aboutsummaryrefslogtreecommitdiff
path: root/nixos/configurations
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/configurations')
-rw-r--r--nixos/configurations/adm-omnia.nix1
-rw-r--r--nixos/configurations/dean.nix14
-rw-r--r--nixos/configurations/errol.nix40
-rw-r--r--nixos/configurations/lipwig.nix37
-rw-r--r--nixos/configurations/ridcully.nix10
-rw-r--r--nixos/configurations/spt-mox.nix31
-rw-r--r--nixos/configurations/spt-mox2.nix16
-rw-r--r--nixos/configurations/spt-omnia.nix56
-rw-r--r--nixos/configurations/zd-mox.nix128
9 files changed, 198 insertions, 135 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 55ee733..2b80bbc 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -15,7 +15,6 @@ in {
wan = "pppoe-wan";
lanIP = hosts.omnia;
staticLeases = {
- "70:85:c2:4a:59:f2" = hosts.ridcully;
"7c:b0:c2:bb:9c:ca" = hosts.albert;
"4c:d5:77:0d:85:d9" = hosts.binky;
"b8:27:eb:49:54:5a" = hosts.mpd;
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index dfb03e1..a95d9f1 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -11,6 +11,20 @@
};
};
+ boot.initrd.availableKernelModules = ["dm-mod"];
+
+ hardware.enableAllFirmware = false; # No wifi so we do not need firmwares
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+ };
+
networking = {
useNetworkd = true;
useDHCP = false;
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index f986631..defacf3 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -1,11 +1,4 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkDefault;
-in {
+{pkgs, ...}: {
system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
@@ -96,36 +89,5 @@ in {
enable = true;
dataDir = "/home/cynerd";
};
-
- home-assistant = {
- enable = true;
- openFirewall = true;
- configDir = "/var/lib/hass";
- config = {
- homeassistant = {
- name = "SPT";
- latitude = "!secret latitude";
- longitude = "!secret longitude";
- elevation = "!secret elevation";
- time_zone = "Europe/Prague";
- country = "CZ";
- };
- http.server_port = 8808;
- mqtt = {
- sensor = import ../home-assistant/sensors.nix;
- light = import ../home-assistant/light.nix;
- };
- default_config = {};
- automation = "!include automations.yaml";
- };
- extraComponents = ["met"];
- package = pkgs.home-assistant.override {
- extraPackages = pkgs:
- with pkgs; [
- securetar
- pyipp
- ];
- };
- };
};
}
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 5855b6d..2f5e242 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -107,10 +107,6 @@
forceSSL = true;
useACMEHost = "cynerd.cz";
};
- "office.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- };
"grafana.cynerd.cz" = {
forceSSL = true;
useACMEHost = "cynerd.cz";
@@ -245,9 +241,9 @@
forms
groupfolders
impersonate
+ maps
memories
notes
- onlyoffice
phonetrack
previewgenerator
spreed
@@ -255,15 +251,20 @@
twofactor_webauthn
;
# Additional modules can be fetched with:
- # NEXTCLOUD_VERSIONS=30 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab"
+ # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab"
+ fileslibreofficeedit = pkgs.fetchNextcloudApp {
+ url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz";
+ hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8=";
+ license = "agpl3Plus";
+ };
integration_github = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.1.1/integration_github-v3.1.1.tar.gz";
- hash = "sha256-nm463H33WyXTJkb7+OSsunARNuSl5nc3uGClgwkVvhM=";
+ url = "https://github.com/nextcloud-releases/integration_github/releases/download/v3.2.1/integration_github-v3.2.1.tar.gz";
+ hash = "sha256-iBWphFaXmQHNxgoi9qkfV7vCTChwtk6yg0aVr9Lhn4c=";
license = "agpl3Plus";
};
integration_gitlab = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.1.2/integration_gitlab-v3.1.2.tar.gz";
- hash = "sha256-nCH0DqYmr4T856sOU5PhSK6WAHIF9mnYThgytxEbkNA=";
+ url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v3.2.0/integration_gitlab-v3.2.0.tar.gz";
+ hash = "sha256-BDDuqQIDV3pn1mYutjA7Z3L2nib2wW6DlZgyqU46f8Q=";
license = "agpl3Plus";
};
money = pkgs.fetchNextcloudApp {
@@ -272,22 +273,12 @@
license = "agpl3Plus";
};
passwords = pkgs.fetchNextcloudApp {
- url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.5.1/passwords.tar.gz";
- hash = "sha256-v4IVpqbTN3TKORESFX+sJsiSrLkUc0b5Stj8CmznSIw=";
- license = "agpl3Plus";
- };
- maps = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud/maps/releases/download/v1.6.0-3-nightly/maps-1.6.0-3-nightly.tar.gz";
- hash = "sha256-E0S/CwXyye19lcuiONEQCyHJqlL0ZG1A9Q7oOTEZH1g=";
+ url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.7.0/passwords.tar.gz";
+ hash = "sha256-SVItAtFRO/CbZ203ZS86inCZ+ZpGy0NUS3y2Xj1b+LI=";
license = "agpl3Plus";
};
};
};
- # OnlyOffice ###############################################################
- services.onlyoffice = {
- enable = true;
- hostname = "office.cynerd.cz";
- };
# Postgresql ###############################################################
services.postgresql = {
@@ -370,7 +361,7 @@
}
];
};
- runInUwsgi = true;
+ configureUwsgi = true;
uwsgiConfig = {
socket = "/run/searx/searx.sock";
chmod-socket = "660";
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index 0b2705c..3dd9beb 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -1,10 +1,4 @@
-{
- lib,
- pkgs,
- ...
-}: let
- inherit (lib) mkDefault;
-in {
+{pkgs, ...}: {
system.stateVersion = "24.05";
nixpkgs.hostPlatform.system = "x86_64-linux";
deploy.enable = true;
@@ -79,5 +73,5 @@ in {
};
# Force nix to use less jobs
- nix.settings.max-jobs = 8;
+ nix.settings.max-jobs = 4;
}
diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix
index 8a842b7..4dfa2c8 100644
--- a/nixos/configurations/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -28,13 +28,17 @@
};
};
- services.journald.extraConfig = ''
- SystemMaxUse=512M
- '';
+ boot.initrd.availableKernelModules = ["dm-mod"];
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
};
networking = {
@@ -73,25 +77,10 @@
acl = ["read bigclown/node/#"];
passwordFile = "/run/secrets/mosquitto.telegraf.pass";
};
- homeassistant = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite bigclown/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.homeassistant.pass";
- };
bigclown = {
acl = ["readwrite bigclown/#"];
passwordFile = "/run/secrets/mosquitto.bigclown.pass";
};
- zigbee2mqtt = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass";
- };
};
}
];
diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix
index fd2c074..2e76449 100644
--- a/nixos/configurations/spt-mox2.nix
+++ b/nixos/configurations/spt-mox2.nix
@@ -23,13 +23,17 @@
};
};
- services.journald.extraConfig = ''
- SystemMaxUse=512M
- '';
+ boot.initrd.availableKernelModules = ["dm-mod"];
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
};
networking = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 1809b2a..8449f0d 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -15,6 +15,7 @@ in {
lanIP = hosts.omnia;
staticLeases = {
"a8:a1:59:10:32:c4" = hosts.errol;
+ "70:85:c2:4a:59:f2" = hosts.ridcully;
"7c:b0:c2:bb:9c:ca" = hosts.albert;
"4c:d5:77:0d:85:d9" = hosts.binky;
"b8:27:eb:57:a2:31" = hosts.mpd;
@@ -38,18 +39,20 @@ in {
monitoring.speedtest = true;
};
- services.journald.extraConfig = ''
- SystemMaxUse=8G
- '';
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=8G
+ '';
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
- };
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
- services.fail2ban = {
- enable = true;
- ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ };
};
networking.useDHCP = false;
@@ -133,32 +136,11 @@ in {
'';
##############################################################################
- services = {
- zigbee2mqtt = {
- enable = true;
- settings = {
- serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
- mqtt = {
- server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
- user = "zigbee2mqtt";
- password = "!secret.yaml mqtt_password";
- };
- advanced = {
- network_key = "!secret.yaml network_key";
- homeassistant_legacy_entity_attributes = false;
- legacy_api = false;
- legacy_availability_payload = false;
- last_seen = "epoch";
- };
- frontend = true;
- availability = true;
- homeassistant = {
- legacy_triggers = false;
- };
- device_options.legacy = false;
- permit_join = false;
- devices = config.secrets.zigbee2mqttDevices;
- };
- };
+ cynerd.ha = {
+ enable = true;
+ domain = "spt.cynerd.cz";
+ extraOptions = [
+ "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0"
+ ];
};
}
diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix
new file mode 100644
index 0000000..a6f327c
--- /dev/null
+++ b/nixos/configurations/zd-mox.nix
@@ -0,0 +1,128 @@
+{config, ...}: let
+ hosts = config.cynerd.hosts.zd;
+in {
+ system.stateVersion = "25.05";
+ turris.board = "mox";
+ deploy = {
+ enable = true;
+ ssh.host = "zd.cynerd.cz";
+ };
+
+ cynerd = {
+ router = {
+ enable = true;
+ wan = "pppoe-wan";
+ lanIP = hosts.mox;
+ staticLeases = {
+ "4c:d5:77:0d:85:d9" = hosts.binky;
+ };
+ };
+ wifiAP.zd = {
+ enable = false;
+ qca988x = {
+ interface = "wlp1s0";
+ bssids = config.secrets.wifiMacs.zd-mox.qca988x;
+ channel = 36;
+ };
+ };
+ wireguard = true;
+ monitoring.speedtest = true;
+ };
+
+ boot.initrd.availableKernelModules = ["dm-mod"];
+
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.0.0/24" "10.8.1.0/24" "10.8.2.0/24"];
+ };
+ };
+
+ networking.useDHCP = false;
+ systemd.network = {
+ netdevs = {
+ "end2.848" = {
+ netdevConfig = {
+ Kind = "vlan";
+ Name = "end2.848";
+ };
+ vlanConfig.Id = 848;
+ };
+ };
+ networks = {
+ "end2" = {
+ matchConfig.Name = "end2";
+ networkConfig.VLAN = ["end2.848"];
+ };
+ "end2.848" = {
+ matchConfig.Name = "end2.848";
+ networkConfig.BindCarrier = "end2";
+ };
+ "pppoe-wan" = {
+ matchConfig.Name = "pppoe-wan";
+ networkConfig = {
+ BindCarrier = "end2.848";
+ DHCP = "ipv6";
+ IPv6AcceptRA = "no";
+ DHCPPrefixDelegation = "yes";
+ #DNS = ["84.19.64.3" "84.19.64.4" "1.1.1.1"];
+ DNS = "1.1.1.1";
+ };
+ dhcpV6Config = {
+ PrefixDelegationHint = "::/56";
+ UseDNS = "no";
+ };
+ dhcpPrefixDelegationConfig = {
+ UplinkInterface = ":self";
+ SubnetId = 0;
+ Announce = "no";
+ };
+ linkConfig.RequiredForOnline = "routable";
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan*";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ EgressUntagged = 1;
+ PVID = 1;
+ }
+ {VLAN = 2;}
+ ];
+ };
+ };
+ };
+
+ services.pppd = {
+ enable = true;
+ peers."wan".config = ''
+ plugin pppoe.so end2.848
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ defaultroute
+ defaultroute6
+ maxfail 1
+ # user and password added in secrets
+ '';
+ };
+ systemd.services."pppd-wan" = {
+ after = ["sys-subsystem-net-devices-end2.848.device"];
+ partOf = ["systemd-networkd.service"];
+ };
+ # TODO limit NSS clamping to just pppoe-wan
+ networking.firewall.extraForwardRules = ''
+ tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
+ iifname {"home", "wg"} oifname {"home", "wg"} accept
+ '';
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-24 12:17:24 +0000