moved defiant server configuration to server folder

2024-09-18 18:45:33 -05:00 · 2024-09-18 18:45:33 -05:00 · c2d9b77eef
commit c2d9b77eef
parent 29ee94d7f7
2 changed files with 58 additions and 87 deletions
--- a/enviroments/server/default.nix
+++ b/enviroments/server/default.nix
@ -1,7 +1,63 @@
-{ pkgs, ... }:
+{ config, ... }:
 {
  imports = [
    ../common
  ];

+  services = let
+    headscaleDomain = "headscale.jan-leila.com";
+  in {
+    nfs.server = {
+      enable = true;
+      exports = ''
+        /home/leyla 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/ester 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+        /home/users 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
+      '';
+    };
+
+    headscale = {
+      enable = true;
+      address = "0.0.0.0";
+      port = 8080;
+      settings = {
+        server_url = "https://${headscaleDomain}";
+        dns_config.base_domain = "jan-leila.com";
+        logtail.enabled = false;
+      };
+    };
+
+    nginx = {
+      enable = false; # TODO: enable this when you want to test all the configs
+      virtualHosts = {
+        ${headscaleDomain} = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass =
+              "http://localhost:${toString config.services.headscale.port}";
+            proxyWebsockets = true;
+          };
+        };
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "jan-leila@protonmail.com";
+  };
+
+  # disable computer sleeping
+  systemd.targets = {
+    sleep.enable = false;
+    suspend.enable = false;
+    hibernate.enable = false;
+    hybrid-sleep.enable = false;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 2049 ];
+
+  environment.systemPackages = [ config.services.headscale.package ];
 }
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@ -20,14 +20,9 @@
    efiInstallAsRemovable = true;
  };

-  virtualisation.docker.enable = true;
-  users.extraGroups.docker.members = [ "leyla" ];
-
  nixpkgs.config.allowUnfree = true;

-  services = let
-    headscaleDomain = "headscale.jan-leila.com";
-  in {
+  services = {
    zfs = {
      autoScrub.enable = true;
      autoSnapshot.enable = true;
@ -50,88 +45,8 @@
      # Get rid of xTerm
      excludePackages = [ pkgs.xterm ];
    };
-
-    nfs.server = {
-      enable = true;
-      exports = ''
-        /srv/nfs4/docker 192.168.1.0/24(rw,sync,crossmnt,no_subtree_check)
-
-        /srv/nfs4/leyla 192.168.1.0/22(rw,sync,no_subtree_check,nohide)
-        /srv/nfs4/eve   192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-        /srv/nfs4/share 192.168.1.0/22(rw,sync,no_subtree_check,crossmnt)
-        
-        # /export         192.168.1.10(rw,fsid=0,no_subtree_check) 192.168.1.15(rw,fsid=0,no_subtree_check)
-        # /export/kotomi  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/mafuyu  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/sen     192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-        # /export/tomoyo  192.168.1.10(rw,nohide,insecure,no_subtree_check) 192.168.1.15(rw,nohide,insecure,no_subtree_check)
-      '';
  };

-    headscale = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 8080;
-      settings = {
-        server_url = "https://${headscaleDomain}";
-        dns_config.base_domain = "jan-leila.com";
-        logtail.enabled = false;
-      };
-    };
-
-    nginx = {
-      enable = false; # TODO: enable this when you want to test all the configs
-      virtualHosts = {
-        ${headscaleDomain} = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass =
-              "http://localhost:${toString config.services.headscale.port}";
-            proxyWebsockets = true;
-          };
-        };
-      };
-    };
-  };
-    
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "jan-leila@protonmail.com";
-  };
-
-  # disable computer sleeping
-  systemd.targets = {
-    sleep.enable = false;
-    suspend.enable = false;
-    hibernate.enable = false;
-    hybrid-sleep.enable = false;
-  };
-
-  fileSystems = {
-    "/srv/nfs4/docker" = {
-      device = "/home/docker";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/users" = {
-      device = "/home/users";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/leyla" = {
-      device = "/home/leyla";
-      options = [ "bind" ];
-    };
-
-    "/srv/nfs4/eve" = {
-      device = "/home/eve";
-      options = [ "bind" ];
-    };
-  };
-
-  environment.systemPackages = [ config.services.headscale.package ];
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave