mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-22 16:10:32 +01:00
Merge branch 'main' of git.sr.ht:~xqtc/nixos-config
This commit is contained in:
commit
4de67aab2c
|
@ -5,14 +5,17 @@
|
|||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [./syncthing.nix];
|
||||
#nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"];
|
||||
networking.hosts = {
|
||||
"192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
xdg-desktop-portal-hyprland
|
||||
xdg-desktop-portal
|
||||
];
|
||||
# networking.hosts = {
|
||||
# "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
|
||||
# };
|
||||
# environment.systemPackages = with pkgs; [
|
||||
# xdg-desktop-portal-hyprland
|
||||
# xdg-desktop-portal
|
||||
# ];
|
||||
networking.firewall.allowedTCPPorts = [8384 22000];
|
||||
networking.firewall.allowedUDPPorts = [22000 21027];
|
||||
nix.settings = {
|
||||
trusted-users = ["xqtc"];
|
||||
substituters = [
|
||||
|
|
19
common/syncthing.nix
Normal file
19
common/syncthing.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
user = "xqtc";
|
||||
dataDir = "/home/xqtc/syncthing";
|
||||
configDir = "${config.services.syncthing.dataDir}/.config/syncthing";
|
||||
settings = {
|
||||
gui = {
|
||||
user = "xqtc";
|
||||
# insecureSkipHostcheck = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
13
hosts/x86_64-linux/beleth/calibre-web.nix
Normal file
13
hosts/x86_64-linux/beleth/calibre-web.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.calibre-web = {
|
||||
enable = true;
|
||||
options = {
|
||||
enableBookUploading = true;
|
||||
# calibreLibrary = "/home/xqtc/ebooks";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -10,46 +10,13 @@ with lib; {
|
|||
./hardware-configuration.nix
|
||||
./monitoring.nix
|
||||
./jellyfin.nix
|
||||
./calibre-web.nix
|
||||
./transmission.nix
|
||||
./lanrarari.nix
|
||||
../../gc.nix
|
||||
../../../common
|
||||
];
|
||||
|
||||
# users.users.nginx.extraGroups = ["acme"];
|
||||
|
||||
# services.nginx = {
|
||||
# enable = true;
|
||||
# package = pkgs.nginxQuic;
|
||||
#
|
||||
# recommendedGzipSettings = true;
|
||||
# recommendedOptimisation = true;
|
||||
# recommendedProxySettings = true;
|
||||
# recommendedTlsSettings = true;
|
||||
#
|
||||
# # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||||
# # sslProtocols = mkDefault "TLSv1.3";
|
||||
#
|
||||
# clientMaxBodySize = mkDefault "128M";
|
||||
# commonHttpConfig = ''
|
||||
# map $scheme $hsts_header {
|
||||
# https "max-age=31536000; includeSubdomains; preload";
|
||||
# }
|
||||
# add_header Strict-Transport-Security $hsts_header;
|
||||
# add_header X-Content-Type-Options "nosniff" always;
|
||||
# add_header X-XSS-Protection "1; mode=block" always;
|
||||
# add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
# add_header Referrer-Policy "same-origin" always;
|
||||
# '';
|
||||
# };
|
||||
#
|
||||
# security.acme = {
|
||||
# acceptTerms = true;
|
||||
# defaults.email = "xqtc@tutanota.com";
|
||||
# defaults.keyType = "ec256";
|
||||
# # certs = {
|
||||
# # # "heroin.trade" = {};
|
||||
# # "jellyfin.heroin.trade" = {};
|
||||
# # "grafana.heroin.trade" = {};
|
||||
# # };
|
||||
# };
|
||||
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
email = "xqtc@tutanota.com";
|
||||
|
@ -58,15 +25,29 @@ with lib; {
|
|||
root * /var/www/website/build/
|
||||
file_server
|
||||
}
|
||||
syncthing.heroin.trade {
|
||||
reverse_proxy http://localhost:8384 {
|
||||
header_up Some-Header "localhost"
|
||||
}
|
||||
}
|
||||
demos.heroin.trade {
|
||||
root * /var/www/demos/
|
||||
file_server browse
|
||||
}
|
||||
jellyfin.heroin.trade {
|
||||
reverse_proxy http://127.0.0.1:8096
|
||||
}
|
||||
calibre.heroin.trade {
|
||||
reverse_proxy http://localhost:3000
|
||||
}
|
||||
grafana.heroin.trade {
|
||||
reverse_proxy http://127.0.0.1:2342
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.syncthing.settings.gui.insecureSkipHostcheck = true;
|
||||
|
||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
||||
|
||||
nix.settings = {
|
||||
|
@ -96,6 +77,7 @@ with lib; {
|
|||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
# TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith"
|
||||
|
@ -121,6 +103,9 @@ with lib; {
|
|||
# Enable the OpenSSH daemon.
|
||||
services.openssh.enable = true;
|
||||
|
||||
services.resolved.enable = true;
|
||||
services.mullvad-vpn.enable = true;
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall.allowedTCPPorts = [22 80 443];
|
||||
# networking.firewall.allowedUDPPorts = [443];
|
||||
|
|
8
hosts/x86_64-linux/beleth/lanrarari.nix
Normal file
8
hosts/x86_64-linux/beleth/lanrarari.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.lanraragi.enable = true;
|
||||
}
|
|
@ -8,7 +8,7 @@
|
|||
enable = true;
|
||||
port = 2342;
|
||||
addr = "127.0.0.1";
|
||||
domain = "grafan.heroin.trade";
|
||||
domain = "grafana.heroin.trade";
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
|
|
9
hosts/x86_64-linux/beleth/transmission.nix
Normal file
9
hosts/x86_64-linux/beleth/transmission.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue