From 08c244ab7da1f853b227ee6f5ca7abae174e3e2f Mon Sep 17 00:00:00 2001 From: xqtc161 Date: Fri, 12 Apr 2024 12:03:38 +0200 Subject: [PATCH 1/2] add manga service --- hosts/x86_64-linux/beleth/calibre-web.nix | 10 +++++ hosts/x86_64-linux/beleth/default.nix | 52 ++++++---------------- hosts/x86_64-linux/beleth/lanrarari.nix | 4 ++ hosts/x86_64-linux/beleth/monitoring.nix | 2 +- hosts/x86_64-linux/beleth/transmission.nix | 6 +++ 5 files changed, 35 insertions(+), 39 deletions(-) create mode 100644 hosts/x86_64-linux/beleth/calibre-web.nix create mode 100644 hosts/x86_64-linux/beleth/lanrarari.nix create mode 100644 hosts/x86_64-linux/beleth/transmission.nix diff --git a/hosts/x86_64-linux/beleth/calibre-web.nix b/hosts/x86_64-linux/beleth/calibre-web.nix new file mode 100644 index 0000000..9b10a28 --- /dev/null +++ b/hosts/x86_64-linux/beleth/calibre-web.nix @@ -0,0 +1,10 @@ +{config, lib, ...}: +{ + services.calibre-web = { + enable = true; + options = { + enableBookUploading = true; + # calibreLibrary = "/home/xqtc/ebooks"; + }; + }; +} diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index 225a08d..4f1298c 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -10,46 +10,12 @@ with lib; { ./hardware-configuration.nix ./monitoring.nix ./jellyfin.nix + ./calibre-web.nix + ./transmission.nix + ./lanrarari.nix + ../../gc.nix ]; - # users.users.nginx.extraGroups = ["acme"]; - - # services.nginx = { - # enable = true; - # package = pkgs.nginxQuic; - # - # recommendedGzipSettings = true; - # recommendedOptimisation = true; - # recommendedProxySettings = true; - # recommendedTlsSettings = true; - # - # # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - # # sslProtocols = mkDefault "TLSv1.3"; - # - # clientMaxBodySize = mkDefault "128M"; - # commonHttpConfig = '' - # map $scheme $hsts_header { - # https "max-age=31536000; includeSubdomains; preload"; - # } - # add_header Strict-Transport-Security $hsts_header; - # add_header X-Content-Type-Options "nosniff" always; - # add_header X-XSS-Protection "1; mode=block" always; - # add_header X-Frame-Options "SAMEORIGIN" always; - # add_header Referrer-Policy "same-origin" always; - # ''; - # }; - # - # security.acme = { - # acceptTerms = true; - # defaults.email = "xqtc@tutanota.com"; - # defaults.keyType = "ec256"; - # # certs = { - # # # "heroin.trade" = {}; - # # "jellyfin.heroin.trade" = {}; - # # "grafana.heroin.trade" = {}; - # # }; - # }; - services.caddy = { enable = true; email = "xqtc@tutanota.com"; @@ -58,9 +24,16 @@ with lib; { root * /var/www/website/build/ file_server } + demos.heroin.trade { + root * /var/www/demos/ + file_server browse + } jellyfin.heroin.trade { reverse_proxy http://127.0.0.1:8096 } + calibre.heroin.trade { + reverse_proxy http://localhost:3000 + } grafana.heroin.trade { reverse_proxy http://127.0.0.1:2342 } @@ -121,6 +94,9 @@ with lib; { # Enable the OpenSSH daemon. services.openssh.enable = true; + services.resolved.enable = true; + services.mullvad-vpn.enable = true; + # Open ports in the firewall. networking.firewall.allowedTCPPorts = [22 80 443]; # networking.firewall.allowedUDPPorts = [443]; diff --git a/hosts/x86_64-linux/beleth/lanrarari.nix b/hosts/x86_64-linux/beleth/lanrarari.nix new file mode 100644 index 0000000..f412c5a --- /dev/null +++ b/hosts/x86_64-linux/beleth/lanrarari.nix @@ -0,0 +1,4 @@ +{config, pkgs, lib, ...}: +{ + services.lanraragi.enable = true; +} diff --git a/hosts/x86_64-linux/beleth/monitoring.nix b/hosts/x86_64-linux/beleth/monitoring.nix index 520d4bd..9b28cda 100644 --- a/hosts/x86_64-linux/beleth/monitoring.nix +++ b/hosts/x86_64-linux/beleth/monitoring.nix @@ -8,7 +8,7 @@ enable = true; port = 2342; addr = "127.0.0.1"; - domain = "grafan.heroin.trade"; + domain = "grafana.heroin.trade"; }; services.prometheus = { diff --git a/hosts/x86_64-linux/beleth/transmission.nix b/hosts/x86_64-linux/beleth/transmission.nix new file mode 100644 index 0000000..212cf79 --- /dev/null +++ b/hosts/x86_64-linux/beleth/transmission.nix @@ -0,0 +1,6 @@ +{config, lib, ...}: +{ + services.transmission = { + enable = true; + }; +} From 574494bf0c534a0e5acc7d7591e1857ffc9249db Mon Sep 17 00:00:00 2001 From: xqtc161 Date: Fri, 12 Apr 2024 12:50:19 +0200 Subject: [PATCH 2/2] Adds syncthing and some other stuff --- common/default.nix | 17 +++++---- common/syncthing.nix | 19 ++++++++++ home/modules/nixvim.nix | 2 +- home/modules/shell.nix | 2 +- hosts/x86_64-linux/beleth/calibre-web.nix | 5 ++- hosts/x86_64-linux/beleth/default.nix | 41 +++++++++++++--------- hosts/x86_64-linux/beleth/lanrarari.nix | 6 +++- hosts/x86_64-linux/beleth/transmission.nix | 5 ++- hosts/x86_64-linux/lilith/default.nix | 2 +- 9 files changed, 70 insertions(+), 29 deletions(-) create mode 100644 common/syncthing.nix diff --git a/common/default.nix b/common/default.nix index 927d8d9..0fb708b 100644 --- a/common/default.nix +++ b/common/default.nix @@ -5,14 +5,17 @@ pkgs, ... }: { + imports = [./syncthing.nix]; #nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"]; - networking.hosts = { - "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"]; - }; - environment.systemPackages = with pkgs; [ - xdg-desktop-portal-hyprland - xdg-desktop-portal - ]; + # networking.hosts = { + # "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"]; + # }; + # environment.systemPackages = with pkgs; [ + # xdg-desktop-portal-hyprland + # xdg-desktop-portal + # ]; + networking.firewall.allowedTCPPorts = [8384 22000]; + networking.firewall.allowedUDPPorts = [22000 21027]; nix.settings = { trusted-users = ["xqtc"]; substituters = [ diff --git a/common/syncthing.nix b/common/syncthing.nix new file mode 100644 index 0000000..c44cfc0 --- /dev/null +++ b/common/syncthing.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + inputs, + ... +}: { + services.syncthing = { + enable = true; + user = "xqtc"; + dataDir = "/home/xqtc/syncthing"; + configDir = "${config.services.syncthing.dataDir}/.config/syncthing"; + settings = { + gui = { + user = "xqtc"; + # insecureSkipHostcheck = true; + }; + }; + }; +} diff --git a/home/modules/nixvim.nix b/home/modules/nixvim.nix index 43630cc..f6c9e73 100644 --- a/home/modules/nixvim.nix +++ b/home/modules/nixvim.nix @@ -43,7 +43,7 @@ pylsp.enable = true; bashls.enable = true; lua-ls.enable = true; - gopls.enable = true; + gopls.enable = true; nushell.enable = true; clangd.enable = true; svelte.enable = true; diff --git a/home/modules/shell.nix b/home/modules/shell.nix index 47317d1..5adf0b8 100644 --- a/home/modules/shell.nix +++ b/home/modules/shell.nix @@ -16,7 +16,7 @@ shellAliases = {ls = "eza -l --icons --header --git --group-directories-first";}; extraConfig = "maxfetch"; configFile = { - text = builtins.readFile ../config-files/config.nu; + text = builtins.readFile ../config-files/config.nu; }; }; carapace.enable = true; diff --git a/hosts/x86_64-linux/beleth/calibre-web.nix b/hosts/x86_64-linux/beleth/calibre-web.nix index 9b10a28..812e81e 100644 --- a/hosts/x86_64-linux/beleth/calibre-web.nix +++ b/hosts/x86_64-linux/beleth/calibre-web.nix @@ -1,5 +1,8 @@ -{config, lib, ...}: { + config, + lib, + ... +}: { services.calibre-web = { enable = true; options = { diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index 4f1298c..35dac51 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -14,32 +14,40 @@ with lib; { ./transmission.nix ./lanrarari.nix ../../gc.nix + ../../../common ]; services.caddy = { enable = true; email = "xqtc@tutanota.com"; configFile = pkgs.writeText "Caddyfile" '' - heroin.trade { - root * /var/www/website/build/ - file_server - } - demos.heroin.trade { - root * /var/www/demos/ - file_server browse - } - jellyfin.heroin.trade { - reverse_proxy http://127.0.0.1:8096 - } - calibre.heroin.trade { - reverse_proxy http://localhost:3000 - } - grafana.heroin.trade { - reverse_proxy http://127.0.0.1:2342 + heroin.trade { + root * /var/www/website/build/ + file_server + } + syncthing.heroin.trade { + reverse_proxy http://localhost:8384 { + header_up Some-Header "localhost" } + } + demos.heroin.trade { + root * /var/www/demos/ + file_server browse + } + jellyfin.heroin.trade { + reverse_proxy http://127.0.0.1:8096 + } + calibre.heroin.trade { + reverse_proxy http://localhost:3000 + } + grafana.heroin.trade { + reverse_proxy http://127.0.0.1:2342 + } ''; }; + services.syncthing.settings.gui.insecureSkipHostcheck = true; + nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings = { @@ -69,6 +77,7 @@ with lib; { ]; openssh.authorizedKeys.keys = [ # TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith" diff --git a/hosts/x86_64-linux/beleth/lanrarari.nix b/hosts/x86_64-linux/beleth/lanrarari.nix index f412c5a..b19b1b6 100644 --- a/hosts/x86_64-linux/beleth/lanrarari.nix +++ b/hosts/x86_64-linux/beleth/lanrarari.nix @@ -1,4 +1,8 @@ -{config, pkgs, lib, ...}: { + config, + pkgs, + lib, + ... +}: { services.lanraragi.enable = true; } diff --git a/hosts/x86_64-linux/beleth/transmission.nix b/hosts/x86_64-linux/beleth/transmission.nix index 212cf79..34f4c24 100644 --- a/hosts/x86_64-linux/beleth/transmission.nix +++ b/hosts/x86_64-linux/beleth/transmission.nix @@ -1,5 +1,8 @@ -{config, lib, ...}: { + config, + lib, + ... +}: { services.transmission = { enable = true; }; diff --git a/hosts/x86_64-linux/lilith/default.nix b/hosts/x86_64-linux/lilith/default.nix index 366d254..82ebc31 100644 --- a/hosts/x86_64-linux/lilith/default.nix +++ b/hosts/x86_64-linux/lilith/default.nix @@ -200,7 +200,7 @@ # Open ports in the firewall. networking.firewall.allowedTCPPorts = [22 2234 8080 5173]; - networking.firewall.allowedUDPPorts = [ 2234 ]; + networking.firewall.allowedUDPPorts = [2234]; # Or disable the firewall altogether. # networking.firewall.enable = false;