This commit is contained in:
Danilo Reyes
@@ -17,22 +17,26 @@ in
|
||||
];
|
||||
my = import ./toggles.nix { inherit config inputs; } // {
|
||||
nix.cores = 6;
|
||||
users.nixremote.enable = true;
|
||||
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixworkstation"
|
||||
"nixminiserver"
|
||||
];
|
||||
network.firewall.enabledServicePorts = true;
|
||||
network.firewall.additionalPorts = [
|
||||
2049 # idk
|
||||
config.my.ports.syncthingGui
|
||||
config.my.ports.syncthingRelay
|
||||
config.my.ports.sonarqube
|
||||
config.my.ports.synapseSsl
|
||||
config.my.ports.tdarr
|
||||
config.my.ports.mediaMap
|
||||
config.my.ports.qbittorrent
|
||||
];
|
||||
users.nixremote = {
|
||||
enable = true;
|
||||
authorizedKeys = inputs.self.lib.getSshKeys [
|
||||
"nixworkstation"
|
||||
"nixminiserver"
|
||||
];
|
||||
};
|
||||
network.firewall = {
|
||||
enabledServicePorts = true;
|
||||
additionalPorts = [
|
||||
2049 # idk
|
||||
config.my.ports.syncthingGui
|
||||
config.my.ports.syncthingRelay
|
||||
config.my.ports.sonarqube
|
||||
config.my.ports.synapseSsl
|
||||
config.my.ports.tdarr
|
||||
config.my.ports.mediaMap
|
||||
config.my.ports.qbittorrent
|
||||
];
|
||||
};
|
||||
};
|
||||
nix.buildMachines = [
|
||||
{
|
||||
@@ -65,10 +69,6 @@ in
|
||||
};
|
||||
networking = {
|
||||
hostName = "server";
|
||||
firewall = {
|
||||
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
|
||||
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
|
||||
};
|
||||
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
|
||||
ips = [ "${config.my.ips.wg-server}/32" ];
|
||||
privateKeyFile = config.sops.secrets."server/private".path;
|
||||
@@ -86,6 +86,10 @@ in
|
||||
}
|
||||
];
|
||||
};
|
||||
firewall = {
|
||||
allowedUDPPorts = config.networking.firewall.allowedTCPPorts;
|
||||
interfaces.wg0.allowedTCPPorts = [ config.my.servers.nextcloud.port ];
|
||||
};
|
||||
};
|
||||
users.users.jawz.packages = builtins.attrValues {
|
||||
inherit (pkgs) podman-compose attic-client;
|
||||
@@ -116,14 +120,12 @@ in
|
||||
vpsHost = "lidarr-reports@${config.my.ips.vps}";
|
||||
vpsPath = "/var/www/html/lidarr-mb-gap";
|
||||
sshKeyFile = config.sops.secrets."private_keys/lidarr-mb-gap".path;
|
||||
sshKnownHosts = {
|
||||
vps = {
|
||||
hostNames = [
|
||||
config.my.ips.vps
|
||||
"[${config.my.ips.vps}]:3456"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
|
||||
};
|
||||
sshKnownHosts.vps = {
|
||||
hostNames = [
|
||||
config.my.ips.vps
|
||||
"[${config.my.ips.vps}]:3456"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPp0wAuZXk96OyA/+2YpQalokS9lZdacjJqY9zN8IScP";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -84,8 +84,6 @@ in
|
||||
};
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/mapper/nvme";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"subvol=nix"
|
||||
"ssd"
|
||||
@@ -96,10 +94,10 @@ in
|
||||
"datacow"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
"/home" = {
|
||||
device = "/dev/mapper/nvme";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
"/home" = {
|
||||
options = [
|
||||
"subvol=home"
|
||||
"ssd"
|
||||
@@ -109,19 +107,19 @@ in
|
||||
"commit=120"
|
||||
"datacow"
|
||||
];
|
||||
device = "/dev/mapper/nvme";
|
||||
fsType = "btrfs";
|
||||
};
|
||||
"/boot" = {
|
||||
options = [ "nofail" ];
|
||||
device = "/dev/disk/by-uuid/c574cb53-dc40-46db-beff-0fe8a4787156";
|
||||
fsType = "ext4";
|
||||
options = [ "nofail" ];
|
||||
};
|
||||
"/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/CBE7-5DEB";
|
||||
fsType = "vfat";
|
||||
};
|
||||
"/srv/pool" = {
|
||||
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"subvol=@data"
|
||||
"compress=zstd:3"
|
||||
@@ -129,34 +127,36 @@ in
|
||||
"commit=120"
|
||||
"datacow"
|
||||
];
|
||||
device = "/dev/disk/by-uuid/1e7cf787-e34d-4e3e-ac3c-0c07309dbd34";
|
||||
fsType = "btrfs";
|
||||
depends = [ "/boot/efi" ];
|
||||
};
|
||||
"/var/lib/nextcloud/data" = {
|
||||
device = "/srv/pool/nextcloud";
|
||||
options = [ "bind" ];
|
||||
device = "/srv/pool/nextcloud";
|
||||
depends = [ "/srv/pool" ];
|
||||
};
|
||||
"/srv/jellyfin/media" = {
|
||||
device = "/srv/pool/multimedia/media";
|
||||
options = [
|
||||
"bind"
|
||||
"ro"
|
||||
];
|
||||
device = "/srv/pool/multimedia/media";
|
||||
depends = [ "/srv/pool" ];
|
||||
};
|
||||
"/export/pool" = {
|
||||
device = "/srv/pool";
|
||||
options = [ "bind" ];
|
||||
device = "/srv/pool";
|
||||
depends = [ "/srv/pool" ];
|
||||
};
|
||||
"/export/jawz" = {
|
||||
device = "/home/jawz";
|
||||
options = [ "bind" ];
|
||||
device = "/home/jawz";
|
||||
depends = [ "/srv/pool" ];
|
||||
};
|
||||
"/export/backups" = {
|
||||
device = "/srv/backups";
|
||||
options = [ "bind" ];
|
||||
device = "/srv/backups";
|
||||
depends = [ "/srv/pool" ];
|
||||
};
|
||||
};
|
||||
|
||||
@@ -4,20 +4,8 @@ let
|
||||
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
|
||||
in
|
||||
{
|
||||
emacs = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
stylix = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
enableProxy = true;
|
||||
enableContainers = true;
|
||||
apps.dictionaries = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
shell = enableList mkEnabledWithUsers [
|
||||
"multimedia"
|
||||
"tools"
|
||||
@@ -93,4 +81,16 @@ in
|
||||
"plausible"
|
||||
"vaultwarden"
|
||||
];
|
||||
emacs = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
stylix = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
apps.dictionaries = {
|
||||
enable = true;
|
||||
users = "jawz";
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user