emily/nixfiles
emily/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity

moved things around

Browse source
This commit is contained in:
emily 2024-01-18 16:03:31 +01:00
parent 489518ed02
commit 0605d4774f
Signed by: emily
GPG key ID: F6F4C66207FCF995
11 changed files with 76 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
config/common-dus.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }: {
services.resolved = {
extraConfig = ''
DNS = [2a0f:be01::1]
'';
};
systemd.network.networks."98-eth-default" = {
matchConfig.Type = "ether";
matchConfig.Name = "e*";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
routes = [
{ routeConfig.Gateway = "fe80::1"; }
];
};
}

1
config/headless.nix → config/common-headless.nix
View file

@ -1,4 +1,5 @@
{ config, lib, ... }: with lib; { { config, lib, ... }: with lib; {
kyouma.machine-type.headless = true;
services.openssh.enable = mkDefault true; services.openssh.enable = mkDefault true;
services.vnstat.enable = mkDefault true; services.vnstat.enable = mkDefault true;
} }

2
config/common-lxc.nix
View file

@ -9,7 +9,7 @@ with lib; {
manageHostName = true; manageHostName = true;
}; };
kyouma.machine-type.virtual = true; kyouma.machine-type.virtual = true;
kyouma.machine-type.headless = true;
deployment.tags = [ "pve-lxc" ]; deployment.tags = [ "pve-lxc" ];
networking.useDHCP = false; networking.useDHCP = false;
networking.useHostResolvConf = false;
} }

7
config/common/default.nix
View file

@ -2,11 +2,11 @@
with lib; { with lib; {
imports = [ imports = [
../users ./kernel.nix
../../modules
./networking.nix ./networking.nix
./openssh.nix ./openssh.nix
./kernel.nix ./users
../../modules
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kitty.terminfo kitty.terminfo
@ -52,6 +52,7 @@ with lib; {
nix.gc.options = "--delete-older-than 7d"; nix.gc.options = "--delete-older-than 7d";
nix.optimise.automatic = true; nix.optimise.automatic = true;
services.journald.extraConfig = "SystemMaxUse=256M"; services.journald.extraConfig = "SystemMaxUse=256M";
boot.tmp.cleanOnBoot = = mkDefault true;
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.hostPlatform.system = "x86_64-linux"; nixpkgs.hostPlatform.system = "x86_64-linux";

25
config/common/networking.nix
View file

@ -1,28 +1,15 @@
{ config, ... }: { { config, lib, ... }: with lib; {
networking = { networking = {
domain = "kyouma.net"; domain = mkDefault "kyouma.net";
useHostResolvConf = false; nftables.enable = mkDefault true;
dhcpcd.enable = false; firewall.logRefusedConnections = mkDefault false;
}; };
systemd.network.enable = true; systemd.network.enable = true;
networking.dhcpcd.enable = false;
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "true"; dnssec = "true";
extraConfig = ''
DNS = [2a0f:be01::1]
'';
};
systemd.network.networks."98-eth-default" = {
matchConfig.Tyoe = "ether";
matchConfig.Name = "e*";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
routes = [
{ routeConfig.Gateway = "fe80::1"; }
];
}; };
} }

0
config/users/default.nix → config/common/users/default.nix
View file

0
config/users/emily/default.nix → config/common/users/emily/default.nix
View file

8
config/hosts/crime/configuration.nix
View file

@ -2,9 +2,10 @@
imports = [ imports = [
./nginx.nix ./nginx.nix
../../common ../../common
../../common-dus.nix
../../common-lxc.nix ../../common-lxc.nix
../../common-nginx.nix ../../common-nginx.nix
../../headless.nix ../../common-headless.nix
]; ];
networking = { networking = {
hostName = "crime"; hostName = "crime";
@ -18,6 +19,11 @@
]; ];
}; };
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
"crime.kyouma.net" = {};
};
services.jellyfin.enable = true; services.jellyfin.enable = true;
services.sonarr.enable = true; services.sonarr.enable = true;
services.radarr.enable = true; services.radarr.enable = true;

4
config/hosts/crime/nginx.nix
View file

@ -115,8 +115,4 @@ in {
}; };
}; };
}; };
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
"crime.kyouma.net" = {};
};
} }

33
config/hosts/ns-nbg/configuration.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, ... }: {
imports = [
../../common
../../common-headless.nix
];
kyouma.machine-type.physical = true;
kyouma.machine-type.headless = true;
systemd.network.networks."98-eth-static" = {
matchConfig.Type = "ether";
matchConfig.Name = "e*";
linkConfig.RequiredForOnline = "routable";
networkConfig = {
DHCP = "no";
IPv6AcceptRA = false;
};
address = [
"2a03:4000:27:74::b00b/64"
"185.244.193.190/22"
];
routes = [
{ routerConfig.Gateway = "fe80::1"; }
{ routerConfig.Gateway = "185.244.192.1"; }
];
};
services.powerdns = {
enable = true;
secretFile = "/run/keys/powerdns.env";
extraConfig = ''
'';
};
}

5
config/hosts/web-dus/configuration.nix
View file

@ -14,11 +14,14 @@ in {
inputs.kyouma-www.nixosModules.default inputs.kyouma-www.nixosModules.default
../../common ../../common
../../common-lxc.nix ../../common-lxc.nix
../../common-dus.nix
../../common-nginx.nix ../../common-nginx.nix
../../headless.nix ../../common-headless.nix
]; ];
networking = { networking = {
hostName = "web-dus"; hostName = "web-dus";
# docker
nftables.enable = mkForce false;
firewall.allowedTCPPorts = [ 80 443 bmpPort ]; firewall.allowedTCPPorts = [ 80 443 bmpPort ];
firewall.allowedUDPPorts = [ 443 ]; firewall.allowedUDPPorts = [ 443 ];
}; };