feat: big refactor

2024-09-07 15:10:22 +02:00 · 2024-09-07 15:10:22 +02:00 · ebedec9768
commit ebedec9768
parent 2c09c21833
159 changed files with 1927 additions and 2222 deletions
--- a/hosts/APPA/default.nix
+++ b/hosts/APPA/default.nix
@ -0,0 +1,25 @@
+{ ... }@inputs:
+{
+  imports = [
+    inputs.nixos-hardware.nixosModules.common-pc-laptop
+    inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
+    inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
+    ./services
+    ./hardware.nix
+    ./network.nix
+    ./system.nix
+    ../../modules
+  ];
+
+  bchmnn = {
+    git = {
+      signing = {
+        key = "0x7753026D577922A6";
+      };
+    };
+
+    collections = {
+      cli-utils.enable = true;
+    };
+  };
+}
--- a/hosts/APPA/hardware.nix
+++ b/hosts/APPA/hardware.nix
@ -0,0 +1,78 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ehci_pci"
+    "ahci"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+  ];
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/ROOT";
+    fsType = "btrfs";
+    options = [
+      "subvol=@"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-label/ROOT";
+    fsType = "btrfs";
+    options = [
+      "subvol=@nix"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/EFI";
+    fsType = "vfat";
+    options = [
+      "fmask=0022"
+      "dmask=0022"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-label/HOME";
+    fsType = "btrfs";
+    options = [
+      "subvol=@"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  fileSystems."/var/lib" = {
+    device = "/dev/disk/by-label/HOME";
+    fsType = "btrfs";
+    options = [
+      "subvol=@varlib"
+      "compress=zstd"
+      "noatime"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/hosts/APPA/network.nix
+++ b/hosts/APPA/network.nix
@ -0,0 +1,29 @@
+{
+  networking = {
+    firewall.enable = true;
+    hostName = "APPA";
+    useDHCP = false;
+    interfaces.enp0s25 = {
+      useDHCP = false;
+      ipv4.addresses = [
+        {
+          address = "192.168.2.40";
+          prefixLength = 24;
+        }
+      ];
+      ipv6.addresses = [
+        {
+          address = "fdd2:59e7:4ee1:1:2642:c13b:9bbc:7bd3";
+          prefixLength = 64;
+        }
+      ];
+    };
+    defaultGateway = {
+      address = "192.168.2.1";
+    };
+    defaultGateway6 = {
+      address = "fdd2:59e7:4ee1:0001::1";
+      interface = "enp0s25";
+    };
+  };
+}
--- a/hosts/APPA/services/adguard-home.nix
+++ b/hosts/APPA/services/adguard-home.nix
@ -0,0 +1,73 @@
+{ config, ... }:
+{
+  services.adguardhome = {
+    enable = true;
+    mutableSettings = true;
+    allowDHCP = true;
+    host = "127.0.0.1";
+    port = 8001;
+    settings = {
+      users = [
+        {
+          name = "admin";
+          password = "$2a$10$7FLDb/cr3SCtKiojXbFGnOjk6rWC0z9GMafV.YWMvewUcgua1eF/m";
+        }
+      ];
+      dns = {
+        ratelimit = 0;
+      };
+      filtering = {
+        rewrites = [
+          {
+            domain = "dryb.org";
+            answer = "192.168.2.40";
+          }
+          {
+            domain = "speedport.dryb.org";
+            answer = "192.168.2.1";
+          }
+          {
+            domain = "tplink.dryb.org";
+            answer = "192.168.2.30";
+          }
+          {
+            domain = "adguard.dryb.org";
+            answer = "192.168.2.40";
+          }
+          {
+            domain = config.services.gitea.domain;
+            answer = "192.168.2.40";
+          }
+        ];
+      };
+      dhcp = {
+        enabled = true;
+        interface_name = "enp0s25";
+        local_domain_name = "dryb.org";
+        dhcpv4 = {
+          gateway_ip = "192.168.2.1";
+          subnet_mask = "255.255.255.0";
+          range_start = "192.168.2.100";
+          range_end = "192.168.2.255";
+          lease_duration = 86400;
+          icmp_timeout_msec = 1000;
+        };
+        dhcpv6 = {
+          range_start = "fdd2::1";
+          lease_duration = 86400;
+          ra_slaac_only = true;
+          ra_allow_slaac = true;
+        };
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 53 ];
+    allowedUDPPorts = [
+      53
+      67
+      547
+    ];
+  };
+}
--- a/hosts/APPA/services/default.nix
+++ b/hosts/APPA/services/default.nix
@ -0,0 +1,9 @@
+{
+  imports = [
+    ./adguard-home.nix
+    ./gitea.nix
+    ./homepage-dashboard.nix
+    ./nginx.nix
+    ./postgresql.nix
+  ];
+}
--- a/hosts/APPA/services/gitea.nix
+++ b/hosts/APPA/services/gitea.nix
@ -0,0 +1,26 @@
+{ config, ... }:
+{
+  age.secrets.passwords-gitea-db = {
+    file = ../../../secrets/passwords/gitea/db.age;
+    mode = "640";
+    owner = config.services.gitea.user;
+    group = config.services.gitea.group;
+  };
+
+  services.gitea = rec {
+    enable = true;
+    appName = "dryb.org: Gitea Service";
+    database = {
+      type = "postgres";
+      passwordFile = config.age.secrets.passwords-gitea-db.path;
+    };
+    domain = "git.dryb.org";
+    rootUrl = "http://${domain}/";
+    httpPort = 8003;
+    settings = {
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}
--- a/hosts/APPA/services/homepage-dashboard.nix
+++ b/hosts/APPA/services/homepage-dashboard.nix
@ -0,0 +1,74 @@
+{
+  services.homepage-dashboard = {
+    enable = true;
+    listenPort = 8002;
+    settings = {
+      title = "dryb.org";
+      layout = {
+        "Network" = {
+          style = "row";
+          columns = 3;
+        };
+        "IOT" = {
+          style = "row";
+          columns = 3;
+        };
+      };
+    };
+    services = [
+      {
+        "Network" = [
+          {
+            "Adguard Home" = {
+              description = "http://adguard.dryb.org";
+              href = "http://adguard.dryb.org";
+              icon = "adguard-home";
+            };
+          }
+          {
+            "Speedport Smart 4" = {
+              description = "https://speedport.dryb.org (192.168.2.1)";
+              href = "https://speedport.dryb.org";
+              icon = "mdi-router-network-wireless";
+            };
+          }
+          {
+            "TP-Link TL-SG1016DE" = {
+              description = "http://tplink.dryb.org (192.168.2.30)";
+              href = "http://tplink.dryb.org";
+              icon = "mdi-switch";
+            };
+          }
+        ];
+      }
+      {
+        "IOT" = [
+          {
+            "Shelly Infra" = {
+              description = "http://shelly-infra.dryb.org (192.168.2.50)";
+              href = "http://shelly-infra.dryb.org";
+              icon = "shelly";
+              ping = "shelly-infra.dryb.org";
+            };
+          }
+          {
+            "Shelly Workstation" = {
+              description = "http://shelly-workstation.dryb.org (192.168.2.51)";
+              href = "http://shelly-workstation.dryb.org";
+              icon = "shelly";
+              ping = "shelly-workstation.dryb.org";
+            };
+          }
+          {
+            "Shelly Test" = {
+              description = "http://shelly-test.dryb.org (192.168.2.52)";
+              href = "http://shelly-test.dryb.org";
+              icon = "shelly";
+              ping = "shelly-test.dryb.org";
+            };
+          }
+        ];
+      }
+    ];
+  };
+}
--- a/hosts/APPA/services/nginx.nix
+++ b/hosts/APPA/services/nginx.nix
@ -0,0 +1,25 @@
+{ config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."dryb.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8002";
+      };
+    };
+    virtualHosts."adguard.dryb.org" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8001";
+      };
+    };
+    virtualHosts."${config.services.gitea.domain}" = {
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:8003";
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 80 ];
+  };
+}
--- a/hosts/APPA/services/postgresql.nix
+++ b/hosts/APPA/services/postgresql.nix
@ -0,0 +1,19 @@
+{ config, ... }:
+{
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ config.services.gitea.user ];
+
+    # type   database  DBuser  auth-method  mapping
+    authentication = ''
+      local  gitea     all     ident        map=gitea-users
+    '';
+
+    # name         sysuser  dbuser
+    identMap = ''
+      gitea-users  gitea    gitea
+    '';
+  };
+
+}
--- a/hosts/APPA/system.nix
+++ b/hosts/APPA/system.nix
@ -0,0 +1,25 @@
+{
+  bchmnn = {
+    power = {
+      tlp = {
+        settings = {
+          # performance | powersave
+          CPU_SCALING_GOVERNOR_ON_AC = "performance";
+          CPU_SCALING_GOVERNOR_ON_BAT = "performance";
+          # performance | balance_performance | default | balance_power | power
+          CPU_ENERGY_PERF_POLICY_ON_AC = "power";
+          CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+          # performance | balanced | low-power
+          PLATFORM_PROFILE_ON_AC = "low-power";
+          PLATFORM_PROFILE_ON_BAT = "low-power";
+          CPU_MIN_PERF_ON_AC = 0;
+          CPU_MAX_PERF_ON_AC = 100;
+          CPU_MIN_PERF_ON_BAT = 0;
+          CPU_MAX_PERF_ON_BAT = 100;
+        };
+      };
+    };
+  };
+
+  services.logind.lidSwitch = "ignore";
+}