Merge branch 'master' of github.com:Kropatz/dotfiles

2023-11-15 13:35:28 +01:00
parent ab112ebe7e 743ed91af9
commit f37d03337f
16 changed files with 241 additions and 106 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -15,7 +15,14 @@
        inputs.nixpkgs.follows = "nixpkgs";
      };
  };
-  outputs = { self, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable, agenix, home-manager }@inputs:
+  outputs = { self,
+              nixpkgs,
+              nixos-hardware,
+              nixos-wsl,
+              nixpkgs-unstable,
+              agenix,
+              home-manager
+            }@inputs:
    let
      system = "x86_64-linux";
      overlay-unstable = final: prev: {
@@ -25,10 +32,12 @@
    nixosConfigurations.server = nixpkgs.lib.nixosSystem {
      inherit system;
      modules = [
+        ### User specific ###
        ./users/anon.nix
-        ./modules/static-ip-server.nix
+        ### System sepecific ###
        ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
        ./systems/server/configuration.nix
+        ### Modules ###
        ./modules/hdd-spindown.nix
        ./modules/minecraft-server.nix
        ./modules/motd.nix
@@ -37,13 +46,9 @@
        ./modules/nix-settings.nix
        ./modules/adguard.nix
        ./modules/git.nix
-        #./modules/vmware-guest.nix
        ./modules/github-runner.nix
        ./modules/synapse.nix
-
        ./modules/nextcloud.nix
-	#./modules/coturn.nix
-
        ./modules/acme.nix
        ./modules/samba.nix
        ./modules/backup.nix
@@ -54,12 +59,16 @@
        ./modules/wireguard.nix
        ./modules/cron.nix
        ./modules/paperless.nix
-        #./modules/dyndns.nix i think ddclient is deprecated
-        #./modules/home-assistant.nix idk dont like this
+        ./modules/kavita.nix
+        ./modules/netdata.nix
        home-manager.nixosModules.home-manager
        agenix.nixosModules.default
      ];
-      specialArgs = { inherit inputs; };
+      specialArgs = {
+        ## Custom variables (e.g. ip, interface, etc)
+        vars = (import ./systems/server/userdata.nix); 
+        inherit inputs ;
+      };
    };
    nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem {
        inherit system;
@@ -88,6 +97,9 @@
        inherit system;
        specialArgs = { inherit inputs; };
        modules = [
+          #"${nixpkgs}/nixos/modules/profiles/minimal.nix"
+          ./users/anon.nix
+          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
          ./systems/wsl/configuration.nix
          nixos-wsl.nixosModules.default
          home-manager.nixosModules.home-manager
--- a/modules/adguard.nix
+++ b/modules/adguard.nix
@@ -1,4 +1,8 @@
- {
+{ config, pkgs, inputs, vars, ... }:
+let 
+  ip = vars.ipv4;
+in
+{
  networking.firewall.allowedTCPPorts = [ 53 ];
  networking.firewall.allowedUDPPorts = [ 53 ];

@@ -12,7 +16,7 @@
        }
      ];
      dns = {
-        bind_hosts = [ "127.0.0.1" "192.168.0.6" ]; # "192.168.2.1" ];
+        bind_hosts = [ "127.0.0.1" "${ip}" ]; # "192.168.2.1" ];
        port = 53;
        protection_enabled = true;
        filtering_enabled = true;
@@ -26,23 +30,23 @@
        rewrites = [
         {
          "domain" = "kopatz.ddns.net";
-          "answer" = "192.168.0.6";
+          "answer" = ip;
         }
         {
          "domain" = "server.home";
-          "answer" = "192.168.0.6";
+          "answer" = ip;
         }
         {
          "domain" = "server.local";
-          "answer" = "192.168.0.6";
+          "answer" = ip;
         }
         {
          "domain" = "adguard.local";
-          "answer" = "192.168.0.6";
+          "answer" = ip;
         }
         {
          "domain" = "nextcloud.local";
-	  "answer" = "192.168.0.6";
+          "answer" = ip;
         }
         {
           "domain" = "turnserver.local";
--- a/modules/backup.nix
+++ b/modules/backup.nix
@@ -27,6 +27,7 @@
                "/mnt/250ssd/matrix-synapse/media_store/"
                "/mnt/250ssd/nextcloud"
                "/mnt/250ssd/paperless"
+                "/mnt/250ssd/kavita"
            ];
            pruneOpts = [ "--keep-daily 7" "--keep-weekly 10" "--keep-monthly 12" "--keep-yearly 75" ];
            repository = "/mnt/2tb/restic";
@@ -40,6 +41,7 @@
            "/mnt/250ssd/matrix-synapse/media_store/"
            "/mnt/250ssd/nextcloud"
            "/mnt/250ssd/paperless"
+                "/mnt/250ssd/kavita"
            ];
            exclude = [
                "/home/**/Cache"
--- a/modules/kavita.nix
+++ b/modules/kavita.nix
@@ -0,0 +1,31 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+
+  networking.firewall.allowedTCPPorts = [ 5000 ];
+  age.secrets.kavita = {
+    file = ../secrets/kavita.age;
+    owner = "kavita";
+    group = "kavita";
+  };
+  services.kavita = {
+    enable = true;
+    user = "kavita";
+    port = 5000;
+    dataDir = "/mnt/250ssd/kavita";
+    tokenKeyFile = config.age.secrets.kavita.path;
+  };
+  #todo: base url needs new kavita version
+  systemd.services.kavita = {
+      preStart = ''
+        umask u=rwx,g=rx,o=
+        cat > "/mnt/250ssd/kavita/config/appsettings.json" <<EOF
+        {
+          "TokenKey": "$(cat ${config.age.secrets.kavita.path})",
+          "Port": 5000,
+          "BaseUrl" : "/books",
+          "IpAddresses": "${lib.concatStringsSep "," ["0.0.0.0" "::"]}"
+        }
+        EOF
+      '';
+  };
+}
--- a/modules/netdata.nix
+++ b/modules/netdata.nix
@@ -0,0 +1,59 @@
+{ vars, ... }:
+let 
+  ip = vars.ipv4;
+  wireguardIp = vars.wireguardIp;
+in
+{
+  networking.firewall.allowedTCPPorts = [ 19999 ];
+  services.netdata = {
+    enable = true;
+    configText = ''
+      [global]
+      update every = 2
+
+      [web]
+      default port = 19999
+      bind to = ${ip} ${wireguardIp}
+      allow connections from = localhost 192.168.0.* 192.168.2.*
+
+      [db]
+      # number of tiers used (1 to 5, 3 being default)
+      storage tiers = 3
+
+      # Tier 0, per second data
+      dbengine multihost disk space MB = 256
+
+      # Tier 1, per minute data
+      dbengine tier 1 multihost disk space MB = 128
+      dbengine tier 1 update every iterations = 60
+
+      # Tier 2, per hour data
+      dbengine tier 2 multihost disk space MB = 64
+      dbengine tier 2 update every iterations = 60
+
+      [logs]
+      error = syslog
+
+      [plugins]
+      timex = no
+      idlejitter = no
+      # netdata monitoring = yes
+      tc = no
+      # diskspace = yes
+      # proc = yes
+      # cgroups = yes
+      statsd = no
+      #enable running new plugins = yes
+      #check for new plugins every = 60
+      slabinfo = no
+      nfacct = no
+      charts.d = no
+      python.d = no
+      go.d = no
+      ioping = no
+      perf = no
+      freeipmi = no
+      apps = yes
+      '';
+  };
+}
--- a/modules/nextcloud.nix
+++ b/modules/nextcloud.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, lib, inputs, vars, ... }:
+let
+  wireguardIp = vars.wireguardIp;
+in
 {
    age.secrets.nextcloud-cert = {
        file = ../secrets/nextcloud-cert.age;
@@ -26,7 +29,7 @@
        # Setup Nextcloud virtual host to listen on ports
        virtualHosts = {
            "nextcloud.local" = {
-		serverAliases = [ "192.168.2.1" ];
+              serverAliases = [ wireguardIp ];
                ## Force HTTP redirect to HTTPS
                forceSSL = true;
                locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
@@ -54,9 +57,8 @@
        config.adminpassFile = config.age.secrets.nextcloud-admin.path;
        config.dbtype = "pgsql";
        database.createLocally = true;
-	config.extraTrustedDomains = [ "192.168.2.1" ];
+        config.extraTrustedDomains = [ wireguardIp ];
        home = "/mnt/250ssd/nextcloud";
-
        extraApps = with config.services.nextcloud.package.packages.apps; {
            inherit keeweb onlyoffice calendar mail;
            spreed = pkgs.fetchNextcloudApp rec {
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -52,6 +52,9 @@
                    '';
                    proxyPass = "http://127.0.0.1:8080";
                };
+               #locations."~/books(.*)$" = {
+               #    proxyPass = "http://127.0.0.1:5000";
+               #};
            };
            "adguard.local" = {
                locations."/".proxyPass = "http://127.0.0.1:3000";
--- a/modules/paperless.nix
+++ b/modules/paperless.nix
@@ -1,4 +1,8 @@
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, lib, inputs, vars, ... }:
+let 
+  ip = vars.ipv4;
+  wireguardIp = vars.wireguardIp;
+in
 {
    networking.firewall.allowedTCPPorts = [ 28981 ];
    age.secrets.paperless = {
@@ -10,7 +14,7 @@
 	enable = true;
 	port = 28981;
 	passwordFile = config.age.secrets.paperless.path;
-	address = "192.168.2.1";
+	address = wireguardIp;
 	mediaDir = "/mnt/250ssd/paperless";
    };
 }
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, ... }:
+{ config, pkgs, lib, inputs, vars, ... }:
+let
+  wireguardIp = vars.wireguardIp;
+in
 {

  age.secrets.wireguard-private = {
@@ -15,7 +18,7 @@
      autostart = true;
      listenPort = 51820;
      address = [
-        "192.168.2.1/24"
+        "${wireguardIp}/24"
      ];
      peers = [
        {
@@ -81,6 +84,13 @@
          persistentKeepalive = 25;
          publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q=";
        }
+        {
+          allowedIPs = [
+            "192.168.2.6/32"
+          ];
+          persistentKeepalive = 25;
+          publicKey = "5ClF2HcqndpXS7nVgDn2unWFUYcKo5fbudV6xX2OIVE=";
+        }
      ];
      privateKeyFile = config.age.secrets.wireguard-private.path;
    };
--- a/secrets/kavita.age
+++ b/secrets/kavita.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,4 +17,5 @@ in
  "coturn-secret.age".publicKeys = [ nix-test-vm server ];
  "matrix-registration.age".publicKeys = [ nix-test-vm server ];
  "paperless.age".publicKeys = [ nix-test-vm server ];
+  "kavita.age".publicKeys = [ nix-test-vm server ];
 }
--- a/systems/server/configuration.nix
+++ b/systems/server/configuration.nix
@@ -12,6 +12,7 @@ in{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
+      ./static-ip.nix
    ];

  # Bootloader.
@@ -96,6 +97,7 @@ in{
    wireguard-tools
    openssl
    unstable.e2fsprogs
+    mangal
  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
  #  wget
  ];
--- a/systems/server/static-ip.nix
+++ b/systems/server/static-ip.nix
@@ -1,3 +1,8 @@
+{ config, vars, ...}:
+let
+ ip = vars.ipv4;
+ interface = vars.interface;
+in
 {
  networking = {
    defaultGateway = "192.168.0.1";
@@ -11,10 +16,10 @@
      "1.1.1.1"
    ];
    interfaces = {
-      "enp0s31f6" = {
+      ${interface} = {
        name = "eth0";
        ipv4.addresses = [{
-          address = "192.168.0.6";
+          address = ip;
          prefixLength = 24;
        }];
      };
--- a/systems/server/userdata.nix
+++ b/systems/server/userdata.nix
@@ -0,0 +1,5 @@
+{
+  interface = "enp0s31f6";
+  ipv4 = "192.168.0.6";
+  wireguardIp = "192.168.2.1";
+}
--- a/systems/wsl/configuration.nix
+++ b/systems/wsl/configuration.nix
@@ -5,7 +5,7 @@
 # NixOS-WSL specific options are documented on the NixOS-WSL repository:
 # https://github.com/nix-community/NixOS-WSL

-{ config, lib, pkgs, ... } : #nixos-wsl, ... }:
+{ config, lib, pkgs, inputs, ... } : #nixos-wsl, ... }:

 {
  imports = [
@@ -13,8 +13,15 @@
 #   <nixos-wsl/modules>
  ];

-  wsl.enable = true;
-  wsl.defaultUser = "nixos";
+  wsl = {
+    enable = true;
+    startMenuLaunchers = true;
+    wslConf = {
+      automount.root = "/mnt";
+      interop = { enabled = false; appendWindowsPath = false;};
+    };
+  };
+
  nix.optimise.automatic = true;
  nix.gc = {
    automatic = true;
@@ -24,27 +31,14 @@
  nix.settings.trusted-substituters = [ "https://ai.cachix.org" ];
  nix.settings.trusted-public-keys = [ "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" ];
  nix.settings.experimental-features = [ "nix-command" "flakes" ];  
+
  environment.systemPackages = with pkgs; [
    neofetch
    openssh
  ];

-  wsl.wslConf = {
-    interop = { enabled = false; appendWindowsPath = false; };
-  };
-
  networking.hostName = "wsl";

-  home-manager.users.nixos = { pkgs, ... }: {
-    programs.bash.enable = true;
-    programs.git = {
-	enable = true;
-    };
-    # The state version is required and should stay at the version you
-    # originally installed.
-    home.stateVersion = "23.05";
-  };
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
--- a/users/anon.nix
+++ b/users/anon.nix
@@ -16,6 +16,7 @@ in
    };
    useUserPackages = true;
    users.${user} = {
+      programs.git.enable = true;
      programs.zsh = {
        enable = true;
        enableCompletion = true;