zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:64dd1c28c3e78d6687ccd51c51be41e1e8647110
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
...
compare: zuckerberg:065830ac0de72088652bb274045ef16581936933
Branches Tags
zuckerberg:stage
zuckerberg:master
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

7 Commits
64dd1c28c3 ... 065830ac0d

Author SHA1 Message Date
zuckerberg
065830ac0d use mainline nixpkgs 2022-03-07 23:54:02 -05:00
zuckerberg
7a08a607e4 cleanup config imports 2022-03-07 23:53:14 -05:00
zuckerberg
50ea80ad32 helios64 working 2022-03-07 23:51:10 -05:00
zuckerberg
6bd288a97d reinstall ray 2022-03-07 23:50:39 -05:00
zuckerberg
ee86a616a9 tmp file serve 2022-03-07 23:49:39 -05:00
zuckerberg
48c2917d5b Update ssh keys 2022-03-07 23:48:55 -05:00
zuckerberg
d6c23d2bc4 Remove mitty 2022-03-07 23:47:46 -05:00
14 changed files with 103 additions and 211 deletions
Show Stats Expand all files Collapse all files

2
common/auto-update.nix
View File

@ -1,6 +1,6 @@
{ config, lib, ... }:
# Modify auto-update so that it pulls a flake and much
# Modify auto-update so that it pulls a flake
let
cfg = config.system.autoUpgrade;

10
common/boot/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ lib, config, pkgs, ... }:
{
imports = [
./firmware.nix
./efi.nix
./bios.nix
./luks.nix
];
}

21
common/common.nix → common/default.nix
View File

@ -6,22 +6,9 @@
./pia.nix
./zerotier.nix
./auto-update.nix
./boot/firmware.nix
./boot/efi.nix
./boot/bios.nix
./boot/luks.nix
./server/nginx.nix
./server/thelounge.nix
./server/mumble.nix
./server/icecast.nix
./server/nginx-stream.nix
./server/matrix.nix
./server/zerobin.nix
./server/gitea.nix
./server/privatebin/privatebin.nix
./server/drastikbot.nix
./server/radio.nix
./pc/de.nix
./boot
./server
./pc
];
system.stateVersion = "20.09";
@ -48,4 +35,6 @@
hashedPassword = "$6$TuDO46rILr$gkPUuLKZe3psexhs8WFZMpzgEBGksE.c3Tjh1f8sD0KMC4oV89K2pqAABfl.Lpxu2jVdr5bgvR5cWnZRnji/r/";
};
nix.trustedUsers = [ "root" "googlebot" ];
nix.gc.automatic = true;
}

0
common/pc/de.nix → common/pc/default.nix
View File

17
common/server/default.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports = [
./nginx.nix
./thelounge.nix
./mumble.nix
./icecast.nix
./nginx-stream.nix
./matrix.nix
./zerobin.nix
./gitea.nix
./privatebin/privatebin.nix
./drastikbot.nix
./radio.nix
];
}

54
common/ssh.nix
View File

@ -4,12 +4,58 @@ rec {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0dcqL/FhHmv+a1iz3f9LJ48xubO7MZHy35rW9SZOYM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0VFnn3+Mh0nWeN92jov81qNE9fpzTAHYBphNoY7HUx" # reg
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHSkKiRUUmnErOKGx81nyge/9KqjkPh8BfDk0D3oP586" # nat
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPiDbsEB1HXvPDlASKwZxNoQabxikCa8ptvqdqROD1WG" # ray
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeTK1iARlNIKP/DS8/ObBm9yUM/3L1Ub4XI5A2r9OzP" # ray
];
system = {
liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl";
mitty = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE2oSon3hKFqdDbfWXjc72trCWsdi16eEppeXkKRTEn";
ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKboRF1Nz/bTPs4VB2QcTAIvWER0nlp6E/iG6/B1IzwF";
ray = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQM8hwKRgl8cZj7UVYATSLYu4LhG7I0WFJ9m2iWowiB";
s0 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4xi9PqTvcA/XB+gTwjFXk+f3sycGSFoioO3e8yDy7H";
n1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWlhd1Oid5Xf2zdcBrcdrR0TlhObutwcJ8piobRTpRt";
n2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ7bRiRutnI7Bmyt/I238E3Fp5DqiClIXiVibsccipOr";
n3 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+rJEaRrFDGirQC2UoWQkmpzLg4qgTjGJgVqiipWiU5";
n4 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYm2ROIfCeGz6QtDwqAmcj2DX9tq2CZn0eLhskdvB4Z";
n5 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5Qhvwq3PiHEKf+2/4w5ZJkSMNzFLhIRrPOR98m7wW4";
n6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/P/pa9+qhKAPfvvd8xSO2komJqDW0M1nCK7ZrP6PO7";
n7 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPtOlOvTlMX2mxPaXDJ6VlMe5rmroUXpKmJVNxgV32xL";
};
systems = [ system.liza system.mitty system.ray ];
# groups
systems = with system; [
liza
ray
s0
n1
n2
n3
n4
n5
n6
n7
];
personal = with system; [
ray
];
servers = with system; [
liza
s0
n1
n2
n3
n4
n5
n6
n7
];
compute = with system; [
n1
n2
n3
n4
n5
n6
n7
];
storage = with system; [
s0
];
}

9
flake.nix
View File

@ -1,8 +1,7 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-peertube.url = "github:GoogleBot42/nixpkgs/add-peertube-service";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.05";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11";
agenix.url = "github:ryantm/agenix";
# radio
@ -24,13 +23,12 @@
nixosConfigurations =
let
nixpkgs = inputs.nixpkgs;
nixpkgs-peertube = inputs.nixpkgs-peertube;
mkSystem = system: nixpkgs: path:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
path
./common/common.nix
./common
inputs.simple-nixos-mailserver.nixosModule
inputs.agenix.nixosModules.age
({ lib, ... }: {
@ -48,9 +46,8 @@
"reg" = mkSystem "x86_64-linux" nixpkgs ./machines/reg/configuration.nix;
"ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix;
"nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix;
"mitty" = mkSystem "x86_64-linux" nixpkgs ./machines/mitty/configuration.nix;
"neetdev" = mkSystem "x86_64-linux" nixpkgs ./machines/neet.dev/configuration.nix;
"liza" = mkSystem "x86_64-linux" nixpkgs-peertube ./machines/liza/configuration.nix;
"liza" = mkSystem "x86_64-linux" nixpkgs ./machines/liza/configuration.nix;
"s0" = mkSystem "aarch64-linux" nixpkgs ./machines/storage/s0/configuration.nix;
"n1" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n1/configuration.nix;
"n2" = mkSystem "aarch64-linux" nixpkgs ./machines/compute/n2/configuration.nix;

6
machines/liza/configuration.nix
View File

@ -219,6 +219,12 @@ in {
};
};
services.nginx.virtualHosts."tmp.neet.dev" = {
enableACME = true;
forceSSL = true;
root = "/var/www/tmp";
};
mailserver = {
enable = true;
fqdn = "mail.neet.dev";

130
machines/mitty/configuration.nix
View File

@ -1,130 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =[
./hardware-configuration.nix
];
# cuxhh3ei2djpgf2zdkboceuhaxavgr3ipu3d7a2swx4giy2wosfxspyd.onion
nix.flakes.enable = true;
firmware.x86_64.enable = true;
bios = {
enable = true;
device = "/dev/vda";
};
luks = {
enable = true;
device.path = "/dev/disk/by-uuid/6dcf23ea-cb5e-4329-a88b-832209918c40";
};
networking.hostName = "mitty";
networking.interfaces.ens3.useDHCP = true;
services.nginx.enable = true;
containers.jellyfin = {
ephemeral = true;
autoStart = true;
bindMounts = {
"/var/lib" = {
hostPath = "/var/lib/";
isReadOnly = false;
};
};
bindMounts = {
"/run/secrets" = {
hostPath = "/run/secrets";
isReadOnly = true;
};
};
enableTun = true;
privateNetwork = true;
hostAddress = "172.16.100.1";
localAddress = "172.16.100.2";
config = {
imports = [
../../common/common.nix
config.inputs.agenix.nixosModules.age
];
# because nixos specialArgs doesn't work for containers... need to pass in inputs a different way
options.inputs = lib.mkOption { default = config.inputs; };
options.currentSystem = lib.mkOption { default = config.currentSystem; };
config = {
pia.enable = true;
nixpkgs.pkgs = pkgs;
services.radarr.enable = true;
services.radarr.openFirewall = true;
services.bazarr.enable = true;
services.bazarr.openFirewall = true;
services.sonarr.enable = true;
services.sonarr.openFirewall = true;
services.jackett.enable = true;
services.jackett.openFirewall = true;
services.jellyfin.enable = true;
services.jellyfin.openFirewall = true;
services.deluge.enable = true;
services.deluge.web.enable = true;
services.deluge.web.openFirewall = true;
};
};
};
services.nginx.virtualHosts."radarr.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:7878";
};
};
services.nginx.virtualHosts."sonarr.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:8989";
};
};
services.nginx.virtualHosts."bazarr.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:6767";
};
};
services.nginx.virtualHosts."jellyfin.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:8096";
};
};
services.nginx.virtualHosts."deluge.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:8112";
};
};
services.nginx.virtualHosts."jackett.neet.cloud" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://172.16.100.2:9117";
};
};
# load the secret on behalf of the container
age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf;
networking.nat.enable = true;
networking.nat.internalInterfaces = [ "ve-jellyfin" ];
networking.nat.externalInterface = "ens3";
security.acme.acceptTerms = true;
security.acme.email = "letsencrypt+5@tar.ninja";
}

37
machines/mitty/hardware-configuration.nix
View File

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/vg-root";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/mapper/vg-root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/78f9b9a3-40f6-4c6c-a599-5d5067ffa214";
fsType = "ext3";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/26252a81-8a98-45d0-8507-494ecb3901e7"; }
];
}

7
machines/ray/configuration.nix
View File

@ -24,7 +24,7 @@ in
efi.enable = true;
boot.initrd.luks.devices."enc-pv" = {
device = "/dev/disk/by-uuid/d71ebe1f-7c49-454d-b28b-1dc54cf280e5";
device = "/dev/disk/by-uuid/c1822e5f-4137-44e1-885f-954e926583ce";
allowDiscards = true;
};
@ -32,11 +32,6 @@ in
hardware.enableAllFirmware = true;
boot.blacklistedKernelModules = [ "btusb" ];
# fix backlight
boot.kernelParams = [ "amdgpu.backlight=0" ];
# newer kernel for wifi
boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_15;

10
machines/ray/hardware-configuration.nix
View File

@ -14,26 +14,28 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4ba62b93-d30e-4638-b68f-c830e6edde48";
{ device = "/dev/vg/root";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/4ba62b93-d30e-4638-b68f-c830e6edde48";
{ device = "/dev/vg/root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4CD3-6ED6";
{ device = "/dev/disk/by-uuid/2C85-2B59";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/2aee96fd-5132-480f-a798-c6b87be2ffd9"; }
[ { device = "/dev/vg/swap"; }
];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

7
machines/storage/s0/configuration.nix
View File

@ -12,13 +12,10 @@
networking.hostName = "s0";
luks = {
enable = true;
device = {
path = "/dev/disk/by-uuid/96b216e1-071b-4c02-899e-29e2eeced7a8";
boot.initrd.luks.devices."enc-pv" = {
device = "/dev/disk/by-uuid/96b216e1-071b-4c02-899e-29e2eeced7a8";
allowDiscards = true;
};
};
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;

2
machines/storage/s0/hardware-configuration.nix
View File

@ -31,7 +31,7 @@
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c7156f71-68f3-4f7a-bec0-06bdfa63f6c0"; }
[ { device = "/dev/mapper/vg-swap"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";