1
0
Fork 0
forked from emily/nixfiles

moved things around

This commit is contained in:
emily 2024-01-18 16:03:31 +01:00
parent 489518ed02
commit 0605d4774f
Signed by untrusted user: emily
GPG key ID: F6F4C66207FCF995
11 changed files with 76 additions and 29 deletions

20
config/common-dus.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }: {
services.resolved = {
extraConfig = ''
DNS = [2a0f:be01::1]
'';
};
systemd.network.networks."98-eth-default" = {
matchConfig.Type = "ether";
matchConfig.Name = "e*";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
routes = [
{ routeConfig.Gateway = "fe80::1"; }
];
};
}

View file

@ -1,4 +1,5 @@
{ config, lib, ... }: with lib; {
kyouma.machine-type.headless = true;
services.openssh.enable = mkDefault true;
services.vnstat.enable = mkDefault true;
}

View file

@ -9,7 +9,7 @@ with lib; {
manageHostName = true;
};
kyouma.machine-type.virtual = true;
kyouma.machine-type.headless = true;
deployment.tags = [ "pve-lxc" ];
networking.useDHCP = false;
networking.useHostResolvConf = false;
}

View file

@ -2,11 +2,11 @@
with lib; {
imports = [
../users
../../modules
./kernel.nix
./networking.nix
./openssh.nix
./kernel.nix
./users
../../modules
];
environment.systemPackages = with pkgs; [
kitty.terminfo
@ -52,6 +52,7 @@ with lib; {
nix.gc.options = "--delete-older-than 7d";
nix.optimise.automatic = true;
services.journald.extraConfig = "SystemMaxUse=256M";
boot.tmp.cleanOnBoot = = mkDefault true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.hostPlatform.system = "x86_64-linux";

View file

@ -1,28 +1,15 @@
{ config, ... }: {
{ config, lib, ... }: with lib; {
networking = {
domain = "kyouma.net";
useHostResolvConf = false;
dhcpcd.enable = false;
domain = mkDefault "kyouma.net";
nftables.enable = mkDefault true;
firewall.logRefusedConnections = mkDefault false;
};
systemd.network.enable = true;
networking.dhcpcd.enable = false;
services.resolved = {
enable = true;
dnssec = "true";
extraConfig = ''
DNS = [2a0f:be01::1]
'';
};
systemd.network.networks."98-eth-default" = {
matchConfig.Tyoe = "ether";
matchConfig.Name = "e*";
networkConfig = {
DHCP = "ipv4";
IPv6AcceptRA = false;
};
routes = [
{ routeConfig.Gateway = "fe80::1"; }
];
};
}

View file

@ -2,9 +2,10 @@
imports = [
./nginx.nix
../../common
../../common-dus.nix
../../common-lxc.nix
../../common-nginx.nix
../../headless.nix
../../common-headless.nix
];
networking = {
hostName = "crime";
@ -18,6 +19,11 @@
];
};
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
"crime.kyouma.net" = {};
};
services.jellyfin.enable = true;
services.sonarr.enable = true;
services.radarr.enable = true;

View file

@ -115,8 +115,4 @@ in {
};
};
};
security.acme.certs = {
"fentanyl.trade" = { extraDomainNames = [ "frotti.ng" "watch.kyouma.net" ]; };
"crime.kyouma.net" = {};
};
}

View file

@ -0,0 +1,33 @@
{ config, lib, ... }: {
imports = [
../../common
../../common-headless.nix
];
kyouma.machine-type.physical = true;
kyouma.machine-type.headless = true;
systemd.network.networks."98-eth-static" = {
matchConfig.Type = "ether";
matchConfig.Name = "e*";
linkConfig.RequiredForOnline = "routable";
networkConfig = {
DHCP = "no";
IPv6AcceptRA = false;
};
address = [
"2a03:4000:27:74::b00b/64"
"185.244.193.190/22"
];
routes = [
{ routerConfig.Gateway = "fe80::1"; }
{ routerConfig.Gateway = "185.244.192.1"; }
];
};
services.powerdns = {
enable = true;
secretFile = "/run/keys/powerdns.env";
extraConfig = ''
'';
};
}

View file

@ -14,11 +14,14 @@ in {
inputs.kyouma-www.nixosModules.default
../../common
../../common-lxc.nix
../../common-dus.nix
../../common-nginx.nix
../../headless.nix
../../common-headless.nix
];
networking = {
hostName = "web-dus";
# docker
nftables.enable = mkForce false;
firewall.allowedTCPPorts = [ 80 443 bmpPort ];
firewall.allowedUDPPorts = [ 443 ];
};