initial commit

2025-08-06 00:18:58 +02:00 · 2025-08-06 00:18:58 +02:00 · 95085a0d24
commit 95085a0d24
16 changed files with 294 additions and 0 deletions
--- a/hosts/physique/hyponix/README.md
+++ b/hosts/physique/hyponix/README.md
@ -0,0 +1,10 @@
+# Hyponix
+
+## Caractéristiques
+
+```
+Host: ASUSTeK COMPUTER INC. CM6731_CM6431_CM6331
+CPU: Intel i5-3350P (4) @3.300GHz
+GPU: NVIDIA GeForce GT 625 OEM
+Memory : 8G, 1600 MT/s AO2L16BC8R2-BR2S
+```
--- a/hosts/physique/hyponix/default.nix
+++ b/hosts/physique/hyponix/default.nix
@ -0,0 +1,16 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./networking.nix
+    ./services
+
+    ../../../modules
+  ];
+
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "hyponix";
+
+  system.stateVersion = "25.05";
+}
--- a/hosts/physique/hyponix/hardware-configuration.nix
+++ b/hosts/physique/hyponix/hardware-configuration.nix
@ -0,0 +1,27 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "ums_realtek" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/4c0afbf4-08c4-468e-b480-4d1ae13a1073";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/physique/hyponix/networking.nix
+++ b/hosts/physique/hyponix/networking.nix
@ -0,0 +1,9 @@
+{ ... }:
+{
+  networking.interfaces.enp5s0 = {
+    ipv6.addresses = [{
+      address = "2a02:8428:c272:6f01:aaaa:bbbb:cccc:3142";
+      prefixLength = 64;
+    }];
+  };
+}
--- a/hosts/physique/hyponix/services/default.nix
+++ b/hosts/physique/hyponix/services/default.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  imports = [
+    ./fail2ban.nix
+    ./forgejo.nix
+  ];
+
+  services.caddy = {
+    enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+}
--- a/hosts/physique/hyponix/services/fail2ban.nix
+++ b/hosts/physique/hyponix/services/fail2ban.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  services.fail2ban = {
+    enable = true;
+  };
+
+  services.openssh.settings.LogLevel = "VERBOSE";
+}
--- a/hosts/physique/hyponix/services/forgejo.nix
+++ b/hosts/physique/hyponix/services/forgejo.nix
@ -0,0 +1,22 @@
+{config, ...}:
+let
+  domain = "git.${config.networking.domain}";
+in
+{
+  services.forgejo = {
+    enable = true;
+
+    settings = {
+      server = {
+        DOMAIN = domain;
+      };
+    };
+  };
+
+
+  services.caddy.virtualHosts."git.${config.networking.domain}" = {
+    extraConfig = ''
+      reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+    '';
+  };
+}