kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-10 04:49:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

feat: abstractions rework

Browse source
This commit is contained in:
Kat Inskip 2022-09-18 10:09:32 -07:00
parent ec7571171b
commit 0a6085cb49
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
48 changed files with 798 additions and 1219 deletions
Download patch file Download diff file Expand all files Collapse all files

20
nixos/systems/chen.nix
View file

@ -73,23 +73,9 @@ with lib;
};
};
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "192.168.1.196";
};
};
};
};
# Firewall
network.firewall = {
public = {
interfaces = singleton "enp0s20u1";
};
networks.chitei = {
interfaces = [ "enp0s20u1" "wlp1s0" ];
ipv4 = "192.168.1.196";
};
# State

6
nixos/systems/daiyousei.nix
View file

@ -37,11 +37,5 @@
};
};
network.yggdrasil = {
enable = true;
pubkey = "edb7de263e6924b8c9446123979782420e5196317bffc75e9a6ca546551252da";
address = "206:d807:a98:309f:3bc0:de7a:411d:9d95";
};
system.stateVersion = "21.11";
}

90
nixos/systems/koishi.nix
View file

@ -19,8 +19,8 @@
};
};
programs.ssh.extraConfig = ''
Host daiyousei-build
programs.ssh.extraConfig = ''
Host daiyousei-build
HostName daiyousei.kittywit.ch
Port 62954
User root
@ -51,42 +51,36 @@ Host daiyousei-build
};
};
swapDevices =
[ { device = "/dev/disk/by-uuid/0d846453-95b4-46e1-8eaf-b910b4321ef0"; }
swapDevices = [
{ device = "/dev/disk/by-uuid/0d846453-95b4-46e1-8eaf-b910b4321ef0"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot = {
supportedFilesystems = [ "xfs" "zfs" ];
initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/f0ea08b4-6af7-4d90-a2ad-edd5672a2105";
loader = {
efi = {
canTouchEfiVariables = true;
# assuming /boot is the mount point of the EFI partition in NixOS (as the installation section recommends).
efiSysMountPoint = "/boot";
};
grub = {
# despite what the configuration.nix manpage seems to indicate,
# as of release 17.09, setting device to "nodev" will still call
# `grub-install` if efiSupport is true
# (the devices list is not used by the EFI grub install,
# but must be set to some value in order to pass an assert in grub.nix)
devices = [ "nodev" ];
efiSupport = true;
enable = true;
# set $FS_UUID to the UUID of the EFI partition
extraEntries = ''
menuentry "Windows" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root DEBC-8F03
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'';
version = 2;
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
grub = {
devices = [ "nodev" ];
efiSupport = true;
enable = true;
extraEntries = ''
menuentry "Windows" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root DEBC-8F03
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
'';
version = 2;
};
};
};
@ -100,40 +94,14 @@ Host daiyousei-build
networking = {
hostId = "dddbb888";
useDHCP = false;
/* wireless = {
enable = true;
userControlled.enable = true;
interfaces = singleton "wlp3s0";
};
interfaces = {
wlp3s0.ipv4.addresses = singleton {
inherit (config.network.addresses.private.nixos.ipv4) address;
prefixLength = 24;
};
}; */
};
services.fstrim.enable = true;
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "192.168.1.121";
};
};
};
yggdrasil = {
enable = true;
pubkey = "f94d49458822a73d70306b249a39d4de8a292b13e12339b21010001133417be7";
address = "200:d65:6d74:efba:b185:1f9f:29b6:cb8c";
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
firewall = {
public.interfaces = [ "enp1s0" "wlp3s0" ];
private.interfaces = singleton "yggdrasil";
networks = {
gensokyo = {
interfaces = [ "enp1s0" "wlp3s0" ];
ipv4 = "10.1.1.65";
};
};

45
nixos/systems/marisa.nix
View file

@ -1,24 +1,13 @@
{ config, lib, pkgs, modulesPath, tf, meta, ... }: with lib; {
imports = with meta; [
(modulesPath + "/profiles/qemu-guest.nix")
hardware.manual
nixos.network
services.nginx
services.access
services.irlsite
];
deploy.tf = {
resources.marisa = {
provider = "null";
type = "resource";
connection = {
port = head config.services.openssh.ports;
host = config.network.addresses.public.nixos.ipv4.address;
};
};
};
boot = {
loader.grub = {
enable = true;
@ -45,43 +34,29 @@
interfaces.ens3 = {
ipv4.addresses = [
{
inherit (config.network.addresses.public.nixos.ipv4) address;
address = config.networks.internet.ipv4;
prefixLength = 24;
}
];
ipv6.addresses = [
{
inherit (config.network.addresses.public.nixos.ipv6) address;
address = config.networks.internet.ipv6;
prefixLength = 48;
}
];
};
};
network = {
addresses.public = {
enable = true;
nixos.ipv4.address = "104.244.72.5";
nixos.ipv6.address = "2605:6400:30:eed1:6cf7:bbfc:b4e:15c0";
};
yggdrasil = {
enable = true;
pubkey = "2134779f3e19e7df46113a814e9a87097839b9d557ebe3856423e148abcfe582";
address = "202:f65c:4306:f30:c105:cf76:2bf5:8b2b";
listen.enable = true;
listen.endpoints = [ "tcp://${config.network.addresses.public.nixos.ipv4.address}:52969" "tcp://[${config.network.addresses.public.nixos.ipv6.address}]:52969" ];
};
firewall = {
public = {
interfaces = singleton "ens3";
tcp.ports = [ 1935 52969 ];
};
private.interfaces = singleton "yggdrasil";
networks = {
internet = {
ipv4 = "104.244.72.5";
ipv6 = "2605:6400:30:eed1:6cf7:bbfc:b4e:15c0";
interfaces = singleton "ens3";
tcp = [ 1935 52969 ];
};
};
fileSystems."/" ={
fileSystems."/" = {
device = "/dev/disk/by-uuid/6ed3e886-d390-433f-90ac-2b37aed9f15f";
fsType = "ext4";
};

34
nixos/systems/ran.nix
View file

@ -7,25 +7,13 @@ with lib;
imports = with meta; [
hardware.eeepc-1015pem
hardware.local
nixos.network
nixos.arc
services.kattv
services.dnscrypt-proxy
];
# Terraform
deploy.tf = {
resources.ran = {
provider = "null";
type = "resource";
connection = {
port = head config.services.openssh.ports;
host = config.network.addresses.private.nixos.ipv4.address;
};
};
};
# File Systems and Swap
fileSystems = {
@ -57,23 +45,9 @@ with lib;
interfaces.enp1s0.useDHCP = true;
};
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "192.168.1.215";
};
};
};
};
# Firewall
network.firewall = {
public = {
interfaces = singleton "enp1s0";
};
networks.chitei = {
interfaces = [ "enp1s0" ];
ipv4 = "192.168.1.215";
};
# State

8
nixos/systems/rinnosuke.nix
View file

@ -20,13 +20,5 @@
};
};
network = {
yggdrasil = {
enable = true;
pubkey = "fc64ee574072ef7420ff98bc53856f881025de252081e661a78e04ebcf7c6b35";
address = "200:736:2351:7f1a:2117:be00:ce87:58f5";
};
};
system.stateVersion = "21.11";
}

119
nixos/systems/tewi/home-assistant.nix
View file

@ -1,4 +1,22 @@
{ config, lib, tf, ... }: {
# MDNS
services.avahi.enable = true;
networks.gensokyo = {
tcp = [
# Home Assistant
8123
# Tewi Homekit
21063
];
udp = [
# Chromecast
[ 32768 60999 ]
# MDNS
5353
];
};
kw.secrets.variables.ha-integration = {
path = "secrets/home-assistant";
field = "notes";
@ -14,31 +32,12 @@
preStart = lib.mkBefore ''
rm ${config.services.home-assistant.configDir}/integration.json
cp --no-preserve=mode ${config.secrets.files.ha-integration.path} ${config.services.home-assistant.configDir}/integration.json
'';
'';
};
services.home-assistant = {
enable = true;
config = {
default_config = {};
google_assistant = {
project_id = "gensokyo-5cfaf";
service_account = "!include integration.json";
};
http = {
cors_allowed_origins = [
"https://google.com"
"https://www.home-assistant.io"
];
use_x_forwarded_for = "true";
trusted_proxies = [
"127.0.0.0/24"
"200::/7"
"100.64.0.0/10"
"fd7a:115c:a1e0:ab12::/64"
];
};
homeassistant = {
name = "Gensokyo";
unit_system = "metric";
@ -47,18 +46,94 @@
logger = {
default = "info";
};
http = {
cors_allowed_origins = [
"https://google.com"
"https://www.home-assistant.io"
];
use_x_forwarded_for = "true";
trusted_proxies = [
"127.0.0.0/24"
"200::/7"
"100.64.0.0/10"
"fd7a:115c:a1e0:ab12::/64"
];
};
recorder = {
db_url = "postgresql://@/hass";
auto_purge = true;
purge_keep_days = 14;
commit_interval = 1;
exclude = {
domains = [
"automation"
"updater"
];
entity_globs = [
"sensor.weather_*"
"sensor.date_*"
];
entities = [
"sun.sun"
"sensor.last_boot"
"sensor.date"
"sensor.time"
];
event_types = [
"call_service"
];
};
};
google_assistant = {
project_id = "gensokyo-5cfaf";
service_account = "!include integration.json";
};
homekit = {
name = "Tewi";
port = 21063;
ip_address = "10.1.1.38";
};
tts = [{
platform = "google_translate";
service_name = "google_say";
}];
automation = {};
counter = {};
device_tracker = {};
energy = {};
frontend = {};
group = {};
history = {};
image = {};
input_boolean = {};
input_datetime = {};
input_number = {};
input_select = {};
input_text = {};
logbook = {};
map = {};
media_source = {};
mobile_app = {};
my = {};
person = {};
scene = {};
script = {};
ssdp = {};
switch = {};
stream = {};
sun = {};
system_health = {};
tag = {};
template = {};
timer = {};
webhook = {};
wake_on_lan = {};
zeroconf = {};
zone = {};
};
extraPackages = python3Packages: with python3Packages; [
psycopg2
aiohomekit
securetar
];
extraComponents = [
@ -80,4 +155,4 @@
"zeroconf"
];
};
}
}

7
nixos/systems/tewi/mosquitto.nix
View file

@ -1,4 +1,11 @@
{ config, lib, tf, ... }: {
networks.gensokyo = {
tcp = [
# Mosquitto
1883
];
};
kw.secrets.variables.z2m-pass = {
path = "secrets/mosquitto";
field = "z2m";

32
nixos/systems/tewi/nginx.nix
View file

@ -12,9 +12,11 @@ with lib;
'';
};
network.firewall = {
public.tcp.ports = [ 443 80 ];
private.tcp.ports = [ 443 80 ];
networks.gensokyo = {
tcp = [
443
80
];
};
services.nginx = {
@ -36,34 +38,12 @@ with lib;
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
'';
clientMaxBodySize = "512m";
virtualHosts = {
"gensokyo.zone" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = pkgs.gensokyoZone;
};
};
"home.${config.network.dns.domain}" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8123";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
'';
};
};
};
virtualHosts = {
};
};
security.acme = {
defaults.email = config.network.dns.email;
#email = config.network.dns.email;
acceptTerms = true;
};
}

30
nixos/systems/tewi/nixos.nix
View file

@ -3,21 +3,21 @@
{
imports = with meta; [
(modulesPath + "/installer/scan/not-detected.nix")
hardware.local
nixos.network
./home-assistant.nix
./zigbee2mqtt.nix
./mosquitto.nix
./postgres.nix
./nginx.nix
];
deploy.tf = {
resources.tewi = {
provider = "null";
type = "resource";
connection = {
port = lib.head config.services.openssh.ports;
host = config.network.addresses.private.nixos.ipv4.address;
};
networks = {
gensokyo = {
interfaces = [
"eno1"
];
ipv4 = "10.1.1.38";
};
};
@ -30,20 +30,6 @@
};
};
network = {
firewall = {
public.interfaces = lib.singleton "eno1";
};
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "10.1.1.38";
};
};
};
};
boot = {
loader = {
systemd-boot = {

54
nixos/systems/tewi/zigbee2mqtt.nix
View file

@ -1,4 +1,33 @@
{ config, lib, tf, ... }: {
networks.gensokyo = {
tcp = [
# Zigbee2MQTT Frontend
8072
];
};
kw.secrets.variables.z2m-mqtt-password = {
path = "secrets/mosquitto";
field = "z2m";
};
kw.secrets.variables.z2m-network-key = {
path = "secrets/zigbee2mqtt";
field = "password";
};
secrets.files.zigbee2mqtt-config = {
text = builtins.toJSON config.services.zigbee2mqtt.settings;
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
secrets.files.zigbee2mqtt-secret = {
text = "network_key: ${tf.variables.z2m-network-key.ref}";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
services.zigbee2mqtt = {
enable = true;
settings = {
@ -23,33 +52,8 @@
};
};
kw.secrets.variables.z2m-mqtt-password = {
path = "secrets/mosquitto";
field = "z2m";
};
kw.secrets.variables.z2m-network-key = {
path = "secrets/zigbee2mqtt";
field = "password";
};
secrets.files.zigbee2mqtt-config = {
text = builtins.toJSON config.services.zigbee2mqtt.settings;
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
secrets.files.zigbee2mqtt-secret = {
text = "network_key: ${tf.variables.z2m-network-key.ref}";
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
systemd.services.zigbee2mqtt.preStart = let cfg = config.services.zigbee2mqtt; in lib.mkForce ''
cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-config.path} "${cfg.dataDir}/configuration.yaml"
cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-secret.path} "${cfg.dataDir}/secret.yaml"
'';
network.firewall.public.tcp.ports = [ 8123 8072 1883 21064 21063 ];
network.firewall.private.tcp.ports = [ 8123 ];
}

23
nixos/systems/yukari.nix
View file

@ -93,26 +93,9 @@
};
};
network = {
addresses = {
private = {
enable = true;
nixos = {
ipv4.address = "100.98.152.108";
};
};
};
yggdrasil = {
enable = true;
pubkey = "4f8fb0817afcd6211fb6a2cac2893df7d3f12c5c99eed106718d7223468473b2";
address = "201:c1c1:3dfa:140c:a77b:8125:74d4:f5db";
listen.enable = false;
listen.endpoints = [ "tcp://0.0.0.0:0" ];
};
firewall = {
private.interfaces = singleton "yggdrasil";
public.interfaces = singleton "eno1";
};
networks.chitei = {
interfaces = [ "eno1" ];
ipv4 = "100.98.152.108";
};
system.stateVersion = "21.05";