jacob/nix_config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'main' of 100.102.82.27:jacob/nix_config

Browse Source
This commit is contained in:
Jacob Hinkle 2024-02-11 07:03:36 -05:00
commit 578c06f284
5 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
machines/cj/configuration.nix
View File

@ -146,8 +146,6 @@
# List services that you want to enable: # List services that you want to enable:
services = { services = {
chrony.enable = true;
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;
@ -155,6 +153,7 @@
"127.0.0.0/8" # localhost "127.0.0.0/8" # localhost
"192.168.0.0/16" # LAN "192.168.0.0/16" # LAN
"160.91.241.229" # lucky "160.91.241.229" # lucky
"100.64.0.0" # tailscale
]; ];
}; };
@ -182,6 +181,8 @@
tailscale.enable = true; tailscale.enable = true;
timesyncd.enable = true;
unifi = { unifi = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -191,7 +192,7 @@
vaultwarden = { vaultwarden = {
enable = true; enable = true;
config = { # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template config = { # https://github.com/dani-garcia/vaultwarden/blob/1.25.2/.env.template
DOMAIN = "https://vault.jhink.org"; DOMAIN = "http://100.64.0.2:8081";
ROCKET_ADDRESS = "0.0.0.0"; ROCKET_ADDRESS = "0.0.0.0";
ROCKET_PORT = 8222; ROCKET_PORT = 8222;
SIGNUPS_ALLOWED = false; SIGNUPS_ALLOWED = false;

10
machines/cj/firewall.nix
View File

@ -4,13 +4,13 @@
8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference 8080 8443 6789 8880 8843 27117 # unifi controller: https://help.ui.com/hc/en-us/articles/218506997-UniFi-Network-Required-Ports-Reference
8585 # pihole web 8585 # pihole web
53 # pihole 53 # pihole
#8123 # home-assistant 8123 # home-assistant
#3000 # gitea 3000 # gitea
8081 # vaultwarden 8081 # vaultwarden
80 443 # reverse proxy 80 443 # reverse proxy
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
22000 21027 # syncthing #22000 21027 # syncthing
3478 5514 10001 1900 123 # unifi 3478 5514 10001 1900 123 # unifi
53 # pihole 53 # pihole
80 443 # reverse proxy 80 443 # reverse proxy
@ -18,4 +18,8 @@
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 5656; to = 5699; } # unifi { from = 5656; to = 5699; } # unifi
]; ];
# This should not really be necessary unless we use an exit node or subnet
# with tailscale I think.
checkReversePath = "loose";
} }

12
machines/cj/hardware-configuration-zfs.nix
View File

@ -109,6 +109,18 @@
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/nfs/homes" =
{ device = "192.168.88.88:/volume1/homes";
fsType = "nfs";
neededForBoot = false;
};
fileSystems."/nfs/shared_photos" =
{ device = "192.168.88.88:/volume1/photo";
fsType = "nfs";
neededForBoot = false;
};
swapDevices = [ swapDevices = [
{ {
device = "/dev/disk/by-partuuid/6bf463d0-107f-489e-be29-704442ea3150"; device = "/dev/disk/by-partuuid/6bf463d0-107f-489e-be29-704442ea3150";

2
machines/cj/home-assistant.nix
View File

@ -1,6 +1,6 @@
serverIP : serverIP :
{ {
image = "ghcr.io/home-assistant/home-assistant:2023.6.3"; image = "ghcr.io/home-assistant/home-assistant:2023.11.2";
#ports = [ #ports = [
#"8123:8123" #"8123:8123"
#]; #];

2
machines/cj/syncthing.nix
View File

@ -1,5 +1,5 @@
{ {
enable = true; enable = false;
dataDir = "/serverdata/syncthing/"; dataDir = "/serverdata/syncthing/";
user = "jacob"; user = "jacob";
group = "users"; group = "users";