tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: tuxcord/tuxcord.nix:b32e506f549a19db744841973e9f2d5ef36f7c86
Branches Tags
tuxcord/tuxcord.nix:main tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik
..
compare: tuxcord/tuxcord.nix:385693cd3538941cb0bb831216ebaadf25ee6623
Branches Tags
tuxcord/tuxcord.nix:staging tuxcord/tuxcord.nix:styling/forgejo tuxcord/tuxcord.nix:auth/authelia tuxcord/tuxcord.nix:auth/authentik tuxcord/tuxcord.nix:main

24 Commits
b32e506f54 .. 385693cd35

Author SHA1 Message Date
ErrorNoInternet 385693cd35 npins: update website
Check / Nix flake (push) Failing after 9s
Details
Lint / Nix expressions (push) Failing after 11s
Details
2026-05-04 00:29:13 -04:00
ErrorNoInternet 8cdb3d57c6 nixos/hosts: declare fileSystems for testing hosts
Check / Nix flake (push) Failing after 8s
Details
Lint / Nix expressions (push) Failing after 11s
Details
2026-05-04 00:09:20 -04:00
ErrorNoInternet 1172dce549 nixos/services/openssh: enable X11 forwarding 2026-05-04 00:09:20 -04:00
javalsai 17da8baba7 nixos/hosts: add autologin for testing hosts 2026-05-03 23:53:35 -04:00
javalsai a78752607f nixos/services: add default website on nginx
Check / Nix flake (push) Failing after 9s
Details
Lint / Nix expressions (push) Failing after 12s
Details
2026-05-04 04:55:58 +02:00
javalsai e0bd689d4f nixos/services: disable nginx proxy buffering 2026-05-04 04:55:40 +02:00
ErrorNoInternet a18a871eb3 nixos/impermanence: remove ssh host key persistence
Check / Nix flake (push) Failing after 10s
Details
Lint / Nix expressions (push) Failing after 12s
Details 
The SSH host key files are already defined in the OpenSSH module, so
there is no need to persist them with impermanence.nix.
 2026-05-03 22:24:33 -04:00
ErrorNoInternet ac5fe801a9 shells: remove neovim
Check / Nix flake (push) Failing after 9s
Details
Lint / Nix expressions (push) Failing after 11s
Details 
Some users may be using self-contained Neovim executables.
 2026-05-03 22:18:49 -04:00
ErrorNoInternet d2ad014c23 agenix: import initial user dns keys 2026-05-03 22:18:49 -04:00
ErrorNoInternet b431300f49 treewide: create global user list 2026-05-03 22:18:49 -04:00
javalsai 7218ed9bce docs: add sections and fix typos/errors 2026-05-03 22:18:49 -04:00
ErrorNoInternet fbbb83bf52 treewide: initialize npins 2026-05-03 22:18:48 -04:00
ErrorNoInternet 0479f0d441 treewide: refactor code 2026-05-03 21:12:36 -04:00
javalsai e939c28c9c nixos/security: add acme through dns challenge 
few side refactors of this:
- no more `dns.domain`, it all must rely on `fqdn`, prevents
  inconsistencies.
- also added an specific host `tuxcord-acmetest` that uses the key zone
  for `nix.tuxcord.net` to test certificate pulling.
 2026-05-03 21:11:07 -04:00
javalsai 455753a192 docs: document installation, secrets, and setup steps 2026-05-03 21:11:07 -04:00
javalsai 967af49d7d nixos/services: make dns configuration easier 2026-05-03 21:11:07 -04:00
javalsai e5a38b15ee nixos/service: add dns (bind named server) 2026-05-03 20:36:49 -04:00
javalsai 6b2c8d482c nixos/programs: add bind utils 2026-05-03 20:36:49 -04:00
javalsai dd7ad60710 nixos/services: add gitea server
Check / Nix flake (push) Failing after 9s
Details
Lint / Nix expressions (push) Failing after 10s
Details
2026-05-04 01:56:34 +02:00
javalsai fd18ae4a78 nixos/services: add nginx base configuration 2026-05-04 01:56:34 +02:00
javalsai d7deaa187c nixos/networking: add own fqdn to extraHosts 2026-05-04 01:56:34 +02:00
javalsai c6d66902bb nixos/hosts: add tuxcord-vm host configuration 2026-05-04 01:56:34 +02:00
ErrorNoInternet 4704a887fa nixos: separate openssh firewall port 2026-05-04 01:56:34 +02:00
javalsai eaaffcc289 lib/ssh: add more ssh keys 2026-05-04 01:56:32 +02:00
4 changed files with 33 additions and 24 deletions
Expand all files Collapse all files
agenix/secrets.nix
+1 -1
View File
@@ -21,5 +21,5 @@ in
map (user: { map (user: {
name = "dns/tuxcord.net/${user.name}.tuxcord.net.key.age"; name = "dns/tuxcord.net/${user.name}.tuxcord.net.key.age";
value.publicKeys = [ tuxcord-ca ] ++ getSSHKeys user.name; value.publicKeys = [ tuxcord-ca ] ++ getSSHKeys user.name;
}) (builtins.filter (user: user.value.ddns or false) (attrsToList users)) }) (builtins.filter (user: user.value.options.ddns or false) (attrsToList users))
) )
lib/default.nix
+1 -1
View File
@@ -3,7 +3,7 @@ rec {
adminSSHKeys = builtins.concatLists ( adminSSHKeys = builtins.concatLists (
map (user: getSSHKeys user.name) ( map (user: getSSHKeys user.name) (
builtins.filter (user: user.value.admin or false) (attrsToList users) builtins.filter (user: user.value.options.admin or false) (attrsToList users)
) )
); );
lib/users.nix
+9 -5
View File
@@ -1,19 +1,23 @@
{ {
error = { error = {
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com"; ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
admin = true; options = {
ddns = true; admin = true;
ddns = true;
};
}; };
javalsai = { javalsai = {
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P"; ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
admin = true; options = {
ddns = true; admin = true;
ddns = true;
};
}; };
max = { max = {
ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k="; ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
admin = true; options.admin = true;
}; };
vectorum = { vectorum = {
nixos/users.nix
+22 -17
View File
@@ -11,30 +11,35 @@ let
"wheel" "wheel"
]; ];
mkUser = name: uid: admin: { mkUser =
users.users.${name} = { name: uid: options:
inherit uid; let
isNormalUser = true; admin = options.admin or false;
extraGroups = lib.optionals admin adminGroups; in
openssh.authorizedKeys.keys = self.lib.getSSHKeys name; {
}; users.users.${name} = {
inherit uid;
isNormalUser = true;
extraGroups = lib.optionals admin adminGroups;
openssh.authorizedKeys.keys = self.lib.getSSHKeys name;
};
systemd.slices."user-${builtins.toString uid}".sliceConfig = { systemd.slices."user-${builtins.toString uid}".sliceConfig = {
CPUQuota = "50%"; CPUQuota = "50%";
CPUWeight = "10"; CPUWeight = "10";
IOAccounting = true; IOAccounting = true;
IOWeight = "10"; IOWeight = "10";
MemoryMax = "2G"; MemoryMax = "2G";
MemorySwapMax = "1G"; MemorySwapMax = "1G";
TasksMax = "100"; TasksMax = "100";
};
}; };
};
in in
lib.recursiveUpdate lib.recursiveUpdate
(builtins.foldl' (builtins.foldl'
(attrs: user: { (attrs: user: {
options = lib.recursiveUpdate attrs.options ( options = lib.recursiveUpdate attrs.options (
mkUser user.name attrs.uid (user.value.admin or false) mkUser user.name attrs.uid (user.value.options or { })
); );
uid = attrs.uid + 1; uid = attrs.uid + 1;
}) })