diff options
Diffstat (limited to 'nixos/configurations')
| -rw-r--r-- | nixos/configurations/binky.nix | 8 | ||||
| -rw-r--r-- | nixos/configurations/dribbler.nix | 112 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 9 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 45 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 1 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 24 |
6 files changed, 178 insertions, 21 deletions
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 6d8e5c3..9e3866f 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,10 +1,4 @@ { - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { @@ -91,6 +85,4 @@ in { enable = true; dataDir = "/home/cynerd"; }; - - environment.systemPackages = [pkgs.heroic]; } diff --git a/nixos/configurations/dribbler.nix b/nixos/configurations/dribbler.nix new file mode 100644 index 0000000..038f455 --- /dev/null +++ b/nixos/configurations/dribbler.nix @@ -0,0 +1,112 @@ +{pkgs, ...}: { + system.stateVersion = "25.11"; + nixpkgs.hostPlatform.system = "x86_64-linux"; + deploy = { + enable = true; + default = false; + ssh.host = "dribbler"; + }; + + cynerd = { + wifiClient = true; + }; + + boot = { + initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; + kernelModules = ["kvm-intel"]; + kernelParams = ["video=eDP-1:d"]; # Disable internal display for kodi to use HDMI + }; + + hardware.cpu.intel.updateMicrocode = true; + + cynerd.autounlock = { + "encroot" = "/dev/disk/by-uuid/f791f524-0552-487b-9bf9-5c20ca78651b"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7143-1EE7"; + fsType = "vfat"; + }; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network = { + networks = { + "dhcp" = { + matchConfig.Name = "enp1s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + "dhcp-wlan" = { + matchConfig.Name = "wlp2s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + routes = [{Metric = 1088;}]; + linkConfig.RequiredForOnline = "routable"; + }; + }; + wait-online.enable = false; + }; + + # Kodi + environment.systemPackages = with pkgs; [ + kodi-gbm + ]; + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + libvdpau-va-gl + ]; + }; + bluetooth.enable = true; + }; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + #nixpkgs.config.kodi.enableAdvancedLauncher = true; + users.extraUsers.kodi = { + isNormalUser = true; + extraGroups = ["audio" "video" "input"]; + }; + systemd.services.kodi = { + description = "Kodi standalone (GBM)"; + wantedBy = ["multi-user.target"]; + conflicts = ["getty@tty1.service"]; + serviceConfig = { + User = "kodi"; + TTYPath = "/dev/tty1"; + ExecStart = "${pkgs.kodi-gbm}/bin/kodi-standalone"; + Restart = "on-abort"; + StandardInput = "tty"; + StandardOutput = "journal"; + }; + }; + networking.firewall = { + allowedTCPPorts = [8080]; + allowedUDPPorts = [8080]; + }; +} diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 0b213ec..556ca5d 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -22,6 +22,7 @@ }; wireguard = true; borgjobs = { + # TODO backup influx postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall ''; @@ -121,7 +122,7 @@ forceSSL = true; useACMEHost = "cynerd.cz"; locations."/".extraConfig = '' - uwsgi_pass "unix:///run/searx/searx.sock"; + uwsgi_pass "unix://${config.services.searx.uwsgiConfig.socket}"; include ${config.services.nginx.package}/conf/uwsgi_params; ''; }; @@ -253,7 +254,7 @@ twofactor_webauthn ; # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab,fileslibreofficeedit" + # NEXTCLOUD_VERSIONS=32 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab,fileslibreofficeedit" fileslibreofficeedit = pkgs.fetchNextcloudApp { url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz"; hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8="; @@ -275,8 +276,8 @@ license = "agpl3Plus"; }; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.10.0/passwords-lsr-81.tar.gz"; - hash = "sha256-6QKbmm804BN5bANcdH1BbG2oy1nBgnLY5CLidPF44Uk="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; + hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 97a0456..9f3ed57 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -10,6 +10,9 @@ openvpn = { elektroline = true; }; + borgjobs = { + hetzner-s3.paths = "/back/hetzner-s3-sync"; + }; }; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; @@ -77,8 +80,44 @@ nix.settings.max-jobs = 4; ############################################################################## - services.syncthing = { - enable = true; - dataDir = "/home/cynerd"; + services = { + syncthing = { + enable = true; + dataDir = "/home/cynerd"; + }; + + octoprint = { + enable = true; + openFirewall = true; + }; + + mjpg-streamer = { + enable = true; + inputPlugin = "input_uvc.so -d /dev/video2 -r 1920x1080 -f 30"; + outputPlugin = "output_http.so -p 5001 -w @www@"; + }; + }; + networking.firewall.allowedTCPPorts = [5001]; + + # Service to synchronize local copy of Hetzner S3 + systemd = { + services."hetzner-sync" = { + script = '' + /run/current-system/sw/bin/rclone --config /run/secrets/rclone-hetzner.conf \ + sync hetzner: /back/hetzner-s3-sync + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + timers."hetzner-sync" = { + wantedBy = ["timers.target"]; + timerConfig.Unit = "hetzner-sync.service"; + timerConfig = { + OnCalendar = "daily"; + Persistent = false; + }; + }; }; } diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index c13956b..c2ef049 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -18,7 +18,6 @@ in { "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:57:a2:31" = hosts.mpd; - "74:bf:c0:42:82:19" = hosts.printer; }; }; wifiAP.spt = { diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 3796af0..6ce1b6b 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -1,4 +1,8 @@ -{config, ...}: let +{ + config, + pkgs, + ... +}: let hosts = config.cynerd.hosts.zd; in { system.stateVersion = "25.05"; @@ -14,9 +18,11 @@ in { wan = "pppoe-wan"; lanIP = hosts.mox; staticLeases = { + "4c:d5:77:0d:85:d9" = hosts.binky; "70:85:c2:4a:59:f2" = hosts.ridcully; + "74:bf:c0:42:82:19" = hosts.printer; "f8:dc:7a:79:00:e6" = hosts.tc; - "4c:d5:77:0d:85:d9" = hosts.binky; + "34:94:54:33:6b:48" = hosts.vb; }; }; wireguard = true; @@ -110,9 +116,12 @@ in { # user and password added in secrets ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end0.848.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + requires = ["sys-subsystem-net-devices-end0.848.device"]; + partOf = ["systemd-networkd.service"]; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' @@ -140,4 +149,9 @@ in { certs."zd.cynerd.cz" = {}; }; networking.firewall.allowedTCPPorts = [80 443]; + + environment.systemPackages = with pkgs; [ + nmap + tcpdump + ]; } |