sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
shobu 2025-09-18 08:28:44 +02:00
commit 265e09d77a
35 changed files with 2532 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

635
flake.lock generated Normal file
View File

@ -0,0 +1,635 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1754433428,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm",
"repo": "agenix",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_2",
"stable": "stable"
},
"locked": {
"lastModified": 1755272288,
"narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"copyparty": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1757797810,
"narHash": "sha256-cecYpMD1SR0QwqiMTmhy1OtfjC4UUkP3TAeiHQjVpG0=",
"owner": "9001",
"repo": "copyparty",
"rev": "8f587627e16cb14efa0c20ad77e18728792e4186",
"type": "github"
},
"original": {
"owner": "9001",
"repo": "copyparty",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1757508292,
"narHash": "sha256-7lVWL5bC6xBIMWWDal41LlGAG+9u2zUorqo3QCUL4p4=",
"owner": "nix-community",
"repo": "disko",
"rev": "146f45bee02b8bd88812cfce6ffc0f933788875a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1757555667,
"narHash": "sha256-09403AZgH/TR1bpilDm8yJucZ2hYcZm8bzY3t8NgPJQ=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "d6d19d54dcec2a6afac3b9442643dd18e8b0566d",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1754028485,
"narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "59e69648d345d6e8fef86158c555730fa12af9de",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1750134718,
"narHash": "sha256-v263g4GbxXv87hMXMCpjkIxd/viIF7p3JpJrwgKdNiI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9e83b64f727c88a7711a2c463a7b16eedb69a84c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1748162331,
"narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-25.05",
"type": "indirect"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1757545623,
"narHash": "sha256-mCxPABZ6jRjUQx3bPP4vjA68ETbPLNz9V2pk9tO7pRQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8cd5ce828d5d1d16feff37340171a98fc3bf6526",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"revCount": 738982,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.738982%2Brev-5df43628fdf08d642be8ba5b3625a6c70731c19c/01947627-561b-7a9f-a379-f9ac4c680cb0/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"revCount": 782401,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1736549401,
"narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"ollama-intel": {
"flake": false,
"locked": {
"lastModified": 1757015956,
"narHash": "sha256-A8zt9SE6rUCm06LkNB1dwsV8lZ+dMMZZWkAhjlnUawU=",
"owner": "NikolasEnt",
"repo": "ollama-webui-intel",
"rev": "ac701a2e9bd1a61deba8d88e5a4ac65b60adc173",
"type": "github"
},
"original": {
"owner": "NikolasEnt",
"repo": "ollama-webui-intel",
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
],
"uv2nix": [
"striped-back",
"uv2nix"
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743438845,
"narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"colmena": "colmena",
"copyparty": "copyparty",
"disko": "disko",
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_5",
"ollama-intel": "ollama-intel",
"shoblog-front": "shoblog-front",
"striped-back": "striped-back",
"striped-front": "striped-front",
"testing-grounds": "testing-grounds",
"unstable": "unstable"
}
},
"shoblog-front": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1752594581,
"narHash": "sha256-chBYrFK4ZVYIhMpW5rhbdmUllep+cOtOQD7/4ttL8hg=",
"owner": "shobu13",
"repo": "shoblog",
"rev": "eb4fb1a5d077586e359506b8e0469e46d241028d",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "shoblog",
"type": "gitlab"
}
},
"stable": {
"locked": {
"lastModified": 1750133334,
"narHash": "sha256-urV51uWH7fVnhIvsZIELIYalMYsyr2FCalvlRTzqWRw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "36ab78dab7da2e4e27911007033713bab534187b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"striped-back": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1748719386,
"narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
"ref": "refs/heads/master",
"rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
"revCount": 8,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
}
},
"striped-front": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1748718798,
"narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
"ref": "refs/heads/master",
"rev": "a553f10147dad9e41829f67b247817a079f6f671",
"revCount": 11,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"testing-grounds": {
"inputs": {
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1755527993,
"narHash": "sha256-h+72V/KNXnFw/v/6Spme6wwFlYxRdQo6Cxub1uveJlQ=",
"owner": "shobu13",
"repo": "testing-grounds",
"rev": "efa72d320e1dcff1e2e8f696125ec7d4b40c0dd3",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "testing-grounds",
"type": "gitlab"
}
},
"unstable": {
"locked": {
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1744797880,
"narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

113
flake.nix Normal file
View File

@ -0,0 +1,113 @@
{
description = "An empty flake template that you can adapt to your own environment";
# Flake inputs
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
colmena.url = "github:zhaofengli/colmena";
# commons
agenix.url = "github:ryantm/agenix";
# zimablade inputs
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
# sin inputs
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
testing-grounds.url = "gitlab:shobu13/testing-grounds";
shoblog-front.url = "gitlab:shobu13/shoblog";
striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
ollama-intel = {
url = "github:NikolasEnt/ollama-webui-intel";
flake = false;
};
copyparty.url = "github:9001/copyparty";
};
# Flake outputs
outputs = inputs@{
self,
nixpkgs,
unstable,
colmena,
agenix,
disko,
shoblog-front,
striped-front,
striped-back,
nix-minecraft,
testing-grounds,
copyparty,
ollama-intel,
...
}:
let
# The systems supported for this flake
supportedSystems = [
"x86_64-linux" # 64-bit Intel/AMD Linux
];
# Helper to provide system-specific attributes
forEachSupportedSystem = f: inputs.nixpkgs.lib.genAttrs supportedSystems (system: f {
pkgs = import inputs.nixpkgs { inherit system; };
});
in
{
colmenaHive = colmena.lib.makeHive {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [];
};
specialArgs = {
inherit inputs;
};
};
sin = {
imports = [
./hosts/n100/configuration.nix
./hosts/n100/hardware-configuration.nix
];
deployment.targetHost = "n100.homelab.local";
};
zimablade = {
imports = [
disko.nixosModules.disko
agenix.nixosModules.default
./hosts/zimablade/configuration.nix
./hosts/zimablade/hardware-configuration.nix
];
deployment.targetHost = "zimablade.homelab.local";
# deployment.targetPort = 22223;
};
};
devShells = forEachSupportedSystem ({ pkgs }: {
default = pkgs.mkShell {
# The Nix packages provided in the environment
# Add any you need here
packages = with pkgs; [ colmena.packages.${pkgs.system}.colmena ];
# Set any environment variables for your dev shell
env = { };
# Add any shell logic you want executed any time the environment is activated
shellHook = ''
'';
};
});
};
}

110
hosts/n100/configuration.nix Normal file
View File

@ -0,0 +1,110 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, nodes, ... }:
{
imports =
[
./nginx.nix
# ./striped
# ./cybercoffee
./ollama.nix
./minecraft.nix
# ./shares.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "n100"; # Define your hostname.
nameservers = [ "10.0.0.4" ];
dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [ nodes.zimablade.config.services.gitea.settings.server.SSH_PORT ];
};
nat = {
enable = true;
internalInterfaces = [ "enp1s0" ];
externalInterface = "enp1s0";
forwardPorts = [ {
sourcePort = nodes.zimablade.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "10.0.0.4:22";
} ];
};
};
time.timeZone = "Europe/Paris";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
users.users.n100 = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
users.users.root = {
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
environment.systemPackages = with pkgs; [
lunarvim
wget
httpie
tmux
git
helix
python312
# lemonade
];
services.openssh = {
enable = true;
ports = [ 22 ];
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

8
hosts/n100/cybercoffee/default.nix Normal file
View File

@ -0,0 +1,8 @@
{pkgs, ...}:
{
imports = [
./halflife.nix
];
environment.systemPackages = [ pkgs.steamcmd ];
}

2
hosts/n100/cybercoffee/halflife.nix Normal file
View File

@ -0,0 +1,2 @@
{...}: {}

327
hosts/n100/flake.lock generated Normal file
View File

@ -0,0 +1,327 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1748570485,
"narHash": "sha256-oDnEc/rxyDf+uUXO56Z2TJtrrQoBe0Z4MCIRaY6lVZ0=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "6c961ee42ff2301ee61c75aa42cbe8c8adecf3c8",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1748421225,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"revCount": 738982,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.738982%2Brev-5df43628fdf08d642be8ba5b3625a6c70731c19c/01947627-561b-7a9f-a379-f9ac4c680cb0/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"revCount": 782401,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1736549401,
"narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
],
"uv2nix": [
"striped-back",
"uv2nix"
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743438845,
"narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_2",
"shoblog-front": "shoblog-front",
"striped-back": "striped-back",
"striped-front": "striped-front",
"testing-grounds": "testing-grounds"
}
},
"shoblog-front": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1739983642,
"narHash": "sha256-yfswl2czYcKShilYbs+/TOevdCzuj8z/vpqAQuIK7C0=",
"owner": "shobu13",
"repo": "shoblog",
"rev": "4d96597762215c7b76de8543e8e482071bfbdff4",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "shoblog",
"type": "gitlab"
}
},
"striped-back": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1748719386,
"narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
"ref": "refs/heads/master",
"rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
"revCount": 8,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
}
},
"striped-front": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1748718798,
"narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
"ref": "refs/heads/master",
"rev": "a553f10147dad9e41829f67b247817a079f6f671",
"revCount": 11,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"testing-grounds": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1737653472,
"narHash": "sha256-tXlQ6AWb1kFeyEPo4dhp1GLoeS5rY+qD9eB4OTUNbL8=",
"owner": "shobu13",
"repo": "testing-grounds",
"rev": "6cbf3e58cea39e5d93897be96e9fe81021c0b9ab",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "testing-grounds",
"type": "gitlab"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1744797880,
"narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
hosts/n100/flake.nix Normal file
View File

@ -0,0 +1,34 @@
{
description = "An empty flake template that you can adapt to your own environment";
# Flake inputs
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
testing-grounds.url = "gitlab:shobu13/testing-grounds";
shoblog-front.url = "gitlab:shobu13/shoblog";
striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
};
# Flake outputs
outputs = inputs@{
self,
nixpkgs,
nix-minecraft,
shoblog-front,
striped-front,
striped-back,
...
}:
{
nixosConfigurations.n100 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./configuration.nix
./hardware-configuration.nix
];
};
};
}

58
hosts/n100/hardware-configuration.nix Normal file
View File

@ -0,0 +1,58 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=swap" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D1B9-8019";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

33
hosts/n100/minecraft.nix Normal file
View File

@ -0,0 +1,33 @@
{pkgs, inputs, ...}:
let
modpack = pkgs.fetchPackwizModpack {
url = "file:///${inputs.testing-grounds.modpack}/pack.toml";
packHash = "sha256-+taYj4uroLNxM4Nia3n+5P1Y/g6dzE6Iq13TsZgk4mU=";
};
in
{
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
servers.testing-grounds = {
enable = true;
package = inputs.testing-grounds.packages.x86_64-linux.forge-server;
symlinks = {
"libraries" = inputs.testing-grounds.forge-libraries;
"mods" = "${modpack}/mods";
};
serverProperties = {
motd = "welcome to testing grounds";
allow-flight = true;
};
};
};
}

126
hosts/n100/nginx.nix Normal file
View File

@ -0,0 +1,126 @@
{inputs, ...}:
let
striped-front = inputs.striped-front;
in {
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
mkStarr = host: port: {
"${host}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_read_timeout 4800s;
'';
};
};
};
in
(
mkStarr "jellyfin.shobu.fr" "8096"
// mkStarr "radarr.shobu.fr" "7878"
// mkStarr "sonarr.shobu.fr" "8989"
// mkStarr "prowlarr.shobu.fr" "9696"
// mkStarr "bazarr.shobu.fr" "6767"
// mkStarr "jellyseerr.shobu.fr" "5055"
// mkStarr "fileshelter.shobu.fr" "5091"
// mkStarr "lidarr.shobu.fr" "8686"
// mkStarr "transmission.shobu.fr" "9091"
// mkStarr "zimablade-admin.shobu.fr" "61208"
// {
"shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
};
"data.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "/mnt/shares/data";
};
"bddtrans.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"bddtrans-api.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8000";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"striped.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${striped-front.packages.x86_64-linux.default}/dist";
};
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8082";
};
};
"git.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:3000";
};
};
"files.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8086";
};
};
# "matrix.shobu.fr" = {
# forceSSL = true;
# enableACME = true;
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://10.0.0.4:8008";
# locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server";
# };
}
);
};
security.acme = {
acceptTerms = true;
defaults.email = "shobu_serhao@proton.me";
};
}

6
hosts/n100/ollama.nix Normal file
View File

@ -0,0 +1,6 @@
{inputs, ...}: {
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
};
}

18
hosts/n100/shares.nix Normal file
View File

@ -0,0 +1,18 @@
{...}: {
boot.supportedFilesystems = [ "fuse.sshfs" ];
programs.fuse.userAllowOther = true;
fileSystems = {
"/mnt/shares/data" = {
device = "shobu@10.0.0.4:/mnt/data/";
fsType = "fuse.sshfs";
options = [
"debug"
"allow_other"
"nodev"
"nosuid"
"IdentityFile=/home/n100/.ssh/id_ed25519"
];
};
};
}

31
hosts/n100/striped/back.nix Normal file
View File

@ -0,0 +1,31 @@
{inputs, ...}:
let
striped-back = inputs.striped-back;
in {
imports = [
striped-back.nixosModules.default
];
services.striped-back-api = {
enable = true;
nginx = {
enable = true;
useSSL = true;
};
socket.enable = true;
settings.django = {
allowed-hosts = ["striped-api.shobu.fr"];
debug = true;
databases = {
default = {
ENGINE = "django.db.backends.sqlite3";
NAME = "/var/lib/striped_back_api/db.sqlite3";
};
};
media-root = "/var/lib/striped_back_api/media";
};
};
}

5
hosts/n100/striped/default.nix Normal file
View File

@ -0,0 +1,5 @@
{striped-back, striped-front, ...}:{
imports = [
./back.nix
];
}

1
hosts/zimablade/.envrc Normal file
View File

@ -0,0 +1 @@
use flake

91
hosts/zimablade/configuration.nix Normal file
View File

@ -0,0 +1,91 @@
{
modulesPath,
lib,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./luks-btrfs-raid.nix
./jellyfin.nix
./transmission.nix
./homepage.nix
./glances.nix
./secrets.nix
./coredns
./gitea.nix
./copyparty.nix
];
boot.initrd.kernelModules = [ "usb_storage" ];
boot.loader.grub = {
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
networking = {
hostName = "sin";
nameservers = [ "10.0.0.4" ];
dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [
8000
8001
3000 # gitea
53
];
allowedUDPPorts = [ 53 ];
};
};
time.timeZone = "Europe/Paris";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
users.users = {
zimablade = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
shobu = {
isNormalUser = true;
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
};
users.users.root.openssh.authorizedKeys.keys = [
# change this to your ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos"
];
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
] ++ (with pkgs; [
helix
httpie
btop
tmux
]);
services = {
openssh = {
enable = true;
ports = [ 22 ];
};
};
system.stateVersion = "24.11";
}

31
hosts/zimablade/copyparty.nix Normal file
View File

@ -0,0 +1,31 @@
{inputs, pkgs, ...}: {
imports = [ inputs.copyparty.nixosModules.default ];
nixpkgs.overlays = [ inputs.copyparty.overlays.default ];
environment.systemPackages = [ pkgs.copyparty ];
services.copyparty = {
enable = true;
settings = {
p = [ 8086 ];
e2dsa = true;
e2ts = true;
z = true;
qr = true;
xff-src = "lan";
http-only = true;
og = true;
shr = "/shares";
};
volumes = {
"/media" = {
path = "/mnt/mediacenter/media";
access = {
r = "*";
};
};
};
};
networking.firewall.allowedTCPPorts = [ 8086 ];
}

6
hosts/zimablade/coredns/db.homelab.local Normal file
View File

@ -0,0 +1,6 @@
$ORIGIN homelab.local.
@ IN SOA dns.homelab.local. shobu_serhao.proton.me. 2502011720 7200 3600 1209600 3600
dns IN A 10.0.0.5
n100 IN A 10.0.0.5
zimablade IN A 10.0.0.4

22
hosts/zimablade/coredns/default.nix Normal file
View File

@ -0,0 +1,22 @@
{...}: {
services.coredns = {
enable = true;
config = ''
homelab.local {
file ${./db.homelab.local}
log
errors
cache
}
. {
forward . 8.8.8.8
forward . 84.200.69.80
forward . 84.200.70.40
log
errors
cache
}
'';
};
}

161
hosts/zimablade/flake.lock generated Normal file
View File

@ -0,0 +1,161 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1738765162,
"narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff3568858c54bd306e9e1f2886f0f781df307dff",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1738843498,
"narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"nixpkgs": "nixpkgs_2",
"unstable": "unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

54
hosts/zimablade/flake.nix Normal file
View File

@ -0,0 +1,54 @@
{
description = "An empty flake template that you can adapt to your own environment";
# Flake inputs
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
inputs = {
# projects
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
agenix.url = "github:ryantm/agenix";
};
# Flake outputs
outputs = inputs@{ self, nixpkgs, disko, unstable, agenix, ... }:
let
# The systems supported for this flake
supportedSystems = [
"x86_64-linux" # 64-bit Intel/AMD Linux
];
# Helper to provide system-specific attributes
forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
pkgs = import nixpkgs { inherit system; };
});
in
{
nixosConfigurations.zimablade = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
agenix.nixosModules.default
./configuration.nix
./hardware-configuration.nix
];
specialArgs = {
inherit inputs;
};
};
devShells = forEachSupportedSystem ({ pkgs }: {
default = pkgs.mkShell {
# The Nix packages provided in the environment
# Add any you need here
packages = with pkgs; [ pkgs.disko nixos-anywhere ];
# Add any shell logic you want executed any time the environment is activated
shellHook = '''';
};
});
};
}

18
hosts/zimablade/gitea.nix Normal file
View File

@ -0,0 +1,18 @@
{lib, nodes, ...}: let
ssh_port = 24658;
in {
services = {
gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.shobu.fr";
SSH_PORT = ssh_port;
};
};
};
# openssh = {
# ports = lib.mkAfter [ ssh_port ];
# };
};
}

8
hosts/zimablade/glances.nix Normal file
View File

@ -0,0 +1,8 @@
{...}: {
services.glances = {
enable = true;
openFirewall = true;
# TODO Change secrets
extraArgs = [ "--webserver" ];
};
}

26
hosts/zimablade/hardware-configuration.nix Normal file
View File

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s21f0u3u4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

231
hosts/zimablade/homepage.nix Normal file
View File

@ -0,0 +1,231 @@
{inputs, pkgs, ...}: {
services.homepage-dashboard = {
enable = true;
openFirewall = true;
allowedHosts = "dashboard.shobu.fr";
settings = {
title = "Shobu's homelab dashboard";
description = "a dashboard of free and wesome bullshit";
startUrl = "https://dashboard.shobu.fr";
base = "https://dashboard.shobu.fr";
headerStyle = "boxed";
providers = {
"finnhub" = "cuvq5e9r01qub8tv03g0cuvq5e9r01qub8tv03gg";
};
layout = [
{"resources" = {};}
{
"about me stuff" = {
tab = "Public";
};
}
{
"tools" = {
tab = "Public";
};
}
{
"gayming" = {
tab = "Public";
};
}
{
"mediacenter" = {
tab = "Mediacenter";
header = false;
};
}
];
};
widgets = [
{
greeting = {
text = "Welcome on my services and links dashboard, make yourself home.";
};
}
{
datetime = {
format = {
dateStyle = "short";
};
};
}
{
glances = {
url = "https://zimablade-admin.shobu.fr";
user = "shobu";
password = "shobu";
version = 4;
disk = [
"/"
"/mnt/fs"
];
expanded = true;
};
}
];
bookmarks = [
{
"tools" = [
{
"bddtrans" = [
{
icon = "https://bddtrans.shobu.fr/favicon.ico";
href = "https://bddtrans.shobu.fr";
}
];
}
];
}
{
"about me stuff" = [
{
"shobu.fr" = [
{
icon = "https://shobu.fr/favicon.ico";
href = "https://shobu.fr";
}
];
}
{
"gitlab" = [
{
icon = "gitlab.png";
href = "https://gitlab.com/shobu13";
}
];
}
];
}
];
services = [
{
"gayming" = [
{
"testing grounds" = {
description = "a lightweight modded minecraft server";
href = "https://modrinth.com/modpack/testing-grounds";
widget = {
type = "minecraft";
url = "udp://minecraft.shobu.fr:25565";
};
};
}
];
}
{
"mediacenter" = [
{
"users" = [
{
"jellyfin" = {
icon = "jellyfin.png";
href = "https://jellyfin.shobu.fr";
description = "Movies & TV shows";
widget = {
type = "jellyfin";
url = "https://jellyfin.shobu.fr";
key = "af4888d2c6594473be63e8299355d048";
enableBlocks = true;
enableNowPlaying = false;
};
};
}
{
"jellyseerr" = {
icon = "jellyseerr.png";
href = "https://jellyseerr.shobu.fr";
description = "Request movies and shows";
widget = {
type = "jellyseerr";
url = "https://jellyseerr.shobu.fr";
key = "MTczNzkyNzMxMzgwODk4N2FlZWJkLTQ0N2QtNGU0MS1iOWE1LTJmZmE3OTI4ZGQ5OQ==";
};
};
}
{
"calendar" = {
widget = {
type = "calendar";
view = "agenda";
showTime = true;
integrations = [
{
type = "sonarr";
service_group = "administration";
service_name = "sonarr";
}
{
type = "radarr";
service_group = "administration";
service_name = "radarr";
}
{
type = "lidarr";
service_group = "administration";
service_name = "lidarr";
}
];
};
};
}
];
}
{
"administration" = [
{
"radarr" = {
icon = "radarr.png";
href = "https://radarr.shobu.fr";
widget = {
type = "radarr";
url = "https://radarr.shobu.fr";
key = "13474b968893451fb5aa378457dc84a2";
};
};
}
{
"sonarr" = {
icon = "sonarr.png";
href = "https://sonarr.shobu.fr";
widget = {
type = "sonarr";
url = "https://sonarr.shobu.fr";
key = "f194704f6dce4072928d857d49c1f185";
};
};
}
{
"lidarr" = {
icon = "lidarr.png";
href = "https://lidarr.shobu.fr";
widget = {
type = "lidarr";
url = "https://lidarr.shobu.fr";
key = "deff3fc5052844e7b37dfe439a91f8bc";
};
};
}
{
"transmission" = {
icon = "transmission.png";
href = "https://transmission.shobu.fr";
widget = {
type = "transmission";
url = "https://transmission.shobu.fr";
};
};
}
];
}
];
}
];
};
}

83
hosts/zimablade/jellyfin.nix Normal file
View File

@ -0,0 +1,83 @@
{pkgs, inputs, ...}: let
unstable = import inputs.unstable { system = pkgs.system; };
in {
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
];
};
nixpkgs.config.permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
"aspnetcore-runtime-6.0.36"
];
users.users."starr" = {
isSystemUser = true;
group = "starr";
extraGroups = [ "jellyfin" ];
};
users.users.sonarr.extraGroups = ["jellyfin" "radarr" "transmission" "starr"];
users.users.radarr.extraGroups = ["jellyfin" "sonarr" "transmission" "starr"];
users.users.bazarr.extraGroups = ["jellyfin" "sonarr" "transmission" "starr" "radarr"];
users.users.lidarr.extraGroups = ["jellyfin" "starr" "transmission"];
users.users.shobu.extraGroups = [ "jellyfin" "starr" "transmission" "radarr" "sonarr" ];
users.groups = {
starr = {};
};
services = {
jellyfin = {
enable = true;
openFirewall = true;
};
sonarr = {
enable = true;
openFirewall = true;
group = "starr";
};
radarr = {
enable = true;
openFirewall = true;
group = "starr";
};
prowlarr = {
enable = true;
openFirewall = true;
};
bazarr = {
enable = true;
openFirewall = true;
};
lidarr = {
enable = true;
openFirewall = true;
package = unstable.lidarr;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
}

136
hosts/zimablade/luks-btrfs-raid.nix Normal file
View File

@ -0,0 +1,136 @@
{...}: {
disko.devices = {
disk = {
# Devices will be mounted and formatted in alphabetical order, and btrfs can only mount raids
# when all devices are present. So we define an "empty" luks device on the first disk,
# and the actual btrfs raid on the second disk, and the name of these entries matters!
system = {
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
crypt_root = {
size = "100%";
content = {
type = "luks";
name = "p_root";
settings = {
allowDiscards = true;
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
keyFileSize = 4096;
};
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountpoint = "/";
};
};
};
};
};
};
};
};
data1 = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
crypt_p1 = {
size = "100%";
content = {
type = "luks";
name = "p_data1"; # device-mapper name when decrypted
# Remove settings.keyFile if you want to use interactive password entry
settings = {
allowDiscards = true;
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
keyFileSize = 4096;
};
};
};
};
};
};
data2 = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
crypt_p2 = {
size = "100%";
content = {
type = "luks";
name = "p_data2";
# Remove settings.keyFile if you want to use interactive password entry
settings = {
allowDiscards = true;
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00"; # Same key for both devices
keyFileSize = 4096;
};
content = {
type = "btrfs";
extraArgs = [
"-d raid0"
"/dev/mapper/p_data1" # Use decrypted mapped device, same name as defined in disk1
];
subvolumes = {
"/" = {
mountpoint = "/mnt/fs";
mountOptions = [ "compress=zstd:3" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd:3" ];
};
"/data" = {
mountpoint = "/mnt/data";
mountOptions = [ "compress=zstd:3" ];
};
"/mediacenter" = {
mountpoint = "/mnt/mediacenter";
mountOptions = [ "compress=zstd:3" ];
};
"/backups" = {
mountpoint = "/mnt/backups";
mountOptions = [ "compress=zstd:6" ];
};
"/jellyfin" = {
mountpoint = "/mnt/jellyfin";
mountOptions = [ ];
};
"/containers" = {
mountpoint = "/var/lib/containers";
mountOptions = [ ];
};
};
};
};
};
};
};
};
};
};
}

60
hosts/zimablade/matrix.nix Normal file
View File

@ -0,0 +1,60 @@
{pkgs, config, ...}:
{
users.users = {
postgres = {
isSystemUser = true;
};
matrix-synapse = {
isSystemUser = true;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "matrix-synapse" ];
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
ensureClauses.login = true;
}
];
authentication = pkgs.lib.mkOverride 10 ''
#type #database #user #auth-method
local postgres all trust
local matrix-synapse matrix-synapse trust
'';
};
networking.firewall.allowedTCPPorts = [ 8008 8448 ];
services.matrix-synapse = {
enable = true;
settings = {
server_name = "matrix.shobu.fr";
public_baseurl = "https://matrix.shobu.fr/";
enable_registration = true;
enable_registration_captcha = true;
serve_server_wellknown = true;
listeners = [
{
port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
extraConfigFiles = [
config.age.secrets.captcha.path
];
};
}

13
hosts/zimablade/secrets.nix Normal file
View File

@ -0,0 +1,13 @@
{...}: {
age.secrets = {
# captcha = {
# file = ./secrets/matrix_captcha.age;
# group = "matrix-synapse";
# mode = "770";
# };
airvpn-params = {
file = ./secrets/airvpn_wireguard_key_env.age;
mode = "700";
};
};
}

BIN
hosts/zimablade/secrets/airvpn_wireguard_key_env.age Normal file
View File

Binary file not shown.

BIN
hosts/zimablade/secrets/matrix_captcha.age Normal file
View File

Binary file not shown.

69
hosts/zimablade/transmission.nix Normal file
View File

@ -0,0 +1,69 @@
{config, ...}: {
users.users."starr" = {
extraGroups = [ "transmission" ];
};
users.users.transmission = {
isSystemUser = true;
group = "transmission";
uid = 992;
};
users.groups = {
transmission.gid = 989;
};
virtualisation.oci-containers = let
peerport = "63369";
in {
backend = "docker";
containers = {
gluetun = {
image = "qmcgaw/gluetun";
environment = {
VPN_SERVICE_PROVIDER = "airvpn";
VPN_TYPE = "wireguard";
# WIREGUARD_PRIVATE_KEY = "from agenix";
# WIREGUARD_PRESHARED_KEY = "from agenix";
# WIREGUARD_ADDRESSES = "from agenix";
# SERVER_COUNTRIES = "from agenix";
FIREWALL_VPN_INPUT_PORTS = "13277,${peerport}";
};
environmentFiles = [
config.age.secrets.airvpn-params.path
];
extraOptions = [
"--cap-add=NET_ADMIN"
"--device=/dev/net/tun"
];
ports = [
"13277:13277"
"9091:13277"
"${peerport}:${peerport}"
"${peerport}:${peerport}/udp"
];
};
transmission = {
image = "docker.io/linuxserver/transmission:latest";
volumes = [
"/etc/transmission:/config"
"/etc/localtime:/etc/localtime:ro"
"/mnt/mediacenter/torrents:/mnt/mediacenter/torrents"
"/mnt/data/transmission_downloads:/mnt/data/transmission_downloads"
];
dependsOn = [
"gluetun"
];
extraOptions = [
"--network=container:gluetun"
];
environment = {
PUID = toString config.users.users.transmission.uid;
GUID = toString config.users.groups.transmission.gid;
PEERPORT = peerport;
};
};
};
};
}

0
modules/gitea/n100/default.nix Normal file
View File

15
modules/gitea/zimablade/default.nix Normal file
View File

@ -0,0 +1,15 @@
{lib, ...}: let
ssh_port = 24658;
in {
services = {
gitea = {
enable = true;
settings = {
server = {
DOMAIN = "git.shobu.fr";
SSH_PORT = ssh_port;
};
};
};
};
}