c2vi/dotfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

screen capture no longer working

Browse Source
This commit is contained in:
Sebastian Moser
2026-04-14 19:10:25 +02:00
parent 8e5316761c
commit 4a62c235f1
19 changed files with 358 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/all.nix
View File

@@ -1,4 +1,4 @@
{ lib, inputs, self, secretsDir, specialArgs, ... }: { lib, inputs, self, secretsDir, specialArgs, pkgsUnstable, ... }:
# config that i use on all my hosts # config that i use on all my hosts
@@ -8,7 +8,7 @@
]; ];
home-manager.extraSpecialArgs = specialArgs; home-manager.extraSpecialArgs = specialArgs // { inherit pkgsUnstable; };
programs.dconf.enable = true; programs.dconf.enable = true;

19
common/nixos.nix
View File

@@ -1,4 +1,4 @@
{ lib, self, ... }: { lib, self, pkgsUnstable, ... }:
# config that i use on all my hosts, that run native nixos # config that i use on all my hosts, that run native nixos
# excluding for example my phone phone # excluding for example my phone phone
@@ -6,6 +6,22 @@
{ {
##system.stateVersion = "23.05"; # Did you read the comment? ##system.stateVersion = "23.05"; # Did you read the comment?
##### Netbird Configuration
services.netbird.package = pkgsUnstable.netbird;
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@@ -27,4 +43,3 @@
${builtins.readFile "${self}/misc/my-hosts-t"} ${builtins.readFile "${self}/misc/my-hosts-t"}
''; '';
} }

6
flake.lock generated
View File

@@ -3775,11 +3775,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1758690382, "lastModified": 1772624091,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d", "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github" "type": "github"
}, },
"original": { "original": {

9
flake.nix
View File

@@ -180,6 +180,13 @@
}; };
}; };
pkgsUnstableArm = import nixpkgs-unstable {
system = "aarch64-linux";
config = {
allowUnfree = true;
};
};
specialArgs = { specialArgs = {
inherit inputs confDir workDir secretsDir persistentDir self tunepkgs unstable nur pkgsUnstable dataDir; inherit inputs confDir workDir secretsDir persistentDir self tunepkgs unstable nur pkgsUnstable dataDir;
system = "x86_64-linux"; system = "x86_64-linux";
@@ -616,7 +623,7 @@
# my raspberry to try out stuff with # my raspberry to try out stuff with
"lush" = nixpkgs.lib.nixosSystem rec { "lush" = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; }; specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; pkgsUnstable = pkgsUnstableArm; };
modules = [ modules = [
./hosts/lush.nix ./hosts/lush.nix
]; ];

5
hosts/fasu.nix
View File

@@ -10,7 +10,7 @@
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix ../users/me/headless.nix
../users/root/default.nix ../users/root/default.nix
../users/server/headles.nix ../users/server/headless.nix
]; ];
# allow acern to ssh into server # allow acern to ssh into server
@@ -26,9 +26,6 @@
} }
]; ];
services.tailscale.enable = true;
#fileSystems."/boot" = { #fileSystems."/boot" = {
# device = "/dev/disk/by-label/fusu-boot"; # device = "/dev/disk/by-label/fusu-boot";
# fsType = "fat32"; # fsType = "fat32";

8
hosts/fe.nix
View File

@@ -25,8 +25,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix"
]; ];
services.tailscale.enable = true;
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
qemuOvmf = true; qemuOvmf = true;
@@ -74,12 +72,6 @@
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
443 # couchdb for obsidian live sync https
44444 # resilio sync
9000 # resilio webui
];
services.samba.openFirewall = true; services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

26
hosts/fusu.nix
View File

@@ -51,9 +51,6 @@ in {
services.tailscale.enable = true;
services.resilio = { services.resilio = {
enable = true; enable = true;
enableWebUI = true; enableWebUI = true;
@@ -61,19 +58,17 @@ in {
checkForUpdates = false; checkForUpdates = false;
listeningPort = 44444; listeningPort = 44444;
}; };
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPorts = [ networking.firewall.interfaces."br0".allowedTCPPorts = [
44444 # resilio sync 44444 # resilio sync
9000 # resilio webui 9000 # resilio webui
9001 # fwin vnc 9001 # fwin vnc
9002 # fwin rdp 9002 # fwin rdp
9003 # fwin ssh 9003 # fwin ssh
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPortRanges = [
{from = 8000; to = 10000;}
]; ];
@@ -86,6 +81,10 @@ in {
device = "storage"; device = "storage";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/data" = {
device = "storage";
fsType = "zfs";
};
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub = { boot.loader.grub = {
@@ -124,6 +123,7 @@ in {
services.samba.openFirewall = true; services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22
8888 # for general usage 8888 # for general usage
9999 # for general usage 9999 # for general usage
8080 # for mitm proxy 8080 # for mitm proxy
@@ -163,6 +163,7 @@ in {
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
tcpdump
sshfs sshfs
ntfs3g ntfs3g
virtiofsd virtiofsd
@@ -223,8 +224,9 @@ in {
text = '' text = ''
ip=$(curl -4 my.ip.fi) ip=$(curl -4 my.ip.fi)
curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}" #curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}"
curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip" curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-mati"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-mati-token"}"
# curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip"
# https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-to-dynamically-update-the-hosts-ip-with-an-https-request/ # https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-to-dynamically-update-the-hosts-ip-with-an-https-request/
''; '';

61
hosts/lush.nix
View File

@@ -9,6 +9,7 @@
inputs.networkmanager.nixosModules.networkmanager inputs.networkmanager.nixosModules.networkmanager
../common/all.nix ../common/all.nix
../common/nixos.nix
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix ../users/me/headless.nix
@@ -31,6 +32,7 @@
powerOnBoot = true; powerOnBoot = true;
}; };
}; };
swapDevices = [ { device = "/swapfile"; } ];
# get usbip working # get usbip working
boot.extraModulePackages = [ boot.extraModulePackages = [
@@ -68,8 +70,6 @@
services.blueman.enable = true; services.blueman.enable = true;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
linuxPackages.usbip linuxPackages.usbip
vim vim
@@ -108,6 +108,63 @@
''; '';
}; };
########################### kiosk ############################
boot.plymouth.enable = true;
services.dbus.enable = true;
fonts.enableDefaultPackages = true;
xdg.icons.enable = true;
gtk.iconCache.enable = true;
services.udisks2.enable = false;
hardware.opengl.enable = true;
systemd.services."cage@" = {
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
wantedBy = [ "graphical.target" ];
conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service"
restartIfChanged = false;
serviceConfig = {
ExecStart = "${pkgs.cage}/bin/cage -d -- /home/me/here/mize/target/debug/ppc c2vi-dash";
User = "root";
# ConditionPathExists = "/dev/tty0";
IgnoreSIGPIPE = "no";
# Log this user with utmp, letting it show up with commands 'w' and
# 'who'. This is needed since we replace (a)getty.
UtmpIdentifier = "%I";
UtmpMode = "user";
# A virtual terminal is needed.
TTYPath = "/dev/%I";
TTYReset = "yes";
TTYVHangup = "yes";
TTYVTDisallocate = "yes";
# Fail to start if not controlling the virtual terminal.
StandardInput = "tty-fail";
#StandardOutput = "syslog";
#StandardError = "syslog";
# Set up a full (custom) user session for the user, required by Cage.
PAMName = "cage";
};
};
security.pam.services.cage.text = ''
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
session required ${pkgs.systemd}/lib/security/pam_systemd.so
'';
systemd.targets.graphical.wants = [ "cage@tty1.service" ];
systemd.defaultUnit = "graphical.target";
####################################### networking ########################## ####################################### networking ##########################

22
hosts/mac.nix
View File

@@ -22,7 +22,6 @@ in {
../users/root/default.nix ../users/root/default.nix
../common/nixos-wayland.nix ../common/nixos-wayland.nix
]; ];
services.tailscale.enable = true;
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
#services.pid-fan-controller.enable = true; #services.pid-fan-controller.enable = true;
@@ -62,19 +61,6 @@ in {
4410 # lan-mouse 4410 # lan-mouse
]; ];
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
swapDevices = [ { device = "/swapfile"; } ]; swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ]; boot.kernelModules = [ "usbip_core" ];
@@ -95,6 +81,9 @@ in {
firewall_backend = "nftables" firewall_backend = "nftables"
''; '';
}; };
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub = { boot.loader.grub = {
@@ -189,7 +178,7 @@ in {
position = "left"; position = "left";
hostname = "main"; hostname = "main";
activate_on_startup = true; activate_on_startup = true;
ips = [ "192.168.4.2" "100.71.47.106" ]; ips = [ "192.168.4.2" "100.88.218.34" ];
port = 4410; port = 4410;
} }
]; ];
@@ -451,7 +440,8 @@ in {
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3"; uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi"; type = "wifi";
interface-name = "wlp3s0"; interface-name = "wlp3s0";
autoconnect-priority = "100"; #autoconnect-priority = "100";
autoconnect = false;
}; };
wifi = { wifi = {
mode = "ap"; mode = "ap";

105
hosts/main.nix
View File

@@ -44,6 +44,15 @@
obs-teleport obs-teleport
]; ];
}; };
documentation.enable = true;
documentation.man.enable = true;
fileSystems."/home/me/nico" = {
device = "100.88.28.123:/data/incus/default-pool/containers/nico/rootfs/root/work/";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
# virtual display # virtual display
/* /*
@@ -85,18 +94,6 @@
}; };
*/ */
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
@@ -189,7 +186,7 @@
position = "right"; position = "right";
hostname = "mac"; hostname = "mac";
activate_on_startup = true; activate_on_startup = true;
ips = [ "192.168.4.3" "100.100.55.117" ]; ips = [ "192.168.4.3" "100.88.112.181" ];
port = 4410; port = 4410;
} }
]; ];
@@ -202,23 +199,6 @@
virtualisation.vmVariant.services.timesyncd.enable = lib.mkForce false; virtualisation.vmVariant.services.timesyncd.enable = lib.mkForce false;
services.tailscale.enable = true;
services.resilio = {
enable = false;
enableWebUI = true;
httpListenAddr = "100.71.47.106";
checkForUpdates = false;
listeningPort = 44444;
};
users.users.me.homeMode = "770"; # important for resilio
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
];
virtualisation.waydroid.enable = true; virtualisation.waydroid.enable = true;
@@ -563,7 +543,6 @@
8080 # for mitm proxy 8080 # for mitm proxy
51820 # wireguard 51820 # wireguard
6000 # Xserver 6000 # Xserver
10000 # tailscale tcp funnel
4405 # clipboard sync with imac 4405 # clipboard sync with imac
]; ];
@@ -574,7 +553,6 @@
53 # allow dns 53 # allow dns
48899 # GoodWe inverter discovery 48899 # GoodWe inverter discovery
4410 # lan-mouse 4410 # lan-mouse
41641 # tailscale
]; ];
#networking.search = [ "c2vi.local" ]; #networking.search = [ "c2vi.local" ];
@@ -590,11 +568,11 @@
uuid = "a02273d9-ad12-395e-8372-f61129635b6f"; uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet"; type = "ethernet";
autoconnect-priority = "-999"; autoconnect-priority = "-999";
interface-name = "enp0s13f0u1u4u3"; interface-name = "enp0s20f0u4u4u3";
}; };
ipv4 = { ipv4 = {
address2 = "192.168.4.2/24"; address2 = "192.168.4.2/24";
dns = "1.1.1.1;"; dns = "100.88.218.34;";
method = "manual"; method = "manual";
}; };
}; };
@@ -666,7 +644,7 @@
ipv4 = { ipv4 = {
#address1 = "192.168.20.11/24"; #address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;"; dns = "100.88.218.34;";
method = "auto"; method = "auto";
}; };
}; };
@@ -693,7 +671,7 @@
ipv4 = { ipv4 = {
#address1 = "192.168.20.11/24"; #address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;"; dns = "100.88.218.34;";
method = "auto"; method = "auto";
}; };
}; };
@@ -918,6 +896,61 @@
''; '';
# */ # */
############################## suspend and hibernate http server ###################################
networking.firewall.interfaces.nb-ppc.allowedTCPPorts = [ 46733 ];
systemd.services.power-http-control =
let
powerHttpServer = pkgs.writeTextFile {
name = "power-http-server";
destination = "/bin/power-http-server.py";
executable = true;
text = ''
#!${pkgs.python3}/bin/python3
from http.server import BaseHTTPRequestHandler, HTTPServer
import subprocess
HOST = "0.0.0.0"
PORT = 46733
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path == "/suspend":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Suspending")
subprocess.Popen(["systemctl", "suspend"])
elif self.path == "/shutdown":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Shutting down")
subprocess.Popen(["systemctl", "hibernate"])
else:
self.send_response(404)
self.end_headers()
self.wfile.write(b"Not found")
def log_message(self, format, *args):
pass
HTTPServer((HOST, PORT), Handler).serve_forever()
'';
};
in
{
description = "Simple HTTP server for suspend/shutdown";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${powerHttpServer}/bin/power-http-server.py";
Restart = "always";
RestartSec = 5;
Type = "simple";
};
};
############################## swap and hibernate ################################### ############################## swap and hibernate ###################################

8
hosts/te.nix
View File

@@ -18,7 +18,6 @@ in {
../common/nixos-wayland.nix ../common/nixos-wayland.nix
]; ];
services.tailscale.enable = true;
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
networking.hostName = "te"; networking.hostName = "te";
@@ -308,7 +307,10 @@ in {
############### disk config ############### disk config
# the flash drive in use for te # the flash drive in use for te
#disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0"; #disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0";
disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1"; #disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
# the 500G ssd previously in fusu
disko.devices.disk.root.device = "/dev/disk/by-id/ata-WDC_PC_SN520_SDAPNUW-256G-1006_190399802515";
disko.devices = { disko.devices = {
disk = { disk = {
root = { root = {
@@ -334,7 +336,7 @@ in {
}; };
root = { root = {
size = "240G"; size = "100G";
content = { content = {
# LUKS passphrase will be prompted interactively only # LUKS passphrase will be prompted interactively only
type = "luks"; type = "luks";

20
misc/my-hosts-t
View File

@@ -1,14 +1,10 @@
100.71.47.106 main
100.77.80.77 phone
100.70.54.18 fusu
100.70.54.18 files
100.81.207.107 lush
100.76.146.119 tab
100.70.39.65 waydroid
100.107.67.76 te 100.107.67.76 te
100.100.55.117 mac
100.96.201.42 ki
100.107.101.77 fe
100.107.101.77 fesu
100.93.225.52 fasu 100.93.225.52 fasu
100.91.200.82 fwin 100.88.42.194 fwin
100.88.28.123 fe
100.88.79.207 fusu
100.88.79.207 files
100.88.164.39 lush
100.88.112.181 mac
100.88.116.225 nico
100.88.245.227 phone

16
mods/fesu-hosting-base.nix
View File

@@ -34,6 +34,7 @@
]; ];
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ 9000 ];
# require public key authentication for better security # require public key authentication for better security
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
@@ -46,6 +47,21 @@
''; '';
}; };
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
/* /*
system.activationScripts.addDefaultRoute = { system.activationScripts.addDefaultRoute = {
text = '' text = ''

113
mods/fesu-services.nix
View File

@@ -1,8 +1,9 @@
{ pkgs, dataDir, config, inputs, system, lib, secretsDir, ... }: { pkgs, dataDir, config, inputs, system, lib, secretsDir, pkgsUnstable, ... }:
/* /*
## ports ## ports
## forwarded ports
- 49001 ssh me-hosting - 49001 ssh me-hosting
- 49002 ssh ppc-hosting - 49002 ssh ppc-hosting
- 49003 ssh pcmc - 49003 ssh pcmc
@@ -22,22 +23,27 @@
- 49112 mc second voice - 49112 mc second voice
- 49113 mc second bedrock - 49113 mc second bedrock
- 49114 mc lobby bedrock - 49114 mc lobby bedrock
- 49115 mc nilla
- 49116 mc nilla voice
- me hosting ports ## non forwarded ports
- 5000 compass-site
- 5001 ppc-site
## me hosting ports
- 8000 wiki site - 8000 wiki site
- 8001 lage0 site - 8001 lage0 site
- 8002 plausible site - 8002 plausible site
- 8003 ppc-site
- 8004 instant db - 8004 instant db
- 8005 instant webui - 8005 instant webui
- ppc hosting ports ## ppc hosting ports
- 8000 dav - 8000 dav
- 8001 affine - 8001 affine
- 8002 git - 8002 git
- 8003 git ssh - 8003 git ssh
## hosting container ips (on the interface br-proxy ## hosting container ips (on the interface br-proxy)
- fusu 192.168.1.2 - fusu 192.168.1.2
- me-hosting 192.168.1.20 - me-hosting 192.168.1.20
- ppc-hosting 192.168.1.21 - ppc-hosting 192.168.1.21
@@ -71,7 +77,7 @@
services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices); services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices);
in { inherit routers services; }; in { inherit routers services; };
basicTraefikSetting = { name, domain, host, port }: let basicTraefikSetting = { name, domain, host, port, extraRouterConfig ? {}, extraServiceConfig ? {}, middlewares ? [] }: let
host_ip = host_ip =
if host == "me-hosting" then "192.168.1.20" if host == "me-hosting" then "192.168.1.20"
else if host == "pcmc" then "192.168.1.23" else if host == "pcmc" then "192.168.1.23"
@@ -80,12 +86,8 @@
else host; else host;
in { in {
impotrs = [
"${inputs.hetzner_ddns}/release/nixos_module.nix"
];
routers.${name} = { routers.${name} = {
inherit middlewares;
rule = "Host(`${domain}`)"; rule = "Host(`${domain}`)";
service = name; service = name;
tls = { tls = {
@@ -93,13 +95,14 @@
domains = [ domains = [
{ main = domain; } { main = domain; }
]; ];
}; } // extraRouterConfig;
}; };
services.${name}.loadBalancer.servers = [ services.${name} = {
{ url = "http://${host_ip}:${builtins.toString port}"; } loadBalancer.servers = [
]; { url = "http://${host_ip}:${builtins.toString port}"; }
];
} // extraServiceConfig;
}; };
@@ -230,6 +233,7 @@ in {
imports = [ imports = [
./fesu-hosting-base.nix ./fesu-hosting-base.nix
]; ];
services.netbird.package = pkgsUnstable.netbird;
}; };
}; };
@@ -276,11 +280,23 @@ in {
imports = [ imports = [
./fesu-hosting-base.nix ./fesu-hosting-base.nix
]; ];
services.netbird.package = pkgsUnstable.netbird;
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien
]; ];
}; };
systemd.services.ppc = {
environment = {
MIZE_CONFIG_FILES = "/root/host/ppc-website-config.toml";
};
description = "PPC Website";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "/root/host/ppc-src/target/release/ppc server";
Restart = "always";
};
};
}; };
}; };
@@ -342,11 +358,26 @@ in {
imports = [ imports = [
./fesu-hosting-base.nix ./fesu-hosting-base.nix
]; ];
services.netbird.package = pkgsUnstable.netbird;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM82mBUZqo7nfU8XJQDoEcOa+DfQyJE7T7ddFjQVhg93 me@main"
];
}; };
}; };
############################ nico nfs share #########################
services.nfs.server = {
enable = true;
exports = ''
/data/incus/default-pool/containers/nico/rootfs/root/work/ 100.88.0.0/16(rw,sync,no_subtree_check)
'';
};
# Open necessary firewall ports
networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
networking.firewall.allowedUDPPorts = [ 111 2049 20048 ];
@@ -368,15 +399,44 @@ in {
after = [ "network.target" ]; after = [ "network.target" ];
}; };
############################ ppc app #########################
systemd.services.ppc = {
enable = true;
description = "PPC website";
unitConfig = {
Type = "simple";
};
environment = {
MIZE_CONFIG_FILES = "/home/server/here/ppc.toml";
};
serviceConfig = {
User = "server";
Group = "server";
Restart = "always";
RestartSec = "500s";
ExecStart = "/home/server/here/ppc server";
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
############################ traefik ######################### ############################ traefik #########################
# without this traefik will try to put downloaded plugins into "/plugins-storate/ which fails with permission denied"
systemd.services.traefik.serviceConfig.WorkingDirectory = config.services.traefik.dataDir;
services.traefik = { services.traefik = {
enable = true; enable = true;
#dataDir = "${dataDir}/traefik"; #dataDir = "${dataDir}/traefik";
staticConfigOptions = { staticConfigOptions = {
experimental.plugins = {
traefikoidc = {
moduleName = "github.com/lukaszraczylo/traefikoidc";
version = "v0.7.10";
};
};
entryPoints = { entryPoints = {
web = { web = {
@@ -418,14 +478,19 @@ in {
{ name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; } { name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; }
{ name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; } { name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; }
{ name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; } { name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; }
{ name = "ppc-site"; domain = "ppc.social"; host = "me-hosting"; port = 8003; } { name = "ppc-site"; domain = "ppc.social"; host = "fesu"; port = 5001; }
{ name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 3000; } { name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 5000; }
{ name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; } { name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; }
{ name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; } { name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; }
{ name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; } { name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; }
{ name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; } { name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; }
{ name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; } { name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; }
{ name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; } { name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; }
{ name = "nico"; domain = "nico.ppc.social"; host = "192.168.1.14"; port = 18789; middlewares = [ "oidc-nico" ]; }
#{ name = "spacetime"; domain = "spacetime.ppc.social"; host = "ppc-hosting"; port = 8005; extraRouterConfig = {
# rule = "Host(`spacetime.ppc.social`) && PathPrefix(`/v1/database`)";
# };
#}
] ]
# extraRouters (full configs) # extraRouters (full configs)
@@ -434,7 +499,17 @@ in {
# extraServices (full configs) # extraServices (full configs)
[ [
]); ])
// {
middlewares.oidc-nico.plugin.traefikoidc = {
providerURL = "https://auth.ppc.social";
callbackURL = "/oauth2/callback";
clientSecret = builtins.readFile "${secretsDir}/nico-oidc-secret";
clientID = "361779269791186947";
sessionEncryptionKey = builtins.readFile "${secretsDir}/nico-session-encryption-key";
logLevel = "debug";
};
};
}; };
}; };

37
mods/fusu-services.nix
View File

@@ -1,4 +1,14 @@
{ pkgs, dataDir, config, inputs, system, ... }: let { pkgs, dataDir, config, inputs, system, secretsDir, ... }: let
#################################### ports ##############################
# 49388 ssh
# 8001 backup-c2vi
# 8002 backup-mom
# 8003 backup-dad
# 8004 backup-brother
# 9001 fwin vnc
# 9002 fwin rdp
# 9003 fwin ssh
/** /**
thanks: @melektron thanks: @melektron
@@ -17,9 +27,25 @@
'' ''
); );
backupContainers = configs: builtins.listToAttrs (map (config: {
name = config.name;
# virtualisation.arion.projects.backup.services.settings =
value.service = {
image = "restic/rest-server";
volumes = [ "/data/backups/${config.name}:/data" ];
ports = [ "${builtins.toString config.port}:8000" ];
environment.OPTIONS = "--debug";
};
}) configs);
in { in {
imports = [
inputs.arion.nixosModules.arion
];
environment.systemPackages = [ environment.systemPackages = [
(createArionServiceManager "backup" "")
pkgs.arion pkgs.arion
# Do install the docker CLI to talk to podman. # Do install the docker CLI to talk to podman.
@@ -40,9 +66,14 @@ in {
virtualisation.arion = { virtualisation.arion = {
backend = "podman-socket"; backend = "podman-socket";
}; };
virtualisation.arion.projects.backup.serviceName = "backup";
virtualisation.arion.projects.backup.settings.services = backupContainers [
{ name = "c2vi"; port = 8001; }
{ name = "mom"; port = 8002; }
{ name = "dad"; port = 8003; }
{ name = "brother"; port = 8004; }
];
} }

5
mybin/nixre
View File

@@ -44,6 +44,8 @@ build_remote () {
rsync -r -v $HOME/work/config/* $host:my-nixos-config --exclude=.git --exclude=gitignore rsync -r -v $HOME/work/config/* $host:my-nixos-config --exclude=.git --exclude=gitignore
return 0;
out_path=$(ssh $host nix build "\$HOME/my-nixos-config#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths -v -L "${args_to_pass[@]}") out_path=$(ssh $host nix build "\$HOME/my-nixos-config#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths -v -L "${args_to_pass[@]}")
if [[ "$out_path" == "" ]] if [[ "$out_path" == "" ]]
@@ -129,6 +131,3 @@ else
echo "rebuild from local (~/work/config/)" echo "rebuild from local (~/work/config/)"
build_from_local && do_switch build_from_local && do_switch
fi fi

2
programs/bash.nix
View File

@@ -43,7 +43,7 @@
#zed="WAYLAND_DISPLAY= zeditor"; #zed="WAYLAND_DISPLAY= zeditor";
npm="pnpm"; npm="pnpm";
md="~/work/modules/modules/dev/run"; md="~/work/mize/md";
mize="~/work/mize/mize"; mize="~/work/mize/mize";
m="~/work/mize/mize"; m="~/work/mize/mize";

20
programs/ssh.nix
View File

@@ -23,6 +23,11 @@
"github.com" = { "github.com" = {
hostname = "github.com"; hostname = "github.com";
}; };
hetzner2 = {
user = "c2vi";
port = 2222;
hostname = "hetzner2.ecbb.cc";
};
sepp = { sepp = {
user = "seb"; user = "seb";
}; };
@@ -35,6 +40,9 @@
port = 49388; port = 49388;
user = "files"; user = "files";
}; };
nico = {
user = "root";
};
rpis = { rpis = {
hostname = "rpi"; hostname = "rpi";
port = 49388; port = 49388;
@@ -48,18 +56,18 @@
feh = { feh = {
user = "root"; user = "root";
hostname = "100.107.101.77"; hostname = "100.88.93.24";
port = 49001; port = 9000;
}; };
ppc-hosting = { ppc-hosting = {
user = "root"; user = "root";
hostname = "100.107.101.77"; hostname = "100.88.46.87";
port = 49002; port = 9000;
}; };
pcmc = { pcmc = {
user = "root"; user = "root";
hostname = "100.107.101.77"; hostname = "100.88.33.187";
port = 49003; port = 9000;
}; };

3
users/me/gui-home.nix
View File

@@ -26,6 +26,9 @@
package = inputs.zed.packages.x86_64-linux.default; package = inputs.zed.packages.x86_64-linux.default;
}; };
programs.direnv.enable = true;
programs.walker = { programs.walker = {
enable = false; enable = false;
runAsService = true; runAsService = true;