dot013/nix
1
0
Fork 0
Code Issues Pull Requests Activity

chore(spacetation): remove unused files

Browse Source
This commit is contained in:
Guz
2025-02-05 10:23:34 -03:00
parent 5a8ef0749f
commit d182f74520
5 changed files with 0 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
hosts/spacestation/configuration.nix
View File

@@ -1,91 +0,0 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
...
}: {
imports = [
../../modules/nixos
./services.nix
./secrets.nix
./hardware-configuration.nix
];
programs.nh.enable = true;
programs.nh.flake = "/home/guz/nix";
profiles.locale.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-tty;
settings = {
default-cache-ttl = 3600 * 24;
};
};
home-manager-helper.enable = true;
home-manager-helper.users."guz" = {
name = "guz";
shell = pkgs.zsh;
hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path;
home = import ./home.nix;
isNormalUser = true;
extraGroups = ["wheel" "networkmanager"];
};
environment.sessionVariables = {
EDITOR = "nvim";
};
environment.systemPackages = with pkgs; [
git
];
programs.zsh.enable = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.package = pkgs.nixVersions.nix_2_21;
networking = {
networkmanager.enable = true;
hostName = "spacestation";
wireless.enable = false;
dhcpcd.enable = true;
defaultGateway = "192.168.1.1";
interfaces."eno1".ipv4.addresses = [
{
address = "192.168.1.10";
prefixLength = 24;
}
];
nameservers = ["9.9.9.9"];
};
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

43
hosts/spacestation/hardware-configuration.nix
View File

@@ -1,43 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/26878c61-60d2-4ac9-967f-30faffc0f21f";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/ACCB-816C";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/878a189a-e5df-4e1c-92d5-df6f77ff53bb";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

8
hosts/spacestation/home.nix
View File

@@ -1,8 +0,0 @@
{...}: {
imports = [
../../modules/home-manager
];
profiles.gterminal.enable = true;
programs.wezterm.enable = false;
}

54
hosts/spacestation/secrets.nix
View File

@@ -1,54 +0,0 @@
{
config,
inputs,
lib,
pkgs,
...
}: let
lesser-secrets = with builtins;
fromJSON (readFile ../../secrets/spacestation-secrets.lesser.decrypted.json);
jsonType = pkgs.formats.json {};
in {
imports = [
inputs.sops-nix.nixosModules.sops
];
options.homelab-secrets = with lib;
with lib.types; {
lesser = mkOption {
type = submodule ({...}: {
freeformType = jsonType.type;
options = {};
});
default = lesser-secrets;
};
};
config = with lib; {
environment.systemPackages = with pkgs; [
sops
];
sops.defaultSopsFile = ../../secrets/spacestation-secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.secrets."guz/password" = {
owner = config.users.users."guz".name;
};
sops.secrets."muse/secrets" = {};
sops.secrets."forgejo/user1/name" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/user1/password" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/user1/email" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/git-password" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
};
}

153
hosts/spacestation/services.nix
View File

@@ -1,153 +0,0 @@
{
config,
lib,
...
}: let
secrets = config.homelab-secrets.lesser;
deviceIp = config.services.tailscale.deviceIp;
in {
imports = [];
options = {};
config = {
services.adguardhome.enable = true;
services.adguardhome.dns.rewrites = {
"*.${secrets.homelab-domain}" = deviceIp;
"${secrets.homelab-domain}" = deviceIp;
};
services.adguardhome.openFirewall = true;
services.adguardhome.port = secrets.services.adguard.port;
services.adguardhome.dns.filters = {
"Hagezi's Multi PRO" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt";
};
"Hagezi's Badware Hoster" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/hoster.txt";
};
"Hagezi's DNS Bypass blocking" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/doh-vpn-proxy-bypass.txt";
};
"Hagezi's Dynamic DNS blocking" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/dyndns.txt";
};
"Hagezi's Gambling" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt";
};
"Hagezi's Native - LG webOS" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.lgwebos.txt";
};
"Hagezi's Native - Tiktok (Agressive)" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/hosts/native.tiktok.extended.txt";
};
"Hagezi's Native - Microsoft/Windows" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.winoffice.txt";
};
"Hagezi's Pop-up Ads" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt";
};
"Hagezi's TIF" = {
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt";
};
};
services.adguardhome.settings.user_rules = [
"@@||tumblr.com^$important"
"@@||wordpress.com^$important"
"@@||tailscale.com^$important"
];
services.caddy.enable = true;
services.caddy.virtualHosts =
lib.attrsets.mapAttrs'
(name: service: {
name = service.domain;
value = {extraConfig = "reverse_proxy ${deviceIp}:${toString service.port}";};
})
secrets.services;
networking.firewall.allowedTCPPorts = [80 433];
profiles.minecraft-servers.enable = true;
services.openssh.enable = true;
services.forgejo = {
enable = true;
actions = {
enable = true;
token = secrets.services.forgejo.actions-token;
url = "http://192.168.1.10:${toString secrets.services.forgejo.port}";
labels = secrets.services.forgejo.actions-labels;
};
users = {
user1 = {
name = /. + config.sops.secrets."forgejo/user1/name".path;
password = /. + config.sops.secrets."forgejo/user1/password".path;
email = /. + config.sops.secrets."forgejo/user1/email".path;
admin = true;
};
};
settings = {
server = {
HTTP_PORT = secrets.services.forgejo.port;
DOMAIN = secrets.services.forgejo.domain;
ROOT_URL = "https://${secrets.services.forgejo.domain}";
};
};
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
exitNode = true;
tailnetName = secrets.tailnet-name;
deviceIp = secrets.device-ip;
};
profiles.media-server.enable = true;
virtualisation = {
docker.enable = true;
oci-containers = {
backend = "docker";
containers = {
homarr = {
image = "ghcr.io/ajnart/homarr:latest";
autoStart = true;
ports = ["${toString secrets.services.homarr.port}:7575"];
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"/var/lib/homarr/configs:/app/data/configs"
"/var/lib/homarr/data:/data"
"/var/lib/homarr/icons:/app/public/icons"
];
environment = {
NODE_TLS_REJECT_UNAUTHORIZED = "0";
};
};
dashdot = {
image = "mauricenino/dashdot";
autoStart = true;
ports = ["${toString secrets.services.dashdot.port}:3001"];
extraOptions = ["--privileged"];
volumes = [
"/:/mnt/host:ro"
];
};
ferdium-server = {
image = "linuxserver/ferdium:6.7.3";
autoStart = true;
ports = ["${toString secrets.services.ferdium-server.port}:3000"];
};
muse-discord-bot = {
image = "codetheweb/muse:latest";
autoStart = true;
volumes = [
"/var/lib/muse/data:/data"
];
environmentFiles = [
(/. + config.sops.secrets."muse/secrets".path)
];
};
};
};
};
};
}