peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of ssh://git.giugl.io:10022/peperunas/nixos

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-09-07 10:25:30 +01:00
commit 0d83bffb4c
8 changed files with 69 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
common.nix
View File

@ -47,6 +47,7 @@
parted
unzip
tree
smartmontools
];
fileSystems."/var/cache" = {

2
flake.nix
View File

@ -37,7 +37,7 @@
nix.registry.unstable.flake = nixos-unstable;
}
# home-manager.nixosModules.home-manager
home-manager.nixosModules.home-manager
./hosts/architect/default.nix
];
};

6
hosts/architect/default.nix
View File

@ -28,6 +28,7 @@ in
./plex.nix
./dns.nix
./minecraft.nix
./plex.nix
];
time.timeZone = "Europe/Rome";
@ -121,6 +122,10 @@ in
${germano-wg} germano.devs.giugl.io
${dodino-wg} dodino.devs.giugl.io
${tommy-wg} tommy.devs.giugl.io
${alain-wg} alain.devs.giugl.io
${dima-wg} dima.devs.giugl.io
${boogino-wg} boogino.devs.giugl.io
${mikey-wg} mikey.devs.giugl.io
# Blacklist
0.0.0.0 metrics.plex.tv
@ -164,6 +169,7 @@ in
zfs.autoScrub.enable = true;
xserver.videoDrivers = [ "nvidia" ];
openssh.enable = true;
smartd.enable = true;
};
environment.variables = {

8
hosts/architect/dns.nix
View File

@ -6,10 +6,10 @@
enable = true;
servers = ["127.0.0.1#5353"];
extraConfig = ''
localise-queries
min-cache-ttl=120
max-cache-ttl=2400
addn-hosts=/etc/adblock_hosts
localise-queries
min-cache-ttl=120
max-cache-ttl=2400
addn-hosts=/etc/adblock_hosts
'';
};

69
hosts/architect/matrix.nix
View File

@ -6,11 +6,11 @@ with import ./network.nix;
matrix-synapse = {
enable = true;
server_name = "${matrixdomain}";
database_type = "sqlite3";
database_name = "synapse";
public_baseurl = "https://${matrixdomain}";
registration_shared_secret = "runas!";
dynamic_thumbnails = true;
enable_registration = true;
#enable_registration = true;
app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/telegram-registration.yaml"
@ -39,6 +39,19 @@ with import ./network.nix;
];
};
postgresql = {
enable = true;
ensureDatabases = [ "synapse" ];
ensureUsers = [
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE synapse" = "ALL PRIVILEGES";
};
}
];
};
nginx.virtualHosts = {
# server
${matrixdomain} = {
@ -109,28 +122,28 @@ with import ./network.nix;
};
# telegram bridge
mautrix-telegram = {
enable = true;
environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
settings = {
homeserver = {
address = "https://${matrixdomain}";
domain = "${matrixdomain}";
};
mautrix-telegram = {
enable = true;
environmentFile = /secrets/mautrix-telegram/mautrix-telegram.env;
appservice = {
provisioning.enabled = false;
id = "telegram";
};
bridge = {
permissions = {
"@pepe:${matrixdomain}" = "admin";
"${matrixdomain}" = "puppeting";
settings = {
homeserver = {
address = "https://${matrixdomain}";
domain = "${matrixdomain}";
};
appservice = {
provisioning.enabled = false;
id = "telegram";
};
bridge = {
permissions = {
"@pepe:${matrixdomain}" = "admin";
"${matrixdomain}" = "puppeting";
};
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
@ -150,18 +163,18 @@ with import ./network.nix;
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
networking.extraHosts = ''
networking.extraHosts = ''
127.0.0.1 ${matrixdomain} ${matrixwebdomain}
${architect-lan} ${matrixdomain} ${matrixwebdomain}
${architect-wg} ${matrixdomain} ${matrixwebdomain}
'';
'';
users.groups.acme.members = [ "turnserver" ];
users.groups.acme.members = [ "turnserver" ];
}

2
hosts/architect/network.nix
View File

@ -37,10 +37,12 @@ rec {
tommy-wg = "10.3.0.21";
alain-wg = "10.3.0.22";
dima-wg = "10.3.0.23";
mikey-wg = "10.3.0.24";
eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201";
dodino-wg = "10.3.0.202";
boogino-wg = "10.3.0.203";
# groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];

20
hosts/architect/plex.nix
View File

@ -4,18 +4,7 @@ with import ./network.nix;
{
services.plex = {
enable = true;
package = pkgs.plex.overrideAttrs (x: let
# see https://www.plex.tv/media-server-downloads/ for 64bit rpm
version = "1.24.1.4931-1a38e63c6";
sha1 = "7d0751f7efaa7b5fc9ac2a3cdb130712db6b6d89";
in {
name = "plex-${version}";
src = pkgs.fetchurl {
url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb";
inherit sha1;
};
}
);
package = pkgs.unstable.plex;
};
services.nginx = {
@ -25,12 +14,7 @@ with import ./network.nix;
forceSSL = true;
enableACME = true;
http2 = true;
extraConfig = ''
allow 10.0.0.0/24;
allow 10.3.0.0/24;
deny all;
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m;
@ -87,7 +71,7 @@ with import ./network.nix;
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://localhost:32400/";
proxyPass = "https://localhost:32400";
};
};
};

12
hosts/architect/wireguard.nix
View File

@ -177,6 +177,18 @@ with import ./network.nix;
allowedIPs = [dima-wg];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
}
{
# boogino
allowedIPs = [boogino-wg];
publicKey = "p21tD9S04+b+TC27a1CvkJL7V6fcfjOpVU7Ke1FzV3A=";
}
{
# mikey
allowedIPs = [mikey-wg];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
}
];
};
};