From 807abf11224fdba6bdd3f7dca30a7934439c5127 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 8 Sep 2023 23:38:24 -0600 Subject: [PATCH] same as the previous but for workstation --- workstation/configuration.org | 286 ++++++++---------------------- workstation/nginx.nix | 9 + workstation/scripts/update-dns.sh | 2 +- workstation/servers.nix | 9 + 4 files changed, 92 insertions(+), 214 deletions(-) diff --git a/workstation/configuration.org b/workstation/configuration.org index 382b4d6..6f9afad 100755 --- a/workstation/configuration.org +++ b/workstation/configuration.org @@ -54,8 +54,6 @@ let (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { config = config.nixpkgs.config; }; - nixGaming = import - (builtins.fetchTarball "https://github.com/fufexan/nix-gaming/archive/master.tar.gz"); jawzManageLibrary = pkgs.writeScriptBin "manage-library" (builtins.readFile ./scripts/manage-library.sh); jawzTasks = pkgs.writeScriptBin @@ -76,7 +74,6 @@ imports = [ # ./openldap.nix # (import "${home-manager}/nixos") - nixGaming.nixosModules.pipewireLowLatency ]; #+end_src @@ -93,6 +90,28 @@ Pick *ONLY ONE* of the below networking options. networking = { hostName = "workstation"; networkmanager.enable = true; + extraHosts = '' + 192.168.1.64 battlestation + ''; + firewall = let + open_firewall_ports = [ + 6969 # HentaiAtHome + 25152 # ssh + 51413 # torrent sedding + 9091 # qbittorrent + 2049 # nfs + ]; + open_firewall_port_ranges = [ + { from = 1714; to = 1764; } # kdeconnect + ]; + in + { + enable = true; + allowedTCPPorts = open_firewall_ports; + allowedUDPPorts = open_firewall_ports; + allowedTCPPortRanges = open_firewall_port_ranges; + allowedUDPPortRanges = open_firewall_port_ranges; + }; }; #+end_src @@ -130,38 +149,12 @@ undesirable packages from installing. services = { xserver = { enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; + # displayManager.gdm.enable = true; + # desktopManager.gnome.enable = true; layout = "us"; libinput.enable = true; # Wacom required? }; }; - -environment.gnome.excludePackages = (with pkgs; [ - gnome-photos - gnome-tour - gnome-text-editor - gnome-connections - # gnome-shell-extensions - baobab -]) -++ (with pkgs.gnome; [ - # totem - gedit - gnome-music - epiphany - gnome-characters - yelp - gnome-font-viewer - cheese -]); - -# Sets up QT to use adwaita themes. -qt = { - enable = true; - platformTheme = "gnome"; - style = "adwaita"; -}; #+end_src * SOUND @@ -172,17 +165,17 @@ latency will require expanding these settings. #+begin_src nix hardware.pulseaudio.enable = false; sound.enable = false; -services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - lowLatency = { - enable = true; - quantum = 64; - rate = 48000; - }; -}; +# services.pipewire = { +# enable = true; +# alsa.enable = true; +# alsa.support32Bit = true; +# pulse.enable = true; +# lowLatency = { +# enable = true; +# quantum = 64; +# rate = 48000; +# }; +# }; #+end_src * SECURITY @@ -240,114 +233,6 @@ Begin the block to install user packages. packages = (with pkgs; [ #+end_src -** GUI PACKAGES -All of my GUI applications categorized to make it easier to identify what each -application does, and the justification for is existence on my system. - -*** ART AND DEVELOPMENT -Art and development applications are together, as a game-developer one of my -goals is to create a workflow between this ecosystem of applications. - -#+begin_src nix -blender # cgi animation and sculpting -godot # game development -gdtoolkit # gdscript language server -krita # art to your heart desire! -# drawpile # arty party with friends!! -mypaint # not the best art program -mypaint-brushes # but it's got some -mypaint-brushes1 # nice damn brushes -pureref # create inspiration/reference boards -gimp # the coolest bestest art program to never exist -#+end_src - -*** GAMING -So far gaming has been a lot less painful than I could have originally -anticipated, most everything seems to run seamlessly. -=note= Roblox uninstalled as there is ongoing drama regarding linux users. - -#+begin_src nix -lutris -heroic -wine64Packages.stable -wineWowPackages.stable -winetricks -vulkan-tools -# nixGaming.packages.${pkgs.hostPlatform.system}.wine-tkg -# nixGaming.packages.${pkgs.hostPlatform.system}.wine-discord-ipc-bridge -# grapejuice # roblox manager -minecraft # minecraft official launcher -parsec-bin # remote gaming with friends -protonup-qt # update proton-ge -#+end_src - -*** PRODUCTIVITY -This is the section where the apps that help me be productive come, a lot of -this are not used as often as I wish… - -#+begin_src nix -libreoffice-fresh # office, but based -calibre # ugly af eBook library manager -foliate # gtk eBook reader -newsflash # feed reader, syncs with nextcloud -wike # gtk wikipedia wow! -unstable.furtherance # I made this one tehee track time utility -gnome.simple-scan # scanner -#+end_src - -*** MISC -Most of these apps, are part of the gnome circle, and I decide to install them -if just for a try and play a little. - -#+begin_src nix -# sequeler # friendly SQL client -blanket # background noise -# czkawka # duplicate finder -pika-backup # backups -gnome-obfuscate # censor private information -metadata-cleaner # remove any metadata and geolocation from files -gnome-recipes # migrate these to mealie and delete -denaro # manage your finances -# celeste # sync tool for any cloud provider -libgda # for pano shell extension -#+end_src - -*** MULTIMEDIA -Overwhelmingly player applications, used for videos and music, while most of my -consumption has moved towards jellyfin, it's still worth the install of most -of these, for now. - -#+begin_src nix -celluloid # video player -cozy # audiobooks player -gnome-podcasts # podcast player -handbrake # video converter, may be unnecessary -curtail # image compressor -pitivi # video editor -identity # compare images or videos -mousai # poor man shazam -tagger # tag music files -bottles # wine prefix manager -obs-studio # screen recorder & streamer -shortwave # listen to world radio -nextcloud-client # self-hosted google-drive alternative -#+end_src - -*** WEB -Stuff that I use to interact with the web, web browsers, chats, download -managers, etc. - -#+begin_src nix -firefox # web browser that allows to disable spyware -tor-browser-bundle-bin # dark web, so dark! -ungoogled-chromium # web browser with spyware included -discord # chat -telegram-desktop # furry chat -# hugo # website engine -nicotine-plus # remember Ares? -warp # never used, but supposedly cool for sharing files -#+end_src - ** COMMAND-LINE PACKAGES #+begin_src nix @@ -376,8 +261,8 @@ jawzTasks (writeScriptBin "ffmpreg" (builtins.readFile ./scripts/ffmpreg.sh)) (writeScriptBin "chat-dl" (builtins.readFile ./scripts/chat-dl.sh)) (writeScriptBin "split-dir" (builtins.readFile ./scripts/split-dir.sh)) -(writeScriptBin "pika-list" (builtins.readFile ./scripts/pika-list.sh)) -(writeScriptBin "run" (builtins.readFile ./scripts/run.sh)) +# (writeScriptBin "pika-list" (builtins.readFile ./scripts/pika-list.sh)) +# (writeScriptBin "run" (builtins.readFile ./scripts/run.sh)) #+end_src ** DEVELOPMENT PACKAGES @@ -438,12 +323,6 @@ Themes and other customization, making my DE look the way I want is one of the main draws of Linux for me. #+begin_src nix -# Themes -adw-gtk3 -# gradience # theme customizer, allows you to modify adw-gtk3 themes -gnome.gnome-tweaks # tweaks for the gnome desktop environment -qgnomeplatform - # Fonts (nerdfonts.override { fonts = [ "Agave" "CascadiaCode" "SourceCodePro" @@ -515,23 +394,6 @@ symbola prettybat # trans your sourcecode! #+end_src -** GNOME EXTENSIONS - -#+begin_src nix -]) ++ (with pkgs.gnomeExtensions; [ - appindicator # applets for open applications - gsconnect # sync data and notifications from your phone - freon # hardware temperature monitor - panel-scroll # scroll well to change workspaces - reading-strip # like putting a finger on every line I read - tactile # window manager - pano # clipboard manager - blur-my-shell # make the overview more visually appealing - # burn-my-windows - # forge # window manager -# ]) ++ (with unstable.pkgs.gnomeExtensions; [ -#+end_src - ** NODEJS PACKAGES #+begin_src nix @@ -611,9 +473,8 @@ if command -v fzf-share >/dev/null; then fi nixos-reload () { - nix-store --add-fixed sha256 /home/jawz/Development/NixOS/scripts/PureRef-1.11.1_x64.Appimage - nixfmt /home/jawz/Development/NixOS/*.nix - sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/configuration.nix + nixfmt /home/jawz/Development/NixOS/workstation/*.nix + sudo nixos-rebuild switch -I nixos-config=/home/jawz/Development/NixOS/workstation/configuration.nix } #+end_src #+begin_src nix @@ -826,14 +687,6 @@ programs = { enable = true; enableSSHSupport = true; }; - geary = { - enable = true; - }; - steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; msmtp = { enable = true; accounts.default = { @@ -916,7 +769,7 @@ systemd = { user = { services = { HentaiAtHome = { - enable = false; + enable = true; restartIfChanged = true; description = "Run hentai@home server"; wantedBy = [ "default.target" ]; @@ -1006,32 +859,6 @@ systemd = { }; #+end_src -* FIREWALL -Open ports in the firewall. -=TIP= list what app a port belongs to in a table. - -#+begin_src nix -networking = { - firewall = let - open_firewall_ports = [ - 6969 # HentaiAtHome - 25152 # ssh - 51413 # torrent - ]; - open_firewall_port_ranges = [ - { from = 1714; to = 1764; } # kdeconnect - ]; - in - { - enable = true; - allowedTCPPorts = open_firewall_ports; - allowedUDPPorts = open_firewall_ports; - allowedTCPPortRanges = open_firewall_port_ranges; - allowedUDPPortRanges = open_firewall_port_ranges; - }; -}; -#+end_src - * MISC SETTINGS ** ENABLE FONTCONFIG If enabled, a Fontconfig configuration file will point to a set of default @@ -1045,6 +872,39 @@ setting. fonts.fontconfig.enable = true; #+end_src +** NFS +#+begin_src nix +fileSystems = { + "/export/disk1" = { + device = "/mnt/disk1"; + options = ["bind"]; + }; + "/export/disk2" = { + device = "/mnt/disk2"; + options = ["bind"]; + }; + "/export/seedbox" = { + device = "/mnt/seedbox"; + options = ["bind"]; + }; + "/export/jawz" = { + device = "/home/jawz"; + options = ["bind"]; + }; +}; +services.nfs = { + server = { + enable = true; + exports = '' + /export 192.168.1.64(rw,fsid=0,no_subtree_check) + /export/disk1 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/disk2 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/seedbox 192.168.1.64(rw,nohide,insecure,no_subtree_check) + /export/jawz 192.168.1.64(rw,nohide,insecure,no_subtree_check) + ''; + }; +}; +#+end_src * FINAL SYSTEM CONFIGURATIONS The first setting creates a copy the NixOS configuration file and link it from the resulting system (/run/current-system/configuration.nix). This is useful in diff --git a/workstation/nginx.nix b/workstation/nginx.nix index 6bde183..16ef56c 100755 --- a/workstation/nginx.nix +++ b/workstation/nginx.nix @@ -6,7 +6,9 @@ let localhost = "127.0.0.1"; + battlestation = "192.168.1.64"; jellyfinPort = "8096"; + gptPort = "7860"; nextcloudPort = 80; searxPort = 8080; newflixPort = 8897; @@ -108,6 +110,13 @@ in { "vault.servidos.lat" = proxy vaultPort // { }; "searx.servidos.lat" = proxy searxPort // { }; "qampqwn4wprhqny8h8zj.servidos.lat" = proxy secretFlamePort // { }; + "6fxAtnPxEeI8hN.servidos.lat" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { proxyPass = "http://${battlestation}:${gptPort}"; }; + }; + }; "flix.servidos.lat" = { forceSSL = true; enableACME = true; diff --git a/workstation/scripts/update-dns.sh b/workstation/scripts/update-dns.sh index 5585ee2..96fbb8f 100755 --- a/workstation/scripts/update-dns.sh +++ b/workstation/scripts/update-dns.sh @@ -5,7 +5,7 @@ # for a domain to your external IP address # namecheap -hostnames=(cloud @) +hostnames=(cloud @ 6fxAtnPxEeI8hN) domain=rotehaare.art password=60d672be5d9d4828a0f96264babe0ac1 diff --git a/workstation/servers.nix b/workstation/servers.nix index 96e9ca8..6f0f28b 100644 --- a/workstation/servers.nix +++ b/workstation/servers.nix @@ -252,4 +252,13 @@ in { }; }; }; + + networking = { + firewall = let open_firewall_ports = [ config.services.paperless.port ]; + in { + enable = true; + allowedTCPPorts = open_firewall_ports; + allowedUDPPorts = open_firewall_ports; + }; + }; }