Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

BIG changes. Make almost every server service modular, to distribute among multiple servers

Browse source
This commit is contained in:
Bun 2025-03-18 05:32:05 -04:00
parent 30fc0dc800
commit 7e40fd4fb3
44 changed files with 153 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

14
hosts/envy/default.nix
View file

@ -5,6 +5,7 @@
./disko
./filesystems
./hardware
./services
./users
../../modules/system
];
@ -19,19 +20,6 @@
lanzaboote.enable = true;
fancyboot.enable = true;
wireless.enable = true;
wireguard.client.enable = true;
libvirtd.enable = true;
stateVersion = "24.11";
};
# Services to make this work as a school laptop
services.globalprotect.enable = true;
virtualisation.vmware.host.enable = true;
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

19
hosts/envy/services/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
virtualisation = {
libvirtd.enable = true;
vmware.host.enable = true;
};
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

11
hosts/midas/default.nix
View file

@ -6,6 +6,7 @@
./filesystems
./firewall
./hardware
./services
./users
../../modules/system
];
@ -26,16 +27,6 @@
system = {
server.enable = true;
lanzaboote.enable = true;
fileserver.enable = true;
socialserver.enable = true;
wireguard.server.enable = true;
stateVersion = "24.11";
};
services.minecraft-servers.servers = {
velocity.enable = true;
johnside.enable = true;
cornworld.enable = true;
skyblock.enable = true;
};
}

25
hosts/midas/services/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ ... }:
{
services = {
fileserver.enable = true;
socialserver.enable = true;
webserver.enable = true;
forgejo.enable = true;
icecast.enable = true;
owncast.enable = true;
transmission.enable = true;
vaultwarden.enable = true;
wireguard.server.enable = true;
minecraft-servers = {
enable = true;
servers = {
velocity.enable = true;
johnside.enable = true;
cornworld.enable = true;
skyblock.enable = true;
};
};
};
}

14
hosts/pear/default.nix
View file

@ -5,6 +5,7 @@
./disko
./filesystems
./hardware
./services
./users
../../modules/system
];
@ -18,19 +19,6 @@
desktop.enable = true;
fancyboot.enable = true;
wireless.enable = true;
wireguard.client.enable = true;
libvirtd.enable = true;
stateVersion = "24.11";
};
# Services to make this work as a school laptop
services.globalprotect.enable = true;
virtualisation.vmware.host.enable = true;
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

19
hosts/pear/services/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
virtualisation = {
libvirtd.enable = true;
vmware.host.enable = true;
};
nixpkgs.allowUnfreePackages = [ "vmware-workstation" ];
environment.persistence."/persist".directories = [
"/home/${config.sysusers.main}/vmware"
"/home/${config.sysusers.main}/.vmware"
];
}

8
hosts/prophet/default.nix
View file

@ -16,8 +16,12 @@
};
system = {
mailserver.enable = true;
wireguard.client.enable = true;
server.enable = true;
stateVersion = "24.05";
};
services = {
mailserver.enable = true;
wireguard.client.enable = true;
};
}

3
hosts/redmond/default.nix
View file

@ -19,9 +19,10 @@
lanzaboote.enable = true;
fancyboot.enable = true;
wireless.enable = true;
wireguard.client.enable = true;
stateVersion = "24.05";
};
services.wireguard.client.enable = true;
environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
}

3
hosts/tower/default.nix
View file

@ -25,8 +25,9 @@
system = {
desktop.enable = true;
lanzaboote.enable = true;
libvirtd.enable = true;
video.nvidia.enable = true;
stateVersion = "24.05";
};
virtualisation.libvirtd.enable = true;
}

1
modules/system/devices/networking/default.nix
View file

@ -3,7 +3,6 @@
imports = [
./ips
./wireless
./wireguard
];
networking = {

7
modules/system/devices/networking/wireguard/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./client
./server
];
}

20
modules/system/services/general/libvirtd/default.nix
View file

@ -1,10 +1,7 @@
{ config, lib, pkgs, ... }:
{
options.system.libvirtd.enable = lib.mkEnableOption "Enable libvirtd services";
config = lib.mkIf config.system.libvirtd.enable {
config = lib.mkIf config.virtualisation.libvirtd.enable {
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu = {
@ -19,6 +16,13 @@
programs.virt-manager.enable = true;
networking.firewall.trustedInterfaces = [
"virbr0"
"virbr1"
];
systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];
environment.persistence."/persist".directories = [
"/var/lib/libvirt/dnsmasq"
"/var/lib/libvirt/nwfilter"
@ -27,13 +31,5 @@
"/var/lib/libvirt/storage"
"/var/lib/libvirt/swtpm"
];
# Needed to make NAT work
networking.firewall.trustedInterfaces = [
"virbr0"
"virbr1"
];
systemd.tmpfiles.rules = [ "f /dev/shm/looking-glass 0660 - libvirtd -" ];
};
}

4
modules/system/services/general/tlp/default.nix
View file

@ -1,4 +1,4 @@
{ ... }:
{ config, ... }:
{
services.tlp.enable = true;
services.tlp.enable = config.system.desktop.enable;
}

3
modules/system/services/server/default.nix
View file

@ -8,10 +8,11 @@
./mailserver
./minecraft
./mysql
./nginx
./owncast
./socialserver
./transmission
./vaultwarden
./webserver
./wireguard
];
}

2
modules/system/services/server/fileserver/default.nix
View file

@ -1,6 +1,6 @@
{ lib, ... }:
{
options.system.fileserver.enable = lib.mkEnableOption "Enable file serving services";
options.services.fileserver.enable = lib.mkEnableOption "Enable file serving services";
imports = [
./jellyfin

2
modules/system/services/server/fileserver/jellyfin/default.nix
View file

@ -5,7 +5,7 @@
./user
];
config = lib.mkIf config.system.fileserver.enable {
config = lib.mkIf config.services.fileserver.enable {
services.jellyfin.enable = true;
environment.persistence."/persist".directories = [ "/var/lib/jellyfin" ];
};

2
modules/system/services/server/fileserver/nextcloud/default.nix
View file

@ -5,7 +5,7 @@
./user
];
config = lib.mkIf config.system.fileserver.enable {
config = lib.mkIf config.services.fileserver.enable {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud30;

3
modules/system/services/server/fileserver/nfs/default.nix
View file

@ -2,14 +2,13 @@
{
imports = [ ./user ];
config = lib.mkIf config.system.fileserver.enable {
config = lib.mkIf config.services.fileserver.enable {
services.nfs.server = {
enable = true;
exports = ''
/storage/Files *(rw,sync,no_subtree_check)
/storage/Media *(rw,sync,no_subtree_check)
/storage/Music *(rw,sync,no_subtree_check)
/srv/minecraft *(rw,sync,no_subtree_check)
'';
};
networking.nftables.tables.nfs = {

3
modules/system/services/server/forgejo/default.nix
View file

@ -2,9 +2,8 @@
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
config = lib.mkIf config.services.forgejo.enable {
services.forgejo = {
enable = true;
package = pkgs.forgejo;
settings = {
server = {

1
modules/system/services/server/icecast/default.nix
View file

@ -6,7 +6,6 @@
];
services.icecast = {
enable = config.system.server.enable;
listen.port = 73;
hostname = "radio.nixfox.ca";
admin = {

2
modules/system/services/server/mailserver/default.nix
View file

@ -6,5 +6,5 @@
./simplenix
];
options.system.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver";
options.services.mailserver.enable = lib.mkEnableOption "Enable Simple NixOS Mailserver";
}

2
modules/system/services/server/mailserver/go-autoconfig/default.nix
View file

@ -3,7 +3,7 @@
imports = [ ./nginx ];
services.go-autoconfig = {
enable = config.system.mailserver.enable;
enable = config.services.mailserver.enable;
settings = {
service_addr = ":1323";
domain = "autoconfig.nixfox.ca";

2
modules/system/services/server/mailserver/go-autoconfig/nginx/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.mailserver.enable {
services.nginx.virtualHosts."autoconfig.nixfox.ca" = lib.mkIf config.services.go-autoconfig.enable {
enableACME = true;
forceSSL = true;
locations."/" = {

2
modules/system/services/server/mailserver/roundcube/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
config = lib.mkIf config.system.mailserver.enable {
config = lib.mkIf config.services.mailserver.enable {
services.roundcube = {
enable = true;
hostName = "mail.nixfox.ca";

2
modules/system/services/server/mailserver/simplenix/default.nix
View file

@ -5,7 +5,7 @@
mailserver.nixosModule
];
config = lib.mkIf config.system.mailserver.enable {
config = lib.mkIf config.services.mailserver.enable {
mailserver = {
enable = true;
domains = [

14
modules/system/services/server/minecraft/default.nix
View file

@ -5,15 +5,21 @@
minecraft.nixosModules.minecraft-servers
];
config = lib.mkIf config.system.server.enable {
config = lib.mkIf config.services.minecraft-servers.enable {
nixpkgs = {
overlays = [ minecraft.overlay ];
allowUnfreePackages = [ "minecraft-server" ];
};
services.minecraft-servers = {
enable = true;
eula = true;
services = {
minecraft-servers.eula = true;
mysql = {
ensureDatabases = [ "minecraft" ];
ensureUsers = [{
name = "minecraft";
ensurePermissions."minecraft.*" = "ALL PRIVILEGES";
}];
};
};
environment.persistence."/persist".directories = [ "/srv/minecraft" ];

11
modules/system/services/server/mysql/default.nix
View file

@ -4,17 +4,6 @@
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [
"minecraft"
];
ensureUsers = [
{
name = "minecraft";
ensurePermissions = {
"minecraft.*" = "ALL PRIVILEGES";
};
}
];
};
environment.persistence."/persist".directories = [
"/var/lib/mysql"

0
modules/system/services/server/webserver/acme/default.nix → modules/system/services/server/nginx/acme/default.nix
View file

9
modules/system/services/server/webserver/nginx/default.nix → modules/system/services/server/nginx/default.nix
View file

@ -1,12 +1,15 @@
{ config, lib, ... }:
{
imports = [
./acme
./rtmp
./user
./virtualhosts
];
config = lib.mkIf (config.system.server.enable || config.system.mailserver.enable) {
options.services.webserver.enable = lib.mkEnableOption "Enable nginx related services";
config = lib.mkIf config.system.server.enable {
services.nginx = {
enable = true;
recommendedTlsSettings = true;
@ -15,11 +18,11 @@
recommendedProxySettings = true;
};
environment.persistence."/persist".directories = [ "/var/www" ];
networking.firewall.allowedTCPPorts = [
80
443
];
environment.persistence."/persist".directories = [ "/var/www" ];
};
}

4
modules/system/services/server/webserver/nginx/rtmp/default.nix → modules/system/services/server/nginx/rtmp/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
{
options.system.rtmp.enable = lib.mkEnableOption "Enable an RTMP server using Nginx";
config = lib.mkIf config.system.rtmp.enable {
config = lib.mkIf config.services.webserver.enable {
services.nginx = {
package = (pkgs.nginx.override {
modules = with pkgs.nginxModules; [ rtmp ];

0
modules/system/services/server/webserver/nginx/user/default.nix → modules/system/services/server/nginx/user/default.nix
View file

0
modules/system/services/server/webserver/nginx/virtualhosts/default.nix → modules/system/services/server/nginx/virtualhosts/default.nix
View file

2
modules/system/services/server/webserver/nginx/virtualhosts/files/default.nix → modules/system/services/server/nginx/virtualhosts/files/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.system.server.enable {
services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable {
enableACME = true;
addSSL = true;
globalRedirect = "www.nixfox.ca";

2
modules/system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix → modules/system/services/server/nginx/virtualhosts/nixfox/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = lib.mkIf config.system.server.enable {
services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable {
"www.nixfox.ca" = {
enableACME = true;
addSSL = true;

3
modules/system/services/server/owncast/default.nix
View file

@ -2,9 +2,8 @@
{
imports = [ ./nginx ];
config = lib.mkIf config.system.socialserver.enable {
config = lib.mkIf config.services.owncast.enable {
services.owncast = {
enable = true;
port = 8060;
rtmp-port = 1945;
};

2
modules/system/services/server/socialserver/default.nix
View file

@ -5,5 +5,5 @@
./matrix
];
options.system.socialserver.enable = lib.mkEnableOption "Enable social media like services";
options.services.socialserver.enable = lib.mkEnableOption "Enable social media like services";
}

2
modules/system/services/server/socialserver/mastodon/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.system.socialserver.enable {
config = lib.mkIf config.services.socialserver.enable {
services.mastodon = {
enable = true;
localDomain = "social.nixfox.ca";

2
modules/system/services/server/socialserver/matrix/synapse/default.nix
View file

@ -2,7 +2,7 @@
{
imports = [ ./nginx ];
config = lib.mkIf config.system.socialserver.enable {
config = lib.mkIf config.services.socialserver.enable {
services.matrix-synapse = {
enable = true;
settings = {

7
modules/system/services/server/transmission/default.nix
View file

@ -2,15 +2,12 @@
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
config = lib.mkIf config.services.transmission.enable {
services.transmission = {
enable = true;
credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
openPeerPorts = true;
settings.rpc-authentication-required = true;
};
environment.persistence."/persist".directories = [
"/var/lib/transmission"
];
environment.persistence."/persist".directories = [ "/var/lib/transmission" ];
};
}

33
modules/system/services/server/vaultwarden/default.nix
View file

@ -2,25 +2,22 @@
{
imports = [ ./nginx ];
config = lib.mkIf config.system.server.enable {
services.vaultwarden = {
enable = true;
config = {
domain = "https://pass.nixfox.ca";
signupsAllowed = false;
rocketAddress = "127.0.0.1";
rocketPort = 8222;
config = lib.mkIf config.services.vaultwarden.enable {
services.vaultwarden.config = {
domain = "https://pass.nixfox.ca";
signupsAllowed = false;
rocketAddress = "127.0.0.1";
rocketPort = 8222;
# Smtp email
smtpHost = "mx.nixfox.ca";
smtpFrom = "noreply@nixfox.ca";
smtpFromName = "Vaultwarden";
smtpUsername = "noreply@nixfox.ca";
smtpPassword = config.secrets.mailPass.nixfoxNoReply;
smtpSecurity = "starttls";
smtpPort = 587;
smtpTimeout = 15;
};
# Smtp email
smtpHost = "mx.nixfox.ca";
smtpFrom = "noreply@nixfox.ca";
smtpFromName = "Vaultwarden";
smtpUsername = "noreply@nixfox.ca";
smtpPassword = config.secrets.mailPass.nixfoxNoReply;
smtpSecurity = "starttls";
smtpPort = 587;
smtpTimeout = 15;
};
environment.persistence."/persist".directories = [ "/var/lib/vaultwarden" ];

9
modules/system/services/server/webserver/default.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
imports = [
./acme
./nginx
];
options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
}

4
modules/system/devices/networking/wireguard/client/default.nix → modules/system/services/server/wireguard/client/default.nix
View file

@ -1,8 +1,6 @@
{ config, lib, ... }:
{
options.system.wireguard.client.enable = lib.mkEnableOption "Enable the Wireguard client";
config = lib.mkIf config.system.wireguard.client.enable {
config = lib.mkIf config.services.wireguard.client.enable {
networking = {
firewall.trustedInterfaces = [ "wgc" ];
wg-quick.interfaces.wgc = {

12
modules/system/services/server/wireguard/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, ... }:
{
imports = [
./client
./server
];
options.services.wireguard = with lib; {
client.enable = mkEnableOption "Enable Wireguard client";
server.enable = mkEnableOption "Enable Wireguard server";
};
}

6
modules/system/devices/networking/wireguard/server/default.nix → modules/system/services/server/wireguard/server/default.nix
View file

@ -1,13 +1,11 @@
{ config, lib, ... }:
{
options.system.wireguard.server.enable = lib.mkEnableOption "Enable the Wireguard server";
config = lib.mkIf config.system.wireguard.server.enable {
config = lib.mkIf config.services.wireguard.server.enable {
networking = {
firewall.allowedUDPPorts = [ 51820 ];
nat = {
enable = config.system.wireguard.server.enable;
enable = true;
internalInterfaces = [ "wgs" ];
};