Merge branch 'main' of git.sr.ht:~xqtc/nixos-config

common/default.nix

@@ -5,14 +5,17 @@
   pkgs,
   ...
 }: {
+  imports = [./syncthing.nix];
   #nixpkgs.config.permittedInsecurePackages = ["electron-25.9.0" "electron-24.8.6"];
-  networking.hosts = {
-    "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
-  };
-  environment.systemPackages = with pkgs; [
-    xdg-desktop-portal-hyprland
-    xdg-desktop-portal
-  ];
+  # networking.hosts = {
+  #   "192.168.178.35" = ["jellyfin.fritz.box" "grafana.fritz.box"];
+  # };
+  # environment.systemPackages = with pkgs; [
+  #   xdg-desktop-portal-hyprland
+  #   xdg-desktop-portal
+  # ];
+  networking.firewall.allowedTCPPorts = [8384 22000];
+  networking.firewall.allowedUDPPorts = [22000 21027];
   nix.settings = {
     trusted-users = ["xqtc"];
     substituters = [

common/syncthing.nix

@@ -0,0 +1,19 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+  services.syncthing = {
+    enable = true;
+    user = "xqtc";
+    dataDir = "/home/xqtc/syncthing";
+    configDir = "${config.services.syncthing.dataDir}/.config/syncthing";
+    settings = {
+      gui = {
+	user = "xqtc";
+	# insecureSkipHostcheck = true;
+      };
+    };
+  };
+}

hosts/x86_64-linux/beleth/calibre-web.nix

@@ -0,0 +1,13 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services.calibre-web = {
+    enable = true;
+    options = {
+      enableBookUploading = true;
+      # calibreLibrary = "/home/xqtc/ebooks";
+    };
+  };
+}

hosts/x86_64-linux/beleth/default.nix

@@ -10,46 +10,13 @@ with lib; {
     ./hardware-configuration.nix
     ./monitoring.nix
     ./jellyfin.nix
+    ./calibre-web.nix
+    ./transmission.nix
+    ./lanrarari.nix
+    ../../gc.nix
+    ../../../common
   ];
 
-  # users.users.nginx.extraGroups = ["acme"];
-
-  # services.nginx = {
-  #   enable = true;
-  #   package = pkgs.nginxQuic;
-  #
-  #   recommendedGzipSettings = true;
-  #   recommendedOptimisation = true;
-  #   recommendedProxySettings = true;
-  #   recommendedTlsSettings = true;
-  #
-  #   # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
-  #   # sslProtocols = mkDefault "TLSv1.3";
-  #
-  #   clientMaxBodySize = mkDefault "128M";
-  #   commonHttpConfig = ''
-  #     map $scheme $hsts_header {
-  #       https   "max-age=31536000; includeSubdomains; preload";
-  #     }
-  #     add_header Strict-Transport-Security 	$hsts_header;
-  #     add_header X-Content-Type-Options 	  "nosniff" always;
-  #     add_header X-XSS-Protection 		      "1; mode=block" always;
-  #     add_header X-Frame-Options 		        "SAMEORIGIN" always;
-  #     add_header Referrer-Policy 		        "same-origin" always;
-  #   '';
-  # };
-  #
-  # security.acme = {
-  #   acceptTerms = true;
-  #   defaults.email = "xqtc@tutanota.com";
-  #   defaults.keyType = "ec256";
-  #   #    certs = {
-  #   #      # "heroin.trade" = {};
-  #   #      "jellyfin.heroin.trade" = {};
-  #   #      "grafana.heroin.trade" = {};
-  #   #    };
-  # };
-
   services.caddy = {
     enable = true;
     email = "xqtc@tutanota.com";
@@ -58,15 +25,29 @@ with lib; {
            	root * /var/www/website/build/
            	file_server
            }
+           syncthing.heroin.trade {
+      reverse_proxy http://localhost:8384 {
+	header_up Some-Header "localhost"
+      }
+           }
+           demos.heroin.trade {
+      root * /var/www/demos/
+      file_server browse
+           }
            jellyfin.heroin.trade {
            	reverse_proxy http://127.0.0.1:8096
            }
+           calibre.heroin.trade {
+      reverse_proxy http://localhost:3000
+           }
            grafana.heroin.trade {
       reverse_proxy http://127.0.0.1:2342
            }
     '';
   };
 
+  services.syncthing.settings.gui.insecureSkipHostcheck = true;
+
   nix.settings.experimental-features = ["nix-command" "flakes"];
 
   nix.settings = {
@@ -96,6 +77,7 @@ with lib; {
     ];
     openssh.authorizedKeys.keys = [
       # TODO: Add remaining keys from https://meta.sr.ht/~xqrc.keys
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTLJqIVwnqFO64rnc66d234TFOdFXpDS9fJUA4/f4in xqtc@alastor"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7UkcmSVo+SeB5Obevz3mf3UHruYxn0UHUzoOs2gDBy xqtc@asmodeus"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPf3w5bHAssHthg9SPXVpG4w9v8m16X/0J3bjg08P6EA xqtc@seraphim"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYa+LoHGGvu12iBufUcr3GD8tsq4LuJdwLjaDkTr0SL xqtc@lilith"
@@ -121,6 +103,9 @@ with lib; {
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
+  services.resolved.enable = true;
+  services.mullvad-vpn.enable = true;
+
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [22 80 443];
   # networking.firewall.allowedUDPPorts = [443];

hosts/x86_64-linux/beleth/lanrarari.nix

@@ -0,0 +1,8 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  services.lanraragi.enable = true;
+}

hosts/x86_64-linux/beleth/monitoring.nix

@@ -8,7 +8,7 @@
     enable = true;
     port = 2342;
     addr = "127.0.0.1";
-    domain = "grafan.heroin.trade";
+    domain = "grafana.heroin.trade";
   };
 
   services.prometheus = {

hosts/x86_64-linux/beleth/transmission.nix

@@ -0,0 +1,9 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  services.transmission = {
+    enable = true;
+  };
+}

hosts/x86_64-linux/lilith/default.nix

@@ -200,7 +200,7 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [22 2234 8080 5173];
-  networking.firewall.allowedUDPPorts = [ 2234 ];
+  networking.firewall.allowedUDPPorts = [2234];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;