muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2026-03-09 03:53:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: muon:4744f39ad70e32d20f1892535251aff5c392b752
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy
..
compare: muon:ccb792282b2aa2f498e0b3b94e1074844ba2550a
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy

No commits in common. "4744f39ad70e32d20f1892535251aff5c392b752" and "ccb792282b2aa2f498e0b3b94e1074844ba2550a" have entirely different histories.
4744f39ad7 ... ccb792282b

7 changed files with 112 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/muon/home.nix
View file

@ -1,11 +1,5 @@
{ { pkgs, lib, osConfig,... }:
pkgs, let cfg = osConfig.mods; in {
lib,
osConfig,
...
}: let
cfg = osConfig.mods;
in {
# Modules # Modules
mods.xdg.enable = true; mods.xdg.enable = true;
mods.social.enable = true; mods.social.enable = true;
@ -17,22 +11,17 @@ in {
mods.desktop.development.enable = true; mods.desktop.development.enable = true;
mods.desktop.productivity.enable = true; mods.desktop.productivity.enable = true;
mods.desktop.media.enable = true; mods.desktop.media.enable = true;
mods.zen.enable = true;
mods.obsidian.enable = true;
# Hardware preferences # Hardware preferences
## Monitors ## Monitors
xsession.windowManager.i3.config.workspaceOutputAssign = [ xsession.windowManager.i3.config.workspaceOutputAssign = [{
{
workspace = "1"; workspace = "1";
output = "${cfg.monitors.primary.name}"; output = "${cfg.monitors.primary.name}";
} } {
{
workspace = "2"; workspace = "2";
output = "${cfg.monitors.secondary.name}"; output = "${cfg.monitors.secondary.name}";
} }];
];
services.autorandr.enable = true; services.autorandr.enable = true;
programs.autorandr = { programs.autorandr = {
enable = true; enable = true;

2
modules/home/desktop/media.nix
View file

@ -14,7 +14,7 @@
pavucontrol pavucontrol
# Video # Video
# (callPackage ./packages/stremio-linux-shell.nix {}) (callPackage ./packages/stremio-linux-shell.nix {})
# Podcasts # Podcasts
gpodder gpodder

4
modules/home/desktop/productivity.nix
View file

@ -17,8 +17,8 @@ in
home.packages = with pkgs; [ home.packages = with pkgs; [
# ISO downloader # ISO downloader
qbittorrent qbittorrent
# xd xd
# biglybt biglybt
# transmission_4-gtk # transmission_4-gtk
# email # email

36
modules/nixos/core/network.nix
View file

@ -1,13 +1,10 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib, let
config,
...
}: let
cfg = config.mods; cfg = config.mods;
wg = cfg.wireguard; wg = cfg.wireguard;
in
with lib; { in with lib; {
options.mods = { options.mods = {
i2p.enable = mkEnableOption "enables i2p network"; i2p.enable = mkEnableOption "enables i2p network";
tailscale.enable = mkEnableOption "enables tailscale"; tailscale.enable = mkEnableOption "enables tailscale";
@ -22,8 +19,7 @@ in
username = "${config.mods.user.name}"; username = "${config.mods.user.name}";
folder = "${config.users.users.${username}.home}/documents/openvpn/"; folder = "${config.users.users.${username}.home}/documents/openvpn/";
file = "${config.mods.user.name}.ovpn"; file = "${config.mods.user.name}.ovpn";
in in mkOption {
mkOption {
description = "the config location"; description = "the config location";
default = "${folder}${file}"; default = "${folder}${file}";
}; };
@ -32,7 +28,7 @@ in
config = { config = {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# networking.nameservers = [ "45.90.28.97" "45.90.30.97" ]; # networking.nameservers = [ "45.90.28.97" "45.90.30.97" ];
networking.nameservers = ["194.242.2.4#base.dns.mullvad.net"]; networking.nameservers = [ "194.242.2.4#base.dns.mullvad.net" ];
# services.resolved = { # services.resolved = {
# enable = true; # enable = true;
# dnssec = "false"; # dnssec = "false";
@ -69,28 +65,27 @@ in
}; };
}; };
networking.firewall.allowedUDPPorts = [51820 16261]; networking.firewall.allowedUDPPorts = [ 51820 16261 ];
networking.wg-quick.interfaces = lib.mkIf (wg.id != null) { networking.wg-quick.interfaces = lib.mkIf (wg.id != null) {
wg0 = { wg0 = {
address = [ address = [
"10.0.0.${toString wg.id}/24" "10.0.0.${toString wg.id}/24"
"fdc9:281f:04d7:9ee9::${toString wg.id}/64" "fdc9:281f:04d7:9ee9::${toString wg.id}/64"
]; ];
# dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
mtu = 1500; mtu = 1500;
privateKeyFile = "/home/muon/wireguard-keys/private"; privateKeyFile = "/home/muon/wireguard-keys/private";
peers = [ peers = [{
{
publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
presharedKeyFile = "/home/muon/wireguard-keys/psk-${config.networking.hostName}"; presharedKeyFile =
allowedIPs = ["10.0.0.${toString wg.id}/24"]; "/home/muon/wireguard-keys/psk-${config.networking.hostName}";
allowedIPs = [ "10.0.0.${toString wg.id}/24" ];
# allowedIPs = [ "0.0.0.0/0" ]; # allowedIPs = [ "0.0.0.0/0" ];
# ip route add 93.95.230.11 via 192.168.0.1 # ip route add 93.95.230.11 via 192.168.0.1
endpoint = "93.95.230.11:51820"; endpoint = "93.95.230.11:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
} }];
];
}; };
}; };
@ -103,5 +98,6 @@ in
# gateway = # gateway =
# "${pkgs.networkmanager}/bin/nmcli dev show ${interface} | ${pkgs.gnugrep}/bin/fgrep IP4.GATEWAY | ${pkgs.awk}/bin/awk {print $2}"; # "${pkgs.networkmanager}/bin/nmcli dev show ${interface} | ${pkgs.gnugrep}/bin/fgrep IP4.GATEWAY | ${pkgs.awk}/bin/awk {print $2}";
}; };
} }

1
modules/nixos/server/audio.nix
View file

@ -40,7 +40,6 @@ in with lib; {
openFirewall = true; openFirewall = true;
openRPCPort = true; openRPCPort = true;
port = arr.torrent.port; port = arr.torrent.port;
package = pkgs.transmission_4;
settings = { settings = {
download-dir = "/storage1/download"; download-dir = "/storage1/download";
rpc-port = arr.torrent.port; rpc-port = arr.torrent.port;

2
modules/nixos/server/grav/default.nix
View file

@ -23,7 +23,7 @@ in with lib; {
inherit port; inherit port;
enable = true; enable = true;
root = cfg.grav.location; root = cfg.grav.location;
phpPackage = pkgs.php83; phpPackage = pkgs.php81;
}; };
users.users.${config.mods.user.name}.extraGroups = lib.mkAfter [ "grav" ]; users.users.${config.mods.user.name}.extraGroups = lib.mkAfter [ "grav" ];
}; };

10
modules/nixos/server/nginx.nix
View file

@ -82,7 +82,7 @@ in
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self'; object-src 'none'; base-uri 'none';"; always; add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always; add_header Permissions-Policy "interest-cohort=()" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
''; '';
@ -99,14 +99,6 @@ in
"/" = { "/" = {
proxyPass = "http://${cfg.ip}:${toString port}/"; proxyPass = "http://${cfg.ip}:${toString port}/";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig =
# sh
''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
}; };
}; };
in in