Refactor the whole codebase. Most notable changes:

- No more fail2ban. It didn't work properly anyways, I'll need to look into this in the future - No nix-super. I don't need it and the overlay is broken so I'm waiting for that to be fixed first. - Uses nh instead of nixos-rebuild. This is much better.
2025-07-29 19:17:45 +00:00 · 2024-03-27 12:36:50 +03:00 · 2024-03-27 12:36:50 +03:00 · 62c575774b
commit 62c575774b
parent f145bdaa4a
106 changed files with 1252 additions and 1367 deletions
--- a/hosts/disk/default.nix
+++ b/hosts/disk/default.nix
@ -0,0 +1,41 @@
+{ config, lib, keys, ... }: with lib; merge
+
+(systemConfiguration {
+  system.stateVersion  = "23.11";
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  networking.domain = "rgbcu.be";
+
+  secrets.floppyPassword.file  = ./password.floppy.age;
+
+  users.users = {
+    root.hashedPasswordFile = config.secrets.floppyPassword.path;
+
+    floppy = sudoUser {
+      description                 = "Floppy";
+      openssh.authorizedKeys.keys = [ keys.enka ];
+      hashedPasswordFile          = config.secrets.floppyPassword.path;
+    };
+  };
+
+  networking = {
+    defaultGateway  = "23.164.232.1";
+    defaultGateway6 = "2602:f9f7::1";
+
+    interfaces.ens32 = {
+      ipv4.addresses = [{
+        address      = "23.164.232.40";
+        prefixLength = 25;
+      }];
+
+      ipv6.addresses = [{
+        address      = "2602:f9f7::40";
+        prefixLength = 64;
+      }];
+    };
+  };
+})
+
+(homeConfiguration {
+  home.stateVersion = "23.11";
+})
--- a/hosts/disk/hardware.nix
+++ b/hosts/disk/hardware.nix
@ -0,0 +1,27 @@
+{ config, lib, ... }: with lib;
+
+systemConfiguration {
+  boot.loader = {
+    systemd-boot = enabled {
+      editor = false;
+    };
+
+    efi.canTouchEfiVariables = true;
+  };
+
+  boot.initrd.availableKernelModules = [ "ahci" "ata_piix" "nvme" "sr_mod" ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/root";
+    fsType = "ext4";
+  };
+
+  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
+    device = "/dev/disk/by-label/boot";
+    fsType = "vfat";
+  };
+
+  swapDevices = [{
+    device = "/dev/disk/by-label/swap";
+  }];
+}
--- a/hosts/disk/password.floppy.age
+++ b/hosts/disk/password.floppy.age
--- a/hosts/disk/site6.nix
+++ b/hosts/disk/site6.nix
@ -0,0 +1,9 @@
+{ self, lib, ... }: with lib;
+
+systemConfiguration {
+  imports = [
+    (self + /hosts/cube/acme.nix)
+    (self + /hosts/cube/nginx.nix)
+    (self + /hosts/cube/site.nix)
+  ];
+}