zoey/config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

smallest change

Browse source
This commit is contained in:
zack 2025-03-22 16:03:07 -04:00
parent 4cca1dc327
commit 9c83ba6849
No known key found for this signature in database
GPG key ID: EE8A2B709E2401D1
77 changed files with 36828 additions and 1516 deletions
Download patch file Download diff file Expand all files Collapse all files

58
systems/x86_64-linux/earth/default.nix
View file

@ -30,7 +30,37 @@
hardware.keyboard.qmk.enable = true;
programs.nix-ld.enable = true;
programs.steam.enable = true;
# services.monero.mining.enable = true;
# services.monero.enable = true;
# services.monero.mining.address = "485XKPKG38bSJBUa4SPenAEFt8Wgj2hWC97PNBpFHniwNXnDNZ9xar5hHb6qLQeyK2Kk3Fw2cxxPSLjgyqr5CxXAUkUsDDx";
# services.monero.mining.threads = 4;
hardware.march = {
arch = "znver3";
enableNativeOptimizations = true;
cpu.vcores = 32;
memory.total = 32;
};
specialisation = {
plasma6 = {
configuration = {
services.xserver.desktopManager.plasma6.enable = true;
programs.seahorse.enable = lib.mkForce false;
};
};
};
programs.steam = {
enable = true;
extraPackages = with pkgs; [
qt5.qtwayland
];
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
programs.steam.gamescopeSession.enable = true;
programs.gamemode.enable = true;
@ -50,7 +80,7 @@
services.lorri.enable = true;
services.udisks2.enable = true;
services.transmission = {
enable = true;
enable = false;
package = pkgs.transmission_4;
settings = {
download-dir = "/home/zoey/Downloads";
@ -61,9 +91,9 @@
group = "users";
};
services.gnome.gnome-keyring.enable = true;
services.solaar = {
enable = true;
};
# services.solaar = {
# enable = true;
# };
services._1password = {
enable = true;
polkitPolicyOwnerUsername = "zoey";
@ -88,6 +118,15 @@
};
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelPatches = [
{
name = "bsb-patches";
patch = pkgs.fetchpatch {
url = "https://gist.githubusercontent.com/galister/08cddf10ac18929647d5fb6308df3e4b/raw/0f6417b6cb069f19d6c28b730499c07de06ec413/combined-bsb-6-10.patch";
hash = "sha256-u8O4foBHhU+T3yYkguBZ14EyCKujPzHh1TwFRg6GMsA=";
};
}
];
boot.supportedFilesystems = ["ntfs"];
services.dlna.enable = false;
@ -105,10 +144,13 @@
hardware.bluetooth.powerOnBoot = true;
services.blueman.enable = true;
services.wg.enable = true;
# home-manager.useGlobalPkgs = false;
environment.systemPackages = [
pkgs.sbctl
pkgs.vesktop
lib.custom.nixos-stable.vesktop
pkgs.mangohud
pkgs.lutris
pkgs.bottles
@ -120,6 +162,8 @@
pkgs.transmission_4
pkgs.protonup-qt
pkgs.restic
inputs.opnix.packages.${system}.default
pkgs.qt5.qtwayland
(inputs.umu.packages.${system}.umu.override {
version = inputs.umu.shortRev;
truststore = true;
@ -226,6 +270,7 @@
programs.virt-manager.enable = true;
sites.jellyfin.enable = true;
sites.mealie.enable = false;
virtualisation.containers.enable = true;
virtualisation.podman = {
@ -233,6 +278,7 @@
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
virtualisation.waydroid.enable = true;
hardware.gpu-passthru.enable = true;
system.stateVersion = "24.05";

70
systems/x86_64-linux/juno/default.nix Normal file
View file

@ -0,0 +1,70 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
80
443
];
networking.firewall.allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s = {
enable = true;
role = "server";
token = "e73bb24efa7c545165e7edaf357bc8cfe0fc3e579ff41f6cdc4ea6b81f34ebd9c9ec13f27fb6d4aa5824dec3ac5c57dbf36460c5255fc434c2d33507e38578cb";
clusterInit = true;
};
services.k3s.extraFlags = [
"-tls-san=134.199.176.87"
"--egress-selector-mode=disabled"
"--disable=traefik"
"--bind-address=0.0.0.0"
"--advertise-address=134.199.176.87"
];
# do not use DHCP, as DigitalOcean provisions IPs using cloud-init
networking.useDHCP = lib.mkForce false;
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = ["ConfigDrive"];
datasource.ConfigDrive = {};
};
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/juno/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

16784
systems/x86_64-linux/pluto/blocked.txt Normal file
View file

File diff suppressed because it is too large Load diff

38
systems/x86_64-linux/pluto/default.nix
View file

@ -37,7 +37,22 @@
services.web.nginx.enable = true;
services.gh.enable = true;
services.fail2ban.enable = true;
services.fail2ban = {
enable = true;
jails.DDOS = ''
filter = nginx-limit-req
action = iptables-allports[name=HTTP, protocol=all]
logpath = /var/log/nginx/blocked.log
findtime = 600
maxretry = 20
bantime = 3600
'';
};
services.nginx.virtualHosts."node.nyc.zackmyers.io" = {
forceSSL = true;
enableACME = true;
};
services.atproto-pds = {
enable = true;
@ -77,9 +92,11 @@
pterodactyl.enable = true;
search.enable = true;
map.enable = true;
hydra.enable = true;
hydra.enable = false;
cache.enable = true;
minio.enable = true;
immich.enable = true;
polaris.enable = false;
zoeycomputer = {
enable = true;
domain = "zoeys.computer";
@ -239,6 +256,23 @@
permitRootLogin = "no";
};
networking.firewall.enable = true;
networking.firewall.extraPackages = [pkgs.ipset];
networking.firewall.extraCommands = ''
ipset create blocked_ips hash:ip
while IFS= read -r ip; do
ipset add blocked_ips "$ip"
done < ${./blocked.txt}
iptables -A INPUT -m set --set blocked_ips src -j DROP
iptables -A INPUT -m set --set blocked_ips src -j LOG --log-prefix "INPUT:DROP:" --log-level 6
'';
networking.firewall.extraStopCommands = ''
iptables -D INPUT -m set --set blocked_ips src -j DROP || true
iptables -A INPUT -m set --set blocked_ips src -j LOG --log-prefix "INPUT:DROP:" --log-level 6 || true
ipset destroy blocked_ips || true
'';
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [80 443 6969 2022 16262];
networking.firewall.allowedTCPPortRanges = [

16785
systems/x86_64-linux/pluto/export.csv Normal file
View file

File diff suppressed because it is too large Load diff

80
systems/x86_64-linux/venus/default.nix Normal file
View file

@ -0,0 +1,80 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
nix.settings = {
trusted-users = ["zoey"];
};
networking.useDHCP = lib.mkForce false;
networking.interfaces.ens3.ipv4.addresses = [
{
address = "185.112.147.15";
prefixLength = 24;
}
];
networking.nameservers = ["93.95.224.28" "93.95.224.29"];
networking.defaultGateway = "185.112.147.1";
programs.zsh.enable = true;
services.web.nginx.enable = true;
services.mail.enable = true;
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
users.users.zoey = {
isNormalUser = true;
description = "zoey";
extraGroups = ["networkmanager" "wheel"];
shell = pkgs.zsh;
hashedPassword = "$6$LZdeNTlfOEivWraB$J3/kQ5YHbcdd4J4oJ.0NJ7/MeRgdDHcemy4zIG1uAtI6637Glj6kPCPpJyyCRKN3I9NLRfZDLRBbwtSCtY.4B.";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
};
snowfallorg.users.zoey = {
create = true;
admin = false;
home = {
enable = true;
};
};
services.mc-honeypot = {
enable = true;
openFirewall = true;
settings = {
"webhook-url" = "https://discord.com/api/webhooks/1348850542398410834/1fqV4QLh4uTTuwZ0DjOczZa6gkDjsYECSlmWBwTXHWcYTHhwsE1ZLTP17z5v-vh6nn7H";
};
};
networking.firewall.allowedTCPPorts = [80 443];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/venus/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

28
systems/x86_64-linux/venus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

66
systems/x86_64-linux/vesta/default.nix Normal file
View file

@ -0,0 +1,66 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
# do not use DHCP, as DigitalOcean provisions IPs using cloud-init
networking.useDHCP = lib.mkForce false;
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = ["ConfigDrive"];
datasource.ConfigDrive = {};
};
};
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
80
443
];
networking.firewall.allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s = {
enable = true;
role = "agent"; # Or "agent" for worker only nodes
token = "e73bb24efa7c545165e7edaf357bc8cfe0fc3e579ff41f6cdc4ea6b81f34ebd9c9ec13f27fb6d4aa5824dec3ac5c57dbf36460c5255fc434c2d33507e38578cb";
serverAddr = "https://134.199.176.87:6443";
extraFlags = [
# "--advertise-address=174.138.106.48"
# "--disable=traefik"
];
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/vesta/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}