Compare commits
No commits in common. "a84d6fe16374d394515474957abaa28aae972f0c" and "685ff000d75ff3bdda2fd001d72a877e501882e0" have entirely different histories.
a84d6fe163
...
685ff000d7
10
flake.nix
10
flake.nix
@ -6,10 +6,9 @@
|
||||
url = "github:rycee/home-manager/release-21.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
navidrome.url = "github:antifuchs/nixpkgs/fix-151550";
|
||||
};
|
||||
|
||||
outputs = inputs@{ self, nixpkgs, nixos-unstable, home-manager, navidrome}:
|
||||
outputs = inputs@{ self, nixpkgs, nixos-unstable, home-manager }:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
||||
@ -38,13 +37,6 @@
|
||||
user = "giulio";
|
||||
roles = [ ];
|
||||
}];
|
||||
imports = [
|
||||
{
|
||||
disabledModules = [ "services/audio/navidrome.nix" ];
|
||||
imports =
|
||||
[ (navidrome + "/nixos/modules/services/audio/navidrome.nix") ];
|
||||
}
|
||||
];
|
||||
};
|
||||
gAluminum = host.mkHost {
|
||||
name = "gAluminum";
|
||||
|
@ -5,10 +5,7 @@ let
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
bazarr = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
bazarr.enable = true;
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
|
@ -23,19 +23,15 @@ in {
|
||||
./matrix.nix
|
||||
./fail2ban.nix
|
||||
./dns.nix
|
||||
./minecraft.nix
|
||||
# ./minecraft.nix
|
||||
./prowlarr.nix
|
||||
./plex.nix
|
||||
./transmission.nix
|
||||
# ./transmission.nix
|
||||
./githubrunner.nix
|
||||
./libreddit.nix
|
||||
./invidious.nix
|
||||
./nitter.nix
|
||||
./ccache.nix
|
||||
./lidarr.nix
|
||||
./navidrome.nix
|
||||
./jellyfin.nix
|
||||
./prosody.nix
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Rome";
|
||||
@ -48,12 +44,7 @@ in {
|
||||
"ip=${network.architect-lan}::10.0.0.1:255.255.255.0::${network.wan-if}:off"
|
||||
"nvme_core.default_ps_max_latency_us=5500"
|
||||
];
|
||||
|
||||
kernel.sysctl= {
|
||||
"net.ipv4.ip_forward" = 1;
|
||||
"fs.protected_regular" = 0;
|
||||
};
|
||||
|
||||
kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
initrd = {
|
||||
availableKernelModules = [ "igc" "r8169" ];
|
||||
network = {
|
||||
@ -82,7 +73,7 @@ in {
|
||||
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
zfs.requestEncryptionCredentials = true;
|
||||
tmpOnTmpfsSize = "80%";
|
||||
tmpOnTmpfsSize = "150%";
|
||||
};
|
||||
|
||||
networking = {
|
||||
@ -106,7 +97,7 @@ in {
|
||||
|
||||
${network.dvr-lan} dvr.devs.giugl.io
|
||||
${network.nas-lan} nas.devs.giugl.io
|
||||
192.168.1.1 vodafone.station
|
||||
|
||||
# Blacklist
|
||||
0.0.0.0 metrics.plex.tv
|
||||
0.0.0.0 analytics.plex.tv
|
||||
|
@ -9,12 +9,10 @@ let
|
||||
443 # https
|
||||
8448 # matrix
|
||||
10022 # gitea
|
||||
30303
|
||||
51413 # transmission
|
||||
];
|
||||
open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
|
||||
1194 # wireguard
|
||||
30303
|
||||
51413 # transmission
|
||||
];
|
||||
open_tcp_ports_vpn = lib.concatMapStringsSep "," (x: toString x) [
|
||||
|
@ -44,7 +44,7 @@
|
||||
|
||||
swapDevices = [{
|
||||
device = "/dev/sdc1";
|
||||
size = 10000;
|
||||
size = 100000;
|
||||
}];
|
||||
|
||||
}
|
||||
|
@ -1,9 +1,6 @@
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
network = import ./network.nix;
|
||||
domain = "jellyfin.giugl.io";
|
||||
in {
|
||||
with import ./network.nix; {
|
||||
disabledModules = [ "services/misc/jellyfin.nix" ];
|
||||
imports = [ ./modules/jellyfin.nix ];
|
||||
|
||||
@ -13,9 +10,9 @@ in {
|
||||
package = pkgs.unstable.jellyfin;
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
nginx.virtualHosts.${mediadomain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8096";
|
||||
extraConfig = ''
|
||||
@ -28,8 +25,8 @@ in {
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
${architect-lan} ${mediadomain}
|
||||
${architect-wg} ${mediadomain}
|
||||
'';
|
||||
|
||||
users.groups.media.members = [ "jellyfin" ];
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, pkgs, ... }:
|
||||
{ lib, ... }:
|
||||
|
||||
let
|
||||
domain = "reddit.giugl.io";
|
||||
|
@ -1,34 +0,0 @@
|
||||
{ lib, ... }:
|
||||
|
||||
let
|
||||
domain = "htlid.giugl.io";
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
lidarr = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8686";
|
||||
extraConfig = ''
|
||||
allow 10.0.0.0/24;
|
||||
${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
|
||||
deny all;
|
||||
deny 10.0.0.1;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
'';
|
||||
|
||||
users.groups.media.members = [ "lidarr" ];
|
||||
}
|
@ -12,13 +12,11 @@ in {
|
||||
database_name = "synapse";
|
||||
public_baseurl = "https://${domain}";
|
||||
registration_shared_secret = "runas!";
|
||||
url_preview_enabled = true;
|
||||
dynamic_thumbnails = true;
|
||||
withJemalloc = true;
|
||||
# enable_registration = true;
|
||||
app_service_config_files = [
|
||||
"/var/lib/matrix-synapse/discord-registration.yaml"
|
||||
# "/var/lib/matrix-synapse/telegram-registration.yaml"
|
||||
"/var/lib/matrix-synapse/telegram-registration.yaml"
|
||||
];
|
||||
extraConfig = ''
|
||||
auto_join_rooms:
|
||||
@ -44,33 +42,6 @@ in {
|
||||
];
|
||||
turn_shared_secret = "69duck duck fuck420";
|
||||
turn_user_lifetime = "1h";
|
||||
logConfig = ''
|
||||
version: 1
|
||||
|
||||
# In systemd's journal, loglevel is implicitly stored, so let's omit it
|
||||
# from the message text.
|
||||
formatters:
|
||||
journal_fmt:
|
||||
format: '%(name)s: [%(request)s] %(message)s'
|
||||
|
||||
filters:
|
||||
context:
|
||||
(): synapse.util.logcontext.LoggingContextFilter
|
||||
request: ""
|
||||
|
||||
handlers:
|
||||
journal:
|
||||
class: systemd.journal.JournalHandler
|
||||
formatter: journal_fmt
|
||||
filters: [context]
|
||||
SYSLOG_IDENTIFIER: synapse
|
||||
|
||||
root:
|
||||
level: WARN
|
||||
handlers: [journal]
|
||||
|
||||
disable_existing_loggers: False
|
||||
'';
|
||||
};
|
||||
|
||||
postgresql = {
|
||||
@ -121,24 +92,19 @@ in {
|
||||
};
|
||||
|
||||
# web client
|
||||
|
||||
"${webui_domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
# root = pkgs.element-web.override {
|
||||
# conf = {
|
||||
# default_server_config."m.homeserver" = {
|
||||
# "base_url" = "https://${domain}";
|
||||
# "server_name" = "${domain}";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
root = pkgs.unstable.cinny.override {
|
||||
root = pkgs.element-web.override {
|
||||
conf = {
|
||||
homeserverList = [ "${domain}" ];
|
||||
defaultHomeserver = 0;
|
||||
default_server_config."m.homeserver" = {
|
||||
"base_url" = "https://${domain}";
|
||||
"server_name" = "${domain}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -1,53 +0,0 @@
|
||||
{ lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
domain = "music.giugl.io";
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
navidrome = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
MusicFolder = "/media/Music";
|
||||
LastFM.enable = true;
|
||||
LastFM.ApiKey = "5cef5cb5f9d31326b97d0f929ca9cf20";
|
||||
LastFM.Secret = "d1296896126f4caae47407aecf080b25";
|
||||
Spotify.ID = "3900c029b4f34f3fb61d554dda64794d";
|
||||
Spotify.Secret = "d931ce5575a9401aa5ff8d37558cca0a";
|
||||
EnableGravatar = true;
|
||||
LogLevel = "WARN";
|
||||
};
|
||||
};
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:4533";
|
||||
# extraConfig = ''
|
||||
# allow 10.0.0.0/24;
|
||||
# ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg}
|
||||
# deny all;
|
||||
# '';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."beets-rename" = {
|
||||
enable = true;
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart =
|
||||
"${pkgs.findutils}/bin/find /media/Music -type d -mindepth 2 -maxdepth 2 -exec ${pkgs.beets}/bin/beet -c /media/config.conf import --flat -q {} \\;";
|
||||
};
|
||||
startAt = "daily";
|
||||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
'';
|
||||
|
||||
users.groups.media.members = [ "navidrome" ];
|
||||
}
|
@ -44,7 +44,6 @@ rec {
|
||||
jacopo-wg = "10.3.0.28";
|
||||
frznn-wg = "10.3.0.29";
|
||||
ludo-wg = "10.3.0.30";
|
||||
parina-wg = "10.3.0.31";
|
||||
eleonora-wg = "10.3.0.100";
|
||||
angellane-wg = "10.3.0.200";
|
||||
hotpottino-wg = "10.3.0.201";
|
||||
@ -53,10 +52,10 @@ rec {
|
||||
|
||||
# groups
|
||||
gdevices-wg =
|
||||
[ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg wolfsonhouse-wg ];
|
||||
[ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg ];
|
||||
routers-wg = [ hotpottino-wg angellane-wg dodino-wg wolfsonhouse-wg ];
|
||||
c2c-wg = [ ] ++ gdevices-wg;
|
||||
towan-wg = [ shield-wg parisaphone-wg parisapc-wg parina-wg ] ++ gdevices-wg
|
||||
towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg
|
||||
++ routers-wg;
|
||||
gamenet-wg = [
|
||||
andrew-wg
|
||||
|
@ -14,7 +14,7 @@ in {
|
||||
enable = true;
|
||||
hostName = "${domain}";
|
||||
https = true;
|
||||
package = pkgs.unstable.nextcloud23;
|
||||
package = pkgs.unstable.nextcloud22;
|
||||
|
||||
caching.redis = true;
|
||||
|
||||
|
@ -5,10 +5,7 @@ let
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
nzbget = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
nzbget.enable = true;
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
|
@ -1,41 +0,0 @@
|
||||
{ lib, config, ... }:
|
||||
|
||||
let
|
||||
domain = "xmpp.giugl.io";
|
||||
conference_domain = "conference.${domain}";
|
||||
upload_domain = "uploads.${domain}";
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
prosody = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
domain = domain;
|
||||
enabled = true;
|
||||
ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
|
||||
ssl.cert =
|
||||
"${config.security.acme.certs.${domain}.directory}/fullchain.pem";
|
||||
};
|
||||
};
|
||||
|
||||
muc = [{ domain = conference_domain; }];
|
||||
uploadHttp = { domain = upload_domain; };
|
||||
|
||||
admins = [ "giulio@${domain}" ];
|
||||
httpInterfaces = [ "wg0" ];
|
||||
httpsInterfaces = [ "wg0" ];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}".enableACME = true;
|
||||
#services.nginx.virtualHosts."${conference_domain}".enableACME = true;
|
||||
#services.nginx.virtualHosts."${upload_domain}".enableACME = true;
|
||||
|
||||
networking.extraHosts = ''
|
||||
${network.architect-lan} ${domain}
|
||||
${network.architect-wg} ${domain}
|
||||
'';
|
||||
|
||||
users.groups.acme.members = [ "prosody" ];
|
||||
}
|
@ -5,10 +5,7 @@ let
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
radarr = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
radarr.enable = true;
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
|
@ -5,10 +5,7 @@ let
|
||||
network = import ./network.nix;
|
||||
in {
|
||||
services = {
|
||||
sonarr = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
};
|
||||
sonarr.enable = true;
|
||||
|
||||
nginx.virtualHosts.${domain} = {
|
||||
forceSSL = true;
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ lib, config, ... }:
|
||||
{ lib, config }:
|
||||
|
||||
let
|
||||
domain = "httra.giugl.io";
|
||||
@ -7,7 +7,6 @@ in {
|
||||
services = {
|
||||
transmission = {
|
||||
enable = true;
|
||||
group = "media";
|
||||
settings = {
|
||||
download-dir = "/media/transmission";
|
||||
incomplete-dir = "/media/transmission/.incomplete";
|
||||
@ -16,6 +15,7 @@ in {
|
||||
speed-limit-up = 10;
|
||||
speed-limit-up-enabled = true;
|
||||
peer-port = 51413;
|
||||
umask = 2;
|
||||
};
|
||||
performanceNetParameters = true;
|
||||
};
|
||||
|
@ -31,7 +31,6 @@ with import ./network.nix; {
|
||||
${wolfsonhouse-wg} wolfsonhouse.devs.giugl.io
|
||||
${frznn-wg} frznn.devs.giugl.io
|
||||
${ludo-wg} ludo.devs.giugl.io
|
||||
${parina-wg} parina.devs.giugl.io
|
||||
'';
|
||||
|
||||
wireguard = {
|
||||
@ -243,12 +242,6 @@ with import ./network.nix; {
|
||||
allowedIPs = [ ludo-wg ];
|
||||
publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
|
||||
}
|
||||
|
||||
{
|
||||
# parina
|
||||
allowedIPs = [ parina-wg ];
|
||||
publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ pkgs, nixpkgs, nixos-unstable, unstable, home-manager, user, ... }:
|
||||
|
||||
{
|
||||
mkHost = { name, users, roles ? [], imports ? [] }:
|
||||
mkHost = { name, users, roles ? [] }:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
||||
@ -9,13 +9,12 @@
|
||||
|
||||
users_mod= (map (u: user.mkUser {name = u.user; roles = u.roles; }) users);
|
||||
roles_mod = (map (r: mkRole r) roles);
|
||||
add_imports = imports;
|
||||
in nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
|
||||
modules = [
|
||||
{
|
||||
imports = users_mod ++ roles_mod ++ add_imports;
|
||||
imports = users_mod ++ roles_mod;
|
||||
nixpkgs = {
|
||||
pkgs = pkgs;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user