christoph/flake-nixinator
1
Fork 0
Code Activity
Files
b89934d13f728e0c465468c4da27fa1cc007be6e
flake-nixinator/system/servenix/default.nix

174 lines
4.9 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
inputs,
hostname,
lib,
mylib,
config,
pkgs,
system,
username,
headless,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# My own services
../services/heidi.nix
../services/formula10.nix
../services/formula11.nix
../services/statespaces.nix
# General services
../services/authelia.nix
../services/bazarr.nix
../services/box.nix
../services/fileflows.nix
../services/gitea.nix
../services/immich.nix
../services/jellyfin.nix
../services/kiwix.nix
../services/kopia.nix
../services/nextcloud.nix
../services/nginx-proxy-manager.nix
../services/paperless.nix
# ../services/plex.nix # Their monetization strategy is absolutely atrocious
../services/portainer-agent.nix
../services/pulse-agent-servenix.nix
../services/prowlarr.nix
../services/radarr.nix
../services/sabnzbd-movies.nix
../services/sabnzbd-shows.nix
../services/sonarr.nix
../services/teamspeak.nix
../services/tinymediamanager.nix
../services/whats-up-docker.nix
];
systemmodules = {
docker.networks = [
{
name = "behind-nginx";
disable_masquerade = false;
# We have 4 IPv6 prefixes, one is used for LAN, one is used for ThinkNix behind-nginx docker network (for DNS).
# Questionable if we should enable it here aswell...
ipv6.enable = false;
# ipv6.gateway = "fd00::5";
# ipv6.subnet = "2001:7d8:8023:a00a::/64";
}
];
network = {
useNetworkManager = false;
networks = {
# "10-ether-1G" = mylib.networking.mkStaticSystemdNetwork {
# interface = "ens18";
# ips = ["192.168.86.25/24" "fd00::19/64"];
# routers = ["192.168.86.5" "fd00::5"];
# nameservers = ["8.8.8.8" "2001:4860:4860::8888"]; # NOTE: Use reliable DNS for servers instead of 192.168.86.26
# routable = true;
# };
# TODO: mylib.networking.mkStaticSystemdNetwork needs improvement to accomodate for this
"10-ether-1G" = rec {
enable = true;
# See man systemd.link, man systemd.netdev, man systemd.network
matchConfig = {
# This corresponds to the [MATCH] section
Name = "ens18"; # Match ethernet interface
};
# Static IP + DNS + Gateway
address = ["192.168.86.25/24"];
gateway = ["192.168.86.5"]; # Don't add IPv6 gateway, rely on router advertisement instead
dns = ["8.8.8.8" "8.8.4.4" "2001:4860:4860:8888" "2001:4860:4860:8844"];
routes = builtins.map (r: {Gateway = r;}) gateway;
# See man systemd.network
networkConfig = {
# This corresponds to the [NETWORK] section
DHCP = "no";
IPv6AcceptRA = "yes"; # Accept Router Advertisements
# MulticastDNS = "no";
# LLMNR = "no";
# LinkLocalAddressing = "ipv6";
};
addresses = [
{
# Don't add this to address, we don't want to create any routes with this
Address = "fd00::19/64";
}
];
linkConfig = {
# This corresponds to the [LINK] section
RequiredForOnline = "routable";
};
};
};
# NOTE: Streams: Ports have to be opened in the VPS firewall + VPS UFW and bound in the VPS Nginx compose file.
allowedTCPPorts = [
53 # DNS (Adguard Home)
67 # DHCP
80 # HTTP (Nginx Proxy Manager)
443 # HTTPS (Nginx Proxy Manager)
3000 # Gitea (runner needs to reach local gitea instance)
30033 # Teamspeak
10080 # Teamspeak
];
allowedUDPPorts = [
53 # DNS (Adguard Home)
67 # DHCP
80 # HTTP (Nginx Proxy Manager)
443 # HTTPS (Nginx Proxy Manager)
3000 # Gitea (runner needs to reach local gitea instance)
5520 # HyTale
30033 # Teamspeak
9987 # Teamspeak
];
};
sops-nix.secrets.${username} = [
"heidi-discord-token"
"kopia-server-username"
"kopia-server-password"
"kopia-user-password"
"paperless-nextcloud-sync-password"
];
};
# List services that you want to enable:
services = {
# Configure keymap in X11
xserver = {
xkb.layout = "us";
xkb.variant = "altgr-intl";
videoDrivers = ["nvidia"];
};
qemuGuest.enable = true;
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
View Git Blame Copy Permalink