diff options
Diffstat (limited to 'nixos/configurations')
-rw-r--r-- | nixos/configurations/adm-omnia.nix | 14 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia2.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/binky.nix | 2 | ||||
-rw-r--r-- | nixos/configurations/dean.nix | 13 | ||||
-rw-r--r-- | nixos/configurations/default.nix | 2 | ||||
-rw-r--r-- | nixos/configurations/lipwig.nix | 111 | ||||
-rw-r--r-- | nixos/configurations/spt-mox.nix | 9 | ||||
-rw-r--r-- | nixos/configurations/spt-mox2.nix | 9 | ||||
-rw-r--r-- | nixos/configurations/spt-omnia.nix | 21 |
9 files changed, 145 insertions, 44 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 672788a..dad595b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -37,12 +37,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; "lan0-guest" = { @@ -50,10 +48,8 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 19ee446..2848bd9 100644 --- a/nixos/configurations/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -45,12 +45,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 6dfb6a5..4b552d5 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -75,7 +75,7 @@ in { DHCP = "yes"; IPv6AcceptRA = "yes"; }; - routes = [{routeConfig.Metric = 1088;}]; + routes = [{Metric = 1088;}]; linkConfig.RequiredForOnline = "routable"; }; }; diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix index adc9e87..187e148 100644 --- a/nixos/configurations/dean.nix +++ b/nixos/configurations/dean.nix @@ -1,16 +1,13 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkForce; -in { +{pkgs, ...}: { turris.board = "mox"; deploy.enable = true; cynerd = { wireguard = true; - monitoring.speedtest = true; + monitoring = { + speedtest = true; + drives = false; + }; }; networking = { diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix index c653c2d..974d9d9 100644 --- a/nixos/configurations/default.nix +++ b/nixos/configurations/default.nix @@ -29,7 +29,7 @@ in ]; specialArgs = { inputModules = - mapAttrs (n: v: v.nixosModules) (filterAttrs (n: v: v ? nixosModules) self.inputs) + mapAttrs (_: v: v.nixosModules) (filterAttrs (_: v: v ? nixosModules) self.inputs) // { vpsadminos = self.inputs.vpsadminos.nixosConfigurations.container; }; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 090e8f5..524a864 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -15,6 +15,10 @@ }; cynerd = { + monitoring = { + hw = false; + drives = false; + }; syncthing = { enable = false; baseDir = "/nas"; @@ -29,12 +33,30 @@ "/nas" = { device = "172.16.128.63:/nas/2682"; fsType = "nfs"; + options = [ + "_netdev" + "x-systemd.automount" + ]; }; "/nas/nextcloud-sync" = { device = "/nas/sync"; fsType = "fuse.bindfs"; options = ["map=syncthing/nextcloud:@syncthing/@nextcloud"]; }; + "/nas/spt" = { + device = "nas@omnia.spt:/data/nas"; + fsType = "fuse.sshfs"; + options = [ + "allow_other" + "_netdev" + "x-systemd.automount" + "reconnect" + "identityfile=/run/secrets/nas.ssh.priv" + "idmap=user" + "uid=nextcloud" + "gid=nextcloud" + ]; + }; }; networking = { @@ -85,8 +107,8 @@ root = "${pkgs.cgit}/cgit"; locations."/".tryFiles = "$uri @cgit"; locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; @@ -105,6 +127,14 @@ proxyWebsockets = true; }; }; + "searx.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/".extraConfig = '' + uwsgi_pass "unix:///run/searx/searx.sock"; + include ${config.services.nginx.package}/conf/uwsgi_params; + ''; + }; }; }; services.fcgiwrap = { @@ -115,9 +145,10 @@ acceptTerms = true; defaults.email = "cynerd+acme@email.cz"; certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" "cloud.cynerd.cz" + "git.cynerd.cz" "grafana.cynerd.cz" + "searx.cynerd.cz" ]; }; @@ -248,6 +279,82 @@ ensureDatabases = ["nextcloud"]; }; + # SearX #################################################################### + services.searx = { + enable = true; + environmentFile = "/run/secrets/searx.env"; + settings = { + server.secret_key = "@SEARX_SECRET_KEY@"; + search = { + autocomplete = "google"; + autocomplete_min = 2; + }; + ui = { + query_in_title = true; + infinite_scroll = true; + center_alignment = true; + hotkeys = "vim"; + }; + engines = [ + { + name = "seznam"; + disabled = false; + } + { + name = "material icons"; + disabled = false; + } + { + name = "svgrepo"; + disabled = false; + } + { + name = "peertube"; + disabled = false; + } + { + name = "lib.rs"; + disabled = false; + } + { + name = "gitlab"; + disabled = false; + } + { + name = "sourcehut"; + disabled = false; + } + { + name = "free software directory"; + disabled = false; + } + { + name = "cppreference"; + disabled = false; + } + { + name = "searchcode code"; + disabled = false; + } + { + name = "imdb"; + disabled = false; + } + { + name = "tmdb"; + disabled = false; + } + ]; + }; + runInUwsgi = true; + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + }; + redisCreateLocally = true; + }; + users.groups.searx.members = ["nginx"]; + # Old Syncthing ############################################################ services.syncthing = { enable = true; diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index c5ad7fb..0bc7627 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -7,6 +7,7 @@ cynerd = { home-assistant = true; + monitoring.drives = false; switch = { enable = true; lanAddress = "${config.cynerd.hosts.spt.mox}/24"; @@ -41,12 +42,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index c713477..085bb5f 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -6,6 +6,7 @@ }; cynerd = { + monitoring.drives = false; switch = { enable = true; lanAddress = "${config.cynerd.hosts.spt.mox2}/24"; @@ -40,12 +41,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index 22d9ecc..29fe8c4 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -88,7 +88,10 @@ in { users = { nas = { group = "nas"; - openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")]; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/nas.pub") + (config.personal-secrets + "/unencrypted/nas-spt.pub") + ]; isNormalUser = true; home = "/data/nas"; homeMode = "770"; @@ -135,8 +138,12 @@ in { DHCP = "ipv6"; IPv6AcceptRA = "no"; DHCPPrefixDelegation = "yes"; + DNS = "1.1.1.1"; + }; + dhcpV6Config = { + PrefixDelegationHint = "::/56"; + UseDNS = "no"; }; - dhcpV6Config.PrefixDelegationHint = "::/56"; dhcpPrefixDelegationConfig = { UplinkInterface = ":self"; SubnetId = 0; @@ -149,12 +156,10 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; @@ -170,7 +175,7 @@ in { lcp-echo-adaptive defaultroute defaultroute6 - usepeerdns + #usepeerdns maxfail 1 user metronet password metronet |