James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: James:ff550b960ede9b82aebaaa72458e7549000c1fa6
Branches Tags
James:main
...
compare: James:d1baa8b4d8e44e4737eb98fbddbb6ab4bfe21a05
Branches Tags
James:main

3 Commits
ff550b960e ... d1baa8b4d8

Author SHA1 Message Date
James Eversole
d1baa8b4d8 Flake update 2026-02-27 07:44:18 -06:00
James Eversole
473b776166 Add global rate limiting 2026-02-10 09:07:43 -06:00
James Eversole
10c3898b0b Updates! 2025-11-18 13:09:36 -06:00
9 changed files with 437 additions and 60 deletions
Expand all files Collapse all files

397
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1750173260, "lastModified": 1770165109,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -26,11 +26,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1761588595,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -55,7 +55,39 @@
"type": "github" "type": "github"
} }
}, },
"lix": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"lix-2_92_3": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"nix2container": "nix2container", "nix2container": "nix2container",
@@ -64,34 +96,117 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1737234286, "lastModified": 1751237967,
"narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", "narHash": "sha256-iP2iUDxA99RcgQyZROs7bQw8pqxa1vFudRqjAIHg9Iw=",
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "ref": "2.92.3",
"revCount": 16631, "rev": "0d8d8e0b420a6ce30708bb2f8e14d7e489dd6c0c",
"revCount": 16677,
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix"
}, },
"original": { "original": {
"rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "ref": "2.92.3",
"type": "git", "type": "git",
"url": "https://git.lix.systems/lix-project/lix" "url": "https://git.lix.systems/lix-project/lix"
} }
}, },
"lix-2_93_3": {
"inputs": {
"flake-compat": "flake-compat_3",
"nix2container": "nix2container_2",
"nix_2_18": "nix_2_18",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression_2",
"pre-commit-hooks": "pre-commit-hooks_2"
},
"locked": {
"lastModified": 1753223228,
"narHash": "sha256-Oqw04eboDM8rrUgAXiT7w5F2uGrQdt8sGX+Mk6mVXZQ=",
"ref": "2.93.3",
"rev": "017e93ae637ce6dfc958001e5cdc2a3e0182be6f",
"revCount": 17882,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
},
"original": {
"ref": "2.93.3",
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
}
},
"lix-2_94_0": {
"inputs": {
"flake-compat": "flake-compat_4",
"nix2container": "nix2container_3",
"nix_2_18": "nix_2_18_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs-regression": "nixpkgs-regression_3",
"pre-commit-hooks": "pre-commit-hooks_3"
},
"locked": {
"lastModified": 1763408539,
"narHash": "sha256-X6X3NhgLnpkgWUbLs0nLjusNx/el3L1EkVm6OHqY2z8=",
"ref": "2.94.0",
"rev": "43dc3b987fb47bd45ee7ed6967febac2595c468e",
"revCount": 18528,
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
},
"original": {
"ref": "2.94.0",
"type": "git",
"url": "https://git.lix.systems/lix-project/lix"
}
},
"lowdown-src": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"lowdown-src_2": {
"flake": false,
"locked": {
"lastModified": 1633514407,
"narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
"owner": "kristapsdz",
"repo": "lowdown",
"rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
"type": "github"
},
"original": {
"owner": "kristapsdz",
"repo": "lowdown",
"type": "github"
}
},
"nix-serve-ng": { "nix-serve-ng": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"lix": "lix", "lix-2_92_3": "lix-2_92_3",
"lix-2_93_3": "lix-2_93_3",
"lix-2_94_0": "lix-2_94_0",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1748458972, "lastModified": 1765938481,
"narHash": "sha256-N6c3NozYqAGwmjf+k5GHOZzlcquDntrJwsZQ7O2sqtQ=", "narHash": "sha256-Pck7/jhaoYAUM9M0nWR/dwYEVwXXNP2bzB4+XtZBmno=",
"owner": "aristanetworks", "owner": "aristanetworks",
"repo": "nix-serve-ng", "repo": "nix-serve-ng",
"rev": "1d21f73a2d563ffbb924a4244c29b35e898caefe", "rev": "8ce0104efdf7f72e5a371bc48613084673b23cc0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -116,6 +231,98 @@
"type": "github" "type": "github"
} }
}, },
"nix2container_2": {
"flake": false,
"locked": {
"lastModified": 1724996935,
"narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nix2container_3": {
"flake": false,
"locked": {
"lastModified": 1724996935,
"narHash": "sha256-njRK9vvZ1JJsP8oV2OgkBrpJhgQezI03S7gzskCcHos=",
"owner": "nlewo",
"repo": "nix2container",
"rev": "fa6bb0a1159f55d071ba99331355955ae30b3401",
"type": "github"
},
"original": {
"owner": "nlewo",
"repo": "nix2container",
"type": "github"
}
},
"nix_2_18": {
"inputs": {
"flake-compat": [
"nix-serve-ng",
"lix-2_93_3",
"flake-compat"
],
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_2",
"nixpkgs-regression": [
"nix-serve-ng",
"lix-2_93_3",
"nixpkgs-regression"
]
},
"locked": {
"lastModified": 1730375271,
"narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=",
"owner": "NixOS",
"repo": "nix",
"rev": "0f665ff6779454f2117dcc32e44380cda7f45523",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.18.9",
"repo": "nix",
"type": "github"
}
},
"nix_2_18_2": {
"inputs": {
"flake-compat": [
"nix-serve-ng",
"lix-2_94_0",
"flake-compat"
],
"lowdown-src": "lowdown-src_2",
"nixpkgs": "nixpkgs_4",
"nixpkgs-regression": [
"nix-serve-ng",
"lix-2_94_0",
"nixpkgs-regression"
]
},
"locked": {
"lastModified": 1730375271,
"narHash": "sha256-RrOFlDGmRXcVRV2p2HqHGqvzGNyWoD0Dado/BNlJ1SI=",
"owner": "NixOS",
"repo": "nix",
"rev": "0f665ff6779454f2117dcc32e44380cda7f45523",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "2.18.9",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1733348545, "lastModified": 1733348545,
@@ -134,11 +341,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1751159883, "lastModified": 1769909678,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -163,18 +370,114 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": { "nixpkgs-regression_2": {
"locked": { "locked": {
"lastModified": 1753115646, "lastModified": 1643052045,
"narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "92c2e04a475523e723c67ef872d8037379073681", "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-regression_3": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1749522908,
"narHash": "sha256-eWANkhWXFL1MmaxzsZ9bhLCNT8OVs7CC+OXaSDGlA8A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e5cb99555c45a13dcc5f1317462238530b0066b7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1705033721,
"narHash": "sha256-K5eJHmL1/kev6WuqyqqbS1cdNnSidIZ3jeqJ7GbrYnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1982c92d8980a0114372973cbdfe0a307f1bdea",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1757198069,
"narHash": "sha256-m3VUcOD4rTs8J7S+3dOjWMrAjw6RcITC3XYQ98zhEFs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0747026fc57ecb9c28901c7f7a2b5dc40e8af43c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1772047000,
"narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-25.05", "ref": "nixos-25.11",
"type": "indirect" "type": "indirect"
} }
}, },
@@ -183,11 +486,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1753121425, "lastModified": 1769996383,
"narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -212,11 +515,43 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks_2": {
"flake": false,
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks_3": {
"flake": false,
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"nix-serve-ng": "nix-serve-ng", "nix-serve-ng": "nix-serve-ng",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_6",
"parts": "parts" "parts": "parts"
} }
}, },
@@ -255,11 +590,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1687709756, "lastModified": 1731533236,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@@ -2,7 +2,7 @@
description = "eve-psr-nix0 - Home Server"; description = "eve-psr-nix0 - Home Server";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs.url = "nixpkgs/nixos-25.11";
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

4
nix/application/containers.nix
View File

@@ -23,7 +23,7 @@
}; };
gitea = { gitea = {
image = "docker.io/gitea/gitea:1.24.0-rc0-rootless"; image = "docker.io/gitea/gitea:1.25.0-rootless";
volumes = [ "/home/sezycei/srv/containerdata/gitea/data:/var/lib/gitea" volumes = [ "/home/sezycei/srv/containerdata/gitea/data:/var/lib/gitea"
"/home/sezycei/srv/containerdata/gitea/config:/etc/gitea" "/home/sezycei/srv/containerdata/gitea/config:/etc/gitea"
]; ];
@@ -146,7 +146,7 @@
}; };
vaultwarden = { vaultwarden = {
image = "vaultwarden/server:1.33.2"; image = "vaultwarden/server:1.35.2";
ports = [ "40080:80" ]; ports = [ "40080:80" ];
volumes = [ volumes = [
"/home/sezycei/srv/containerdata/bitwarden/data:/data" "/home/sezycei/srv/containerdata/bitwarden/data:/data"

2
nix/application/headscale.nix
View File

@@ -5,7 +5,7 @@
port = 35893; port = 35893;
settings = { settings = {
dns = { dns = {
base_domain = "vpn.matri.cx"; base_domain = "ts.matri.cx";
nameservers.global = ["192.168.0.130" "1.1.1.1"]; nameservers.global = ["192.168.0.130" "1.1.1.1"];
}; };
logtail.enabled = false; logtail.enabled = false;

31
nix/application/nginx.nix
View File

@@ -2,6 +2,18 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
appendHttpConfig = ''
log_format detailed '$remote_addr|||$remote_user|||$time_local|||'
'$request|||$status|||$body_bytes_sent|||'
'$http_referer|||$http_user_agent|||'
'$request_time|||$upstream_response_time|||'
'$http_x_forwarded_for|||$scheme|||$server_name';
error_log stderr;
access_log syslog:server=unix:/dev/log detailed;
#limit_req_status 429;
#limit_req_zone $binary_remote_addr zone=pri:40m rate=1r/s;
'';
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@@ -15,13 +27,16 @@
}; };
static = { dir }: base { static = { dir }: base {
"/".root = dir; "/" = {
root = dir;
extraConfig = globalRateLimiting;
};
}; };
proxied = { target, extra ? "" }: base { proxied = { target, extra ? "" }: base {
"/" = { "/" = {
proxyPass = target; proxyPass = target;
extraConfig = extra; extraConfig = globalRateLimiting + extra;
}; };
}; };
@@ -29,14 +44,14 @@
"/" = { "/" = {
proxyPass = target; proxyPass = target;
basicAuthFile = auth; basicAuthFile = auth;
extraConfig = extra; extraConfig = globalRateLimiting + extra;
}; };
}; };
proxiedLAN = { target, extra ? ""}: base { proxiedLAN = { target, extra ? ""}: base {
"/" = { "/" = {
proxyPass = target; proxyPass = target;
extraConfig = allowedLANAddrs + extra; extraConfig = globalRateLimiting + allowedLANAddrs + extra;
}; };
}; };
@@ -46,6 +61,10 @@
allow 100.64.0.0/24; allow 100.64.0.0/24;
deny all; deny all;
''; '';
globalRateLimiting = ''
#limit_req zone=pri burst=20 nodelay;
'';
in in
{ {
"default.host" = { default = true; root = "/var/www/default";}; "default.host" = { default = true; root = "/var/www/default";};
@@ -66,7 +85,7 @@
"git.eversole.co" = proxied { target = "http://127.0.0.1:8027"; }; "git.eversole.co" = proxied { target = "http://127.0.0.1:8027"; };
"graf.matri.cx" = { # refer to /monitoring/nginx.nix "graf.matri.cx" = { # refer to /monitoring/nginx.nix
root = "/var/www/graf.matri.cx"; root = "/var/www/graf.matri.cx";
extraConfig = allowedLANAddrs; extraConfig = globalRateLimiting + allowedLANAddrs;
}; };
"home.matri.cx" = { "home.matri.cx" = {
forceSSL = true; forceSSL = true;
@@ -87,7 +106,6 @@
proxy_set_header X-Request-Base "https://hydra.matri.cx"; proxy_set_header X-Request-Base "https://hydra.matri.cx";
''; '';
}; };
"jame.su" = static { dir = "/var/www/jame.su"; };
"llm.matri.cx" = proxiedLAN { "llm.matri.cx" = proxiedLAN {
target = "http://192.168.0.94:11434"; target = "http://192.168.0.94:11434";
extra = '' extra = ''
@@ -102,7 +120,6 @@
"purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; }; "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };
"pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; }; "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
"sezycei.com" = static { dir = "/var/www/sezycei.com"; }; "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
"snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
"transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; }; "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };
"vpn.matri.cx" = { "vpn.matri.cx" = {
forceSSL = true; forceSSL = true;

14
nix/system/dns.nix
View File

@@ -59,7 +59,7 @@
} }
} }
*.ycombinator.com { news.ycombinator.com {
template IN A { template IN A {
answer "{{ .Name }} 0 IN A 127.0.0.1" answer "{{ .Name }} 0 IN A 127.0.0.1"
} }
@@ -70,6 +70,18 @@
answer "{{ .Name }} 0 IN A 127.0.0.1" answer "{{ .Name }} 0 IN A 127.0.0.1"
} }
} }
4chan.org {
template IN A {
answer "{{ .Name }} 0 IN A 127.0.0.1"
}
}
*.4chan.org {
template IN A {
answer "{{ .Name }} 0 IN A 127.0.0.1"
}
}
''; '';
}; };
} }

5
nix/system/hardware.nix
View File

@@ -32,7 +32,10 @@
}; };
}; };
swapDevices = [ ]; swapDevices = [{
device = "/swap";
size = (8 * 1024);
}];
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

4
nix/system/network.nix
View File

@@ -2,8 +2,8 @@
networking = { networking = {
hostName = "eve-psr-nix0"; hostName = "eve-psr-nix0";
firewall = { firewall = {
allowedTCPPorts = [ 22 80 443 5000 23231 23232 23233 20443 ]; allowedTCPPorts = [ 22 80 443 4242 5000 23231 23232 23233 20443 ];
allowedUDPPorts = [ 53 51820 config.services.tailscale.port 20443 ]; allowedUDPPorts = [ 53 4242 51820 config.services.tailscale.port 20443 ];
extraCommands = '' extraCommands = ''
iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o enp1s0 -j MASQUERADE
''; '';

12
nix/user/users.nix
View File

@@ -2,7 +2,8 @@
programs.bash.promptInit = '' programs.bash.promptInit = ''
PS1='\u@\h:\w\n-> ' PS1='\u@\h:\w\n-> '
''; '';
users.users = { users = {
users = {
sezycei = { sezycei = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "nginx" ]; extraGroups = [ "wheel" "nginx" ];
@@ -19,5 +20,14 @@
isNormalUser = true; isNormalUser = true;
homeMode = "770"; homeMode = "770";
}; };
reticulum = {
isSystemUser = true;
description = "Reticulum daemon user";
group = "reticulum";
home = "/var/lib/reticulum";
createHome = true;
};
};
groups.reticulum = {};
}; };
} }