lukas/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2025-03-30 15:03:46 +00:00
parent 2828cef769
commit a83edc4042
No known key found for this signature in database
11 changed files with 73 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
README.md
View file

@ -12,3 +12,14 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
- [ ] game rom sync insomniac
- [ ] insomniac backups
- [ ] nginx websites
## port allocation
* 80X0: public HTTP services that are proxied through nginx
* 40X0: private HTTP services that are accessible via tailscale
* 20XX: Administrative stuff, like prometheus etc.
* 8000: vaultwarden
* 8010: headscale
* 4000: syncthing

4
classes/headful/cosmic.nix
View file

@ -4,7 +4,7 @@
];
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
substituters = ["https://cosmic.cachix.org"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
@ -12,4 +12,6 @@
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
}

1
classes/headful/syncthing.nix → common/syncthing.nix
View file

@ -3,6 +3,7 @@
enable = true;
systemService = true;
openDefaultPorts = true;
guiAddress = "localhost:4000";
overrideDevices = false;
overrideFolders = false;
};

54
flake.lock
View file

@ -95,11 +95,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1742659231,
"narHash": "sha256-7bvafmxXeRfoAtWSJeTFmHlCHMte0cZecGE/BvvgyqE=",
"lastModified": 1743292849,
"narHash": "sha256-rybjlr2xNmSHrlRVliYvI9bOPRnROecFqz+tO0V2woI=",
"owner": "cachix",
"repo": "devenv",
"rev": "c651cb04013be972767aaecb3e9a98fc930d080e",
"rev": "fa5cbf91fb1f1614936997badbb6018a2fdef320",
"type": "github"
},
"original": {
@ -332,11 +332,11 @@
},
"hardware": {
"locked": {
"lastModified": 1742806253,
"narHash": "sha256-zvQ4GsCJT6MTOzPKLmlFyM+lxo0JGQ0cSFaZSACmWfY=",
"lastModified": 1743167577,
"narHash": "sha256-I09SrXIO0UdyBFfh0fxDq5WnCDg8XKmZ1HQbaXzMA1k=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "ecaa2d911e77c265c2a5bac8b583c40b0f151726",
"rev": "0ed819e708af17bfc4bbc63ee080ef308a24aa42",
"type": "github"
},
"original": {
@ -446,11 +446,11 @@
]
},
"locked": {
"lastModified": 1742701275,
"narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
"lastModified": 1743306489,
"narHash": "sha256-LROaIjSLo347cwcHRfSpqzEOa2FoLSeJwU4dOrGm55E=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
"rev": "b3696bfb6c24aa61428839a99e8b40c53ac3a82d",
"type": "github"
},
"original": {
@ -467,11 +467,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1742863891,
"narHash": "sha256-/mGCIxO7zlWCHOZLaOMRoJgSLpIav0PBKWG3BQddElw=",
"lastModified": 1743332965,
"narHash": "sha256-PCzC/PqUi7sj2SeELx/eXNOoKbd/HJbQY0DIyzwcK1M=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "366999efebcad2165f472ef93e9c996693bda75d",
"rev": "5a00e93576d3ae9c6ad21d139542c236337dc840",
"type": "github"
},
"original": {
@ -529,11 +529,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1742512142,
"narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=",
"lastModified": 1743231893,
"narHash": "sha256-tpJsHMUPEhEnzySoQxx7+kA+KUtgWqvlcUBqROYNNt0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7105ae3957700a9646cc4b766f5815b23ed0c682",
"rev": "c570c1f5304493cafe133b8d843c7c1c4a10d3a6",
"type": "github"
},
"original": {
@ -609,11 +609,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1742422364,
"narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"type": "github"
},
"original": {
@ -625,11 +625,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1742578646,
"narHash": "sha256-GiQ40ndXRnmmbDZvuv762vS+gew1uDpFwOfgJ8tLiEs=",
"lastModified": 1743076231,
"narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "94c4dbe77c0740ebba36c173672ca15a7926c993",
"rev": "6c5963357f3c1c840201eda129a99d455074db04",
"type": "github"
},
"original": {
@ -646,11 +646,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1742730186,
"narHash": "sha256-LSAS036RA4iXtJNBzdiOayHQ3ZUrLlgi//jqwsuqqv4=",
"lastModified": 1743328785,
"narHash": "sha256-bIpp6q4/mW0cB6UWz85j5+v9jzUxJBG1m8o/e7zLJPg=",
"owner": "fossar",
"repo": "nix-phps",
"rev": "032d917f90ac19899915bfc528ebf9ae7a58e53f",
"rev": "db64ff505e1b0026627ddb3f3666eb1911aca9c7",
"type": "github"
},
"original": {
@ -733,11 +733,11 @@
]
},
"locked": {
"lastModified": 1742437918,
"narHash": "sha256-Vflb6KJVDikFcM9E231mRN88uk4+jo7BWtaaQMifthI=",
"lastModified": 1743302122,
"narHash": "sha256-VWyaUfBY49kjN29N140INa9LEW0YIgAr+OEJRdbKfnQ=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f03085549609e49c7bcbbee86a1949057d087199",
"rev": "15c2a7930e04efc87be3ebf1b5d06232e635e24b",
"type": "github"
},
"original": {

5
flake.nix
View file

@ -22,6 +22,11 @@
};
};
nixConfig = {
extra-substituters = "https://cosmic.cachix.org";
extra-trusted-public-keys = "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=";
};
outputs = {
self,
nixpkgs,

45
hosts/headless/abacus/headscale.nix
View file

@ -1,23 +1,22 @@
# {config, ...}: let
# virtualHostName = "";
# in {
# services.headscale = {
# enable = true;
# address = "127.0.0.1";
# port = 8070;
# server_url = "https://${virtualHostName}";
# settings = {
# logtail.enabled = false;
# };
# };
#
# services.nginx.virtualHosts.${virtualHostName} = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://localhost:${toString config.services.headscale.port}";
# proxyWebsockets = true;
# };
# };
# }
{}
{config, ...}: let
virtualHostName = "headscale.helveticanonstandard.net";
in {
services.headscale = {
enable = true;
address = "127.0.0.1";
port = 8010;
server_url = "https://${virtualHostName}";
settings = {
logtail.enabled = false;
};
};
services.nginx.virtualHosts.${virtualHostName} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
}

50
hosts/headless/abacus/microbin.nix
View file

@ -1,50 +0,0 @@
# TODO: use another service for this
{
config,
lib,
...
}: let
inherit (config.networking) domain;
virtualHostName = "bin.${domain}";
in {
age.secrets = lib.mkSecrets {microbin = {};};
services.microbin = {
enable = true;
passwordFile = config.age.secrets.microbin.path;
settings = {
MICROBIN_BIND = "127.0.0.1";
MICROBIN_PORT = 8020;
MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/";
MICROBIN_READONLY = true;
MICROBIN_EDITABLE = true;
MICROBIN_ETERNAL_PASTA = true;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_PRIVATE = true;
MICROBIN_ENABLE_BURN_AFTER = true;
MICROBIN_QR = true;
MICROBIN_NO_FILE_UPLOAD = false;
MICROBIN_ENCRYPTION_CLIENT_SIDE = true;
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = 1024;
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = 4096;
MICROBIN_DISABLE_UPDATE_CHECKING = true;
MICROBIN_DISABLE_TELEMETRY = true;
MICROBIN_LIST_SERVER = false;
};
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = let
host = config.services.microbin.settings.MICROBIN_BIND;
port = builtins.toString config.services.microbin.settings.MICROBIN_PORT;
in "http://${host}:${port}";
};
}

18
hosts/headless/abacus/syncthing.nix
View file

@ -1,18 +0,0 @@
{config, ...}: let
inherit (config.networking) domain;
virtualHostName = "sync.${domain}";
in {
services.syncthing = {
enable = true;
systemService = true;
openDefaultPorts = true;
guiAddress = "localhost:8040";
};
services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.syncthing.guiAddress}";
};
}

16
hosts/headless/vessel/syncthing.nix
View file

@ -1,16 +0,0 @@
# TODO: unify syncthing.nix files
let
guiPort = 8384;
in {
services.syncthing = {
enable = true;
systemService = true;
openDefaultPorts = true;
guiAddress = let
host = "0.0.0.0";
port = builtins.toString guiPort;
in "${host}:${port}";
};
networking.firewall.allowedTCPPorts = [guiPort];
}

11
secrets/microbin.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw zQc/Ff2ZDIDRIAF+iJOH9d1dlK2CJImVGG0HkPpeEgc
uMvcMchUjU8MBgnQSSxi0q1IDW2/kvQnRn2CgTaK5CE
-> ssh-ed25519 S+dwQQ hD4n7yXZ2SlC56zkN1DOU5uMCMk9u+3flIDu0V0TZyA
7TIxfNJvt2p247DwP2A7ngk0Yr2juzEAlYxVEp58rIk
-> ssh-ed25519 bPbvlw 89fmWI4eUFpstBBBtf+giqlNkvZcdTgd2pU2zwnrvjc
3oACdvrPGC02HFYpGpJ9EBHyWHuHFO0mao02o1J4G5A
-> ssh-ed25519 ffmsLw 7gJFX9Fu4mfZjjtExyX7CBWimIhG76vSzniqDzzSogY
FhDV1voL0ClZz59FMVL7zQBfmjYPHVQmeXAdS1GZjYk
--- PFWx9UzONDClbbTfmHO/fZ5u8TZy+RqzdyPqHFNYTI4
7¾[£ii׺¹°‰Z¸s„GaÇHjÉæÊ„!lŸ?Y¯îZ'rÆÕäEŒ7*‰0>g­¥[ÊÂÀü[läY½{&—tàSd"1 0zCîÆèà”\£A1Óe<C393>Ìgî­6ú9uooÏà Ž5{«,k,ïðá=¦É48Ÿ7‘ÉÏÕº|bHŸRÇ´ý:Xò~¶CÛÂWK°Ã

7
secrets/secrets.nix
View file

@ -1,9 +1,10 @@
with import ../pubkeys.nix; {
let
pubkeys = import ../pubkeys.nix;
inherit (pubkeys) users hosts;
in {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
"user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
"microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];