diff options
Diffstat (limited to 'nixos/server')
| -rw-r--r-- | nixos/server/configuration.nix | 242 | ||||
| -rw-r--r-- | nixos/server/disk-config.nix | 37 | ||||
| -rw-r--r-- | nixos/server/hardware-configuration.nix | 26 |
3 files changed, 0 insertions, 305 deletions
diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix deleted file mode 100644 index 3ae272c..0000000 --- a/nixos/server/configuration.nix +++ /dev/null @@ -1,242 +0,0 @@ -{ - modulesPath, - lib, - pkgs, - config, - inputs, - outputs, - ... -}: let - domain = "kcu.su"; -in { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - "${inputs.nixpkgs}/nixos/modules/services/web-apps/filebrowser.nix" - ./disk-config.nix - ../serverModules/nginx.nix - ../serverModules/directories.nix - ]; - - nixpkgs = { - overlays = [ - outputs.overlays.unstable-packages - ]; - config.allowUnfree = true; - }; - - sops = { - defaultSopsFile = ../../secrets/ltrr-home/secrets.yaml; - defaultSopsFormat = "yaml"; - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - }; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - environment.systemPackages = with pkgs; [ - curl - gitMinimal - beets - ]; - - users.users = { - root = { - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - }; - }; - - users.files = { - isNormalUser = true; - group = "files"; - extraGroups = [ - "music" - "images" - ]; - }; - createPaths = { - "/srv/files" = { - owner = "files"; - permissions = "0770"; - group = "files"; - subPaths = { - "music".group = "music"; - "images".group = "images"; - }; - }; - }; - - networking.hostName = "ltrr-home"; - networking.firewall = { - allowedTCPPorts = [80 5030 2049]; - allowedUDPPorts = [51820]; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "notspl3g+acme@duck.com"; - }; - - nginx = { - enable = true; - domain = domain; - - recommendedProxySettings = false; - subdomains = { - "slskd" = { - proxyPass = "http://127.0.0.1:${toString config.services.slskd.settings.web.port}"; - proxyWebsockets = true; - }; - "immich" = { - proxyPass = "http://localhost:${toString config.services.immich.port}"; - proxyWebsockets = true; - recommendedProxySettings = true; - extraConfig = '' - client_max_body_size 50000M; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - send_timeout 600s; - ''; - }; - - "music".proxyPass = "http://127.0.0.1:5692"; - "navidrome".proxyPass = "http://127.0.0.1:4533"; - "files".proxyPass = "http://127.0.0.1:${toString config.services.filebrowser.settings.port}"; - "track".proxyPass = "http://127.0.0.1:7093"; - "tube".proxyPass = "http://127.0.0.1:5410"; - }; - }; - - sops.secrets.wg-private-key = { - restartUnits = ["wg-quick-wg0.service"]; - }; - networking.wg-quick = { - interfaces.wg0 = { - address = ["10.1.1.2/32"]; - listenPort = 51820; - - privateKeyFile = config.sops.secrets.wg-private-key.path; - - peers = [ - { - endpoint = "${domain}:51820"; - publicKey = "1RwEOL8br97Mujhz3fkfYKcxUFNHYAmt5JbWTbR3ihE="; - allowedIPs = ["10.1.1.1/32"]; - persistentKeepalive = 25; - } - ]; - }; - }; - - services.tailscale.enable = true; - - users.users.filebrowser.extraGroups = ["music" "images"]; - systemd.services.filebrowser.serviceConfig.SupplementaryGroups = ["music" "images"]; - services.filebrowser = { - enable = true; - group = "files"; - settings = { - root = "/srv/files"; - port = 9337; - }; - }; - - systemd.tmpfiles.rules = [ - "d /srv/files/slskd 0740 slskd music" - "d /opt/traggo/data" - "d /var/lib/traggo" - ]; - users.users.slskd.extraGroups = ["files"]; - services.slskd = { - enable = true; - environmentFile = "/var/lib/slskd/env"; - group = "music"; - settings = { - shares.directories = ["/srv/files/music"]; - directories.downloads = "/srv/files/slskd"; - }; - openFirewall = true; - domain = null; - }; - - sops.secrets.navidrome-env = { - restartUnits = ["navidrome.service"]; - }; - users.users.navidrome.extraGroups = ["files" "music"]; - services.navidrome = { - enable = true; - package = pkgs.unstable.navidrome; - settings = { - BaseUrl = "https://navidrome.${domain}"; - MusicFolder = "/srv/files/music"; - PlaylistsPath = "playlists"; - Scanner.PurgeMissing = "always"; - EnableSharing = true; - }; - environmentFile = config.sops.secrets.navidrome-env.path; - }; - - sops.secrets.xray-config = { - restartUnits = ["xray.service"]; - }; - services.xray = { - enable = true; - settingsFile = config.sops.secrets.xray-config.path; - }; - - services.invidious = { - enable = true; - address = "127.0.0.1"; - port = 5410; - domain = "tube.${domain}"; - settings = { - http_proxy = { - host = "127.0.0.1"; - port = 10801; - user = ""; - password = ""; - }; - }; - }; - - virtualisation.oci-containers.backend = "podman"; - virtualisation.oci-containers.containers = { - aonsoku = { - image = "ghcr.io/victoralvesf/aonsoku:latest"; - ports = [ - "127.0.0.1:5692:8080" - ]; - environment = { - SERVER_URL = "https://navidrome.${domain}"; - HIDE_SERVER = "true"; - }; - }; - - traggo = { - image = "traggo/server"; - ports = [ - "127.0.0.1:7093:3030" - ]; - environmentFiles = ["/var/lib/traggo/env"]; - workdir = "/opt/traggo/"; - volumes = [ - "/opt/traggo/data:/opt/traggo/data" - ]; - }; - }; - - services.immich = { - enable = true; - }; - - system.stateVersion = "24.05"; -} diff --git a/nixos/server/disk-config.nix b/nixos/server/disk-config.nix deleted file mode 100644 index 2495ada..0000000 --- a/nixos/server/disk-config.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - disko.devices = { - disk = { - main = { - device = "/dev/sdb"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/server/hardware-configuration.nix b/nixos/server/hardware-configuration.nix deleted file mode 100644 index 926b7d7..0000000 --- a/nixos/server/hardware-configuration.nix +++ /dev/null @@ -1,26 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s29u1u3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} |