diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 93d87f7..313dbc2 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -27,6 +27,19 @@ time.timeZone = "Europe/Amsterdam"; + systemd.network.networks."99-local" = { + matchConfig.name = "ens3s1"; + address = [ + "192.168.1.100/24" + ]; + routes = [ + { + Gateway = "172.16.10.1"; + GatewayOnLink = false; + } + ]; + }; + environment.systemPackages = with pkgs; [ kitty.terminfo zfs diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 5c1c991..99124c4 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -11,6 +11,7 @@ ./../../modules/core ./../../modules/core/virtualization.nix ./../../modules/services/tailscale.nix + ./../../modules/services/mpd.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd ]; diff --git a/hosts/yoshino/default.nix b/hosts/yoshino/default.nix index 7abf5ae..f61d5b5 100644 --- a/hosts/yoshino/default.nix +++ b/hosts/yoshino/default.nix @@ -11,6 +11,7 @@ ./../../modules/core # ./../../modules/home/nfs.nix ./../../modules/core/virtualization.nix + ./../../modules/services/tailscale.nix ]; powerManagement = { diff --git a/modules/core/sshd.nix b/modules/core/sshd.nix index 13fba58..2616303 100644 --- a/modules/core/sshd.nix +++ b/modules/core/sshd.nix @@ -17,5 +17,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv2zxCy22KU1tZOH2hA1p8fWVpOSrTYF68+3E5r330O liv@ichiyo" # 2nd laptop + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGm9dLpj13r+Iso5SuHSCSQbriumwW1Fs7TkgaBmmXeo liv@azalea" # linux phone ]; } diff --git a/modules/home/hyprland/config.nix b/modules/home/hyprland/config.nix index 5ee7713..94a37a1 100644 --- a/modules/home/hyprland/config.nix +++ b/modules/home/hyprland/config.nix @@ -226,6 +226,7 @@ "$mainMod SHIFT, W, exec, wdisplays" "$mainMod SHIFT, T, exec, thunderbird" "$mainMod SHIFT, E, exec, element-desktop" + "$mainMod SHIFT, X, exec, gajim" "$mainMod SHIFT, P, exec, pavucontrol-qt" "$mainMod SHIFT, N ,exec, notes" "$mainMod, N,exec, swaync-client -t" diff --git a/modules/home/packages.nix b/modules/home/packages.nix index bbf04d7..dde1cc9 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -59,6 +59,7 @@ # GUI shit element-desktop + gajim signal-desktop anki-bin obs-studio diff --git a/modules/services/borg.nix b/modules/services/borg.nix index b318cec..f068108 100644 --- a/modules/services/borg.nix +++ b/modules/services/borg.nix @@ -1,7 +1,12 @@ -{ pkgs, config, ... }: +{ + pkgs, + config, + username, + ... +}: let hostname = "violet"; - repo = "ssh://dandelion.booping.local:${toString config.services.openssh.ports}/spinners/rootvol/backups/${hostname}"; + baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${hostname}"; in { services.borgbackup.jobs = { @@ -9,55 +14,41 @@ in paths = [ "/home/liv/MinecraftDocker" ]; - repo = "${repo}/MinecraftDocker-tulip"; - compression = "auto,zstd"; - startAt = "daily"; + repo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/violet/MinecraftDocker-tulip"; + encryption.mode = "none"; + compression = "auto,zstd,10"; + startAt = [ "3:00" ]; postHook = '' if [ $exitStatus -eq 2 ]; then - ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors" + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) failed with errors" else - ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus" + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-minecraft) completed succesfully with exit status $exitStatus" fi ''; + user = "${username}"; + environment = { + BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519"; + }; }; "violet-lib" = { paths = [ "/var/lib" ]; - repo = "${repo}/var-lib"; + repo = "${baseRepo}/var-lib"; + encryption.mode = "none"; compression = "auto,zstd"; startAt = "daily"; postHook = '' if [ $exitStatus -eq 2 ]; then - ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors" + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) failed with errors" else - ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus" + ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${hostname} "borgbackup: ${hostname} backup (violet-lib) completed succesfully with exit status $exitStatus" fi ''; + # user = "${username}"; + environment = { + BORG_RSH = "ssh -p 9123 -i /home/liv/.ssh/id_ed25519"; + }; }; - # "violet-random" = { - # paths = [ - # "/random" - # ]; - # exclude = [ - # "/random/a" - # "/random/a" - # ]; - # encryption = { - # mode = ""; - # passCommand = ""; - # }; - # environment.BORG_RSH = "ssh -i ${config.sops.secrets."ssh_private_key_violet".path}"; - # repo = "${repo}/violet/random"; - # compression = "auto,zstd"; - # startAt = "daily"; - # postHook = '' - # if [ $exitStatus -eq 2 ]; then - # ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup failed with errors" - # else - # ${pkgs.ntfy-sh}/bin/ntfy send https://ntfy.${domain}/nixbox "BorgBackup: nixbox backup completed succesfully with exit status $exitStatus" - # fi - # ''; - # }; }; } diff --git a/modules/services/dandelion.nix b/modules/services/dandelion.nix index edf193d..6bd0cd9 100644 --- a/modules/services/dandelion.nix +++ b/modules/services/dandelion.nix @@ -8,5 +8,6 @@ ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] ++ [ (import ./tailscale.nix) ] + ++ [ (import ./nfs.nix) ] ++ [ (import ./hd-idle.nix) ]; } diff --git a/modules/services/frp.nix b/modules/services/frp.nix new file mode 100644 index 0000000..5083b89 --- /dev/null +++ b/modules/services/frp.nix @@ -0,0 +1,34 @@ +{ + pkgs, + config, + lib, + ... +}: +{ + services.frp = { + enable = true; + role = "client"; + settings = { + serverAddr = ""; + serverPort = 7000; + auth.method = "token"; + auth.token = ""; + proxies = [ + { + name = "http"; + type = "tcp"; + localIP = "localhost"; + localPort = 80; + remotePort = 80; + } + { + name = "https"; + type = "tcp"; + localIP = "localhost"; + localPort = 443; + remotePort = 443; + } + ]; + }; + }; +} diff --git a/modules/services/immich.nix b/modules/services/immich.nix index 6b66e76..c6d4d86 100644 --- a/modules/services/immich.nix +++ b/modules/services/immich.nix @@ -1,9 +1,12 @@ { config, ... }: { - services.immich = { - enable = true; - port = 2283; - }; + # services.immich = { + # enable = true; + # port = 2283; + # mediaLocation = "/spinners/rootvol/immich/"; + # openFirewall = true; + # machine-learning.enable = true; + # }; # services.nginx.virtualHosts."" = { # forceSSL = true; diff --git a/modules/services/mpd.nix b/modules/services/mpd.nix index 18bd767..232ef62 100644 --- a/modules/services/mpd.nix +++ b/modules/services/mpd.nix @@ -1,8 +1,13 @@ -{ username, config, ... }: +{ + username, + config, + pkgs, + ... +}: { services.mpd = { enable = true; - musicDirectory = "/dandelion/home/liv/music"; + musicDirectory = "/home/liv/Music"; extraConfig = '' audio_output { type "pipewire" @@ -13,10 +18,14 @@ # Optional: # network.listenAddress = "any"; # if you want to allow non-localhost connections - network.startWhenNeeded = false; # systemd feature: only start MPD service upon connection to its socket }; systemd.services.mpd.environment = { # see: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609 - XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.userRunningPipeWire.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket. + XDG_RUNTIME_DIR = "/run/user/${toString config.users.users.${username}.uid}"; # User-id must match above user. MPD will look inside this directory for the PipeWire socket. }; + + environment.systemPackages = with pkgs; [ + mpdris2 + ncmpcpp + ]; } diff --git a/modules/services/nfs.nix b/modules/services/nfs.nix new file mode 100644 index 0000000..5391100 --- /dev/null +++ b/modules/services/nfs.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + services = { + # Network shares + samba = { + package = pkgs.samba4Full; + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support (compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + openFirewall = true; + shares.main = { + path = "/spinners/rootvol/nfs"; + writable = "true"; + comment = "Hello world!"; + }; + }; + avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile` + #nssmdns4 = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + openFirewall = true; + }; + samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; + openFirewall = true; + }; + }; +} diff --git a/modules/services/prosody.nix b/modules/services/prosody.nix deleted file mode 100644 index cadd82e..0000000 --- a/modules/services/prosody.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - services.prosody = { - enable = false; - user = "acme"; - modules = { - welcome = true; - websocket = true; - watchregistrations = true; - }; - admins = [ "liv@liv.town" ]; - allowRegistration = false; - ssl.cert = "/var/lib/acme/liv.town/cert.pem"; - ssl.key = "/var/lib/acme/liv.town/key.pem"; - virtualHosts."liv.town" = { - enabled = true; - domain = "liv.town"; - ssl.cert = "/var/lib/acme/liv.town/fullchain.pem"; - ssl.key = "/var/lib/acme/liv.town/key.pem"; - }; - muc = [ - { - domain = "conference.liv.town"; - } - ]; - uploadHttp = { - domain = "upload.liv.town"; - }; - }; -} diff --git a/modules/services/violet.nix b/modules/services/violet.nix index 804e1b0..e87f7ff 100644 --- a/modules/services/violet.nix +++ b/modules/services/violet.nix @@ -3,11 +3,14 @@ imports = [ (import ./invidious.nix) ] ++ [ (import ./anubis.nix) ] + ++ [ (import ./borg.nix) ] ++ [ (import ./binternet-proxy.nix) ] + ++ [ (import ./bluemap-proxy.nix) ] ++ [ (import ./docker.nix) ] - ++ [ (import ./frp.nix) ] + # ++ [ (import ./frp.nix) ] ++ [ (import ./forgejo.nix) ] ++ [ (import ./grafana.nix) ] + ++ [ (import ./guacamole.nix) ] ++ [ (import ./gokapi.nix) ] ++ [ (import ./jellyfin.nix) ] ++ [ (import ./librey-proxy.nix) ] @@ -16,15 +19,13 @@ ++ [ (import ./mumble.nix) ] ++ [ (import ./monitoring.nix) ] ++ [ (import ./ntfy.nix) ] - ++ [ (import ./bluemap-proxy.nix) ] - ++ [ (import ./sharkey-proxy.nix) ] ++ [ (import ./nginx.nix) ] - # ++ [(import ./komga.nix)] ++ [ (import ./radicale.nix) ] - ++ [ (import ./prosody.nix) ] - ++ [ (import ./tailscale.nix) ] - ++ [ (import ./guacamole.nix) ] - ++ [ (import ./readarr.nix) ]; - # ++ [(import ./smart-monitoring.nix)] - # ++ [(import ./jitsi-meet.nix)] + ++ [ (import ./readarr.nix) ] + ++ [ (import ./sharkey-proxy.nix) ] + # ++ [ (import ./komga.nix) ] + # ++ [ (import ./prosody.nix) ] + ++ [ (import ./tailscale.nix) ]; + # ++ [ (import ./smart-monitoring.nix) ] + # ++ [ (import ./jitsi-meet.nix) ] } diff --git a/modules/services/xmpp.nix b/modules/services/xmpp.nix new file mode 100644 index 0000000..f9c5cf1 --- /dev/null +++ b/modules/services/xmpp.nix @@ -0,0 +1,29 @@ +{ + # services.prosody = { + # enable = false; + # user = "acme"; + # modules = { + # welcome = true; + # websocket = true; + # watchregistrations = true; + # }; + # admins = [ "liv@liv.town" ]; + # allowRegistration = false; + # ssl.cert = "/var/lib/acme/liv.town/cert.pem"; + # ssl.key = "/var/lib/acme/liv.town/key.pem"; + # virtualHosts."liv.town" = { + # enabled = true; + # domain = "liv.town"; + # ssl.cert = "/var/lib/acme/liv.town/fullchain.pem"; + # ssl.key = "/var/lib/acme/liv.town/key.pem"; + # }; + # muc = [ + # { + # domain = "conference.liv.town"; + # } + # ]; + # uploadHttp = { + # domain = "upload.liv.town"; + # }; + # }; +}