~abyxcos/nas.nix

d8d667cd3c4ab2765da0f6a3902b104dba067df4 — System administrator 1 year, 25 days ago 0771aa3
Add the unstable packages repo and enable forgejo (gitea).
3 files changed, 91 insertions(+), 11 deletions(-)

M configuration.nix
M hardware-configuration.nix
M prometheus.nix
M configuration.nix => configuration.nix +85 -11
@@ 4,7 4,9 @@

{ config, pkgs, ... }:

{
let options = {
	unstableTarball = fetchTarball https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz;
}; in {
	imports =
		[
			# Include the results of the hardware scan.


@@ 14,10 16,18 @@
			# simple-nixos-mailserver
			(builtins.fetchTarball {
				url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/master/nixos-mailserver-master.tar.gz";
				sha256 = "0h35al73p15z9v8zb6hi5nq987sfl5wp4rm5c8947nlzlnsjl61x";
				sha256 = "0cd4d8glfv4mj861myvig00n02nsii8jhjb1dc066dsr2wdbwd3l";
			})
		];

	nixpkgs.config = {
		packageOverrides = pkgs: {
			unstable = import options.unstableTarball {
				config = config.nixpkgs.config;
			};
		};
	};

	boot = {
		supportedFilesystems = [ "zfs" ];
		loader = {


@@ 50,6 60,7 @@
		hostName = "nas"; # Define your hostname.
		domain = "bouncingkiwi.net";
		hostId = "e058e4cd";
		#networkmanager.enable = true;

		interfaces = {
			enp0s20f0.useDHCP = true;


@@ 57,16 68,17 @@
			enp0s20f2.useDHCP = true;
			enp0s20f3.useDHCP = true;

			bond0.useDHCP = true;
			#bond0.useDHCP = true;
		};

		bonds.bond0.interfaces = ["enp0s20f0" "enp0s20f1" "enp0s20f2" "enp0s20f3"];
		#bonds.bond0.interfaces = ["enp0s20f0" "enp0s20f1" "enp0s20f2" "enp0s20f3"];

		# Open ports in the firewall.
		firewall = {
			enable = true;
			allowedTCPPorts = [
				22	# ssh
				22		# ssh
				3000	# forgejo
				4533	# Navidrome
				8096	# Jellyfin
			];


@@ 101,7 113,8 @@
		clang llvm gcc binutils file
		go
		navidrome jellyfin
		beets
		beets-unstable unflac ffmpeg-full dos2unix
		nnn # CLI file manager
		step-ca step-cli
		headscale
	];


@@ 124,6 137,7 @@

		openssh = {
			enable = true;
			banner = "くコ:彡 くコ:彡 くコ:彡\n";
		};

		cron = {


@@ 135,6 149,7 @@

		navidrome = {
			enable = true;
			# package = pkgs.unstable.navidrome;
			settings = {
				Address = "0.0.0.0";
				MusicFolder = "/mnt/guava/music";


@@ 171,11 186,11 @@
			enable = true;
			address = "0.0.0.0";
			port = 7610;
			#serverUrl = "https://headscale.local";
			#dns.baseDomain = "headscale.local";
			serverUrl = "http://headscale.mnetic.ch";
			dns.baseDomain = "headscale.mnetic.ch";
		};

		nginx.virtualHosts."headscale.local" = {
		nginx.virtualHosts."headscale.mnetic.ch" = {
			#forceSSL = true;
			#enableACME = true;
			locations."/" = {


@@ 193,10 208,69 @@
				addresses = true;
			};
		};

		gitea = {
			enable = true;
			package = pkgs.unstable.forgejo;
			stateDir = "/mnt/guava/services/foregejo";

			domain = "git.mnetic.ch";
			rootUrl = "http://git.mnetic.ch";

			settings = {
				service = {
					# DISABLE_REGISTRATION = true;
					REGISTER_MANUAL_CONFIRM = true;
				};
				indexer = {
					# Enable searching repo files
					# https://docs.gitea.io/en-us/administration/repo-indexer/
					REPO_INDEXER_ENABLED = true;
					REPO_INDEXER_PATH = "data/indexers/repos.bleve";
				};
				actions = {
					ENABLED = true;
				};
			};
		};

		# https://forgejo.org/2023-02-27-forgejo-actions/
		# https://forgejo.org/docs/v1.20/admin/actions/
#		gitea-actions-runner = {
#			enable = true;
#			package = pkgs.unstable.gitea-actions-runner;
#
#			instances.nas = {
#				enable = true;
#				name = config.networking.hostName;
#				url = "http://git.mnetic.ch";
#				token = "NdpdliqzuD7zzEpoPEtkHkOIFVXVCIs8tLrk64Id";
#			};
#		};

		nginx.virtualHosts."git.mnetic.ch" = {
			locations."/".proxyPass = "http://localhost:3000/";
		};

		postgresql = {
			enable = true;
			package = pkgs.postgresql_15;
			enableTCPIP = true;
			authentication = pkgs.lib.mkOverride 15 ''
				local all all trust
				host all all 127.0.0.1/32 trust
				host all all ::1/128 trust
			'';
			initialScript = pkgs.writeText "backend-initScript" ''
				CREATE ROLE wikijs WITH LOGIN PASSWORD 'wikijs' CREATEDB;
				CREATE DATABASE wikijs;
				GRANT ALL PRIVILEGES ON DATABASE wikijs TO wikijs;
			'';
		};
	};

	mailserver = {
		enable = true;
		enable = false;
		fqdn = "mail.bouncingkiwi.net";
		domains = [ "bouncingkiwi.net" ];
		loginAccounts = {


@@ 207,7 281,7 @@
	};

	services.roundcube = {
		enable = true;
		enable = false;
		hostName = "mail.bouncingkiwi.net";
		extraConfig = ''
			$config['smtp_server'] = "tls://${config.mailserver.fqdn}";

M hardware-configuration.nix => hardware-configuration.nix +5 -0
@@ 78,6 78,11 @@
      fsType = "zfs";
    };

  fileSystems."/mnt/guava/services" =
    { device = "guava/services";
      fsType = "zfs";
    };

  fileSystems."/mnt/guava/vm" =
    { device = "guava/vm";
      fsType = "zfs";

M prometheus.nix => prometheus.nix +1 -0
@@ 11,6 11,7 @@
			server = {
				domain = "grafana.local";
				http_addr = "127.0.0.1";
				http_port = 3300;
			};
		};
	};