Refactor and modularize

2023-06-26 16:19:14 -05:00
parent 00bc694fcb
commit c8366db03f
13 changed files with 207 additions and 318 deletions
--- a/system/containers.nix
+++ b/system/containers.nix
@ -0,0 +1,96 @@
+{
+  virtualisation.oci-containers = {
+    containers = {
+      bind = {
+        image = "sameersbn/bind:latest";
+        ports =
+          [ "0.0.0.0:53:53/tcp" "0.0.0.0:53:53/udp" "0.0.0.0:5053:10000/tcp" ];
+        volumes = [ "/home/sezycei/srv/containerdata/bind/bind:/data" ];
+        environmentFiles = [ /home/sezycei/srv/containerdata/bind/.env ];
+      };
+      jellyfin = {
+        image = "linuxserver/jellyfin";
+        ports = [ "0.0.0.0:8096:8096" "0.0.0.0:8920:8920" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/jellyfin/config:/config"
+          "/home/torrent/data/completed:/data/unsorted"
+          "/home/torrent/data/TV:/data/tvshows"
+          "/home/torrent/data/Movies:/data/movies"
+          "/home/torrent/data/transcode:/data/transcode"
+          "/home/torrent/data/Music:/data/music"
+        ];
+        environment = {
+          PGID = "1000";
+          PUID = "1000";
+          TZ = "America/Chicago";
+          UMASK_SET = "022";
+        };
+      };
+      legit = {
+        image = "docker.matri.cx/legit";
+        ports = [ "0.0.0.0:5121:8080" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/legit/static:/static"
+          "/home/sezycei/srv/containerdata/legit/templates:/templates"
+          "/home/sezycei/srv/containerdata/legit/legit.yml:/legit.yml"
+          "/home/sezycei/srv/containerdata/legit/repos:/var/www/git"
+        ];
+        environment = { };
+      };
+      murmur = {
+        image = "goofball222/murmur";
+        ports = [ "0.0.0.0:64738:64738" "0.0.0.0:64738:64738/udp" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
+          "/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
+          "/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
+        ];
+        environment = { };
+      };
+      nginx = {
+        image = "nginx:alpine";
+        ports = [ "0.0.0.0:80:80" "0.0.0.0:443:443" "0.0.0.0:20222:20222" ];
+        volumes = [
+          "/home/sezycei/srv/web/www:/var/www/"
+          "/home/sezycei/srv/web/configuration/nginx.conf:/etc/nginx/nginx.conf"
+          "/home/sezycei/srv/web/configuration/htpasswd:/etc/nginx/htpasswd"
+          "/home/sezycei/srv/web/configuration/htpasswd-dock:/etc/nginx/htpasswd-dock"
+          "/home/sezycei/srv/web/configuration/sites-available:/etc/nginx/sites-enabled"
+          "/home/sezycei/srv/web/ssl/letsencrypt:/etc/letsencrypt"
+          "/home/sezycei/srv/web/ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem"
+        ];
+        environment = { };
+      };
+      purr = {
+        image = "docker.matri.cx/purr";
+        ports = [ "0.0.0.0:5195:3000" ];
+        volumes = [
+          "/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite"
+          "/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
+        ];
+        environment = { };
+      };
+      registry = {
+        image = "registry:2";
+        ports = [ "0.0.0.0:3001:5000" ];
+        volumes = [
+          "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
+          "/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
+          "/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
+        ];
+        environment = { };
+      };
+      transmission = {
+        image = "haugene/transmission-openvpn";
+        ports = [ "0.0.0.0:9091:9091" ];
+        volumes = [
+          "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
+          "/etc/localtime:/etc/localtime:ro"
+          "/home/torrent/data:/data"
+        ];
+        environmentFiles = [ /home/sezycei/srv/containerdata/transmission/.env ];
+        extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
+      };
+    };
+  };
+}
--- a/system/hardware-configuration.nix
+++ b/system/hardware-configuration.nix
@ -0,0 +1,39 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+  boot.initrd.availableKernelModules =
+    [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/NIXROOT";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/NIXBOOT";
+    fsType = "vfat";
+  };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode =
+    lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/system/nix-configuration.nix
+++ b/system/nix-configuration.nix
@ -0,0 +1,11 @@
+{ ... }:
+{
+  nix = {
+    buildMachines = [ ];
+    distributedBuilds = false;
+    settings = {
+      auto-optimise-store = false; # https://github.com/NixOS/nix/issues/7273
+      experimental-features = [ "nix-command" "flakes" ];
+    };
+  };
+}
--- a/system/security.nix
+++ b/system/security.nix
@ -0,0 +1,4 @@
+{ ... }:
+{
+  security.sudo.wheelNeedsPassword = false;
+}
--- a/system/services.nix
+++ b/system/services.nix
@ -0,0 +1,25 @@
+{ ... }:
+{
+  services = {
+    openssh = {
+      enable = true;
+    };
+
+    hydra = {
+      enable = true;
+      hydraURL = "https://hydra.matri.cx";
+      listenHost = "192.168.0.130";
+      port = 3034;
+
+      extraConfig = ''
+        using_frontend_proxy = 1
+        base_uri = "https://hydra.matri.cx"
+      '';
+
+      useSubstitutes = true;
+
+      notificationSender = "hydra@matri.cx";
+      buildMachinesFiles = [ ];
+    };
+  };
+}
--- a/system/system.nix
+++ b/system/system.nix
@ -0,0 +1,19 @@
+{ pkgs, ... }:
+{
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+  };
+
+  environment.systemPackages = with pkgs; [ git pciutils vim wget ];
+
+  networking = {
+    hostName = "eve-psr-nix0";
+    firewall = {
+      allowedTCPPorts = [ 22 80 443 3034 ];
+      allowedUDPPorts = [ 22 80 443 ];
+    };
+  };
+
+  time.timeZone = "America/Chicago";
+}
--- a/system/virtualisation.nix
+++ b/system/virtualisation.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  virtualisation = {
+    oci-containers = {
+      backend = "podman";
+    };
+  };
+}