chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

moved over a load more modules

Browse source
This commit is contained in:
Chris Kruining 2025-07-23 23:56:56 +02:00
parent 21f6f37911
commit 30501b7fac
Signed by: chris
SSH key fingerprint: SHA256:nG82MUfuVdRVyCKKWqhY+pCrbz9nbX6uzUns4RKa1Pg
34 changed files with 226 additions and 578 deletions
Download patch file Download diff file Expand all files Collapse all files

25
modules/nixos/boot/default.nix
View file

@ -1,12 +1,12 @@
{ lib, namespace, config, ... }:
{ lib, namespace, config, pkgs, ... }:
let
inherit (lib) mkIf mkMerge mkDefault mkEnableOption;
inherit (lib.types) enum;
inherit (lib) mkIf mkMerge mkDefault mkOption;
inherit (lib.types) enum bool;
cfg = config.${namespace}.boot;
in
{
config.${namespace}.boot = {
options.${namespace}.boot = {
type = mkOption {
type = enum [ "bios" "uefi" ];
default = "uefi";
@ -25,7 +25,16 @@ in
config = mkMerge [
({
boot.loader.grub.enable = mkDefault true;
boot.loader = {
systemd-boot.enable = false;
grub.enable = true;
grub2-theme = {
enable = true;
theme = "vimix";
footer = true;
};
};
})
(mkIf cfg.type == "bios" {
@ -52,7 +61,7 @@ in
verbose = false;
};
kernelParams = [
kernelParams = [
"quiet"
"loglevel=3"
"systemd.show_status=auto"
@ -68,7 +77,7 @@ in
(mkIf cfg.animated {
boot.plymouth = {
enable = true;
theme = mkDefault "pixels";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
@ -78,4 +87,4 @@ in
};
})
];
}
}

10
modules/nixos/default.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
{ config, lib, namespace, ... }:
let
inherit (lib) mkOption mkMerge attrNames filterAttrs;
inherit (lib) mkIf mkDefault mkOption mkMerge;
inherit (lib.types) nullOr enum;
cfg = config.${namespace};
@ -17,7 +17,7 @@ in
config = mkMerge [
(mkIf cfg.preset == "desktop" {
"${namespace}" = mkDefault {
${namespace} = mkDefault {
hardware.has = {
audio = true;
};
@ -26,7 +26,7 @@ in
quiet = true;
animated = true;
};
desktop.use = "kde";
};
})
@ -39,4 +39,4 @@ in
};
})
];
}
}

15
modules/nixos/desktop/default.nix
View file

@ -1,24 +1,19 @@
{ lib, config, namespace, ... }:let
inherit (lib) mkOption mkMerge attrNames filterAttrs;
inherit (lib.types) nullOr enum bool;
inherit (lib) mkIf mkOption mkEnableOption mkMerge attrNames filterAttrs readDir;
inherit (lib.types) nullOr enum;
cfg = config.${namespace}.desktop;
in
{
options.${namespace}.desktop = {
use = mkOption {
type = nullOr enum (attrNames (filterAttrs (n: type == "directory") (readDir ./.)));
type = nullOr enum (attrNames (filterAttrs (n: type: type == "directory") (readDir ./.)));
default = null;
example = "plasma";
description = "Which desktop to enable";
};
autoLogin = mkOption {
type = bool;
default = false;
example = true;
description = "Enable plasma's auto login feature.";
};
autoLogin = mkEnableOption "Enable plasma's auto login feature.";
};
config = mkMerge [
@ -27,7 +22,7 @@ in
services.displayManager = {
enable = true;
autoLogin = mkIf cfg.autoLogin {
enable = true;
};

2
modules/nixos/desktop/gamescope/default.nix
View file

@ -1,5 +1,5 @@
{ lib, config, namespace, inputs, ... }:let
inherit (lib) mkEnableOption;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.gamescope;
in

3
modules/nixos/desktop/gnome/default.nix
View file

@ -1,6 +1,5 @@
{ lib, config, namespace, ... }:let
inherit (lib) mkEnableOption mkOption;
inherit (lib.types) bool;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.gnome;
in

5
modules/nixos/desktop/plasma/default.nix
View file

@ -1,6 +1,5 @@
{ lib, config, namespace, ... }:let
inherit (lib) mkEnableOption mkOption;
inherit (lib.types) bool;
{ pkgs, lib, config, namespace, ... }:let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.plasma;
in

4
modules/nixos/hardware/audio/default.nix
View file

@ -5,7 +5,7 @@ let
cfg = config.${namespace}.hardware.has.audio;
in
{
config.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth";
options.${namespace}.hardware.has.audio = mkEnableOption "Enable bluetooth";
config = mkIf cfg {
environment.systemPackages = with pkgs; [
@ -27,4 +27,4 @@ in
};
};
};
}
}

4
modules/nixos/hardware/bluetooth/default.nix
View file

@ -5,7 +5,7 @@ let
cfg = config.${namespace}.hardware.has.bluetooth;
in
{
config.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
options.${namespace}.hardware.has.bluetooth = mkEnableOption "Enable bluetooth";
config = mkIf cfg {
hardware.bluetooth = {
@ -22,4 +22,4 @@ in
};
};
};
}
}

4
modules/nixos/hardware/gpu/amd.nix
View file

@ -5,7 +5,7 @@ let
cfg = config.${namespace}.hardware.has.gpu.amd;
in
{
config.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
options.${namespace}.hardware.has.gpu.amd = mkEnableOption "Enable AMD gpu configuration";
config = mkIf cfg {
services.xserver.videoDrivers = [ "amd" ];
@ -26,4 +26,4 @@ in
};
};
};
}
}

4
modules/nixos/hardware/gpu/nvidia.nix
View file

@ -5,7 +5,7 @@ let
cfg = config.${namespace}.hardware.has.gpu.nvidia;
in
{
config.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
options.${namespace}.hardware.has.gpu.nvidia = mkEnableOption "Enable NVidia gpu configuration";
config = mkIf cfg {
services.xserver.videoDrivers = [ "nvidia" ];
@ -28,4 +28,4 @@ in
};
};
};
}
}

46
modules/nixos/hardware/keyboard/voyager.nix Normal file
View file

@ -0,0 +1,46 @@
{ lib, config, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.hardware.keyboard.voyager;
in
{
options.${namespace}.hardware.keyboard.voyager = {
enble = mkEnableOption "Enable tools for ZSA Voyager";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
keymapp
];
hardware.keyboard.zsa.enable = true;
services.udev.extraRules = ''
# Rules for Oryx web flashing and live training
KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev"
KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev"
# Legacy rules for live training over webusb (Not needed for firmware v21+)
# Rule for all ZSA keyboards
SUBSYSTEM=="usb", ATTR{idVendor}=="3297", GROUP="plugdev"
# Rule for the Moonlander
SUBSYSTEM=="usb", ATTR{idVendor}=="3297", ATTR{idProduct}=="1969", GROUP="plugdev"
# Rule for the Ergodox EZ
SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="1307", GROUP="plugdev"
# Rule for the Planck EZ
SUBSYSTEM=="usb", ATTR{idVendor}=="feed", ATTR{idProduct}=="6060", GROUP="plugdev"
# Wally Flashing rules for the Ergodox EZ
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1"
ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666"
KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666"
# Keymapp / Wally Flashing rules for the Moonlander and Planck EZ
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu"
# Keymapp Flashing rules for the Voyager
SUBSYSTEMS=="usb", ATTRS{idVendor}=="3297", MODE:="0666", SYMLINK+="ignition_dfu"
'';
};
}

4
modules/nixos/nix/default.nix
View file

@ -5,7 +5,7 @@ let
cfg = config.${namespace}.nix;
in
{
config.${namespace}.nix = {
options.${namespace}.nix = {
enable = mkEnableOption "Enable nix command";
};
@ -39,4 +39,4 @@ in
channel.enable = false;
};
};
}
}

225
modules/nixos/services/authentication/authelia.nix Normal file
View file

@ -0,0 +1,225 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
user = "authelia-testing";
cfg = config.${namespace}.services.authentication.authelia;
in
{
options.${namespace}.services.authentication.authelia = {
enable = mkEnableOption "Authelia";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
authelia
];
services.authelia.instances.testing = {
enable = true;
secrets = {
storageEncryptionKeyFile = "/etc/authelia/testing/storageEncryptionKeyFile";
jwtSecretFile = "/etc/authelia/testing/jwtSecretFile";
sessionSecretFile = "/etc/authelia/testing/sessionSecrets";
};
settings = {
theme = "auto";
server = {
address = "tcp://127.0.0.1:9091";
};
# administration = {
# enable = true;
# enable_ui = true;
# address = "tcp://127.0.0.1:9092";
# users = [ "chris" ];
# groups = [ "admin" ];
# };
log = {
level = "info";
format = "json";
};
authentication_backend.file.path = "/etc/authelia/testing/users_database.yml";
access_control = {
default_policy = "deny";
rules = [
{
domain = ["auth.kruining.eu"];
policy = "bypass";
}
{
domain = ["*.kruining.eu"];
policy = "one_factor";
}
];
};
session = {
name = "authelia_testing_session";
expiration = "12h";
inactivity = "45m";
remember_me = "1m";
# redis.host = "/run/redis-authelia-testing/redis.sock";
cookies = [
{
domain = "kruining.eu";
authelia_url = "https://auth.kruining.eu";
default_redirection_url = "https://media.kruining.eu";
name = "authelia_session";
}
];
};
regulation = {
max_retries = 300;
find_time = "5m";
ban_time = "15m";
};
storage = {
local.path = "/var/lib/authelia-testing/db.sqlite3";
};
notifier = {
disable_startup_check = false;
filesystem.filename = "/var/lib/authelia-testing/notifications.txt";
};
identity_providers.oidc = {
jwks = [
{
# Authelia wants at least one private RSA key (why not just allow ecdsa is beyond me)
key = "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCrkJ2iCcGbZwr9\ntWGiQLzL1OV7WoC8OpRIvtVusyJ6YQGkcB9F3PV+wjzBCojIibjMpWci6vq7sZQp\nnttRsXIBRxyhUoWcg1X8zR2ebFPMqPkfQEYhCPxts/5iaVwESt+77RAeaoJu6Va4\n6ugCHUsujMDGNhXNHWNn1euXT/jnTID8zT2eff8XYItK/vAJgv9ZbDDcamZFqNAK\nWBLGQZGO5GGCDtp99yFlGgG8zhaYpqw/eC/DhRr/O0N0PkQBRsD0mJ5aWCeVIVKB\nP/W35L23XFlgupOcWpZ4Bf7ivjxfakBHq/yYcvq60a9LjwLW+QXyvdvWe7jdV+Bp\nON9VlJ1PAgMBAAECggEANT8o7UWB5S1R5/QHXUgiUFC++E3abpDvvLQdocHPDZRV\n4ic6TYCKYND/8hnG4hZ8WGdtXxT2xJIUneZDw1MDQwpDBH6MIUtRwKgYbTbJu1cm\nGmDkYxRa4+FdLkXs3Rgv4C9vNUFxQeMBm1qsrxtQXh4pJlta4NIiK/Pkro2Pfplp\nyKb5E7HhusHiLqezcPhErYnYQmLPtmInqfQnBAsGehiY6ZL3TMIGTo1FDrIEhu9q\nz31WaK8NuNd/bUqiEdFIVtNt3cSOfqCrtC20LwTIYiv/tDz0ahFOCA42vHSdkz35\nnO1dEkP2YCimTHbw9KwHmzkYL6Q2jd89L8/oCe2dYQKBgQDRz2pvfJjdb4FXLRH/\n/iEsDseRu2z2fg7SBNMloTV/dQGpvBgsEZDWlJw7NyIm2rlZ0kkae9QfLECJeT6A\nZuXnOuUDNUBE5/nj2DBC34gHotpErcJBTlKmr/KfILnh1uDVwLizYNQ6KZ6s3EK8\nSvLXNbEDrJ3HkQbs6OPtZsEVawKBgQDRVcCf+8wxdK1AF474F1E9zAvN8i5+6xIW\nb+YUDuueCzJf8h3wU9Chf/ItEtknw1CHQFNOmLodtQJgGzGDG0R6xmQnfUQIsky1\nO3HDs4xlCggfq9AWm+RKr5r3T34CiJfA4ZUq6i2FKNkdQREArJWcC4cjRItZvGj6\nKJ5ZRDBsrQKBgCnD9lYXIX8DEWY/LJQfDI9uqb+S5c/zrBOWrkmRW8rxidE2BkHP\nhVuR3b/T69J8O+VrfO3utH04G+jB3/VDhoSPLsOCuDZ/TzlR8dl+EeAjRPvi8wZ5\nBu7zm4KdyyLv2XXzlVDv949UdafHeOluqgS5RXGLzSTK8+v5OFYr3EfdAoGAJIP4\n3e9mZxobPprdbZljqov1Yy9jvO/0b8WFNOqFX0REvUfWwR1dv046SHKJPs5rNaya\n25L4pEX27BzSPjR7dY812U2YmIvBpbuA1Mp1Kwrc7+lgmxEGeaC4P3u2V2rMTfEL\nvDitSBUgCmJXPO7eCiJYqGZEiJq9FSYQuTGT4OECgYEAjR+dtmZkcszRo77XdXDo\nRFMlx47R5Xk4R2+faYneCkNJ/MqZdeQ3CxcfQFQHpNJb+1kacXusRDvlm2/777fj\nCOLxaxY6akOEG6dkgmWHzzm9JpmZ63g0I9k+C3zbyQnFyNRQmNW2gGCVwekRmAz+\n/a98+6ip2LRkTQYhZ064rfc=\n-----END PRIVATE KEY-----";
}
];
clients = [
{
client_id = "jellyfin";
client_name = "Jellyfin";
# af0WDhM6DILapBO.8Puu8IR1tyXLPqQNUoROgx4A8JWVIxRno4IhvXCMaN1zveuJzw1yw2h3
client_secret = "$pbkdf2-sha512$310000$9C/krTomC0MUJ2QosHwEKA$43H4gm6yaz.fU5eZsN/KxPDuL/S4jPjaNOcAKyU/uz7IVNDSQo71XQ3sqKZITZ/FLYTN5kxTlVUhEMB9Orlh1g";
token_endpoint_auth_method = "client_secret_post";
public = false;
require_pkce = true;
pkce_challenge_method = "S256";
authorization_policy = "one_factor";
userinfo_signed_response_alg = "none";
consent_mode = "implicit";
scopes = [ "openid" "profile" "groups" ];
redirect_uris = [ "https://jellyfin.kruining.eu/sso/OID/redirect/authelia" ];
}
{
client_id = "streamarr";
client_name = "Streamarr";
# ZPuiW2gpVV6MGXIJFk5P3EeSW8V_ICgqduF.hJVCKkrnVmRqIQXRk0o~HSA8ZdCf8joA4m_F
client_secret = "$pbkdf2-sha512$310000$CzZjvJT75bz5z7MjwxsEtg$JtOiIgaY5/HcLLxJgyX4zvsQV9jIoow0e4JdlFsk/LWRDOJ0kc.PzstlYfw7QERTXtJILoWsDqPzmvpneK5Leg";
public = false;
require_pkce = true;
pkce_challenge_method = "S256";
token_endpoint_auth_method = "client_secret_post";
authorization_policy = "one_factor";
userinfo_signed_response_alg = "none";
consent_mode = "implicit";
scopes = [ "offline_access" "openid" "email" "picture" "profile" "groups" ];
redirect_uris = [ "http://localhost:3000/api/auth/oauth2/callback/authelia" ];
}
];
};
};
};
systemd = {
tmpfiles.rules = [
"d /var/lib/authelia-testing 400 ${user} ${user} -"
];
};
# These should not be set from nix but through other means to not leak the secret!
# This is purely for testing purposes!
environment.etc = {
"authelia/testing/storageEncryptionKeyFile" = {
mode = "0400";
user = user;
text = "you_must_generate_a_random_string_of_more_than_twenty_chars_and_configure_this";
};
"authelia/testing/jwtSecretFile" = {
mode = "0400";
user = user;
text = "a_very_important_secret";
};
"authelia/testing/sessionSecrets" = {
mode = "0400";
user = user;
text = "some_session_secrets";
};
"authelia/testing/users_database.yml" = {
mode = "0400";
user = user;
text = ''
users:
chris:
disabled: false
displayname: Chris Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$xl+ILZXFedOXb0Vb/Pao0Q$jfTun8xPYLQNcsjZCcyCeXMzxHAQWOtR7+4BJ+VS6n4
email: 'chris@kruining.eu'
picture: 'https://avatars.githubusercontent.com/u/5786905?v=4'
groups:
- jellyfin-admins
- jellyfin-users
- admin
- dev
jacqueline:
disabled: false
displayname: Jacqueline Bevers
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
martijn:
disabled: false
displayname: Martijn Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
andrea:
disabled: false
displayname: Andrea Kruining
password: $argon2id$v=19$m=65536,t=3,p=4$XgN8yEJV+syAE5yeos3HsA$SlN+j/lJfxJ5VxLu2CdrwowlCiWQNNGhIrSyDpohq18
groups:
- jellyfin-users
'';
};
};
services.caddy = {
enable = true;
virtualHosts = {
"auth.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:9091
'';
};
extraConfig = ''
(auth) {
forward_auth http://127.0.0.1:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
'';
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}

1
modules/nixos/services/authentication/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: {}

23
modules/nixos/services/authentication/himmelblau.nix Normal file
View file

@ -0,0 +1,23 @@
{ inputs, lib, config, namespace, ... }: let
inherit (lib) mkEnableOption mkIf;
cfg = config.${namespace}.services.authentication.himmelblau;
in
{
imports = [ inputs.himmelblau.nixosModules.himmelblau ];
options.${namespace}.services.authentication.himmelblau = {
enable = mkEnableOption "enable azure entra ID authentication";
};
config = mkIf cfg.enable {
services.himmelblau = {
enable = true;
settings = {
domains = [];
pam_allow_groups = [];
local_groups = [];
};
};
};
}

86
modules/nixos/services/authentication/zitadel.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.authentication.zitadel;
db_name = "zitadel";
db_user = "zitadel";
in
{
options.${namespace}.services.authentication.zitadel = {
enable = mkEnableOption "Zitadel";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
zitadel
];
services = {
zitadel = {
enable = true;
openFirewall = true;
masterKeyFile = config.sops.secrets."zitadel/masterKey".path;
tlsMode = "external";
settings = {
Port = 9092;
Database = {
Host = "/run/postgresql";
# Zitadel will report error if port is not set
Port = 5432;
Database = db_name;
User.Username = db_user;
};
};
steps = {
TestInstance = {
InstanceName = "Zitadel test";
Org = {
Name = "Kruining.eu";
Human = {
UserName = "admin";
Password = "kaas";
};
};
};
};
};
postgresql = {
enable = true;
ensureDatabases = [ db_name ];
ensureUsers = [
{
name = db_user;
ensureDBOwnership = true;
}
];
};
caddy = {
enable = true;
virtualHosts = {
"auth-z.kruining.eu".extraConfig = ''
reverse_proxy h2c://127.0.0.1:9092
'';
};
# extraConfig = ''
# (auth) {
# forward_auth h2c://127.0.0.1:9092 {
# uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# }
# }
# '';
};
};
# Secrets
sops.secrets."zitadel/masterKey" = {
owner = "zitadel";
group = "zitadel";
restartUnits = [ "zitadel.service" ];
};
};
}

179
modules/nixos/services/games/minecraft.nix Normal file
View file

@ -0,0 +1,179 @@
{ inputs, config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.games.minecraft;
in
{
imports = [
inputs.nix-minecraft.nixosModules.minecraft-servers
];
options.${namespace}.services.games.minecraft = {
enable = mkEnableOption "Minecraft";
user = mkOption {
type = str;
default = "minecraft";
};
group = mkOption {
type = str;
default = "minecraft";
};
};
config = mkIf cfg.enable {
user.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
};
services = {
minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
user = cfg.user;
dataDir = "/var/lib/minecraft";
managementSystem = {
tmux.enable = false;
systemd-socket.enable = true;
};
servers = let
whitelist = {
ChrisPBacon = "e6128495-075b-44a9-87f6-8d844d5ea0e4";
satanjr616 = "1718f9d5-df1d-4aac-b10c-3229a0f1e8b2";
Ono95 = "010e7652-6d5d-4f9e-af89-438c8fe694ca";
JackLeLumber = "41910a94-8c8e-4528-a8ca-a2d7043f069d";
DarkyLink = "6faddb7f-12a9-4aac-bc08-dd6db892a380";
Archonite86 = "b5ab594d-de1c-4453-ba32-9107452be51b";
NotACultist86 = "44ac3f7c-0e18-4234-bb04-11a0652cdaeb";
};
ops = [
{
uuid = "e6128495-075b-44a9-87f6-8d844d5ea0e4";
name = "ChrisPBacon";
level = 4;
bypassesPlayerLimit = false;
}
{
uuid = "6faddb7f-12a9-4aac-bc08-dd6db892a380";
name = "DarkyLink";
level = 4;
bypassesPlayerLimit = false;
}
];
jvmOpts = "-Xms2048M -Xmx2048M -XX:+UseG1GC";
in {
vanilla = {
enable = true;
autoStart = true;
restart = "always";
inherit whitelist;
inherit jvmOpts;
package = pkgs.fabricServers.fabric-1_21_4.override { loaderVersion = "0.16.10"; };
serverProperties = {
gamemode = "survival";
difficulty = 3;
motd = "Chris' vanilla server";
white-list = true;
simulation-distance = 10;
server-port = 25501;
level-name = "world";
allow-flight = true;
enable-command-block = true;
enforce-whitelist = true;
spawn-protection = 0;
};
files."ops.json" = {
value = ops;
};
symlinks = let
inherit (builtins) attrValues;
inherit (pkgs) linkFarmFromDrvs fetchurl;
in {
mods = linkFarmFromDrvs "mods" (attrValues {
FabricApi = fetchurl { url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/ZNwYCTsk/fabric-api-0.118.0%2B1.21.4.jar"; sha512 = "1e0d31b6663dc2c7be648f3a5a9cf7b698b9a0fd0f7ae16d1d3f32d943d7c5205ff63a4f81b0c4e94a8997482cce026b7ca486e99d9ce35ac069aeb29b02a30d"; };
Terralith = fetchurl { url = "https://cdn.modrinth.com/data/8oi3bsk5/versions/MuJMtPGQ/Terralith_1.21.x_v2.5.8.jar"; sha512 = "f862ed5435ce4c11a97d2ea5c40eee9f817c908f3223b5fd3e3fff0562a55111d7429dc73a2f1ca0b1af7b1ff6fa0470ed6efebb5de13336c40bb70fb357dd60"; };
# DistantHorizons = fetchurl { url = "https://cdn.modrinth.com/data/uCdwusMi/versions/jptcCdp2/DistantHorizons-2.2.1-a-1.20.4-forge-fabric.jar"; sha512 = "47368d91099d0b5f364339a69f4e425f8fb1e3a7c3250a8b649da76135e68a22f1a76b191c87e15a5cdc0a1d36bc57f2fa825490d96711d09d96807be97d575d"; };
});
};
};
tekxit = let
inherit (pkgs) fetchzip;
src = fetchzip {
url = "https://tekxit.b-cdn.net/downloads/tekxit4/12.0.0Tekxit4Server.zip";
hash = "sha256-4NqeMGOpji/gMH8XX8RemkBAOB9ID/i1S3/xXgD23to=";
stripRoot = true;
};
in {
enable = true;
autoStart = true;
restart = "no";
inherit whitelist;
inherit jvmOpts;
package = pkgs.fabricServers.fabric-1_19_2.override { loaderVersion = "0.16.9"; };
serverProperties = {
gamemode = "survival";
difficulty = 3;
motd = "Chris' vanilla server";
white-list = true;
simulation-distance = 10;
server-port = 25502;
level-name = "world";
allow-flight = true;
enable-command-block = true;
enforce-whitelist = true;
spawn-protection = 0;
};
files = let
inherit (builtins) readDir;
inherit (lib) concatMapAttrs;
readDirRec = src: dir: fn:
concatMapAttrs (name: type: if type == "directory"
then (readDirRec src "${dir}/${name}" fn)
else { "${dir}/${name}" = (fn "${dir}/${name}"); }
) (readDir "${src}/${dir}");
copyDir = dir: readDirRec src dir (x: "${src}/${x}");
in {
"ops.json" = {
value = ops;
};
}
// (copyDir "config");
symlinks = let
inherit (builtins) attrNames readDir map;
inherit (pkgs) linkFarm;
linkFarmFromDir = name: dir: linkFarm name (map (x: { name = x; path = "${src}/${dir}/${x}"; }) (attrNames (readDir "${src}/${dir}")));
in {
Deftu = linkFarmFromDir "tekxit-deftu" "Deftu";
TKXAddons = linkFarmFromDir "tekxit-TKXAddons" "TKXAddons";
mods = linkFarmFromDir "tekxit-mods" "mods";
scripts = linkFarmFromDir "tekxit-scripts" "scripts";
};
};
};
};
};
};
}

25
modules/nixos/services/games/palworld.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.services.games.palworld;
in
{
options.${namespace}.services.games.palworld = {
enable = mkEnableOption "Palworld";
};
config = mkIf cfg.enable {
# kaas = (pkgs.mkSteamServer rec {
# name = "Palworld";
# src = pkgs.fetchSteam {
# inherit name;
# appId = "2394010";
# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
# };
#
# sartCmd = "PalServer.sh";
# hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
# });
};
}

104
modules/nixos/services/media/default.nix
View file

@ -1,12 +1,28 @@
{ lib, namespace, config, ... }:
{ pkgs, lib, namespace, config, ... }:
let
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media;
in
{
config.${namespace}.services.media = {
options.${namespace}.services.media = {
enable = mkEnableOption "Enable media services";
user = mkOption {
type = str;
default = "media";
};
group = mkOption {
type = str;
default = "media";
};
path = mkOption {
type = str;
default = "/var/media";
};
};
config = mkIf cfg.enable {
@ -23,7 +39,7 @@ in
id3v2
yt-dlp
];
# need to permit these outdated packages until servarr finally upgrades at some point...
permittedInsecurePackages = [
"dotnet-sdk-6.0.428"
@ -34,22 +50,22 @@ in
# Prepare system
#=========================================================================
users = {
users.${user} = {
users.${cfg.user} = {
isSystemUser = true;
group = group;
group = cfg.group;
};
groups.${group} = {};
groups.${cfg.group} = {};
};
systemd.tmpfiles.rules = [
"d '${directory}/series' 0700 ${user} ${group} - -"
"d '${directory}/movies' 0700 ${user} ${group} - -"
"d '${directory}/music' 0700 ${user} ${group} - -"
"d '${directory}/qbittorrent' 0700 ${user} ${group} - -"
"d '${directory}/sabnzbd' 0700 ${user} ${group} - -"
"d '${directory}/reiverr/config' 0700 ${user} ${group} - -"
"d '${directory}/downloads/incomplete' 0700 ${user} ${group} - -"
"d '${directory}/downloads/done' 0700 ${user} ${group} - -"
"d '${cfg.directory}/series' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/movies' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/music' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/qbittorrent' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/sabnzbd' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/reiverr/config' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/downloads/incomplete' 0700 ${cfg.user} ${cfg.group} - -"
"d '${cfg.directory}/downloads/done' 0700 ${cfg.user} ${cfg.group} - -"
];
#=========================================================================
@ -59,8 +75,8 @@ in
serviceConf = {
enable = true;
openFirewall = true;
user = user;
group = group;
user = cfg.user;
group = cfg.group;
};
in {
jellyfin = serviceConf;
@ -69,11 +85,6 @@ in
bazarr = serviceConf;
lidarr = serviceConf;
lanraragi = {
enable = true;
port = 6969;
};
jellyseerr = {
enable = true;
openFirewall = true;
@ -87,20 +98,34 @@ in
qbittorrent = {
enable = true;
openFirewall = true;
dataDir = "${directory}/qbittorrent";
dataDir = "${cfg.directory}/qbittorrent";
port = 5000;
user = user;
group = group;
user = cfg.user;
group = cfg.group;
};
sabnzbd = {
enable = true;
openFirewall = true;
configFile = "${directory}/sabnzbd/config.ini";
configFile = "${cfg.directory}/sabnzbd/config.ini";
user = user;
group = group;
user = cfg.user;
group = cfg.group;
};
caddy = {
enable = true;
virtualHosts = {
"media.kruining.eu".extraConfig = ''
import auth
reverse_proxy http://127.0.0.1:9494
'';
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
};
};
};
@ -123,31 +148,12 @@ in
image = "ghcr.io/aleksilassila/reiverr:v2.2.0";
autoStart = true;
ports = [ "127.0.0.1:9494:9494" ];
volumes = [ "${directory}/reiverr/config:/config" ];
volumes = [ "${cfg.directory}/reiverr/config:/config" ];
};
};
};
};
#=========================================================================
# Hosting
#=========================================================================
services = {
caddy = {
enable = true;
virtualHosts = {
"media.kruining.eu".extraConfig = ''
import auth
reverse_proxy http://127.0.0.1:9494
'';
"jellyfin.kruining.eu".extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 6969 ];
};
}
}

88
modules/nixos/services/media/nextcloud.nix Normal file
View file

@ -0,0 +1,88 @@
{ config, lib, pkgs, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib.types) str;
cfg = config.${namespace}.services.media.nextcloud;
in
{
options.modules.services.nextcloud = {
enable = mkEnableOption "Nextcloud";
user = mkOption {
type = str;
default = "nextcloud";
};
group = mkOption {
type = str;
default = "nextcloud";
};
};
config = mkIf cfg.enable {
users = {
users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
};
groups.${cfg.group} = {};
};
home-manager.users.${cfg.user}.home = {
stateVersion = config.system.stateVersion;
file.".netrc".text = ''
login root
password KaasIsAwesome!
'';
};
services.nextcloud = {
enable = true;
webserver = "caddy";
package = pkgs.nextcloud31;
hostName = "localhost";
config = {
adminpassFile = "/var/lib/nextcloud/admin-pass";
dbtype = "sqlite";
};
};
# systemd.user = {
# services.nextcloud-autosync = {
# Unit = {
# Description = "Automatic nextcloud sync";
# After = "network-online.target";
# };
# WantedBy = [ "multi-user.target" ];
# Service = {
# Type = "simple";
# ExecStart = "${pkgs.nextcloud-client}/bin/nextcloudcmd -h -n --path /var/media/music https://cloud.kruining.eu";
# TimeoutStopSec = "180";
# KillMode = "process";
# KillSignal = "SIGINT";
# };
# };
# timers.nextcloud-autosync = {
# Unit.Description = "Automatic nextcloud sync";
# Timer.OnBootSec = "5min";
# Timer.OnUnitActiveSec = "60min";
# Install.WantedBy = [ "multi-user.target" "timers.target" ];
# };
# startServices = true;
# };
services.caddy = {
enable = true;
virtualHosts."cloud.kruining.eu".extraConfig = ''
php_fastcgi unix//run/phpfpm/nextcloud.sock {
env front_controller_active true
}
'';
};
};
}

22
modules/nixos/services/media/nfs.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, namespace, ... }:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.media.nfs;
in
{
options.${namespace}.media.nfs = {
enable = mkEnableOption "Enable NFS";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2049 ];
services.nfs.server = {
enable = true;
exports = ''
/var/media manwe(rw,fsid=0,no_subtree_check)
'';
};
};
}

28
modules/nixos/services/networking/ssh.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, namespace, ... }:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.${namespace}.services.networking.ssh;
in
{
options.${namespace}.services.networking.ssh = {
enable = mkEnableOption "enable ssh";
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
openFirewall = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = true;
AllowUsers = [ "chris" "root" ];
UseDns = true;
UsePAM = true;
PermitRootLogin = "prohibit-password";
PermitEmptyPasswords = "no";
};
};
};
}