muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'homelab'

Browse source
This commit is contained in:
muon 2024-11-29 16:31:15 +00:00
commit 8bbe4f9a6c
26 changed files with 767 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/nixos/core/boot.nix
View file

@ -1,17 +1,18 @@
{ pkgs, lib, config, ... }: {
options.mods = {
boot.enable = lib.mkEnableOption {
description = "enables grub";
description = "enables grub";
default = true;
};
};
config = lib.mkIf config.mods.boot.enable {
boot.loader = lib.mkIf config.mods.xorg.enable {
timeout = 0;
timeout = 2;
efi.canTouchEfiVariables = true;
grub = {
enable = true;
zfsSupport = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = config.mods.monitors.primary.config.mode;

56
modules/nixos/core/network.nix
View file

@ -1,14 +1,24 @@
{ pkgs, lib, config, ... }: {
{ pkgs, lib, config, ... }:
let
cfg = config.mods;
wg = cfg.wireguard;
in with lib; {
options.mods = {
i2p.enable = lib.mkEnableOption "enables i2p network";
tailscale.enable = lib.mkEnableOption "enables tailscale";
wireguard.enable = lib.mkEnableOption "enables wireguard client";
openvpn.enable = lib.mkEnableOption "enables openvpn config";
i2p.enable = mkEnableOption "enables i2p network";
tailscale.enable = mkEnableOption "enables tailscale";
wireguard.enable = mkEnableOption "enables wireguard client";
wireguard.id = mkOption {
type = with types; nullOr ints.u8;
default = null;
};
openvpn.enable = mkEnableOption "enables openvpn config";
openvpn.config = let
username = "${config.mods.user.name}";
folder = "${config.users.users.${username}.home}/documents/openvpn/";
file = "${config.mods.user.name}.ovpn";
in lib.mkOption {
in mkOption {
description = "the config location";
default = "${folder}${file}";
};
@ -18,10 +28,10 @@
networking.networkmanager.enable = true;
services.resolved.enable = true;
services.tailscale.enable = config.mods.tailscale.enable;
services.tailscale.enable = cfg.tailscale.enable;
services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
remote.config = "config ${config.mods.openvpn.config}";
services.openvpn.servers = mkIf cfg.openvpn.enable {
remote.config = "config ${cfg.openvpn.config}";
};
networking.firewall.allowedTCPPorts = [
@ -30,7 +40,7 @@
4447 # default socks proxy port
4444 # default http proxy port
];
services.i2pd = lib.mkIf config.mods.i2p.enable {
services.i2pd = lib.mkIf cfg.i2p.enable {
enable = true;
proto.sam.enable = true;
address = "127.0.0.1";
@ -42,16 +52,17 @@
};
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable {
networking.wg-quick.interfaces = lib.mkIf (wg.id != null) {
wg0 = {
address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ];
address = [ "10.0.0.${wg.id}/24" "fdc9:281f:04d7:9ee9::${wg.id}/64" ];
dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
mtu = 1500;
privateKeyFile = "/home/muon/wireguard-keys/private";
peers = [{
publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
presharedKeyFile = "/home/muon/wireguard-keys/psk-muon";
presharedKeyFile =
"/home/muon/wireguard-keys/psk-${config.networking.hostName}";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
# ip route add 93.95.230.11 via 192.168.0.1
endpoint = "93.95.230.11:51820";
@ -60,24 +71,5 @@
};
};
# networking.wireguard.interfaces = lib.mkIf config.mods.wireguard.enable {
# wg0 = {
# ips = [ "10.100.0.2/24" ];
# listenPort = 51820;
# privateKeyFile = "/home/muon/wireguard-keys/private";
# peers = [
# {
# publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
# allowedIPs = [ "0.0.0.0/0" ];
# # ip route add 93.95.230.11 via 192.168.0.1
# endpoint = "93.95.230.11:51820";
# persistentKeepalive = 25;
# }
# ];
# };
# };
};
}

13
modules/nixos/desktop/xorg.nix
View file

@ -1,4 +1,5 @@
{ pkgs, lib, config, ... }: let
{ pkgs, lib, config, ... }:
let
monitorModule = lib.types.submodule {
options = {
name = lib.mkOption {
@ -21,22 +22,22 @@ in {
};
};
config = let
config = let
startupTargets = [
"systemd-user-sessions.service"
"multi-user.target"
"network-online.target"
];
in lib.mkIf config.mods.xorg.enable {
services.xserver.enable = true;
services.xserver.xkb.layout = "us";
services.xserver.xkb.options = "caps:escape";
services.xserver.displayManager.gdm.enable = true;
# services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.displayManager.autoLogin.enable = true;
services.displayManager.autoLogin.user =
config.mods.user.name;
services.displayManager.autoLogin.user = config.mods.user.name;
systemd.services.display-manager.wants = startupTargets;
systemd.services.display-manager.after = startupTargets;

1
modules/nixos/server/default.nix
View file

@ -9,5 +9,6 @@
./wireguard.nix
./headscale.nix
./photoprism.nix
./search.nix
];
}

12
modules/nixos/server/media.nix
View file

@ -6,12 +6,20 @@
};
};
config = lib.mkIf config.mods.server.media.enable {
services.jellyfin = {
enable = true;
openFirewall = true;
user="${config.mods.user.name}";
user = "${config.mods.user.name}";
};
services.immich = {
enable = true;
openFirewall = true;
host = "0.0.0.0";
# user = "${config.mods.user.name}";
};
users.users.immich.extraGroups = [ "video" "render" ];
};
}

48
modules/nixos/server/search.nix Normal file
View file

@ -0,0 +1,48 @@
{ pkgs, lib, config, ... }:
let
inherit (lib) types mkOption mkEnableOption;
cfg = config.mods.server.search;
in {
options.mods.server.search = {
enable = mkEnableOption {
default = false;
description = "enables search engine server";
};
port = mkOption {
type = types.port;
default = 8081;
};
nginx = mkOption {
type = types.nullOr types.str;
default = "search";
};
};
config = {
services.searx = lib.mkIf cfg.enable {
enable = true;
runInUwsgi = true;
uwsgiConfig = {
disable-logging = true;
http = ":${toString cfg.port}";
};
settings = {
server.port = cfg.port;
server.bind_address = "0.0.0.0";
server.secret_key = "temporary-before-sops";
enabled_plugins = [ "Hostnames plugin" "Tracker URL remover" ];
hostnames.remove = [ "(.*.)?facebook.com$" ];
hostnames.replace = {
"(.*.)?reddit.com$" = "redlib.northboot.xyz";
"(.*.)?youtube.com$" = "invidious.example.com";
};
};
};
};
}

11
modules/nixos/unfree/nvidia.nix
View file

@ -1,6 +1,5 @@
{ pkgs, lib, config, ... }:
let
cfg = config.mods.unfree.nvidia;
let cfg = config.mods.unfree.nvidia;
in {
options.mods.unfree.nvidia = {
enable = lib.mkEnableOption {
@ -8,7 +7,7 @@ in {
description = "enables proprietary nvidia drivers";
};
packages = lib.mkOption {
default = [ "nvidia-x11" ];
default = [ "nvidia-x11" "nvidia-settings" ];
description = "unfree packages";
};
driver = lib.mkOption {
@ -29,12 +28,12 @@ in {
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
# powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = false;
nvidiaSettings = lib.mkDefault false;
package = config.boot.kernelPackages.nvidiaPackages."${cfg.driver}";
};
};

6
modules/nixos/unfree/steam.nix
View file

@ -5,11 +5,7 @@
description = "enables proprietary steam software";
};
packages = lib.mkOption {
default = [
"steam"
"steam-original"
"steam-run"
];
default = [ "steam" "steam-original" "steam-run" "steam-unwrapped" ];
description = "unfree packages";
};
};