peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.giugl.io:10022/peperunas/nixos

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-09-07 10:25:30 +01:00
commit 0d83bffb4c
8 changed files with 69 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
common.nix
View File

@ -47,6 +47,7 @@
parted parted
unzip unzip
tree tree
smartmontools
]; ];
fileSystems."/var/cache" = { fileSystems."/var/cache" = {

2
flake.nix
View File

@ -37,7 +37,7 @@
nix.registry.unstable.flake = nixos-unstable; nix.registry.unstable.flake = nixos-unstable;
} }
# home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
./hosts/architect/default.nix ./hosts/architect/default.nix
]; ];
}; };

6
hosts/architect/default.nix
View File

@ -28,6 +28,7 @@ in
./plex.nix ./plex.nix
./dns.nix ./dns.nix
./minecraft.nix ./minecraft.nix
./plex.nix
]; ];
time.timeZone = "Europe/Rome"; time.timeZone = "Europe/Rome";
@ -121,6 +122,10 @@ in
${germano-wg} germano.devs.giugl.io ${germano-wg} germano.devs.giugl.io
${dodino-wg} dodino.devs.giugl.io ${dodino-wg} dodino.devs.giugl.io
${tommy-wg} tommy.devs.giugl.io ${tommy-wg} tommy.devs.giugl.io
${alain-wg} alain.devs.giugl.io
${dima-wg} dima.devs.giugl.io
${boogino-wg} boogino.devs.giugl.io
${mikey-wg} mikey.devs.giugl.io
# Blacklist # Blacklist
0.0.0.0 metrics.plex.tv 0.0.0.0 metrics.plex.tv
@ -164,6 +169,7 @@ in
zfs.autoScrub.enable = true; zfs.autoScrub.enable = true;
xserver.videoDrivers = [ "nvidia" ]; xserver.videoDrivers = [ "nvidia" ];
openssh.enable = true; openssh.enable = true;
smartd.enable = true;
}; };
environment.variables = { environment.variables = {

8
hosts/architect/dns.nix
View File

@ -6,10 +6,10 @@
enable = true; enable = true;
servers = ["127.0.0.1#5353"]; servers = ["127.0.0.1#5353"];
extraConfig = '' extraConfig = ''
localise-queries localise-queries
min-cache-ttl=120 min-cache-ttl=120
max-cache-ttl=2400 max-cache-ttl=2400
addn-hosts=/etc/adblock_hosts addn-hosts=/etc/adblock_hosts
''; '';
}; };

69
hosts/architect/matrix.nix
View File

@ -6,11 +6,11 @@ with import ./network.nix;
matrix-synapse = { matrix-synapse = {
enable = true; enable = true;
server_name = "${matrixdomain}"; server_name = "${matrixdomain}";
database_type = "sqlite3"; database_name = "synapse";
public_baseurl = "https://${matrixdomain}"; public_baseurl = "https://${matrixdomain}";
registration_shared_secret = "runas!"; registration_shared_secret = "runas!";
dynamic_thumbnails = true; dynamic_thumbnails = true;
enable_registration = true; #enable_registration = true;
app_service_config_files = [ app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml" "/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml"
@ -39,6 +39,19 @@ with import ./network.nix;
]; ];
}; };
postgresql = {
enable = true;
ensureDatabases = [ "synapse" ];
ensureUsers = [
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE synapse" = "ALL PRIVILEGES";
};
}
];
};
nginx.virtualHosts = { nginx.virtualHosts = {
# server # server
${matrixdomain} = { ${matrixdomain} = {
@ -109,28 +122,28 @@ with import ./network.nix;
}; };
# telegram bridge # telegram bridge
mautrix-telegram = {
enable = true;
environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
settings = { mautrix-telegram = {
homeserver = { enable = true;
address = "https://${matrixdomain}"; environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
domain = "${matrixdomain}";
};
appservice = { settings = {
provisioning.enabled = false; homeserver = {
id = "telegram"; address = "https://${matrixdomain}";
}; domain = "${matrixdomain}";
bridge = {
permissions = {
"@pepe:${matrixdomain}" = "admin";
"${matrixdomain}" = "puppeting";
}; };
appservice = {
provisioning.enabled = false;
id = "telegram";
};
bridge = {
permissions = {
"@pepe:${matrixdomain}" = "admin";
"${matrixdomain}" = "puppeting";
};
# Animated stickers conversion requires additional packages in the # Animated stickers conversion requires additional packages in the
# service's path. # service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded # If this isn't a fresh installation, clearing the bridge's uploaded
@ -150,18 +163,18 @@ with import ./network.nix;
}; };
}; };
}; };
systemd.services.mautrix-telegram.path = with pkgs; [ systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!) ffmpeg # if converting animated stickers to webm (very slow!)
]; ];
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${matrixdomain} ${matrixwebdomain} 127.0.0.1 ${matrixdomain} ${matrixwebdomain}
${architect-lan} ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain}
${architect-wg} ${matrixdomain} ${matrixwebdomain} ${architect-wg} ${matrixdomain} ${matrixwebdomain}
''; '';
users.groups.acme.members = [ "turnserver" ]; users.groups.acme.members = [ "turnserver" ];
} }

2
hosts/architect/network.nix
View File

@ -37,10 +37,12 @@ rec {
tommy-wg = "10.3.0.21"; tommy-wg = "10.3.0.21";
alain-wg = "10.3.0.22"; alain-wg = "10.3.0.22";
dima-wg = "10.3.0.23"; dima-wg = "10.3.0.23";
mikey-wg = "10.3.0.24";
eleonora-wg = "10.3.0.100"; eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200"; broccolino-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201"; hotpottino-wg = "10.3.0.201";
dodino-wg = "10.3.0.202"; dodino-wg = "10.3.0.202";
boogino-wg = "10.3.0.203";
# groups # groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ]; gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];

20
hosts/architect/plex.nix
View File

@ -4,18 +4,7 @@ with import ./network.nix;
{ {
services.plex = { services.plex = {
enable = true; enable = true;
package = pkgs.plex.overrideAttrs (x: let package = pkgs.unstable.plex;
# see https://www.plex.tv/media-server-downloads/ for 64bit rpm
version = "1.24.1.4931-1a38e63c6";
sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89";
in {
name = "plex-${version}";
src = pkgs.fetchurl {
url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb";
inherit sha1;
};
}
);
}; };
services.nginx = { services.nginx = {
@ -25,12 +14,7 @@ with import ./network.nix;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
extraConfig = '' extraConfig = ''
allow 10.0.0.0/24;
allow 10.3.0.0/24;
deny all;
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m; send_timeout 100m;
@ -87,7 +71,7 @@ with import ./network.nix;
proxy_buffering off; proxy_buffering off;
''; '';
locations."/" = { locations."/" = {
proxyPass = "http://localhost:32400/"; proxyPass = "https://localhost:32400";
}; };
}; };
}; };

12
hosts/architect/wireguard.nix
View File

@ -177,6 +177,18 @@ with import ./network.nix;
allowedIPs = [dima-wg]; allowedIPs = [dima-wg];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
} }
{
# boogino
allowedIPs = [boogino-wg];
publicKey = "p21tD9S04+b+TC27a1CvkJL7V6fcfjOpVU7Ke1FzV3A=";
}
{
# mikey
allowedIPs = [mikey-wg];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
}
]; ];
}; };
}; };