peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nixos/hosts/architect/default.nix

186 lines
3.9 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
macbookPubkey = (import ../pubkeys.nix).macbook;
pubkeys = [ macbookPubkey ];
domain = "devs.giugl.io";
in
{
imports = [
./options.nix
./backup.nix
./hardware.nix
./firewall.nix
./nginx.nix
./nextcloud.nix
./matrix.nix
./fail2ban.nix
./dns.nix
./redlib.nix
./tailscale.nix
./headscale.nix
./llm.nix
./sunshine.nix
./postgres.nix
./netdata.nix
./homeassistant.nix
./searx.nix
./homeassistant.nix
];
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
architect = {
firewall = {
openTCP = [ 22 ];
};
};
time.timeZone = "Europe/London";
users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
boot = {
initrd = {
availableKernelModules = [ "igc" "r8169" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ /secrets/ssh_host_rsa_key ];
authorizedKeys = pubkeys;
};
};
};
kernelParams = with config.pepe.core.network.interfaces.lan; [
"ip=${devices.architect.address}::${devices.brigettine.address}:255.255.255.0::${interface}:off"
];
kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
loader = {
systemd-boot = {
enable = true;
memtest86.enable = true;
};
efi.canTouchEfiVariables = true;
};
supportedFilesystems = [ "zfs" ];
zfs.requestEncryptionCredentials = true;
tmp.tmpfsSize = "50%";
};
networking = with config.pepe.core.network.interfaces.lan; {
hostName = "architect";
hostId = "49350853";
useDHCP = false;
defaultGateway = devices.brigettine.address;
interfaces = {
${interface}.ipv4.addresses = [{
address = devices.architect.address;
prefixLength = 24;
}];
};
};
services = {
fwupd.enable = true;
das_watchdog.enable = true;
zfs.autoScrub.enable = true;
openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
extraConfig = ''
MaxAuthTries 15
'';
};
smartd.enable = true;
};
pepe = {
core = {
media = {
enable = true;
path = "/media";
};
network.interfaces = {
lan = {
interface = "enp6s0";
type = "lan";
net = "10.0.0.0/24";
devices = {
architect = { address = "10.0.0.250"; hostname = "architect.${domain}"; isEndpoint = true; };
brigettine = { address = "10.0.0.1"; hostname = "router.${domain}"; };
dreamel10 = { address = "10.0.0.199"; hostname = "dreamel10.${domain}"; };
reolinkcamera = { address = "10.0.0.200"; hostname = "reolinkcamera.${domain}"; };
lgtv = { address = "10.0.0.202"; hostname = "lgtv.${domain}"; };
};
};
};
};
services = {
gitea = {
enable = true;
domain = "git.giugl.io";
};
immich = {
enable = true;
domain = "photos.giugl.io";
package = pkgs.unstablePkgs.immich;
};
radarr = {
enable = true;
domain = "htrad.giugl.io";
package = pkgs.unstablePkgs.radarr;
};
sonarr = {
enable = true;
domain = "htson.giugl.io";
package = pkgs.unstablePkgs.sonarr;
};
bazarr = {
enable = true;
domain = "htbaz.giugl.io";
package = pkgs.unstablePkgs.bazarr;
};
nzbget = {
enable = true;
domain = "htnzb.giugl.io";
package = pkgs.unstablePkgs.nzbget;
};
jellyfin = {
enable = true;
domain = "media.giugl.io";
package = pkgs.unstablePkgs.jellyfin;
};
jellyseer = {
enable = true;
domain = "aumm-aumm.giugl.io";
};
prowlarr = {
enable = true;
domain = "htpro.giugl.io";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink