extract some varaibles
This commit is contained in:
Kopatz
18
flake.nix
18
flake.nix
@@ -31,11 +31,13 @@
|
|||||||
in {
|
in {
|
||||||
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
modules = [
|
modules = [
|
||||||
|
### User specific ###
|
||||||
./users/anon.nix
|
./users/anon.nix
|
||||||
./modules/static-ip-server.nix
|
### System sepecific ###
|
||||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
./systems/server/configuration.nix
|
./systems/server/configuration.nix
|
||||||
|
### Modules ###
|
||||||
./modules/hdd-spindown.nix
|
./modules/hdd-spindown.nix
|
||||||
./modules/minecraft-server.nix
|
./modules/minecraft-server.nix
|
||||||
./modules/motd.nix
|
./modules/motd.nix
|
||||||
@@ -44,13 +46,9 @@
|
|||||||
./modules/nix-settings.nix
|
./modules/nix-settings.nix
|
||||||
./modules/adguard.nix
|
./modules/adguard.nix
|
||||||
./modules/git.nix
|
./modules/git.nix
|
||||||
#./modules/vmware-guest.nix
|
|
||||||
./modules/github-runner.nix
|
./modules/github-runner.nix
|
||||||
./modules/synapse.nix
|
./modules/synapse.nix
|
||||||
|
|
||||||
./modules/nextcloud.nix
|
./modules/nextcloud.nix
|
||||||
#./modules/coturn.nix
|
|
||||||
|
|
||||||
./modules/acme.nix
|
./modules/acme.nix
|
||||||
./modules/samba.nix
|
./modules/samba.nix
|
||||||
./modules/backup.nix
|
./modules/backup.nix
|
||||||
@@ -63,12 +61,14 @@
|
|||||||
./modules/paperless.nix
|
./modules/paperless.nix
|
||||||
./modules/kavita.nix
|
./modules/kavita.nix
|
||||||
./modules/netdata.nix
|
./modules/netdata.nix
|
||||||
#./modules/dyndns.nix i think ddclient is deprecated
|
|
||||||
#./modules/home-assistant.nix idk dont like this
|
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
];
|
];
|
||||||
specialArgs = { inherit inputs; };
|
specialArgs = {
|
||||||
|
## Custom variables (e.g. ip, interface, etc)
|
||||||
|
vars = (import ./systems/server/userdata.nix);
|
||||||
|
inherit inputs ;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem {
|
nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|||||||
@@ -1,4 +1,8 @@
|
|||||||
{
|
{ config, pkgs, inputs, vars, ... }:
|
||||||
|
let
|
||||||
|
ip = vars.ipv4;
|
||||||
|
in
|
||||||
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 53 ];
|
networking.firewall.allowedTCPPorts = [ 53 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 53 ];
|
networking.firewall.allowedUDPPorts = [ 53 ];
|
||||||
|
|
||||||
@@ -12,7 +16,7 @@
|
|||||||
}
|
}
|
||||||
];
|
];
|
||||||
dns = {
|
dns = {
|
||||||
bind_hosts = [ "127.0.0.1" "192.168.0.6" ]; # "192.168.2.1" ];
|
bind_hosts = [ "127.0.0.1" "${ip}" ]; # "192.168.2.1" ];
|
||||||
port = 53;
|
port = 53;
|
||||||
protection_enabled = true;
|
protection_enabled = true;
|
||||||
filtering_enabled = true;
|
filtering_enabled = true;
|
||||||
@@ -26,33 +30,33 @@
|
|||||||
rewrites = [
|
rewrites = [
|
||||||
{
|
{
|
||||||
"domain" = "kopatz.ddns.net";
|
"domain" = "kopatz.ddns.net";
|
||||||
"answer" = "192.168.0.6";
|
"answer" = ip;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
"domain" = "server.home";
|
"domain" = "server.home";
|
||||||
"answer" = "192.168.0.6";
|
"answer" = ip;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
"domain" = "server.local";
|
"domain" = "server.local";
|
||||||
"answer" = "192.168.0.6";
|
"answer" = ip;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
"domain" = "adguard.local";
|
"domain" = "adguard.local";
|
||||||
"answer" = "192.168.0.6";
|
"answer" = ip;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"domain" = "nextcloud.local";
|
||||||
|
"answer" = ip;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
"domain" = "turnserver.local";
|
||||||
|
"answer" = "192.168.2.1";
|
||||||
}
|
}
|
||||||
{
|
|
||||||
"domain" = "nextcloud.local";
|
|
||||||
"answer" = "192.168.0.6";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
"domain" = "turnserver.local";
|
|
||||||
"answer" = "192.168.2.1";
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
"domain" = "inverter.local";
|
"domain" = "inverter.local";
|
||||||
"answer" = "192.168.0.9";
|
"answer" = "192.168.0.9";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
querylog = {
|
querylog = {
|
||||||
enabled = false;
|
enabled = false;
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
{ vars, ... }:
|
||||||
|
let
|
||||||
|
ip = vars.ipv4;
|
||||||
|
wireguardIp = vars.wireguardIp;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 19999 ];
|
networking.firewall.allowedTCPPorts = [ 19999 ];
|
||||||
services.netdata = {
|
services.netdata = {
|
||||||
@@ -8,7 +13,7 @@
|
|||||||
|
|
||||||
[web]
|
[web]
|
||||||
default port = 19999
|
default port = 19999
|
||||||
bind to = 192.168.0.6 192.168.2.1
|
bind to = ${ip} ${wireguardIp}
|
||||||
allow connections from = localhost 192.168.0.* 192.168.2.*
|
allow connections from = localhost 192.168.0.* 192.168.2.*
|
||||||
|
|
||||||
[db]
|
[db]
|
||||||
|
|||||||
@@ -1,4 +1,7 @@
|
|||||||
{ config, pkgs, lib, inputs, ... }:
|
{ config, pkgs, lib, inputs, vars, ... }:
|
||||||
|
let
|
||||||
|
wireguardIp = vars.wireguardIp;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
age.secrets.nextcloud-cert = {
|
age.secrets.nextcloud-cert = {
|
||||||
file = ../secrets/nextcloud-cert.age;
|
file = ../secrets/nextcloud-cert.age;
|
||||||
@@ -26,15 +29,15 @@
|
|||||||
# Setup Nextcloud virtual host to listen on ports
|
# Setup Nextcloud virtual host to listen on ports
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"nextcloud.local" = {
|
"nextcloud.local" = {
|
||||||
serverAliases = [ "192.168.2.1" ];
|
serverAliases = [ wireguardIp ];
|
||||||
## Force HTTP redirect to HTTPS
|
## Force HTTP redirect to HTTPS
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
|
locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
|
||||||
client_max_body_size 5G;
|
client_max_body_size 5G;
|
||||||
'';
|
'';
|
||||||
#sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
#sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
sslCertificate = config.age.secrets.nextcloud-cert.path;
|
sslCertificate = config.age.secrets.nextcloud-cert.path;
|
||||||
sslCertificateKey = config.age.secrets.nextcloud-key.path;
|
sslCertificateKey = config.age.secrets.nextcloud-key.path;
|
||||||
## LetsEncrypt
|
## LetsEncrypt
|
||||||
#enableACME = true;
|
#enableACME = true;
|
||||||
};
|
};
|
||||||
@@ -49,26 +52,25 @@
|
|||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nextcloud27;
|
package = pkgs.nextcloud27;
|
||||||
https = true;
|
https = true;
|
||||||
hostName = "nextcloud.local";
|
hostName = "nextcloud.local";
|
||||||
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
|
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
|
||||||
config.dbtype = "pgsql";
|
config.dbtype = "pgsql";
|
||||||
database.createLocally = true;
|
database.createLocally = true;
|
||||||
config.extraTrustedDomains = [ "192.168.2.1" ];
|
config.extraTrustedDomains = [ wireguardIp ];
|
||||||
home = "/mnt/250ssd/nextcloud";
|
home = "/mnt/250ssd/nextcloud";
|
||||||
|
|
||||||
extraApps = with config.services.nextcloud.package.packages.apps; {
|
extraApps = with config.services.nextcloud.package.packages.apps; {
|
||||||
inherit keeweb onlyoffice calendar mail;
|
inherit keeweb onlyoffice calendar mail;
|
||||||
spreed = pkgs.fetchNextcloudApp rec {
|
spreed = pkgs.fetchNextcloudApp rec {
|
||||||
url = "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.1/spreed-v17.1.1.tar.gz";
|
url = "https://github.com/nextcloud-releases/spreed/releases/download/v17.1.1/spreed-v17.1.1.tar.gz";
|
||||||
sha256 = "sha256-LaUG0maatc2YtWQjff7J54vadQ2RE4X6FcW8vFefBh8=";
|
sha256 = "sha256-LaUG0maatc2YtWQjff7J54vadQ2RE4X6FcW8vFefBh8=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
phpOptions = {
|
phpOptions = {
|
||||||
upload_max_filesize = "5G";
|
upload_max_filesize = "5G";
|
||||||
post_max_size = "5G";
|
post_max_size = "5G";
|
||||||
};
|
};
|
||||||
extraAppsEnable = true;
|
extraAppsEnable = true;
|
||||||
extraOptions.enabledPreviewProviders = [
|
extraOptions.enabledPreviewProviders = [
|
||||||
"OC\\Preview\\BMP"
|
"OC\\Preview\\BMP"
|
||||||
|
|||||||
@@ -1,4 +1,8 @@
|
|||||||
{ config, pkgs, lib, inputs, ... }:
|
{ config, pkgs, lib, inputs, vars, ... }:
|
||||||
|
let
|
||||||
|
ip = vars.ipv4;
|
||||||
|
wireguardIp = vars.wireguardIp;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 28981 ];
|
networking.firewall.allowedTCPPorts = [ 28981 ];
|
||||||
age.secrets.paperless = {
|
age.secrets.paperless = {
|
||||||
@@ -10,7 +14,7 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
port = 28981;
|
port = 28981;
|
||||||
passwordFile = config.age.secrets.paperless.path;
|
passwordFile = config.age.secrets.paperless.path;
|
||||||
address = "192.168.2.1";
|
address = wireguardIp;
|
||||||
mediaDir = "/mnt/250ssd/paperless";
|
mediaDir = "/mnt/250ssd/paperless";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +1,7 @@
|
|||||||
{ config, pkgs, lib, inputs, ... }:
|
{ config, pkgs, lib, inputs, vars, ... }:
|
||||||
|
let
|
||||||
|
wireguardIp = vars.wireguardIp;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
age.secrets.wireguard-private = {
|
age.secrets.wireguard-private = {
|
||||||
@@ -15,70 +18,70 @@
|
|||||||
autostart = true;
|
autostart = true;
|
||||||
listenPort = 51820;
|
listenPort = 51820;
|
||||||
address = [
|
address = [
|
||||||
"192.168.2.1/24"
|
"${wireguardIp}/24"
|
||||||
];
|
];
|
||||||
peers = [
|
peers = [
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.2/32"
|
"192.168.2.2/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "dUBPIEnAiHIZCMjqV0ya8qotN3UnMhlEVyGNQcR3gVI=";
|
publicKey = "dUBPIEnAiHIZCMjqV0ya8qotN3UnMhlEVyGNQcR3gVI=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.3/32"
|
"192.168.2.3/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "Eg5ZS3zN05mJ/gct6wJlwVAHTlXpkhxFfUd7yscANV0=";
|
publicKey = "Eg5ZS3zN05mJ/gct6wJlwVAHTlXpkhxFfUd7yscANV0=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.4/32"
|
"192.168.2.4/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "8Eigfs+k2k2WPaMn+SqDmlSHdMv+I+xcBr/2qhtpGzI=";
|
publicKey = "8Eigfs+k2k2WPaMn+SqDmlSHdMv+I+xcBr/2qhtpGzI=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.20/32"
|
"192.168.2.20/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "25u1RSfjsx3wb1DMeTm0pvUfUkG7zTjGaN+m0w6ZjCw=";
|
publicKey = "25u1RSfjsx3wb1DMeTm0pvUfUkG7zTjGaN+m0w6ZjCw=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.21/32"
|
"192.168.2.21/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "S+8F+yxSQvjjoU44LRYqRv1YulqmOKumUtYo/YIh7X8=";
|
publicKey = "S+8F+yxSQvjjoU44LRYqRv1YulqmOKumUtYo/YIh7X8=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.22/32"
|
"192.168.2.22/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "/dIW7K49vB9HOghFeXvcY7wu2utQltuv6RfgCbxZwlk=";
|
publicKey = "/dIW7K49vB9HOghFeXvcY7wu2utQltuv6RfgCbxZwlk=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.23/32"
|
"192.168.2.23/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "89rjQXNcyCRUCihqfqcOnctWmhiNR8snpRFF6dyHAmk=";
|
publicKey = "89rjQXNcyCRUCihqfqcOnctWmhiNR8snpRFF6dyHAmk=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.24/32"
|
"192.168.2.24/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "adaWtboVz3UhpNBKFirs7slbU2+Y3GaV5yS2EoafwVU=";
|
publicKey = "adaWtboVz3UhpNBKFirs7slbU2+Y3GaV5yS2EoafwVU=";
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
allowedIPs = [
|
allowedIPs = [
|
||||||
"192.168.2.5/32"
|
"192.168.2.5/32"
|
||||||
];
|
];
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q=";
|
publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q=";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ in{
|
|||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./static-ip.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
|
|||||||
@@ -1,3 +1,8 @@
|
|||||||
|
{ config, vars, ...}:
|
||||||
|
let
|
||||||
|
ip = vars.ipv4;
|
||||||
|
interface = vars.interface;
|
||||||
|
in
|
||||||
{
|
{
|
||||||
networking = {
|
networking = {
|
||||||
defaultGateway = "192.168.0.1";
|
defaultGateway = "192.168.0.1";
|
||||||
@@ -11,10 +16,10 @@
|
|||||||
"1.1.1.1"
|
"1.1.1.1"
|
||||||
];
|
];
|
||||||
interfaces = {
|
interfaces = {
|
||||||
"enp0s31f6" = {
|
${interface} = {
|
||||||
name = "eth0";
|
name = "eth0";
|
||||||
ipv4.addresses = [{
|
ipv4.addresses = [{
|
||||||
address = "192.168.0.6";
|
address = ip;
|
||||||
prefixLength = 24;
|
prefixLength = 24;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
5
systems/server/userdata.nix
Normal file
5
systems/server/userdata.nix
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
{
|
||||||
|
interface = "enp0s31f6";
|
||||||
|
ipv4 = "192.168.0.6";
|
||||||
|
wireguardIp = "192.168.2.1";
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user