From b11164a864858f13ff4a9c785d4f9cfa2ea87bf1 Mon Sep 17 00:00:00 2001 From: kenny Date: Thu, 2 Oct 2025 14:24:48 +0300 Subject: [PATCH] Added old pi files --- old-pi-nixos/adguard.nix | 40 ++++++ old-pi-nixos/blank.nix | 4 + old-pi-nixos/chrony.nix | 9 ++ old-pi-nixos/configuration.nix | 176 +++++++++++++++++++++++ old-pi-nixos/crab-hole.nix | 51 +++++++ old-pi-nixos/dns.nix | 83 +++++++++++ old-pi-nixos/glance.nix | 184 ++++++++++++++++++++++++ old-pi-nixos/hardware-configuration.nix | 32 +++++ old-pi-nixos/justfile | 6 + old-pi-nixos/radicale.nix | 12 ++ 10 files changed, 597 insertions(+) create mode 100644 old-pi-nixos/adguard.nix create mode 100644 old-pi-nixos/blank.nix create mode 100644 old-pi-nixos/chrony.nix create mode 100644 old-pi-nixos/configuration.nix create mode 100644 old-pi-nixos/crab-hole.nix create mode 100644 old-pi-nixos/dns.nix create mode 100644 old-pi-nixos/glance.nix create mode 100644 old-pi-nixos/hardware-configuration.nix create mode 100644 old-pi-nixos/justfile create mode 100644 old-pi-nixos/radicale.nix diff --git a/old-pi-nixos/adguard.nix b/old-pi-nixos/adguard.nix new file mode 100644 index 0000000..46ef64d --- /dev/null +++ b/old-pi-nixos/adguard.nix @@ -0,0 +1,40 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ + + services.adguardhome = { + enable = true; + settings = { + http = { + # You can select any ip and port, just make sure to open firewalls where needed + address = "192.168.0.101:3003"; + }; + dns = { + upstream_dns = [ + # Example config with quad9 + "9.9.9.11" + "149.112.112.11" + # Uncomment the following to use a local DNS service (e.g. Unbound) + # Additionally replace the address & port as needed + # "127.0.0.1:5335" + ]; + }; + filtering = { + protection_enabled = true; + filtering_enabled = true; + + parental_enabled = false; # Parental control-based DNS requests filtering. + safe_search = { + enabled = false; # Enforcing "Safe search" option for search engines, when possible. + }; + }; + # The following notation uses map + # to not have to manually create {enabled = true; url = "";} for every filter + # This is, however, fully optional + filters = map(url: { enabled = true; url = url; }) [ + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist + ]; + }; + }; +} diff --git a/old-pi-nixos/blank.nix b/old-pi-nixos/blank.nix new file mode 100644 index 0000000..918cb0c --- /dev/null +++ b/old-pi-nixos/blank.nix @@ -0,0 +1,4 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ +} diff --git a/old-pi-nixos/chrony.nix b/old-pi-nixos/chrony.nix new file mode 100644 index 0000000..828c777 --- /dev/null +++ b/old-pi-nixos/chrony.nix @@ -0,0 +1,9 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ + services.chrony = { + enable = true; + enableNTS = true; + servers = ["nts.teambelgium.net" "ptbtime1.ptb.de" "paris.time.system76.com"]; + }; +} diff --git a/old-pi-nixos/configuration.nix b/old-pi-nixos/configuration.nix new file mode 100644 index 0000000..c0ffac0 --- /dev/null +++ b/old-pi-nixos/configuration.nix @@ -0,0 +1,176 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + #imports = + # [ # Include the results of the hardware scan. + # + # ./hardware-configuration.nix + # ]; + imports = [./dns.nix ./radicale.nix ./glance.nix]; + boot.blacklistedKernelModules = [ + "bluetooth" + "btbcm" + "hci_uart" + "hci_bcm" + ]; + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + services.chrony = { + enable = true; + enableNTS = true; + servers = ["nts.teambelgium.net" "ptbtime1.ptb.de" "paris.time.system76.com"]; + }; + + hardware.enableRedistributableFirmware = true; + + networking.networkmanager = { + enable = true; + dns = "none"; + }; + networking.nameservers = [ "192.168.0.101" "9.9.9.11" "149.112.112.11" ]; + + networking.hostName = "box"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless = { + # enable = true; + # networks.Ligma.psk = "rox+theo.ZNG6"; + # interfaces = [ "wlan0" ]; + # }; + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + # networking.networkmanager.wifi.powersave = false; + + services.openssh.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Bucharest"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.boxuser = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "networkmanager" ]; # Enable ‘sudo’ for the user. + password = "boxuser"; + packages = with pkgs; [ + tree + ]; + }; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + wget + libraspberrypi + raspberrypi-eeprom + htop + docker-compose + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ 80 5232 ]; + # networking.firewall.allowedUDPPorts = [ 5232 ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +} + diff --git a/old-pi-nixos/crab-hole.nix b/old-pi-nixos/crab-hole.nix new file mode 100644 index 0000000..736ea7b --- /dev/null +++ b/old-pi-nixos/crab-hole.nix @@ -0,0 +1,51 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ + services.crab-hole = { + enable = true; + settings = { + api = { + port = 8080; + listen = "192.168.0.101"; + # optional (default = false) + show_doc = true; # OpenAPI doc loads content from third party websites + # optional + admin_key = "admin"; + }; + }; + + settings = { + blocklist = { + include_subdomains = true; + lists = [ + #"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts" + "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" + "https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt" + "https://energized.pro/nsfw/hosts.txt" + "https://energized.pro/antipopads-re/hosts.txt" + ]; + }; + + downstream = [ + { + protocol = "udp"; + listen = "192.168.0.101"; + port = 53; + } + ]; + + upstream = { + validate = true; + name_servers = [ + { + socket_addr = "9.9.9.11:853"; + protocol = "tls"; + tls_dns_name = "tls://dns11.quad9.net"; + trust_nx_responses = false; + } + ]; + }; + }; + }; + +} diff --git a/old-pi-nixos/dns.nix b/old-pi-nixos/dns.nix new file mode 100644 index 0000000..7617218 --- /dev/null +++ b/old-pi-nixos/dns.nix @@ -0,0 +1,83 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ + + services.pihole-web = { + enable = true; + ports = [ 8085 ]; + }; + + services.pihole-ftl = { + enable = true; + #openFirewallDNS = true; + #openFirewallDHCP = true; + queryLogDeleter.enable = true; + lists = [ + { + url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; + # Alternatively, use the file from nixpkgs. Note its contents won't be + # automatically updated by Pi-hole, as it would with an online URL. + # url = "file://${pkgs.stevenblack-blocklist}/hosts"; + description = "Steven Black's unified adlist"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt"; + description = "Hagezi Ultimate"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt"; + description = "Hazegi NSFW"; + } + ]; + settings = { + files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db"; + dns = { + domainNeeded = true; + expandHosts = true; + interface = "end0"; + listeningMode = "BIND"; + domain = "lan"; + upstreams = [ "9.9.9.11" ]; + hosts = [ + "*.bigbox.lan 192.168.0.131" + "bigbox.lan 192.168.0.131" + "inv.bigbox.lan 192.168.0.131" + "media.bigbox.lan 192.168.0.131" + "type.bigbox.lan 192.168.0.131" + "bookmarks.bigbox.lan 192.168.0.131" + "bin.bigbox.lan 192.168.0.131" + "ai.bigbox.lan 192.168.0.131" + "speed.bigbox.lan 192.168.0.131" + "syncthing.bigbox.lan 192.168.0.131" + "kiwix.bigbox.lan 192.168.0.131" + "torrent.bigbox.lan 192.168.0.131" + "gitea.bigbox.lan 192.168.0.131" + "news.bigbox.lan 192.168.0.131" + ]; + }; + dhcp = { + active = false; + router = "192.168.0.1"; + start = "192.168.0.2"; + end = "192.168.0.99"; + netmask = "255.255.255.0"; + leaseTime = "1d"; + #ipv6 = true; + multiDNS = true; + rapidCommit = true; + hosts = [ + # Static address for the current host + "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite" + "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite" + "60:30:d4:6b:89:10,192.168.0.100,puter,infinite" + ]; + }; + misc.dnsmasq_lines = [ + # This DHCP server is the only one on the network + #"dhcp-authoritative" + # Source: https://data.iana.org/root-anchors/root-anchors.xml + "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16" + ]; + }; + }; +} diff --git a/old-pi-nixos/glance.nix b/old-pi-nixos/glance.nix new file mode 100644 index 0000000..a335761 --- /dev/null +++ b/old-pi-nixos/glance.nix @@ -0,0 +1,184 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + services.glance = { + enable = true; + settings = { + server.port = 8080; + server.host = "192.168.0.101"; + pages = [ + { + name = "HomeLAN"; + #hide-desktop-navigation = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "search"; + search-engine = "startpage"; + new-tab = true; + autofocus = true; + placeholder = "Startpage | @in, @media, @pkg, @git"; + bangs = [ + { + title = "Invidious"; + shortcut = "@in"; + url = "http://192.168.0.131:4000/search?q={QUERY}"; + } + { + title = "NixOS Packages"; + shortcut = "@pkg"; + url = "https://search.nixos.org/packages?query={QUERY}"; + } + { + title = "Jellyfin"; + shortcut = "@media"; + url = "http://192.168.0.131:8096/web/#/search.html?query={QUERY}"; + } + { + title = "Github"; + shortcut = "@git"; + url = "https://github.com/search?q={QUERY}&type=repositories"; + } + ]; + } + { + type = "monitor"; + cache = "1m"; + style = "compact"; + title = "Health"; + sites = [ + { + title = "Gitea"; + url = "http://192.168.0.131:3010/user/login"; + } + { + title = "Jellyfin"; + url = "http://192.168.0.131:8096/web/#/home.html"; + } + { + title = "Invidious"; + url = "http://192.168.0.131:4000"; + } + { + title = "Transmission"; + url = "http://192.168.0.131:9091"; + } + { + title = "OpenWebUI"; + url = "http://192.168.0.131:3005/auth?redirect=%2F"; + } + { + title = "FreshRSS"; + url = "http://192.168.0.131:8011"; + } + { + title = "Karakeep"; + url = "http://192.168.0.131:5000"; + } + { + title = "Syncthing"; + url = "http://192.168.0.131:8384"; + } + { + title = "Radicale"; + url = "http://192.168.0.101:5232"; + } + { + title = "NetData"; + url = "http://192.168.0.131:19999/v3"; + } + { + title = "Keybr"; + url = "http://192.168.0.131:3000"; + } + { + title = "Speedtest Tracker"; + url = "http://192.168.0.131:8765/"; + } + { + title = "PiHole"; + url = "http://192.168.0.101:8085"; + } + { + title = "Dozzle"; + url = "http://192.168.0.131:8009"; + } + { + title = "TP-Link"; + url = "http://192.168.0.1"; + } + ]; + } + { + type = "server-stats"; + name = "Box"; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "group"; + widgets = [ + { + type = "hacker-news"; + limit = 40; + collapse-after = 5; + } + { + type = "lobsters"; + sort-by = "hot"; + #tags = [ "c" "rust" "networking" ]; + tags = [ "rust" "networking" "c" "culture" "law" "cryptography" "hardware" "science" "linux" "windows" "nix" "android" "privacy" "security" "virtualization" "editors" "systemd" "vim" ]; + } + ]; + } + { + type = "group"; + widgets = [ + { + type = "iframe"; + source = "http://192.168.0.131:19999/v3"; + height = 800; + } + ]; + } + ]; + } + { + size = "small"; + widgets = [ + { + type = "to-do"; + } + { + type = "weather"; + location = "Bucharest, Romania"; + units = "metric"; + hour-format = "24h"; + } + { + type = "twitch-channels"; + channels = [ + "theprimeagen" + "tsoding" + "euuhhh" + ]; + } + ]; + } + ]; + } + ]; + }; + }; +} diff --git a/old-pi-nixos/hardware-configuration.nix b/old-pi-nixos/hardware-configuration.nix new file mode 100644 index 0000000..a975865 --- /dev/null +++ b/old-pi-nixos/hardware-configuration.nix @@ -0,0 +1,32 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} diff --git a/old-pi-nixos/justfile b/old-pi-nixos/justfile new file mode 100644 index 0000000..db25b71 --- /dev/null +++ b/old-pi-nixos/justfile @@ -0,0 +1,6 @@ +clean: + sudo nix-env --delete-generations old + sudo nix-collect-garbage --delete-older-than 30d + sudo nix store optimise + sudo rm -rf /nix/var/nix/downloads/* + sudo journalctl --vacuum-time=30d diff --git a/old-pi-nixos/radicale.nix b/old-pi-nixos/radicale.nix new file mode 100644 index 0000000..cb473ef --- /dev/null +++ b/old-pi-nixos/radicale.nix @@ -0,0 +1,12 @@ +{config, lib, pkgs, modulesPath, ...}: + +{ +services.radicale = { + enable = true; + settings.server.hosts = [ "192.168.0.101:5232" ]; + settings.auth.type = "htpasswd"; + #settings.auth.htpasswd_filename = "/home/boxuser/radicale/config/users"; + settings.auth.htpasswd_encryption = "plain"; + #settings.storage.filesystem_folder = "/home/boxuser/radicale/data/collections"; +}; +}