default
This commit is contained in:
commit
0bd4baf3d1
39
configs/default.nix
Normal file
39
configs/default.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
zip
|
||||
btop
|
||||
unzip
|
||||
neovim
|
||||
w3m
|
||||
git
|
||||
];
|
||||
|
||||
|
||||
programs.zsh.enable = true;
|
||||
users.users.root.shell = pkgs.zsh;
|
||||
|
||||
home-manager.root.pink = {
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
# docker
|
||||
dc = "docker compose";
|
||||
dco = "docker container";
|
||||
dn = "docker network";
|
||||
dv = "docker volume";
|
||||
};
|
||||
|
||||
loginExtra = ''
|
||||
PROMPT="[%M] %~ "
|
||||
'';
|
||||
antidote = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
"marlonrichert/zsh-autocomplete"
|
||||
"zsh-users/zsh-syntax-highlighting"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
10
configs/docker.nix
Normal file
10
configs/docker.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ pkgs, ... }: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker-compose
|
||||
];
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
enableOnBoot = false;
|
||||
};
|
||||
|
||||
}
|
238
flake.lock
Normal file
238
flake.lock
Normal file
|
@ -0,0 +1,238 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716561646,
|
||||
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703113217,
|
||||
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716729592,
|
||||
"narHash": "sha256-Y3bOjoh2cFBqZN0Jw1zUdyr7tjygyxl2bD/QY73GZP0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "2c78a57c544dd19b07442350727ced097e1aa6e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.11",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"i2pd-exporter": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716319699,
|
||||
"narHash": "sha256-Q4cyjCDMa7QOKiJz6ya1ah0qW14uVNuJX0uQjcUo+oc=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "5a0eeb2dbb107d3f35b10f10dd64bd3204254ebd",
|
||||
"revCount": 8,
|
||||
"type": "git",
|
||||
"url": "https://git.4o1x5.dev/4o1x5/i2pd-exporter"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.4o1x5.dev/4o1x5/i2pd-exporter"
|
||||
}
|
||||
},
|
||||
"microvm": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716754174,
|
||||
"narHash": "sha256-L2Vni6dGDFWXWwY0rqkQWtZXt+qYQKUZr+Fj+EpI97Q=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "fa4262c3c9197e7d62185858907f2e5acff3258d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1703013332,
|
||||
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1716633019,
|
||||
"narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"home-manager": "home-manager_2",
|
||||
"i2pd-exporter": "i2pd-exporter",
|
||||
"microvm": "microvm",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
}
|
||||
},
|
||||
"spectrum": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1708358594,
|
||||
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
|
||||
"revCount": 614,
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://spectrum-os.org/git/spectrum"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
116
flake.nix
Normal file
116
flake.nix
Normal file
|
@ -0,0 +1,116 @@
|
|||
{
|
||||
description = "4o1x5 infrastructure/homelab";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-23.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
i2pd-exporter = {
|
||||
url = "git+https://git.4o1x5.dev/4o1x5/i2pd-exporter";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
microvm = {
|
||||
url = "github:astro/microvm.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
};
|
||||
|
||||
outputs =
|
||||
{ self
|
||||
, nixpkgs
|
||||
, home-manager
|
||||
, i2pd-exporter
|
||||
, microvm
|
||||
, agenix
|
||||
}:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
|
||||
pink = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
./hosts/pink/root.nix
|
||||
./root.nix
|
||||
i2pd-exporter.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
}
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
carbon = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
./hosts/carbon/root.nix
|
||||
./root.nix
|
||||
./secrets/carbon.nix
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
}
|
||||
|
||||
({ pkgs, ... }: {
|
||||
ixpkgs.overlays = [
|
||||
(self: super: {
|
||||
inadyn = super.inadyn.overrideAttrs
|
||||
(oldAttrs: rec {
|
||||
src = pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "troglobit";
|
||||
repo = "inadyn";
|
||||
rev = "7d576c4d00d312597c2b9c06c00529d2dde5ac89";
|
||||
hash = "sha256-EJ9/MZhz/Gjj2RCMRDkwuKRatig/t1wAqQRqOcHA2gc=";
|
||||
};
|
||||
});
|
||||
})
|
||||
];
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
lime = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
({ pkgs, ... }: {
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
inadyn = super.inadyn.overrideAttrs
|
||||
(oldAttrs: rec {
|
||||
src = pkgs.fetchFromGitHub
|
||||
{
|
||||
owner = "troglobit";
|
||||
repo = "inadyn";
|
||||
rev = "7d576c4d00d312597c2b9c06c00529d2dde5ac89";
|
||||
hash = "sha256-EJ9/MZhz/Gjj2RCMRDkwuKRatig/t1wAqQRqOcHA2gc=";
|
||||
};
|
||||
});
|
||||
})
|
||||
];
|
||||
})
|
||||
./hosts/lime/root.nix
|
||||
./root.nix
|
||||
./secrets/lime.nix
|
||||
agenix.nixosModules.default
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
42
hosts/carbon/hardware-configuration.nix
Normal file
42
hosts/carbon/hardware-configuration.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/f6788d24-084f-497d-a4f0-d42baa139ddf";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/E3E1-9724";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/332e974a-b0c1-4d39-a6a3-7aacdc4d754d"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
56
hosts/carbon/root.nix
Normal file
56
hosts/carbon/root.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ pkgs, ... }: {
|
||||
#
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
|
||||
# other services
|
||||
#./services/matrix.nix
|
||||
./services/forgejo.nix
|
||||
|
||||
# routes (other servers)
|
||||
./services/routes/owncast.nix
|
||||
./services/routes/openproject.nix
|
||||
./services/routes/hydra.nix
|
||||
./services/routes/csengo.nix
|
||||
./services/routes/matrix.nix
|
||||
|
||||
#./services/ai.nix
|
||||
|
||||
# essentials
|
||||
./services/postgresql.nix
|
||||
./services/nginx.nix
|
||||
./services/firewall.nix
|
||||
|
||||
# privacy services
|
||||
|
||||
./services/privacy/libreddit.nix
|
||||
#./services/privacy/safetwitch.nix
|
||||
#./services/privacy/piped.nix
|
||||
./services/privacy/breezewiki.nix
|
||||
./services/privacy/gothub.nix
|
||||
# ./services/privacy/nitter.nix not maintained anymore
|
||||
./services/privacy/anonymousoverflow.nix
|
||||
./services/privacy/binternet.nix
|
||||
./services/privacy/quetre.nix
|
||||
./services/privacy/rimgo.nix
|
||||
#./services/privacy/libretranslate.nix
|
||||
./services/privacy/libremdb.nix
|
||||
./services/privacy/librey.nix
|
||||
./services/privacy/dumb.nix
|
||||
#./services/privacy/searxng.nix
|
||||
|
||||
|
||||
# monitoring
|
||||
./services/monitoring/exporters/node.nix
|
||||
./services/monitoring/exporters/smartctl.nix
|
||||
];
|
||||
networking.hostName = "carbon";
|
||||
networking.domain = "4o1x5.dev";
|
||||
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
|
||||
}
|
18
hosts/carbon/services/ai.nix
Normal file
18
hosts/carbon/services/ai.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
ollamaPort = "4827";
|
||||
in
|
||||
{
|
||||
services.ollama.listenAddress = "0.0.0.0:${ollamaPort}";
|
||||
services.ollama.environmentVariables = {
|
||||
"CUDA_VISIBLE_DEVICES" = "GPU-cf2321f0-d34b-ec9b-31e9-8c0c69e1444a";
|
||||
OLLAMA_LLM_LIBRARY = "gpu";
|
||||
};
|
||||
services.ollama.enable = true;
|
||||
services.ollama.acceleration = "cuda";
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
17
hosts/carbon/services/firewall.nix
Normal file
17
hosts/carbon/services/firewall.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
|
||||
443
|
||||
80
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
443
|
||||
80
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
45
hosts/carbon/services/forgejo.nix
Normal file
45
hosts/carbon/services/forgejo.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "git.4o1x5.dev";
|
||||
ROOT_URL = "https://git.${config.networking.domain}/";
|
||||
DISABLE_REGISTRATION = true;
|
||||
DISABLE_SSH = true;
|
||||
};
|
||||
DEFAULT.APP_NAME = "2005's git server";
|
||||
actions.ENABLED = true;
|
||||
};
|
||||
database = {
|
||||
type = "postgres";
|
||||
createDatabase = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"git.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:3000";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.gitea-actions-runner.instances = {
|
||||
root = {
|
||||
enable = true;
|
||||
url = "https://git.${config.networking.domain}";
|
||||
tokenFile = config.age.secrets.forgejo-runner.path;
|
||||
labels = [
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
];
|
||||
name = config.networking.domain;
|
||||
};
|
||||
};
|
||||
}
|
8
hosts/carbon/services/monitoring/exporters/node.nix
Normal file
8
hosts/carbon/services/monitoring/exporters/node.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9001;
|
||||
openFirewall = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
}
|
16
hosts/carbon/services/monitoring/exporters/smartctl.nix
Normal file
16
hosts/carbon/services/monitoring/exporters/smartctl.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.smartctl = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
devices = [ "/dev/sda" ];
|
||||
};
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
notifications.wall.enable = true;
|
||||
devices = [
|
||||
{
|
||||
device = "/dev/sda";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
40
hosts/carbon/services/nginx.nix
Normal file
40
hosts/carbon/services/nginx.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ pkgs, inputs, config, ... }:
|
||||
{
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
|
||||
"www.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
root = pkgs.callPackage ../services/website/default.nix { };
|
||||
};
|
||||
};
|
||||
|
||||
"${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
root = pkgs.callPackage ../services/website/default.nix { };
|
||||
};
|
||||
extraConfig = ''
|
||||
error_page 404 /404.html;
|
||||
deny 3.1.202.244;
|
||||
deny 170.64.219.93;
|
||||
deny 91.215.85.43;
|
||||
client_max_body_size 900M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "admin+acme@4o1x5.dev";
|
||||
};
|
||||
|
||||
}
|
||||
|
5
hosts/carbon/services/postgresql.nix
Normal file
5
hosts/carbon/services/postgresql.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
services.postgresql.enable = true;
|
||||
|
||||
}
|
28
hosts/carbon/services/privacy/anonymousoverflow.nix
Normal file
28
hosts/carbon/services/privacy/anonymousoverflow.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
anonymousoverflow = {
|
||||
image = "ghcr.io/httpjamesm/anonymousoverflow:release";
|
||||
ports = [
|
||||
"7344:8080"
|
||||
];
|
||||
environment = {
|
||||
APP_URL = "https://.anonymousoverflow.4o1x5.dev";
|
||||
# TODO add JTW_SIGNING_KEY to work
|
||||
};
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
|
||||
"anonymousoverflow.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:7344";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
24
hosts/carbon/services/privacy/binternet.nix
Normal file
24
hosts/carbon/services/privacy/binternet.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
binternet = {
|
||||
image = "ghcr.io/ahwxorg/binternet:latest";
|
||||
ports = [
|
||||
"7382:80"
|
||||
];
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"binternet.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:7382";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
25
hosts/carbon/services/privacy/breezewiki.nix
Normal file
25
hosts/carbon/services/privacy/breezewiki.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
breezewiki = {
|
||||
image = "quay.io/pussthecatorg/breezewiki:latest";
|
||||
ports = [
|
||||
"1584:10416"
|
||||
];
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
|
||||
"breezewiki.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:1584";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
25
hosts/carbon/services/privacy/dumb.nix
Normal file
25
hosts/carbon/services/privacy/dumb.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
dumb = {
|
||||
image = "ghcr.io/rramiachraf/dumb:latest";
|
||||
ports = [
|
||||
"8332:5555"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"dumb.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:8332";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
37
hosts/carbon/services/privacy/gothub.nix
Normal file
37
hosts/carbon/services/privacy/gothub.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
gothub = {
|
||||
image = "codeberg.org/gothub/gothub:latest";
|
||||
ports = [
|
||||
"4032:3000"
|
||||
];
|
||||
environment = {
|
||||
DOCKER = "true";
|
||||
GOTHUB_SETUP_COMPLETE = "true";
|
||||
GOTHUB_PROXYING_ENABLED = "true";
|
||||
GOTHUB_IP_LOGGED = "false";
|
||||
GOTHUB_REQUEST_URL_LOGGED = "true";
|
||||
GOTHUB_USER_AGENT_LOGGED = "true";
|
||||
GOTHUB_DIAGNOSTIC_INFO_LOGGED = "false";
|
||||
GOTHUB_INSTANCE_PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
||||
GOTHUB_INSTANCE_COUNTRY = "Hungary";
|
||||
GOTHUB_INSTANCE_PROVIDER = "Telekom";
|
||||
GOTHUB_INSTANCE_CLOUDFLARE = "false";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"gothub.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:4032";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
23
hosts/carbon/services/privacy/libreddit.nix
Normal file
23
hosts/carbon/services/privacy/libreddit.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
|
||||
services.libreddit = {
|
||||
enable = true;
|
||||
address = "127.0.0.1";
|
||||
port = 3672;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
# Privacy services
|
||||
"libreddit.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:3672";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
33
hosts/carbon/services/privacy/libremdb.nix
Normal file
33
hosts/carbon/services/privacy/libremdb.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
libremdb = {
|
||||
image = "quay.io/pussthecatorg/libremdb:latest";
|
||||
ports = [
|
||||
"7345:3000"
|
||||
];
|
||||
environment = {
|
||||
NEXT_PUBLIC_URL = "https://libremdb.${config.networking.domain}";
|
||||
AXIOS_USER_AGENT = "Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0";
|
||||
AXIOS_ACCEPT = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8";
|
||||
NEXT_TELEMETRY_DISABLED = "1";
|
||||
USE_REDIS = "false";
|
||||
NEXT_PUBLIC_INSTANCE_NAME = "libremdb.${config.networking.domain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"libremdb.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:7345";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
43
hosts/carbon/services/privacy/librey.nix
Normal file
43
hosts/carbon/services/privacy/librey.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
librey = {
|
||||
image = "ghcr.io/ahwxorg/librey:latest";
|
||||
ports = [
|
||||
"3345:8080"
|
||||
];
|
||||
environment = {
|
||||
CONFIG_GOOGLE_DOMAIN = "com";
|
||||
CONFIG_LANGUAGE = "en";
|
||||
CONFIG_NUMBER_OF_RESULTS = "10";
|
||||
CONFIG_INVIDIOUS_INSTANCE = "https://yt.ahwx.org";
|
||||
CONFIG_DISABLE_BITTORRENT_SEARCH = "false";
|
||||
CONFIG_HIDDEN_SERVICE_SEARCH = "true";
|
||||
CONFIG_INSTANCE_FALLBACK = "true";
|
||||
CONFIG_RATE_LIMIT_COOLDOWN = "25";
|
||||
CONFIG_CACHE_TIME = "20";
|
||||
CONFIG_DISABLE_API = "false";
|
||||
CONFIG_TEXT_SEARCH_ENGINE = "auto";
|
||||
CURLOPT_PROXY_ENABLED = "false";
|
||||
CURLOPT_PROXY = "192.0.2.53:8388";
|
||||
CURLOPT_PROXYTYPE = "CURLPROXY_HTTP";
|
||||
CURLOPT_USERAGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:116.0) Gecko/20100101 Firefox/116.0";
|
||||
CURLOPT_FOLLOWLOCATION = "true";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"librey.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:3345";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
33
hosts/carbon/services/privacy/piped.nix
Normal file
33
hosts/carbon/services/privacy/piped.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
# TODO fix
|
||||
services.piped = {
|
||||
enable = true;
|
||||
|
||||
domain = "piped.${config.networking.domain}";
|
||||
backend = {
|
||||
port = 5632;
|
||||
database = {
|
||||
# TODO fix
|
||||
#TODO SECRET
|
||||
host = "127.0.0.1";
|
||||
username = "piped-backend";
|
||||
passwordFile = ./piped;
|
||||
database = "piped-backend";
|
||||
|
||||
createLocally = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
enableTCPIP = true;
|
||||
ensureDatabases = [ "piped-backend" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "piped-backend";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
43
hosts/carbon/services/privacy/quetre.nix
Normal file
43
hosts/carbon/services/privacy/quetre.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
quetre = {
|
||||
image = "quay.io/pussthecatorg/quetre:latest";
|
||||
extraOptions = [
|
||||
"--network=host"
|
||||
];
|
||||
environment = {
|
||||
NODE_ENV = "production";
|
||||
PORT = "2355";
|
||||
CACHE_PERIOD = "24h";
|
||||
|
||||
REDIS_URL = "localhost:3442";
|
||||
REDIS_TTL = "3600";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
services.redis.servers = {
|
||||
quetre = {
|
||||
port = 3442;
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
|
||||
virtualHosts = {
|
||||
"quetre.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:2355";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
51
hosts/carbon/services/privacy/rimgo.nix
Normal file
51
hosts/carbon/services/privacy/rimgo.nix
Normal file
|
@ -0,0 +1,51 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
rimgo = {
|
||||
image = "codeberg.org/rimgo/rimgo:latest";
|
||||
ports = [
|
||||
"4312:3000"
|
||||
];
|
||||
environment = {
|
||||
ADDRESS = "0.0.0.0";
|
||||
PORT = "3000";
|
||||
FIBER_PREFORK = "false";
|
||||
|
||||
# Link to a privacy policy (optional)
|
||||
PRIVACY_POLICY = "https://4o1x5.dev/privacy-policy";
|
||||
# Explain how this data is used/why it is collected (optional)
|
||||
PRIVACY_MESSAGE = "Read my privacy policy on my website";
|
||||
# Country where instance is located. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_COUNTRY = "HU";
|
||||
# Hosting provider or ISP name. Leave blank if running on Tor without clearnet.
|
||||
PRIVACY_PROVIDER = "Telekom";
|
||||
# Set to true if you use Cloudflare (using Cloudflare only as DNS (gray cloud icon), set to false)
|
||||
PRIVACY_CLOUDFLARE = "false";
|
||||
PRIVACY_NOT_COLLECTED = "false";
|
||||
|
||||
# IP address
|
||||
PRIVACY_IP = "true";
|
||||
# Request URL
|
||||
PRIVACY_URL = "true";
|
||||
# Device Type (User agent)
|
||||
PRIVACY_DEVICE = "false";
|
||||
|
||||
PRIVACY_DIAGNOSTICS = "false";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"rimgo.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:4312";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
55
hosts/carbon/services/privacy/safetwitch.nix
Normal file
55
hosts/carbon/services/privacy/safetwitch.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
virtualisation.oci-containers.containers = {
|
||||
# TODO fix routing
|
||||
|
||||
safe-twitch-frontend = {
|
||||
image = "codeberg.org/safetwitch/safetwitch:latest";
|
||||
ports = [
|
||||
"8280:8280"
|
||||
];
|
||||
environment = {
|
||||
SAFETWITCH_BACKEND_DOMAIN = "sf.${config.networking.domain}";
|
||||
SAFETWITCH_INSTANCE_DOMAIN = "safetwitch.${config.networking.domain}";
|
||||
SAFETWITCH_HTTPS = "true";
|
||||
SAFETWITCH_DEFAULT_LOCALE = "en";
|
||||
SAFETWITCH_FALLBACK_LOCALE = "en";
|
||||
};
|
||||
};
|
||||
safetwitch-backend = {
|
||||
image = "codeberg.org/safetwitch/safetwitch-backend:latest";
|
||||
ports = [
|
||||
"7100:7100"
|
||||
];
|
||||
environment = {
|
||||
URL = "sf.${config.networking.domain}";
|
||||
PORT = "7100";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.nginx = {
|
||||
|
||||
virtualHosts = {
|
||||
"safetwitch.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:8280";
|
||||
};
|
||||
};
|
||||
"sf.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:7100";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
36
hosts/carbon/services/privacy/searxng.nix
Normal file
36
hosts/carbon/services/privacy/searxng.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
||||
searxng = {
|
||||
image = "docker.io/searxng/searxng:latest";
|
||||
ports = [
|
||||
"3345:3000"
|
||||
];
|
||||
# TODO implement limiter
|
||||
#volumes = [
|
||||
# "/home/carbon/searxng.yml:/etc/searxng:rw"
|
||||
#];
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.servers = {
|
||||
searxng = {
|
||||
port = 3442;
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"librey.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://127.0.0.1:3345";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
29
hosts/carbon/services/routes/csengo.nix
Normal file
29
hosts/carbon/services/routes/csengo.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"csengo.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://32.54.31.99:8422";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
|
||||
locations."/api" = {
|
||||
proxyPass = " http://32.54.31.99:5333";
|
||||
extraConfig = ''
|
||||
rewrite /api/(.*) /$1 break;
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
22
hosts/carbon/services/routes/hydra.nix
Normal file
22
hosts/carbon/services/routes/hydra.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"hydra.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://32.54.31.99:6732";
|
||||
};
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
39
hosts/carbon/services/routes/matrix.nix
Normal file
39
hosts/carbon/services/routes/matrix.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
fqdn = "${config.networking.domain}";
|
||||
baseUrl = "https://${fqdn}";
|
||||
clientConfig."m.homeserver".base_url = "https://matrix.${fqdn}";
|
||||
serverConfig."m.server" = "${fqdn}:443";
|
||||
mkWellKnown = data: ''
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"matrix.${config.networking.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://32.54.31.241:8008";
|
||||
|
||||
};
|
||||
extraConfig = ''
|
||||
client_max_body_size 9000M;
|
||||
'';
|
||||
};
|
||||
"${fqdn}" = {
|
||||
|
||||
# well known paths for matrix
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
locations."/_matrix".proxyPass = "http://32.54.31.241:8008";
|
||||
locations."/_synapse".proxyPass = "http://32.54.31.241:8008";
|
||||
locations."= /.well-known/matrix/client" .extraConfig = mkWellKnown clientConfig;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
24
hosts/carbon/services/routes/openproject.nix
Normal file
24
hosts/carbon/services/routes/openproject.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"openproject.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://32.54.31.99:8080";
|
||||
};
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
26
hosts/carbon/services/routes/owncast.nix
Normal file
26
hosts/carbon/services/routes/owncast.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"live.${config.networking.domain}" =
|
||||
{
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = " http://32.54.31.241:3413";
|
||||
};
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
20
hosts/carbon/services/website/default.nix
Normal file
20
hosts/carbon/services/website/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ pkgs }:
|
||||
|
||||
pkgs.stdenv.mkDerivation rec {
|
||||
name = "website";
|
||||
version = "0.1.25";
|
||||
src = /home/grape/code/4o1x5/website;
|
||||
|
||||
buildInputs = [ pkgs.hugo ];
|
||||
dontConfigure = true;
|
||||
|
||||
buildPhase = ''
|
||||
cp -r $src/* .
|
||||
${pkgs.hugo}/bin/hugo
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -r public/* $out/
|
||||
'';
|
||||
}
|
35
hosts/lime/hardware-configuration.nix
Normal file
35
hosts/lime/hardware-configuration.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/16777af0-cb7b-470c-a172-d1761e6a8a12";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/57420b12-9218-4110-9fb2-22ca3171f6a0"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
31
hosts/lime/root.nix
Normal file
31
hosts/lime/root.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
./services/firewall.nix
|
||||
#./services/loki.nix
|
||||
|
||||
./services/mumble.nix
|
||||
#./services/ddns-updater.nix
|
||||
#./services/ai.nix
|
||||
|
||||
./services/postgresql.nix
|
||||
./services/matrix.nix
|
||||
./services/owncast.nix
|
||||
|
||||
# monitoring
|
||||
./services/monitoring/exporters/node.nix
|
||||
./services/monitoring/exporters/smartctl.nix
|
||||
|
||||
];
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.loader.grub.useOSProber = true;
|
||||
networking.hostName = "lime";
|
||||
networking.domain = "4o1x5.dev";
|
||||
|
||||
|
||||
}
|
29
hosts/lime/services/ai.nix
Normal file
29
hosts/lime/services/ai.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ollama
|
||||
];
|
||||
|
||||
|
||||
services.ollama.listenAddress = "0.0.0.0:4827";
|
||||
services.ollama.environmentVariables = {
|
||||
#"CUDA_VISIBLE_DEVICES" = "GPU-cf2321f0-d34b-ec9b-31e9-8c0c69e1444a";
|
||||
OLLAMA_LLM_LIBRARY = "gpu";
|
||||
};
|
||||
services.ollama.enable = true;
|
||||
#services.ollama.acceleration = "cuda";
|
||||
|
||||
|
||||
# virtualisation.oci-containers.containers = {
|
||||
|
||||
# webui = {
|
||||
# image = "ghcr.io/ollama-webui/ollama-webui:main";
|
||||
# ports = [
|
||||
# "5121:8080"
|
||||
# ];
|
||||
# volumes = [
|
||||
# "/home/carbon/ollamawebui:/app/backend/data"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
}
|
12
hosts/lime/services/ddns-updater.nix
Normal file
12
hosts/lime/services/ddns-updater.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
services.inadyn = {
|
||||
enable = true;
|
||||
# TODO fix
|
||||
settings.provider.porkbun = {
|
||||
username = config.age.secrets.porkbun-user.path;
|
||||
password = config.age.secrets.porkbun.path;
|
||||
ssl = true;
|
||||
};
|
||||
};
|
||||
}
|
31
hosts/lime/services/firewall.nix
Normal file
31
hosts/lime/services/firewall.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
networking.firewall = {
|
||||
enable = false;
|
||||
allowedTCPPorts = [
|
||||
25565
|
||||
22
|
||||
222
|
||||
4827
|
||||
2222
|
||||
9001
|
||||
1141
|
||||
# matrix
|
||||
8008
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
25565
|
||||
22
|
||||
222
|
||||
2222
|
||||
4827
|
||||
1141
|
||||
5121 # olama
|
||||
9001
|
||||
|
||||
# matrix
|
||||
8008
|
||||
];
|
||||
};
|
||||
|
||||
}
|
45
hosts/lime/services/loki.nix
Normal file
45
hosts/lime/services/loki.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{ pkgs, ... }: {
|
||||
#
|
||||
services.loki = {
|
||||
enable = false;
|
||||
configuration = {
|
||||
auth_enabled = false;
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
};
|
||||
ingester = {
|
||||
lifecycler = {
|
||||
address = "0.0.0.0";
|
||||
ring = {
|
||||
kvstore.store = "inmemory";
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
chunk_idle_period = "15m";
|
||||
};
|
||||
schema_config.configs = [
|
||||
{
|
||||
from = "2020-02-25";
|
||||
store = "boltdb";
|
||||
object_store = "filesystem";
|
||||
schema = "v11";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
storage_config = {
|
||||
boltdb.directory = "/tmp/loki/index";
|
||||
};
|
||||
limits_config = {
|
||||
enforce_metric_name = false;
|
||||
reject_old_samples = true;
|
||||
reject_old_samples_max_age = "500h";
|
||||
};
|
||||
chunk_store_config.max_look_back_period = "0s";
|
||||
|
||||
};
|
||||
};
|
||||
}
|
43
hosts/lime/services/matrix.nix
Normal file
43
hosts/lime/services/matrix.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
baseUrl = "https://${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
||||
server_name = config.networking.domain;
|
||||
public_baseurl = baseUrl;
|
||||
enable_registration = false;
|
||||
|
||||
trusted_key_servers = [{ server_name = "matrix.org"; }
|
||||
{
|
||||
server_name = "tchncs.de";
|
||||
}];
|
||||
suppress_key_server_warning = true;
|
||||
enable_registration_without_verification = true;
|
||||
max_upload_size = "9861M";
|
||||
listeners = [
|
||||
{
|
||||
port = 8008;
|
||||
bind_addresses = [ "0.0.0.0" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [{
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
}];
|
||||
}
|
||||
];
|
||||
server_notices = {
|
||||
system_mxid_localpart = "server";
|
||||
system_mxid_display_name = "Server Notices";
|
||||
room_name = "Server Notices";
|
||||
room_topic = "Notices about 4o1x5.dev";
|
||||
auto_join = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
8
hosts/lime/services/monitoring/exporters/node.nix
Normal file
8
hosts/lime/services/monitoring/exporters/node.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9001;
|
||||
openFirewall = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
}
|
18
hosts/lime/services/monitoring/exporters/smartctl.nix
Normal file
18
hosts/lime/services/monitoring/exporters/smartctl.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.smartctl = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
devices = [ "/dev/sda" ];
|
||||
};
|
||||
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
notifications.wall.enable = true;
|
||||
devices = [
|
||||
{
|
||||
device = "/dev/sda";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
}
|
28
hosts/lime/services/mumble.nix
Normal file
28
hosts/lime/services/mumble.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ pkgs, ... }: {
|
||||
#
|
||||
services.murmur = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
bandwidth = 1300000;
|
||||
welcometext = ''<b><span style=" color: #fad000">Welcome to 4o1x5.dev server<br/>Enjoy your stay.</span></b>'';
|
||||
};
|
||||
|
||||
# Musicbot
|
||||
services.botamusique.enable = true;
|
||||
services.botamusique.settings = {
|
||||
server = {
|
||||
certificate = "/etc/botamusique.pem";
|
||||
};
|
||||
bot = {
|
||||
channel = "/music";
|
||||
name = "Zenebona";
|
||||
comment = "szia";
|
||||
admin = "penge;dmk";
|
||||
stereo = true;
|
||||
when_nobody_in_channel = "pause_resume";
|
||||
bitrate = 1300000;
|
||||
};
|
||||
|
||||
commands.command_symbol = ".:@:;:4:!:1";
|
||||
};
|
||||
}
|
10
hosts/lime/services/owncast.nix
Normal file
10
hosts/lime/services/owncast.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
|
||||
services.owncast = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
listen = "0.0.0.0";
|
||||
port = 3413;
|
||||
};
|
||||
}
|
14
hosts/lime/services/postgresql.nix
Normal file
14
hosts/lime/services/postgresql.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
services.postgresql.enable = true;
|
||||
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||
|
||||
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||
TEMPLATE template0
|
||||
LC_COLLATE = "C"
|
||||
LC_CTYPE = "C";
|
||||
'';
|
||||
|
||||
|
||||
}
|
40
hosts/pink/hardware-configuration.nix
Normal file
40
hosts/pink/hardware-configuration.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/c5780502-0721-40d7-a41a-477120247835";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
device = "/dev/disk/by-uuid/1DF7-6D92";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
36
hosts/pink/root.nix
Normal file
36
hosts/pink/root.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
# SERVICES
|
||||
./services/firewall.nix
|
||||
./services/dns.nix
|
||||
./services/endlessh.nix
|
||||
./services/i2pd.nix
|
||||
./services/hydra.nix
|
||||
|
||||
|
||||
# monitoring
|
||||
./services/monitoring/prometheus.nix
|
||||
./services/monitoring/grafana.nix
|
||||
./services/monitoring/exporters/node.nix
|
||||
./services/monitoring/exporters/smartctl.nix
|
||||
|
||||
];
|
||||
# Bootloader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "pink";
|
||||
networking.domain = "stuff.local";
|
||||
|
||||
users.users.pink = {
|
||||
isNormalUser = true;
|
||||
description = "pink";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
packages = with pkgs; [ ];
|
||||
};
|
||||
|
||||
}
|
19
hosts/pink/services/dns.nix
Normal file
19
hosts/pink/services/dns.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
|
||||
services.adguardhome = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
#bind_port = 4000;
|
||||
upstream_dns = [
|
||||
"194.242.2.2"
|
||||
"9.9.9.9"
|
||||
"1.1.1.1"
|
||||
];
|
||||
};
|
||||
# todo add blocklist
|
||||
# https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.plus.txt
|
||||
};
|
||||
|
||||
}
|
17
hosts/pink/services/endlessh.nix
Normal file
17
hosts/pink/services/endlessh.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ pkgs, ... }: {
|
||||
services.endlessh-go = {
|
||||
enable = true;
|
||||
extraOptions = [
|
||||
"-max_clients=200"
|
||||
"-geoip_supplier=ip-api"
|
||||
];
|
||||
port = 2333;
|
||||
openFirewall = true;
|
||||
|
||||
prometheus = {
|
||||
enable = true;
|
||||
port = 4212;
|
||||
listenAddress = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
}
|
43
hosts/pink/services/firewall.nix
Normal file
43
hosts/pink/services/firewall.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{ pkgs, config, ... }: {
|
||||
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowedTCPPorts = [
|
||||
22 #ssh
|
||||
|
||||
# pihole
|
||||
53
|
||||
1444
|
||||
|
||||
# prometheus
|
||||
9090
|
||||
8080
|
||||
|
||||
config.services.i2pd.port
|
||||
|
||||
8422 # csengoclient
|
||||
5333 # csengoserver
|
||||
5432
|
||||
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
22 # ssh
|
||||
|
||||
# pihole
|
||||
53
|
||||
1444
|
||||
|
||||
# prometheus
|
||||
9090
|
||||
8080
|
||||
|
||||
8422 # csengoclient
|
||||
5333 # csengoserver
|
||||
5432
|
||||
|
||||
config.services.i2pd.port
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
19
hosts/pink/services/hydra.nix
Normal file
19
hosts/pink/services/hydra.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ pkgs, config, ... }: {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
hydraURL = "https://hydra.${config.networking.domain}"; # externally visible URL
|
||||
notificationSender = "hydra@localhost"; #
|
||||
# a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
|
||||
buildMachinesFiles = [ ];
|
||||
# you will probably also want, otherwise *everything* will be built from scratch
|
||||
useSubstitutes = true;
|
||||
port = 6732;
|
||||
};
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ config.services.hydra.port ];
|
||||
allowedUDPPorts = [ config.services.hydra.port ];
|
||||
};
|
||||
|
||||
|
||||
}
|
35
hosts/pink/services/i2pd.nix
Normal file
35
hosts/pink/services/i2pd.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{ pkgs, lib, config, ... }: {
|
||||
|
||||
services.i2pd = {
|
||||
enable = false;
|
||||
port = 9732;
|
||||
enableIPv6 = true;
|
||||
floodfill = true;
|
||||
};
|
||||
|
||||
#i2pcontrol
|
||||
services.i2pd.proto.i2pControl = {
|
||||
enable = true;
|
||||
port = 7659;
|
||||
name = "i2pcontrol";
|
||||
address = "0.0.0.0";
|
||||
};
|
||||
|
||||
|
||||
services.i2pd.proto.http = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# todo proxy
|
||||
# todo privacy respecting services
|
||||
# todo reseed export
|
||||
# need to create a nginx proxy that proxies the reseed file
|
||||
|
||||
services.prometheus.exporters.i2pd = {
|
||||
enable = false;
|
||||
port = 3321;
|
||||
openFirewall = true;
|
||||
routerAddress = "https://127.0.0.1:${toString config.services.i2pd.proto.i2pControl.port}";
|
||||
routerPassword = "itoopie";
|
||||
};
|
||||
}
|
6
hosts/pink/services/monitoring/exporters/node.nix
Normal file
6
hosts/pink/services/monitoring/exporters/node.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 9001;
|
||||
};
|
||||
}
|
15
hosts/pink/services/monitoring/exporters/smartctl.nix
Normal file
15
hosts/pink/services/monitoring/exporters/smartctl.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ pkgs, ... }: {
|
||||
services.prometheus.exporters.smartctl = {
|
||||
enable = true;
|
||||
devices = [ "/dev/sda" ];
|
||||
};
|
||||
services.smartd = {
|
||||
enable = true;
|
||||
notifications.wall.enable = true;
|
||||
devices = [
|
||||
{
|
||||
device = "/dev/sda";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
29
hosts/pink/services/monitoring/grafana.nix
Normal file
29
hosts/pink/services/monitoring/grafana.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
grafanaPort = 3033;
|
||||
in
|
||||
{
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
http_port = grafanaPort;
|
||||
http_addr = "0.0.0.0";
|
||||
};
|
||||
provision = {
|
||||
enable = true;
|
||||
datasources.settings.datasources = [
|
||||
{
|
||||
name = "prometheus";
|
||||
type = "prometheus";
|
||||
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
||||
isDefault = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ grafanaPort ];
|
||||
allowedUDPPorts = [ grafanaPort ];
|
||||
};
|
||||
}
|
79
hosts/pink/services/monitoring/prometheus.nix
Normal file
79
hosts/pink/services/monitoring/prometheus.nix
Normal file
|
@ -0,0 +1,79 @@
|
|||
{ pkgs, config, ... }:
|
||||
|
||||
let
|
||||
|
||||
lime = "32.54.31.241";
|
||||
carbon = "32.54.31.180";
|
||||
in
|
||||
{
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "node";
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:9001" ];
|
||||
labels = { alias = "node.pink.local"; };
|
||||
}
|
||||
|
||||
{
|
||||
targets = [ "${carbon}:9001" ];
|
||||
labels = { alias = "node.carbon.local"; };
|
||||
}
|
||||
|
||||
{
|
||||
targets = [ "${lime}:9001" ];
|
||||
labels = { alias = "node.lime.local"; };
|
||||
}
|
||||
|
||||
{
|
||||
targets = [ "32.54.31.172:9001" ];
|
||||
labels = { alias = "node.strix.local"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "smartmontools";
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:9633" ];
|
||||
labels = { alias = "smartctl.pink.local"; };
|
||||
}
|
||||
{
|
||||
targets = [ "${lime}:9633" ];
|
||||
labels = { alias = "smartctl.lime.local"; };
|
||||
}
|
||||
{
|
||||
targets = [ "${carbon}:9633" ];
|
||||
labels = { alias = "smartctl.carbon.local"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "endlessh";
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:${toString config.services.endlessh-go.prometheus.port}" ];
|
||||
labels = { alias = "endlessh.pink.local"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "i2p";
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:${toString config.services.prometheus.exporters.i2pd.port}" ];
|
||||
labels = { alias = "i2pd.pink.local"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
62
root.nix
Normal file
62
root.nix
Normal file
|
@ -0,0 +1,62 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
home-manager.users.root = {
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
initExtra = ''
|
||||
PROMPT="[%M] %~ "
|
||||
'';
|
||||
antidote = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
"marlonrichert/zsh-autocomplete"
|
||||
"zsh-users/zsh-syntax-highlighting"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
home-manager.users.root.home.stateVersion = "23.11";
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Budapest";
|
||||
|
||||
# Select internationalisation properties.
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "hu_HU.UTF-8";
|
||||
LC_IDENTIFICATION = "hu_HU.UTF-8";
|
||||
LC_MEASUREMENT = "hu_HU.UTF-8";
|
||||
LC_MONETARY = "hu_HU.UTF-8";
|
||||
LC_NAME = "hu_HU.UTF-8";
|
||||
LC_NUMERIC = "hu_HU.UTF-8";
|
||||
LC_PAPER = "hu_HU.UTF-8";
|
||||
LC_TELEPHONE = "hu_HU.UTF-8";
|
||||
LC_TIME = "hu_HU.UTF-8";
|
||||
};
|
||||
|
||||
services.xserver = {
|
||||
layout = "us";
|
||||
};
|
||||
|
||||
users.users."root".openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2I8OcbOP85iszYjK12GrNJ5jTF4Kh3XHzALOr2Mk6Y5uCbOQOtsGq64rfm8lY+MPS6PGQlRy00UJUgbp6RV2rbOkBurUCJ4LkvMqukfU32H1IIe2h7fAdCMlBv5wNbtbX+Tx6LsRCvfivNmg/GJ+a4PsTm1TxzAFh2SPNu/iA44GPyho0rCtCKGgGsaux2vqI2PuGceXgHhjqdRw4lmmLeBuR/oWzOc6R27AcZtKRofeQS0bB8WdsWBLTFT37hqiWsIUEGNxPGP1D5diGhgZ9dNFPw5rH48j5VPwE72c2z+DQVdHdUYq23MCvy/6P98yvKUxLZFQuHaat0291cyOjVkaq3TBUPokeUi4JwGZCYs3081HQ/l7p1/3rMdB0DJS3SOlQ9k0ibHhZ/pG9n9CWVka8ImpSymdXcc1Vw5a/cN8rNynsju80ycast2RldY50lq1tnANqnR6T77arFtPMldnZrVt3jVlw6dQnhfZp+bbYSSF2+98pjtewvp/aMNqXpcTJz4+cgr3uopVwJ73qFgP4fgllhZdlW0ArpdzC4OEqbcpFCI+f3ThIafwQKpngYDonejz2dRz5VmQ8fy+zHvPu32XWnQfmMX8pZKAsHysewtDA+5CTBfWI5aZFQspdNkqRIKKzEMpxB4hWFH3HEoKjBo9NiS0ilaFyN//2lw== pear@rog-strix"
|
||||
];
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
allowSFTP = true;
|
||||
openFirewall = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
}
|
8
secrets/anonymousoverflow.age
Normal file
8
secrets/anonymousoverflow.age
Normal file
|
@ -0,0 +1,8 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 VxAJjg 7I7xNPaCZPE1JUdjgAWeSpLBiuCPcHOmEsYi10zClxY
|
||||
tHU+7llwklkoxrucgV2eOfG4gSGMaL2lJth3e+1Nkvg
|
||||
-> ssh-ed25519 pw11Hg NOFrYZt4SnJ8pcR4SvyoaRwQHY/CCnFiLBlDXjoN9iw
|
||||
ezmF8oYZTmGc5SULU/aImcAbpNMchXKIhzhPywi0+L0
|
||||
--- hp8XULTiIl3wXkiJHq63G45VnxBM4i88yVOz+SkUSFk
|
||||
6âzªõ
|
||||
¸“gÔyõ®zƒ<EFBFBD>ôJ»xÀ䙑I %÷ý§#ç™ò”×êó
6A1>§‹ûĽp8Ò™ ~ÿ‹š
|
3
secrets/carbon.nix
Normal file
3
secrets/carbon.nix
Normal file
|
@ -0,0 +1,3 @@
|
|||
{ pkgs, ... }: {
|
||||
age.secrets.forgejo-runner.file = ./forgejo-runner.age;
|
||||
}
|
7
secrets/forgejo-runner.age
Normal file
7
secrets/forgejo-runner.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 VxAJjg FCHQ8R8lunZeC1W5GgHRuXOzKebT3H7+WgmkfC1MhHI
|
||||
Yh11JHjmuMCNl4cGpJYgYEHxfGSPtCaE5WNvEldh+FE
|
||||
-> ssh-ed25519 pw11Hg bwbMaWmmWy5N9DlvWbLc8Np1ZsVyvFBFzKuc+AC46G0
|
||||
mMk+gUs+HDVF7Ud36JUZYrocc4rlDpjcmIlG6Zov34A
|
||||
--- G5mTwB+gZ3fJx1OyFbHnvYpYmjDJEAjKJAPd9LXBHHQ
|
||||
î`H@G—§}ʃ¸cÊó”ê>|€gãÐý”’@ò/9Òb°°
mMx,}¶»gE¾"ìw4§Jä³^«ù‡úž
|
5
secrets/lime.nix
Normal file
5
secrets/lime.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
age.secrets.porkbun.file = ./porkbun.age;
|
||||
age.secrets.porkbun-user.file = ./porkbun-user.age;
|
||||
}
|
7
secrets/porkbun-user.age
Normal file
7
secrets/porkbun-user.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 VxAJjg SAzffPLeKmWwiPBrxqb8b1lSjnvX0xXGoErceOwrfz8
|
||||
qOu9fsxq0yneo5Wx0S6sJriYl9I+0geuD85ZVK8LEUg
|
||||
-> ssh-ed25519 2+o3cg ODYd9WzF/r4ScnLNmnxne3NiuqlAQ4E3koozu4EKBQE
|
||||
iiLf5yuAnGDTSFXLTbxm0PsQQBjnoFPVS7rh9v91GzY
|
||||
--- BT5nFRlqsSubodxJI5M1+xE8yD/vzSHkvUTKhwOScWQ
|
||||
vá<EFBFBD>ˉôÀ©(1ÝOßþÉ¥vfÜ"(r<>Ÿ¸ï$5)Ћb;©t1†‹‹°
|
BIN
secrets/porkbun.age
Normal file
BIN
secrets/porkbun.age
Normal file
Binary file not shown.
18
secrets/secrets.nix
Normal file
18
secrets/secrets.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
let
|
||||
grape = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFJwT2EBbcTCeB9KJrAlsE15EwyldWCiGodjSLeJu6Cz grape@strix";
|
||||
users = [ grape ];
|
||||
|
||||
carbon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGgB3WAu0WWaRog795SwgM2vUXXB1/oosIhXRZ9kPZ+P";
|
||||
lime = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiO7+7mFkXQ5jYNSmGErC+C6js0CvSWw0Pe9NAtuL1W";
|
||||
systems = [ carbon ];
|
||||
in
|
||||
{
|
||||
"synapse.age".publicKeys = [ grape carbon ];
|
||||
"anonymousoverflow.age".publicKeys = [ grape carbon ];
|
||||
"forgejo-runner.age".publicKeys = [ grape carbon ];
|
||||
|
||||
"porkbun.age".publicKeys = [ grape lime ];
|
||||
"porkbun-user.age".publicKeys = [ grape lime ];
|
||||
|
||||
|
||||
}
|
7
secrets/synapse.age
Normal file
7
secrets/synapse.age
Normal file
|
@ -0,0 +1,7 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 VxAJjg rj/YumbJppvgqWezT5U/Mt8O8Pb7FyjHIB37akQZMGo
|
||||
PR+7pNN1bzh8X5DhDDgKNdyvsuysn5VAOkfvwy37j/Y
|
||||
-> ssh-ed25519 pw11Hg gKvZHPXnvV8hk3CByniFT4BpGsrUxK7hLBE2UAlwmlw
|
||||
oNKGVQwqKXLmA5gZudnuSCLPToC7gOL7lNu3DhW9bA8
|
||||
--- nUHssI5El0LVBdGhwFOFA/7kM3SmW76Rfg+rg0OAmHw
|
||||
y已刃ネqセ降包YWム$w]葫┰vOfX#トY愧!ハコ
|
Reference in a new issue