update: update flake

2025-07-25 16:21:27 +08:00 · 2025-07-25 16:21:27 +08:00 · 3a07c0da83
commit 3a07c0da83
parent a99b4ad2e7
18 changed files with 277 additions and 543 deletions
--- a/system/dev/dn-pre7780/boot.nix
+++ b/system/dev/dn-pre7780/boot.nix
@ -7,7 +7,7 @@
  boot.kernelPackages = pkgs.linuxPackages_latest;

  fileSystems."/mnt/ssd" = {
-    device = "/dev/disk/by-uuid/4E21-0000";
+    device = "/dev/disk/by-label/DN-SSD";
    fsType = "exfat";
    options = [
      "x-systemd.automount"
@ -23,21 +23,6 @@
    ];
  };

-  fileSystems."/mnt/windows" = {
-    enable = true;
-    device = "/dev/disk/by-uuid/460237D00237C429";
-    fsType = "ntfs-3g";
-    options = [
-      "uid=1000"
-      "gid=100"
-      "umask=000"
-      "nofail"
-      "users"
-      "exec"
-    ];
-  };
-
-  boot.supportedFilesystems = [ "ntfs" ];
  boot.loader.systemd-boot.enable = true;

  # Enable F keys in some wireless keyboard (Ex. neo65)
--- a/system/dev/dn-pre7780/default.nix
+++ b/system/dev/dn-pre7780/default.nix
@ -1,7 +1,6 @@
 {
  pkgs,
  settings,
-  config,
  ...
 }:
 {
@ -14,48 +13,26 @@
    ./hardware-configuration.nix
    ./boot.nix
    ./sops-conf.nix
-    # ./nginx.nix
-    ../../modules/certbot.nix
    ../../modules/presets/basic.nix
    ../../modules/gaming.nix
-    ../../modules/secure-boot.nix
+    # ../../modules/secure-boot.nix
    ../../modules/virtualization.nix
    ../../modules/wine.nix
    ../../modules/wireguard.nix
-    (import ../../modules/rustdesk-server.nix { relayHosts = [ "10.0.0.0/24" ]; })
-    # (import ../../modules/nextcloud.nix {
-    #   hostname = "192.168.0.3";
-    #   datadir = "/mnt/nextcloud";
-    #   https = false;
-    # })
-    ../../modules/mail-server
+    (import ../../modules/rustdesk-server.nix {
+      relayHosts = [
+        "10.0.0.0/24"
+        "192.168.0.0/24"
+      ];
+    })
  ];

-  mail-server = {
-    enable = true;
-    mailDir = "~/Maildir";
-    virtualMailDir = "/var/mail/vhosts";
-    domain = "vmail.net.dn";
-    networks = [
-      "127.0.0.0/8"
-      "10.0.0.0/24"
-    ];
-    openFirewall = true;
-    sslKey = "/etc/letsencrypt/live/vmail.net.dn/privkey.pem";
-    sslCert = "/etc/letsencrypt/live/vmail.net.dn/fullchain.pem";
-    dovecot.ldapFile = config.sops.secrets."dovecot/openldap".path;
-    openldap = {
-      passwordFile = config.sops.secrets."openldap/adminPassword".path;
-      enableWebUI = true;
-    };
-  };
-
  home-manager = {
    users."${settings.personal.username}" = {
      imports = [
        ../../../home/presets/basic.nix
        (import ../../../home/user/bitwarden.nix {
-          email = "danny@dn-server.net.dn";
+          email = "danny@net.dn";
          baseUrl = "https://bitwarden.net.dn";
        })
      ];
@ -63,8 +40,7 @@
  };

  environment.systemPackages = with pkgs; [
-    prismlauncher
-    heroic
+    rustdesk
  ];

  users.users = {
--- a/system/dev/dn-pre7780/hardware-configuration.nix
+++ b/system/dev/dn-pre7780/hardware-configuration.nix
@ -4,34 +4,25 @@
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];

-  boot.initrd.availableKernelModules = [
-    "vmd"
-    "dm-raid"
-    "xhci_pci"
-    "thunderbolt"
-    "nvme"
-    "usbhid"
-    "uas"
-    "sd_mod"
-    "rtsx_pci_sdmmc"
-  ];
+  boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelParams = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" = {
-    device = "/dev/disk/by-label/nixos";
-    fsType = "ext4";
-  };
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/NIXROOT";
+      fsType = "ext4";
+    };

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/BOOT";
-    fsType = "vfat";
-    options = [ "fmask=0077" "dmask=0077" ];
-  };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/NIXBOOT";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };

  swapDevices = [ ];

@ -44,6 +35,5 @@
  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.intel.updateMicrocode =
-    lib.mkDefault config.hardware.enableRedistributableFirmware;
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/system/dev/dn-pre7780/nginx.nix
+++ b/system/dev/dn-pre7780/nginx.nix
@ -1,29 +0,0 @@
-{ config, ... }:
-{
-  networking.firewall.allowedTCPPorts = [
-    80
-    443
-  ];
-
-  services.nginx = {
-    enable = true;
-    enableReload = true;
-
-    virtualHosts = {
-      ${config.services.nextcloud.hostName} = {
-        listen = [
-          {
-            addr = "0.0.0.0";
-            port = 80;
-          }
-        ];
-
-        extraConfig = ''
-          ssl_protocols TLSv1.2 TLSv1.3;
-          ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
-          ssl_prefer_server_ciphers on;
-        '';
-      };
-    };
-  };
-}