diff --git a/hosts/netcup/configuration.nix b/hosts/netcup/configuration.nix index 4b3bc69..dd98cf3 100644 --- a/hosts/netcup/configuration.nix +++ b/hosts/netcup/configuration.nix @@ -1,25 +1,15 @@ -{ pkgs, modulesPath, ... }: +{ pkgs, ... }: { - imports = [ - ./disk-config.nix - ./hardware-configuration.nix - (modulesPath + "/profiles/minimal.nix") - (modulesPath + "/profiles/headless.nix") - ]; + imports = [ ./disk-config.nix ]; boot.loader.grub = { enable = true; efiSupport = true; efiInstallAsRemovable = true; device = "nodev"; - configurationLimit = 3; }; - documentation.enable = false; - hardware.enableRedistributableFirmware = false; - fonts.fontconfig.enable = false; - networking = { hostName = "netcup"; useDHCP = false; @@ -77,7 +67,6 @@ enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; - clientMaxBodySize = "512m"; virtualHosts."vault.barrettruth.com" = { enableACME = true; forceSSL = true; @@ -104,71 +93,21 @@ services.forgejo = { enable = true; - user = "git"; - group = "git"; settings = { server = { DOMAIN = "git.barrettruth.com"; ROOT_URL = "https://git.barrettruth.com/"; HTTP_PORT = 3000; - SSH_DOMAIN = "git.barrettruth.com"; }; service.DISABLE_REGISTRATION = true; - session.COOKIE_SECURE = true; }; }; - users.users.git = { - isSystemUser = true; - home = "/var/lib/forgejo"; - group = "git"; - shell = "${pkgs.bash}/bin/bash"; - }; - - users.groups.git = { }; - environment.systemPackages = with pkgs; [ vim git ]; - systemd.services.vaultwarden-r2-backup = { - description = "Backup Vaultwarden to Cloudflare R2"; - after = [ "backup-vaultwarden.service" ]; - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = "/etc/vaultwarden-r2-backup.env"; - }; - path = [ pkgs.awscli2 pkgs.gawk ]; - script = '' - export AWS_ACCESS_KEY_ID="$R2_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$R2_SECRET_ACCESS_KEY" - ENDPOINT="$R2_ENDPOINT" - DATE=$(date +%Y-%m-%d) - - aws s3 cp /var/backup/vaultwarden/db.sqlite3 \ - "s3://vaultwarden/$DATE/db.sqlite3" \ - --endpoint-url "$ENDPOINT" - - CUTOFF=$(date -d '30 days ago' +%Y-%m-%d) - aws s3 ls s3://vaultwarden/ --endpoint-url "$ENDPOINT" \ - | awk '{print $2}' | tr -d '/' \ - | while read dir; do - if [ "$dir" \< "$CUTOFF" ]; then - aws s3 rm "s3://vaultwarden/$dir" --recursive --endpoint-url "$ENDPOINT" - fi - done - ''; - }; - - systemd.timers.vaultwarden-r2-backup = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - }; - nix.settings = { auto-optimise-store = true; experimental-features = [ @@ -180,13 +119,8 @@ nix.gc = { automatic = true; dates = "weekly"; - options = "--delete-older-than 3d"; + options = "--delete-older-than 7d"; }; - nix.extraOptions = '' - min-free = ${toString (100 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - system.stateVersion = "24.11"; } diff --git a/hosts/netcup/hardware-configuration.nix b/hosts/netcup/hardware-configuration.nix deleted file mode 100644 index 12adf63..0000000 --- a/hosts/netcup/hardware-configuration.nix +++ /dev/null @@ -1,24 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -}