Changes mostly to dellserv

2026-03-30 12:55:41 -07:00 · 2026-03-30 12:55:41 -07:00 · 63d48184d1
commit 63d48184d1
parent e6a84a8e21
5 changed files with 345 additions and 116 deletions
--- a/hosts/dellserv/configuration.nix
+++ b/hosts/dellserv/configuration.nix
@ -2,82 +2,151 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ config, lib, pkgs, inputs, ... }:
+{
+    config,
+    lib,
+    pkgs,
+    inputs,
+    ...
+}:

 {
-  imports =
-    [ # Include the results of the hardware scan.
+    imports = [
+        # Include the results of the hardware scan.
        ./hardware-configuration.nix
        inputs.home-manager.nixosModules.default
        ../../modules/nixos/user-jack.nix
        ../../modules/nixos/syncthingServer.nix
    ];

-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+    # Use the systemd-boot EFI boot loader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;

-  networking.hostName = "dell-xps-nixos-serv"; # Define your hostname.
-  networking.networkmanager.enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 3000 443 22 ];
+    networking.hostName = "dell-xps-nixos-serv"; # Define your hostname.
+    networking.networkmanager.enable = true;
+    networking.firewall.allowedTCPPorts = [
+        80
+        3000
+        8384
+        8080
+        443
+        22
+    ];

-  nix.settings.experimental-features = [
-      "nix-command"
-      "flakes"
-  ];
+    nix.settings.experimental-features = [
+        "nix-command"
+        "flakes"
+    ];

-  time.timeZone = "America/Los_Angeles";
+    time.timeZone = "America/Los_Angeles";

-  services.dbus.enable = true;
+    services.dbus.enable = true;

-  programs.zsh.enable = true;
+    programs.zsh.enable = true;

-  programs.dconf.enable = true;
+    programs.dconf.enable = true;

-  nixpkgs.config.allowUnfree = true;
+    nixpkgs.config.allowUnfree = true;

-  services.openssh.enable = true;
+    services.openssh.enable = true;

-##  services.nginx = {
-##      enable = true;
-##      virtualHosts."your.domain.or.ip" = {
-##        locations."/" = {
-##          proxyPass = "http://127.0.0.1:3000";
-##          proxyWebsockets = true;
-##        };
-##      };
-##  };
+    services.openssh.settings = {
+        PasswordAuthentication = true;
+        KbdInteractiveAuthentication = true;
+        ChallengeResponseAuthentication = true;
+    };

-  boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0;
-  home-manager = {
-      extraSpecialArgs = { inherit inputs; };
-      users = {
-          "jack" = import ./home.nix;
-      };
-  };
+    # 2FA
+    security.pam.services.login.googleAuthenticator.enable = true;
+    security.pam.services.sshd.googleAuthenticator.enable = true;

-  environment.systemPackages = with pkgs; [
-    neovim
-    tree
-    vim # Both vim and neovim just in case
-    wget
-    git
-    gcc
-    fastfetch
-    brightnessctl
-    killall
-    unzip
-    python3
-    nodejs
-  ];
+    ##  services.nginx = {
+    ##      enable = true;
+    ##      virtualHosts."your.domain.or.ip" = {
+    ##        locations."/" = {
+    ##          proxyPass = "http://127.0.0.1:3000";
+    ##          proxyWebsockets = true;
+    ##        };
+    ##      };
+    ##  };

-  virtualisation.docker.enable = true;
+    boot.kernel.sysctl."net.ipv4.ip_unprivileged_port_start" = 0;
+    home-manager = {
+        extraSpecialArgs = { inherit inputs; };
+        users = {
+            "jack" = import ./home.nix;
+        };
+    };

-  services.libinput.enable = true;
+    services.cloudflare-dyndns = {
+        enable = true;
+        apiTokenFile = "/etc/secrets/cloudflare-dyndns";
+        domains = [ "server.jackmechem.dev" ];
+        proxied = true;
+        ipv4 = true;
+        ipv6 = false;
+    };

-  services.gvfs.enable = true;
+    systemd.services.caddy.serviceConfig.EnvironmentFile = "/etc/secrets/caddy-env";

-  system.stateVersion = "25.11";
+    services.caddy = {
+        enable = true;
+        package = pkgs.caddy.withPlugins {
+            plugins = [ "github.com/caddy-dns/cloudflare@v0.2.4" ];
+            hash = "sha256-Olz4W84Kiyldy+JtbIicVCL7dAYl4zq+2rxEOUTObxA=";
+        };
+        globalConfig = ''
+            acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        '';
+        virtualHosts."dashboard.jackmechem.dev" = {
+            extraConfig = ''
+                reverse_proxy localhost:3000
+            '';
+        };
+        virtualHosts."syncthing.jackmechem.dev" = {
+            extraConfig = ''
+                reverse_proxy localhost:8384 {
+                  header_up Host {upstream_hostport}
+                }
+            '';
+        };
+    };
+
+    services.server-dash = {
+        enable = true;
+        package = "/var/lib/server-dash/build";
+    };
+    services.server-dash-api = {
+        enable = true;
+        useNixBuild = false;
+    };
+
+    # Make sure jack is in the shadow group
+    users.users.jack.extraGroups = [ "shadow" ];
+
+    environment.systemPackages = with pkgs; [
+        neovim
+        tree
+        vim # Both vim and neovim just in case
+        wget
+        git
+        gcc
+        fastfetch
+        brightnessctl
+        killall
+        unzip
+        python3
+        nodejs
+        google-authenticator
+    ];
+
+    virtualisation.docker.enable = true;
+
+    services.libinput.enable = true;
+
+    services.gvfs.enable = true;
+
+    system.stateVersion = "25.11";

 }
-
--- a/hosts/dellserv/home.nix
+++ b/hosts/dellserv/home.nix
@ -11,6 +11,7 @@
    ../../modules/home-manager/zsh.nix
    ../../modules/home-manager/tmux.nix
    ../../modules/home-manager/shell-aliases.nix
+    ../../modules/home-manager/neovimpackages.nix
  ];

  programs.home-manager.enable = true;