Modularize GY config
This commit is contained in:
		
							parent
							
								
									bd629aff60
								
							
						
					
					
						commit
						8304731fb3
					
				
					 8 changed files with 109 additions and 26 deletions
				
			
		
							
								
								
									
										1
									
								
								.gitignore
									
										
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								.gitignore
									
										
									
									
										vendored
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | ||||||
|  | keys.txt | ||||||
							
								
								
									
										34
									
								
								README.md
									
										
									
									
									
								
							
							
						
						
									
										34
									
								
								README.md
									
										
									
									
									
								
							|  | @ -1,12 +1,17 @@ | ||||||
|  | --- | ||||||
|  | gitea: none | ||||||
|  | include_toc: true | ||||||
|  | --- | ||||||
|  | 
 | ||||||
| # NixOS system configurations | # NixOS system configurations | ||||||
| 
 | 
 | ||||||
|  | [toc] | ||||||
|  | 
 | ||||||
| ## Installation (WIP) | ## Installation (WIP) | ||||||
| 
 | 
 | ||||||
| ## Hosts | ## Hosts | ||||||
| 
 | 
 | ||||||
| ### 🐬 Totsugeki | ### 🐬 Totsugeki | Desktop | ||||||
| 
 |  | ||||||
| Configuration files for my desktop |  | ||||||
| 
 | 
 | ||||||
| #### Programs | #### Programs | ||||||
| 
 | 
 | ||||||
|  | @ -27,16 +32,23 @@ Configuration files for my desktop | ||||||
| - r2modman (Mod manager) | - r2modman (Mod manager) | ||||||
| - ProtonUp-Qt | - ProtonUp-Qt | ||||||
| 
 | 
 | ||||||
| ### 🐳 Great Yamada | ### 🐳 Great Yamada | Home server | ||||||
| 
 |  | ||||||
| Configuration for my home server |  | ||||||
| 
 | 
 | ||||||
| #### Services | #### Services | ||||||
| 
 | 
 | ||||||
| **Still a WIP** | **Still a WIP** | ||||||
| 
 | 
 | ||||||
| |    Name    |             Type             | Public-facing | | |       Name        |              Type              | Public-facing | | ||||||
| | :--------: | :--------------------------: | :-----------: | | | :---------------: | :----------------------------: | :-----------: | | ||||||
| |   Nginx    | Web server and reverse proxy |       x       | | |       Nginx       |  Web server and reverse proxy  |       x       | | ||||||
| | PostgreSQL |       Database engine        | | |    PostgreSQL     |        Database engine         | | ||||||
| |  Forgejo   |        Git repository        |       x       | | |      Forgejo      |         Git repository         |       x       | | ||||||
|  | |      Synapse      |         Matrix server          |       x       | | ||||||
|  | |      coturn       |          TURN server           |       x       | | ||||||
|  | | Synapse (bridges) |         Matrix server          |               | | ||||||
|  | | mautrix-whatsapp  |   WhatsApp bridge for Matrix   |               | | ||||||
|  | |      PaperMC      |        Minecraft server        |       x       | | ||||||
|  | |   AdGuard Home    | DNS server and content blocker |               | | ||||||
|  | |     Invidious     |         YouTube proxy          |               | | ||||||
|  | |      SearXNG      |       Metasearch engine        |               | | ||||||
|  | |     Radicale      |    CalDAV / CardDAV server     |               | | ||||||
|  |  | ||||||
							
								
								
									
										16
									
								
								hosts/greatyamada/nixos/default.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								hosts/greatyamada/nixos/default.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,16 @@ | ||||||
|  | { config, lib, pkgs }: { | ||||||
|  |   imports = [ ./filesystems.nix ]; | ||||||
|  |   networking = { | ||||||
|  |     firewall.enable = true; | ||||||
|  |     hostName = "greatyamada"; | ||||||
|  |     networkmanager.enable = true; | ||||||
|  |     useDHCP = lib.mkDefault false; | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
|  |   sops = { | ||||||
|  |     defaultSopsFile = "/etc/nixos/secrets/greatyamada.yaml"; | ||||||
|  |     age.keyFile = "/etc/nixos/keys.txt"; | ||||||
|  |   }; | ||||||
|  | 
 | ||||||
|  |   time.timeZone = "UTC"; | ||||||
|  | } | ||||||
|  | @ -1,4 +1,4 @@ | ||||||
| { config, lib, pkgs }: { | { ... }: { | ||||||
|   fileSystems = { |   fileSystems = { | ||||||
|     "/" = { |     "/" = { | ||||||
|       device = "/dev/disk/by-uuid/61050e8d-41c6-4c37-98a9-d8b0cdce6903"; |       device = "/dev/disk/by-uuid/61050e8d-41c6-4c37-98a9-d8b0cdce6903"; | ||||||
|  | @ -36,18 +36,4 @@ | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   networking = { |  | ||||||
|     firewall.enable = true; |  | ||||||
|     hostName = "greatyamada"; |  | ||||||
|     networkmanager.enable = true; |  | ||||||
|     useDHCP = lib.mkDefault false; |  | ||||||
|   }; |  | ||||||
| 
 |  | ||||||
|   sops = { |  | ||||||
|     defaultSopsFile = "/etc/nixos/secrets/greatyamada.yaml"; |  | ||||||
|     # TODO: change key path |  | ||||||
|     age.keyFile = "/home/avery/.config/sops/age/keys.txt"; |  | ||||||
|   }; |  | ||||||
| 
 |  | ||||||
|   time.timeZone = "UTC"; |  | ||||||
| } | } | ||||||
							
								
								
									
										16
									
								
								hosts/greatyamada/services/acme.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										16
									
								
								hosts/greatyamada/services/acme.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,16 @@ | ||||||
|  | { ... }: { | ||||||
|  |   security.acme = { | ||||||
|  |     acceptTerms = true; | ||||||
|  |     defaults.email = "aveeryy@protonmail.com"; | ||||||
|  |     certs."rcia.dev" = { | ||||||
|  |       credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = | ||||||
|  |         "/run/secrets/cloudflare_api_token"; | ||||||
|  |       dnsProvider = "cloudflare"; | ||||||
|  |       extraDomainNames = [ "*.rcia.dev" ]; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  |   sops.secrets."cloudflare/api_token" = { | ||||||
|  |     path = "/run/secrets/cloudflare_api_token"; | ||||||
|  |     group = "root"; | ||||||
|  |   }; | ||||||
|  | } | ||||||
							
								
								
									
										11
									
								
								hosts/greatyamada/services/ddns.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								hosts/greatyamada/services/ddns.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,11 @@ | ||||||
|  | { ... }: { | ||||||
|  |   services.ddclient = { | ||||||
|  |     enable = true; | ||||||
|  |     interval = "5min"; | ||||||
|  |     quiet = true; | ||||||
|  |     protocol = "cloudflare"; | ||||||
|  |     zone = "rcia.dev"; | ||||||
|  |     passwordFile = "/run/secrets/cloudflare_api_token"; | ||||||
|  |     domains = [ "@" "*" ];" | ||||||
|  |   }; | ||||||
|  | } | ||||||
							
								
								
									
										41
									
								
								hosts/greatyamada/services/matrix/coturn.nix
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										41
									
								
								hosts/greatyamada/services/matrix/coturn.nix
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,41 @@ | ||||||
|  | { pkgs, ... }: { | ||||||
|  |   services.coturn = { | ||||||
|  |     enable = true; | ||||||
|  |     realm = "rcia.dev"; | ||||||
|  |     min-port = 49152; | ||||||
|  |     max-port = 49200; | ||||||
|  |     use-auth-secret = true; | ||||||
|  |     static-auth-secret-file = "/run/turnserver/auth_secret" | ||||||
|  |     extraConfig = '' | ||||||
|  |       syslog | ||||||
|  |       no-rfc5780 | ||||||
|  |       no-stun-backward-compatibility | ||||||
|  |       response-origin-only-with-rfc5780  | ||||||
|  |       denied-peer-ip=10.0.0.0-10.255.255.255 | ||||||
|  |       denied-peer-ip=192.168.0.0-192.168.255.255 | ||||||
|  |       denied-peer-ip=172.16.0.0-172.31.255.255 | ||||||
|  |       no-multicast-peers | ||||||
|  |       denied-peer-ip=0.0.0.0-0.255.255.255 | ||||||
|  |       denied-peer-ip=100.64.0.0-100.127.255.255 | ||||||
|  |       denied-peer-ip=127.0.0.0-127.255.255.255 | ||||||
|  |       denied-peer-ip=169.254.0.0-169.254.255.255 | ||||||
|  |       denied-peer-ip=192.0.0.0-192.0.0.255 | ||||||
|  |       denied-peer-ip=192.0.2.0-192.0.2.255 | ||||||
|  |       denied-peer-ip=192.88.99.0-192.88.99.255 | ||||||
|  |       denied-peer-ip=198.18.0.0-198.19.255.255 | ||||||
|  |       denied-peer-ip=198.51.100.0-198.51.100.255 | ||||||
|  |       denied-peer-ip=203.0.113.0-203.0.113.255 | ||||||
|  |       denied-peer-ip=240.0.0.0-255.255.255.255 | ||||||
|  |       allowed-peer-ip=10.0.0.1 | ||||||
|  |       allowed-peer-ip=10.10.0.1 | ||||||
|  |       allowed-peer-ip=10.10.0.2 | ||||||
|  |       allowed-peer-ip=10.10.0.3 | ||||||
|  |       user-quota=16 | ||||||
|  |       total-quota=128 | ||||||
|  |     ''; | ||||||
|  |   }; | ||||||
|  |   sops.secrets."coturn/static_auth_secret" = { | ||||||
|  |     path = "/run/turnserver/auth_secret"; | ||||||
|  |     owner = "turnserver"; | ||||||
|  |   }; | ||||||
|  | } | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue