diff --git a/hosts/spacestation/configuration.nix b/hosts/spacestation/configuration.nix deleted file mode 100755 index e2da557..0000000 --- a/hosts/spacestation/configuration.nix +++ /dev/null @@ -1,91 +0,0 @@ -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - pkgs, - ... -}: { - imports = [ - ../../modules/nixos - ./services.nix - ./secrets.nix - ./hardware-configuration.nix - ]; - - programs.nh.enable = true; - programs.nh.flake = "/home/guz/nix"; - - profiles.locale.enable = true; - - programs.gnupg.agent = { - enable = true; - pinentryPackage = pkgs.pinentry-tty; - settings = { - default-cache-ttl = 3600 * 24; - }; - }; - - home-manager-helper.enable = true; - home-manager-helper.users."guz" = { - name = "guz"; - shell = pkgs.zsh; - hashedPasswordFile = builtins.toString config.sops.secrets."guz/password".path; - home = import ./home.nix; - isNormalUser = true; - extraGroups = ["wheel" "networkmanager"]; - }; - - environment.sessionVariables = { - EDITOR = "nvim"; - }; - - environment.systemPackages = with pkgs; [ - git - ]; - - programs.zsh.enable = true; - - nix.settings.experimental-features = ["nix-command" "flakes"]; - nix.package = pkgs.nixVersions.nix_2_21; - - networking = { - networkmanager.enable = true; - hostName = "spacestation"; - wireless.enable = false; - dhcpcd.enable = true; - defaultGateway = "192.168.1.1"; - interfaces."eno1".ipv4.addresses = [ - { - address = "192.168.1.10"; - prefixLength = 24; - } - ]; - nameservers = ["9.9.9.9"]; - }; - - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - wireplumber.enable = true; - }; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? -} diff --git a/hosts/spacestation/hardware-configuration.nix b/hosts/spacestation/hardware-configuration.nix deleted file mode 100644 index f0277c7..0000000 --- a/hosts/spacestation/hardware-configuration.nix +++ /dev/null @@ -1,43 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" "sdhci_acpi"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/26878c61-60d2-4ac9-967f-30faffc0f21f"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/ACCB-816C"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/878a189a-e5df-4e1c-92d5-df6f77ff53bb";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/spacestation/home.nix b/hosts/spacestation/home.nix deleted file mode 100644 index 65364ac..0000000 --- a/hosts/spacestation/home.nix +++ /dev/null @@ -1,8 +0,0 @@ -{...}: { - imports = [ - ../../modules/home-manager - ]; - - profiles.gterminal.enable = true; - programs.wezterm.enable = false; -} diff --git a/hosts/spacestation/secrets.nix b/hosts/spacestation/secrets.nix deleted file mode 100644 index 1c96dec..0000000 --- a/hosts/spacestation/secrets.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: let - lesser-secrets = with builtins; - fromJSON (readFile ../../secrets/spacestation-secrets.lesser.decrypted.json); - jsonType = pkgs.formats.json {}; -in { - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - options.homelab-secrets = with lib; - with lib.types; { - lesser = mkOption { - type = submodule ({...}: { - freeformType = jsonType.type; - options = {}; - }); - default = lesser-secrets; - }; - }; - config = with lib; { - environment.systemPackages = with pkgs; [ - sops - ]; - - sops.defaultSopsFile = ../../secrets/spacestation-secrets.yaml; - sops.defaultSopsFormat = "yaml"; - - sops.secrets."guz/password" = { - owner = config.users.users."guz".name; - }; - - sops.secrets."muse/secrets" = {}; - - sops.secrets."forgejo/user1/name" = mkIf config.services.forgejo.enable { - owner = config.services.forgejo.user; - }; - sops.secrets."forgejo/user1/password" = mkIf config.services.forgejo.enable { - owner = config.services.forgejo.user; - }; - sops.secrets."forgejo/user1/email" = mkIf config.services.forgejo.enable { - owner = config.services.forgejo.user; - }; - sops.secrets."forgejo/git-password" = mkIf config.services.forgejo.enable { - owner = config.services.forgejo.user; - }; - - sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt"; - }; -} diff --git a/hosts/spacestation/services.nix b/hosts/spacestation/services.nix deleted file mode 100644 index 36fc86e..0000000 --- a/hosts/spacestation/services.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ - config, - lib, - ... -}: let - secrets = config.homelab-secrets.lesser; - deviceIp = config.services.tailscale.deviceIp; -in { - imports = []; - options = {}; - config = { - services.adguardhome.enable = true; - services.adguardhome.dns.rewrites = { - "*.${secrets.homelab-domain}" = deviceIp; - "${secrets.homelab-domain}" = deviceIp; - }; - services.adguardhome.openFirewall = true; - services.adguardhome.port = secrets.services.adguard.port; - services.adguardhome.dns.filters = { - "Hagezi's Multi PRO" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt"; - }; - "Hagezi's Badware Hoster" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/hoster.txt"; - }; - "Hagezi's DNS Bypass blocking" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/doh-vpn-proxy-bypass.txt"; - }; - "Hagezi's Dynamic DNS blocking" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/dyndns.txt"; - }; - "Hagezi's Gambling" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/gambling.txt"; - }; - "Hagezi's Native - LG webOS" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.lgwebos.txt"; - }; - "Hagezi's Native - Tiktok (Agressive)" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/hosts/native.tiktok.extended.txt"; - }; - "Hagezi's Native - Microsoft/Windows" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/native.winoffice.txt"; - }; - "Hagezi's Pop-up Ads" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/popupads.txt"; - }; - "Hagezi's TIF" = { - url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/tif.txt"; - }; - }; - services.adguardhome.settings.user_rules = [ - "@@||tumblr.com^$important" - "@@||wordpress.com^$important" - "@@||tailscale.com^$important" - ]; - - services.caddy.enable = true; - services.caddy.virtualHosts = - lib.attrsets.mapAttrs' - (name: service: { - name = service.domain; - value = {extraConfig = "reverse_proxy ${deviceIp}:${toString service.port}";}; - }) - secrets.services; - networking.firewall.allowedTCPPorts = [80 433]; - - profiles.minecraft-servers.enable = true; - - services.openssh.enable = true; - - services.forgejo = { - enable = true; - actions = { - enable = true; - token = secrets.services.forgejo.actions-token; - url = "http://192.168.1.10:${toString secrets.services.forgejo.port}"; - labels = secrets.services.forgejo.actions-labels; - }; - users = { - user1 = { - name = /. + config.sops.secrets."forgejo/user1/name".path; - password = /. + config.sops.secrets."forgejo/user1/password".path; - email = /. + config.sops.secrets."forgejo/user1/email".path; - admin = true; - }; - }; - settings = { - server = { - HTTP_PORT = secrets.services.forgejo.port; - DOMAIN = secrets.services.forgejo.domain; - ROOT_URL = "https://${secrets.services.forgejo.domain}"; - }; - }; - }; - - services.tailscale = { - enable = true; - useRoutingFeatures = "both"; - exitNode = true; - tailnetName = secrets.tailnet-name; - deviceIp = secrets.device-ip; - }; - - profiles.media-server.enable = true; - - virtualisation = { - docker.enable = true; - oci-containers = { - backend = "docker"; - containers = { - homarr = { - image = "ghcr.io/ajnart/homarr:latest"; - autoStart = true; - ports = ["${toString secrets.services.homarr.port}:7575"]; - volumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - "/var/lib/homarr/configs:/app/data/configs" - "/var/lib/homarr/data:/data" - "/var/lib/homarr/icons:/app/public/icons" - ]; - environment = { - NODE_TLS_REJECT_UNAUTHORIZED = "0"; - }; - }; - dashdot = { - image = "mauricenino/dashdot"; - autoStart = true; - ports = ["${toString secrets.services.dashdot.port}:3001"]; - extraOptions = ["--privileged"]; - volumes = [ - "/:/mnt/host:ro" - ]; - }; - ferdium-server = { - image = "linuxserver/ferdium:6.7.3"; - autoStart = true; - ports = ["${toString secrets.services.ferdium-server.port}:3000"]; - }; - muse-discord-bot = { - image = "codetheweb/muse:latest"; - autoStart = true; - volumes = [ - "/var/lib/muse/data:/data" - ]; - environmentFiles = [ - (/. + config.sops.secrets."muse/secrets".path) - ]; - }; - }; - }; - }; - }; -}