Merge branch 'main' of git.sr.ht:~xqtc/nixos-config

This commit is contained in:
xqtc161 2024-04-12 12:50:56 +02:00
commit 4de67aab2c
10 changed files with 95 additions and 58 deletions

View file

@ -5,14 +5,17 @@
pkgs,
...
}: {
imports = [./syncthing.nix];
#nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"];
networking.hosts = {
"192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
};
environment.systemPackages = with pkgs; [
xdg-desktop-portal-hyprland
xdg-desktop-portal
];
# networking.hosts = {
# "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
# };
# environment.systemPackages = with pkgs; [
# xdg-desktop-portal-hyprland
# xdg-desktop-portal
# ];
networking.firewall.allowedTCPPorts = [8384 22000];
networking.firewall.allowedUDPPorts = [22000 21027];
nix.settings = {
trusted-users = ["xqtc"];
substituters = [

19
common/syncthing.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
inputs,
...
}: {
services.syncthing = {
enable = true;
user = "xqtc";
dataDir = "/home/xqtc/syncthing";
configDir = "${config.services.syncthing.dataDir}/.config/syncthing";
settings = {
gui = {
user = "xqtc";
# insecureSkipHostcheck = true;
};
};
};
}

View file

@ -0,0 +1,13 @@
{
config,
lib,
...
}: {
services.calibre-web = {
enable = true;
options = {
enableBookUploading = true;
# calibreLibrary = "/home/xqtc/ebooks";
};
};
}

View file

@ -10,46 +10,13 @@ with lib; {
./hardware-configuration.nix
./monitoring.nix
./jellyfin.nix
./calibre-web.nix
./transmission.nix
./lanrarari.nix
../../gc.nix
../../../common
];
# users.users.nginx.extraGroups = ["acme"];
# services.nginx = {
# enable = true;
# package = pkgs.nginxQuic;
#
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# recommendedProxySettings = true;
# recommendedTlsSettings = true;
#
# # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# # sslProtocols = mkDefault "TLSv1.3";
#
# clientMaxBodySize = mkDefault "128M";
# commonHttpConfig = ''
# map $scheme $hsts_header {
# https "max-age=31536000; includeSubdomains; preload";
# }
# add_header Strict-Transport-Security $hsts_header;
# add_header X-Content-Type-Options "nosniff" always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header X-Frame-Options "SAMEORIGIN" always;
# add_header Referrer-Policy "same-origin" always;
# '';
# };
#
# security.acme = {
# acceptTerms = true;
# defaults.email = "xqtc@tutanota.com";
# defaults.keyType = "ec256";
# # certs = {
# # # "heroin.trade" = {};
# # "jellyfin.heroin.trade" = {};
# # "grafana.heroin.trade" = {};
# # };
# };
services.caddy = {
enable = true;
email = "xqtc@tutanota.com";
@ -58,15 +25,29 @@ with lib; {
root * /var/www/website/build/
file_server
}
syncthing.heroin.trade {
reverse_proxy http://localhost:8384 {
header_up Some-Header "localhost"
}
}
demos.heroin.trade {
root * /var/www/demos/
file_server browse
}
jellyfin.heroin.trade {
reverse_proxy http://127.0.0.1:8096
}
calibre.heroin.trade {
reverse_proxy http://localhost:3000
}
grafana.heroin.trade {
reverse_proxy http://127.0.0.1:2342
}
'';
};
services.syncthing.settings.gui.insecureSkipHostcheck = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings = {
@ -96,6 +77,7 @@ with lib; {
];
openssh.authorizedKeys.keys = [
# TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith"
@ -121,6 +103,9 @@ with lib; {
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.resolved.enable = true;
services.mullvad-vpn.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 80 443];
# networking.firewall.allowedUDPPorts = [443];

View file

@ -0,0 +1,8 @@
{
config,
pkgs,
lib,
...
}: {
services.lanraragi.enable = true;
}

View file

@ -8,7 +8,7 @@
enable = true;
port = 2342;
addr = "127.0.0.1";
domain = "grafan.heroin.trade";
domain = "grafana.heroin.trade";
};
services.prometheus = {

View file

@ -0,0 +1,9 @@
{
config,
lib,
...
}: {
services.transmission = {
enable = true;
};
}