sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename nodes and add runner for gitea instance

Browse Source
This commit is contained in:
shobu
2025-11-11 21:05:47 +01:00
parent c610ce80bc
commit 542034054c
34 changed files with 69 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
hosts/thea/configuration.nix Normal file
View File

@@ -0,0 +1,111 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, nodes, ... }:
{
imports =
[
./nginx.nix
# ./striped
# ./cybercoffee
./ollama.nix
./minecraft.nix
# ./shares.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "thea"; # Define your hostname.
nameservers = [ "10.0.0.4" ];
dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [ nodes.sin.config.services.gitea.settings.server.SSH_PORT ];
};
nat = {
enable = true;
internalInterfaces = [ "enp1s0" ];
externalInterface = "enp1s0";
forwardPorts = [ {
# TODO refactor this in the gitea/n100 module
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "10.0.0.4:22";
} ];
};
};
time.timeZone = "Europe/Paris";
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config.allowUnfree = true;
users.users.n100 = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
users.users.root = {
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKsu+4S+BHmypQTq2IR9y+ihvbF7sXbBznKtIjVAeHJ1 shobu@nixos" ];
};
environment.systemPackages = with pkgs; [
lunarvim
wget
httpie
tmux
git
helix
python312
# lemonade
];
services.openssh = {
enable = true;
ports = [ 22 ];
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

8
hosts/thea/cybercoffee/default.nix Normal file
View File

@@ -0,0 +1,8 @@
{pkgs, ...}:
{
imports = [
./halflife.nix
];
environment.systemPackages = [ pkgs.steamcmd ];
}

2
hosts/thea/cybercoffee/halflife.nix Normal file
View File

@@ -0,0 +1,2 @@
{...}: {}

327
hosts/thea/flake.lock generated Normal file
View File

@@ -0,0 +1,327 @@
{
"nodes": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1748570485,
"narHash": "sha256-oDnEc/rxyDf+uUXO56Z2TJtrrQoBe0Z4MCIRaY6lVZ0=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "6c961ee42ff2301ee61c75aa42cbe8c8adecf3c8",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1748421225,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"revCount": 738982,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.738982%2Brev-5df43628fdf08d642be8ba5b3625a6c70731c19c/01947627-561b-7a9f-a379-f9ac4c680cb0/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"revCount": 782401,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1736549401,
"narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1dab772dd4a68a7bba5d9460685547ff8e17d899",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
],
"uv2nix": [
"striped-back",
"uv2nix"
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743438845,
"narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_2",
"shoblog-front": "shoblog-front",
"striped-back": "striped-back",
"striped-front": "striped-front",
"testing-grounds": "testing-grounds"
}
},
"shoblog-front": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1739983642,
"narHash": "sha256-yfswl2czYcKShilYbs+/TOevdCzuj8z/vpqAQuIK7C0=",
"owner": "shobu13",
"repo": "shoblog",
"rev": "4d96597762215c7b76de8543e8e482071bfbdff4",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "shoblog",
"type": "gitlab"
}
},
"striped-back": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1748719386,
"narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
"ref": "refs/heads/master",
"rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
"revCount": 8,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
}
},
"striped-front": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1748718798,
"narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
"ref": "refs/heads/master",
"rev": "a553f10147dad9e41829f67b247817a079f6f671",
"revCount": 11,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"testing-grounds": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1737653472,
"narHash": "sha256-tXlQ6AWb1kFeyEPo4dhp1GLoeS5rY+qD9eB4OTUNbL8=",
"owner": "shobu13",
"repo": "testing-grounds",
"rev": "6cbf3e58cea39e5d93897be96e9fe81021c0b9ab",
"type": "gitlab"
},
"original": {
"owner": "shobu13",
"repo": "testing-grounds",
"type": "gitlab"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1744797880,
"narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
hosts/thea/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "An empty flake template that you can adapt to your own environment";
# Flake inputs
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
testing-grounds.url = "gitlab:shobu13/testing-grounds";
shoblog-front.url = "gitlab:shobu13/shoblog";
striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
};
# Flake outputs
outputs = inputs@{
self,
nixpkgs,
nix-minecraft,
shoblog-front,
striped-front,
striped-back,
...
}:
{
nixosConfigurations.n100 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./configuration.nix
./hardware-configuration.nix
];
};
};
}

58
hosts/thea/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,58 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/09c733e4-b0df-4416-977b-50d9feb225fc";
fsType = "btrfs";
options = [ "subvol=swap" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D1B9-8019";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

33
hosts/thea/minecraft.nix Normal file
View File

@@ -0,0 +1,33 @@
{pkgs, inputs, ...}:
let
modpack = pkgs.fetchPackwizModpack {
url = "file:///${inputs.testing-grounds.modpack}/pack.toml";
packHash = "sha256-+taYj4uroLNxM4Nia3n+5P1Y/g6dzE6Iq13TsZgk4mU=";
};
in
{
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
servers.testing-grounds = {
enable = true;
package = inputs.testing-grounds.packages.x86_64-linux.forge-server;
symlinks = {
"libraries" = inputs.testing-grounds.forge-libraries;
"mods" = "${modpack}/mods";
};
serverProperties = {
motd = "welcome to testing grounds";
allow-flight = true;
};
};
};
}

126
hosts/thea/nginx.nix Normal file
View File

@@ -0,0 +1,126 @@
{inputs, ...}:
let
striped-front = inputs.striped-front;
in {
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts =
let
mkStarr = host: port: {
"${host}" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
proxy_read_timeout 4800s;
'';
};
};
};
in
(
mkStarr "jellyfin.shobu.fr" "8096"
// mkStarr "radarr.shobu.fr" "7878"
// mkStarr "sonarr.shobu.fr" "8989"
// mkStarr "prowlarr.shobu.fr" "9696"
// mkStarr "bazarr.shobu.fr" "6767"
// mkStarr "jellyseerr.shobu.fr" "5055"
// mkStarr "fileshelter.shobu.fr" "5091"
// mkStarr "lidarr.shobu.fr" "8686"
// mkStarr "transmission.shobu.fr" "9091"
// mkStarr "zimablade-admin.shobu.fr" "61208"
// {
"shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${inputs.shoblog-front.packages.x86_64-linux.default}/dist";
};
"data.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "/mnt/shares/data";
};
"bddtrans.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"bddtrans-api.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8000";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
"striped.shobu.fr" = {
enableACME = true;
forceSSL = true;
root = "${striped-front.packages.x86_64-linux.default}/dist";
};
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8082";
};
};
"git.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:3000";
};
};
"files.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.0.4:8086";
};
};
# "matrix.shobu.fr" = {
# forceSSL = true;
# enableACME = true;
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://10.0.0.4:8008";
# locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server";
# };
}
);
};
security.acme = {
acceptTerms = true;
defaults.email = "shobu_serhao@proton.me";
};
}

19
hosts/thea/ollama.nix Normal file
View File

@@ -0,0 +1,19 @@
{inputs, ...}: {
# virtualisation.docker = {
# enable = true;
# storageDriver = "btrfs";
# };
services.ollama = {
enable = true;
openFirewall = true;
loadModels = [ ];
};
services.open-webui = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
port = 8050;
};
}

18
hosts/thea/shares.nix Normal file
View File

@@ -0,0 +1,18 @@
{...}: {
boot.supportedFilesystems = [ "fuse.sshfs" ];
programs.fuse.userAllowOther = true;
fileSystems = {
"/mnt/shares/data" = {
device = "shobu@10.0.0.4:/mnt/data/";
fsType = "fuse.sshfs";
options = [
"debug"
"allow_other"
"nodev"
"nosuid"
"IdentityFile=/home/n100/.ssh/id_ed25519"
];
};
};
}

31
hosts/thea/striped/back.nix Normal file
View File

@@ -0,0 +1,31 @@
{inputs, ...}:
let
striped-back = inputs.striped-back;
in {
imports = [
striped-back.nixosModules.default
];
services.striped-back-api = {
enable = true;
nginx = {
enable = true;
useSSL = true;
};
socket.enable = true;
settings.django = {
allowed-hosts = ["striped-api.shobu.fr"];
debug = true;
databases = {
default = {
ENGINE = "django.db.backends.sqlite3";
NAME = "/var/lib/striped_back_api/db.sqlite3";
};
};
media-root = "/var/lib/striped_back_api/media";
};
};
}

5
hosts/thea/striped/default.nix Normal file
View File

@@ -0,0 +1,5 @@
{striped-back, striped-front, ...}:{
imports = [
./back.nix
];
}