.googleAuthenticator.enable = true; + security.pam.services.sshd.googleAuthenticator.enable = true; - environment.systemPackages = with pkgs; [ - neovim - tree - vim # Both vim and neovim just in case - wget - git - gcc - fastfetch - brightnessctl - killall - unzip - python3 - nodejs - ]; + ## services.nginx = { + ## enable = true; + ## virtualHosts."your.domain.or.ip" = { + ## locations."/" = { + ## proxyPass = "http://127.0.0.1:3000"; + ## proxyWebsockets = true; + ## }; + ## }; + ## }; - virtualisation.docker.enable = true; + boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0; + home-manager = { + extraSpecialArgs = { inherit inputs; }; + users = { + "jack" = import ./home.nix; + }; + }; - services.libinput.enable = true; + services.cloudflare-dyndns = { + enable = true; + apiTokenFile = "/etc/secrets/cloudflare-dyndns"; + domains = [ "server.jackmechem.dev" ]; + proxied = true; + ipv4 = true; + ipv6 = false; + }; - services.gvfs.enable = true; + systemd.services.caddy.serviceConfig.EnvironmentFile = "/etc/secrets/caddy-env"; - system.stateVersion = "25.11"; + services.caddy = { + enable = true; + package = pkgs.caddy.withPlugins { + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.4" ]; + hash = "sha256-Olz4W84Kiyldy+JtbIicVCL7dAYl4zq+2rxEOUTObxA="; + }; + globalConfig = '' + acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN} + ''; + virtualHosts."dashboard.jackmechem.dev" = { + extraConfig = '' + reverse_proxy localhost:3000 + ''; + }; + virtualHosts."syncthing.jackmechem.dev" = { + extraConfig = '' + reverse_proxy localhost:8384 { + header_up Host {upstream_hostport} + } + ''; + }; + }; + + services.server-dash = { + enable = true; + package = "/var/lib/server-dash/build"; + }; + services.server-dash-api = { + enable = true; + useNixBuild = false; + }; + + # Make sure jack is in the shadow group + users.users.jack.extraGroups = [ "shadow" ]; + + environment.systemPackages = with pkgs; [ + neovim + tree + vim # Both vim and neovim just in case + wget + git + gcc + fastfetch + brightnessctl + killall + unzip + python3 + nodejs + google-authenticator + ]; + + virtualisation.docker.enable = true; + + services.libinput.enable = true; + + services.gvfs.enable = true; + + system.stateVersion = "25.11"; } - diff --git a/hosts/dellserv/home.nix b/hosts/dellserv/home.nix index dba1476..72a5d4a 100644 --- a/hosts/dellserv/home.nix +++ b/hosts/dellserv/home.nix @@ -11,6 +11,7 @@ ../../modules/home-manager/zsh.nix ../../modules/home-manager/tmux.nix ../../modules/home-manager/shell-aliases.nix + ../../modules/home-manager/neovimpackages.nix ]; programs.home-manager.enable = true; diff --git a/modules/nixos/syncthingServer.nix b/modules/nixos/syncthingServer.nix index 3e60c4f..4afcea2 100644 --- a/modules/nixos/syncthingServer.nix +++ b/modules/nixos/syncthingServer.nix @@ -7,6 +7,4 @@ openDefaultPorts = true; guiAddress = "0.0.0.0:8384"; }; - - networking.firewall.allowedTCPPorts = [ 8384 ]; }