commit 265e09d77ab06949ee8fa3da224080cff26ac282 Author: shobu Date: Thu Sep 18 08:28:44 2025 +0200 init diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c6a5174 --- /dev/null +++ b/flake.lock @@ -0,0 +1,635 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", + "owner": "ryantm", + "repo": "agenix", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2", + "stable": "stable" + }, + "locked": { + "lastModified": 1755272288, + "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1757797810, + "narHash": "sha256-cecYpMD1SR0QwqiMTmhy1OtfjC4UUkP3TAeiHQjVpG0=", + "owner": "9001", + "repo": "copyparty", + "rev": "8f587627e16cb14efa0c20ad77e18728792e4186", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757508292, + "narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=", + "owner": "nix-community", + "repo": "disko", + "rev": "146f45bee02b8bd88812cfce6ffc0f933788875a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1757555667, + "narHash": "sha256-09403AZgH/TR1bpilDm8yJucZ2hYcZm8bzY3t8NgPJQ=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "d6d19d54dcec2a6afac3b9442643dd18e8b0566d", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1750134718, + "narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1748162331, + "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-25.05", + "type": "indirect" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1748929857, + "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1757545623, + "narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "revCount": 738982, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.738982%2Brev-5df43628fdf08d642be8ba5b3625a6c70731c19c/01947627-561b-7a9f-a379-f9ac4c680cb0/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "revCount": 782401, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1736549401, + "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "ollama-intel": { + "flake": false, + "locked": { + "lastModified": 1757015956, + "narHash": "sha256-A8zt9SE6rUCm06LkNB1dwsV8lZ+dMMZZWkAhjlnUawU=", + "owner": "NikolasEnt", + "repo": "ollama-webui-intel", + "rev": "ac701a2e9bd1a61deba8d88e5a4ac65b60adc173", + "type": "github" + }, + "original": { + "owner": "NikolasEnt", + "repo": "ollama-webui-intel", + "type": "github" + } + }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ], + "pyproject-nix": [ + "striped-back", + "pyproject-nix" + ], + "uv2nix": [ + "striped-back", + "uv2nix" + ] + }, + "locked": { + "lastModified": 1744599653, + "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743438845, + "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "colmena": "colmena", + "copyparty": "copyparty", + "disko": "disko", + "nix-minecraft": "nix-minecraft", + "nixpkgs": "nixpkgs_5", + "ollama-intel": "ollama-intel", + "shoblog-front": "shoblog-front", + "striped-back": "striped-back", + "striped-front": "striped-front", + "testing-grounds": "testing-grounds", + "unstable": "unstable" + } + }, + "shoblog-front": { + "inputs": { + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1752594581, + "narHash": "sha256-chBYrFK4ZVYIhMpW5rhbdmUllep+cOtOQD7/4ttL8hg=", + "owner": "shobu13", + "repo": "shoblog", + "rev": "eb4fb1a5d077586e359506b8e0469e46d241028d", + "type": "gitlab" + }, + "original": { + "owner": "shobu13", + "repo": "shoblog", + "type": "gitlab" + } + }, + "stable": { + "locked": { + "lastModified": 1750133334, + "narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "36ab78dab7da2e4e27911007033713bab534187b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "striped-back": { + "inputs": { + "nixpkgs": "nixpkgs_7", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1748719386, + "narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=", + "ref": "refs/heads/master", + "rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf", + "revCount": 8, + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-back" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-back" + } + }, + "striped-front": { + "inputs": { + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1748718798, + "narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=", + "ref": "refs/heads/master", + "rev": "a553f10147dad9e41829f67b247817a079f6f671", + "revCount": 11, + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-front" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-front" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "testing-grounds": { + "inputs": { + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1755527993, + "narHash": "sha256-h+72V/KNXnFw/v/6Spme6wwFlYxRdQo6Cxub1uveJlQ=", + "owner": "shobu13", + "repo": "testing-grounds", + "rev": "efa72d320e1dcff1e2e8f696125ec7d4b40c0dd3", + "type": "gitlab" + }, + "original": { + "owner": "shobu13", + "repo": "testing-grounds", + "type": "gitlab" + } + }, + "unstable": { + "locked": { + "lastModified": 1757745802, + "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ], + "pyproject-nix": [ + "striped-back", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1744797880, + "narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "3583e037163491ecd833f1d5d3eedf3869543c5d", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..98c9f55 --- /dev/null +++ b/flake.nix @@ -0,0 +1,113 @@ +{ + description = "An empty flake template that you can adapt to your own environment"; + + # Flake inputs + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + colmena.url = "github:zhaofengli/colmena"; + + # commons + agenix.url = "github:ryantm/agenix"; + + # zimablade inputs + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + + # sin inputs + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + testing-grounds.url = "gitlab:shobu13/testing-grounds"; + shoblog-front.url = "gitlab:shobu13/shoblog"; + striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front"; + striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back"; + ollama-intel = { + url = "github:NikolasEnt/ollama-webui-intel"; + flake = false; + }; + + copyparty.url = "github:9001/copyparty"; + + }; + + # Flake outputs + outputs = inputs@{ + self, + + nixpkgs, + unstable, + colmena, + + agenix, + + disko, + + shoblog-front, + striped-front, + striped-back, + nix-minecraft, + testing-grounds, + copyparty, + ollama-intel, + ... + }: + let + # The systems supported for this flake + supportedSystems = [ + "x86_64-linux" # 64-bit Intel/AMD Linux + ]; + + # Helper to provide system-specific attributes + forEachSupportedSystem = f: inputs.nixpkgs.lib.genAttrs supportedSystems (system: f { + pkgs = import inputs.nixpkgs { inherit system; }; + }); + in + { + colmenaHive = colmena.lib.makeHive { + meta = { + nixpkgs = import nixpkgs { + system = "x86_64-linux"; + overlays = []; + }; + + specialArgs = { + inherit inputs; + }; + }; + + sin = { + imports = [ + ./hosts/n100/configuration.nix + ./hosts/n100/hardware-configuration.nix + ]; + + deployment.targetHost = "n100.homelab.local"; + }; + + zimablade = { + imports = [ + disko.nixosModules.disko + agenix.nixosModules.default + ./hosts/zimablade/configuration.nix + ./hosts/zimablade/hardware-configuration.nix + ]; + + deployment.targetHost = "zimablade.homelab.local"; + # deployment.targetPort = 22223; + }; + }; + devShells = forEachSupportedSystem ({ pkgs }: { + default = pkgs.mkShell { + # The Nix packages provided in the environment + # Add any you need here + packages = with pkgs; [ colmena.packages.${pkgs.system}.colmena ]; + + # Set any environment variables for your dev shell + env = { }; + + # Add any shell logic you want executed any time the environment is activated + shellHook = '' + ''; + }; + }); + }; +} diff --git a/hosts/n100/configuration.nix b/hosts/n100/configuration.nix new file mode 100644 index 0000000..a39408f --- /dev/null +++ b/hosts/n100/configuration.nix @@ -0,0 +1,110 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, nodes, ... }: + +{ + imports = + [ + ./nginx.nix + # ./striped + # ./cybercoffee + ./ollama.nix + ./minecraft.nix + # ./shares.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking = { + hostName = "n100"; # Define your hostname. + + nameservers = [ "10.0.0.4" ]; + + dhcpcd.extraConfig = "nohook resolv.conf"; + + firewall = { + allowedTCPPorts = [ nodes.zimablade.config.services.gitea.settings.server.SSH_PORT ]; + }; + nat = { + enable = true; + internalInterfaces = [ "enp1s0" ]; + externalInterface = "enp1s0"; + forwardPorts = [ { + sourcePort = nodes.zimablade.config.services.gitea.settings.server.SSH_PORT; + proto = "tcp"; + destination = "10.0.0.4:22"; + } ]; + }; + }; + + time.timeZone = "Europe/Paris"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config.allowUnfree = true; + + users.users.n100 = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + ]; + + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ]; + }; + + users.users.root = { + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ]; + }; + + + environment.systemPackages = with pkgs; [ + lunarvim + wget + httpie + tmux + git + helix + python312 + # lemonade + ]; + + services.openssh = { + enable = true; + ports = [ 22 ]; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? + +} + diff --git a/hosts/n100/cybercoffee/default.nix b/hosts/n100/cybercoffee/default.nix new file mode 100644 index 0000000..b566bbd --- /dev/null +++ b/hosts/n100/cybercoffee/default.nix @@ -0,0 +1,8 @@ +{pkgs, ...}: +{ + imports = [ + ./halflife.nix + ]; + + environment.systemPackages = [ pkgs.steamcmd ]; +} diff --git a/hosts/n100/cybercoffee/halflife.nix b/hosts/n100/cybercoffee/halflife.nix new file mode 100644 index 0000000..87a1e7a --- /dev/null +++ b/hosts/n100/cybercoffee/halflife.nix @@ -0,0 +1,2 @@ + +{...}: {} diff --git a/hosts/n100/flake.lock b/hosts/n100/flake.lock new file mode 100644 index 0000000..a823539 --- /dev/null +++ b/hosts/n100/flake.lock @@ -0,0 +1,327 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nix-minecraft": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1748570485, + "narHash": "sha256-oDnEc/rxyDf+uUXO56Z2TJtrrQoBe0Z4MCIRaY6lVZ0=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "6c961ee42ff2301ee61c75aa42cbe8c8adecf3c8", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1742889210, + "narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "698214a32beb4f4c8e3942372c694f40848b360d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1748421225, + "narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "revCount": 738982, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.738982%2Brev-5df43628fdf08d642be8ba5b3625a6c70731c19c/01947627-561b-7a9f-a379-f9ac4c680cb0/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1744463964, + "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", + "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", + "revCount": 782401, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1736549401, + "narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ], + "pyproject-nix": [ + "striped-back", + "pyproject-nix" + ], + "uv2nix": [ + "striped-back", + "uv2nix" + ] + }, + "locked": { + "lastModified": 1744599653, + "narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "7dba6dbc73120e15b558754c26024f6c93015dd7", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1743438845, + "narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "8063ec98edc459571d042a640b1c5e334ecfca1e", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "nix-minecraft": "nix-minecraft", + "nixpkgs": "nixpkgs_2", + "shoblog-front": "shoblog-front", + "striped-back": "striped-back", + "striped-front": "striped-front", + "testing-grounds": "testing-grounds" + } + }, + "shoblog-front": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1739983642, + "narHash": "sha256-yfswl2czYcKShilYbs+/TOevdCzuj8z/vpqAQuIK7C0=", + "owner": "shobu13", + "repo": "shoblog", + "rev": "4d96597762215c7b76de8543e8e482071bfbdff4", + "type": "gitlab" + }, + "original": { + "owner": "shobu13", + "repo": "shoblog", + "type": "gitlab" + } + }, + "striped-back": { + "inputs": { + "nixpkgs": "nixpkgs_4", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1748719386, + "narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=", + "ref": "refs/heads/master", + "rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf", + "revCount": 8, + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-back" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-back" + } + }, + "striped-front": { + "inputs": { + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1748718798, + "narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=", + "ref": "refs/heads/master", + "rev": "a553f10147dad9e41829f67b247817a079f6f671", + "revCount": 11, + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-front" + }, + "original": { + "type": "git", + "url": "ssh://git@gitlab.com/striped1/striped-front" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "testing-grounds": { + "inputs": { + "nixpkgs": "nixpkgs_6" + }, + "locked": { + "lastModified": 1737653472, + "narHash": "sha256-tXlQ6AWb1kFeyEPo4dhp1GLoeS5rY+qD9eB4OTUNbL8=", + "owner": "shobu13", + "repo": "testing-grounds", + "rev": "6cbf3e58cea39e5d93897be96e9fe81021c0b9ab", + "type": "gitlab" + }, + "original": { + "owner": "shobu13", + "repo": "testing-grounds", + "type": "gitlab" + } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "striped-back", + "nixpkgs" + ], + "pyproject-nix": [ + "striped-back", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1744797880, + "narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "3583e037163491ecd833f1d5d3eedf3869543c5d", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/n100/flake.nix b/hosts/n100/flake.nix new file mode 100644 index 0000000..5e9c4f0 --- /dev/null +++ b/hosts/n100/flake.nix @@ -0,0 +1,34 @@ +{ + description = "An empty flake template that you can adapt to your own environment"; + + # Flake inputs + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nix-minecraft.url = "github:Infinidoge/nix-minecraft"; + testing-grounds.url = "gitlab:shobu13/testing-grounds"; + shoblog-front.url = "gitlab:shobu13/shoblog"; + striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front"; + striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back"; + }; + + # Flake outputs + outputs = inputs@{ + self, + nixpkgs, + nix-minecraft, + shoblog-front, + striped-front, + striped-back, + ... + }: + { + nixosConfigurations.n100 = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./configuration.nix + ./hardware-configuration.nix + ]; + }; + }; +} diff --git a/hosts/n100/hardware-configuration.nix b/hosts/n100/hardware-configuration.nix new file mode 100644 index 0000000..0e45db5 --- /dev/null +++ b/hosts/n100/hardware-configuration.nix @@ -0,0 +1,58 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/swap" = + { device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc"; + fsType = "btrfs"; + options = [ "subvol=swap" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/D1B9-8019"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/n100/minecraft.nix b/hosts/n100/minecraft.nix new file mode 100644 index 0000000..d2fa73c --- /dev/null +++ b/hosts/n100/minecraft.nix @@ -0,0 +1,33 @@ +{pkgs, inputs, ...}: +let + modpack = pkgs.fetchPackwizModpack { + url = "file:///${inputs.testing-grounds.modpack}/pack.toml"; + packHash = "sha256-+taYj4uroLNxM4Nia3n+5P1Y/g6dzE6Iq13TsZgk4mU="; + }; +in +{ + imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ]; + nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; + + services.minecraft-servers = { + enable = true; + eula = true; + openFirewall = true; + + servers.testing-grounds = { + enable = true; + + package = inputs.testing-grounds.packages.x86_64-linux.forge-server; + + symlinks = { + "libraries" = inputs.testing-grounds.forge-libraries; + "mods" = "${modpack}/mods"; + }; + + serverProperties = { + motd = "welcome to testing grounds"; + allow-flight = true; + }; + }; + }; +} diff --git a/hosts/n100/nginx.nix b/hosts/n100/nginx.nix new file mode 100644 index 0000000..a20c481 --- /dev/null +++ b/hosts/n100/nginx.nix @@ -0,0 +1,126 @@ +{inputs, ...}: +let + striped-front = inputs.striped-front; +in { + + networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts = + let + mkStarr = host: port: { + "${host}" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:${port}"; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_server_name on; + proxy_read_timeout 4800s; + ''; + }; + }; + }; + in + ( + mkStarr "jellyfin.shobu.fr" "8096" + // mkStarr "radarr.shobu.fr" "7878" + // mkStarr "sonarr.shobu.fr" "8989" + // mkStarr "prowlarr.shobu.fr" "9696" + // mkStarr "bazarr.shobu.fr" "6767" + // mkStarr "jellyseerr.shobu.fr" "5055" + // mkStarr "fileshelter.shobu.fr" "5091" + // mkStarr "lidarr.shobu.fr" "8686" + // mkStarr "transmission.shobu.fr" "9091" + // mkStarr "zimablade-admin.shobu.fr" "61208" + // { + "shobu.fr" = { + enableACME = true; + forceSSL = true; + + root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist"; + }; + "data.shobu.fr" = { + enableACME = true; + forceSSL = true; + + root = "/mnt/shares/data"; + }; + "bddtrans.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:8001"; + extraConfig = '' + proxy_ssl_server_name on; + ''; + }; + }; + "bddtrans-api.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:8000"; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_server_name on; + ''; + }; + }; + "striped.shobu.fr" = { + enableACME = true; + forceSSL = true; + + root = "${striped-front.packages.x86_64-linux.default}/dist"; + }; + "dashboard.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:8082"; + }; + }; + "git.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:3000"; + }; + }; + "files.shobu.fr" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://10.0.0.4:8086"; + }; + }; + # "matrix.shobu.fr" = { + # forceSSL = true; + # enableACME = true; + # locations."/".extraConfig = '' + # return 404; + # ''; + # locations."/_matrix".proxyPass = "http://10.0.0.4:8008"; + # locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008"; + # locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server"; + # }; + } + ); + }; + + security.acme = { + acceptTerms = true; + defaults.email = "shobu_serhao@proton.me"; + }; +} diff --git a/hosts/n100/ollama.nix b/hosts/n100/ollama.nix new file mode 100644 index 0000000..8a7187a --- /dev/null +++ b/hosts/n100/ollama.nix @@ -0,0 +1,6 @@ +{inputs, ...}: { + virtualisation.docker = { + enable = true; + storageDriver = "btrfs"; + }; +} diff --git a/hosts/n100/shares.nix b/hosts/n100/shares.nix new file mode 100644 index 0000000..d7f4752 --- /dev/null +++ b/hosts/n100/shares.nix @@ -0,0 +1,18 @@ +{...}: { + boot.supportedFilesystems = [ "fuse.sshfs" ]; + programs.fuse.userAllowOther = true; + + fileSystems = { + "/mnt/shares/data" = { + device = "shobu@10.0.0.4:/mnt/data/"; + fsType = "fuse.sshfs"; + options = [ + "debug" + "allow_other" + "nodev" + "nosuid" + "IdentityFile=/home/n100/.ssh/id_ed25519" + ]; + }; + }; +} diff --git a/hosts/n100/striped/back.nix b/hosts/n100/striped/back.nix new file mode 100644 index 0000000..cd9fc9f --- /dev/null +++ b/hosts/n100/striped/back.nix @@ -0,0 +1,31 @@ +{inputs, ...}: +let + striped-back = inputs.striped-back; +in { + imports = [ + striped-back.nixosModules.default + ]; + + services.striped-back-api = { + enable = true; + + nginx = { + enable = true; + useSSL = true; + }; + + socket.enable = true; + + settings.django = { + allowed-hosts = ["striped-api.shobu.fr"]; + debug = true; + databases = { + default = { + ENGINE = "django.db.backends.sqlite3"; + NAME = "/var/lib/striped_back_api/db.sqlite3"; + }; + }; + media-root = "/var/lib/striped_back_api/media"; + }; + }; +} diff --git a/hosts/n100/striped/default.nix b/hosts/n100/striped/default.nix new file mode 100644 index 0000000..e7dfa5b --- /dev/null +++ b/hosts/n100/striped/default.nix @@ -0,0 +1,5 @@ +{striped-back, striped-front, ...}:{ + imports = [ + ./back.nix + ]; +} diff --git a/hosts/zimablade/.envrc b/hosts/zimablade/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/hosts/zimablade/.envrc @@ -0,0 +1 @@ +use flake diff --git a/hosts/zimablade/configuration.nix b/hosts/zimablade/configuration.nix new file mode 100644 index 0000000..f23f708 --- /dev/null +++ b/hosts/zimablade/configuration.nix @@ -0,0 +1,91 @@ +{ + modulesPath, + lib, + pkgs, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./luks-btrfs-raid.nix + ./jellyfin.nix + ./transmission.nix + ./homepage.nix + ./glances.nix + ./secrets.nix + ./coredns + ./gitea.nix + ./copyparty.nix + ]; + + boot.initrd.kernelModules = [ "usb_storage" ]; + + boot.loader.grub = { + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking = { + hostName = "sin"; + + nameservers = [ "10.0.0.4" ]; + + dhcpcd.extraConfig = "nohook resolv.conf"; + + firewall = { + allowedTCPPorts = [ + 8000 + 8001 + + 3000 # gitea + + 53 + ]; + + allowedUDPPorts = [ 53 ]; + }; + }; + + time.timeZone = "Europe/Paris"; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nixpkgs.config.allowUnfree = true; + + users.users = { + zimablade = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ]; + }; + shobu = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ]; + }; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + # change this to your ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" + ]; + + environment.systemPackages = map lib.lowPrio [ + pkgs.curl + pkgs.gitMinimal + ] ++ (with pkgs; [ + helix + httpie + btop + tmux + ]); + + services = { + openssh = { + enable = true; + ports = [ 22 ]; + }; + }; + + system.stateVersion = "24.11"; +} diff --git a/hosts/zimablade/copyparty.nix b/hosts/zimablade/copyparty.nix new file mode 100644 index 0000000..f74118d --- /dev/null +++ b/hosts/zimablade/copyparty.nix @@ -0,0 +1,31 @@ +{inputs, pkgs, ...}: { + imports = [ inputs.copyparty.nixosModules.default ]; + nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; + environment.systemPackages = [ pkgs.copyparty ]; + services.copyparty = { + enable = true; + + settings = { + p = [ 8086 ]; + e2dsa = true; + e2ts = true; + z = true; + qr = true; + xff-src = "lan"; + http-only = true; + og = true; + shr = "/shares"; + }; + + volumes = { + "/media" = { + path = "/mnt/mediacenter/media"; + access = { + r = "*"; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8086 ]; +} diff --git a/hosts/zimablade/coredns/db.homelab.local b/hosts/zimablade/coredns/db.homelab.local new file mode 100644 index 0000000..f53fd4a --- /dev/null +++ b/hosts/zimablade/coredns/db.homelab.local @@ -0,0 +1,6 @@ +$ORIGIN homelab.local. +@ IN SOA dns.homelab.local. shobu_serhao.proton.me. 2502011720 7200 3600 1209600 3600 + +dns IN A 10.0.0.5 +n100 IN A 10.0.0.5 +zimablade IN A 10.0.0.4 diff --git a/hosts/zimablade/coredns/default.nix b/hosts/zimablade/coredns/default.nix new file mode 100644 index 0000000..0381373 --- /dev/null +++ b/hosts/zimablade/coredns/default.nix @@ -0,0 +1,22 @@ +{...}: { + services.coredns = { + enable = true; + config = '' + homelab.local { + file ${./db.homelab.local} + log + errors + cache + } + + . { + forward . 8.8.8.8 + forward . 84.200.69.80 + forward . 84.200.70.40 + log + errors + cache + } + ''; + }; +} diff --git a/hosts/zimablade/flake.lock b/hosts/zimablade/flake.lock new file mode 100644 index 0000000..839df03 --- /dev/null +++ b/hosts/zimablade/flake.lock @@ -0,0 +1,161 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1738765162, + "narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=", + "owner": "nix-community", + "repo": "disko", + "rev": "ff3568858c54bd306e9e1f2886f0f781df307dff", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1738843498, + "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "disko": "disko", + "nixpkgs": "nixpkgs_2", + "unstable": "unstable" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "unstable": { + "locked": { + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/zimablade/flake.nix b/hosts/zimablade/flake.nix new file mode 100644 index 0000000..4a322f5 --- /dev/null +++ b/hosts/zimablade/flake.nix @@ -0,0 +1,54 @@ +{ + description = "An empty flake template that you can adapt to your own environment"; + + # Flake inputs + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + inputs.disko.url = "github:nix-community/disko"; + inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + + inputs = { + # projects + unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + + agenix.url = "github:ryantm/agenix"; + }; + + # Flake outputs + outputs = inputs@{ self, nixpkgs, disko, unstable, agenix, ... }: + let + # The systems supported for this flake + supportedSystems = [ + "x86_64-linux" # 64-bit Intel/AMD Linux + ]; + + # Helper to provide system-specific attributes + forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { + pkgs = import nixpkgs { inherit system; }; + }); + in + { + nixosConfigurations.zimablade = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + agenix.nixosModules.default + ./configuration.nix + ./hardware-configuration.nix + ]; + specialArgs = { + inherit inputs; + }; + }; + + devShells = forEachSupportedSystem ({ pkgs }: { + default = pkgs.mkShell { + # The Nix packages provided in the environment + # Add any you need here + packages = with pkgs; [ pkgs.disko nixos-anywhere ]; + + # Add any shell logic you want executed any time the environment is activated + shellHook = ''''; + }; + }); + }; +} diff --git a/hosts/zimablade/gitea.nix b/hosts/zimablade/gitea.nix new file mode 100644 index 0000000..72833f6 --- /dev/null +++ b/hosts/zimablade/gitea.nix @@ -0,0 +1,18 @@ +{lib, nodes, ...}: let + ssh_port = 24658; +in { + services = { + gitea = { + enable = true; + settings = { + server = { + DOMAIN = "git.shobu.fr"; + SSH_PORT = ssh_port; + }; + }; + }; + # openssh = { + # ports = lib.mkAfter [ ssh_port ]; + # }; + }; +} diff --git a/hosts/zimablade/glances.nix b/hosts/zimablade/glances.nix new file mode 100644 index 0000000..9964f68 --- /dev/null +++ b/hosts/zimablade/glances.nix @@ -0,0 +1,8 @@ +{...}: { + services.glances = { + enable = true; + openFirewall = true; + # TODO Change secrets + extraArgs = [ "--webserver" ]; + }; +} diff --git a/hosts/zimablade/hardware-configuration.nix b/hosts/zimablade/hardware-configuration.nix new file mode 100644 index 0000000..14be96b --- /dev/null +++ b/hosts/zimablade/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s21f0u3u4.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/zimablade/homepage.nix b/hosts/zimablade/homepage.nix new file mode 100644 index 0000000..af139bd --- /dev/null +++ b/hosts/zimablade/homepage.nix @@ -0,0 +1,231 @@ + +{inputs, pkgs, ...}: { + services.homepage-dashboard = { + enable = true; + openFirewall = true; + allowedHosts = "dashboard.shobu.fr"; + settings = { + title = "Shobu's homelab dashboard"; + description = "a dashboard of free and wesome bullshit"; + startUrl = "https://dashboard.shobu.fr"; + base = "https://dashboard.shobu.fr"; + headerStyle = "boxed"; + + providers = { + "finnhub" = "cuvq5e9r01qub8tv03g0cuvq5e9r01qub8tv03gg"; + }; + + layout = [ + {"resources" = {};} + { + "about me stuff" = { + tab = "Public"; + }; + } + { + "tools" = { + tab = "Public"; + }; + } + { + "gayming" = { + tab = "Public"; + }; + } + { + "mediacenter" = { + tab = "Mediacenter"; + header = false; + }; + } + ]; + }; + + widgets = [ + { + greeting = { + text = "Welcome on my services and links dashboard, make yourself home."; + }; + } + { + datetime = { + format = { + dateStyle = "short"; + }; + }; + } + { + glances = { + url = "https://zimablade-admin.shobu.fr"; + user = "shobu"; + password = "shobu"; + version = 4; + disk = [ + "/" + "/mnt/fs" + ]; + expanded = true; + }; + } + ]; + + bookmarks = [ + { + "tools" = [ + { + "bddtrans" = [ + { + icon = "https://bddtrans.shobu.fr/favicon.ico"; + href = "https://bddtrans.shobu.fr"; + } + ]; + } + ]; + } + { + "about me stuff" = [ + { + "shobu.fr" = [ + { + icon = "https://shobu.fr/favicon.ico"; + href = "https://shobu.fr"; + } + ]; + } + { + "gitlab" = [ + { + icon = "gitlab.png"; + href = "https://gitlab.com/shobu13"; + } + ]; + } + ]; + } + ]; + + services = [ + { + "gayming" = [ + { + "testing grounds" = { + description = "a lightweight modded minecraft server"; + href = "https://modrinth.com/modpack/testing-grounds"; + widget = { + type = "minecraft"; + url = "udp://minecraft.shobu.fr:25565"; + }; + }; + } + ]; + } + { + "mediacenter" = [ + { + "users" = [ + { + "jellyfin" = { + icon = "jellyfin.png"; + href = "https://jellyfin.shobu.fr"; + description = "Movies & TV shows"; + widget = { + type = "jellyfin"; + url = "https://jellyfin.shobu.fr"; + key = "af4888d2c6594473be63e8299355d048"; + enableBlocks = true; + enableNowPlaying = false; + }; + }; + } + { + "jellyseerr" = { + icon = "jellyseerr.png"; + href = "https://jellyseerr.shobu.fr"; + description = "Request movies and shows"; + widget = { + type = "jellyseerr"; + url = "https://jellyseerr.shobu.fr"; + key = "MTczNzkyNzMxMzgwODk4N2FlZWJkLTQ0N2QtNGU0MS1iOWE1LTJmZmE3OTI4ZGQ5OQ=="; + }; + }; + } + { + "calendar" = { + widget = { + type = "calendar"; + view = "agenda"; + showTime = true; + integrations = [ + { + type = "sonarr"; + service_group = "administration"; + service_name = "sonarr"; + } + { + type = "radarr"; + service_group = "administration"; + service_name = "radarr"; + } + { + type = "lidarr"; + service_group = "administration"; + service_name = "lidarr"; + } + ]; + }; + }; + } + ]; + } + { + "administration" = [ + { + "radarr" = { + icon = "radarr.png"; + href = "https://radarr.shobu.fr"; + widget = { + type = "radarr"; + url = "https://radarr.shobu.fr"; + key = "13474b968893451fb5aa378457dc84a2"; + }; + }; + } + { + "sonarr" = { + icon = "sonarr.png"; + href = "https://sonarr.shobu.fr"; + widget = { + type = "sonarr"; + url = "https://sonarr.shobu.fr"; + key = "f194704f6dce4072928d857d49c1f185"; + }; + }; + } + { + "lidarr" = { + icon = "lidarr.png"; + href = "https://lidarr.shobu.fr"; + widget = { + type = "lidarr"; + url = "https://lidarr.shobu.fr"; + key = "deff3fc5052844e7b37dfe439a91f8bc"; + }; + }; + } + { + "transmission" = { + icon = "transmission.png"; + href = "https://transmission.shobu.fr"; + widget = { + type = "transmission"; + url = "https://transmission.shobu.fr"; + }; + }; + } + ]; + } + ]; + } + ]; + }; +} diff --git a/hosts/zimablade/jellyfin.nix b/hosts/zimablade/jellyfin.nix new file mode 100644 index 0000000..9d49965 --- /dev/null +++ b/hosts/zimablade/jellyfin.nix @@ -0,0 +1,83 @@ +{pkgs, inputs, ...}: let + unstable = import inputs.unstable { system = pkgs.system; }; +in { + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + intel-vaapi-driver + vaapiVdpau + intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) + vpl-gpu-rt # QSV on 11th gen or newer + intel-media-sdk # QSV up to 11th gen + ]; + }; + + nixpkgs.config.permittedInsecurePackages = [ + "dotnet-sdk-6.0.428" + "aspnetcore-runtime-6.0.36" + ]; + + users.users."starr" = { + isSystemUser = true; + group = "starr"; + extraGroups = [ "jellyfin" ]; + }; + + users.users.sonarr.extraGroups = ["jellyfin" "radarr" "transmission" "starr"]; + users.users.radarr.extraGroups = ["jellyfin" "sonarr" "transmission" "starr"]; + users.users.bazarr.extraGroups = ["jellyfin" "sonarr" "transmission" "starr" "radarr"]; + users.users.lidarr.extraGroups = ["jellyfin" "starr" "transmission"]; + + users.users.shobu.extraGroups = [ "jellyfin" "starr" "transmission" "radarr" "sonarr" ]; + + + users.groups = { + starr = {}; + }; + + services = { + jellyfin = { + enable = true; + openFirewall = true; + }; + + sonarr = { + enable = true; + openFirewall = true; + group = "starr"; + }; + radarr = { + enable = true; + openFirewall = true; + group = "starr"; + }; + prowlarr = { + enable = true; + openFirewall = true; + }; + bazarr = { + enable = true; + openFirewall = true; + }; + lidarr = { + enable = true; + openFirewall = true; + package = unstable.lidarr; + }; + + jellyseerr = { + enable = true; + openFirewall = true; + }; + }; + + environment.systemPackages = [ + pkgs.jellyfin + pkgs.jellyfin-web + pkgs.jellyfin-ffmpeg + ]; +} diff --git a/hosts/zimablade/luks-btrfs-raid.nix b/hosts/zimablade/luks-btrfs-raid.nix new file mode 100644 index 0000000..692e320 --- /dev/null +++ b/hosts/zimablade/luks-btrfs-raid.nix @@ -0,0 +1,136 @@ +{...}: { + disko.devices = { + disk = { + # Devices will be mounted and formatted in alphabetical order, and btrfs can only mount raids + # when all devices are present. So we define an "empty" luks device on the first disk, + # and the actual btrfs raid on the second disk, and the name of these entries matters! + system = { + type = "disk"; + device = "/dev/mmcblk0"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + crypt_root = { + size = "100%"; + content = { + type = "luks"; + name = "p_root"; + settings = { + allowDiscards = true; + keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00"; + keyFileSize = 4096; + }; + content = { + type = "btrfs"; + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; + }; + + data1 = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + crypt_p1 = { + size = "100%"; + content = { + type = "luks"; + name = "p_data1"; # device-mapper name when decrypted + # Remove settings.keyFile if you want to use interactive password entry + settings = { + allowDiscards = true; + keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00"; + keyFileSize = 4096; + }; + }; + }; + }; + }; + }; + data2 = { + type = "disk"; + device = "/dev/sdb"; + content = { + type = "gpt"; + partitions = { + crypt_p2 = { + size = "100%"; + content = { + type = "luks"; + name = "p_data2"; + # Remove settings.keyFile if you want to use interactive password entry + settings = { + allowDiscards = true; + keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00"; # Same key for both devices + keyFileSize = 4096; + }; + content = { + type = "btrfs"; + extraArgs = [ + "-d raid0" + "/dev/mapper/p_data1" # Use decrypted mapped device, same name as defined in disk1 + ]; + subvolumes = { + "/" = { + mountpoint = "/mnt/fs"; + mountOptions = [ "compress=zstd:3" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd:3" ]; + }; + + "/data" = { + mountpoint = "/mnt/data"; + mountOptions = [ "compress=zstd:3" ]; + }; + "/mediacenter" = { + mountpoint = "/mnt/mediacenter"; + mountOptions = [ "compress=zstd:3" ]; + }; + "/backups" = { + mountpoint = "/mnt/backups"; + mountOptions = [ "compress=zstd:6" ]; + }; + "/jellyfin" = { + mountpoint = "/mnt/jellyfin"; + mountOptions = [ ]; + }; + "/containers" = { + mountpoint = "/var/lib/containers"; + mountOptions = [ ]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/zimablade/matrix.nix b/hosts/zimablade/matrix.nix new file mode 100644 index 0000000..7db1e86 --- /dev/null +++ b/hosts/zimablade/matrix.nix @@ -0,0 +1,60 @@ +{pkgs, config, ...}: +{ + users.users = { + postgres = { + isSystemUser = true; + }; + matrix-synapse = { + isSystemUser = true; + }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "matrix-synapse" ]; + ensureUsers = [ + { + name = "matrix-synapse"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + authentication = pkgs.lib.mkOverride 10 '' + #type #database #user #auth-method + local postgres all trust + local matrix-synapse matrix-synapse trust + ''; + }; + + networking.firewall.allowedTCPPorts = [ 8008 8448 ]; + + services.matrix-synapse = { + enable = true; + settings = { + server_name = "matrix.shobu.fr"; + public_baseurl = "https://matrix.shobu.fr/"; + enable_registration = true; + enable_registration_captcha = true; + serve_server_wellknown = true; + listeners = [ + { + port = 8008; + bind_addresses = ["0.0.0.0"]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + extraConfigFiles = [ + config.age.secrets.captcha.path + ]; + }; +} diff --git a/hosts/zimablade/secrets.nix b/hosts/zimablade/secrets.nix new file mode 100644 index 0000000..46e3056 --- /dev/null +++ b/hosts/zimablade/secrets.nix @@ -0,0 +1,13 @@ +{...}: { + age.secrets = { + # captcha = { + # file = ./secrets/matrix_captcha.age; + # group = "matrix-synapse"; + # mode = "770"; + # }; + airvpn-params = { + file = ./secrets/airvpn_wireguard_key_env.age; + mode = "700"; + }; + }; +} diff --git a/hosts/zimablade/secrets/airvpn_wireguard_key_env.age b/hosts/zimablade/secrets/airvpn_wireguard_key_env.age new file mode 100644 index 0000000..8743e5a Binary files /dev/null and b/hosts/zimablade/secrets/airvpn_wireguard_key_env.age differ diff --git a/hosts/zimablade/secrets/matrix_captcha.age b/hosts/zimablade/secrets/matrix_captcha.age new file mode 100644 index 0000000..93953d8 Binary files /dev/null and b/hosts/zimablade/secrets/matrix_captcha.age differ diff --git a/hosts/zimablade/transmission.nix b/hosts/zimablade/transmission.nix new file mode 100644 index 0000000..88f59c6 --- /dev/null +++ b/hosts/zimablade/transmission.nix @@ -0,0 +1,69 @@ +{config, ...}: { + + users.users."starr" = { + extraGroups = [ "transmission" ]; + }; + + users.users.transmission = { + isSystemUser = true; + group = "transmission"; + uid = 992; + }; + + users.groups = { + transmission.gid = 989; + }; + + virtualisation.oci-containers = let + peerport = "63369"; + in { + backend = "docker"; + containers = { + gluetun = { + image = "qmcgaw/gluetun"; + environment = { + VPN_SERVICE_PROVIDER = "airvpn"; + VPN_TYPE = "wireguard"; + # WIREGUARD_PRIVATE_KEY = "from agenix"; + # WIREGUARD_PRESHARED_KEY = "from agenix"; + # WIREGUARD_ADDRESSES = "from agenix"; + # SERVER_COUNTRIES = "from agenix"; + FIREWALL_VPN_INPUT_PORTS = "13277,${peerport}"; + }; + environmentFiles = [ + config.age.secrets.airvpn-params.path + ]; + extraOptions = [ + "--cap-add=NET_ADMIN" + "--device=/dev/net/tun" + ]; + ports = [ + "13277:13277" + "9091:13277" + "${peerport}:${peerport}" + "${peerport}:${peerport}/udp" + ]; + }; + transmission = { + image = "docker.io/linuxserver/transmission:latest"; + volumes = [ + "/etc/transmission:/config" + "/etc/localtime:/etc/localtime:ro" + "/mnt/mediacenter/torrents:/mnt/mediacenter/torrents" + "/mnt/data/transmission_downloads:/mnt/data/transmission_downloads" + ]; + dependsOn = [ + "gluetun" + ]; + extraOptions = [ + "--network=container:gluetun" + ]; + environment = { + PUID = toString config.users.users.transmission.uid; + GUID = toString config.users.groups.transmission.gid; + PEERPORT = peerport; + }; + }; + }; + }; +} diff --git a/modules/gitea/n100/default.nix b/modules/gitea/n100/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/gitea/zimablade/default.nix b/modules/gitea/zimablade/default.nix new file mode 100644 index 0000000..91e1f3e --- /dev/null +++ b/modules/gitea/zimablade/default.nix @@ -0,0 +1,15 @@ +{lib, ...}: let + ssh_port = 24658; +in { + services = { + gitea = { + enable = true; + settings = { + server = { + DOMAIN = "git.shobu.fr"; + SSH_PORT = ssh_port; + }; + }; + }; + }; +}