From a27e2ec213bc0e5e3703218e0ef6a9e924a6ad3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sun, 8 Mar 2026 18:11:49 +0100 Subject: [PATCH] nrec-nixos02: add Pocket ID with Caddy reverse proxy Co-Authored-By: Claude Opus 4.6 --- flake.nix | 9 +++ hosts/nrec-nixos02/configuration.nix | 85 ++++++++++++++++++++++++++++ hosts/nrec-nixos02/default.nix | 8 +++ 3 files changed, 102 insertions(+) create mode 100644 hosts/nrec-nixos02/configuration.nix create mode 100644 hosts/nrec-nixos02/default.nix diff --git a/flake.nix b/flake.nix index 2cbf154..ae220da 100644 --- a/flake.nix +++ b/flake.nix @@ -227,6 +227,15 @@ ./hosts/nrec-nixos01 ]; }; + nrec-nixos02 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self; + }; + modules = commonModules ++ [ + ./hosts/nrec-nixos02 + ]; + }; openstack-template = nixpkgs.lib.nixosSystem { inherit system; specialArgs = { diff --git a/hosts/nrec-nixos02/configuration.nix b/hosts/nrec-nixos02/configuration.nix new file mode 100644 index 0000000..c5b5afa --- /dev/null +++ b/hosts/nrec-nixos02/configuration.nix @@ -0,0 +1,85 @@ +{ lib, pkgs, ... }: + +{ + services.openssh = { + enable = true; + settings = { + PermitRootLogin = lib.mkForce "no"; + PasswordAuthentication = false; + }; + }; + + users.users.nixos = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwfb2jpKrBnCw28aevnH8HbE5YbcMXpdaVv2KmueDu6 torjus@gunter" + ]; + }; + security.sudo.wheelNeedsPassword = false; + programs.zsh.enable = true; + + homelab.dns.enable = false; + homelab.monitoring.enable = false; + homelab.host.labels.ansible = "false"; + + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + autoResize = true; + }; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; + networking.hostName = "nrec-nixos02"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + + systemd.network.enable = true; + systemd.network.networks."ens3" = { + matchConfig.Name = "ens3"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + 22 + 80 + 443 + ]; + + nix.settings.substituters = [ + "https://cache.nixos.org" + ]; + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + + services.pocket-id = { + enable = true; + settings = { + APP_URL = "https://oidc.t-juice.club"; + TRUST_PROXY = true; + ANALYTICS_DISABLED = true; + VERSION_CHECK_DISABLED = true; + HOST = "127.0.0.1"; + }; + }; + + services.caddy = { + enable = true; + virtualHosts."oidc.t-juice.club" = { + extraConfig = '' + reverse_proxy 127.0.0.1:1411 + ''; + }; + }; + + zramSwap.enable = true; + + system.stateVersion = "25.11"; +} diff --git a/hosts/nrec-nixos02/default.nix b/hosts/nrec-nixos02/default.nix new file mode 100644 index 0000000..5e8f064 --- /dev/null +++ b/hosts/nrec-nixos02/default.nix @@ -0,0 +1,8 @@ +{ modulesPath, ... }: +{ + imports = [ + ./configuration.nix + ../../system/packages.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; +}