bchmnn/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: bchmnn:157dc93980f8f4eaf49156afb1db864d2dc507a3
Branches Tags
bchmnn:main
..
compare: bchmnn:473d9d94092ef8b6ad1898fec55e6bf9892c2280
Branches Tags
bchmnn:main

No commits in common. "157dc93980f8f4eaf49156afb1db864d2dc507a3" and "473d9d94092ef8b6ad1898fec55e6bf9892c2280" have entirely different histories.
157dc93980 ... 473d9d9409

28 changed files with 147 additions and 154 deletions
Download patch file Download diff file Expand all files Collapse all files

26
flake.lock generated
View file

@ -52,11 +52,11 @@
]
},
"locked": {
"lastModified": 1764627417,
"narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=",
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"owner": "nix-community",
"repo": "disko",
"rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"type": "github"
},
"original": {
@ -88,11 +88,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1764440730,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"lastModified": 1762847253,
"narHash": "sha256-BWWnUUT01lPwCWUvS0p6Px5UOBFeXJ8jR+ZdLX8IbrU=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"rev": "899dc449bc6428b9ee6b3b8f771ca2b0ef945ab9",
"type": "github"
},
"original": {
@ -104,27 +104,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1764677808,
"narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=",
"lastModified": 1763334038,
"narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1aab89277eb2d87823d5b69bae631a2496cff57a",
"rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1764667669,
"narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=",
"lastModified": 1763421233,
"narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "418468ac9527e799809c900eda37cbff999199b6",
"rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github"
},
"original": {

9
flake.nix
View file

@ -1,7 +1,7 @@
{
description = "nix los hier";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
agenix = {
@ -31,10 +31,7 @@
{ system.stateVersion = state; }
agenix.nixosModules.default
disko.nixosModules.disko
{
nixpkgs.hostPlatform = nixpkgs.lib.mkDefault sys;
environment.systemPackages = [ agenix.packages.${sys}.default ];
}
{ environment.systemPackages = [ agenix.packages.${sys}.default ]; }
];
};
};
@ -43,7 +40,7 @@
nixosConfigurations = nixpkgs.lib.mergeAttrsList (
nixpkgs.lib.forEach [
[ "APPA" "x86_64-linux" "23.05" ]
[ "MOMO" "aarch64-linux" "25.11" ]
[ "MOMO" "x86_64-linux" "23.05" ]
[ "PABU" "x86_64-linux" "24.05" ]
] (uncurry mkSystem)
);

56
hosts/APPA/services/adguard-home.nix
View file

@ -21,92 +21,58 @@
{
domain = "dryb.org";
answer = "192.168.2.40";
enabled = true;
}
{
domain = "speedport.ip";
answer = "192.168.2.1";
enabled = true;
}
{
domain = "speedport.dryb.org";
answer = "192.168.2.1";
enabled = true;
}
{
domain = "tplink.dryb.org";
answer = "192.168.2.30";
enabled = true;
}
{
domain = "shell-server";
answer = "192.168.2.50";
enabled = true;
}
{
domain = "shell-infra";
answer = "192.168.2.51";
enabled = true;
}
{
domain = "shell-lamp";
answer = "192.168.2.52";
enabled = true;
}
{
domain = "adguard.dryb.org";
answer = "192.168.2.40";
enabled = true;
}
{
domain = config.services.gitea.settings.server.DOMAIN;
answer = "192.168.2.40";
}
{
domain = config.services.nextcloud.hostName;
answer = "192.168.2.40";
enabled = true;
}
{
domain = "anki.dryb.org";
answer = "192.168.2.40";
enabled = true;
}
{
domain = "paperless.dryb.org";
answer = "192.168.2.40";
enabled = true;
}
{
domain = "jellyfin.dryb.org";
answer = "192.168.2.40";
enabled = true;
}
{
domain = "momo.dryb.org";
answer = "144.24.175.22";
enabled = true;
answer = "188.245.216.128";
}
{
domain = "git.dryb.org";
answer = "momo.dryb.org";
enabled = true;
domain = "momo.dryb.org";
answer = "2a01:4f8:1c1e:8abc::1";
}
{
domain = "syncthing.dryb.org";
answer = "momo.dryb.org";
enabled = true;
}
{
domain = "vaultwarden.dryb.org";
answer = "momo.dryb.org";
enabled = true;
}
{
domain = "miniflux.dryb.org";
answer = "momo.dryb.org";
enabled = true;
}
{
domain = "hedgedoc.dryb.org";
answer = "momo.dryb.org";
enabled = true;
}
];
};
@ -133,7 +99,11 @@
};
networking.firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 67 547 ];
allowedTCPPorts = [ 53 8080 ];
allowedUDPPorts = [
53
67
547
];
};
}

1
hosts/APPA/services/default.nix
View file

@ -4,6 +4,7 @@
./adguard-home.nix
./anki.nix
./ddclient.nix
./gitea.nix
./homepage-dashboard.nix
./jellyfin.nix
./nextcloud.nix

28
hosts/APPA/services/gitea.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, ... }:
{
age.secrets.passwords-gitea-db = {
file = ../../../secrets/passwords/gitea/db.age;
mode = "640";
owner = config.services.gitea.user;
group = config.services.gitea.group;
};
services.gitea = {
enable = true;
appName = "dryb.org: Gitea Service";
database = {
type = "postgres";
passwordFile = config.age.secrets.passwords-gitea-db.path;
};
settings = {
server = rec {
HTTP_PORT = 8003;
DOMAIN = "git.dryb.org";
ROOT_URL = "http://${DOMAIN}/";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

16
hosts/APPA/services/homepage-dashboard.nix
View file

@ -2,7 +2,6 @@
services.homepage-dashboard = {
enable = true;
listenPort = 8002;
allowedHosts = "localhost:8002,127.0.0.1:8002,dryb.org";
settings = {
title = "dryb.org";
theme = "light";
@ -80,11 +79,11 @@
};
}
{
"Shelly Lamp" = {
description = "http://shelly-lamp.dryb.org (192.168.2.52)";
href = "http://shelly-lamp.dryb.org";
"Shelly Test" = {
description = "http://shelly-test.dryb.org (192.168.2.52)";
href = "http://shelly-test.dryb.org";
icon = "shelly";
ping = "shelly-lamp.dryb.org";
ping = "shelly-test.dryb.org";
};
}
];
@ -98,6 +97,13 @@
icon = "nextcloud";
};
}
{
"Gitea" = {
description = "https://git.dryb.org";
href = "https://git.dryb.org";
icon = "gitea";
};
}
{
"Anki" = {
description = "https://anki.dryb.org";

2
hosts/APPA/services/nextcloud.nix
View file

@ -11,7 +11,7 @@
services.nextcloud = {
enable = true;
package = pkgs.nextcloud32;
package = pkgs.nextcloud31;
https = true;
hostName = "nextcloud.dryb.org";
database.createLocally = true;

7
hosts/APPA/services/nginx.nix
View file

@ -28,6 +28,13 @@
useACMEHost = "dryb.org";
forceSSL = true;
};
virtualHosts."${config.services.gitea.settings.server.DOMAIN}" = {
useACMEHost = "dryb.org";
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
};
};
virtualHosts."anki.dryb.org" = {
useACMEHost = "dryb.org";
forceSSL = true;

3
hosts/APPA/services/postgresql.nix
View file

@ -4,6 +4,7 @@
services.postgresql = {
enable = true;
ensureDatabases = [
config.services.gitea.user
config.services.paperless.user
];
@ -17,11 +18,13 @@
# type database DBuser auth-method mapping
authentication = ''
local all postgres peer
local gitea all ident map=gitea-users
local paperless all ident map=paperless-users
'';
# name sysuser dbuser
identMap = ''
gitea-users gitea gitea
paperless-users paperless paperless
'';
};

4
hosts/APPA/system.nix
View file

@ -22,9 +22,7 @@
};
};
services.logind.settings.Login.HandleLidSwitch = "ignore";
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
services.logind.lidSwitch = "ignore";
users.groups.media = { };
systemd.tmpfiles.rules = [ "d /var/lib/media 2770 root media" ];

7
hosts/MOMO/default.nix
View file

@ -7,6 +7,13 @@
../../modules
];
bchmnn = {
network = {
resolved.enable = true;
networkd.enable = true;
};
};
services.openssh = {
settings = {
PasswordAuthentication = false;

12
hosts/MOMO/hardware.nix
View file

@ -44,15 +44,25 @@
};
root = {
name = "ROOT";
size = "100%";
end = "-8G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
plainSwap = {
size = "100%";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

25
hosts/MOMO/network.nix
View file

@ -1,27 +1,22 @@
{ lib, ... }:
{ ... }:
{
networking = {
hostName = "MOMO";
defaultGateway = "10.0.0.1";
nameservers = [
"9.9.9.9"
"149.112.112.112"
"2620:fe::fe"
"2620:fe::9"
];
interfaces.enp0s6 = {
ipv4.addresses = [
interfaces.enp1s0 = {
ipv6.addresses = [
{
address = "10.0.0.183";
prefixLength = 24;
address = "2a01:4f8:1c1e:8abc::1";
prefixLength = 64;
}
];
};
defaultGateway6 = {
address = "fe80::1";
interface = "enp0s6";
interface = "enp1s0";
};
nameservers = [
"2a01:4ff:ff00::add:1"
"2a01:4ff:ff00::add:2"
];
};
networking.useDHCP = lib.mkDefault true;
}

1
hosts/MOMO/services/default.nix
View file

@ -1,7 +1,6 @@
{
imports = [
./acme.nix
./forgejo.nix
./hedgedoc.nix
./miniflux.nix
./nginx.nix

20
hosts/MOMO/services/forgejo.nix
View file

@ -1,20 +0,0 @@
{ config, ... }: {
services.forgejo = {
enable = true;
database = {
type = "postgres";
createDatabase = true;
};
settings = {
server = rec {
HTTP_PORT = 8003;
HTTP_ADDR = "127.0.0.1";
DOMAIN = "git.dryb.org";
ROOT_URL = "https://${DOMAIN}/";
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}

27
hosts/MOMO/services/nginx.nix
View file

@ -1,4 +1,4 @@
{ config, ... }:
{ ... }:
{
services.nginx = {
enable = true;
@ -8,18 +8,11 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
virtualHosts."hedgedoc.dryb.org" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8003";
};
};
virtualHosts."vaultwarden.dryb.org" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8005";
proxyPass = "http://127.0.0.1:8009";
};
};
virtualHosts."miniflux.dryb.org" = {
@ -29,13 +22,6 @@
proxyPass = "http://127.0.0.1:8008";
};
};
virtualHosts."hedgedoc.dryb.org" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8009";
};
};
virtualHosts."syncthing.dryb.org" = {
addSSL = true;
enableACME = true;
@ -43,6 +29,13 @@
proxyPass = "http://127.0.0.1:8384";
};
};
virtualHosts."vaultwarden.dryb.org" = {
addSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8005";
};
};
};
networking.firewall = {

9
hosts/MOMO/services/postgresql.nix
View file

@ -1,11 +1,8 @@
{ config, ... }: {
{ ... }: {
services.postgresql = {
enable = true;
ensureDatabases = [
"vaultwarden"
"hedgedoc"
];
ensureDatabases = [ "vaultwarden" "hedgedoc" ];
ensureUsers = [
{
@ -21,14 +18,12 @@
# type database DBuser auth-method mapping
authentication = ''
local all postgres peer
local forgejo all ident map=forgejo-users
local vaultwarden all ident map=vaultwarden-users
local hedgedoc all ident map=hedgedoc-users
'';
# name sysuser dbuser
identMap = ''
forgejo-users forgejo forgejo
vaultwarden-users vaultwarden vaultwarden
hedgedoc-users hedgedoc hedgedoc
'';

1
hosts/PABU/applications.nix
View file

@ -30,6 +30,7 @@
# stuff
nixd
nixfmt-rfc-style
inputs.agenix.packages.x86_64-linux.default
nix-output-monitor
nvd
];

6
modules/core/network.nix
View file

@ -10,6 +10,12 @@
nm = {
enable = lib.mkEnableOption "nm";
};
resolved = {
enable = lib.mkEnableOption "resolved";
};
networkd = {
enable = lib.mkEnableOption "networkd";
};
};
};
config = {

BIN
secrets/environments/acme.age
View file

Binary file not shown.

BIN
secrets/environments/miniflux.age
View file

Binary file not shown.

BIN
secrets/environments/vaultwarden.age
View file

Binary file not shown.

BIN
secrets/passwords/anki/admin.age
View file

Binary file not shown.

BIN
secrets/passwords/ddclient/cloudflare.age
View file

Binary file not shown.

20
secrets/passwords/gitea/db.age
View file

@ -1,11 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 lfMVeg sKw7P77Yj9ihIeOHoc02ZBEWJf79TK6DnrgB/486J0E
YtZ7tkjnWH23rHN1XoWVvXIkCh9X5fTNXZq2sveiWCI
-> ssh-ed25519 ueRyzQ dVvsSHh6jrphQUAu3Rz74JoW0+I/ta4lEy1c4kxYywo
5bJw1bOwbxtdC63g74ey+4WDEXr55itKBhGF3jqxEyM
-> ssh-ed25519 IYnDOQ R4qlE6Tr56MrRz8LJlmsUyyMtOGnWK2n+UNpdiHr9Ac
kgCdfY+LRb7SGnx6trr7bE9oxku3XJoeVKnXpNMK5JY
-> ssh-ed25519 HDF3Lg s+ztnMwn83F4Fj4sTT7ejYxfKnjg5dPTMgoKLFOMHh8
bPbOkHMseBCzExS7FURgVzQEp2iTT/is/FL9V2bw8nE
--- tDGtEh6zW4CoInvkAd5YPzGnv+erMiSyZcpkA9/H+6Q
·T ÔŒ+üGZ@Ö“äx¾>5jjÊ•s?·šRè•ÙD¯µRVhx‰áIò 9‰Í¸ûøüTOE:Å/©xÕËÄXcJT Ž1c
-> ssh-ed25519 lfMVeg ejjgNEnMOnPNlvp6kHNN4+FTaURnw/khEyk71q4pmX4
GO80ST5fOV2OggwXXnRxahancZJnSOE6XhKIzanf6xM
-> ssh-ed25519 ueRyzQ 4Wl+WB42XSsp6vplm22uAEeWP9TqxMcdmjlFGr7dCAo
/IO0WGVrMQOaFq61E+xp9Lxdv2qRhvrabNV0UUqZ5QI
-> ssh-ed25519 IYnDOQ UM+pMKLlneDup00dYXRz3vIWY5LTbFRhpKE2KkT5RFM
2/c1gonJkrk5Cwngks/Ib+IVNOWSuJmX4YymwvYv4x8
--- fUKSKeqg8Y9qCdKg0lZpL1OPZDkRgnmsHo16owGX1nM
ïÍn
š3dì„k²G4ÿóÊÉ@QñHá6?,4Td"P ˆÿ ß`º| ;`ÖRŸgt¯
]?‰M7Ó·úàÐþ<C390>Æ@•¢KäPÑt¶

BIN
secrets/passwords/nextcloud/admin.age
View file

Binary file not shown.

19
secrets/passwords/paperless/admin.age
View file

@ -1,12 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 lfMVeg THPNrpb41SFy4x4+D3ZrMf8AuoRL8MQpn6DbCcEGgH4
Qbo7PCCPwGhaMyEa2gRjmaN6t3us6NfG78r5h98rpZo
-> ssh-ed25519 ueRyzQ jnoSbBMvEZAH/oHNqVr3T6ytyQ7/UQ/YCGzNy7a2YHI
9wBXCDaemGH0qUnNYqoqU6BCsBLBzqEEFsICvrIqYLk
-> ssh-ed25519 IYnDOQ TQN80BmcNxz6vD6adPftf4oGkB1oQXU7HuWkKfGFpgs
P9FUyS+0muH8LUUDe2wqGY8gcIKyom6iuO9EqCGT1YM
-> ssh-ed25519 HDF3Lg V47k+SMUvuCCnsLXbhgicyFZERGXhRfJPFw0bHqZFHk
MkrS7g7R5NhoWvdXbJ4mx6ZgCq2ABUgsyq+KMLnLRd4
--- N3GpbRoA+uqRkbnLAIaihurobQRgiEWGAQSPCHH3V8M
Ü…º Èi
˜ùïÑœií¹®ŸkÃâé>‡o$ïƒñcÕ$mò~¼Ù¨z€Rø69³ÈkèþPoŒH8ßSf
-> ssh-ed25519 lfMVeg cuYTx24l4NmkI6j3/LXlK/7AoSmGn91bVwsALwyEeg8
u8kIquf9+b1D3pL2MWKk/uInbI+0IcNK7Cpe2fzmtFk
-> ssh-ed25519 ueRyzQ Ee63Opci8c5srBzPKRLK3AF5SGwC6MqGcKbHS1hlwX4
2Sg/l9fADn6uFV2eRtV9cwluCGtateXR/fDF1n8+BLs
-> ssh-ed25519 IYnDOQ Fg5g+CIqJu08ApVV5zdPqXPvQ4PaC1MiYG2ANNEVMnE
8DjMqxmcutUDD455tQDtcA76dedfqicO0CoBpjaWssI
--- H/6V7b1UEtCW0BbLpEwSm3T2M9kvYC/83wIKsDwZve8
ù¶VÔxÌnËüfL´!÷ÁÛ€:àb¡Ã`ö罋,Ky“¡¼-hI¨O6<0F>êVD2XŒÍ&Vq@“?

2
secrets/secrets.nix
View file

@ -1,6 +1,6 @@
let
APPA = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGvQbYHiB17BfsvHBgPYJN50Th+da+rtbsTIjOSaT+1Y root@APPA";
MOMO = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMHuXl/Llex0+xBmDJmJkwp4kT3mWRTfRPeyJDHgAJzM root@MOMO";
MOMO = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQ8YOOaQj3NnMlTjlFX9iWDIpPMrO2W4EkL65GJP+y4 root@MOMO";
gandalf = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOG8Sja2i6nepkEkuxYdu86XbT9vS5uniBmZifSMZ0t jacob.bachmann@posteo.de";