c2vi/dotfiles
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

screen capture no longer working

Browse Source
This commit is contained in:
Sebastian Moser
2026-04-14 19:10:25 +02:00
parent 8e5316761c
commit 4a62c235f1
19 changed files with 358 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
common/all.nix
View File

@@ -1,4 +1,4 @@
{ lib, inputs, self, secretsDir, specialArgs, ... }:
{ lib, inputs, self, secretsDir, specialArgs, pkgsUnstable, ... }:
# config that i use on all my hosts
@@ -8,7 +8,7 @@
];
home-manager.extraSpecialArgs = specialArgs;
home-manager.extraSpecialArgs = specialArgs // { inherit pkgsUnstable; };
programs.dconf.enable = true;

19
common/nixos.nix
View File

@@ -1,4 +1,4 @@
{ lib, self, ... }:
{ lib, self, pkgsUnstable, ... }:
# config that i use on all my hosts, that run native nixos
# excluding for example my phone phone
@@ -6,6 +6,22 @@
{
##system.stateVersion = "23.05"; # Did you read the comment?
##### Netbird Configuration
services.netbird.package = pkgsUnstable.netbird;
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
@@ -27,4 +43,3 @@
${builtins.readFile "${self}/misc/my-hosts-t"}
'';
}

6
flake.lock generated
View File

@@ -3775,11 +3775,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"lastModified": 1772624091,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353",
"type": "github"
},
"original": {

9
flake.nix
View File

@@ -180,6 +180,13 @@
};
};
pkgsUnstableArm = import nixpkgs-unstable {
system = "aarch64-linux";
config = {
allowUnfree = true;
};
};
specialArgs = {
inherit inputs confDir workDir secretsDir persistentDir self tunepkgs unstable nur pkgsUnstable dataDir;
system = "x86_64-linux";
@@ -616,7 +623,7 @@
# my raspberry to try out stuff with
"lush" = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux";
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; };
specialArgs = { inherit inputs confDir workDir secretsDir persistentDir self system; pkgsUnstable = pkgsUnstableArm; };
modules = [
./hosts/lush.nix
];

5
hosts/fasu.nix
View File

@@ -10,7 +10,7 @@
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
../users/root/default.nix
../users/server/headles.nix
../users/server/headless.nix
];
# allow acern to ssh into server
@@ -26,9 +26,6 @@
}
];
services.tailscale.enable = true;
#fileSystems."/boot" = {
# device = "/dev/disk/by-label/fusu-boot";
# fsType = "fat32";

8
hosts/fe.nix
View File

@@ -25,8 +25,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNXOPxlnSxkhm050ui56D5SHrkhuFwUOU0Gf0C+Vmks melektron@goarnix"
];
services.tailscale.enable = true;
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
@@ -74,12 +72,6 @@
networking.firewall.allowPing = true;
networking.firewall.enable = true;
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
443 # couchdb for obsidian live sync https
44444 # resilio sync
9000 # resilio webui
];
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [

26
hosts/fusu.nix
View File

@@ -51,9 +51,6 @@ in {
services.tailscale.enable = true;
services.resilio = {
enable = true;
enableWebUI = true;
@@ -61,19 +58,17 @@ in {
checkForUpdates = false;
listeningPort = 44444;
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
9001 # fwin vnc
9002 # fwin rdp
9003 # fwin ssh
9003 # fwin ssh
];
networking.firewall.interfaces."br0".allowedTCPPortRanges = [
{from = 8000; to = 10000;}
];
@@ -86,6 +81,10 @@ in {
device = "storage";
fsType = "zfs";
};
fileSystems."/data" = {
device = "storage";
fsType = "zfs";
};
# Use the GRUB 2 boot loader.
boot.loader.grub = {
@@ -124,6 +123,7 @@ in {
services.samba.openFirewall = true;
networking.firewall.allowedTCPPorts = [
22
8888 # for general usage
9999 # for general usage
8080 # for mitm proxy
@@ -163,6 +163,7 @@ in {
];
environment.systemPackages = with pkgs; [
tcpdump
sshfs
ntfs3g
virtiofsd
@@ -223,8 +224,9 @@ in {
text = ''
ip=$(curl -4 my.ip.fi)
curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}"
curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip"
#curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-two"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-two-token"}"
curl "http://dynv6.com/api/update?hostname=${builtins.readFile "${secretsDir}/dns-name-mati"}&ipv4=$ip&token=${builtins.readFile "${secretsDir}/dns-name-mati-token"}"
# curl "https://dynamicdns.park-your-domain.com/update?host=home&domain=${builtins.readFile "${secretsDir}/dns-name"}&password=${builtins.readFile "${secretsDir}/dns-name-token"}&ip=$ip"
# https://www.namecheap.com/support/knowledgebase/article.aspx/29/11/how-to-dynamically-update-the-hosts-ip-with-an-https-request/
'';

61
hosts/lush.nix
View File

@@ -9,6 +9,7 @@
inputs.networkmanager.nixosModules.networkmanager
../common/all.nix
../common/nixos.nix
inputs.home-manager.nixosModules.home-manager
../users/me/headless.nix
@@ -31,6 +32,7 @@
powerOnBoot = true;
};
};
swapDevices = [ { device = "/swapfile"; } ];
# get usbip working
boot.extraModulePackages = [
@@ -68,8 +70,6 @@
services.blueman.enable = true;
hardware.enableRedistributableFirmware = true;
services.tailscale.enable = true;
environment.systemPackages = with pkgs; [
linuxPackages.usbip
vim
@@ -108,6 +108,63 @@
'';
};
########################### kiosk ############################
boot.plymouth.enable = true;
services.dbus.enable = true;
fonts.enableDefaultPackages = true;
xdg.icons.enable = true;
gtk.iconCache.enable = true;
services.udisks2.enable = false;
hardware.opengl.enable = true;
systemd.services."cage@" = {
enable = false;
after = [ "systemd-user-sessions.service" "dbus.socket" "systemd-logind.service" "getty@%i.service" "plymouth-deactivate.service" "plymouth-quit.service" ];
before = [ "graphical.target" ];
wants = [ "dbus.socket" "systemd-logind.service" "plymouth-deactivate.service" ];
wantedBy = [ "graphical.target" ];
conflicts = [ "getty@%i.service" ]; # "plymouth-quit.service" "plymouth-quit-wait.service"
restartIfChanged = false;
serviceConfig = {
ExecStart = "${pkgs.cage}/bin/cage -d -- /home/me/here/mize/target/debug/ppc c2vi-dash";
User = "root";
# ConditionPathExists = "/dev/tty0";
IgnoreSIGPIPE = "no";
# Log this user with utmp, letting it show up with commands 'w' and
# 'who'. This is needed since we replace (a)getty.
UtmpIdentifier = "%I";
UtmpMode = "user";
# A virtual terminal is needed.
TTYPath = "/dev/%I";
TTYReset = "yes";
TTYVHangup = "yes";
TTYVTDisallocate = "yes";
# Fail to start if not controlling the virtual terminal.
StandardInput = "tty-fail";
#StandardOutput = "syslog";
#StandardError = "syslog";
# Set up a full (custom) user session for the user, required by Cage.
PAMName = "cage";
};
};
security.pam.services.cage.text = ''
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
session required ${pkgs.systemd}/lib/security/pam_systemd.so
'';
systemd.targets.graphical.wants = [ "cage@tty1.service" ];
systemd.defaultUnit = "graphical.target";
####################################### networking ##########################

22
hosts/mac.nix
View File

@@ -22,7 +22,6 @@ in {
../users/root/default.nix
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
#services.pid-fan-controller.enable = true;
@@ -62,19 +61,6 @@ in {
4410 # lan-mouse
];
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
swapDevices = [ { device = "/swapfile"; } ];
boot.kernelModules = [ "usbip_core" ];
@@ -95,6 +81,9 @@ in {
firewall_backend = "nftables"
'';
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
# Use the GRUB 2 boot loader.
boot.loader.grub = {
@@ -189,7 +178,7 @@ in {
position = "left";
hostname = "main";
activate_on_startup = true;
ips = [ "192.168.4.2" "100.71.47.106" ];
ips = [ "192.168.4.2" "100.88.218.34" ];
port = 4410;
}
];
@@ -451,7 +440,8 @@ in {
uuid = "ab51de8a-9742-465a-928b-be54a83ab6a3";
type = "wifi";
interface-name = "wlp3s0";
autoconnect-priority = "100";
#autoconnect-priority = "100";
autoconnect = false;
};
wifi = {
mode = "ap";

105
hosts/main.nix
View File

@@ -44,6 +44,15 @@
obs-teleport
];
};
documentation.enable = true;
documentation.man.enable = true;
fileSystems."/home/me/nico" = {
device = "100.88.28.123:/data/incus/default-pool/containers/nico/rootfs/root/work/";
fsType = "nfs";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
};
# virtual display
/*
@@ -85,18 +94,6 @@
};
*/
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
programs.fuse.userAllowOther = true;
@@ -189,7 +186,7 @@
position = "right";
hostname = "mac";
activate_on_startup = true;
ips = [ "192.168.4.3" "100.100.55.117" ];
ips = [ "192.168.4.3" "100.88.112.181" ];
port = 4410;
}
];
@@ -202,23 +199,6 @@
virtualisation.vmVariant.services.timesyncd.enable = lib.mkForce false;
services.tailscale.enable = true;
services.resilio = {
enable = false;
enableWebUI = true;
httpListenAddr = "100.71.47.106";
checkForUpdates = false;
listeningPort = 44444;
};
users.users.me.homeMode = "770"; # important for resilio
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
44444 # resilio sync
9000 # resilio webui
];
virtualisation.waydroid.enable = true;
@@ -563,7 +543,6 @@
8080 # for mitm proxy
51820 # wireguard
6000 # Xserver
10000 # tailscale tcp funnel
4405 # clipboard sync with imac
];
@@ -574,7 +553,6 @@
53 # allow dns
48899 # GoodWe inverter discovery
4410 # lan-mouse
41641 # tailscale
];
#networking.search = [ "c2vi.local" ];
@@ -590,11 +568,11 @@
uuid = "a02273d9-ad12-395e-8372-f61129635b6f";
type = "ethernet";
autoconnect-priority = "-999";
interface-name = "enp0s13f0u1u4u3";
interface-name = "enp0s20f0u4u4u3";
};
ipv4 = {
address2 = "192.168.4.2/24";
dns = "1.1.1.1;";
dns = "100.88.218.34;";
method = "manual";
};
};
@@ -666,7 +644,7 @@
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
dns = "100.88.218.34;";
method = "auto";
};
};
@@ -693,7 +671,7 @@
ipv4 = {
#address1 = "192.168.20.11/24";
dns = "1.1.1.1;8.8.8.8;";
dns = "100.88.218.34;";
method = "auto";
};
};
@@ -918,6 +896,61 @@
'';
# */
############################## suspend and hibernate http server ###################################
networking.firewall.interfaces.nb-ppc.allowedTCPPorts = [ 46733 ];
systemd.services.power-http-control =
let
powerHttpServer = pkgs.writeTextFile {
name = "power-http-server";
destination = "/bin/power-http-server.py";
executable = true;
text = ''
#!${pkgs.python3}/bin/python3
from http.server import BaseHTTPRequestHandler, HTTPServer
import subprocess
HOST = "0.0.0.0"
PORT = 46733
class Handler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path == "/suspend":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Suspending")
subprocess.Popen(["systemctl", "suspend"])
elif self.path == "/shutdown":
self.send_response(200)
self.end_headers()
self.wfile.write(b"Shutting down")
subprocess.Popen(["systemctl", "hibernate"])
else:
self.send_response(404)
self.end_headers()
self.wfile.write(b"Not found")
def log_message(self, format, *args):
pass
HTTPServer((HOST, PORT), Handler).serve_forever()
'';
};
in
{
description = "Simple HTTP server for suspend/shutdown";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${powerHttpServer}/bin/power-http-server.py";
Restart = "always";
RestartSec = 5;
Type = "simple";
};
};
############################## swap and hibernate ###################################

8
hosts/te.nix
View File

@@ -18,7 +18,6 @@ in {
../common/nixos-wayland.nix
];
services.tailscale.enable = true;
programs.nix-ld.enable = true;
networking.hostName = "te";
@@ -308,7 +307,10 @@ in {
############### disk config
# the flash drive in use for te
#disko.devices.disk.root.device = "/dev/disk/by-id/usb-Generic_Flash_Disk_FF830E8F-0:0";
disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
#disko.devices.disk.root.device = "/dev/disk/by-id/ata-KBG40ZNV512G_KIOXIA_70GPGA85QBV1";
# the 500G ssd previously in fusu
disko.devices.disk.root.device = "/dev/disk/by-id/ata-WDC_PC_SN520_SDAPNUW-256G-1006_190399802515";
disko.devices = {
disk = {
root = {
@@ -334,7 +336,7 @@ in {
};
root = {
size = "240G";
size = "100G";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";

20
misc/my-hosts-t
View File

@@ -1,14 +1,10 @@
100.71.47.106 main
100.77.80.77 phone
100.70.54.18 fusu
100.70.54.18 files
100.81.207.107 lush
100.76.146.119 tab
100.70.39.65 waydroid
100.107.67.76 te
100.100.55.117 mac
100.96.201.42 ki
100.107.101.77 fe
100.107.101.77 fesu
100.93.225.52 fasu
100.91.200.82 fwin
100.88.42.194 fwin
100.88.28.123 fe
100.88.79.207 fusu
100.88.79.207 files
100.88.164.39 lush
100.88.112.181 mac
100.88.116.225 nico
100.88.245.227 phone

16
mods/fesu-hosting-base.nix
View File

@@ -34,6 +34,7 @@
];
services.openssh = {
enable = true;
ports = [ 9000 ];
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
@@ -46,6 +47,21 @@
'';
};
##### Netbird Configuration
services.netbird.clients.ppc = {
#login = {
#enable = true;
#setupKeyFile = "${secretsDir}/netbird-setup-key";
#};
port = 51821;
ui.enable = false;
openFirewall = true;
#openInternalFirewall = true;
};
networking.firewall.trustedInterfaces = [
"nb-ppc"
];
/*
system.activationScripts.addDefaultRoute = {
text = ''

109
mods/fesu-services.nix
View File

@@ -1,8 +1,9 @@
{ pkgs, dataDir, config, inputs, system, lib, secretsDir, ... }:
{ pkgs, dataDir, config, inputs, system, lib, secretsDir, pkgsUnstable, ... }:
/*
## ports
## forwarded ports
- 49001 ssh me-hosting
- 49002 ssh ppc-hosting
- 49003 ssh pcmc
@@ -22,22 +23,27 @@
- 49112 mc second voice
- 49113 mc second bedrock
- 49114 mc lobby bedrock
- 49115 mc nilla
- 49116 mc nilla voice
- me hosting ports
## non forwarded ports
- 5000 compass-site
- 5001 ppc-site
## me hosting ports
- 8000 wiki site
- 8001 lage0 site
- 8002 plausible site
- 8003 ppc-site
- 8004 instant db
- 8005 instant webui
- ppc hosting ports
## ppc hosting ports
- 8000 dav
- 8001 affine
- 8002 git
- 8003 git ssh
## hosting container ips (on the interface br-proxy
## hosting container ips (on the interface br-proxy)
- fusu 192.168.1.2
- me-hosting 192.168.1.20
- ppc-hosting 192.168.1.21
@@ -71,7 +77,7 @@
services = lib.attrsets.mergeAttrsList (serviceList ++ extraServices);
in { inherit routers services; };
basicTraefikSetting = { name, domain, host, port }: let
basicTraefikSetting = { name, domain, host, port, extraRouterConfig ? {}, extraServiceConfig ? {}, middlewares ? [] }: let
host_ip =
if host == "me-hosting" then "192.168.1.20"
else if host == "pcmc" then "192.168.1.23"
@@ -80,12 +86,8 @@
else host;
in {
impotrs = [
"${inputs.hetzner_ddns}/release/nixos_module.nix"
];
routers.${name} = {
inherit middlewares;
rule = "Host(`${domain}`)";
service = name;
tls = {
@@ -93,13 +95,14 @@
domains = [
{ main = domain; }
];
};
} // extraRouterConfig;
};
services.${name}.loadBalancer.servers = [
services.${name} = {
loadBalancer.servers = [
{ url = "http://${host_ip}:${builtins.toString port}"; }
];
} // extraServiceConfig;
};
@@ -230,6 +233,7 @@ in {
imports = [
./fesu-hosting-base.nix
];
services.netbird.package = pkgsUnstable.netbird;
};
};
@@ -276,11 +280,23 @@ in {
imports = [
./fesu-hosting-base.nix
];
services.netbird.package = pkgsUnstable.netbird;
users.users.root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuH2ilZeIQrr9wYtBtQyRD5oaVkuLImjm9EIGfn+wqw" # Mr3DAlien
];
};
systemd.services.ppc = {
environment = {
MIZE_CONFIG_FILES = "/root/host/ppc-website-config.toml";
};
description = "PPC Website";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "/root/host/ppc-src/target/release/ppc server";
Restart = "always";
};
};
};
};
@@ -342,11 +358,26 @@ in {
imports = [
./fesu-hosting-base.nix
];
services.netbird.package = pkgsUnstable.netbird;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM82mBUZqo7nfU8XJQDoEcOa+DfQyJE7T7ddFjQVhg93 me@main"
];
};
};
############################ nico nfs share #########################
services.nfs.server = {
enable = true;
exports = ''
/data/incus/default-pool/containers/nico/rootfs/root/work/ 100.88.0.0/16(rw,sync,no_subtree_check)
'';
};
# Open necessary firewall ports
networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
networking.firewall.allowedUDPPorts = [ 111 2049 20048 ];
@@ -368,15 +399,44 @@ in {
after = [ "network.target" ];
};
############################ ppc app #########################
systemd.services.ppc = {
enable = true;
description = "PPC website";
unitConfig = {
Type = "simple";
};
environment = {
MIZE_CONFIG_FILES = "/home/server/here/ppc.toml";
};
serviceConfig = {
User = "server";
Group = "server";
Restart = "always";
RestartSec = "500s";
ExecStart = "/home/server/here/ppc server";
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
############################ traefik #########################
# without this traefik will try to put downloaded plugins into "/plugins-storate/ which fails with permission denied"
systemd.services.traefik.serviceConfig.WorkingDirectory = config.services.traefik.dataDir;
services.traefik = {
enable = true;
#dataDir = "${dataDir}/traefik";
staticConfigOptions = {
experimental.plugins = {
traefikoidc = {
moduleName = "github.com/lukaszraczylo/traefikoidc";
version = "v0.7.10";
};
};
entryPoints = {
web = {
@@ -418,14 +478,19 @@ in {
{ name = "wiki-site"; domain = "wiki.ppc.social"; host = "me-hosting"; port = 8000; }
{ name = "lage0-site"; domain = "lage0.c2vi.dev"; host = "me-hosting"; port = 8001; }
{ name = "plausible"; domain = "plausible.c2vi.dev"; host = "me-hosting"; port = 8002; }
{ name = "ppc-site"; domain = "ppc.social"; host = "me-hosting"; port = 8003; }
{ name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 3000; }
{ name = "ppc-site"; domain = "ppc.social"; host = "fesu"; port = 5001; }
{ name = "compass-site"; domain = "compass.ppc.social"; host = "fesu"; port = 5000; }
{ name = "dav"; domain = "dav.ppc.social"; host = "ppc-hosting"; port = 8000; }
{ name = "instant"; domain = "instant.ppc.social"; host = "me-hosting"; port = 8004; }
{ name = "instant-backend"; domain = "instant-backend.ppc.social"; host = "me-hosting"; port = 8005; }
{ name = "isotoke-website"; domain = "isotoke.ppc.social"; host = "192.168.1.26"; port = 80; }
{ name = "affine"; domain = "affine.ppc.social"; host = "ppc-hosting"; port = 8001; }
{ name = "gitea"; domain = "git.ppc.social"; host = "ppc-hosting"; port = 8002; }
{ name = "nico"; domain = "nico.ppc.social"; host = "192.168.1.14"; port = 18789; middlewares = [ "oidc-nico" ]; }
#{ name = "spacetime"; domain = "spacetime.ppc.social"; host = "ppc-hosting"; port = 8005; extraRouterConfig = {
# rule = "Host(`spacetime.ppc.social`) && PathPrefix(`/v1/database`)";
# };
#}
]
# extraRouters (full configs)
@@ -434,7 +499,17 @@ in {
# extraServices (full configs)
[
]);
])
// {
middlewares.oidc-nico.plugin.traefikoidc = {
providerURL = "https://auth.ppc.social";
callbackURL = "/oauth2/callback";
clientSecret = builtins.readFile "${secretsDir}/nico-oidc-secret";
clientID = "361779269791186947";
sessionEncryptionKey = builtins.readFile "${secretsDir}/nico-session-encryption-key";
logLevel = "debug";
};
};
};
};

37
mods/fusu-services.nix
View File

@@ -1,4 +1,14 @@
{ pkgs, dataDir, config, inputs, system, ... }: let
{ pkgs, dataDir, config, inputs, system, secretsDir, ... }: let
#################################### ports ##############################
# 49388 ssh
# 8001 backup-c2vi
# 8002 backup-mom
# 8003 backup-dad
# 8004 backup-brother
# 9001 fwin vnc
# 9002 fwin rdp
# 9003 fwin ssh
/**
thanks: @melektron
@@ -17,9 +27,25 @@
''
);
backupContainers = configs: builtins.listToAttrs (map (config: {
name = config.name;
# virtualisation.arion.projects.backup.services.settings =
value.service = {
image = "restic/rest-server";
volumes = [ "/data/backups/${config.name}:/data" ];
ports = [ "${builtins.toString config.port}:8000" ];
environment.OPTIONS = "--debug";
};
}) configs);
in {
imports = [
inputs.arion.nixosModules.arion
];
environment.systemPackages = [
(createArionServiceManager "backup" "")
pkgs.arion
# Do install the docker CLI to talk to podman.
@@ -40,9 +66,14 @@ in {
virtualisation.arion = {
backend = "podman-socket";
};
virtualisation.arion.projects.backup.serviceName = "backup";
virtualisation.arion.projects.backup.settings.services = backupContainers [
{ name = "c2vi"; port = 8001; }
{ name = "mom"; port = 8002; }
{ name = "dad"; port = 8003; }
{ name = "brother"; port = 8004; }
];
}

5
mybin/nixre
View File

@@ -44,6 +44,8 @@ build_remote () {
rsync -r -v $HOME/work/config/* $host:my-nixos-config --exclude=.git --exclude=gitignore
return 0;
out_path=$(ssh $host nix build "\$HOME/my-nixos-config#nixosConfigurations.$host.config.system.build.toplevel" --impure --no-link --print-out-paths -v -L "${args_to_pass[@]}")
if [[ "$out_path" == "" ]]
@@ -129,6 +131,3 @@ else
echo "rebuild from local (~/work/config/)"
build_from_local && do_switch
fi

2
programs/bash.nix
View File

@@ -43,7 +43,7 @@
#zed="WAYLAND_DISPLAY= zeditor";
npm="pnpm";
md="~/work/modules/modules/dev/run";
md="~/work/mize/md";
mize="~/work/mize/mize";
m="~/work/mize/mize";

20
programs/ssh.nix
View File

@@ -23,6 +23,11 @@
"github.com" = {
hostname = "github.com";
};
hetzner2 = {
user = "c2vi";
port = 2222;
hostname = "hetzner2.ecbb.cc";
};
sepp = {
user = "seb";
};
@@ -35,6 +40,9 @@
port = 49388;
user = "files";
};
nico = {
user = "root";
};
rpis = {
hostname = "rpi";
port = 49388;
@@ -48,18 +56,18 @@
feh = {
user = "root";
hostname = "100.107.101.77";
port = 49001;
hostname = "100.88.93.24";
port = 9000;
};
ppc-hosting = {
user = "root";
hostname = "100.107.101.77";
port = 49002;
hostname = "100.88.46.87";
port = 9000;
};
pcmc = {
user = "root";
hostname = "100.107.101.77";
port = 49003;
hostname = "100.88.33.187";
port = 9000;
};

3
users/me/gui-home.nix
View File

@@ -26,6 +26,9 @@
package = inputs.zed.packages.x86_64-linux.default;
};
programs.direnv.enable = true;
programs.walker = {
enable = false;
runAsService = true;