Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

BIG changes. Make almost every server service modular, to distribute among multiple servers

Browse source
This commit is contained in:
Bun 2025-03-18 05:32:05 -04:00
parent 30fc0dc800
commit 7e40fd4fb3
44 changed files with 153 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/envy/default.nix
View file

@ -5,6 +5,7 @@
./disko ./disko
./filesystems ./filesystems
./hardware ./hardware
./services
./users ./users
../../modules/system ../../modules/system
]; ];
@ -19,19 +20,6 @@
lanzaboote.enable = true; lanzaboote.enable = true;
fancyboot.enable = true; fancyboot.enable = true;
wireless.enable = true; wireless.enable = true;
wireguard.client.enable = true;
libvirtd.enable = true;
stateVersion = "24.11"; stateVersion = "24.11";
}; };
# Services to make this work as a school laptop
services.globalprotect.enable = true;
virtualisation.vmware.host.enable = true;
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
} }

19
hosts/envy/services/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
virtualisation = {
libvirtd.enable = true;
vmware.host.enable = true;
};
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

11
hosts/midas/default.nix
View file

@ -6,6 +6,7 @@
./filesystems ./filesystems
./firewall ./firewall
./hardware ./hardware
./services
./users ./users
../../modules/system ../../modules/system
]; ];
@ -26,16 +27,6 @@
system = { system = {
server.enable = true; server.enable = true;
lanzaboote.enable = true; lanzaboote.enable = true;
fileserver.enable = true;
socialserver.enable = true;
wireguard.server.enable = true;
stateVersion = "24.11"; stateVersion = "24.11";
}; };
services.minecraft-servers.servers = {
velocity.enable = true;
johnside.enable = true;
cornworld.enable = true;
skyblock.enable = true;
};
} }

25
hosts/midas/services/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
services = {
fileserver.enable = true;
socialserver.enable = true;
webserver.enable = true;
forgejo.enable = true;
icecast.enable = true;
owncast.enable = true;
transmission.enable = true;
vaultwarden.enable = true;
wireguard.server.enable = true;
minecraft-servers = {
enable = true;
servers = {
velocity.enable = true;
johnside.enable = true;
cornworld.enable = true;
skyblock.enable = true;
};
};
};
}

14
hosts/pear/default.nix
View file

@ -5,6 +5,7 @@
./disko ./disko
./filesystems ./filesystems
./hardware ./hardware
./services
./users ./users
../../modules/system ../../modules/system
]; ];
@ -18,19 +19,6 @@
desktop.enable = true; desktop.enable = true;
fancyboot.enable = true; fancyboot.enable = true;
wireless.enable = true; wireless.enable = true;
wireguard.client.enable = true;
libvirtd.enable = true;
stateVersion = "24.11"; stateVersion = "24.11";
}; };
# Services to make this work as a school laptop
services.globalprotect.enable = true;
virtualisation.vmware.host.enable = true;
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
} }

19
hosts/pear/services/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
virtualisation = {
libvirtd.enable = true;
vmware.host.enable = true;
};
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

8
hosts/prophet/default.nix
View file

@ -16,8 +16,12 @@
}; };
system = { system = {
mailserver.enable = true; server.enable = true;
wireguard.client.enable = true;
stateVersion = "24.05"; stateVersion = "24.05";
}; };
services = {
mailserver.enable = true;
wireguard.client.enable = true;
};
} }

3
hosts/redmond/default.nix
View file

@ -19,9 +19,10 @@
lanzaboote.enable = true; lanzaboote.enable = true;
fancyboot.enable = true; fancyboot.enable = true;
wireless.enable = true; wireless.enable = true;
wireguard.client.enable = true;
stateVersion = "24.05"; stateVersion = "24.05";
}; };
services.wireguard.client.enable = true;
environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2"; environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
} }

3
hosts/tower/default.nix
View file

@ -25,8 +25,9 @@
system = { system = {
desktop.enable = true; desktop.enable = true;
lanzaboote.enable = true; lanzaboote.enable = true;
libvirtd.enable = true;
video.nvidia.enable = true; video.nvidia.enable = true;
stateVersion = "24.05"; stateVersion = "24.05";
}; };
virtualisation.libvirtd.enable = true;
} }

1
modules/system/devices/networking/default.nix
View file

@ -3,7 +3,6 @@
imports = [ imports = [
./ips ./ips
./wireless ./wireless
./wireguard
]; ];
networking = { networking = {

7
modules/system/devices/networking/wireguard/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./client
./server
];
}

20
modules/system/services/general/libvirtd/default.nix
View file

@ -1,10 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
options.system.libvirtd.enable = lib.mkEnableOption "Enable libvirtd services"; config = lib.mkIf config.virtualisation.libvirtd.enable {
config = lib.mkIf config.system.libvirtd.enable {
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true;
onBoot = "ignore"; onBoot = "ignore";
onShutdown = "shutdown"; onShutdown = "shutdown";
qemu = { qemu = {
@ -19,6 +16,13 @@
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
networking.firewall.trustedInterfaces = [
"virbr0"
"virbr1"
];
systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
"/var/lib/libvirt/dnsmasq" "/var/lib/libvirt/dnsmasq"
"/var/lib/libvirt/nwfilter" "/var/lib/libvirt/nwfilter"
@ -27,13 +31,5 @@
"/var/lib/libvirt/storage" "/var/lib/libvirt/storage"
"/var/lib/libvirt/swtpm" "/var/lib/libvirt/swtpm"
]; ];
# Needed to make NAT work
networking.firewall.trustedInterfaces = [
"virbr0"
"virbr1"
];
systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];
}; };
} }

4
modules/system/services/general/tlp/default.nix
View file

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
services.tlp.enable = true; services.tlp.enable = config.system.desktop.enable;
} }

3
modules/system/services/server/default.nix
View file

@ -8,10 +8,11 @@
./mailserver ./mailserver
./minecraft ./minecraft
./mysql ./mysql
./nginx
./owncast ./owncast
./socialserver ./socialserver
./transmission ./transmission
./vaultwarden ./vaultwarden
./webserver ./wireguard
]; ];
} }

2
modules/system/services/server/fileserver/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
options.system.fileserver.enable = lib.mkEnableOption "Enable file serving services"; options.services.fileserver.enable = lib.mkEnableOption "Enable file serving services";
imports = [ imports = [
./jellyfin ./jellyfin

2
modules/system/services/server/fileserver/jellyfin/default.nix
View file

@ -5,7 +5,7 @@
./user ./user
]; ];
config = lib.mkIf config.system.fileserver.enable { config = lib.mkIf config.services.fileserver.enable {
services.jellyfin.enable = true; services.jellyfin.enable = true;
environment.persistence."/persist".directories = [ "/var/lib/jellyfin" ]; environment.persistence."/persist".directories = [ "/var/lib/jellyfin" ];
}; };

2
modules/system/services/server/fileserver/nextcloud/default.nix
View file

@ -5,7 +5,7 @@
./user ./user
]; ];
config = lib.mkIf config.system.fileserver.enable { config = lib.mkIf config.services.fileserver.enable {
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud30;

3
modules/system/services/server/fileserver/nfs/default.nix
View file

@ -2,14 +2,13 @@
{ {
imports = [ ./user ]; imports = [ ./user ];
config = lib.mkIf config.system.fileserver.enable { config = lib.mkIf config.services.fileserver.enable {
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/storage/Files *(rw,sync,no_subtree_check) /storage/Files *(rw,sync,no_subtree_check)
/storage/Media *(rw,sync,no_subtree_check) /storage/Media *(rw,sync,no_subtree_check)
/storage/Music *(rw,sync,no_subtree_check) /storage/Music *(rw,sync,no_subtree_check)
/srv/minecraft *(rw,sync,no_subtree_check)
''; '';
}; };
networking.nftables.tables.nfs = { networking.nftables.tables.nfs = {

3
modules/system/services/server/forgejo/default.nix
View file

@ -2,9 +2,8 @@
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { config = lib.mkIf config.services.forgejo.enable {
services.forgejo = { services.forgejo = {
enable = true;
package = pkgs.forgejo; package = pkgs.forgejo;
settings = { settings = {
server = { server = {

1
modules/system/services/server/icecast/default.nix
View file

@ -6,7 +6,6 @@
]; ];
services.icecast = { services.icecast = {
enable = config.system.server.enable;
listen.port = 73; listen.port = 73;
hostname = "radio.nixfox.ca"; hostname = "radio.nixfox.ca";
admin = { admin = {

2
modules/system/services/server/mailserver/default.nix
View file

@ -6,5 +6,5 @@
./simplenix ./simplenix
]; ];
options.system.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver"; options.services.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver";
} }

2
modules/system/services/server/mailserver/go-autoconfig/default.nix
View file

@ -3,7 +3,7 @@
imports = [ ./nginx ]; imports = [ ./nginx ];
services.go-autoconfig = { services.go-autoconfig = {
enable = config.system.mailserver.enable; enable = config.services.mailserver.enable;
settings = { settings = {
service_addr = ":1323"; service_addr = ":1323";
domain = "autoconfig.nixfox.ca"; domain = "autoconfig.nixfox.ca";

2
modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.mailserver.enable { services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.services.go-autoconfig.enable {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

2
modules/system/services/server/mailserver/roundcube/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
config = lib.mkIf config.system.mailserver.enable { config = lib.mkIf config.services.mailserver.enable {
services.roundcube = { services.roundcube = {
enable = true; enable = true;
hostName = "mail.nixfox.ca"; hostName = "mail.nixfox.ca";

2
modules/system/services/server/mailserver/simplenix/default.nix
View file

@ -5,7 +5,7 @@
mailserver.nixosModule mailserver.nixosModule
]; ];
config = lib.mkIf config.system.mailserver.enable { config = lib.mkIf config.services.mailserver.enable {
mailserver = { mailserver = {
enable = true; enable = true;
domains = [ domains = [

14
modules/system/services/server/minecraft/default.nix
View file

@ -5,15 +5,21 @@
minecraft.nixosModules.minecraft-servers minecraft.nixosModules.minecraft-servers
]; ];
config = lib.mkIf config.system.server.enable { config = lib.mkIf config.services.minecraft-servers.enable {
nixpkgs = { nixpkgs = {
overlays = [ minecraft.overlay ]; overlays = [ minecraft.overlay ];
allowUnfreePackages = [ "minecraft-server" ]; allowUnfreePackages = [ "minecraft-server" ];
}; };
services.minecraft-servers = { services = {
enable = true; minecraft-servers.eula = true;
eula = true; mysql = {
ensureDatabases = [ "minecraft" ];
ensureUsers = [{
name = "minecraft";
ensurePermissions."minecraft.*" = "ALL PRIVILEGES";
}];
};
}; };
environment.persistence."/persist".directories = [ "/srv/minecraft" ]; environment.persistence."/persist".directories = [ "/srv/minecraft" ];

11
modules/system/services/server/mysql/default.nix
View file

@ -4,17 +4,6 @@
services.mysql = { services.mysql = {
enable = true; enable = true;
package = pkgs.mariadb; package = pkgs.mariadb;
ensureDatabases = [
"minecraft"
];
ensureUsers = [
{
name = "minecraft";
ensurePermissions = {
"minecraft.*" = "ALL PRIVILEGES";
};
}
];
}; };
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
"/var/lib/mysql" "/var/lib/mysql"

0
modules/system/services/server/webserver/acme/default.nix → modules/system/services/server/nginx/acme/default.nix
View file

9
modules/system/services/server/webserver/nginx/default.nix → modules/system/services/server/nginx/default.nix
View file

@ -1,12 +1,15 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
imports = [ imports = [
./acme
./rtmp ./rtmp
./user ./user
./virtualhosts ./virtualhosts
]; ];
config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) { options.services.webserver.enable = lib.mkEnableOption "Enable nginx related services";
config = lib.mkIf config.system.server.enable {
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@ -15,11 +18,11 @@
recommendedProxySettings = true; recommendedProxySettings = true;
}; };
environment.persistence."/persist".directories = [ "/var/www" ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443
]; ];
environment.persistence."/persist".directories = [ "/var/www" ];
}; };
} }

4
modules/system/services/server/webserver/nginx/rtmp/default.nix → modules/system/services/server/nginx/rtmp/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
options.system.rtmp.enable = lib.mkEnableOption "Enable an RTMP server using Nginx"; config = lib.mkIf config.services.webserver.enable {
config = lib.mkIf config.system.rtmp.enable {
services.nginx = { services.nginx = {
package = (pkgs.nginx.override { package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ]; modules = with pkgs.nginxModules; [ rtmp ];

0
modules/system/services/server/webserver/nginx/user/default.nix → modules/system/services/server/nginx/user/default.nix
View file

0
modules/system/services/server/webserver/nginx/virtualhosts/default.nix → modules/system/services/server/nginx/virtualhosts/default.nix
View file

2
modules/system/services/server/webserver/nginx/virtualhosts/files/default.nix → modules/system/services/server/nginx/virtualhosts/files/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.system.server.enable { services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
globalRedirect = "www.nixfox.ca"; globalRedirect = "www.nixfox.ca";

2
modules/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix → modules/system/services/server/nginx/virtualhosts/nixfox/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts = lib.mkIf config.system.server.enable { services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable {
"www.nixfox.ca" = { "www.nixfox.ca" = {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;

3
modules/system/services/server/owncast/default.nix
View file

@ -2,9 +2,8 @@
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.socialserver.enable { config = lib.mkIf config.services.owncast.enable {
services.owncast = { services.owncast = {
enable = true;
port = 8060; port = 8060;
rtmp-port = 1945; rtmp-port = 1945;
}; };

2
modules/system/services/server/socialserver/default.nix
View file

@ -5,5 +5,5 @@
./matrix ./matrix
]; ];
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services"; options.services.socialserver.enable = lib.mkEnableOption "Enable social media like services";
} }

2
modules/system/services/server/socialserver/mastodon/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
config = lib.mkIf config.system.socialserver.enable { config = lib.mkIf config.services.socialserver.enable {
services.mastodon = { services.mastodon = {
enable = true; enable = true;
localDomain = "social.nixfox.ca"; localDomain = "social.nixfox.ca";

2
modules/system/services/server/socialserver/matrix/synapse/default.nix
View file

@ -2,7 +2,7 @@
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.socialserver.enable { config = lib.mkIf config.services.socialserver.enable {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
settings = { settings = {

7
modules/system/services/server/transmission/default.nix
View file

@ -2,15 +2,12 @@
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { config = lib.mkIf config.services.transmission.enable {
services.transmission = { services.transmission = {
enable = true;
credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile; credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
openPeerPorts = true; openPeerPorts = true;
settings.rpc-authentication-required = true; settings.rpc-authentication-required = true;
}; };
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [ "/var/lib/transmission" ];
"/var/lib/transmission"
];
}; };
} }

7
modules/system/services/server/vaultwarden/default.nix
View file

@ -2,10 +2,8 @@
{ {
imports = [ ./nginx ]; imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable { config = lib.mkIf config.services.vaultwarden.enable {
services.vaultwarden = { services.vaultwarden.config = {
enable = true;
config = {
domain = "https://pass.nixfox.ca"; domain = "https://pass.nixfox.ca";
signupsAllowed = false; signupsAllowed = false;
rocketAddress = "127.0.0.1"; rocketAddress = "127.0.0.1";
@ -21,7 +19,6 @@
smtpPort = 587; smtpPort = 587;
smtpTimeout = 15; smtpTimeout = 15;
}; };
};
environment.persistence."/persist".directories = [ "/var/lib/vaultwarden" ]; environment.persistence."/persist".directories = [ "/var/lib/vaultwarden" ];
}; };

9
modules/system/services/server/webserver/default.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
imports = [
./acme
./nginx
];
options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
}

4
modules/system/devices/networking/wireguard/client/default.nix → modules/system/services/server/wireguard/client/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
options.system.wireguard.client.enable = lib.mkEnableOption "Enable the Wireguard client"; config = lib.mkIf config.services.wireguard.client.enable {
config = lib.mkIf config.system.wireguard.client.enable {
networking = { networking = {
firewall.trustedInterfaces = [ "wgc" ]; firewall.trustedInterfaces = [ "wgc" ];
wg-quick.interfaces.wgc = { wg-quick.interfaces.wgc = {

12
modules/system/services/server/wireguard/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, ... }:
{
imports = [
./client
./server
];
options.services.wireguard = with lib; {
client.enable = mkEnableOption "Enable Wireguard client";
server.enable = mkEnableOption "Enable Wireguard server";
};
}

6
modules/system/devices/networking/wireguard/server/default.nix → modules/system/services/server/wireguard/server/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
options.system.wireguard.server.enable = lib.mkEnableOption "Enable the Wireguard server"; config = lib.mkIf config.services.wireguard.server.enable {
config = lib.mkIf config.system.wireguard.server.enable {
networking = { networking = {
firewall.allowedUDPPorts = [ 51820 ]; firewall.allowedUDPPorts = [ 51820 ];
nat = { nat = {
enable = config.system.wireguard.server.enable; enable = true;
internalInterfaces = [ "wgs" ]; internalInterfaces = [ "wgs" ];
}; };