macronova/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Refactor setup

Browse source
This commit is contained in:
Invariantspace 2023-12-06 21:46:16 -08:00
parent b6b118f819
commit a7e892635c
16 changed files with 124 additions and 210 deletions
Download patch file Download diff file Expand all files Collapse all files

3
linux/blitzar/gui.nix
View file

@ -1,4 +1,5 @@
{ config, pkgs, ... }: let usr = config.constants.userName; in {
{ config, pkgs, ... }:
let usr = config.constants.userName; in {
home-manager.users.${usr} = {
home.packages = with pkgs; [
exactaudiocopy

29
linux/nebula/caddy.nix
View file

@ -1,29 +0,0 @@
{ config, pkgs, ... }:
{
services.caddy =
{
enable = true;
virtualHosts =
let
conduitCfg = config.services.matrix-conduit.settings.global;
forgejoCfg = config.services.gitea.settings.server;
dn = config.constants.domain;
lh = config.constants.localhost;
in
{
"forgejo.${dn}".extraConfig = ''
reverse_proxy ${forgejoCfg.HTTP_ADDR}:${toString forgejoCfg.HTTP_PORT}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${lh}:${toString config.constants.port.jellyfin}
'';
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${conduitCfg.address}:${toString conduitCfg.port}
file_server {
root ${pkgs.cinny}
}
'';
};
};
}

6
linux/nebula/conduit.nix
View file

@ -3,9 +3,9 @@
{
services.matrix-conduit = {
enable = true;
settings.global = {
address = config.constants.localhost;
port = 29800;
settings.global = let const = config.constants; in {
address = const.tsMask;
port = const.port.conduit;
server_name = config.constants.domain;
};
};

1
linux/nebula/default.nix
View file

@ -6,7 +6,6 @@
hardware.nixosModules.common-cpu-amd
hardware.nixosModules.common-cpu-amd-pstate
] ++ [
./caddy.nix
./conduit.nix
./configuration.nix
./disko.nix

10
linux/nebula/forgejo.nix
View file

@ -6,11 +6,11 @@
appName = "Forgejo";
package = pkgs.forgejo;
settings = {
server = let dn = config.constants.domain; in {
DOMAIN = dn;
HTTP_ADDR = config.constants.localhost;
HTTP_PORT = 47674;
ROOT_URL = "https://forgejo.${dn}";
server = let const = config.constants; in {
DOMAIN = const.domain;
HTTP_ADDR = const.tsMask;
HTTP_PORT = const.port.forgejo;
ROOT_URL = "https://forgejo.${const.domain}";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;

13
linux/nebula/network.nix
View file

@ -1,9 +1,9 @@
{ config, ... }:
let const = config.constants; hn = config.networking.hostName; in {
let hn = config.networking.hostName; in {
networking = {
domain = config.constants.domain;
firewall.allowedTCPPorts = with const.port; [ http https ];
firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ];
hostId = "e6449321";
networkmanager = {
enable = true;
@ -15,13 +15,6 @@ let const = config.constants; hn = config.networking.hostName; in {
};
services = {
cloudflare-dyndns = {
enable = true;
apiTokenFile = config.sops.secrets."cloudflare/${hn}".path;
domains = builtins.attrNames config.services.caddy.virtualHosts;
ipv4 = false;
ipv6 = true;
};
openssh = {
enable = true;
hostKeys = [{
@ -37,6 +30,4 @@ let const = config.constants; hn = config.networking.hostName; in {
};
resolved.enable = true;
};
sops.secrets."cloudflare/${hn}" = { };
}

1
linux/nebula/tailscale.nix
View file

@ -1,7 +1,6 @@
{ ... }: {
services.tailscale = {
enable = true;
extraUpFlags = [ "--advertise-exit-node" ];
port = 25555;
useRoutingFeatures = "both";
};

35
linux/singularity/caddy.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ config, pkgs, ... }:
{
services.caddy = {
@ -7,24 +7,31 @@
virtualHosts =
let
dn = config.constants.domain;
hsCfg = config.services.headscale;
home = "100.64.0.3";
local = config.constants.localhost;
msfqdn = config.mailserver.fqdn;
mtfqdn = "matrix.${dn}";
vaultCfg = config.services.vaultwarden.config;
portStr = builtins.mapAttrs (n: v: toString v) config.constants.port;
wn = s: "/.well-known/${s}";
in
{
"${dn}".extraConfig = let wnm = wn "matrix"; in ''
header ${wnm}/* Content-Type application/json
header ${wnm}/* Access-Control-Allow-Origin *
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${toString config.constants.port.https}" }`
respond ${wnm}/server `{ "m.server": "${mtfqdn}:${portStr.https}" }`
respond ${wnm}/client `{
"m.homeserver": { "base_url": "https://${mtfqdn}" },
"m.identity_server": { "base_url": "https://${mtfqdn}" }
}`
'';
"forgejo.${dn}".extraConfig = ''
reverse_proxy ${home}:${portStr.forgejo}
'';
"headscale.${dn}".extraConfig = ''
reverse_proxy ${hsCfg.address}:${toString hsCfg.port}
reverse_proxy ${local}:${portStr.headscale}
'';
"jellyfin.${dn}".extraConfig = ''
reverse_proxy ${home}:${portStr.jellyfin}
'';
${msfqdn} = {
extraConfig = ''
@ -34,17 +41,17 @@
'';
useACMEHost = msfqdn;
};
"matrix.${dn}".extraConfig = ''
reverse_proxy /_matrix/* ${home}:${portStr.conduit}
file_server {
root ${pkgs.cinny}
}
'';
"vault.${dn}".extraConfig =
''
reverse_proxy /notifications/hub/negotiate ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
}
reverse_proxy /notifications/hub ${vaultCfg.WEBSOCKET_ADDRESS}:${
toString vaultCfg.WEBSOCKET_PORT
}
reverse_proxy ${vaultCfg.ROCKET_ADDRESS}:${
toString vaultCfg.ROCKET_PORT
} {
reverse_proxy /notifications/hub/negotiate ${local}:${portStr.vault-rkt}
reverse_proxy /notifications/hub ${local}:${portStr.vault-ws}
reverse_proxy ${local}:${portStr.vault-rkt} {
header_up X-Real-IP {remote_host}
}
'';

7
linux/singularity/headscale.nix
View file

@ -1,16 +1,15 @@
{ config, ... }:
{
services = let const = config.constants; in {
headscale = {
services = {
headscale = let const = config.constants; in {
enable = true;
address = const.localhost;
port = 27327;
port = const.port.headscale;
settings.server_url = "https://headscale.${const.domain}";
};
tailscale = {
enable = true;
extraUpFlags = [ "--advertise-exit-node" ];
port = 27919;
useRoutingFeatures = "both";
};

23
linux/singularity/mailserver.nix
View file

@ -6,20 +6,19 @@ let
mailSecret = "mail/${usr}/password";
in
{
mailserver =
{
enable = true;
fqdn = "mail.${dn}";
domains = [ dn ];
mailserver = {
enable = true;
fqdn = "mail.${dn}";
domains = [ dn ];
loginAccounts = {
"${usr}@${dn}" = {
aliases = [ config.constants.postMaster ];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
};
loginAccounts = {
"${usr}@${dn}" = {
aliases = [ config.constants.postMaster ];
hashedPasswordFile = config.sops.secrets.${mailSecret}.path;
};
certificateScheme = "acme";
};
certificateScheme = "acme";
};
sops.secrets.${mailSecret} = { };
}

12
linux/singularity/vaultwarden.nix
View file

@ -1,18 +1,18 @@
{ config, ... }:
{
services.vaultwarden = let lh = config.constants.localhost; in {
services.vaultwarden = {
enable = true;
config = {
config = let const = config.constants; in {
# Disable signup
SIGNUPS_ALLOWED = false;
# Specify service port
ROCKET_ADDRESS = lh;
ROCKET_PORT = 25487;
ROCKET_ADDRESS = const.localhost;
ROCKET_PORT = const.port.vault-rkt;
# Specify notification port
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = lh;
WEBSOCKET_PORT = 40513;
WEBSOCKET_ADDRESS = const.localhost;
WEBSOCKET_PORT = const.port.vault-ws;
};
};
}