liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 15:00:13 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:c6601da4e073364aeb4c0ab6c22c20939b024259
Branches Tags
liv:master
...
compare: liv:0f2e67f35595a2a2fbc0e494ac18c16e7a3e225b
Branches Tags
liv:master

9 commits
c6601da4e0 ... 0f2e67f355

Author SHA1 Message Date
Ahwx
0f2e67f355 feat: enables tailscale for lily 2025-05-18 20:47:41 +02:00
Ahwx
7c9ab547e0 feat: adds dnsmasq and settings 2025-05-18 20:44:36 +02:00
Ahwx
9d40b2a439 feat: adds tailscale 2025-05-18 14:09:40 +02:00
Ahwx
f11ba8c63c feat: adds services for lily to run 2025-05-18 14:09:33 +02:00
Ahwx
88177be9a7 feat: adds unifi service so that lily can host that 2025-05-18 14:09:08 +02:00
Ahwx
eb6151b1ac feat: import wireguard to lily, import lily's services, disable firewall temporarily; chore: remove an old zfs line 2025-05-18 14:08:48 +02:00
Ahwx
02dea23351 refactor: prettier 2025-05-18 14:07:34 +02:00
Ahwx
232e57415a feat: enable dnsmasq 2025-05-17 18:20:32 +02:00
Ahwx
c4a99482cf feat: adds packages, import dns file; chore: cleanup some zfs stuff 2025-05-17 18:20:19 +02:00
7 changed files with 125 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

7
hosts/dandelion/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
{
imports = [
./hardware-configuration.nix

23
hosts/lily/default.nix
View file

@ -16,7 +16,10 @@ in
imports = [
./hardware-configuration.nix
./variables.nix
./dns.nix
./wireguard.nix
./../../modules/core/default.router.nix
./../../modules/services/lily.nix
];
liv = {
@ -25,7 +28,6 @@ in
};
boot = {
supportedFilesystems = [ "zfs" ];
loader.grub = {
enable = true;
device = "/dev/sda";
@ -51,7 +53,7 @@ in
networking = {
firewall = {
enable = true;
enable = false;
allowPing = true;
# allow ssh on *all* interfaces, even wan.
@ -87,20 +89,7 @@ in
environment.systemPackages = with pkgs; [
kitty.terminfo
zfs
tcpdump
dnsutils
];
networking.hostId = "8ddb2a9b";
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
};
# boot.zfs.extraPools = [ "terrabite" ];
# fileSystems."/terrabite/main" = {
# device = "terrabite/main";
# fsType = "zfs";
# };
}

31
hosts/lily/dns.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, config, ... }:
{
services = {
dnsmasq = {
enable = true;
settings = {
cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
server = [
"9.9.9.9"
"149.112.112.112"
];
domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
# configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
interface = "br-lan";
dhcp-host = "172.16.10.1";
# local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
local = "/local/";
domain = "local";
expand-hosts = true;
no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
address = "/booping.local/172.16.10.1";
};
};
};
}

3
hosts/lily/wireguard.nix Normal file
View file

@ -0,0 +1,3 @@
{
}

10
modules/services/lily.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }:
{
imports =
[ (import ./docker.nix) ]
++ [ (import ./monitoring.nix) ]
++ [ (import ./smart-monitoring.nix) ]
++ [ (import ./unifi.nix) ]
++ [ (import ./tailscale.nix) ]
++ [ (import ./grafana.nix) ];
}

3
modules/services/tailscale.nix Normal file
View file

@ -0,0 +1,3 @@
{
services.tailscale.enable = true;
}

66
modules/services/unifi.nix Normal file
View file

@ -0,0 +1,66 @@
{ pkgs, lib, ... }:
{
services.unifi = {
enable = true;
unifiPackage = pkgs.unifi8;
mongodbPackage = pkgs.mongodb-7_0;
};
# services.nginx = {
# enable = true;
# recommendedProxySettings = true;
# virtualHosts."unifi.local" = {
# forceSSL = true;
# useACMEHost = "unifi.local";
# locations."/" = {
# proxyPass = "https://127.0.0.1:8443";
# proxyWebsockets = true;
# };
# };
# };
# virtualisation.oci-containers.containers."unifi" = {
# image = "lscr.io/linuxserver/unifi-network-application:latest";
# autoStart = true;
# environmentFiles = [ /run/unifi/container-vars.env ];
# volumes = [
# "/etc/localtime:/etc/localtime:ro"
# "/run/unifi/data:/config"
# ];
# ports = [
# "8443:8443" # web admin UI
# "3478:3478/udp" # STUN
# "10001:10001/udp" # AP discovery
# "8080:8080" # device communication
# "6789:6789/udp" # mobile throughput test (assumption: wifiman)
# "5514:5514/udp" # remote syslog (optional)
# ];
# dependsOn = [
# "unifi-mongo"
# ];
# log-driver = "journald";
# };
# virtualisation.oci-containers.containers."unifi-mongo" = {
# image = "mongo:latest";
# autoStart = true;
# volumes = [
# "/etc/localtime:/etc/localtime:ro"
# "/run/unifi/mongo/db:/data/db"
# "/run/unifi/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
# ];
# log-driver = "journald";
# };
networking.firewall.interfaces."lan0" = {
allowedTCPPorts = [
8443 # web admin UI
8080 # device communication
];
allowedUDPPorts = [
6789 # mobile throughput test (assumption: wifiman)
5514 # remote syslog (optional)
3478 # STUN
10001 # AP discovery
];
};
}