commit c0f1ed2d7ef1fe7a11c7a8265d7242c520653f6b Author: Alexander Tomokhov Date: Mon Nov 6 12:57:26 2023 +0400 initial diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c4a847d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/result diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..eb48470 --- /dev/null +++ b/flake.lock @@ -0,0 +1,66 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1686476475, + "narHash": "sha256-W9yUePvCSDghn+YUXewuodyPxt+kJl/a7zdY4Q6r4MU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "eef86b8a942913a828b9ef13722835f359deef29", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "selfprivacy-nixos-config": "selfprivacy-nixos-config" + } + }, + "selfprivacy-graphql-api": { + "inputs": { + "nixpkgs": [ + "selfprivacy-nixos-config", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1699259966, + "narHash": "sha256-NMZ1NZ/3I4d9AvegG95sSaV2Hv4A6WEfJ5UCpsFr+Zk=", + "ref": "flake", + "rev": "b6e84f2596b78da497f63179d72c903bb9b92d4e", + "revCount": 942, + "type": "git", + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" + }, + "original": { + "type": "git", + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git" + } + }, + "selfprivacy-nixos-config": { + "inputs": { + "nixpkgs": "nixpkgs", + "selfprivacy-graphql-api": "selfprivacy-graphql-api" + }, + "locked": { + "lastModified": 1699261443, + "narHash": "sha256-mK1L4vrQshtICda1Ub+DyiHp9P/Zxtbx3H/BmKVe6y0=", + "ref": "flakes", + "rev": "b4b37f42f2e3dcea50382fdff70228e33af90db7", + "revCount": 123, + "type": "git", + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git" + }, + "original": { + "type": "git", + "url": "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..8aa6a18 --- /dev/null +++ b/flake.nix @@ -0,0 +1,18 @@ +{ + description = "SelfPrivacy NixOS configuration local flake"; + + inputs.selfprivacy-nixos-config.url = "git+https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git"; + + outputs = { self, selfprivacy-nixos-config }: + let + userdata = builtins.fromJSON (builtins.readFile ./userdata/userdata.json); + hardware-configuration = ./hardware-configuration.nix; + in + { + # TODO embed self revision, maybe pass self as an argument + nixosConfigurations = + selfprivacy-nixos-config.outputs.nixosConfigurations-fun { + inherit hardware-configuration userdata; + }; + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..2921667 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,8 @@ +{ modulesPath, lib, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/sda"; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/userdata/schema.json b/userdata/schema.json new file mode 100644 index 0000000..778f5e0 --- /dev/null +++ b/userdata/schema.json @@ -0,0 +1,190 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$id": "https://git.selfprivacy.org/inex/selfprivacy-nixos-config/raw/branch/master/userdata/schema.json", + "type": "object", + "properties": { + "autoUpgrade": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + }, + "allowReboot": { + "type": "boolean" + } + } + }, + "hostname": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "username": { + "type": "string" + }, + "hashedMasterPassword": { + "type": "string" + }, + "sshKeys": { + "type": "array", + "items": { + "type": "string" + } + }, + "timezone": { + "type": "string" + }, + "api": { + "type": "object", + "properties": { + "token": { + "type": "string" + }, + "enableSwagger": { + "type": "boolean" + }, + "skippedMigrations": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "backblaze": { + "type": "object", + "properties": { + "bucket": { + "type": "string" + }, + "accountId": { + "type": "string" + }, + "accountKey": { + "type": "string" + } + }, + "required": ["bucket", "accountId", "accountKey"] + }, + "cloudflare": { + "type": "object", + "properties": { + "apiKey": { + "type": "string" + } + }, + "required": ["apiKey"] + }, + "databasePassword": { + "type": "string" + }, + "bitwarden": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + } + } + }, + "gitea": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + } + } + }, + "nextcloud": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + }, + "databasePassword": { + "type": "string" + }, + "adminPassword": { + "type": "string" + } + }, + "required": ["databasePassword", "adminPassword"] + }, + "pleroma": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + } + } + }, + "jitsi": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + } + } + }, + "ocserv": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + } + } + }, + "resticPassword": { + "type": "string" + }, + "ssh": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + }, + "rootKeys": { + "type": "array", + "items": { + "type": "string" + } + }, + "passwordAuthentication": { + "type": "boolean" + } + } + }, + "users": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "hashedPassword": { + "type": "string" + }, + "sshKeys": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": ["username", "hashedPassword"] + } + } + }, + "required": [ + "hostname", + "domain", + "username", + "hashedMasterPassword", + "backblaze", + "cloudflare", + "databasePassword", + "nextcloud", + "resticPassword" + ] +} \ No newline at end of file diff --git a/userdata/tokens.json b/userdata/tokens.json new file mode 100644 index 0000000..914086b --- /dev/null +++ b/userdata/tokens.json @@ -0,0 +1,9 @@ +{ + "tokens": [ + { + "token": "UKyDoDP3ynlZ9pYBydckZi7RFFk0SV768ZpQ2ZpQ5eMOb1zBYTKjrhfB6nvY70Ca", + "name": "primary_token", + "date": "2023-06-06 16:51:19.527893" + } + ] +} \ No newline at end of file diff --git a/userdata/tokens_schema.json b/userdata/tokens_schema.json new file mode 100644 index 0000000..2e85065 --- /dev/null +++ b/userdata/tokens_schema.json @@ -0,0 +1,72 @@ +{ + "$schema": "http://json-schema.org/schema#", + "$id": "https://git.selfprivacy.org/inex/selfprivacy-nixos-config/raw/branch/master/userdata/tokens_schema.json", + "type": "object", + "properties": { + "tokens": { + "type": "array", + "items": { + "type": "object", + "properties": { + "token": { + "type": "string" + }, + "name": { + "type": "string" + }, + "date": { + "type": "string" + } + }, + "required": [ + "token", + "name", + "date" + ] + } + }, + "recovery_token": { + "type": "object", + "properties": { + "token": { + "type": "string" + }, + "date": { + "type": "string" + }, + "expiration": { + "type": "string" + }, + "uses_left": { + "type": "integer" + } + }, + "required": [ + "token", + "date" + ] + }, + "new_device": { + "type": "object", + "properties": { + "token": { + "type": "string" + }, + "date": { + "type": "string" + }, + "expiration": { + "type": "string" + } + }, + "required": [ + "token", + "date", + "expiration" + ] + } + }, + "required": [ + "tokens" + ] +} \ No newline at end of file diff --git a/userdata/userdata.json b/userdata/userdata.json new file mode 100644 index 0000000..b40362c --- /dev/null +++ b/userdata/userdata.json @@ -0,0 +1,69 @@ +{ + "api": { + "token": "UKyDoDP3ynlZ9pYBydckZi7RFFk0SV768ZpQ2ZpQ5eMOb1zBYTKjrhfB6nvY70Ca", + "skippedMigrations": [ + "migrate_to_selfprivacy_channel", + "mount_volume" + ] + }, + "backup": { + "provider": "BACKBLAZE", + "accountId": "", + "accountKey": "", + "bucket": "" + }, + "bitwarden": { + "enable": true, + "location": "sdb" + }, + "dns": { + "provider": "CLOUDFLARE", + "apiKey": "xJD80-k8QyWw7_yWBQXjSGLWeLhedan0mHqJNzMB", + "useStagingACME": false + }, + "server": { + "provider": "HETZNER" + }, + "databasePassword": "e5LTh9xt2UtaY0BXGzNpqFbnTfs1PS0W6eDnLgnE", + "domain": "meow-corp.xyz", + "hashedMasterPassword": "$6$WrO.K8riC8c/uuJ$9l/5aP4HY4q3g0.QBAWAnL37f7JUsA0nhBHQpyem1fLnnOijDoQbgKmC0W5Nzajdtw5IVuQT5FnLJyQPZAfrw/", + "hostname": "meow-corp", + "nextcloud": { + "enable": true, + "adminPassword": "tMzoy1yEaBPcgVheoXUj11S5dVlC5I4TSFxr0pCHoeMvOV2YICYqFqFJne2SgbOFr6QxZTw6QGdYmCLW", + "databasePassword": "tMzoy1yEaBPcgVheoXUj11S5dVlC5I4TSFxr0pCHoeMvOV2YICYqFqFJne2SgbOFr6QxZTw6QGdYmCLW", + "location": "sdb" + }, + "gitea": { + "enable": true, + "location": "sdb" + }, + "jitsi": { + "enable": true + }, + "ocserv": { + "enable": false + }, + "pleroma": { + "enable": false, + "location": "sdb" + }, + "timezone": "Europe/Uzhgorod", + "resticPassword": "tMzoy1yEaBPcgVheoXUj11S5dVlC5I4TSFxr0pCHoeMvOV2YICYqFqFJne2SgbOFr6QxZTw6QGdYmCLW", + "username": "admin", + "volumes": [ + { + "device": "/dev/sdb", + "mountPoint": "/volumes/sdb", + "fsType": "ext4" + } + ], + "useBinds": true, + "ssh": { + "rootKeys": [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBb3yVhYF4slhf1iQCiGLOVcbGKP/MmkQiEMl2un+4K alex@240g7" + ] + }, + "sshKeys": [], + "users": [] +} \ No newline at end of file