kenny/nixos-haus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Integrated box host

Browse Source
This commit is contained in:
kenny
2025-10-02 13:56:28 +03:00
parent 82a4fa9169
commit db42fd7021
13 changed files with 394 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/box/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{
config,
pkgs,
...
}: {
imports = [
./dns.nix
./radicale.nix
./glance.nix
./packages.nix
./hardware-configuration.nix
../../modules/raspberrypi.nix
../../modules/common/networking.nix
../../modules/common/shell.nix
];
networking.hostName = "box";
networking.firewall.enable = false;
# This will be overridden by system/default.nix
system.stateVersion = "25.05";
}

86
hosts/box/dns.nix Normal file
View File

@@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
services.pihole-web = {
enable = true;
ports = [8085];
};
services.pihole-ftl = {
enable = true;
#openFirewallDNS = true;
#openFirewallDHCP = true;
queryLogDeleter.enable = true;
lists = [
{
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
# Alternatively, use the file from nixpkgs. Note its contents won't be
# automatically updated by Pi-hole, as it would with an online URL.
# url = "file://${pkgs.stevenblack-blocklist}/hosts";
description = "Steven Black's unified adlist";
}
{
url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/ultimate.txt";
description = "Hagezi Ultimate";
}
{
url = "https://codeberg.org/hagezi/mirror2/raw/branch/main/dns-blocklists/adblock/nsfw.txt";
description = "Hazegi NSFW";
}
];
settings = {
files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
dns = {
domainNeeded = true;
expandHosts = true;
interface = "end0";
listeningMode = "BIND";
domain = "lan";
upstreams = ["9.9.9.11"];
hosts = [
"*.bigbox.lan 192.168.0.131"
"bigbox.lan 192.168.0.131"
"inv.bigbox.lan 192.168.0.131"
"media.bigbox.lan 192.168.0.131"
"type.bigbox.lan 192.168.0.131"
"bookmarks.bigbox.lan 192.168.0.131"
"bin.bigbox.lan 192.168.0.131"
"ai.bigbox.lan 192.168.0.131"
"speed.bigbox.lan 192.168.0.131"
"syncthing.bigbox.lan 192.168.0.131"
"kiwix.bigbox.lan 192.168.0.131"
"torrent.bigbox.lan 192.168.0.131"
"gitea.bigbox.lan 192.168.0.131"
"news.bigbox.lan 192.168.0.131"
];
};
dhcp = {
active = false;
router = "192.168.0.1";
start = "192.168.0.2";
end = "192.168.0.99";
netmask = "255.255.255.0";
leaseTime = "1d";
#ipv6 = true;
multiDNS = true;
rapidCommit = true;
hosts = [
# Static address for the current host
"d8:3a:dd:9a:c1:99,192.168.0.101,box,infinite"
"80:ce:62:ed:ba:2b,192.168.0.131,bigbox,infinite"
"60:30:d4:6b:89:10,192.168.0.100,puter,infinite"
];
};
misc.dnsmasq_lines = [
# This DHCP server is the only one on the network
#"dhcp-authoritative"
# Source: https://data.iana.org/root-anchors/root-anchors.xml
"trust-anchor=.,38696,8,2,683D2D0ACB8C9B712A1948B27F741219298D0A450D612C483AF444A4C0FB2B16"
];
};
};
}

6
hosts/box/empty.nix Normal file
View File

@@ -0,0 +1,6 @@
{
config,
pkgs,
...
}: {
}

182
hosts/box/glance.nix Normal file
View File

@@ -0,0 +1,182 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
services.glance = {
enable = true;
settings = {
server.port = 8080;
server.host = "192.168.0.101";
pages = [
{
name = "HomeLAN";
#hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{
type = "search";
search-engine = "startpage";
new-tab = true;
autofocus = true;
placeholder = "Startpage | @in, @media, @pkg, @git";
bangs = [
{
title = "Invidious";
shortcut = "@in";
url = "http://192.168.0.131:4000/search?q={QUERY}";
}
{
title = "NixOS Packages";
shortcut = "@pkg";
url = "https://search.nixos.org/packages?query={QUERY}";
}
{
title = "Jellyfin";
shortcut = "@media";
url = "http://192.168.0.131:8096/web/#/search.html?query={QUERY}";
}
{
title = "Github";
shortcut = "@git";
url = "https://github.com/search?q={QUERY}&type=repositories";
}
];
}
{
type = "monitor";
cache = "1m";
style = "compact";
title = "Health";
sites = [
{
title = "Gitea";
url = "http://192.168.0.131:3010/user/login";
}
{
title = "Jellyfin";
url = "http://192.168.0.131:8096/web/#/home.html";
}
{
title = "Invidious";
url = "http://192.168.0.131:4000";
}
{
title = "Transmission";
url = "http://192.168.0.131:9091";
}
{
title = "OpenWebUI";
url = "http://192.168.0.131:3005/auth?redirect=%2F";
}
{
title = "FreshRSS";
url = "http://192.168.0.131:8011";
}
{
title = "Karakeep";
url = "http://192.168.0.131:5000";
}
{
title = "Syncthing";
url = "http://192.168.0.131:8384";
}
{
title = "Radicale";
url = "http://192.168.0.101:5232";
}
{
title = "NetData";
url = "http://192.168.0.131:19999/v3";
}
{
title = "Keybr";
url = "http://192.168.0.131:3000";
}
{
title = "Speedtest Tracker";
url = "http://192.168.0.131:8765/";
}
{
title = "PiHole";
url = "http://192.168.0.101:8085";
}
{
title = "Dozzle";
url = "http://192.168.0.131:8009";
}
{
title = "TP-Link";
url = "http://192.168.0.1";
}
];
}
{
type = "server-stats";
name = "Box";
}
];
}
{
size = "full";
widgets = [
{
type = "group";
widgets = [
{
type = "hacker-news";
limit = 40;
collapse-after = 5;
}
{
type = "lobsters";
sort-by = "hot";
#tags = [ "c" "rust" "networking" ];
tags = ["rust" "networking" "c" "culture" "law" "cryptography" "hardware" "science" "linux" "windows" "nix" "android" "privacy" "security" "virtualization" "editors" "systemd" "vim"];
}
];
}
{
type = "group";
widgets = [
{
type = "iframe";
source = "http://192.168.0.131:19999/v3";
height = 800;
}
];
}
];
}
{
size = "small";
widgets = [
{
type = "to-do";
}
{
type = "weather";
location = "Bucharest, Romania";
units = "metric";
hour-format = "24h";
}
{
type = "twitch-channels";
channels = [
"theprimeagen"
"tsoding"
"euuhhh"
];
}
];
}
];
}
];
};
};
}

32
hosts/box/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}: {
boot.blacklistedKernelModules = [
"bluetooth"
"btbcm"
"hci_uart"
"hci_bcm"
];
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = ["noatime"];
};
};
hardware.enableRedistributableFirmware = true;
}

25
hosts/box/packages.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
pkgs,
...
}: {
imports = [
../../modules/userapps/utils.nix
];
services.openssh.enable = true;
users.users.boxuser = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "networkmanager"]; # Enable sudo for the user.
password = "boxuser";
packages = with pkgs; [
fastfetch
];
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
}

16
hosts/box/radicale.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
services.radicale = {
enable = true;
settings.server.hosts = ["192.168.0.101:5232"];
settings.auth.type = "htpasswd";
#settings.auth.htpasswd_filename = "/home/boxuser/radicale/config/users";
settings.auth.htpasswd_encryption = "plain";
#settings.storage.filesystem_folder = "/home/boxuser/radicale/data/collections";
};
}