nettika/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nettika:samba
Branches Tags
nettika:master nettika:samba nettika:memos nettika:mautrix-telegram nettika:romraider nettika:file-server
...
compare: nettika:4210857297830a3130913997dcee46f6ebc71c61
Branches Tags
nettika:samba nettika:memos nettika:master nettika:mautrix-telegram nettika:romraider nettika:file-server

15 Commits
samba ... 4210857297

Author SHA1 Message Date
Nettika
4210857297 Add ffcheck util to monolith 2024-11-30 13:39:34 -08:00
Nettika
3136ec6762 Add screen util to monolith 2024-11-30 13:37:43 -08:00
Nettika
fc2a78b0db Fix DNS updater 2024-11-30 13:37:00 -08:00
Nettika
bb77fc54d4 Add media services 2024-11-30 10:56:41 -08:00
Nettika
91f4fe8b13 Add intiface and minecraft 2024-11-13 16:41:53 -08:00
Nettika
8be0deed4b Enable nix-ld 2024-10-10 15:08:09 -07:00
Nettika
9ed9e10931 Disable firewall 2024-10-10 15:06:29 -07:00
Nettika
75c76ef032 Fix restic daily backups 2024-10-06 18:35:00 -07:00
Nettika
0ebe8d1121 Serve Synapse Admin from quasar 2024-09-27 21:01:31 -07:00
Nettika
d80ae92464 Add system-control-printer to marauder 2024-09-27 21:01:31 -07:00
Nettika
883204e90e Set synapse secrets 2024-09-27 21:01:31 -07:00
Nettika
0172e6af2b Configure synapse on quasar 2024-09-26 00:40:56 -07:00
Nettika
66786c2455 Move zerotier out of the common module 2024-09-25 21:05:05 -07:00
Nettika
e30a5830ef Add quasar host 2024-09-25 19:44:47 -07:00
Nettika
572cca2dd9 Configure printing on marauder 2024-09-25 16:20:21 -07:00
10 changed files with 128 additions and 26 deletions
Expand all files Collapse all files

6
flake.nix
View File

@@ -15,6 +15,7 @@
common = import ./modules/common.nix; common = import ./modules/common.nix;
prompt = import ./modules/prompt.nix; prompt = import ./modules/prompt.nix;
server = import ./modules/server.nix; server = import ./modules/server.nix;
zerotier = import ./modules/zerotier.nix;
}; };
nixosConfigurations = { nixosConfigurations = {
@@ -28,6 +29,11 @@
modules = [ ./hosts/monolith ]; modules = [ ./hosts/monolith ];
specialArgs = { inherit self inputs secrets; }; specialArgs = { inherit self inputs secrets; };
}; };
quasar = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [ ./hosts/quasar ];
specialArgs = { inherit self inputs secrets; };
};
}; };
}; };
} }

10
hosts/marauder/backup.nix
View File

@@ -1,11 +1,5 @@
{ pkgs, config, secrets, ... }: { pkgs, config, secrets, ... }:
{ {
environment.systemPackages = with pkgs; [
restic
libnotify
backblaze-b2
];
systemd.services = { systemd.services = {
notify-backup-b2-failed = { notify-backup-b2-failed = {
description = "Notify on failed backup to B2"; description = "Notify on failed backup to B2";
@@ -26,8 +20,8 @@
environment.etc = { environment.etc = {
"restic-env".text = '' "restic-env".text = ''
export B2_ACCOUNT_ID="${secrets.b2.accountId}" B2_ACCOUNT_ID="${secrets.b2.accountId}"
export B2_ACCOUNT_KEY="${secrets.b2.accountKey}" B2_ACCOUNT_KEY="${secrets.b2.accountKey}"
''; '';
"restic-password".text = secrets.restic.password; "restic-password".text = secrets.restic.password;
}; };

15
hosts/marauder/default.nix
View File

@@ -3,11 +3,16 @@
imports = [ imports = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.prompt self.nixosModules.prompt
self.nixosModules.zerotier
./backup.nix ./backup.nix
./dev.nix ./dev.nix
./printing.nix
]; ];
networking.hostName = "marauder"; networking = {
hostName = "marauder";
firewall.enable = false;
};
fileSystems = { fileSystems = {
"/" = { "/" = {
@@ -84,8 +89,10 @@
ffmpeg ffmpeg
(callPackage ./ffcheck.nix { }) (callPackage ./ffcheck.nix { })
# Productivity # Misc
obsidian obsidian
intiface-central
prismlauncher
]); ]);
}; };
@@ -95,6 +102,10 @@
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
}; };
programs.nix-ld = {
enable = true;
};
services.xserver = { services.xserver = {
enable = true; enable = true;
videoDrivers = [ "nvidia" ]; videoDrivers = [ "nvidia" ];

16
hosts/marauder/printing.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
system-config-printer
];
services.printing = {
enable = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
}

27
hosts/monolith/default.nix
View File

@@ -1,9 +1,10 @@
{ self, ... }: { self, pkgs, ... }:
{ {
imports = [ imports = [
self.nixosModules.common self.nixosModules.common
self.nixosModules.prompt self.nixosModules.prompt
self.nixosModules.server self.nixosModules.server
self.nixosModules.zerotier
./dns.nix ./dns.nix
]; ];
@@ -38,6 +39,30 @@
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
}; };
environment.systemPackages = with pkgs; [
rclone
beets
flac
screen
(callPackage ../marauder/ffcheck.nix { })
];
services.jellyfin = {
enable = true;
openFirewall = true;
};
services.navidrome = {
enable = true;
openFirewall = true;
settings = {
Address = "0.0.0.0";
MusicFolder = "/library/music";
Scanner.GroupAlbumReleases = "true";
ScanSchedule = "0";
};
};
promptEmoji = "🏰"; promptEmoji = "🏰";
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";

12
hosts/monolith/dns.nix
View File

@@ -3,22 +3,16 @@
systemd.services.update-dns = { systemd.services.update-dns = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
description = "Update the leaf.ninja DNS records"; description = "Update the leaf.ninja DNS records";
path = with pkgs; [ curl jq ]; path = with pkgs; [ curl ];
script = '' script = ''
public_ip=$(curl -s https://ifconfig.me/ip) public_ip=$(curl -s https://ifconfig.me/ip)
endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records" endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
curl -s \ curl \
-X PUT \ -X PUT \
-H "Authorization: Bearer ${secrets.gandi.token}" \ -H "Authorization: Bearer ${secrets.gandi.token}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d "{\"rrset_values\":[\"$public_ip\"]}" \ -d "{\"rrset_values\":[\"$public_ip\"]}" \
"$ENDPOINT/%2A/A" | jq $endpoint/ostiary/A
curl -s \
-X PUT \
-H "Authorization: Bearer ${secrets.gandi.token}" \
-H "Content-Type: application/json" \
-d "{\"rrset_values\":[\"$public_ip\"]}" \
"$ENDPOINT/%40/A" | jq
''; '';
}; };

54
hosts/quasar/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{ self, modulesPath, pkgs, config, secrets, ... }:
{
imports = [
"${modulesPath}/virtualisation/amazon-image.nix"
self.nixosModules.common
self.nixosModules.prompt
self.nixosModules.server
];
networking = {
hostName = "quasar";
domain = "consortium.chat";
firewall.allowedTCPPorts = [ 80 443 ];
};
services.postgresql = {
enable = true;
};
services.caddy = {
enable = true;
virtualHosts = {
"${config.networking.domain}".extraConfig = ''
reverse_proxy localhost:8008
header Strict-Transport-Security "max-age=63072000; includeSubDomains;"
'';
"matrix.${config.networking.domain}".extraConfig = ''
reverse_proxy /_matrix/* localhost:8008
reverse_proxy /_synapse/client/* localhost:8008
'';
"admin.${config.networking.domain}".extraConfig = ''
root * ${pkgs.synapse-admin}
file_server
'';
};
};
services.matrix-synapse = {
enable = true;
settings = {
server_name = config.networking.domain;
serve_server_wellknown = true;
registration_shared_secret = secrets.synapse."consortium.chat".registration-shared-secret;
macaroon_secret_key = secrets.synapse."consortium.chat".macaroon-secret-key;
form_secret = secrets.synapse."consortium.chat".form-secret;
};
};
promptEmoji = "🌟";
time.timeZone = "America/Los_Angeles";
system.stateVersion = "24.05";
}

7
modules/common.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, secrets, ... }: { pkgs, ... }:
{ {
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@@ -41,11 +41,6 @@
''; '';
}; };
services.zerotierone = {
enable = true;
joinNetworks = secrets.zerotier.networks;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git-crypt git-crypt
jq jq

7
modules/zerotier.nix Normal file
View File

@@ -0,0 +1,7 @@
{ secrets, ... }:
{
services.zerotierone = {
enable = true;
joinNetworks = secrets.zerotier.networks;
};
}

BIN
secrets.json
View File

Binary file not shown.