toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: toph:955b61c5a94829d2caa639b1bc37e6d6f7da3d0c
Branches Tags
toph:main
toph:user-expansion
..
compare: toph:47398a409de0e8a00ec81113e5e3d3931f738cf6
Branches Tags
toph:main
toph:user-expansion

1 commit
955b61c5a9 ... 47398a409d

Author SHA1 Message Date
Chris Toph
47398a409d Replace yay pkg with yay.nix flake 2025-04-27 17:40:23 -04:00
33 changed files with 252 additions and 719 deletions
Show stats Expand all files Collapse all files

3
.gitignore vendored
View file

@ -1,4 +1,5 @@
nixos/modules/nextcloud/nextcloud-admin-pass
.BAK/ .BAK/
.chat .chat
.logs
*.bak *.bak

55
flake.lock generated
View file

@ -376,6 +376,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": { "fromYaml": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -943,6 +961,7 @@
"stylix": "stylix", "stylix": "stylix",
"vscode-server": "vscode-server", "vscode-server": "vscode-server",
"watershot": "watershot", "watershot": "watershot",
"yay": "yay",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
}, },
@ -1171,6 +1190,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": { "tinted-foot": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -1358,6 +1392,27 @@
"type": "github" "type": "github"
} }
}, },
"yay": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745783593,
"narHash": "sha256-sfaQ1N3afqKe3sPvsC4iqQFG4v5QFLFeuyoCfGjVDFY=",
"ref": "refs/heads/main",
"rev": "88b65739521e2e9b92475acf6a3665b78bc357d3",
"revCount": 2,
"type": "git",
"url": "https://git.ryot.foo/toph/yay.nix.git"
},
"original": {
"type": "git",
"url": "https://git.ryot.foo/toph/yay.nix.git"
}
},
"zen-browser": { "zen-browser": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [

6
flake.nix
View file

@ -63,12 +63,6 @@
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
# }; # };
snapraid-aio = {
# url = "git+https://git.ryot.foo/toph/snapraid-aio.nix.git";
url = "git+https://git.ryot.foo/toph/snapraid-aio.nix.git";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-server = { vscode-server = {
url = "github:nix-community/nixos-vscode-server"; url = "github:nix-community/nixos-vscode-server";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";

10
home/toph/cloud/default.nix
View file

@ -1,10 +0,0 @@
{
pkgs,
...
}:
{
imports = [
## Required Configs ##
../common/core # required
];
}

8
home/toph/common/core/ssh.nix
View file

@ -43,13 +43,7 @@ in
''; '';
}; };
".ssh/known_hosts_source" = { ".ssh/known_hosts".text = lib.concatStringsSep "\n" secretsSpec.ssh.knownHosts;
source = pkgs.writeText "known-hosts" (lib.concatStringsSep "\n" secretsSpec.ssh.knownHosts);
onChange = ''
cp $HOME/.ssh/known_hosts_source $HOME/.ssh/known_hosts
chmod 644 $HOME/.ssh/known_hosts
'';
};
} }
# Dynamically add all SSH private keys using the existing store paths # Dynamically add all SSH private keys using the existing store paths
# Ensures the keys have correct permissions and are not symlinks # Ensures the keys have correct permissions and are not symlinks

10
home/toph/komodo/default.nix
View file

@ -1,16 +1,24 @@
{ {
pkgs, pkgs,
config,
... ...
}: }:
{ {
imports = [ imports = [
## Required Configs ## ## Required Configs ##
../common/core # required ../common/core # required
## Host-specific Optional Configs ##
]; ];
# Useful for this host
home.file = { home.file = {
Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool"; Pool.source = config.lib.file.mkOutOfStoreSymlink "/pool";
DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage"; DockerStorage.source = config.lib.file.mkOutOfStoreSymlink "/mnt/DockerStorage";
}; };
## Packages with no needed configs ##
# home.packages = builtins.attrValues {
# inherit (pkgs)
# ;
# };
} }

23
hosts/common/optional/acme/default.nix
View file

@ -4,27 +4,22 @@
... ...
}: }:
let let
# Create a VERY simple environment file with absolutely minimal formatting cloudflare = pkgs.writeTextFile {
cloudflareEnvFile = pkgs.writeText "cloudflare.env" '' name = "cloudflare.ini";
CLOUDFLARE_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare} text = ''
''; CF_DNS_API_TOKEN=${config.secretsSpec.api.cloudflare}
'';
};
in in
{ {
environment.systemPackages = [ pkgs.lego ];
# letsencrypt
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "chris@toph.cc"; email = "chris@toph.cc";
dnsProvider = "cloudflare"; # Use Cloudflare's DNS dnsProvider = "cloudflare";
environmentFile = cloudflareEnvFile; environmentFile = cloudflare;
enableDebugLogs = true;
extraLegoFlags = [
"--dns.resolvers=1.1.1.1:53,8.8.8.8:53"
"--dns.propagation-wait=60s" # Wait for 60 seconds for DNS propagation
"--dns-timeout=60"
"--http-timeout=60"
];
}; };
certs = { certs = {
"goldenlemon.cc" = { "goldenlemon.cc" = {

16
hosts/common/optional/caddy/cloud.nix Normal file
View file

@ -0,0 +1,16 @@
{
services.caddy.virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8181 {
header_up Host {host}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# header_up X-Forwarded-Protocol {scheme}
# header_up X-Forwarded-Port {server_port}
}
'';
};
};
}

10
hosts/common/optional/caddy/defaut.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, ... }:
{
imports = [
"./${config.hostSpec.hostName}.nix"
];
services.caddy = {
enable = true;
};
}

100
hosts/common/optional/caddy/komodo.nix Normal file
View file

@ -0,0 +1,100 @@
{
services.caddy.virtualHosts = {
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.3.44:80
# '';
# };
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"outline.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3480
'';
};
"plane.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3000
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};
}

10
hosts/common/optional/caddy/proxy.nix Normal file
View file

@ -0,0 +1,10 @@
{
services.caddy.virtualHosts = {
"cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:14333
'';
};
};
}

0
hosts/nixos/komodo/config/authentik/compose.yaml → hosts/common/optional/containers/authentik/compose.yaml
View file

8
hosts/nixos/komodo/config/authentik/default.nix → hosts/common/optional/containers/authentik/default.nix
View file

@ -1,10 +1,6 @@
# Auto-generated using compose2nix v0.3.1. # Auto-generated using compose2nix v0.3.1.
{ { pkgs, lib, ... }:
pkgs,
lib,
config,
...
}:
let let
# Only available in the Komodo LXC # Only available in the Komodo LXC
DockerStorage = "/mnt/DockerStorage/komodo/stacks/authentik"; DockerStorage = "/mnt/DockerStorage/komodo/stacks/authentik";

0
hosts/nixos/proxy/config/cloudflared.nix → hosts/common/optional/containers/cloudflared.nix
View file

0
hosts/nixos/komodo/config/komodo/compose.yaml → hosts/common/optional/containers/komodo/compose.yaml
View file

4
hosts/nixos/komodo/config/komodo/default.nix → hosts/common/optional/containers/komodo/default.nix
View file

@ -1,8 +1,8 @@
# Auto-generated using compose2nix v0.3.1. # Auto-generated using compose2nix v0.3.1.
{ {
config,
lib,
pkgs, pkgs,
lib,
admin,
... ...
}: }:
let let

30
hosts/common/optional/system/pool.nix
View file

@ -2,8 +2,12 @@
let let
username = config.hostSpec.username; username = config.hostSpec.username;
homeDir = config.hostSpec.home; homeDir = config.hostSpec.home;
pve-key = config.secretsSpec.ssh.privateKeys.pve;
in in
{ {
# For less permission issues with SSHFS
programs.fuse.userAllowOther = true;
# Create the directories if they do not exist # Create the directories if they do not exist
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /pool 2775 ${username} ryot -" "d /pool 2775 ${username} ryot -"
@ -13,16 +17,14 @@ in
# File system configuration # File system configuration
fileSystems = { fileSystems = {
"/pool" = { "/pool" = {
device = "cloud:/"; device = "${username}@cloud:/pool";
fsType = "nfs"; fsType = "sshfs";
options = [ options = [
"_netdev"
"defaults" "defaults"
"nfsvers=4.2" "reconnect"
"noacl" "_netdev"
"noatime" "allow_other"
"nofail" "identityfile=${pve-key}"
"sec=sys"
]; ];
}; };
@ -35,16 +37,4 @@ in
]; ];
}; };
}; };
# Ensure NFS client support is complete
boot.supportedFilesystems = [ "nfs" ];
# services.rpcbind.enable = true;
# Optional: Configure ID mapping if needed
services.nfs.idmapd.settings = {
General = {
Domain = "local"; # Must match on server and client
Verbosity = 0;
};
};
} }

140
hosts/nixos/cloud/config/borg.nix
View file

@ -1,140 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
# Borg backup destinations
dockerStorageRepo = "/pool/Backups/DockerStorage";
forgejoRepo = "/pool/Backups/forgejo";
# Common borg backup settings
borgCommonSettings = ''
# Don't use cache to avoid issues with concurrent backups
export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
# Set this for non-interactive use
export BORG_NON_INTERACTIVE=yes
'';
# Initialize a repo if it doesn't exist
initRepo = repo: ''
if [ ! -d "${repo}" ]; then
mkdir -p "${repo}"
${pkgs.borgbackup}/bin/borg init --encryption=none "${repo}"
fi
'';
in
{
# Make sure borg is installed
environment.systemPackages = [ pkgs.borgbackup ];
# Docker Storage Backup Service
systemd.services.backup-docker-storage = {
description = "Backup Docker storage directory with Borg";
path = with pkgs; [
borgbackup
coreutils
];
script = ''
${borgCommonSettings}
# Initialize repository if needed
${initRepo dockerStorageRepo}
# Create backup
${pkgs.borgbackup}/bin/borg create \
--stats \
--compression zstd,15 \
--exclude '*.tmp' \
--exclude '*/tmp/*' \
${dockerStorageRepo}::docker-{now:%Y-%m-%d_%H%M%S} \
/mnt/drive1/DockerStorage
# Prune old backups
${pkgs.borgbackup}/bin/borg prune \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 3 \
${dockerStorageRepo}
'';
serviceConfig = {
Type = "oneshot";
IOSchedulingClass = "idle";
CPUSchedulingPolicy = "idle";
Nice = 19;
};
};
# Docker Storage Backup Timer (Weekly on Monday at 4am)
systemd.timers.backup-docker-storage = {
description = "Timer for Docker Storage Backup";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "Mon *-*-* 04:00:00";
Persistent = true; # Run backup if system was off during scheduled time
RandomizedDelaySec = "5min"; # Add randomized delay
};
};
# Forgejo Backup Service
systemd.services.backup-forgejo = {
description = "Backup Forgejo directory with Borg";
path = with pkgs; [
borgbackup
coreutils
];
script = ''
${borgCommonSettings}
# Initialize repository if needed
${initRepo forgejoRepo}
# Create backup
${pkgs.borgbackup}/bin/borg create \
--stats \
--compression zstd,15 \
--exclude '*.tmp' \
--exclude '*/tmp/*' \
${forgejoRepo}::forgejo-{now:%Y-%m-%d_%H%M%S} \
/pool/forgejo
# Prune old backups
${pkgs.borgbackup}/bin/borg prune \
--keep-daily 14 \
--keep-weekly 4 \
--keep-monthly 3 \
${forgejoRepo}
'';
serviceConfig = {
Type = "oneshot";
IOSchedulingClass = "idle";
CPUSchedulingPolicy = "idle";
Nice = 19;
};
};
# Forgejo Backup Timer (Every 2 days at 4am)
systemd.timers.backup-forgejo = {
description = "Timer for Forgejo Backup";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-1/2 04:00:00"; # Every 2 days at 4am
Persistent = true;
RandomizedDelaySec = "5min";
};
};
}

19
hosts/nixos/cloud/config/caddy.nix
View file

@ -1,19 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"drive.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://localhost:8282 {
header_up Host {host}
# header_up X-Forwarded-For {remote}
# header_up X-Forwarded-Proto {scheme}
# header_up X-Forwarded-Protocol {scheme}
# header_up X-Forwarded-Port {server_port}
}
'';
};
};
};
}

4
hosts/nixos/cloud/config/default.nix
View file

@ -1,4 +0,0 @@
{ lib, ... }:
{
imports = lib.custom.scanPaths ./.;
}

38
hosts/nixos/cloud/config/filerun/compose.yml
View file

@ -1,38 +0,0 @@
name: filerun
services:
db:
image: mariadb:10.11
user: 1001:1004
environment:
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASS
MYSQL_USER: ${DB_USER}
MYSQL_PASSWORD: ${DB_PASS}
MYSQL_DATABASE: ${DB_NAME}
restart: unless-stopped
volumes:
- /pool/filerun/db:/var/lib/mysql
web:
image: filerun/filerun:8.1
user: root
environment:
FR_DB_HOST: db
FR_DB_PORT: ${DB_PORT}
FR_DB_NAME: ${DB_NAME}
FR_DB_USER: ${DB_USER}
FR_DB_PASS: ${DB_PASS}
APACHE_RUN_USER:
APACHE_RUN_USER_ID: 1001
APACHE_RUN_GROUP:
APACHE_RUN_GROUP_ID: 1004
depends_on:
- db
links:
- db:db
ports:
- "8181:80"
restart: unless-stopped
volumes:
- /pool/filerun/html:/var/www/html
- /pool/filerun/user-files:/user-files
- /pool/:/pool

119
hosts/nixos/cloud/config/filerun/default.nix
View file

@ -1,119 +0,0 @@
# Auto-generated using compose2nix v0.3.1.
{
config,
lib,
pkgs,
...
}:
let
env = config.secretsSpec.docker.filerun;
in
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."filerun-db" = {
image = "mariadb:10.11";
environment = env;
volumes = [
"/pool/filerun/db:/var/lib/mysql:rw"
];
user = "1001:1004";
log-driver = "journald";
extraOptions = [
"--network-alias=db"
"--network=filerun_default"
];
};
systemd.services."docker-filerun-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-filerun_default.service"
];
requires = [
"docker-network-filerun_default.service"
];
partOf = [
"docker-compose-filerun-root.target"
];
wantedBy = [
"docker-compose-filerun-root.target"
];
};
virtualisation.oci-containers.containers."filerun-web" = {
image = "filerun/filerun:8.1";
environment = env;
volumes = [
"/pool/:/pool:rw"
"/pool/filerun/html:/var/www/html:rw"
"/pool/filerun/user-files:/user-files:rw"
];
ports = [
"8282:80/tcp"
];
dependsOn = [
"filerun-db"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=web"
"--network=filerun_default"
];
};
systemd.services."docker-filerun-web" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-filerun_default.service"
];
requires = [
"docker-network-filerun_default.service"
];
partOf = [
"docker-compose-filerun-root.target"
];
wantedBy = [
"docker-compose-filerun-root.target"
];
};
# Networks
systemd.services."docker-network-filerun_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f filerun_default";
};
script = ''
docker network inspect filerun_default || docker network create filerun_default
'';
partOf = [ "docker-compose-filerun-root.target" ];
wantedBy = [ "docker-compose-filerun-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-filerun-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

23
hosts/nixos/cloud/config/nfs.nix
View file

@ -1,23 +0,0 @@
{ config, lib, ... }:
{
# Install and configure NFS server
services.nfs.server = {
enable = true;
exports = ''
# Pool export - seen as root '/' by the client
/pool *(rw,insecure,no_subtree_check,no_root_squash,fsid=0,anonuid=1000,anongid=1004)
'';
extraNfsdConfig = "vers=4,4.1,4.2";
};
# Ensure NFS client support is complete
# services.rpcbind.enable = true;
services.nfs.idmapd.settings = {
General = {
Domain = "local";
Verbosity = 0;
};
};
}

122
hosts/nixos/cloud/config/snapraid.nix
View file

@ -1,122 +0,0 @@
{
pkgs,
inputs,
config,
...
}:
let
apprise-url = config.secretsSpec.api.apprise-url;
snapraid-aio = inputs.snapraid-aio.nixosModules.default;
snapraid-aio-config = pkgs.writeTextFile {
name = "snapraid-aio.config";
text = ''
CONFIG_VERSION="3.4"
CHECK_UPDATES=1
# Notification settings
APPRISE=0
APPRISE_URL=""
APPRISE_ATTACH=1
APPRISE_BIN="${pkgs.apprise}/bin/apprise"
APPRISE_EMAIL=1
APPRISE_EMAIL_URL="${apprise-url}"
TELEGRAM=0
DISCORD=0
# Thresholds for sync operations
DEL_THRESHOLD=500
UP_THRESHOLD=500
IGNORE_PATTERN=""
ADD_DEL_THRESHOLD=0
SYNC_WARN_THRESHOLD=0
# Scrub settings
SCRUB_PERCENT=5
SCRUB_AGE=10
SCRUB_NEW=1
SCRUB_DELAYED_RUN=0
# Performance and behavior settings
PREHASH=1
FORCE_ZERO=0
SPINDOWN=0
VERBOSITY=1
RETENTION_DAYS=30
# Logging settings
SNAPRAID_LOG_DIR="/var/log/snapraid"
SMART_LOG=1
SMART_LOG_NOTIFY=0
SNAP_STATUS=1
SNAP_STATUS_NOTIFY=1
# Critical paths
SNAPRAID_CONF="/etc/snapraid.conf"
SNAPRAID_BIN="${pkgs.snapraid}/bin/snapraid"
# Email settings (optional - uncomment and configure if needed)
# EMAIL_ADDRESS="your-email@example.com"
# FROM_EMAIL_ADDRESS="snapraid@your-server.com"
# Advanced settings - typically no need to modify
CHK_FAIL=0
DO_SYNC=1
EMAIL_SUBJECT_PREFIX="(SnapRAID on $(hostname))"
SERVICES_STOPPED=0
SYNC_WARN_FILE="/var/lib/snapraid-aio/snapRAID.warnCount"
SCRUB_COUNT_FILE="/var/lib/snapraid-aio/snapRAID.scrubCount"
TMP_OUTPUT="/var/lib/snapraid-aio/snapRAID.out"
SNAPRAID_LOG="/var/log/snapraid/snapraid.log"
'';
};
snapraid-conf = pkgs.writeTextFile {
name = "snapraid.conf";
text = ''
## /etc/snapraid.conf ##
# Defines the file to use as parity storage
parity /mnt/parity/snapraid.parity
# Defines the files to use as content list
content /var/snapraid.content
content /mnt/drive1/snapraid.content
content /mnt/drive2/snapraid.content
content /mnt/drive3/snapraid.content
content /mnt/parity/snapraid.content
# Defines the data disks to use
data d1 /mnt/drive1/
data d2 /mnt/drive2/
data d3 /mnt/drive3/
# Defines files and directories to exclude
exclude *.unrecoverable
exclude /tmp/
exclude /lost+found/
'';
};
in
{
imports = [
inputs.snapraid-aio.nixosModules.default
];
# Make sure the SnapRAID config exists
environment.etc."snapraid.conf".source = snapraid-conf;
# Create required directories
systemd.tmpfiles.rules = [
"d /var/lib/snapraid-aio 0755 root root -"
"d /var/log/snapraid 0755 root root -"
];
# Set up snapraid-aio service
services.snapraid-aio = {
enable = true;
configFile = snapraid-aio-config;
schedule = "*-*-* 03:00:00"; # Run daily at 3am
};
}

31
hosts/nixos/cloud/default.nix
View file

@ -1,11 +1,12 @@
############################################################### ###############################################################
# #
# Cloud - LXC Container # Prozy - LXC Container
# NixOS container, Ryzen 5 5600G (4th Cores), 4GB/4GB RAM/SWAP # NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP
# #
############################################################### ###############################################################
{ {
inputs,
lib, lib,
config, config,
pkgs, pkgs,
@ -18,10 +19,6 @@ let
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
## Cloud Only ##
./config
## Hardware ## ## Hardware ##
./hardware.nix ./hardware.nix
@ -31,10 +28,12 @@ in
## Optional Configs ## ## Optional Configs ##
"hosts/common/optional/acme" "hosts/common/optional/acme"
"hosts/common/optional/caddy"
"hosts/common/optional/docker.nix" "hosts/common/optional/docker.nix"
"hosts/common/optional/containers/cloudflared.nix"
## Host user ## ## Cloud Specific ##
"hosts/users/${username}" # Not the best solution but I always have one user so ¯\_(ツ)_/¯ "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
]) ])
]; ];
@ -51,21 +50,21 @@ in
networking = { networking = {
enableIPv6 = false; enableIPv6 = false;
firewall = { firewall.allowedTCPPorts = firewall.allowedTCPPorts;
allowedTCPPorts = firewall.allowedTCPPorts;
allowedUDPPorts = firewall.allowedUDPPorts;
};
}; };
## System-wide packages ## ## System-wide packages ##
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
apprise
lazydocker lazydocker
mergerfs
snapraid
]; ];
environment.etc = {
"cloudflared/.keep" = {
text = "This directory is used to store cloudflared configuration files.";
};
};
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.05"; system.stateVersion = "24.11";
} }

38
hosts/nixos/cloud/hardware.nix
View file

@ -1,48 +1,12 @@
{ {
lib, lib,
config,
... ...
}: }:
let
username = config.hostSpec.username;
homeDir = config.hostSpec.home;
in
{ {
imports = lib.flatten [ imports = lib.flatten [
(map lib.custom.relativeToRoot [ (map lib.custom.relativeToRoot [
"hosts/common/optional/system/lxc.nix" "hosts/common/optional/system/lxc.nix"
"hosts/common/optional/system/pool.nix"
]) ])
]; ];
# Less permission issues with pool
programs.fuse.userAllowOther = true;
# File system co
# INFO: Cloud is the pool provider
fileSystems = {
"/pool" = {
fsType = "fuse.mergerfs";
device = "/mnt/data*";
options = [
"cache.files=auto-full"
"defaults"
"allow_other"
"minfreespace=50G"
"fsname=mergerfs"
"category.create=mfs"
"nfsopenhack=all"
"nonempty"
"uid=1000"
"gid=1004" # Ryot group
];
};
"${homeDir}/git" = {
fsType = "none";
device = "/pool/git";
options = [
"bind"
"nofail"
];
};
};
} }

103
hosts/nixos/komodo/config/caddy.nix
View file

@ -1,103 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
# "ryot.foo" = {
# useACMEHost = "ryot.foo";
# extraConfig = ''
# reverse_proxy 104.40.3.44:80
# '';
# };
"auth.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9000 {
header_up Host {host}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Protocol {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"frp.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:4041
'';
};
"grafana.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3001
'';
};
"git.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3003
'';
};
"influx.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8086
'';
};
"home.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:7475
'';
};
"komodo.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:25566
'';
};
"outline.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3480
'';
};
"plane.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:3000
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};
};
}

4
hosts/nixos/komodo/config/default.nix
View file

@ -1,4 +0,0 @@
{ lib, ... }:
{
imports = lib.custom.scanPaths ./.;
}

11
hosts/nixos/komodo/default.nix
View file

@ -6,6 +6,7 @@
############################################################### ###############################################################
{ {
inputs,
lib, lib,
config, config,
pkgs, pkgs,
@ -18,9 +19,6 @@ let
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
## Komodo Only ##
./config
## Hardware ## ## Hardware ##
./hardware.nix ./hardware.nix
@ -30,9 +28,12 @@ in
## Optional Configs ## ## Optional Configs ##
"hosts/common/optional/acme" "hosts/common/optional/acme"
"hosts/common/optional/caddy"
"hosts/common/optional/docker.nix" "hosts/common/optional/docker.nix"
"hosts/common/containers/authentik"
"hosts/common/containers/komodo"
## Host User ## ## Komodo Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
]) ])
]; ];
@ -65,5 +66,5 @@ in
]; ];
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.05"; system.stateVersion = "24.11";
} }

13
hosts/nixos/proxy/config/caddy.nix
View file

@ -1,13 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"cloudflared.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:14333
'';
};
};
};
}

4
hosts/nixos/proxy/config/default.nix
View file

@ -1,4 +0,0 @@
{ lib, ... }:
{
imports = lib.custom.scanPaths ./.;
}

9
hosts/nixos/proxy/default.nix
View file

@ -1,6 +1,6 @@
############################################################### ###############################################################
# #
# Proxy - LXC Container # Prozy - LXC Container
# NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP # NixOS container, Ryzen 5 5600G (3 Cores), 2GB/2GB RAM/SWAP
# #
############################################################### ###############################################################
@ -19,9 +19,6 @@ let
in in
{ {
imports = lib.flatten [ imports = lib.flatten [
## Proxy Only ##
./config
## Hardware ## ## Hardware ##
./hardware.nix ./hardware.nix
@ -31,9 +28,11 @@ in
## Optional Configs ## ## Optional Configs ##
"hosts/common/optional/acme" "hosts/common/optional/acme"
"hosts/common/optional/caddy"
"hosts/common/optional/docker.nix" "hosts/common/optional/docker.nix"
"hosts/common/optional/containers/cloudflared.nix"
## Proxy User ## ## Proxy Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
]) ])
]; ];

BIN
secrets.nix
View file

Binary file not shown.