AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

big hypervisor and servers refactor

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-01-21 17:40:07 +03:00
parent b93fbe3a06
commit 08e4bce41e
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
18 changed files with 156 additions and 836 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
machines/Home-Hypervisor/default.nix
View File

@ -3,11 +3,11 @@ let persistRoot = config.autoinstall.persist.persistRoot or "/persist";
in { in {
imports = with inputs.self; [ imports = with inputs.self; [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./backups.nix
./boot.nix ./boot.nix
./hardware-configuration.nix ./hardware-configuration.nix
./usb-hdd.nix
./virtualisation.nix ./virtualisation.nix
./disks.nix
./backups.nix
customProfiles.hardened customProfiles.hardened
customRoles.hypervisor customRoles.hypervisor
@ -40,12 +40,12 @@ in {
(import customProfiles.blocky { (import customProfiles.blocky {
inherit config pkgs; inherit config pkgs;
inherit (import ./dns-mapping.nix) dns-mapping; inherit (import ./dns-mapping.nix) dnsmasq-list;
}) })
(import customProfiles.headscale { (import customProfiles.headscale {
inherit config pkgs; inherit config pkgs;
inherit (import ./dns-headscale.nix) dns-mapping; inherit (import ./dns-mapping.nix) headscale-list;
}) })
]; ];

129
machines/Home-Hypervisor/dns-headscale.nix
View File

@ -1,129 +0,0 @@
{
dns-mapping = [
{ name = "ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "bathist.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "browser.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cocalc.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "dimension.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "fb.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "fsync.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "goneb.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jitsi.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
# { name = "mail.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "microbin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "nzbhydra.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "organizr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "prowlarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "shoko.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "sonarrtv.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "startpage.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
# { name = "webmail.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "bathist.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "browser.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cocalc.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "dimension.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "fb.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "fsync.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "goneb.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jitsi.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
# { name = "mail.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "microbin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "nzbhydra.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "organizr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "prowlarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "shoko.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "sonarrtv.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "startpage.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
# { name = "webmail.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
# block hoyoverse logs
{ name = "overseauspider.yuanshen.com"; type = "A"; value = "0.0.0.0"; }
{ name = "overseauspider.yuanshen.com"; type = "AAAA"; value = "::"; }
{ name = "log-upload-os.hoyoverse.com"; type = "A"; value = "0.0.0.0"; }
{ name = "log-upload-os.hoyoverse.com"; type = "AAAA"; value = "::"; }
{ name = "log-upload-os.mihoyo.com"; type = "A"; value = "0.0.0.0"; }
{ name = "log-upload-os.mihoyo.com"; type = "AAAA"; value = "::"; }
{ name = "dump.gamesafe.qq.com"; type = "A"; value = "0.0.0.0"; }
{ name = "dump.gamesafe.qq.com"; type = "AAAA"; value = "::"; }
{ name = "log-upload.mihoyo.com"; type = "A"; value = "0.0.0.0"; }
{ name = "log-upload.mihoyo.com"; type = "AAAA"; value = "::"; }
{ name = "devlog-upload.mihoyo.com"; type = "A"; value = "0.0.0.0"; }
{ name = "devlog-upload.mihoyo.com"; type = "AAAA"; value = "::"; }
{ name = "uspider.yuanshen.com"; type = "A"; value = "0.0.0.0"; }
{ name = "uspider.yuanshen.com"; type = "AAAA"; value = "::"; }
{ name = "sg-public-data-api.hoyoverse.com"; type = "A"; value = "0.0.0.0"; }
{ name = "sg-public-data-api.hoyoverse.com"; type = "AAAA"; value = "::"; }
{ name = "public-data-api.mihoyo.com"; type = "A"; value = "0.0.0.0"; }
{ name = "public-data-api.mihoyo.com"; type = "AAAA"; value = "::"; }
{ name = "prd-lender.cdp.internal.unity3d.com"; type = "A"; value = "0.0.0.0"; }
{ name = "prd-lender.cdp.internal.unity3d.com"; type = "AAAA"; value = "::"; }
{ name = "thind-prd-knob.data.ie.unity3d.com"; type = "A"; value = "0.0.0.0"; }
{ name = "thind-prd-knob.data.ie.unity3d.com"; type = "AAAA"; value = "::"; }
{ name = "thind-gke-usc.prd.data.corp.unity3d.com"; type = "A"; value = "0.0.0.0"; }
{ name = "thind-gke-usc.prd.data.corp.unity3d.com"; type = "AAAA"; value = "::"; }
{ name = "cdp.cloud.unity3d.com"; type = "A"; value = "0.0.0.0"; }
{ name = "cdp.cloud.unity3d.com"; type = "AAAA"; value = "::"; }
{ name = "remote-config-proxy-prd.uca.cloud.unity3d.com"; type = "A"; value = "0.0.0.0"; }
{ name = "remote-config-proxy-prd.uca.cloud.unity3d.com"; type = "AAAA"; value = "::"; }
];
}

102
machines/Home-Hypervisor/dns-mapping.nix
View File

@ -1,66 +1,92 @@
{ {
dns-mapping = [ headscale-list = [
{ name = "ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
{ name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
{ name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
];
dnsmasq-list = [
"/api.ataraxiadev.com/192.168.0.10" "/api.ataraxiadev.com/192.168.0.10"
"/auth.ataraxiadev.com/192.168.0.10" "/auth.ataraxiadev.com/192.168.0.10"
"/bathist.ataraxiadev.com/192.168.0.10"
"/browser.ataraxiadev.com/192.168.0.10"
"/cache.ataraxiadev.com/192.168.0.10" "/cache.ataraxiadev.com/192.168.0.10"
"/cal.ataraxiadev.com/192.168.0.10" "/cal.ataraxiadev.com/192.168.0.10"
"/cocalc.ataraxiadev.com/192.168.0.10"
"/code.ataraxiadev.com/192.168.0.10" "/code.ataraxiadev.com/192.168.0.10"
"/docs.ataraxiadev.com/192.168.0.10" "/docs.ataraxiadev.com/192.168.0.10"
# "/dimension.ataraxiadev.com/192.168.0.10"
# "/element.ataraxiadev.com/192.168.0.10"
"/fb.ataraxiadev.com/192.168.0.10"
"/file.ataraxiadev.com/192.168.0.10" "/file.ataraxiadev.com/192.168.0.10"
"/fsync.ataraxiadev.com/192.168.0.10"
# "/goneb.ataraxiadev.com/192.168.0.10"
"/home.ataraxiadev.com/192.168.0.10" "/home.ataraxiadev.com/192.168.0.10"
"/jackett.ataraxiadev.com/192.168.0.10" "/jackett.ataraxiadev.com/192.168.0.10"
"/jellyfin.ataraxiadev.com/192.168.0.10" "/jellyfin.ataraxiadev.com/192.168.0.10"
# "/jitsi.ataraxiadev.com/192.168.0.10"
"/joplin.ataraxiadev.com/192.168.0.10" "/joplin.ataraxiadev.com/192.168.0.10"
"/kavita.ataraxiadev.com/192.168.0.10" "/kavita.ataraxiadev.com/192.168.0.10"
"/ldap.ataraxiadev.com/192.168.0.10" "/ldap.ataraxiadev.com/192.168.0.10"
"/lib.ataraxiadev.com/192.168.0.10" "/lib.ataraxiadev.com/192.168.0.10"
# "/matrix.ataraxiadev.com/192.168.0.10"
"/medusa.ataraxiadev.com/192.168.0.10" "/medusa.ataraxiadev.com/192.168.0.10"
"/microbin.ataraxiadev.com/192.168.0.10"
"/nzbhydra.ataraxiadev.com/192.168.0.10"
"/openbooks.ataraxiadev.com/192.168.0.10" "/openbooks.ataraxiadev.com/192.168.0.10"
"/organizr.ataraxiadev.com/192.168.0.10"
"/pdf.ataraxiadev.com/192.168.0.10" "/pdf.ataraxiadev.com/192.168.0.10"
"/prowlarr.ataraxiadev.com/192.168.0.10"
"/qbit.ataraxiadev.com/192.168.0.10" "/qbit.ataraxiadev.com/192.168.0.10"
"/radarr.ataraxiadev.com/192.168.0.10" "/radarr.ataraxiadev.com/192.168.0.10"
"/restic.ataraxiadev.com/192.168.0.10" "/restic.ataraxiadev.com/192.168.0.10"
"/s3.ataraxiadev.com/192.168.0.10" "/s3.ataraxiadev.com/192.168.0.10"
"/shoko.ataraxiadev.com/192.168.0.10"
"/sonarr.ataraxiadev.com/192.168.0.10" "/sonarr.ataraxiadev.com/192.168.0.10"
"/sonarrtv.ataraxiadev.com/192.168.0.10"
"/startpage.ataraxiadev.com/192.168.0.10"
# "/stats.ataraxiadev.com/192.168.0.10"
"/tools.ataraxiadev.com/192.168.0.10" "/tools.ataraxiadev.com/192.168.0.10"
# "/turn.ataraxiadev.com/192.168.0.10"
"/vw.ataraxiadev.com/192.168.0.10" "/vw.ataraxiadev.com/192.168.0.10"
"/wg.ataraxiadev.com/192.168.0.10"
"/wiki.ataraxiadev.com/192.168.0.10" "/wiki.ataraxiadev.com/192.168.0.10"
"/www.ataraxiadev.com/192.168.0.10"
# block hoyoverse logs
"/overseauspider.yuanshen.com/0.0.0.0"
"/log-upload-os.hoyoverse.com/0.0.0.0"
"/log-upload-os.mihoyo.com/0.0.0.0"
"/dump.gamesafe.qq.com/0.0.0.0"
"/log-upload.mihoyo.com/0.0.0.0"
"/devlog-upload.mihoyo.com/0.0.0.0"
"/uspider.yuanshen.com/0.0.0.0"
"/sg-public-data-api.hoyoverse.com/0.0.0.0"
"/public-data-api.mihoyo.com/0.0.0.0"
"/prd-lender.cdp.internal.unity3d.com/0.0.0.0"
"/thind-prd-knob.data.ie.unity3d.com/0.0.0.0"
"/thind-gke-usc.prd.data.corp.unity3d.com/0.0.0.0"
"/cdp.cloud.unity3d.com/0.0.0.0"
"/remote-config-proxy-prd.uca.cloud.unity3d.com/0.0.0.0"
]; ];
} }

0
machines/Home-Hypervisor/disks.nix → machines/Home-Hypervisor/usb-hdd.nix
View File

4
profiles/servers/blocky.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, dns-mapping ? [], ... }: { config, pkgs, dnsmasq-list ? [], ... }:
let let
nodeAddress = "192.168.0.5"; nodeAddress = "192.168.0.5";
upstream-dns = "100.64.0.1"; upstream-dns = "100.64.0.1";
@ -66,7 +66,7 @@ in {
no-hosts = true; no-hosts = true;
listen-address = "127.0.0.1"; listen-address = "127.0.0.1";
no-dhcp-interface = ""; no-dhcp-interface = "";
address = dns-mapping ++ []; address = dnsmasq-list ++ [];
}; };
}; };
services.blocky = { services.blocky = {

15
profiles/servers/cocalc.nix
View File

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/containers";
in {
virtualisation.oci-containers.containers.cocalc = {
autoStart = true;
image = "docker.io/ataraxiadev/cocalc-latex:1b335d368d26";
ports = [ "127.0.0.1:9099:443/tcp" ];
volumes = [
"${nas-path}/cocalc:/projects"
"${nas-path}/databases/cocalc:/projects/postgres"
];
};
}

25
profiles/servers/copyparty.nix
View File

@ -1,25 +0,0 @@
{ config, lib, pkgs, ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas";
in {
virtualisation.oci-containers.containers.copyparty = {
autoStart = true;
image = "docker.io/copyparty/min";
cmd = [
"--xdev" "--xvol"
# "-e2dsa" "-e2ts"
# "--re-maxage 600"
# "--hist /cache/copyparty"
# "--no-robots"
"-q" "--http-only" "--no-dav"
"-s" "--no-logues" "--no-readme"
# "-i localhost"
];
ports = [ "127.0.0.1:3923:3923/tcp" ];
user = "1000:100";
volumes = [
"${nas-path}:/w"
];
};
}

34
profiles/servers/firefox-syncserver.nix
View File

@ -1,34 +0,0 @@
{ pkgs, config, lib, ... }: {
secrets.firefox-syncserver = {
# owner = config.services.firefox-syncserver.database.user;
};
services.mysql.package = pkgs.mariadb;
services.firefox-syncserver = {
enable = true;
database.createLocally = true;
secrets = config.secrets.firefox-syncserver.decrypted;
settings = {
port = 5000;
tokenserver.enabled = true;
# syncserver = {
# public_url = "https://fsync.ataraxiadev.com";
# };
# endpoints = {
# "sync-1.5" = "http://localhost:8000/1.5/1";
# };
};
singleNode = {
enable = true;
capacity = 10;
# enableTLS = false;
# enableNginx = false;
# enableTLS = false;
# enableNginx = true;
# hostname = "localhost";
# hostname = "fsync.ataraxiadev.com";
url = "https://fsync.ataraxiadev.com";
};
};
}

4
profiles/servers/headscale.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, dns-mapping ? {}, ... }: { config, pkgs, headscale-list ? {}, ... }:
let let
domain = "wg.ataraxiadev.com"; domain = "wg.ataraxiadev.com";
in { in {
@ -17,7 +17,7 @@ in {
dns_config = { dns_config = {
base_domain = domain; base_domain = domain;
nameservers = [ "127.0.0.1" ]; nameservers = [ "127.0.0.1" ];
extra_records = dns-mapping; extra_records = headscale-list;
}; };
oidc = { oidc = {
only_start_if_oidc_is_available = true; only_start_if_oidc_is_available = true;

3
profiles/servers/homepage.nix
View File

@ -6,7 +6,6 @@ let
pod-dns = "192.168.0.1"; pod-dns = "192.168.0.1";
open-ports = [ open-ports = [
"127.0.0.1:3000:3000/tcp" "127.0.0.1:3000:3000/tcp"
# "127.0.0.1:2375:2375/tcp"
]; ];
in { in {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
@ -18,7 +17,6 @@ in {
PGID = "100"; PGID = "100";
}; };
extraOptions = [ "--pod=${pod-name}" ]; extraOptions = [ "--pod=${pod-name}" ];
# ports = [ "127.0.0.1:3000:3000/tcp" ];
volumes = [ volumes = [
"${nas-path}/homepage/config:/app/config" "${nas-path}/homepage/config:/app/config"
"${nas-path}/homepage/icons:/app/public/icons" "${nas-path}/homepage/icons:/app/public/icons"
@ -35,7 +33,6 @@ in {
POST = "0"; POST = "0";
}; };
extraOptions = [ "--pod=${pod-name}" ]; extraOptions = [ "--pod=${pod-name}" ];
# ports = [ "127.0.0.1:2375:2375/tcp" ];
volumes = [ volumes = [
"${nas-path}/homepage/config:/app/config" "${nas-path}/homepage/config:/app/config"
"${nas-path}/homepage/icons:/app/public/icons" "${nas-path}/homepage/icons:/app/public/icons"

153
profiles/servers/mailserver.nix
View File

@ -1,153 +0,0 @@
{ pkgs, config, lib, inputs, ... }:
let
secrets-default = {
owner = "dovecot2:dovecot2";
services = [ "dovecot2" ];
};
in {
imports = [ (toString inputs.simple-nixos-mailserver) ];
secrets.mailserver = secrets-default;
secrets.mailserver-minichka = secrets-default;
secrets.mailserver-mitin = secrets-default;
secrets.mailserver-joplin = secrets-default;
secrets.mailserver-vaultwarden = secrets-default;
secrets.mailserver-seafile = secrets-default;
secrets.mailserver-gitea = secrets-default;
secrets.mailserver-authentik = secrets-default;
secrets.mailserver-kavita = secrets-default;
secrets.mailserver-synapse = secrets-default;
secrets.mailserver-outline = secrets-default;
security.acme.certs."mail.ataraxiadev.com" = {
webroot = "/var/lib/acme/acme-challenge";
postRun = ''
systemctl reload postfix
systemctl reload dovecot2
'';
};
services.postfix = {
dnsBlacklists = [
"all.s5h.net"
"b.barracudacentral.org"
"bl.spamcop.net"
"blacklist.woody.ch"
];
dnsBlacklistOverrides = ''
ataraxiadev.com OK
mail.ataraxiadev.com OK
127.0.0.0/8 OK
192.168.0.0/16 OK
'';
headerChecks = [
{
action = "IGNORE";
pattern = "/^User-Agent.*Roundcube Webmail/";
}
];
};
mailserver = rec {
enable = true;
openFirewall = true;
fqdn = "mail.ataraxiadev.com";
domains = [ "ataraxiadev.com" ];
# hashedPassword:
# nsp apacheHttpd --run 'htpasswd -nbB "" "super secret password"' | cut -d: -f2
loginAccounts = {
"ataraxiadev@ataraxiadev.com" = {
aliases = [
"ataraxiadev" "admin@ataraxiadev.com" "admin" "root@ataraxiadev.com" "root"
"ark@ataraxiadev.com" "ark" "ataraxiadev.hsr@ataraxiadev.com" "ataraxiadev.hsr"
"hsr@ataraxiadev.com" "hsr"
"hsr1@ataraxiadev.com" "hsr1"
"hsr2@ataraxiadev.com" "hsr2"
"hsr3@ataraxiadev.com" "hsr3"
"hsr4@ataraxiadev.com" "hsr4"
"hsr5@ataraxiadev.com" "hsr5"
"hsr6@ataraxiadev.com" "hsr6"
"hsr7@ataraxiadev.com" "hsr7"
"hsr8@ataraxiadev.com" "hsr8"
"hsr9@ataraxiadev.com" "hsr9"
"hsr10@ataraxiadev.com" "hsr10"
"hsr11@ataraxiadev.com" "hsr11"
"hsr12@ataraxiadev.com" "hsr12"
"hsr13@ataraxiadev.com" "hsr13"
"hsr14@ataraxiadev.com" "hsr14"
"hsr15@ataraxiadev.com" "hsr15"
"hsr16@ataraxiadev.com" "hsr16"
# "@ataraxiadev.com"
];
hashedPasswordFile = config.secrets.mailserver.decrypted;
};
"minichka76@ataraxiadev.com" = {
aliases = [
"minichka76" "kpoxa@ataraxiadev.com" "kpoxa"
"sladkiyson0417@ataraxiadev.com" "sladkiyson0417"
];
hashedPasswordFile = config.secrets.mailserver-minichka.decrypted;
};
"mitin@ataraxiadev.com" = {
aliases = [ "mitin" "mitin1@ataraxiadev.com" "mitin1" "mitin2@ataraxiadev.com" "mitin2" ];
hashedPasswordFile = config.secrets.mailserver-mitin.decrypted;
};
"authentik@ataraxiadev.com" = {
aliases = [ "authentik" ];
hashedPasswordFile = config.secrets.mailserver-authentik.decrypted;
};
"gitea@ataraxiadev.com" = {
aliases = [ "gitea" ];
hashedPasswordFile = config.secrets.mailserver-gitea.decrypted;
};
"joplin@ataraxiadev.com" = {
aliases = [ "joplin" ];
hashedPasswordFile = config.secrets.mailserver-joplin.decrypted;
};
"kavita@ataraxiadev.com" = {
aliases = [ "kavita" ];
hashedPasswordFile = config.secrets.mailserver-kavita.decrypted;
};
"vaultwarden@ataraxiadev.com" = {
aliases = [ "vaultwarden" ];
hashedPasswordFile = config.secrets.mailserver-vaultwarden.decrypted;
};
"seafile@ataraxiadev.com" = {
aliases = [ "seafile" ];
hashedPasswordFile = config.secrets.mailserver-seafile.decrypted;
};
"matrix@ataraxiadev.com" = {
aliases = [ "matrix" ];
hashedPasswordFile = config.secrets.mailserver-synapse.decrypted;
};
"outline@ataraxiadev.com" = {
aliases = [ "outline" ];
hashedPasswordFile = config.secrets.mailserver-outline.decrypted;
};
};
hierarchySeparator = "/";
localDnsResolver = false;
certificateScheme = "manual";
certificateFile = "${config.security.acme.certs.${fqdn}.directory}/fullchain.pem";
keyFile = "${config.security.acme.certs.${fqdn}.directory}/key.pem";
enableManageSieve = true;
enableImap = true;
enableImapSsl = true;
enablePop3 = false;
enablePop3Ssl = false;
enableSubmission = true;
enableSubmissionSsl = true;
virusScanning = false;
mailDirectory = "/srv/mail/vmail";
dkimKeyDirectory = "/srv/mail/dkim";
};
persist.state.directories = [
"/var/sieve" # FIXME: change ownership to virtualMail:
] ++ lib.optionals (config.deviceSpecific.devInfo.fileSystem != "zfs") [
config.mailserver.dkimKeyDirectory
config.mailserver.mailDirectory
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

23
profiles/servers/matrix.nix
View File

@ -1,23 +0,0 @@
{ config, lib, pkgs, ... }: {
virtualisation.libvirt.guests.fedora-synapse = {
autoStart = false;
user = config.mainuser;
group = "libvirtd";
uefi = true;
memory = 2 * 1024;
cpu = {
sockets = 1; cores = 1; threads = 2;
};
devices = {
disks = [
{ diskFile = "/media/nas/libvirt/images/fedora-matrix-root.img"; type = "raw"; targetName = "vda"; }
{ diskFile = "/media/nas/libvirt/images/fedora-matrix-synapse.img"; type = "raw"; targetName = "vdb"; }
];
network = {
macAddress = "00:16:3e:5b:49:bf";
interfaceType = "bridge";
sourceDev = "br0";
};
};
};
}

22
profiles/servers/microbin.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, ... }: {
secrets.microbin-pass.services = [ "microbin.service" ];
systemd.services.microbin = {
description = "MicroBin";
path = [ pkgs.microbin ];
script = ''
mkdir -p /var/microbin
cd /var/microbin
MICROBIN_PASS=$(cat /var/secrets/microbin-pass)
microbin --editable --highlightsyntax --private -b 127.0.0.1 -p 9988 --auth-username ataraxiadev --auth-password $MICROBIN_PASS
'';
serviceConfig = {
Restart = "always";
Type = "simple";
};
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
persist.state.directories = [ "/var/microbin" ];
}

30
profiles/servers/neko-browser.nix
View File

@ -1,30 +0,0 @@
{ config, lib, pkgs, ... }:
let
backend = config.virtualisation.oci-containers.backend;
in {
virtualisation.oci-containers.containers.neko-browser = {
autoStart = true;
image = "ghcr.io/m1k1o/neko/intel-firefox";
environment = {
NEKO_ICELITE = "true";
NEKO_SCREEN = "1920x1080@30";
NEKO_PASSWORD = "neko";
NEKO_PASSWORD_ADMIN = "admin";
NEKO_TCPMUX = "8091";
NEKO_UDPMUX = "8092";
NEKO_BIND = "127.0.0.1:8090";
NEKO_NAT1TO1 = "91.202.204.123";
};
extraOptions = [
"--cap-add=SYS_ADMIN"
"--cap-add=SYS_CHROOT"
"--device=/dev/dri:/dev/dri"
"--shm-size=1gb"
];
ports = [
"127.0.0.1:8090:8090"
"127.0.0.1:8091:8091"
"127.0.0.1:8092:8092/udp"
];
};
}

245
profiles/servers/nginx.nix
View File

@ -61,16 +61,16 @@ in {
extraDomainNames = [ extraDomainNames = [
"api.ataraxiadev.com" "api.ataraxiadev.com"
"auth.ataraxiadev.com" "auth.ataraxiadev.com"
"bathist.ataraxiadev.com" # "bathist.ataraxiadev.com"
"browser.ataraxiadev.com" # "browser.ataraxiadev.com"
"cache.ataraxiadev.com" "cache.ataraxiadev.com"
"cal.ataraxiadev.com" "cal.ataraxiadev.com"
"cocalc.ataraxiadev.com" # "cocalc.ataraxiadev.com"
"code.ataraxiadev.com" "code.ataraxiadev.com"
"docs.ataraxiadev.com" "docs.ataraxiadev.com"
"fb.ataraxiadev.com" # "fb.ataraxiadev.com"
"file.ataraxiadev.com" "file.ataraxiadev.com"
"fsync.ataraxiadev.com" # "fsync.ataraxiadev.com"
"home.ataraxiadev.com" "home.ataraxiadev.com"
"jackett.ataraxiadev.com" "jackett.ataraxiadev.com"
"jellyfin.ataraxiadev.com" "jellyfin.ataraxiadev.com"
@ -86,7 +86,7 @@ in {
"radarr.ataraxiadev.com" "radarr.ataraxiadev.com"
"s3.ataraxiadev.com" "s3.ataraxiadev.com"
"sonarr.ataraxiadev.com" "sonarr.ataraxiadev.com"
"startpage.ataraxiadev.com" # "startpage.ataraxiadev.com"
"tools.ataraxiadev.com" "tools.ataraxiadev.com"
"vw.ataraxiadev.com" "vw.ataraxiadev.com"
"wg.ataraxiadev.com" "wg.ataraxiadev.com"
@ -101,12 +101,6 @@ in {
}; };
}; };
services.fcgiwrap = {
enable = true;
user = config.services.nginx.user;
group = config.services.nginx.group;
};
services.nginx = { services.nginx = {
enable = true; enable = true;
group = "acme"; group = "acme";
@ -118,12 +112,6 @@ in {
clientMaxBodySize = "250m"; clientMaxBodySize = "250m";
commonHttpConfig = '' commonHttpConfig = ''
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
# proxy_hide_header Content-Security-Policy;
# add_header Content-Security-Policy "upgrade-insecure-requests";
# add_header X-XSS-Protection "1; mode=block";
# add_header X-Robots-Tag "none";
# add_header X-Content-Type-Options "nosniff";
''; '';
virtualHosts = let virtualHosts = let
default = { default = {
@ -161,52 +149,30 @@ in {
''; '';
}; };
} // default; } // default;
# "matrix:443" = { "api.ataraxiadev.com" = {
# serverAliases = [ locations."~ (\\.py|\\.sh)$" = with config.services; {
# "matrix.ataraxiadev.com" alias = "/srv/http/api.ataraxiadev.com";
# "dimension.ataraxiadev.com"
# "element.ataraxiadev.com"
# "stats.ataraxiadev.com"
# ];
# listen = [{
# addr = "0.0.0.0";
# port = 443;
# ssl = true;
# }];
# locations."/" = {
# proxyPass = "http://matrix.pve:81";
# extraConfig = ''
# client_max_body_size 50M;
# '' + proxySettings;
# };
# } // default;
# "matrix:8448" = {
# serverAliases = [ "matrix.ataraxiadev.com" ];
# listen = [{
# addr = "0.0.0.0";
# port = 8448;
# ssl = true;
# }];
# locations."/" = {
# proxyPass = "http://matrix.pve:8448";
# extraConfig = ''
# client_max_body_size 50M;
# '' + proxySettings;
# };
# } // default;
"home.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:3000";
};
"openbooks.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8097";
proxyWebsockets = true;
};
"docs.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3010";
proxyWebsockets = true;
extraConfig = '' extraConfig = ''
client_max_body_size 100M; gzip off;
fastcgi_pass ${fcgiwrap.socketType}:${fcgiwrap.socketAddress};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
} // default;
"auth.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
extraConfig = proxySettings;
};
} // default;
"cache.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
extraConfig = ''
client_max_body_size 0;
send_timeout 15m;
'' + proxySettings; '' + proxySettings;
}; };
} // default; } // default;
@ -216,51 +182,21 @@ in {
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
} // default; } // default;
"vw.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8812";
extraConfig = proxySettings;
};
locations."/notifications/hub" = {
proxyPass = "http://127.0.0.1:3012";
proxyWebsockets = true;
extraConfig = proxySettings;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://127.0.0.1:8812";
extraConfig = proxySettings;
};
} // default;
"code.ataraxiadev.com" = { "code.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:6000"; proxyPass = "http://127.0.0.1:6000";
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
} // default; } // default;
"bathist.ataraxiadev.com" = default // authentik { "docs.ataraxiadev.com" = {
proxyPass = "http://127.0.0.1:9999"; locations."/" = {
rootExtraConfig = proxySettings; proxyPass = "http://127.0.0.1:3010";
}; proxyWebsockets = true;
# "browser.ataraxiadev.com" = { extraConfig = ''
# locations."/" = { client_max_body_size 100M;
# proxyPass = "http://127.0.0.1:8090"; '' + proxySettings;
# proxyWebsockets = true; };
# extraConfig = '' } // default;
# proxy_read_timeout 86400;
# '' + proxySettings;
# };
# } // default;
# "fb.ataraxiadev.com" = default // authentik {
# proxyPass = "http://127.0.0.1:3923";
# rootExtraConfig = ''
# proxy_redirect off;
# proxy_http_version 1.1;
# client_max_body_size 0;
# proxy_buffering off;
# proxy_request_buffering off;
# proxy_set_header Connection "Keep-Alive";
# '' + proxySettings;
# };
"file.ataraxiadev.com" = { "file.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9200"; proxyPass = "http://127.0.0.1:9200";
@ -274,39 +210,20 @@ in {
''; '';
}; };
} // default; } // default;
# "webmail.ataraxiadev.com" = { "home.ataraxiadev.com" = default // authentik {
# locations."/" = { proxyPass = "http://127.0.0.1:3000";
# extraConfig = '' };
# client_max_body_size 30M; "joplin.ataraxiadev.com" = {
# '' + proxySettings;
# };
# } // default;
"cocalc.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "https://localhost:9099"; proxyPass = "http://127.0.0.1:22300";
proxyWebsockets = true;
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
} // default; } // default;
"tools.ataraxiadev.com" = default // authentik { "ldap.ataraxiadev.com" = default;
proxyPass = "http://127.0.0.1:8070";
};
"pdf.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8071";
};
"lib.ataraxiadev.com" = default // authentik { "lib.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8072"; proxyPass = "http://127.0.0.1:8072";
proxyWebsockets = true; proxyWebsockets = true;
}; };
"medusa.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8180";
proxyWebsockets = true;
extraConfig = ''
add_header Content-Security-Policy "upgrade-insecure-requests";
'' + proxySettings;
};
} // default;
"media-stack" = { "media-stack" = {
serverAliases = [ serverAliases = [
"jellyfin.ataraxiadev.com" "jellyfin.ataraxiadev.com"
@ -332,12 +249,22 @@ in {
'' + proxySettings; '' + proxySettings;
}; };
} // default; } // default;
"joplin.ataraxiadev.com" = { "medusa.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:22300"; proxyPass = "http://127.0.0.1:8180";
extraConfig = proxySettings; proxyWebsockets = true;
extraConfig = ''
add_header Content-Security-Policy "upgrade-insecure-requests";
'' + proxySettings;
}; };
} // default; } // default;
"openbooks.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8097";
proxyWebsockets = true;
};
"pdf.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8071";
};
"s3.ataraxiadev.com" = { "s3.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9600"; proxyPass = "http://127.0.0.1:9600";
@ -367,53 +294,49 @@ in {
proxy_request_buffering off; proxy_request_buffering off;
''; '';
} // default; } // default;
# "fsync.ataraxiadev.com" = { "tools.ataraxiadev.com" = default // authentik {
# locations."/" = { proxyPass = "http://127.0.0.1:8070";
# proxyPass = "http://127.0.0.1:5000"; };
# extraConfig = proxySettings; "vw.ataraxiadev.com" = {
# };
# } // default;
"auth.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:9000"; proxyPass = "http://127.0.0.1:8812";
extraConfig = proxySettings;
};
locations."/notifications/hub" = {
proxyPass = "http://127.0.0.1:3012";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
locations."/notifications/hub/negotiate" = {
proxyPass = "http://127.0.0.1:8812";
extraConfig = proxySettings;
};
} // default; } // default;
"ldap.ataraxiadev.com" = default;
"wg.ataraxiadev.com" = { "wg.ataraxiadev.com" = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}"; proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
} // default; } // default;
"api.ataraxiadev.com" = {
locations."~ (\\.py|\\.sh)$" = with config.services; {
alias = "/srv/http/api.ataraxiadev.com";
extraConfig = ''
gzip off;
fastcgi_pass ${fcgiwrap.socketType}:${fcgiwrap.socketAddress};
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
} // default;
"cache.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:8083";
extraConfig = ''
client_max_body_size 0;
send_timeout 15m;
'' + proxySettings;
};
} // default;
"wiki.ataraxiadev.com" = default // authentik { "wiki.ataraxiadev.com" = default // authentik {
proxyPass = "http://127.0.0.1:8190"; proxyPass = "http://127.0.0.1:8190";
# rootExtraConfig = proxySettings;
}; };
# "cocalc.ataraxiadev.com" = {
# locations."/" = {
# proxyPass = "https://127.0.0.1:9599";
# proxyWebsockets = true;
# extraConfig = proxySettings;
# };
# } // default;
}; };
}; };
services.fcgiwrap = {
enable = true;
user = config.services.nginx.user;
group = config.services.nginx.group;
};
secrets.narodmon-key.owner = config.services.nginx.user; secrets.narodmon-key.owner = config.services.nginx.user;
system.activationScripts.linkPyScripts.text = '' system.activationScripts.linkPyScripts.text = ''
@ -421,5 +344,5 @@ in {
ln -sfn ${pkgs.narodmon-py}/bin/temp.py /srv/http/api.ataraxiadev.com/temp.py ln -sfn ${pkgs.narodmon-py}/bin/temp.py /srv/http/api.ataraxiadev.com/temp.py
''; '';
networking.firewall.allowedTCPPorts = [ 80 443 8448 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

1
profiles/servers/openbooks.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/media-stack"; nas-path = "/media/nas/media-stack";
in { in {
virtualisation.oci-containers.containers.openbooks = { virtualisation.oci-containers.containers.openbooks = {

34
profiles/servers/roundcube.nix
View File

@ -1,34 +0,0 @@
{ config, lib, pkgs, ... }: {
services.roundcube = {
enable = true;
database.username = "roundcube";
dicts = with pkgs.aspellDicts; [ en ru ];
extraConfig = ''
$config['imap_host'] = array(
'tls://mail.ataraxiadev.com' => "AtaraxiaDev's Mail Server",
'ssl://imap.gmail.com:993' => 'Google Mail',
);
$config['username_domain'] = array(
'mail.ataraxiadev.com' => 'ataraxiadev.com',
'mail.gmail.com' => 'gmail.com',
);
$config['x_frame_options'] = false;
$config['smtp_host'] = "tls://mail.ataraxiadev.com:587";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
hostName = "webmail.ataraxiadev.com";
maxAttachmentSize = 50;
plugins = [ "carddav" "persistent_login" "managesieve" ];
package = pkgs.roundcube.withPlugins (plugins:
with plugins; [ carddav persistent_login ]
);
};
services.phpfpm.pools.roundcube.settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
};
persist.state.directories = [ "/var/lib/roundcube" ];
}

160
profiles/servers/seafile.nix
View File

@ -1,160 +0,0 @@
{ config, lib, pkgs, ... }:
let
backend = config.virtualisation.oci-containers.backend;
nas-path = "/media/nas/seafile";
pod-name = "seafile-pod";
open-ports = [ "127.0.0.1:8088:80" ];
seafile-ver = "10.0.1";
mariadb-ver = "10.11.4";
memcached-ver = "1.6.21";
caddy-ver = "1.1.0";
seahub-media-caddyfile = pkgs.writeText "Caddyfile" ''
{
admin off
http_port 8098
https_port 8099
}
:8098 {
root * /usr/share/caddy
file_server
}
'';
seafile-caddy-caddyfile = pkgs.writeText "Caddyfile" ''
{
auto_https disable_redirects
}
http:// https:// {
reverse_proxy seahub:8000 {
lb_policy header X-Forwarded-For
trusted_proxies private_ranges
}
reverse_proxy /seafdav* seafile-server:8080 {
header_up Destination https:// http://
trusted_proxies private_ranges
}
handle_path /seafhttp* {
uri strip_prefix seafhttp
reverse_proxy seafile-server:8082 {
trusted_proxies private_ranges
}
}
handle_path /notification* {
uri strip_prefix notification
reverse_proxy seafile-server:8083 {
trusted_proxies private_ranges
}
}
reverse_proxy /media/* seahub-media:8098 {
lb_policy header X-Forwarded-For
trusted_proxies private_ranges
}
rewrite /accounts/login* /oauth/login/?
}
'';
in {
secrets.seafile-db-pass = { };
secrets.seafile-admin-pass = { };
virtualisation.oci-containers.containers.seafile-server = {
autoStart = true;
dependsOn = [ "seafile-db" "memcached" "seafile-caddy" ];
environment = {
DB_HOST = "seafile-db";
TIME_ZONE = "Europe/Moscow";
HTTPS = "true";
SEAFILE_SERVER_HOSTNAME = "file.ataraxiadev.com";
GC_CRON = "0 6 * * 0";
};
environmentFiles = [
config.secrets.seafile-db-pass.decrypted
];
extraOptions = [ "--pod=seafile" ];
image = "docker.io/ggogel/seafile-server:${seafile-ver}";
volumes = [ "${nas-path}/server-data:/shared" ];
};
virtualisation.oci-containers.containers.seahub = {
autoStart = true;
dependsOn = [ "seafile-server" "seahub-media" "seafile-caddy" ];
environment = {
SEAFILE_ADMIN_EMAIL = "admin@ataraxiadev.com";
};
environmentFiles = [
config.secrets.seafile-admin-pass.decrypted
];
extraOptions = [
"--pod=seafile"
];
image = "docker.io/ggogel/seahub:${seafile-ver}";
volumes = [
"${nas-path}/server-data:/shared"
];
};
virtualisation.oci-containers.containers.seahub-media = {
autoStart = true;
dependsOn = [ "seafile-caddy" ];
extraOptions = [ "--pod=seafile" ];
image = "docker.io/ggogel/seahub-media:${seafile-ver}";
volumes = [
"${seahub-media-caddyfile}:/etc/caddy/Caddyfile"
"${nas-path}/server-data/seafile/seahub-data/avatars:/usr/share/caddy/media/avatars"
"${nas-path}/server-data/seafile/seahub-data/custom:/usr/share/caddy/media/custom"
];
};
virtualisation.oci-containers.containers.seafile-db = {
autoStart = true;
environment = {
MYSQL_LOG_CONSOLE = "true";
};
environmentFiles = [
config.secrets.seafile-db-pass.decrypted
];
extraOptions = [ "--pod=seafile" ];
image = "docker.io/mariadb:${mariadb-ver}";
volumes = [
"${nas-path}/db:/var/lib/mysql"
];
};
virtualisation.oci-containers.containers.memcached = {
autoStart = true;
cmd = [ "memcached" "-m 256" ];
extraOptions = [ "--pod=seafile" ];
image = "docker.io/memcached:${memcached-ver}";
};
virtualisation.oci-containers.containers.seafile-caddy = {
autoStart = true;
extraOptions = [ "--pod=seafile" ];
image = "docker.io/ggogel/seafile-caddy:${caddy-ver}";
volumes = [ "${seafile-caddy-caddyfile}:/etc/caddy/Caddyfile" ];
};
systemd.services."podman-create-${pod-name}" = let
portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports;
start = pkgs.writeShellScript "create-pod-${pod-name}" ''
podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping}
exit 0
'';
in rec {
path = [ pkgs.coreutils config.virtualisation.podman.package ];
before = [
"${backend}-seafile-server.service"
"${backend}-seahub.service"
"${backend}-seahub-media.service"
"${backend}-seafile-db.service"
"${backend}-memcached.service"
"${backend}-seafile-caddy.service"
];
requiredBy = before;
partOf = before;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
ExecStart = start;
};
};
}