lander/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: lander:01986cebd9eed53c79fb93a364548017a6c3c74c
Branches Tags
lander:main
...
compare: lander:a55ed8b41b5b7895b2b0e2734242354deac79d5e
Branches Tags
lander:main

2 commits
01986cebd9 ... a55ed8b41b

Author SHA1 Message Date
Lander Van den Bulcke
a55ed8b41b
feat: add hyp-01 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
 2025-11-01 18:23:04 +01:00
Lander Van den Bulcke
95cbbfb157
fix: jellyfin revproxy 
Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
 2025-10-31 21:18:54 +01:00
9 changed files with 314 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

37
flake.lock generated
View file

@ -388,6 +388,21 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"ixx": { "ixx": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
@ -659,12 +674,14 @@
"disko": "disko", "disko": "disko",
"headplane": "headplane", "headplane": "headplane",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixos-wsl": "nixos-wsl", "nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos",
"tidalcycles": "tidalcycles" "tidalcycles": "tidalcycles"
} }
}, },
@ -688,6 +705,26 @@
"type": "github" "type": "github"
} }
}, },
"srvos": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1761869910,
"narHash": "sha256-ogo46cmshLzXOOz1YO7KKAXaQNVsU5witFSNLWIULpU=",
"owner": "nix-community",
"repo": "srvos",
"rev": "412e15bdb690c5e4ad99dbc9cc91692393120c57",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "srvos",
"type": "github"
}
},
"superdirt-src": { "superdirt-src": {
"flake": false, "flake": false,
"locked": { "locked": {

21
flake.nix
View file

@ -18,6 +18,17 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# srvos
srvos = {
url = "github:nix-community/srvos";
inputs.nixpkgs.follows = "nixpkgs";
};
# impermanence
impermanence = {
url = "github:nix-community/impermanence";
};
# theme # theme
catppuccin = { catppuccin = {
url = "github:catppuccin/nix/release-25.05"; url = "github:catppuccin/nix/release-25.05";
@ -121,7 +132,15 @@
); );
nixosConfigurations = { nixosConfigurations = {
# Workstations # hypervisors
hyp-01 = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
./hosts/hyp-01
];
};
# workstations
wodan = nixpkgs.lib.nixosSystem { wodan = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs; }; specialArgs = { inherit inputs outputs; };
modules = [ modules = [

25
hosts/hyp-01/default.nix Normal file
View file

@ -0,0 +1,25 @@
{
inputs,
...
}:
{
networking.hostName = "hyp-01";
networking.hostId = "ae2c05d3";
imports = [
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
inputs.srvos.nixosModules.server
inputs.srvos.nixosModules.hardware-hetzner-online-intel
inputs.srvos.nixosModules.mixins-terminfo
inputs.srvos.nixosModules.mixins-nginx
./modules/boot.nix
./modules/disko.nix
./modules/impermanence.nix
./modules/networking.nix
./modules/users.nix
];
system.stateVersion = "25.05";
}

8
hosts/hyp-01/modules/boot.nix Normal file
View file

@ -0,0 +1,8 @@
{
# BIOS system
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
};
}

115
hosts/hyp-01/modules/disko.nix Normal file
View file

@ -0,0 +1,115 @@
let
disk1 = "/dev/disk/by-path/pci-0000:00:17.0-ata-2.0";
disk2 = "/dev/disk/by-path/pci-0000:00:17.0-ata-3.0";
in
{
disko.devices = {
disk = {
disk1 = {
type = "disk";
device = disk1;
content = {
type = "table";
format = "mbr";
partitions = [
{
name = "boot-primary";
size = "1G";
bootable = true;
type = "EF02";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "nofail" ];
};
}
{
name = "zfs-a";
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}
];
};
};
disk2 = {
type = "disk";
device = disk2;
content = {
type = "table";
format = "mbr";
partitions = [
{
name = "boot-secondary";
size = "1G";
bootable = true;
type = "EF02";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot-fallback";
mountOptions = [ "nofail" ];
};
}
{
name = "zfs-b";
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
}
];
};
};
};
zpool = {
zroot = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
compression = "lz4";
acltype = "posixacl";
xattr = "sa";
"com.sun:auto-snapshot" = "true";
mountpoint = "none";
};
options.ashift = "12";
datasets = {
"root" = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
keylocation = "prompt";
};
};
"root/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options.atime = "off";
};
"root/persist" = {
type = "zfs_fs";
mountpoint = "/persist";
};
};
};
};
};
boot.loader.grub = {
device = disk1;
mirroredBoots = [
{
devices = [ disk2 ];
path = "/boot-fallback";
}
];
};
}

30
hosts/hyp-01/modules/impermanence.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, ... }:
{
boot.initrd.systemd.enable = true;
boot.initrd.postDeviceCommands = lib.mkAfter "zfs mount -a";
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
options = [
"defaults"
"size=4G"
"mode=755"
];
};
environment.persistence."/persist" = {
directories = [
"/etc/nixos"
"/var/log"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
}

51
hosts/hyp-01/modules/networking.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, lib, ... }:
{
options = {
networking.hyp-01.ipv4.address = lib.mkOption {
type = lib.types.str;
default = "88.99.145.10";
};
networking.hyp-01.ipv4.cidr = lib.mkOption {
type = lib.types.str;
default = "26";
};
networking.hyp-01.ipv4.gateway = lib.mkOption {
type = lib.types.str;
default = "88.99.145.1";
};
networking.hyp-01.ipv6.address = lib.mkOption {
type = lib.types.str;
default = "2a01:4f8:10a:2962::1";
};
networking.hyp-01.ipv6.cidr = lib.mkOption {
type = lib.types.str;
default = "64";
};
networking.hyp-01.ipv6.gateway = lib.mkOption {
type = lib.types.str;
default = "fe80::1";
};
};
config = {
networking = {
dhcpcd.enable = false;
nameservers = [ "9.9.9.9" ];
};
systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink";
boot.initrd.network = {
enable = true;
};
boot.initrd.kernelModules = [ "igb" ];
};
}

20
hosts/hyp-01/modules/users.nix Normal file
View file

@ -0,0 +1,20 @@
{ pkgs, ... }:
let
sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026";
in
{
users.mutableUsers = false;
users.users.root = {
openssh.authorizedKeys.keys = [ sshKey ];
};
users.users.lander = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [
"wheel"
];
openssh.authorizedKeys.keys = [ sshKey ];
};
}

11
hosts/servers/hosting-02.nix
View file

@ -177,9 +177,14 @@
services.nginx.virtualHosts."media.escapeangle.com" = { services.nginx.virtualHosts."media.escapeangle.com" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations = {
proxyPass = "http://localhost:8096"; "/" = {
proxyWebsockets = true; proxyPass = "http://localhost:8096";
};
"/socket" = {
proxyPass = "http://localhost:8096";
proxyWebsockets = true;
};
}; };
}; };