Compare commits
4 Commits
56f36d711f
...
faf97e2b3f
Author | SHA1 | Date | |
---|---|---|---|
|
faf97e2b3f | ||
|
07de18a9a9 | ||
|
394b5e5070 | ||
|
05a4fa074b |
18
flake.lock
generated
18
flake.lock
generated
@ -7,11 +7,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1638267006,
|
||||
"narHash": "sha256-heZdDlD09rnoeEiZ4wKfbXNDkO5I9qVFvX9d790h/XE=",
|
||||
"lastModified": 1638553958,
|
||||
"narHash": "sha256-leETjYMtD9y37CvfRSQhIGibcIl4dNVlFkY/8QgqmAM=",
|
||||
"owner": "rycee",
|
||||
"repo": "home-manager",
|
||||
"rev": "3e93c4e8b2b479c712b7c20a428993b459118842",
|
||||
"rev": "6ce1d64073f48b9bc9425218803b1b607454c1e7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -23,11 +23,11 @@
|
||||
},
|
||||
"nixos-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1638286143,
|
||||
"narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=",
|
||||
"lastModified": 1638806821,
|
||||
"narHash": "sha256-v2qd2Bsmzft53s43eCbN+4ocrLksRdFLyF/MAGuWuDA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea",
|
||||
"rev": "bc5d68306b40b8522ffb69ba6cff91898c2fbbff",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -39,11 +39,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1638279546,
|
||||
"narHash": "sha256-1KCwN7twjp1dBdp0jPgVdYFztDkCR8+roo0B34J9oBY=",
|
||||
"lastModified": 1638887115,
|
||||
"narHash": "sha256-emjtIeqyJ84Eb3X7APJruTrwcfnHQKs55XGljj62prs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "96b4157790fc96e70d6e6c115e3f34bba7be490f",
|
||||
"rev": "1bd4bbd49bef217a3d1adea43498270d6e779d65",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -23,7 +23,7 @@ in {
|
||||
./matrix.nix
|
||||
./fail2ban.nix
|
||||
./dns.nix
|
||||
# ./minecraft.nix
|
||||
# ./minecraft.nix
|
||||
./prowlarr.nix
|
||||
./plex.nix
|
||||
./transmission.nix
|
||||
@ -36,11 +36,13 @@ in {
|
||||
time.timeZone = "Europe/Rome";
|
||||
system.stateVersion = "21.11"; # Did you read the comment?
|
||||
users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
|
||||
|
||||
|
||||
services.fwupd.enable = true;
|
||||
boot = {
|
||||
kernelParams =
|
||||
[ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" "nvme_core.default_ps_max_latency_us=5500" ];
|
||||
kernelParams = [
|
||||
"ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"
|
||||
"nvme_core.default_ps_max_latency_us=5500"
|
||||
];
|
||||
kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
initrd = {
|
||||
availableKernelModules = [ "igc" "r8169" ];
|
||||
@ -70,6 +72,7 @@ in {
|
||||
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
zfs.requestEncryptionCredentials = true;
|
||||
tmpOnTmpfsSize = "75%";
|
||||
};
|
||||
|
||||
networking = {
|
||||
|
@ -5,9 +5,8 @@ with import ./network.nix; {
|
||||
domain = "git.giugl.io";
|
||||
appName = "Gitea";
|
||||
rootUrl = "https://git.giugl.io";
|
||||
ssh.clonePort = 10022;
|
||||
log.level = "Info";
|
||||
settings.server.START_SSH_SERVER = true;
|
||||
ssh.clonePort = 22;
|
||||
settings.server.LFS_START_SERVER = true;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${gitdomain} = {
|
||||
@ -16,12 +15,12 @@ with import ./network.nix; {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
extraConfig = ''
|
||||
allow 127.0.0.1;
|
||||
allow 10.0.0.0/24;
|
||||
allow 10.3.0.0/24;
|
||||
allow 10.4.0.0/24;
|
||||
deny all;
|
||||
'';
|
||||
allow 127.0.0.1;
|
||||
allow 10.0.0.0/24;
|
||||
allow 10.3.0.0/24;
|
||||
allow 10.4.0.0/24;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
@ -29,4 +28,5 @@ with import ./network.nix; {
|
||||
${architect-lan} ${gitdomain}
|
||||
${architect-wg} ${gitdomain}
|
||||
'';
|
||||
|
||||
}
|
||||
|
@ -42,12 +42,6 @@
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/tmp" = {
|
||||
fsType = "tmpfs";
|
||||
device = "tmpfs";
|
||||
options = [ "mode=1777" "strictatime" "rw" "nosuid" "nodev" "size=29G" ];
|
||||
};
|
||||
|
||||
swapDevices = [{
|
||||
device = "/dev/sdc1";
|
||||
size = 100000;
|
||||
|
@ -18,8 +18,8 @@ with import ./network.nix; {
|
||||
auto_join_rooms:
|
||||
- "#infra:matrix.giugl.io"
|
||||
- "#general:matrix.giugl.io"
|
||||
- "#gaming:matrix.giugl.io"
|
||||
- "#movies:matrix.giugl.io"
|
||||
max_upload_size: "30M"
|
||||
'';
|
||||
listeners = [{
|
||||
port = 8008;
|
||||
@ -42,6 +42,7 @@ with import ./network.nix; {
|
||||
|
||||
postgresql = {
|
||||
enable = true;
|
||||
package = pkgs.postgresql_11;
|
||||
ensureDatabases = [ "synapse" ];
|
||||
ensureUsers = [{
|
||||
name = "matrix-synapse";
|
||||
@ -54,6 +55,9 @@ with import ./network.nix; {
|
||||
${matrixdomain} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
client_max_body_size 30m;
|
||||
'';
|
||||
locations."= /.well-known/matrix/server".extraConfig =
|
||||
let server = { "m.server" = "${matrixdomain}:443"; };
|
||||
in ''
|
||||
|
Loading…
Reference in New Issue
Block a user