diff --git a/README.md b/README.md index a2c9cc7..41a917c 100644 --- a/README.md +++ b/README.md @@ -2,8 +2,10 @@ A better version of the [initial config](http://192.168.0.131:3000/kenny/nixos-cfg) but with both common and specific configs so that we can _easily grow a coherent park_. -This config should cover: +# Achieved so far -- puter -- bigbox -- box +- [X] Automated puter workflow with justfile +- [X] Modulable set-up with apps and services +- [ ] Box config +- [ ] Adapt justfile for different machines +- [ ] BigBox config diff --git a/flake.nix b/flake.nix index c2ee6db..26b4b64 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,11 @@ modules = [./hosts/puter/default.nix]; specialArgs = {inherit inputs;}; }; + box = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [./hosts/box/default.nix]; + specialArgs = {inherit inputs;}; + }; }; }; } diff --git a/hosts/box/default.nix b/hosts/box/default.nix new file mode 100644 index 0000000..6d9f431 --- /dev/null +++ b/hosts/box/default.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./dns.nix + ./radicale.nix + ./glance.nix + ./packages.nix + ./hardware-configuration.nix + ../../modules/raspberrypi.nix + ../../modules/common/networking.nix + ../../modules/common/shell.nix + ]; + networking.hostName = "box"; + networking.firewall.enable = false; + # This will be overridden by system/default.nix + system.stateVersion = "25.05"; +} diff --git a/hosts/box/dns.nix b/hosts/box/dns.nix new file mode 100644 index 0000000..2266f2e --- /dev/null +++ b/hosts/box/dns.nix @@ -0,0 +1,86 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + services.pihole-web = { + enable = true; + ports = [8085]; + }; + + services.pihole-ftl = { + enable = true; + #openFirewallDNS = true; + #openFirewallDHCP = true; + queryLogDeleter.enable = true; + lists = [ + { + url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"; + # Alternatively, use the file from nixpkgs. Note its contents won't be + # automatically updated by Pi-hole, as it would with an online URL. + # url = "file://${pkgs.stevenblack-blocklist}/hosts"; + description = "Steven Black's unified adlist"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt"; + description = "Hagezi Ultimate"; + } + { + url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt"; + description = "Hazegi NSFW"; + } + ]; + settings = { + files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db"; + dns = { + domainNeeded = true; + expandHosts = true; + interface = "end0"; + listeningMode = "BIND"; + domain = "lan"; + upstreams = ["9.9.9.11"]; + hosts = [ + "*.bigbox.lan 192.168.0.131" + "bigbox.lan 192.168.0.131" + "inv.bigbox.lan 192.168.0.131" + "media.bigbox.lan 192.168.0.131" + "type.bigbox.lan 192.168.0.131" + "bookmarks.bigbox.lan 192.168.0.131" + "bin.bigbox.lan 192.168.0.131" + "ai.bigbox.lan 192.168.0.131" + "speed.bigbox.lan 192.168.0.131" + "syncthing.bigbox.lan 192.168.0.131" + "kiwix.bigbox.lan 192.168.0.131" + "torrent.bigbox.lan 192.168.0.131" + "gitea.bigbox.lan 192.168.0.131" + "news.bigbox.lan 192.168.0.131" + ]; + }; + dhcp = { + active = false; + router = "192.168.0.1"; + start = "192.168.0.2"; + end = "192.168.0.99"; + netmask = "255.255.255.0"; + leaseTime = "1d"; + #ipv6 = true; + multiDNS = true; + rapidCommit = true; + hosts = [ + # Static address for the current host + "d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite" + "80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite" + "60:30:d4:6b:89:10,192.168.0.100,puter,infinite" + ]; + }; + misc.dnsmasq_lines = [ + # This DHCP server is the only one on the network + #"dhcp-authoritative" + # Source: https://data.iana.org/root-anchors/root-anchors.xml + "trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16" + ]; + }; + }; +} diff --git a/hosts/box/empty.nix b/hosts/box/empty.nix new file mode 100644 index 0000000..9ecaff5 --- /dev/null +++ b/hosts/box/empty.nix @@ -0,0 +1,6 @@ +{ + config, + pkgs, + ... +}: { +} diff --git a/hosts/box/glance.nix b/hosts/box/glance.nix new file mode 100644 index 0000000..e6105a6 --- /dev/null +++ b/hosts/box/glance.nix @@ -0,0 +1,182 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + services.glance = { + enable = true; + settings = { + server.port = 8080; + server.host = "192.168.0.101"; + pages = [ + { + name = "HomeLAN"; + #hide-desktop-navigation = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "search"; + search-engine = "startpage"; + new-tab = true; + autofocus = true; + placeholder = "Startpage | @in, @media, @pkg, @git"; + bangs = [ + { + title = "Invidious"; + shortcut = "@in"; + url = "http://192.168.0.131:4000/search?q={QUERY}"; + } + { + title = "NixOS Packages"; + shortcut = "@pkg"; + url = "https://search.nixos.org/packages?query={QUERY}"; + } + { + title = "Jellyfin"; + shortcut = "@media"; + url = "http://192.168.0.131:8096/web/#/search.html?query={QUERY}"; + } + { + title = "Github"; + shortcut = "@git"; + url = "https://github.com/search?q={QUERY}&type=repositories"; + } + ]; + } + { + type = "monitor"; + cache = "1m"; + style = "compact"; + title = "Health"; + sites = [ + { + title = "Gitea"; + url = "http://192.168.0.131:3010/user/login"; + } + { + title = "Jellyfin"; + url = "http://192.168.0.131:8096/web/#/home.html"; + } + { + title = "Invidious"; + url = "http://192.168.0.131:4000"; + } + { + title = "Transmission"; + url = "http://192.168.0.131:9091"; + } + { + title = "OpenWebUI"; + url = "http://192.168.0.131:3005/auth?redirect=%2F"; + } + { + title = "FreshRSS"; + url = "http://192.168.0.131:8011"; + } + { + title = "Karakeep"; + url = "http://192.168.0.131:5000"; + } + { + title = "Syncthing"; + url = "http://192.168.0.131:8384"; + } + { + title = "Radicale"; + url = "http://192.168.0.101:5232"; + } + { + title = "NetData"; + url = "http://192.168.0.131:19999/v3"; + } + { + title = "Keybr"; + url = "http://192.168.0.131:3000"; + } + { + title = "Speedtest Tracker"; + url = "http://192.168.0.131:8765/"; + } + { + title = "PiHole"; + url = "http://192.168.0.101:8085"; + } + { + title = "Dozzle"; + url = "http://192.168.0.131:8009"; + } + { + title = "TP-Link"; + url = "http://192.168.0.1"; + } + ]; + } + { + type = "server-stats"; + name = "Box"; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "group"; + widgets = [ + { + type = "hacker-news"; + limit = 40; + collapse-after = 5; + } + { + type = "lobsters"; + sort-by = "hot"; + #tags = [ "c" "rust" "networking" ]; + tags = ["rust" "networking" "c" "culture" "law" "cryptography" "hardware" "science" "linux" "windows" "nix" "android" "privacy" "security" "virtualization" "editors" "systemd" "vim"]; + } + ]; + } + { + type = "group"; + widgets = [ + { + type = "iframe"; + source = "http://192.168.0.131:19999/v3"; + height = 800; + } + ]; + } + ]; + } + { + size = "small"; + widgets = [ + { + type = "to-do"; + } + { + type = "weather"; + location = "Bucharest, Romania"; + units = "metric"; + hour-format = "24h"; + } + { + type = "twitch-channels"; + channels = [ + "theprimeagen" + "tsoding" + "euuhhh" + ]; + } + ]; + } + ]; + } + ]; + }; + }; +} diff --git a/hosts/box/hardware-configuration.nix b/hosts/box/hardware-configuration.nix new file mode 100644 index 0000000..0c25e76 --- /dev/null +++ b/hosts/box/hardware-configuration.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: { + boot.blacklistedKernelModules = [ + "bluetooth" + "btbcm" + "hci_uart" + "hci_bcm" + ]; + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = ["noatime"]; + }; + }; + + hardware.enableRedistributableFirmware = true; +} diff --git a/hosts/box/packages.nix b/hosts/box/packages.nix new file mode 100644 index 0000000..019a632 --- /dev/null +++ b/hosts/box/packages.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ../../modules/userapps/utils.nix + ]; + + services.openssh.enable = true; + + users.users.boxuser = { + isNormalUser = true; + extraGroups = ["wheel" "docker" "networkmanager"]; # Enable ‘sudo’ for the user. + password = "boxuser"; + packages = with pkgs; [ + fastfetch + ]; + }; + + security.sudo = { + enable = true; + wheelNeedsPassword = false; + }; +} diff --git a/hosts/box/radicale.nix b/hosts/box/radicale.nix new file mode 100644 index 0000000..825c2f4 --- /dev/null +++ b/hosts/box/radicale.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + services.radicale = { + enable = true; + settings.server.hosts = ["192.168.0.101:5232"]; + settings.auth.type = "htpasswd"; + #settings.auth.htpasswd_filename = "/home/boxuser/radicale/config/users"; + settings.auth.htpasswd_encryption = "plain"; + #settings.storage.filesystem_folder = "/home/boxuser/radicale/data/collections"; + }; +} diff --git a/hosts/puter/default.nix b/hosts/puter/default.nix index 53b65e9..c7fad74 100644 --- a/hosts/puter/default.nix +++ b/hosts/puter/default.nix @@ -5,10 +5,10 @@ }: { imports = [ ./hardware-configuration.nix - ./cronjobs.nix #./syncthing.nix ./packages.nix ./de/default.nix + ../../modules/userapps/kondo_timer.nix ../../modules/common/nix.nix ../../modules/common/networking.nix ../../modules/common/shell.nix diff --git a/modules/common/networking.nix b/modules/common/networking.nix index 2234892..f0e93c2 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -4,6 +4,10 @@ ... }: { networking.networkmanager.enable = true; + networking.networkmanager.dns = "none"; + + networking.nameservers = ["192.168.0.101" "9.9.9.11" "149.112.112.11"]; + time.timeZone = "Europe/Bucharest"; i18n.defaultLocale = "en_US.UTF-8"; diff --git a/modules/raspberrypi.nix b/modules/raspberrypi.nix new file mode 100644 index 0000000..8a2f34d --- /dev/null +++ b/modules/raspberrypi.nix @@ -0,0 +1,11 @@ +{ + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + docker-compose + ]; +} diff --git a/hosts/puter/cronjobs.nix b/modules/userapps/kondo_timer.nix similarity index 100% rename from hosts/puter/cronjobs.nix rename to modules/userapps/kondo_timer.nix