Format
This commit is contained in:
parent
c47db92a88
commit
09bc19268d
GPG key ID:
CE969670FB4B4A56
29 changed files with 151 additions and 210 deletions
|
|
@ -3,12 +3,9 @@
|
|||
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||
{...}: {
|
||||
# Configure boot loader
|
||||
boot = {
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
boot.loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
# Home media server — hosts Jellyfin, Forgejo, Matrix Conduit, and media management services
|
||||
{inputs, ...}: {
|
||||
imports = with inputs; [
|
||||
disko.nixosModules.default
|
||||
hardware.nixosModules.common-cpu-amd
|
||||
hardware.nixosModules.common-cpu-amd-pstate
|
||||
../../common
|
||||
./conduit.nix
|
||||
./configuration.nix
|
||||
./disko.nix
|
||||
|
|
@ -12,7 +12,6 @@
|
|||
./jellyfin.nix
|
||||
./network.nix
|
||||
./syncthing.nix
|
||||
./tailscale.nix
|
||||
./zfs.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{...}: {
|
||||
{config, ...}: {
|
||||
disko.devices = {
|
||||
# Partition the physical disk
|
||||
disk.storage = {
|
||||
|
|
@ -29,20 +29,8 @@
|
|||
# Construct the primary zfs pool for this system.
|
||||
zpool.zroot = {
|
||||
type = "zpool";
|
||||
options = {
|
||||
ashift = "12";
|
||||
autotrim = "on";
|
||||
listsnapshots = "on";
|
||||
};
|
||||
rootFsOptions = {
|
||||
acltype = "posix";
|
||||
atime = "off";
|
||||
compression = "zstd";
|
||||
dnodesize = "auto";
|
||||
mountpoint = "none";
|
||||
normalization = "formD";
|
||||
xattr = "sa";
|
||||
};
|
||||
options = config.constants.zfsPoolOptions;
|
||||
rootFsOptions = config.constants.zfsRootFsOptions;
|
||||
datasets = {
|
||||
# Encrypt main dataset
|
||||
main = {
|
||||
|
|
|
|||
|
|
@ -6,8 +6,11 @@
|
|||
enable = true;
|
||||
wifi.backend = "iwd";
|
||||
};
|
||||
nftables.enable = true;
|
||||
wireless.iwd.enable = true;
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
|
||||
services = {
|
||||
openssh.enable = true;
|
||||
tailscale.useRoutingFeatures = "both";
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
port = 25555;
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,6 +1,4 @@
|
|||
{...}: {
|
||||
boot.loader.grub.zfsSupport = true;
|
||||
|
||||
services.zfs = {
|
||||
autoScrub.enable = true;
|
||||
trim.enable = true;
|
||||
|
|
|
|||
|
|
@ -3,13 +3,9 @@
|
|||
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||
{...}: {
|
||||
# Configuration boot
|
||||
boot = {
|
||||
loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
|
||||
tmp.cleanOnBoot = true;
|
||||
boot.loader = {
|
||||
efi.canTouchEfiVariables = true;
|
||||
systemd-boot.enable = true;
|
||||
};
|
||||
|
||||
# Change secrets file
|
||||
|
|
|
|||
|
|
@ -1,14 +1,13 @@
|
|||
# Game console — Steam Deck running Jovian-NixOS with Steam and KDE Plasma
|
||||
{inputs, ...}: {
|
||||
imports = with inputs; [
|
||||
disko.nixosModules.default
|
||||
jovian.nixosModules.default
|
||||
../../common
|
||||
./configuration.nix
|
||||
./disko.nix
|
||||
./gui.nix
|
||||
./hardware-configuration.nix
|
||||
./network.nix
|
||||
./syncthing.nix
|
||||
./tailscale.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
enable = true;
|
||||
wifi.backend = "iwd";
|
||||
};
|
||||
nftables.enable = true;
|
||||
};
|
||||
|
||||
services.openssh.enable = true;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
port = 25172;
|
||||
useRoutingFeatures = "client";
|
||||
};
|
||||
}
|
||||
|
|
@ -23,7 +23,6 @@
|
|||
theme = "target_2";
|
||||
themePackages = [pkgs.adi1090x-plymouth-themes];
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
};
|
||||
|
||||
# This option defines the first version of NixOS you have installed on this particular machine,
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# Home personal computer — primary desktop workstation with KDE Plasma, gaming, and development
|
||||
{inputs, ...}: {
|
||||
imports =
|
||||
[
|
||||
inputs.disko.nixosModules.default
|
||||
../../common
|
||||
./configuration.nix
|
||||
./device.nix
|
||||
./disko.nix
|
||||
|
|
@ -10,7 +10,6 @@
|
|||
./hardware-configuration.nix
|
||||
./network.nix
|
||||
./syncthing.nix
|
||||
./tailscale.nix
|
||||
./zfs.nix
|
||||
]
|
||||
++ (with inputs.hardware.nixosModules; [
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{...}: {
|
||||
{config, ...}: {
|
||||
disko.devices = {
|
||||
# Partition the physical disk
|
||||
disk = {
|
||||
|
|
@ -46,24 +46,12 @@
|
|||
|
||||
# Declare zfs pools for this system.
|
||||
zpool = let
|
||||
options = {
|
||||
ashift = "12";
|
||||
autotrim = "on";
|
||||
listsnapshots = "on";
|
||||
};
|
||||
rootFsOptions = {
|
||||
acltype = "posix";
|
||||
atime = "off";
|
||||
compression = "zstd";
|
||||
dnodesize = "auto";
|
||||
mountpoint = "none";
|
||||
normalization = "formD";
|
||||
xattr = "sa";
|
||||
};
|
||||
inherit (config.constants) zfsPoolOptions zfsRootFsOptions;
|
||||
in {
|
||||
zactive = {
|
||||
type = "zpool";
|
||||
inherit options rootFsOptions;
|
||||
options = zfsPoolOptions;
|
||||
rootFsOptions = zfsRootFsOptions;
|
||||
datasets = {
|
||||
# Encrypt main dataset
|
||||
main = {
|
||||
|
|
@ -98,7 +86,8 @@
|
|||
|
||||
zarchive = {
|
||||
type = "zpool";
|
||||
inherit options rootFsOptions;
|
||||
options = zfsPoolOptions;
|
||||
rootFsOptions = zfsRootFsOptions;
|
||||
datasets = {
|
||||
snapshot.type = "zfs_fs";
|
||||
# Reserve space for performance
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ in {
|
|||
];
|
||||
programs = {
|
||||
git.signing = {
|
||||
key = "0xCE969670FB4B4A56";
|
||||
key = osConfig.constants.gpgKeyId;
|
||||
signByDefault = true;
|
||||
};
|
||||
gpg = {
|
||||
|
|
@ -53,43 +53,7 @@ in {
|
|||
];
|
||||
};
|
||||
obs-studio.enable = true;
|
||||
zathura = {
|
||||
enable = true;
|
||||
options = {
|
||||
completion-bg = "#504945";
|
||||
completion-fg = "#ebdbb2";
|
||||
completion-group-bg = "#3c3836";
|
||||
completion-group-fg = "#928374";
|
||||
completion-highlight-bg = "#83a598";
|
||||
completion-highlight-fg = "#504945";
|
||||
default-bg = "#1d2021";
|
||||
default-fg = "#ebdbb2";
|
||||
highlight-active-color = "#fe8019";
|
||||
highlight-color = "#fabd2f";
|
||||
index-active-bg = "#83a598";
|
||||
index-active-fg = "#504945";
|
||||
index-bg = "#504945";
|
||||
index-fg = "#ebdbb2";
|
||||
inputbar-bg = "#1d2021";
|
||||
inputbar-fg = "#ebdbb2";
|
||||
notification-bg = "#1d2021";
|
||||
notification-error-bg = "#1d2021";
|
||||
notification-error-fg = "#fb4934";
|
||||
notification-fg = "#b8bb26";
|
||||
notification-warning-bg = "#1d2021";
|
||||
notification-warning-fg = "#fabd2f";
|
||||
recolor = "true";
|
||||
recolor-darkcolor = "#ebdbb2";
|
||||
recolor-keephue = "true";
|
||||
recolor-lightcolor = "#1d2021";
|
||||
render-loading = "true";
|
||||
render-loading-bg = "#1d2021";
|
||||
render-loading-fg = "#ebdbb2";
|
||||
selection-clipboard = "clipboard";
|
||||
statusbar-bg = "#504945";
|
||||
statusbar-fg = "#ebdbb2";
|
||||
};
|
||||
};
|
||||
zathura.enable = true;
|
||||
};
|
||||
services = {
|
||||
easyeffects.enable = true;
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@
|
|||
enable = true;
|
||||
wifi.backend = "iwd";
|
||||
};
|
||||
nftables.enable = true;
|
||||
wireless.iwd.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
port = 62662;
|
||||
useRoutingFeatures = "client";
|
||||
};
|
||||
}
|
||||
|
|
@ -21,7 +21,7 @@ with config.constants; {
|
|||
};
|
||||
})
|
||||
fqdns);
|
||||
homeSrv = s: "nebula:${portStr.${s}}";
|
||||
homeSrv = s: "${homeServer}:${portStr.${s}}";
|
||||
localSrv = s: "${localhost}:${portStr.${s}}";
|
||||
mtfqdn = "matrix.${domain}";
|
||||
portStr = builtins.mapAttrs (n: v: toString v) port;
|
||||
|
|
|
|||
|
|
@ -1,8 +1,5 @@
|
|||
{...}: {
|
||||
boot = {
|
||||
loader.grub.device = "/dev/sda";
|
||||
tmp.cleanOnBoot = true;
|
||||
};
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
constants.sopsFile = ../../common/auths.yaml;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# Public beacon — cloud VPS providing reverse proxy, mail server, Headscale VPN, and Vaultwarden
|
||||
{inputs, ...}: {
|
||||
imports = with inputs; [
|
||||
mailserver.nixosModules.default
|
||||
../../common
|
||||
./caddy.nix
|
||||
./configuration.nix
|
||||
./hardware-configuration.nix
|
||||
|
|
|
|||
|
|
@ -1,21 +1,14 @@
|
|||
{config, ...}: {
|
||||
services = {
|
||||
headscale = with config.constants; {
|
||||
enable = true;
|
||||
address = localhost;
|
||||
port = port.headscale;
|
||||
settings = {
|
||||
dns = {
|
||||
base_domain = "tailscale.${domain}";
|
||||
override_local_dns = false;
|
||||
};
|
||||
server_url = "https://headscale.${domain}";
|
||||
services.headscale = with config.constants; {
|
||||
enable = true;
|
||||
address = localhost;
|
||||
port = port.headscale;
|
||||
settings = {
|
||||
dns = {
|
||||
base_domain = "tailscale.${domain}";
|
||||
override_local_dns = false;
|
||||
};
|
||||
};
|
||||
tailscale = {
|
||||
enable = true;
|
||||
port = 27919;
|
||||
useRoutingFeatures = "both";
|
||||
server_url = "https://headscale.${domain}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,7 +2,6 @@
|
|||
networking = {
|
||||
firewall.allowedTCPPorts = with config.constants.port; [http https];
|
||||
hostId = "2cadb253";
|
||||
nftables.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
|
|
@ -12,6 +11,7 @@
|
|||
domains = builtins.attrNames config.services.caddy.virtualHosts;
|
||||
};
|
||||
openssh.enable = true;
|
||||
tailscale.useRoutingFeatures = "both";
|
||||
};
|
||||
|
||||
sops.secrets.cloudflare = {};
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
{config, ...}: let
|
||||
vaultEnvironment = "vaultwarden/environment";
|
||||
vaultwardenAddr = "vaultwarden@${config.constants.domain}";
|
||||
in {
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
|
|
@ -11,10 +12,10 @@ in {
|
|||
# Disable signup
|
||||
SIGNUPS_ALLOWED = false;
|
||||
# SMTP config
|
||||
SMTP_FROM = "vaultwarden@${domain}";
|
||||
SMTP_FROM = vaultwardenAddr;
|
||||
SMTP_FROM_NAME = "vaultwarden";
|
||||
SMTP_HOST = "mail.${domain}";
|
||||
SMTP_USERNAME = "vaultwarden@${domain}";
|
||||
SMTP_HOST = config.mailserver.fqdn;
|
||||
SMTP_USERNAME = vaultwardenAddr;
|
||||
SMTP_PORT = 587;
|
||||
SMTP_SECURITY = "starttls";
|
||||
};
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue