Compare commits
63 Commits
file-serve
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| dbfe474299 | |||
| 455a36f0d1 | |||
| f21f543976 | |||
| fc28b23995 | |||
| d9b0d8d4cb | |||
| e40f929abe | |||
| 493d9962ef | |||
| 3ee2d1dd84 | |||
| 1ac3895177 | |||
| 3bc1357bb1 | |||
| 46fbfbf8ca | |||
| ebc1fce8f4 | |||
| a6acaf9b17 | |||
| 42a9998b54 | |||
| 36f3d3b66b | |||
| fda44a9cc8 | |||
| 8cdb64ed65 | |||
| 5fd8e803b1 | |||
| ac916d8305 | |||
| 0de7e50ffa | |||
| 227bf853ab | |||
| e7100daf2f | |||
| 04069f02ec | |||
| 4210857297 | |||
| 3136ec6762 | |||
| fc2a78b0db | |||
| bb77fc54d4 | |||
| 91f4fe8b13 | |||
| 8be0deed4b | |||
| 9ed9e10931 | |||
| 75c76ef032 | |||
| 0ebe8d1121 | |||
| d80ae92464 | |||
| 883204e90e | |||
| 0172e6af2b | |||
| 66786c2455 | |||
| e30a5830ef | |||
| 572cca2dd9 | |||
| 09a1cc5a26 | |||
| 8ef9e1b0be | |||
| 2e956f2ddd | |||
| d3f46bf7c5 | |||
| e22915119e | |||
| e79ec922d1 | |||
| 4eff26d69d | |||
| b714df956c | |||
| 4e905ba555 | |||
| 19089fd683 | |||
| ee94662fd1 | |||
| 0992eba4dc | |||
| 57049fe511 | |||
| b5e8cd89dd | |||
| f9e8704fce | |||
| 1b62fee835 | |||
| 821b3a00ed | |||
| 050f2ded35 | |||
| 7deda2a385 | |||
| 066d21cf66 | |||
| 2e90f3455a | |||
| 1ccbd013f8 | |||
| 705a9f840b | |||
| 81651492ca | |||
| eade86cef6 |
1944
flake.lock
generated
1944
flake.lock
generated
File diff suppressed because it is too large
Load Diff
14
flake.nix
14
flake.nix
@@ -2,16 +2,21 @@
|
||||
description = "Nettika's NixOS Configurations";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
shelvacu.url = "git+https://git.uninsane.org/shelvacu/nix-stuff";
|
||||
phps.url = "github:fossar/nix-phps";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, ... }@inputs:
|
||||
let
|
||||
secrets = builtins.fromJSON (builtins.readFile ./secrets.json);
|
||||
in {
|
||||
in
|
||||
{
|
||||
nixosModules = {
|
||||
common = import ./modules/common.nix;
|
||||
prompt = import ./modules/prompt.nix;
|
||||
server = import ./modules/server.nix;
|
||||
zerotier = import ./modules/zerotier.nix;
|
||||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
@@ -25,6 +30,11 @@
|
||||
modules = [ ./hosts/monolith ];
|
||||
specialArgs = { inherit self inputs secrets; };
|
||||
};
|
||||
quasar = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [ ./hosts/quasar ];
|
||||
specialArgs = { inherit self inputs secrets; };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,11 +1,5 @@
|
||||
{ pkgs, config, secrets, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
restic
|
||||
libnotify
|
||||
backblaze-b2
|
||||
];
|
||||
|
||||
systemd.services = {
|
||||
notify-backup-b2-failed = {
|
||||
description = "Notify on failed backup to B2";
|
||||
@@ -20,14 +14,14 @@
|
||||
script = "notify-send -u critical \"Backup to B2 failed\" \"$(journalctl -u restic-backups-b2 -n 5 -o cat)\"";
|
||||
};
|
||||
restic-backups-b2 = {
|
||||
onFailure = ["notify-backup-b2-failed.service"];
|
||||
onFailure = [ "notify-backup-b2-failed.service" ];
|
||||
};
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"restic-env".text = ''
|
||||
export B2_ACCOUNT_ID="${secrets.b2.accountId}"
|
||||
export B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
|
||||
B2_ACCOUNT_ID="${secrets.b2.accountId}"
|
||||
B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
|
||||
'';
|
||||
"restic-password".text = secrets.restic.password;
|
||||
};
|
||||
@@ -39,13 +33,11 @@
|
||||
repository = "b2:marauder-backup";
|
||||
passwordFile = "/etc/restic-password";
|
||||
paths = [
|
||||
"${config.users.users.nettika.home}/Desktop"
|
||||
"${config.users.users.nettika.home}/Artwork"
|
||||
"${config.users.users.nettika.home}/Documents"
|
||||
"${config.users.users.nettika.home}/Music"
|
||||
"${config.users.users.nettika.home}/Pictures"
|
||||
"${config.users.users.nettika.home}/Projects"
|
||||
"${config.users.users.nettika.home}/Public"
|
||||
"${config.users.users.nettika.home}/Templates"
|
||||
"${config.users.users.nettika.home}/Videos"
|
||||
];
|
||||
pruneOpts = [
|
||||
|
||||
@@ -1,11 +1,19 @@
|
||||
{ self, pkgs, inputs, secrets, ... }:
|
||||
{ self, pkgs, inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.prompt
|
||||
self.nixosModules.zerotier
|
||||
./backup.nix
|
||||
./dev.nix
|
||||
./www.nix
|
||||
./printing.nix
|
||||
];
|
||||
|
||||
networking.hostName = "marauder";
|
||||
networking = {
|
||||
hostName = "marauder";
|
||||
firewall.enable = false;
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
@@ -34,19 +42,21 @@
|
||||
"sd_mod"
|
||||
];
|
||||
};
|
||||
kernelModules = ["kvm-amd"];
|
||||
kernelModules = [ "kvm-amd" ];
|
||||
kernelParams = [ "amd_pstate=active" ];
|
||||
};
|
||||
|
||||
hardware = {
|
||||
enableRedistributableFirmware = true;
|
||||
cpu.amd.updateMicrocode = true;
|
||||
opengl = {
|
||||
graphics = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
extraPackages = [pkgs.vaapiVdpau];
|
||||
enable32Bit = true;
|
||||
extraPackages = [ pkgs.vaapiVdpau ];
|
||||
};
|
||||
nvidia.prime = {
|
||||
nvidia = {
|
||||
open = true;
|
||||
prime = {
|
||||
offload = {
|
||||
enable = true;
|
||||
enableOffloadCmd = true;
|
||||
@@ -55,42 +65,43 @@
|
||||
nvidiaBusId = "PCI:01:00:0";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
environment = {
|
||||
systemPackages = [
|
||||
inputs.shelvacu.packages.x86_64-linux.sm64coopdx
|
||||
] ++ (with pkgs; [
|
||||
# Chat clients
|
||||
discord
|
||||
slack
|
||||
element-desktop
|
||||
telegram-desktop
|
||||
signal-desktop
|
||||
|
||||
# Browsers
|
||||
firefox
|
||||
filezilla
|
||||
|
||||
# Coding
|
||||
vscode
|
||||
|
||||
# Art and 3D
|
||||
# Creative
|
||||
inkscape
|
||||
gimp
|
||||
krita
|
||||
openscad-unstable
|
||||
bambu-studio
|
||||
|
||||
# Multimedia
|
||||
vlc
|
||||
ffmpeg
|
||||
(callPackage ./ffcheck.nix { })
|
||||
|
||||
# Productivity
|
||||
# Misc
|
||||
obsidian
|
||||
];
|
||||
|
||||
programs.bash = {
|
||||
promptInit = ''
|
||||
PS1="\[\e]0;\u@\h: \w\a\]" # window title
|
||||
PS1+="\n"
|
||||
PS1+="\$(printf \"%*s\" \$((\$COLUMNS + 9)) \"\[\e[1;33m\]\$(git branch --show-current 2>/dev/null)\")" # git branch
|
||||
PS1+="\[\e[1G\]" # move cursor to beginning of line
|
||||
PS1+="💜" # prompt symbol
|
||||
PS1+="\[\033[1;$((UID ? 32 : 31))m\]" # prompt color
|
||||
PS1+="[\u@\h:\w]\\$"
|
||||
PS1+="\[\033[0m\] " # reset color
|
||||
'';
|
||||
intiface-central
|
||||
prismlauncher
|
||||
blender
|
||||
mullvad-vpn
|
||||
qbittorrent
|
||||
]);
|
||||
};
|
||||
|
||||
programs.steam = {
|
||||
@@ -99,9 +110,26 @@
|
||||
dedicatedServer.openFirewall = true;
|
||||
};
|
||||
|
||||
programs.ssh.extraConfig = ''
|
||||
Host quasar
|
||||
HostName consortium.chat
|
||||
IdentityFile ~/.ssh/LightsailDefaultKey-us-west-2.pem
|
||||
|
||||
Host monolith
|
||||
HostName 10.243.210.154
|
||||
|
||||
Host fennbox
|
||||
HostName 10.243.109.199
|
||||
User fenn
|
||||
'';
|
||||
|
||||
programs.nix-ld = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
videoDrivers = ["nvidia"];
|
||||
videoDrivers = [ "nvidia" ];
|
||||
desktopManager = {
|
||||
cinnamon.enable = true;
|
||||
xterm.enable = false;
|
||||
@@ -120,8 +148,14 @@
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.mullvad-vpn = {
|
||||
enable = true;
|
||||
package = pkgs.mullvad-vpn; # Include GUI
|
||||
};
|
||||
|
||||
promptEmoji = "💜";
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
|
||||
|
||||
34
hosts/marauder/dev.nix
Executable file
34
hosts/marauder/dev.nix
Executable file
@@ -0,0 +1,34 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.variables = {
|
||||
VISUAL = "code --wait";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Code Editors
|
||||
vscode
|
||||
arduino-ide
|
||||
|
||||
# Dev Tools
|
||||
nixd
|
||||
nixpkgs-fmt
|
||||
pyenv
|
||||
rustup
|
||||
electron-fiddle
|
||||
electron
|
||||
|
||||
# Languages
|
||||
gcc
|
||||
kotlin
|
||||
nodejs
|
||||
php
|
||||
];
|
||||
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"electron-24.8.6"
|
||||
];
|
||||
}
|
||||
3
hosts/marauder/ffcheck.nix
Executable file
3
hosts/marauder/ffcheck.nix
Executable file
@@ -0,0 +1,3 @@
|
||||
{ writeShellScriptBin, ffmpeg }: writeShellScriptBin "ffcheck" ''
|
||||
${ffmpeg}/bin/ffmpeg -v error -stats -hide_banner -i "$1" -c copy -f null -
|
||||
''
|
||||
16
hosts/marauder/printing.nix
Normal file
16
hosts/marauder/printing.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
system-config-printer
|
||||
];
|
||||
|
||||
services.printing = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
}
|
||||
26
hosts/marauder/www.nix
Executable file
26
hosts/marauder/www.nix
Executable file
@@ -0,0 +1,26 @@
|
||||
{ pkgs, inputs, ... }:
|
||||
let
|
||||
fortune = pkgs.writeShellScript "cgi" ''
|
||||
echo "Content-type: text/html"
|
||||
echo ""
|
||||
${pkgs.fortune}/bin/fortune
|
||||
'';
|
||||
in {
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
};
|
||||
|
||||
services.httpd = {
|
||||
enable = true;
|
||||
enablePHP = true;
|
||||
# phpPackage = inputs.phps.packages.x86_64-linux.php74;
|
||||
extraConfig = ''
|
||||
ScriptAlias /fortune ${fortune}/bin/fortune
|
||||
'';
|
||||
virtualHosts."localhost" = {
|
||||
documentRoot = "/var/www";
|
||||
locations."/".index = "index.html index.php";
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,14 +1,18 @@
|
||||
{ self, pkgs, secrets, ... }:
|
||||
{ self, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
self.nixosModules.common
|
||||
self.nixosModules.prompt
|
||||
self.nixosModules.server
|
||||
self.nixosModules.zerotier
|
||||
./dns.nix
|
||||
./vault.nix
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "monolith";
|
||||
hostId = "44551c32";
|
||||
firewall.allowedTCPPorts = [ 8000 ];
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
@@ -37,6 +41,53 @@
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
rclone
|
||||
beets
|
||||
flac
|
||||
screen
|
||||
rustup
|
||||
gcc
|
||||
(callPackage ../marauder/ffcheck.nix { })
|
||||
mp3val
|
||||
];
|
||||
|
||||
services.jellyfin = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
services.navidrome = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
Address = "0.0.0.0";
|
||||
MusicFolder = "/library/music";
|
||||
Scanner.GroupAlbumReleases = "true";
|
||||
ScanSchedule = "0";
|
||||
};
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.reboot = {
|
||||
description = "Reboot the system";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl reboot";
|
||||
};
|
||||
};
|
||||
timers.reboot = {
|
||||
description = "Reboot the system every two hours";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = "6h";
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
promptEmoji = "🏰";
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
@@ -3,22 +3,16 @@
|
||||
systemd.services.update-dns = {
|
||||
serviceConfig.Type = "oneshot";
|
||||
description = "Update the leaf.ninja DNS records";
|
||||
path = with pkgs; [ curl jq ];
|
||||
path = with pkgs; [ curl ];
|
||||
script = ''
|
||||
public_ip=$(curl -s https://ifconfig.me/ip)
|
||||
endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
|
||||
curl -s \
|
||||
curl \
|
||||
-X PUT \
|
||||
-H "Authorization: Bearer ${secrets.gandi.token}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"rrset_values\":[\"$public_ip\"]}" \
|
||||
"$ENDPOINT/%2A/A" | jq
|
||||
curl -s \
|
||||
-X PUT \
|
||||
-H "Authorization: Bearer ${secrets.gandi.token}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"rrset_values\":[\"$public_ip\"]}" \
|
||||
"$ENDPOINT/%40/A" | jq
|
||||
$endpoint/ostiary/A
|
||||
'';
|
||||
};
|
||||
|
||||
|
||||
20
hosts/monolith/vault.nix
Normal file
20
hosts/monolith/vault.nix
Normal file
@@ -0,0 +1,20 @@
|
||||
{ secrets, ... }:
|
||||
{
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
config = {
|
||||
domain = "https://vault.leaf.ninja";
|
||||
signupsAllowed = false;
|
||||
rocketAddress = "0.0.0.0";
|
||||
rocketPort = 8222;
|
||||
smtpHost = "smtp.migadu.com";
|
||||
smtpFrom = "vaultwarden@leaf.ninja";
|
||||
smtpPort = 587;
|
||||
smtpSecurity = "starttls";
|
||||
smtpUsername = "vaultwarden@leaf.ninja";
|
||||
smtpPassword = secrets.vaultwarden.smtpPassword;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8222 ];
|
||||
}
|
||||
54
hosts/quasar/default.nix
Normal file
54
hosts/quasar/default.nix
Normal file
@@ -0,0 +1,54 @@
|
||||
{ self, modulesPath, pkgs, config, secrets, ... }:
|
||||
{
|
||||
imports = [
|
||||
"${modulesPath}/virtualisation/amazon-image.nix"
|
||||
self.nixosModules.common
|
||||
self.nixosModules.prompt
|
||||
self.nixosModules.server
|
||||
];
|
||||
|
||||
networking = {
|
||||
hostName = "quasar";
|
||||
domain = "consortium.chat";
|
||||
firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${config.networking.domain}".extraConfig = ''
|
||||
reverse_proxy localhost:8008
|
||||
header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
|
||||
'';
|
||||
"matrix.${config.networking.domain}".extraConfig = ''
|
||||
reverse_proxy /_matrix/* localhost:8008
|
||||
reverse_proxy /_synapse/client/* localhost:8008
|
||||
'';
|
||||
"admin.${config.networking.domain}".extraConfig = ''
|
||||
root * ${pkgs.synapse-admin}
|
||||
file_server
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server_name = config.networking.domain;
|
||||
serve_server_wellknown = true;
|
||||
registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
|
||||
macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
|
||||
form_secret = secrets.synapse."consortium.chat".form-secret;
|
||||
};
|
||||
};
|
||||
|
||||
promptEmoji = "🌟";
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
||||
@@ -1,19 +1,32 @@
|
||||
{ pkgs, secrets, ... }:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
nix.settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
substituters = [
|
||||
"https://fossar.cachix.org"
|
||||
# "https://nixcache.shelvacu.com"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"fossar.cachix.org-1:Zv6FuqIboeHPWQS7ysLCJ7UT7xExb4OE8c4LyGb5AsE="
|
||||
"nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
|
||||
];
|
||||
trusted-users = [ "@wheel" ];
|
||||
};
|
||||
|
||||
users.users.nettika = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" ];
|
||||
shell = pkgs.fish;
|
||||
};
|
||||
|
||||
security.sudo.wheelNeedsPassword = false;
|
||||
|
||||
environment.variables = {
|
||||
EDITOR = "nano";
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
lfs.enable = true;
|
||||
@@ -35,13 +48,13 @@
|
||||
'';
|
||||
};
|
||||
|
||||
services.zerotierone = {
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
joinNetworks = secrets.zerotier.networks;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
git-crypt
|
||||
htop
|
||||
jq
|
||||
];
|
||||
}
|
||||
|
||||
30
modules/prompt.nix
Normal file
30
modules/prompt.nix
Normal file
@@ -0,0 +1,30 @@
|
||||
{ lib, config, ... }:
|
||||
{
|
||||
options.promptEmoji = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
};
|
||||
|
||||
config.programs.bash.promptInit = ''
|
||||
PS1="\[\e]0;\u@\h: \w\a\]\n${config.promptEmoji} \[\033[1;$((UID ? 32 : 31))m\]\w \\$\[\033[0m\] "
|
||||
'';
|
||||
|
||||
config.programs.fish = {
|
||||
promptInit = ''
|
||||
function fish_prompt
|
||||
echo -n '${config.promptEmoji} '
|
||||
set_color brgreen
|
||||
echo -n (prompt_pwd)
|
||||
set_color normal
|
||||
echo -n ' > '
|
||||
end
|
||||
function fish_right_prompt
|
||||
set_color bryellow
|
||||
echo -n (git branch --show-current 2>/dev/null)
|
||||
end
|
||||
'';
|
||||
shellInit = ''
|
||||
set -g fish_greeting
|
||||
set -g fish_prompt_pwd_full_dirs 999
|
||||
'';
|
||||
};
|
||||
}
|
||||
7
modules/zerotier.nix
Normal file
7
modules/zerotier.nix
Normal file
@@ -0,0 +1,7 @@
|
||||
{ secrets, ... }:
|
||||
{
|
||||
services.zerotierone = {
|
||||
enable = true;
|
||||
joinNetworks = secrets.zerotier.networks;
|
||||
};
|
||||
}
|
||||
BIN
secrets.json
BIN
secrets.json
Binary file not shown.
Reference in New Issue
Block a user