zuckerberg/nix-config
zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Compare commits

base: zuckerberg:c4847bd39b8977fee46e4f32a2a9b1b5851a0156
Branches Tags
zuckerberg:master
zuckerberg:stage
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client
..
compare: zuckerberg:4890dc20e0eb91c1b1f78b640558dc952dd46f56
Branches Tags
zuckerberg:stage
zuckerberg:master
zuckerberg:rpi-hotspot
zuckerberg:attic
zuckerberg:kexec_luks2
zuckerberg:pia-client

No commits in common. "c4847bd39b8977fee46e4f32a2a9b1b5851a0156" and "4890dc20e0eb91c1b1f78b640558dc952dd46f56" have entirely different histories.
c4847bd39b ... 4890dc20e0

8 changed files with 26 additions and 375 deletions
Show Stats Expand all files Collapse all files

2
common/boot/remote-luks-unlock.nix
View File

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
# TODO: use tailscale instead of tor https://gist.github.com/antifuchs/e30d58a64988907f282c82231dde2cbc
let let
cfg = config.remoteLuksUnlock; cfg = config.remoteLuksUnlock;
in in

4
common/pc/mount-samba.nix
View File

@ -13,8 +13,6 @@ let
auth_opts = "sec=ntlmv2i,credentials=/run/agenix/smb-secrets"; auth_opts = "sec=ntlmv2i,credentials=/run/agenix/smb-secrets";
version_opts = "vers=3.1.1"; version_opts = "vers=3.1.1";
public_user_opts = "gid=${toString config.users.groups.users.gid}";
opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}"; opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}";
in in
{ {
@ -26,7 +24,7 @@ in
fileSystems."/mnt/public" = { fileSystems."/mnt/public" = {
device = "//s0.koi-bebop.ts.net/public"; device = "//s0.koi-bebop.ts.net/public";
fsType = "cifs"; fsType = "cifs";
options = [ "${opts},${public_user_opts}" ]; options = [ opts ];
}; };
fileSystems."/mnt/private" = { fileSystems."/mnt/private" = {

53
common/server/dashy.nix
View File

@ -1,53 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.dashy;
in
{
options.services.dashy = {
enable = mkEnableOption "dashy";
imageTag = mkOption {
type = types.str;
default = "latest";
};
port = mkOption {
type = types.int;
default = 56815;
};
configFile = lib.mkOption {
type = lib.types.path;
description = "Path to the YAML configuration file";
};
};
config = mkIf cfg.enable {
virtualisation.oci-containers.containers = {
dashy = {
image = "lissy93/dashy:${cfg.imageTag}";
environment = {
TZ = "${config.time.timeZone}";
};
ports = [
"127.0.0.1:${toString cfg.port}:80"
];
volumes = [
"${cfg.configFile}:/app/public/conf.yml"
];
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."s0.koi-bebop.ts.net" = {
default = true;
addSSL = true;
serverAliases = [ "s0" ];
sslCertificate = "/secret/ssl/s0.koi-bebop.ts.net.crt";
sslCertificateKey = "/secret/ssl/s0.koi-bebop.ts.net.key";
locations."/" = {
proxyPass = "http://localhost:${toString cfg.port}";
};
};
};
}

1
common/server/default.nix
View File

@ -19,6 +19,5 @@
./iodine.nix ./iodine.nix
./searx.nix ./searx.nix
./gitea-actions-runner.nix ./gitea-actions-runner.nix
./dashy.nix
]; ];
} }

4
machines/ray/default.nix
View File

@ -40,7 +40,7 @@
programs.dconf.enable = true; programs.dconf.enable = true;
virtualisation.spiceUSBRedirection.enable = true; virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [ virt-manager ]; environment.systemPackages = with pkgs; [ virt-manager ];
users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ]; users.users.googlebot.extraGroups = [ "libvirtd" ];
# allow building ARM derivations # allow building ARM derivations
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
@ -62,6 +62,4 @@
# barrier # barrier
24800 24800
]; ];
programs.adb.enable = true;
} }

249
machines/storage/s0/dashy.yaml
View File

@ -1,249 +0,0 @@
appConfig:
theme: vaporware
customColors:
material-dark-original:
primary: '#f36558'
background: '#39434C'
background-darker: '#eb615c'
material-light: '#f36558'
item-text-color: '#ff948a'
curve-factor: 5px
enableErrorReporting: false
layout: auto
iconSize: large
language: en
startingView: default
defaultOpeningMethod: sametab
statusCheck: true
statusCheckInterval: 20
faviconApi: faviconkit
routingMode: history
enableMultiTasking: false
webSearch:
disableWebSearch: false
searchEngine: duckduckgo
openingMethod: sametab
searchBangs: {}
enableFontAwesome: true
cssThemes: []
externalStyleSheet: []
hideComponents:
hideHeading: false
hideNav: false
hideSearch: false
hideSettings: false
hideFooter: false
hideSplashScreen: false
auth:
enableGuestAccess: false
users: []
enableKeycloak: false
keycloak: {}
allowConfigEdit: true
enableServiceWorker: false
disableContextMenu: false
disableUpdateChecks: false
disableSmartSort: false
pageInfo:
title: s0
description: s0
sections:
- name: Media & Entertainment
icon: fas fa-photo-video
displayData:
sortBy: most-used
cols: 1
rows: 1
collapsed: false
hideForGuests: false
items:
- &ref_0
title: Jellyfin
icon: hl-jellyfin
url: http://s0:8097
target: sametab
statusCheck: true
statusCheckUrl: http://jellyfin.s0
id: 0_1956_jellyfin
- &ref_1
title: Sonarr
description: Manage TV
icon: hl-sonarr
url: http://s0:8989
target: sametab
statusCheck: true
statusCheckUrl: http://sonarr.s0
id: 1_1956_sonarr
- &ref_2
title: Radarr
description: Manage Movies
icon: hl-radarr
url: http://s0:7878
target: sametab
statusCheck: true
statusCheckUrl: http://radarr.s0
id: 2_1956_radarr
- &ref_3
title: Lidarr
description: Manage Music
icon: hl-lidarr
url: http://s0:8686
target: sametab
statusCheck: true
statusCheckUrl: http://lidarr.s0
id: 3_1956_lidarr
- &ref_4
title: Prowlarr
description: Indexers
icon: hl-prowlarr
url: http://prowlarr.s0
target: sametab
statusCheck: true
statusCheckUrl: http://prowlarr.s0
id: 4_1956_prowlarr
- &ref_5
title: Bazarr
description: Subtitles
icon: hl-bazarr
url: http://s0:6767
target: sametab
statusCheck: true
statusCheckUrl: http://bazarr.s0
id: 5_1956_bazarr
- &ref_6
title: Navidrome
description: Play Music
icon: hl-navidrome
url: http://s0:4534
target: sametab
statusCheck: true
statusCheckUrl: http://music.s0
id: 6_1956_navidrome
- &ref_7
title: Transmission
description: Torrenting
icon: hl-transmission
url: http://s0:9091
target: sametab
statusCheck: true
statusCheckUrl: http://transmission.s0
id: 7_1956_transmission
filteredItems:
- *ref_0
- *ref_1
- *ref_2
- *ref_3
- *ref_4
- *ref_5
- *ref_6
- *ref_7
- name: Network
icon: fas fa-network-wired
items:
- &ref_8
title: Gateway
description: openwrt
icon: hl-openwrt
url: http://openwrt.lan/
target: sametab
statusCheck: true
id: 0_746_gateway
- &ref_9
title: Wireless
description: openwrt (ish)
icon: hl-openwrt
url: http://PacketProvocateur.lan
target: sametab
statusCheck: true
id: 1_746_wireless
filteredItems:
- *ref_8
- *ref_9
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false
- name: Services
icon: fas fa-monitor-heart-rate
items:
- &ref_10
title: Matrix
description: ''
icon: hl-matrix
url: https://chat.neet.space
target: sametab
statusCheck: true
id: 0_836_matrix
- &ref_11
title: Radio
description: Radio service
icon: generative
url: https://radio.runyan.org
target: sametab
statusCheck: true
id: 1_836_radio
- &ref_12
title: Mumble
description: voice.neet.space
icon: hl-mumble
url: https://voice.neet.space
target: sametab
statusCheck: false
id: 2_836_mumble
- &ref_13
title: IRC
description: irc.neet.dev
icon: hl-thelounge
url: https://irc.neet.dev
target: sametab
statusCheck: true
id: 3_836_irc
- &ref_14
title: Git
description: git.neet.dev
icon: hl-gitea
url: https://git.neet.dev
target: sametab
statusCheck: true
id: 4_836_git
- &ref_15
title: Nextcloud
description: neet.cloud
icon: hl-nextcloud
url: https://neet.cloud
target: sametab
statusCheck: true
id: 5_836_nextcloud
- &ref_16
title: Roundcube
description: mail.neet.dev
icon: hl-roundcube
url: https://mail.neet.dev
target: sametab
statusCheck: true
id: 6_836_roundcube
- &ref_17
title: Jitsi Meet
description: meet.neet.space
icon: hl-jitsimeet
url: https://meet.neet.space
target: sametab
statusCheck: true
id: 7_836_jitsimeet
filteredItems:
- *ref_10
- *ref_11
- *ref_12
- *ref_13
- *ref_14
- *ref_15
- *ref_16
- *ref_17
displayData:
sortBy: default
rows: 1
cols: 1
collapsed: false
hideForGuests: false

62
machines/storage/s0/default.nix
View File

@ -39,6 +39,9 @@
# samba # samba
services.samba.enable = true; services.samba.enable = true;
# disable suspend on lid close
services.logind.lidSwitch = "ignore";
# navidrome # navidrome
services.navidrome = { services.navidrome = {
enable = true; enable = true;
@ -48,6 +51,7 @@
MusicFolder = "/data/samba/Public/Media/Music"; MusicFolder = "/data/samba/Public/Media/Music";
}; };
}; };
networking.firewall.allowedTCPPorts = [ config.services.navidrome.settings.Port ];
# allow access to transmisson data # allow access to transmisson data
users.users.googlebot.extraGroups = [ "transmission" ]; users.users.googlebot.extraGroups = [ "transmission" ];
@ -159,64 +163,22 @@
# nginx # nginx
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."bazarr.s0" = { services.nginx.virtualHosts."bazarr.s0".locations."/".proxyPass = "http://vpn.containers:6767";
listen = [{ addr = "0.0.0.0"; port = 6767; } { addr = "0.0.0.0"; port = 80; }]; services.nginx.virtualHosts."radarr.s0".locations."/".proxyPass = "http://vpn.containers:7878";
locations."/".proxyPass = "http://vpn.containers:6767"; services.nginx.virtualHosts."lidarr.s0".locations."/".proxyPass = "http://vpn.containers:8686";
}; services.nginx.virtualHosts."sonarr.s0".locations."/".proxyPass = "http://vpn.containers:8989";
services.nginx.virtualHosts."radarr.s0" = { services.nginx.virtualHosts."prowlarr.s0".locations."/".proxyPass = "http://vpn.containers:9696";
listen = [{ addr = "0.0.0.0"; port = 7878; } { addr = "0.0.0.0"; port = 80; }]; services.nginx.virtualHosts."music.s0".locations."/".proxyPass = "http://localhost:4533";
locations."/".proxyPass = "http://vpn.containers:7878"; services.nginx.virtualHosts."jellyfin.s0".locations."/" = {
};
services.nginx.virtualHosts."lidarr.s0" = {
listen = [{ addr = "0.0.0.0"; port = 8686; } { addr = "0.0.0.0"; port = 80; }];
locations."/".proxyPass = "http://vpn.containers:8686";
};
services.nginx.virtualHosts."sonarr.s0" = {
listen = [{ addr = "0.0.0.0"; port = 8989; } { addr = "0.0.0.0"; port = 80; }];
locations."/".proxyPass = "http://vpn.containers:8989";
};
services.nginx.virtualHosts."prowlarr.s0" = {
listen = [{ addr = "0.0.0.0"; port = 9696; } { addr = "0.0.0.0"; port = 80; }];
locations."/".proxyPass = "http://vpn.containers:9696";
};
services.nginx.virtualHosts."music.s0" = {
listen = [{ addr = "0.0.0.0"; port = 4534; } { addr = "0.0.0.0"; port = 80; }];
locations."/".proxyPass = "http://localhost:4533";
};
services.nginx.virtualHosts."jellyfin.s0" = {
listen = [{ addr = "0.0.0.0"; port = 8097; } { addr = "0.0.0.0"; port = 80; }];
locations."/" = {
proxyPass = "http://localhost:8096"; proxyPass = "http://localhost:8096";
proxyWebsockets = true; proxyWebsockets = true;
}; };
};
services.nginx.virtualHosts."jellyfin.neet.cloud".locations."/" = { services.nginx.virtualHosts."jellyfin.neet.cloud".locations."/" = {
proxyPass = "http://localhost:8096"; proxyPass = "http://localhost:8096";
proxyWebsockets = true; proxyWebsockets = true;
}; };
services.nginx.virtualHosts."transmission.s0" = { services.nginx.virtualHosts."transmission.s0".locations."/" = {
listen = [{ addr = "0.0.0.0"; port = 9091; } { addr = "0.0.0.0"; port = 80; }];
locations."/" = {
proxyPass = "http://vpn.containers:9091"; proxyPass = "http://vpn.containers:9091";
proxyWebsockets = true; proxyWebsockets = true;
}; };
};
networking.firewall.allowedTCPPorts = [
6767
7878
8686
8989
9696
4534
8097
9091
];
virtualisation.oci-containers.backend = "podman";
virtualisation.podman.dockerSocket.enable = true; # TODO needed?
services.dashy = {
enable = true;
configFile = ./dashy.yaml;
};
} }

18
machines/zoidberg/default.nix
View File

@ -55,8 +55,8 @@
path = with pkgs; [ barrier doas ]; path = with pkgs; [ barrier doas ];
script = '' script = ''
# Wait for file to show up. "display-manager.service" finishes a bit too soon # Wait for file to show up. "display-manager.service" finishes a bit too soon
while ! [ -e /run/sddm/* ]; do sleep 1; done; while ! [ -e /run/sddm/xauth_* ]; do sleep 1; done;
export XAUTHORITY=$(ls /run/sddm/*) export XAUTHORITY=$(ls /run/sddm/xauth_*)
# Disable crypto is fine because tailscale is E2E encrypting better than barrier could anyway # Disable crypto is fine because tailscale is E2E encrypting better than barrier could anyway
barrierc -f --disable-crypto --name zoidberg ray.koi-bebop.ts.net barrierc -f --disable-crypto --name zoidberg ray.koi-bebop.ts.net
''; '';
@ -83,17 +83,15 @@
}; };
# Auto login into Plasma in john zoidberg account # Auto login into Plasma in john zoidberg account
services.xserver.displayManager.sddm.settings = { # services.xserver.displayManager.sddm.settings = {
Autologin = { # Autologin = {
Session = "plasma"; # Session = "plasma";
User = "john"; # User = "john";
}; # };
}; # };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jellyfin-media-player jellyfin-media-player
config.services.xserver.desktopManager.kodi.package config.services.xserver.desktopManager.kodi.package
spotify
retroarchFull
]; ];
} }