root/flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

split!

Browse source
This commit is contained in:
= 2025-11-09 23:28:16 +00:00
parent 68704bc88e
commit b9c6c1da6a
25 changed files with 87 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
flake.nix
View file

@ -25,8 +25,11 @@
nixosConfigurations = { nixosConfigurations = {
distrust = lib.nixosSystem { distrust = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./system ./services ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default]; modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default { networking.hostName = "distrust"; }];
}; };
distrust-mini = lib.nixosSystem {
system = "x86_64-linux";
modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix { networking.hostName = "distrust-mini"; }];
}; };
}; };
} }

6
secrets/secrets.nix
View file

@ -4,8 +4,9 @@ let
users = [user]; users = [user];
# Current host # Current host
system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVvvjL4XXn6z0fOZnr1v0twoVBINi1FOES15JL/3vU4 root@distrust"; distrust = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVvvjL4XXn6z0fOZnr1v0twoVBINi1FOES15JL/3vU4 root@distrust";
systems = [system]; distrust-mini = "";
systems = [distrust distrust-mini];
all = users ++ systems; all = users ++ systems;
in { in {
@ -27,5 +28,6 @@ in {
"hidden_service/microbin".publicKeys = all; "hidden_service/microbin".publicKeys = all;
"hidden_service/nextcloud".publicKeys = all; "hidden_service/nextcloud".publicKeys = all;
"hidden_service/site".publicKeys = all; "hidden_service/site".publicKeys = all;
"hidden_service/uptime-kuma".publicKeys = all;
"hidden_service/vaultwarden".publicKeys = all; "hidden_service/vaultwarden".publicKeys = all;
} }

10
services/distrust-mini/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
imports = [
../shared
# TOR bridge
./tor.nix
# Status page in diff. data center for redundancy/resilience
./uptime-kuma.nix
]
}

16
services/distrust-mini/tor.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.tor = {
enable = true;
relay = {
enable = true;
role = "bridge";
};
settings = {
Nickname = "Distrust Mini";
ContactInfo = "root@distrust.network";
ORPort = 8080;
};
};
networking.firewall.allowedTCPPorts = [8080];
}

28
services/distrust-mini/uptime-kuma.nix Normal file
View file

@ -0,0 +1,28 @@
let
kumaPort = 3001;
in
{
services.uptime-kuma = {
enable = true;
settings = {
PORT = kumaPort;
};
};
distrust.services."uptime-kuma" = {
url = "http://uptime.distrust.network";
onion = {
url = "http://uxp5y2l7g3jv2x7f4j5zv3j5x7z5z7z5z5z5z5z5z5z5z5z5z5z5z5z5z5.onion";
secretKey = null;
};
virtualHostConfig = ''
reverse_proxy localhost:${toString kumaPort}
'';
backup = {
enable = true;
paths = [
"/var/lib/uptime-kuma"
];
};
};
}

0
services/akkoma.nix → services/distrust/akkoma.nix
View file

0
services/caddy.nix → services/distrust/caddy.nix
View file

3
services/default.nix → services/distrust/default.nix
View file

@ -1,7 +1,8 @@
{ {
imports = [ imports = [
../shared
# Core System # Core System
./borg.nix
./caddy.nix ./caddy.nix
# Non-stateful services # Non-stateful services

0
services/forgejo.nix → services/distrust/forgejo.nix
View file

0
services/ipfs.nix → services/distrust/ipfs.nix
View file

0
services/lldap.nix → services/distrust/lldap.nix
View file

0
services/mailserver.nix → services/distrust/mailserver.nix
View file

0
services/nextcloud.nix → services/distrust/nextcloud.nix
View file

0
services/paste.nix → services/distrust/paste.nix
View file

0
services/prosody.nix → services/distrust/prosody.nix
View file

0
services/site.nix → services/distrust/site.nix
View file

0
services/tor.nix → services/distrust/tor.nix
View file

0
services/vaultwarden.nix → services/distrust/vaultwarden.nix
View file

0
services/borg.nix → services/shared/borg.nix
View file

5
services/shared/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./borg.nix
];
}

2
system/configuration.nix
View file

@ -16,7 +16,7 @@ in {
# Necessary for flake support # Necessary for flake support
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
networking.hostName = "distrust"; # General / Perf
zramSwap.enable = true; zramSwap.enable = true;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;

2
system/default.nix → system/distrust-mini/default.nix
View file

@ -4,7 +4,7 @@
... ...
}: { }: {
imports = [ imports = [
./configuration.nix ../configuration.nix
# Auto generated, do not edit. Replace per host # Auto generated, do not edit. Replace per host
./hardware-configuration.nix ./hardware-configuration.nix

16
system/distrust/default.nix Normal file
View file

@ -0,0 +1,16 @@
{
lib,
modulesPath,
...
}: {
imports = [
../configuration.nix
# Auto generated, do not edit. Replace per host
./hardware-configuration.nix
./networking.nix
"${modulesPath}/profiles/hardened.nix"
{environment.memoryAllocator.provider = lib.mkForce "libc";}
];
}

0
system/hardware-configuration.nix → system/distrust/hardware-configuration.nix
View file

0
system/networking.nix → system/distrust/networking.nix
View file