mirror/ github.com-tboerger-nixos-config
1
0
Fork 0
mirror of https://github.com/tboerger/nixos-config synced 2024-06-09 13:56:04 +02:00
Code Issues

chore(machines): update module structuring

This commit is contained in:
Thomas Boerger 2022-04-10 20:57:56 +02:00
parent 52a2d67186
commit 610b44c955
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
21 changed files with 760 additions and 326 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
machines/modules/acme.nix
View File

@ -1,46 +0,0 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.acme;
in
{
options = with lib; {
my = {
modules = {
acme = {
enable = mkEnableOption ''
Whether to enable acme module
'';
};
};
};
};
config = with lib;
mkIf cfg.enable {
security = {
acme = {
acceptTerms = true;
defaults = {
email = "hostmaster@boerger.ws";
};
certs = {
"home.boerger.ws" = {
domain = "*.home.boerger.ws";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.acme.path;
};
};
};
};
age.secrets.acme = {
file = ../../secrets/acme.age;
owner = "acme";
};
};
}

46
machines/modules/boot.nix
View File

@ -1,40 +1,22 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.boot;
in
{
options = with lib; {
my = {
modules = {
boot = {
enable = mkEnableOption ''
Whether to enable boot module
'';
config = {
boot = {
kernelPackages = pkgs.linuxPackages_latest;
cleanTmpDir = true;
loader = {
efi = {
canTouchEfiVariables = true;
};
systemd-boot = {
enable = true;
consoleMode = "2";
editor = false;
};
};
};
};
config = with lib;
mkIf cfg.enable {
boot = {
kernelPackages = pkgs.linuxPackages_latest;
cleanTmpDir = true;
loader = {
efi = {
canTouchEfiVariables = true;
};
systemd-boot = {
enable = true;
consoleMode = "2";
editor = false;
};
};
};
};
}

58
machines/modules/default.nix
View File

@ -2,56 +2,38 @@
{
imports = [
./settings.nix
./acme.nix
./boot.nix
./haveged.nix
./heimdall.nix
./network.nix
./openssh.nix
./shells.nix
./timesyncd.nix
./tools.nix
./users.nix
];
my = {
modules = {
acme = {
enable = lib.mkDefault false;
};
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
boot = {
enable = lib.mkDefault true;
};
time = {
timeZone = "Europe/Berlin";
};
haveged = {
enable = lib.mkDefault true;
};
i18n = {
defaultLocale = "en_US.UTF-8";
};
network = {
enable = lib.mkDefault true;
};
hardware = {
enableAllFirmware = true;
enableRedistributableFirmware = true;
};
openssh = {
enable = lib.mkDefault true;
};
shells = {
enable = lib.mkDefault true;
};
timesyncd = {
enable = lib.mkDefault true;
};
tools = {
enable = lib.mkDefault true;
};
users = {
enable = lib.mkDefault true;
security = {
sudo = {
wheelNeedsPassword = false;
};
};
};
}

21
machines/modules/heimdall.nix Normal file
View File

@ -0,0 +1,21 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.services.heimdall;
in
{
options = with lib; {
services.heimdall = {
enable = mkEnableOption "Heimdall";
};
};
# config = with lib; mkIf cfg.enable {
# environment = {
# systemPackages = with pkgs; [
# heimdall
# ];
# };
# };
}

42
machines/modules/network.nix
View File

@ -1,37 +1,19 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.network;
in
{
options = with lib; {
my = {
modules = {
network = {
enable = mkEnableOption ''
Whether to enable network module
'';
};
config = with lib; {
programs = {
iftop = {
enable = true;
};
iotop = {
enable = true;
};
mtr = {
enable = true;
};
};
};
config = with lib;
mkIf cfg.enable {
programs = {
iftop = {
enable = true;
};
iotop = {
enable = true;
};
mtr = {
enable = true;
};
};
};
}

35
machines/modules/settings.nix
View File

@ -1,35 +0,0 @@
{ pkgs, lib, config, options, ... }:
{
options = with lib; {
my = {
modules = { };
};
};
config = {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
time = {
timeZone = "Europe/Berlin";
};
i18n = {
defaultLocale = "en_US.UTF-8";
};
hardware = {
enableAllFirmware = true;
enableRedistributableFirmware = true;
};
security = {
sudo = {
wheelNeedsPassword = false;
};
};
};
}

26
machines/modules/shells.nix
View File

@ -1,29 +1,11 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.shells;
in
{
options = with lib; {
my = {
modules = {
shells = {
enable = mkEnableOption ''
Whether to enable shells module
'';
};
config = with lib; {
programs = {
zsh = {
enable = true;
};
};
};
config = with lib;
mkIf cfg.enable {
programs = {
zsh = {
enable = true;
};
};
};
}

50
machines/modules/tools.nix
View File

@ -1,37 +1,23 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.tools;
in
{ pkgs, lib, config, options, inputs, ... }:
{
options = with lib; {
my = {
modules = {
tools = {
enable = mkEnableOption ''
Whether to enable tools module
'';
};
};
config = with lib; {
environment = {
systemPackages = with pkgs; [
coreutils
gnumake
htop
jq
nmap
rsync
tmux
tree
vim
wget
yq
inputs.agenix.defaultPackage.x86_64-linux
];
};
};
config = with lib;
mkIf cfg.enable {
environment = {
systemPackages = with pkgs; [
coreutils
htop
jq
nmap
rsync
tmux
tree
vim
wget
yq
];
};
};
}

43
machines/modules/users.nix
View File

@ -1,41 +1,24 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.users;
in
{
options = with lib; {
my = {
modules = {
users = {
enable = mkEnableOption ''
Whether to enable users module
'';
};
};
};
};
config = with lib; {
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
config = with lib;
mkIf cfg.enable {
users = {
defaultUserShell = pkgs.zsh;
mutableUsers = false;
users = {
root = {
shell = pkgs.zsh;
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris"
];
};
root = {
shell = pkgs.zsh;
hashedPassword = "$6$yuwsoikF5utqohar$fdcvq0iXdmiioiRyBGeVZICzQm4nKlv6.pj9AWh13VRCsE07dN9StDnXV0aslIBb0SWRFC4dY5Um2MYiAMfmH0";
openssh = {
authorizedKeys = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn thomas@osiris"
];
};
};
};
};
};
};
}

39
machines/services/acme.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.personal.services.acme;
in
{
options = with lib; {
personal = {
services = {
acme = {
enable = mkEnableOption "Acme";
};
};
};
};
config = with lib; mkIf cfg.enable {
security = {
acme = {
acceptTerms = true;
email = "hostmaster@boerger.ws";
certs = {
"home.boerger.ws" = {
extraDomainNames = ["*.home.boerger.ws"];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."services/acme/credentials".path;
};
};
};
};
age.secrets."services/acme/credentials" = {
file = ../../secrets/services/acme/credentials.age;
owner = "acme";
};
};
}

20
machines/services/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, lib, config, options, ... }:
{
imports = [
./acme.nix
./dyndns.nix
./haveged.nix
./media.nix
./openssh.nix
./timesyncd.nix
./unifi.nix
./webserver.nix
];
options = {
personal = {
services = { };
};
};
}

45
machines/services/dyndns.nix Normal file
View File

@ -0,0 +1,45 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.personal.services.dyndns;
in
{
options = with lib; {
personal = {
services = {
dyndns = {
enable = mkEnableOption "DynDNS";
};
};
};
};
config = with lib; mkIf cfg.enable {
services = {
godns = {
enable = true;
package = pkgs.unstable.godns;
settings = {
provider = "Cloudflare";
email = "thomas@webhippie.de";
password_file = config.age.secrets."services/dyndns/password".path;
resolver = "1.1.1.1";
domains = [{
domain_name = "boerger.ws";
sub_domains = [
"home"
"*.home"
];
}];
};
};
};
age.secrets."services/dyndns/password" = {
file = ../../secrets/services/dyndns/password.age;
owner = "godns";
};
};
}

16
machines/modules/haveged.nix → machines/services/haveged.nix
View File

@ -1,25 +1,23 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.haveged;
cfg = config.personal.services.haveged;
in
{
options = with lib; {
my = {
modules = {
personal = {
services = {
haveged = {
enable = mkEnableOption ''
Whether to enable haveged module
'';
enable = mkEnableOption "Haveged" // {
default = true;
};
};
};
};
};
config = with lib;
mkIf cfg.enable {
config = with lib; mkIf cfg.enable {
services = {
haveged = {
enable = true;

180
machines/services/media.nix Normal file
View File

@ -0,0 +1,180 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.personal.services.media;
in
{
options = with lib; {
personal = {
services = {
media = {
enable = mkEnableOption "Media";
domain = mkOption {
description = ''
Domain used for media vhosts
'';
type = types.str;
default = "home.boerger.ws";
};
};
};
};
};
config = with lib; mkIf cfg.enable {
users = {
users = {
media = {
group = "media";
home = "/var/lib/media";
uid = 20000;
isSystemUser = true;
};
};
groups = {
media = {
gid = 20000;
};
};
};
services = {
heimdall = {
enable = true;
};
nzbget = {
enable = true;
user = "media";
group = "media";
settings = {
MainDir = "/var/lib/media/downloads";
DestDir = "/var/lib/media/downloads/completed";
InterDir = "/var/lib/media/downloads/intermediate";
NzbDir = "/var/lib/media/downloads/nzb";
QueueDir = "/var/lib/media/downloads/queue";
TempDir = "/var/lib/media/downloads/temp";
ScriptDir = "/var/lib/media/downloads/scripts";
"Category1.Name" = "Movies";
"Category1.Unpack" = "yes";
"Category2.Name" = "Series";
"Category2.Unpack" = "yes";
"Category3.Name" = "Music";
"Category3.Unpack" = "yes";
"Category4.Name" = "Books";
"Category4.Unpack" = "yes";
"Category5.Name" = "Prowlarr";
"Category5.Unpack" = "yes";
};
};
jellyfin = {
enable = true;
user = "media";
group = "media";
};
radarr = {
enable = true;
user = "media";
group = "media";
};
sonarr = {
enable = true;
user = "media";
group = "media";
};
lidarr = {
enable = true;
user = "media";
group = "media";
};
readarr = {
enable = true;
user = "media";
group = "media";
package = pkgs.nur.repos.tboerger.readarr;
};
bazarr = {
enable = true;
user = "media";
group = "media";
};
prowlarr = {
enable = true;
user = "media";
group = "media";
};
unpackerr = {
enable = true;
user = "media";
group = "media";
};
};
personal = {
services = {
webserver = {
enable = true;
hosts = [
{
domain = "nzbget.${cfg.domain}";
proxy = "http://localhost:6789";
}
{
domain = "jellyfin.${cfg.domain}";
proxy = "http://localhost:8096";
}
{
domain = "radarr.${cfg.domain}";
proxy = "http://localhost:7878";
}
{
domain = "sonarr.${cfg.domain}";
proxy = "http://localhost:8989";
}
{
domain = "lidarr.${cfg.domain}";
proxy = "http://localhost:8686";
}
{
domain = "readarr.${cfg.domain}";
proxy = "http://localhost:8787";
}
{
domain = "bazarr.${cfg.domain}";
proxy = "http://localhost:6767";
}
{
domain = "prowlarr.${cfg.domain}";
proxy = "http://localhost:9696";
}
];
};
};
};
networking = {
firewall = {
allowedUDPPorts = [ 1900 7359 ];
};
};
};
}

16
machines/modules/openssh.nix → machines/services/openssh.nix
View File

@ -1,25 +1,23 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.openssh;
cfg = config.personal.services.openssh;
in
{
options = with lib; {
my = {
modules = {
personal = {
services = {
openssh = {
enable = mkEnableOption ''
Whether to enable openssh module
'';
enable = mkEnableOption "Openssh" // {
default = true;
};
};
};
};
};
config = with lib;
mkIf cfg.enable {
config = with lib; mkIf cfg.enable {
services = {
openssh = {
enable = true;

16
machines/modules/timesyncd.nix → machines/services/timesyncd.nix
View File

@ -1,25 +1,23 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.my.modules.timesyncd;
cfg = config.personal.services.timesyncd;
in
{
options = with lib; {
my = {
modules = {
personal = {
services = {
timesyncd = {
enable = mkEnableOption ''
Whether to enable timesyncd module
'';
enable = mkEnableOption "Timesyncd" // {
default = true;
};
};
};
};
};
config = with lib;
mkIf cfg.enable {
config = with lib; mkIf cfg.enable {
services = {
timesyncd = {
enable = true;

56
machines/services/unifi.nix Normal file
View File

@ -0,0 +1,56 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.personal.services.unifi;
in
{
options = with lib; {
personal = {
services = {
unifi = {
enable = mkEnableOption "Unifi";
domain = mkOption {
description = ''
Domain to access the service
'';
type = types.str;
default = "unifi.home.boerger.ws";
};
};
};
};
};
config = with lib; mkIf cfg.enable {
services = {
unifi = {
enable = true;
unifiPackage = pkgs.unifi;
openPorts = false;
};
};
networking = {
firewall = {
allowedTCPPorts = [ 8080 8880 8843 6789 ];
allowedUDPPorts = [ 3478 5514 10001 1900 ];
allowedUDPPortRanges = [ { from = 5656; to = 5699; } ];
};
};
personal = {
services = {
webserver = {
enable = true;
hosts = [{
domain = cfg.domain;
proxy = "https://localhost:8443";
}];
};
};
};
};
}

134
machines/services/webserver.nix Normal file
View File

@ -0,0 +1,134 @@
{ pkgs, lib, config, options, ... }:
let
cfg = config.personal.services.webserver;
in
{
options = with lib; {
personal = {
services = {
webserver = {
enable = mkEnableOption "Webserver";
hosts = mkOption {
description = ''
List of hosts to configure
'';
type = types.listOf (types.submodule { options = {
domain = mkOption {
type = types.str;
description = "Name of the domain";
};
domainOptions = mkOption {
type = types.attrs;
default = {};
description = "Custom options for domain";
};
proxy = mkOption {
type = types.nullOr types.str;
default = null;
description = "Optional proxy target";
};
proxyOptions = mkOption {
type = types.str;
default = "";
description = "Custom options for proxy";
};
}; });
default = [];
example = [{
domain = "dummy.home.boerger.ws";
proxy = "http://localhost:8080";
options = {
locations = {
"/".extraConfig = ''
autoindex on;
'';
};
};
}];
};
acmeHost = mkOption {
description = ''
Use this acme certificate chain
'';
type = types.str;
default = "home.boerger.ws";
};
defaultDomain = mkOption {
description = ''
Domain used by default vhost
'';
type = types.str;
default = "home.boerger.ws";
};
redirectDomain = mkOption {
description = ''
Domain to redirect the default
'';
type = types.str;
default = "jellyfin.home.boerger.ws";
};
};
};
};
};
config = with lib; mkIf cfg.enable {
services = {
nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts = builtins.listToAttrs
(map
(elem: {
name = elem.domain;
value = {
useACMEHost = cfg.acmeHost;
forceSSL = true;
locations = {
"/" = mkIf (builtins.hasAttr "proxy" elem) {
proxyPass = elem.proxy;
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
'' + (elem.proxyOptions or "");
};
};
} // (elem.domainOptions or { });
})
config.personal.services.webserver.hosts) // {
"${cfg.defaultDomain}" = {
useACMEHost = cfg.acmeHost;
addSSL = true;
forceSSL = false;
default = true;
globalRedirect = cfg.redirectDomain;
};
};
};
};
users = {
users = {
nginx = {
extraGroups = [
"acme"
];
};
};
};
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
};
};
}

31
machines/utgard/boot.nix
View File

@ -1,31 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot = {
kernelModules = [
"kvm-intel"
"wl"
];
extraModulePackages = [
config.boot.kernelPackages.broadcom_sta
];
initrd = {
availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"firewire_ohci"
"usb_storage"
"usbhid"
"sd_mod"
"sdhci_pci"
];
kernelModules = [
"dm-snapshot"
];
};
};
}

49
machines/utgard/default.nix
View File

@ -3,18 +3,61 @@
{
imports = [
../modules
../services
./filesystems.nix
./boot.nix
./hardware.nix
./networking.nix
];
my = {
modules = {
personal = {
services = {
acme = {
enable = true;
};
dyndns = {
enable = true;
};
media = {
enable = true;
};
unifi = {
enable = true;
};
};
};
environment = {
systemPackages = with pkgs; [
intel-media-driver
];
};
boot = {
kernelModules = [
"kvm-intel"
"wl"
];
extraModulePackages = [
config.boot.kernelPackages.broadcom_sta
];
initrd = {
availableKernelModules = [
"uhci_hcd"
"ehci_pci"
"ahci"
"firewire_ohci"
"usb_storage"
"usbhid"
"sd_mod"
"sdhci_pci"
];
kernelModules = [
"dm-snapshot"
];
};
};

117
machines/utgard/filesystems.nix
View File

@ -27,4 +27,121 @@
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
fileSystems."/var/lib/media/downloads" = {
device = "/dev/disk/by-label/downloads";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/media/movies" = {
device = "/dev/disk/by-label/movies";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/media/series" = {
device = "/dev/disk/by-label/series";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/media/books" = {
device = "/dev/disk/by-label/books";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/acme" = {
device = "/dev/disk/by-label/acme";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/nzbget" = {
device = "/dev/disk/by-label/nzbget";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/jellyfin" = {
device = "/dev/disk/by-label/jellyfin";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/bazarr" = {
device = "/dev/disk/by-label/bazarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/lidarr" = {
device = "/dev/disk/by-label/lidarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/prowlarr" = {
device = "/dev/disk/by-label/prowlarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/radarr" = {
device = "/dev/disk/by-label/radarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/readarr" = {
device = "/dev/disk/by-label/readarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
fileSystems."/var/lib/sonarr" = {
device = "/dev/disk/by-label/sonarr";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
}