liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2026-03-19 15:50:30 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:7dec0745a6a16db7c7f454a326cd225128978108
Branches Tags
liv:master
...
compare: liv:281f567843bb07b4d0f6b5503607e482e5916d4b
Branches Tags
liv:master

7 commits
7dec0745a6 ... 281f567843

Author SHA1 Message Date
Ahwx
281f567843 chore: merge remote-tracking branch 'refs/remotes/origin/master' 2026-01-08 21:26:36 +01:00
Ahwx
6c30d4518a feat: adds certificates for ahwx.org 2026-01-08 21:26:18 +01:00
Ahwx
bfc9907c81 feat: switch to vicinae 2026-01-08 21:24:06 +01:00
Ahwx
185fc681f5 feat: adds nextcloud (works!) 2025-12-31 01:43:47 +01:00
Ahwx
7671014026 chore: comment out anubis 2025-12-31 01:35:01 +01:00
Ahwx
2c2e1544c5 secrets: update 2025-12-26 20:18:05 +01:00
Ahwx
59db51c06b feat: adds gluetun-env 2025-12-26 20:17:52 +01:00
13 changed files with 131 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/core/sops.nix
View file

@ -21,6 +21,7 @@
"minioRootCredentials" = { }; "minioRootCredentials" = { };
"atticdEnvironment" = { }; "atticdEnvironment" = { };
"nextcloudPassword" = { }; "nextcloudPassword" = { };
"gluetunEnvironment" = { };
"matrixRegistrationSecret" = { "matrixRegistrationSecret" = {
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };

3
modules/home/hyprland/config.nix
View file

@ -261,7 +261,8 @@
"$mainMod, Q, killactive," "$mainMod, Q, killactive,"
"$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar "$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar
"$mainMod, Space, togglefloating," "$mainMod, Space, togglefloating,"
"$mainMod, D, exec, bemenu-run -l 5 --ignorecase" # "$mainMod, D, exec, bemenu-run -l 5 --ignorecase"
"$mainMod, D, exec, vicinae toggle"
"SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "SUPER SHIFT, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png" "SUPER, L, exec, swaylock --image /home/${username}/.local/share/bg.png"
"$mainMod, E, exec, nautilus" "$mainMod, E, exec, nautilus"

1
modules/home/hyprland/hyprland.nix
View file

@ -13,6 +13,7 @@
nwg-dock-hyprland nwg-dock-hyprland
hyprland-monitor-attached hyprland-monitor-attached
hypridle hypridle
vicinae
]; ];
# systemd.user.targets.hyprland-session.Unit.Wants = [ "xdg-desktop-autostart.target" ]; # systemd.user.targets.hyprland-session.Unit.Wants = [ "xdg-desktop-autostart.target" ];
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {

18
modules/services/anubis.nix
View file

@ -1,12 +1,12 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; # users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];
services.anubis = { #services.anubis = {
defaultOptions = { # defaultOptions = {
enable = true; # enable = true;
settings = { # settings = {
SERVE_ROBOTS_TXT = true; # SERVE_ROBOTS_TXT = true;
}; # };
}; # };
}; #};
} }

17
modules/services/attic.nix
View file

@ -32,19 +32,20 @@
}; };
}; };
}; };
anubis.instances.atticd = { #anubis.instances.atticd = {
settings = { # settings = {
TARGET = "http://localhost:8060"; # TARGET = "http://localhost:8060";
BIND = ":8061"; # BIND = "/run/anubis/anubis-atticd/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-atticd/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."cache.liv.town" = { nginx.virtualHosts."cache.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.atticd.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.atticd.settings.BIND}";
proxyPass = "http://localhost:8060";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

20
modules/services/binternet-proxy.nix
View file

@ -1,19 +1,23 @@
{ config, ... }: { config, ... }:
let
target = "http://localhost:8081";
in
{ {
services = { services = {
anubis.instances.binternet = { #anubis.instances.binternet = {
settings = { # settings = {
TARGET = "http://localhost:8081"; # TARGET = target;
BIND = ":8082"; # BIND = "/run/anubis/anubis-binternet/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-binternet/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."curate.liv.town" = { nginx.virtualHosts."curate.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.binternet.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.binternet.settings.BIND}";
proxyPass = target;
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

17
modules/services/forgejo.nix
View file

@ -68,19 +68,20 @@ in
# }; # };
# }; # };
# }; # };
anubis.instances.forgejo = { #anubis.instances.forgejo = {
settings = { # settings = {
TARGET = "http://localhost:3050"; # TARGET = "http://localhost:3050";
BIND = ":3051"; # BIND = "/run/anubis/anubis-forgejo/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-forgejo/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."code.liv.town" = { nginx.virtualHosts."code.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.forgejo.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.forgejo.settings.BIND}";
proxyPass = "http://localhost:3050";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

17
modules/services/guacamole.nix
View file

@ -17,19 +17,20 @@
guacd-hostname = "localhost"; guacd-hostname = "localhost";
}; };
}; };
anubis.instances.guacamole = { #anubis.instances.guacamole = {
settings = { # settings = {
TARGET = "http://localhost:4822"; # TARGET = "http://localhost:4822";
BIND = ":4883"; # BIND = "/run/anubis/anubis-guacamole/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-guacamole/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."remote.liv.town" = { nginx.virtualHosts."remote.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.guacamole.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.guacamole.settings.BIND}";
proxyPass = "http://${toString config.services.guacamole-server.host}:${toString config.services.guacamole-server.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

20
modules/services/librey-proxy.nix
View file

@ -1,19 +1,23 @@
{ config, ... }: { config, ... }:
let
target = "http://localhost:8078";
in
{ {
services = { services = {
anubis.instances.librey = { #anubis.instances.librey = {
settings = { # settings = {
TARGET = "http://localhost:8078"; # TARGET = target;
BIND = ":8079"; # BIND = "/run/anubis/anubis-librey/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-librey/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."search.liv.town" = { nginx.virtualHosts."search.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.librey.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.librey.settings.BIND}";
proxyPass = target;
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

59
modules/services/nextcloud.nix
View file

@ -1,19 +1,33 @@
{ ... }: { config, pkgs, ... }:
{ {
services.nextcloud = { services.nextcloud = {
enable = false; enable = true;
config.dbtype = "sqlite"; package = pkgs.nextcloud32;
configureRedis = true; hostName = "cloud.liv.town";
home = "/home/liv/nextcloud"; # appstoreEnable = true;
config.adminpassFile = "/run/nextcloud/adminpassFile";
maxUploadSize = "25G";
https = true; https = true;
hostName = "dandelion.srv.liv.town"; maxUploadSize = "10G";
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
news
contacts
calendar
groupfolders
notify_push
;
};
config = {
adminuser = "root";
adminpassFile = config.sops.secrets.nextcloudPassword.path;
dbtype = "sqlite";
};
configureRedis = true;
settings = { settings = {
trusted_domains = [ mail_smtphost = "smtp.migadu.com";
"dandelion.srv.liv.town" mail_smtpport = 465;
"files.dandelion.srv.liv.town" mail_smtpname = "notifications@liv.town";
]; mail_smtpauth = true;
trusted_domains = [ "cloud.liv.town" ];
enabledPreviewProviders = [ enabledPreviewProviders = [
"OC\\Preview\\BMP" "OC\\Preview\\BMP"
"OC\\Preview\\GIF" "OC\\Preview\\GIF"
@ -29,4 +43,25 @@
]; ];
}; };
}; };
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
};
systemd.services.nextcloud-custom-config = {
path = [
config.services.nextcloud.occ
];
script = ''
nextcloud-occ theming:config name "livnet"
# nextcloud-occ theming:config description "liv to your fullest"
nextcloud-occ theming:config url "https://cloud.liv.town";
# nextcloud-occ theming:config privacyUrl "https://liv.town/privacy";
nextcloud-occ theming:config color "#3253a5";
'';
# nextcloud-occ theming:config logo ${./logo.png}
after = [ "nextcloud-setup.service" ];
wantedBy = [ "multi-user.target" ];
};
} }

8
modules/services/nginx.nix
View file

@ -24,6 +24,14 @@
environmentFile = "/home/liv/desec.env"; # location of your DESEC_TOKEN=[value] environmentFile = "/home/liv/desec.env"; # location of your DESEC_TOKEN=[value]
webroot = null; webroot = null;
}; };
"ahwx.org" = {
domain = "*.ahwx.org";
extraDomainNames = [ "ahwx.org" ];
group = config.services.nginx.group;
dnsProvider = "desec";
environmentFile = "/home/liv/desec.env"; # location of your DESEC_TOKEN=[value]
webroot = null;
};
"quack.social" = { "quack.social" = {
domain = "*.quack.social"; domain = "*.quack.social";
extraDomainNames = [ "quack.social" ]; extraDomainNames = [ "quack.social" ];

17
modules/services/uptime-kuma.nix
View file

@ -5,19 +5,20 @@
enable = true; enable = true;
settings.PORT = "4800"; settings.PORT = "4800";
}; };
anubis.instances.uptime-kuma = { #anubis.instances.uptime-kuma = {
settings = { # settings = {
TARGET = "http://localhost:4800"; # TARGET = "http://localhost:4800";
BIND = ":4801"; # BIND = "/run/anubis/anubis-uptime-kuma/anubis.sock";
BIND_NETWORK = "tcp"; # METRICS_BIND = "/run/anubis/anubis-uptime-kuma/anubis.sock";
}; # };
}; #};
nginx.virtualHosts."uptime.liv.town" = { nginx.virtualHosts."uptime.liv.town" = {
forceSSL = true; forceSSL = true;
sslCertificate = "/var/lib/acme/liv.town/cert.pem"; sslCertificate = "/var/lib/acme/liv.town/cert.pem";
sslCertificateKey = "/var/lib/acme/liv.town/key.pem"; sslCertificateKey = "/var/lib/acme/liv.town/key.pem";
locations."/" = { locations."/" = {
proxyPass = "http://localhost${toString config.services.anubis.instances.uptime-kuma.settings.BIND}"; # proxyPass = "http://unix:${toString config.services.anubis.instances.uptime-kuma.settings.BIND}";
proxyPass = "http://localhost:4800";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

5
secrets/violet/secrets.yaml
View file

File diff suppressed because one or more lines are too long