matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(servers): add nos machine config
All checks were successful
Discord / discord commits (push) Successful in 51s
Details

Browse source
This commit is contained in:
matt1432 2024-03-02 02:59:40 -05:00
parent 1470111ab2
commit 557dab9321
13 changed files with 163 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
common/nix-on-droid.nix
View file

@ -57,18 +57,15 @@
# Desktop # Desktop
pc = "ssh -t matt@100.64.0.6 'tmux -2u new -At phone'"; pc = "ssh -t matt@100.64.0.6 'tmux -2u new -At phone'";
# Misc Nix servers # NAS
nos = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'";
# Experimenting server
servivi = "ssh -t matt@100.64.0.7 'tmux -2u new -At phone'"; servivi = "ssh -t matt@100.64.0.7 'tmux -2u new -At phone'";
# Cluster nodes # Cluster nodes
thingone = "ssh -t matt@100.64.0.8 'tmux -2u new -At phone'"; thingone = "ssh -t matt@100.64.0.8 'tmux -2u new -At phone'";
thingtwo = "ssh -t matt@100.64.0.9 'tmux -2u new -At phone'"; thingtwo = "ssh -t matt@100.64.0.9 'tmux -2u new -At phone'";
# Proxmox
pve = "ssh -t matt@100.64.0.4 'tmux -2u new -At phone'";
# Proxmox LXC instances
jelly = "mosh matt@100.64.0.4 -- ssh -t matt@10.0.0.123 'tmux -2u new -At phone'";
}; };
} }
]; ];

63
devices/cluster/modules/caddy.nix
View file

@ -8,8 +8,6 @@
inherit (config.sops) secrets; inherit (config.sops) secrets;
caddy = caddy-plugins.packages.${pkgs.system}.default; caddy = caddy-plugins.packages.${pkgs.system}.default;
clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
in { in {
imports = [caddy-plugins.nixosModules.default]; imports = [caddy-plugins.nixosModules.default];
@ -32,9 +30,8 @@ in {
package = caddy; package = caddy;
virtualHosts = let virtualHosts = let
dockerIP = "10.0.0.122"; clusterIP = config.services.pcsd.virtualIps.caddy-vip.ip;
jellyIP = "10.0.0.123"; nosIP = "10.0.0.121";
servivi = "10.0.0.249";
in { in {
"nelim.org" = { "nelim.org" = {
serverAliases = ["*.nelim.org"]; serverAliases = ["*.nelim.org"];
@ -47,17 +44,17 @@ in {
subDomains = { subDomains = {
# Misc one-liners # Misc one-liners
vault.reverseProxy = "${servivi}:8781"; vault.reverseProxy = "${nosIP}:8781";
hauk.reverseProxy = "${servivi}:3003"; hauk.reverseProxy = "${nosIP}:3003";
headscale.reverseProxy = "${clusterIP}:8085"; headscale.reverseProxy = "${clusterIP}:8085";
jelly.reverseProxy = "${jellyIP}:80"; jelly.reverseProxy = "${nosIP}:8097";
# Resume builder # Resume builder
resume.reverseProxy = "${servivi}:3060"; resume.reverseProxy = "${nosIP}:3060";
resauth.reverseProxy = "${servivi}:3100"; resauth.reverseProxy = "${nosIP}:3100";
# Nextcloud & Co # Nextcloud & Co
office.reverseProxy = "http://${servivi}:8055"; office.reverseProxy = "http://${nosIP}:8055";
nextcloud = { nextcloud = {
subDomainName = "cloud"; subDomainName = "cloud";
extraConfig = '' extraConfig = ''
@ -66,81 +63,81 @@ in {
redir /.well-known/webfinger /index.php/.well-known/webfinger 301 redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301 redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
''; '';
reverseProxy = "${servivi}:8042"; reverseProxy = "${nosIP}:8042";
}; };
forgejo = { forgejo = {
subDomainName = "git"; subDomainName = "git";
reverseProxy = "${servivi}:3000"; reverseProxy = "${nosIP}:3000";
}; };
nix-binary-cache = { nix-binary-cache = {
subDomainName = "cache"; subDomainName = "cache";
reverseProxy = "${servivi}:5000"; reverseProxy = "${nosIP}:5000";
}; };
calibre = { calibre = {
subDomainName = "books"; subDomainName = "books";
reverseProxy = "${servivi}:8083"; reverseProxy = "${nosIP}:8083";
}; };
immich = { immich = {
subDomainName = "photos"; subDomainName = "photos";
reverseProxy = "${servivi}:2283"; reverseProxy = "${nosIP}:2283";
}; };
# FreshRSS & Co # FreshRSS & Co
drss.reverseProxy = "${servivi}:3007"; drss.reverseProxy = "${nosIP}:3007";
freshrss = { freshrss = {
subDomainName = "rss"; subDomainName = "rss";
reverseProxy = "${servivi}:2800"; reverseProxy = "${nosIP}:2800";
}; };
jellyseer = { jellyseer = {
subDomainName = "seerr"; subDomainName = "seerr";
reverseProxy = "${servivi}:5055"; reverseProxy = "${nosIP}:5055";
}; };
gameyfin = { gameyfin = {
subDomainName = "games"; subDomainName = "games";
reverseProxy = "${servivi}:8074"; reverseProxy = "${nosIP}:8074";
}; };
wgui.reverseProxy = "${servivi}:51821"; wgui.reverseProxy = "${nosIP}:51821";
lan = { lan = {
reverseProxy = "${servivi}:3020"; reverseProxy = "${nosIP}:3020";
extraConfig = '' extraConfig = ''
redir /index.html / redir /index.html /
''; '';
subDirectories = { subDirectories = {
bazarr.reverseProxy = "${servivi}:6767"; bazarr.reverseProxy = "${nosIP}:6767";
bazarr-french = { bazarr-french = {
subDirName = "bafrr"; subDirName = "bafrr";
reverseProxy = "${servivi}:6766"; reverseProxy = "${nosIP}:6766";
}; };
prowlarr.reverseProxy = "${servivi}:9696"; prowlarr.reverseProxy = "${nosIP}:9696";
radarr.reverseProxy = "${servivi}:7878"; radarr.reverseProxy = "${nosIP}:7878";
sabnzbd.reverseProxy = "${servivi}:8382"; sabnzbd.reverseProxy = "${nosIP}:8382";
sonarr.reverseProxy = "${servivi}:8989"; sonarr.reverseProxy = "${nosIP}:8989";
calibre = { calibre = {
experimental = true; experimental = true;
reverseProxy = "${servivi}:8580"; reverseProxy = "${nosIP}:8580";
}; };
qbittorent = { qbittorent = {
subDirName = "qbt"; subDirName = "qbt";
experimental = true; experimental = true;
reverseProxy = "${servivi}:8080"; reverseProxy = "${nosIP}:8080";
}; };
vaultwarden = { vaultwarden = {
subDirName = "vault"; subDirName = "vault";
experimental = true; experimental = true;
reverseProxy = "${servivi}:8780"; reverseProxy = "${nosIP}:8780";
}; };
}; };
}; };
@ -149,12 +146,12 @@ in {
joal.extraConfig = '' joal.extraConfig = ''
route { route {
rewrite * /joal/ui{uri} rewrite * /joal/ui{uri}
reverse_proxy * ${servivi}:5656 reverse_proxy * ${nosIP}:5656
} }
''; '';
joalws.extraConfig = '' joalws.extraConfig = ''
route { route {
reverse_proxy ${servivi}:5656 reverse_proxy ${nosIP}:5656
} }
''; '';
}; };

45
devices/nos/default.nix
View file

@ -1,9 +1,50 @@
# WIP {config, ...}: let
{...}: { inherit (config.vars) mainUser hostName;
in {
imports = [ imports = [
./hardware-configuration.nix
../../modules/kmscon.nix
../../modules/sshd.nix
../../modules/tailscale.nix
./modules/arion ./modules/arion
./modules/jellyfin ./modules/jellyfin
./modules/mergerfs.nix ./modules/mergerfs.nix
./modules/qbittorrent ./modules/qbittorrent
./modules/snapraid.nix
]; ];
vars = {
mainUser = "matt";
hostName = "nos";
#promptMainColor = "?";
};
users.users.${mainUser} = {
isNormalUser = true;
extraGroups = [
"wheel"
"adm"
];
};
home-manager.users.${mainUser} = {
imports = [];
# No touchy
home.stateVersion = "24.05";
};
networking = {
inherit hostName;
resolvconf.enable = true;
firewall.enable = false;
};
# Set your time zone.
time.timeZone = "America/Montreal";
# No touchy
system.stateVersion = "24.05";
} }

55
devices/nos/hardware-configuration.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
modulesPath,
...
}: {
nixpkgs.hostPlatform = "x86_64-linux";
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
kernelModules = ["kvm-intel"];
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
loader = {
efi.canTouchEfiVariables = true;
timeout = 2;
systemd-boot = {
enable = true;
consoleMode = "max";
configurationLimit = 30;
};
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
};
"/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
zramSwap.enable = true;
hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
}

8
devices/nos/modules/arion/default.nix
View file

@ -29,8 +29,8 @@ in {
rwDataDir = configPath; rwDataDir = configPath;
}; };
services.borgbackup.configs.arion = { #services.borgbackup.configs.arion = {
paths = [configPath]; # paths = [configPath];
exclude = ["**/lineageos*"]; # exclude = ["**/lineageos*"];
}; #};
} }

5
devices/nos/modules/jellyfin/jfa-go.nix
View file

@ -1,5 +1,8 @@
{...}: { {...}: {
systemd.services."arion-jfa-go".after = ["jellyfin.service"]; systemd.services."arion-jfa-go" = {
after = ["jellyfin.service"];
partOf = ["jellyfin.service"];
};
arion.projects."jfa-go"."jfa-go" = { arion.projects."jfa-go"."jfa-go" = {
image = ./images/jfa-go.nix; image = ./images/jfa-go.nix;

9
devices/nos/modules/jellyfin/nginx.conf
View file

@ -21,16 +21,13 @@ http {
## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc. ## The default `client_max_body_size` is 1M, this might not be enough for some posters, etc.
client_max_body_size 20M; client_max_body_size 20M;
# use a variable to store the upstream proxy
set $jellyfin 10.0.0.249;
location = / { location = / {
return 302 https://$host/web/; return 302 https://$host/web/;
} }
location / { location / {
# Proxy main Jellyfin traffic # Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096; proxy_pass http://localhost:8096;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -45,7 +42,7 @@ http {
# location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/ # location block for /web - This is purely for aesthetics so /web/#!/ works instead of having to go to /web/index.html/#!/
location = /web/ { location = /web/ {
# Proxy main Jellyfin traffic # Proxy main Jellyfin traffic
proxy_pass http://$jellyfin:8096/web/index.html; proxy_pass http://localhost:8096/web/index.html;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -56,7 +53,7 @@ http {
location /socket { location /socket {
# Proxy Jellyfin Websockets traffic # Proxy Jellyfin Websockets traffic
proxy_pass http://$jellyfin:8096; proxy_pass http://localhost:8096;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";

26
devices/nos/modules/mergerfs.nix
View file

@ -4,25 +4,6 @@ in {
system.fsPackages = fsPkgs; system.fsPackages = fsPkgs;
environment.systemPackages = fsPkgs; environment.systemPackages = fsPkgs;
fileSystems."/data" = {
device = "//10.0.0.121/public";
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=60"
"x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s"
"uid=1000"
"gid=1000"
"credentials=${builtins.toFile "creds.txt" ''
username=root
domain=WORKGROUP
''}"
];
};
/*
fileSystems = { fileSystems = {
"MergerFS Data" = { "MergerFS Data" = {
mountPoint = "/data"; mountPoint = "/data";
@ -90,6 +71,11 @@ in {
fsType = "ext4"; fsType = "ext4";
device = "/dev/disk/by-id/ata-WDC_WD80EAZZ-00BKLB0_WD-CA1GN0GK-part1"; device = "/dev/disk/by-id/ata-WDC_WD80EAZZ-00BKLB0_WD-CA1GN0GK-part1";
}; };
"d8 8tb-6" = {
mountPoint = "/mnt/drives/8tb6";
fsType = "ext4";
device = "/dev/disk/by-id/ata-ST8000DM004-2U9188_ZR15JMHV-part1";
};
}; };
*/
} }

2
devices/nos/modules/snapraid.nix
View file

@ -36,7 +36,7 @@ in {
parityDrives); parityDrives);
contentFiles = contentFiles =
["/var/snapraid/content"] ["/var/snapraid.content"]
++ map (fs: "${fs.mountPoint}/content") (attrValues dataDrives); ++ map (fs: "${fs.mountPoint}/content") (attrValues dataDrives);
exclude = [ exclude = [

3
devices/servivi/default.nix
View file

@ -11,9 +11,6 @@ in {
./modules/binary-cache.nix ./modules/binary-cache.nix
./modules/minecraft.nix ./modules/minecraft.nix
./modules/nfs.nix ./modules/nfs.nix
# WIP
../nos
]; ];
vars = { vars = {

8
flake.lock
View file

@ -1343,11 +1343,11 @@
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
}, },
"locked": { "locked": {
"lastModified": 1709273629, "lastModified": 1709358901,
"narHash": "sha256-VdU3WH3Pv8ai+/X9z1VucGra1YkZPEUjzcO/F/jhguw=", "narHash": "sha256-/6XBTAxSATwbCudcqnDyx0yM2ic8ctKxdkp5wvH1VIk=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "e0ab13ca6b37c5e87953a5616f5b0b0f837590c6", "rev": "d6f17af6dc95428212abb0219195bdab2498fb3a",
"revCount": 53, "revCount": 54,
"type": "git", "type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
}, },

5
flake.nix
View file

@ -38,6 +38,11 @@
]; ];
binto = mkNixOS [./devices/binto]; binto = mkNixOS [./devices/binto];
nos = mkNixOS [
./devices/nos
secrets.nixosModules.nos
];
servivi = mkNixOS [ servivi = mkNixOS [
./devices/servivi ./devices/servivi
secrets.nixosModules.servivi secrets.nixosModules.servivi

11
modules/tailscale.nix
View file

@ -23,18 +23,15 @@ in {
# Desktop # Desktop
pc = "ssh -t matt@binto 'tmux -2u new -At ${hostName}'"; pc = "ssh -t matt@binto 'tmux -2u new -At ${hostName}'";
# Misc Nix servers # NAS
nos = "ssh -t matt@nos 'tmux -2u new -At ${hostName}'";
# Experimenting server
servivi = "ssh -t matt@servivi 'tmux -2u new -At ${hostName}'"; servivi = "ssh -t matt@servivi 'tmux -2u new -At ${hostName}'";
# Cluster nodes # Cluster nodes
thingone = "ssh -t matt@thingone 'tmux -2u new -At ${hostName}'"; thingone = "ssh -t matt@thingone 'tmux -2u new -At ${hostName}'";
thingtwo = "ssh -t matt@thingtwo 'tmux -2u new -At ${hostName}'"; thingtwo = "ssh -t matt@thingtwo 'tmux -2u new -At ${hostName}'";
# Proxmox
pve = "ssh -t matt@pve 'tmux -2u new -At ${hostName}'";
# Proxmox LXC instances
jelly = "mosh matt@pve -- ssh -t matt@10.0.0.123 'tmux -2u new -At ${hostName}'";
}; };
}; };
} }