alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: alex:99c1658a2ed5965e912865222fffe6f89b6a1ca9
Branches Tags
alex:main
...
compare: alex:ba3309c268ee122c0f3234be8f43edba41d02615
Branches Tags
alex:main

8 Commits
99c1658a2e ... ba3309c268

Author SHA1 Message Date
Alexander Heldt
ba3309c268 pinwheel/manatee: Share org via syncthing 2025-05-18 17:14:13 +02:00
Alexander Heldt
ba6c13725a manatee: Add syncthing ID to shared syncthing module 2025-05-18 15:12:52 +00:00
Alexander Heldt
62a9709ff5 manatee: Use secrets for syncthing cert/key 2025-05-18 17:09:39 +02:00
Alexander Heldt
173e7acec8 manatee: Add secrets for syncthing cert/key 2025-05-18 17:09:38 +02:00
Alexander Heldt
80089dbb49 manatee: Add syncthing module 2025-05-18 15:05:37 +00:00
Alexander Heldt
c7b7a4f1d9 manatee: Add public directory in sync ZFS dataset 2025-05-18 16:33:03 +02:00
Alexander Heldt
6db6c605a3 manatee: Add sync ZFS dataset 2025-05-18 16:32:46 +02:00
Alexander Heldt
aadd529260 manatee: Add nginx module 2025-05-18 16:08:22 +02:00
9 changed files with 120 additions and 0 deletions
Expand all files Collapse all files

23
hosts/manatee/disk-config.nix
View File

@@ -50,6 +50,23 @@
};
};
};
"10-sync-public" = {
"/mnt/sync/public" = {
d = {
# Create directory
user = "storage";
group = "storage";
mode = "2775";
};
z = {
# Ensure permissions are inherited
user = "storage";
group = "storage";
mode = "2775";
};
};
};
};
environment.systemPackages = [
@@ -172,6 +189,12 @@
mountpoint = "/mnt/cameras";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
sync = {
type = "zfs_fs";
mountpoint = "/mnt/sync";
options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
};
};
};
};

2
hosts/manatee/modules/default.nix
View File

@@ -13,6 +13,8 @@ in
ssh.enable = true;
git.enable = true;
nginx.enable = true;
syncthing.enable = true;
transmission.enable = true;
audiobookshelf.enable = true;
jellyfin.enable = true;

22
hosts/manatee/modules/nginx/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, config, ... }:
let
enabled = config.mod.nginx.enable;
in
{
options = {
mod.nginx = {
enable = lib.mkEnableOption "Enable nginx module";
};
};
config = lib.mkIf enabled {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
};
};
}

61
hosts/manatee/modules/syncthing/default.nix Normal file
View File

@@ -0,0 +1,61 @@
{ lib, config, ... }:
let
enabled = config.mod.syncthing.enable;
in
{
options = {
mod.syncthing = {
enable = lib.mkEnableOption "Enable syncthing module";
};
};
config = lib.mkIf enabled {
services.syncthing = {
enable = true;
cert = config.age.secrets.syncthing-cert.path;
key = config.age.secrets.syncthing-key.path;
user = "storage";
group = "storage";
dataDir = "/mnt/sync/public";
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "syncthing";
password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
insecureSkipHostcheck = false;
};
devices = {
pinwheel.id = config.lib.syncthing.pinwheel;
};
folders = {
org = {
path = "/mnt/sync/public/org";
devices = [
"pinwheel"
];
versioning = {
type = "staggered";
params = {
maxage = "2592000"; # 30 days
};
};
};
};
};
};
age = {
secrets = {
"syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
"syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
};
};
};
}

2
hosts/pinwheel/modules/syncthing/default.nix
View File

@@ -16,6 +16,7 @@
devices = {
phone.id = config.lib.syncthing.phone;
backwards.id = config.lib.syncthing.backwards;
manatee.id = config.lib.syncthing.manatee;
};
folders = {
@@ -24,6 +25,7 @@
devices = [
"phone"
"backwards"
"manatee"
];
versioning = {
type = "staggered";

BIN
secrets/manatee/syncthing-cert.age Normal file
View File

Binary file not shown.

7
secrets/manatee/syncthing-key.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 wkRvNA YbZzduvipUNKn6QnmQu9b/qFNLKXZ4rIykPEBUvvGGs
aITJQ+ska4vfDL0Z7+wocYZYi5/QjodjHGJj7caE2+Q
-> ssh-ed25519 +oNaHQ s8fl+itCgMK/Hl621+xEdlXl3w1v+Zyx/XihIvh1ahk
BuumBEu6B2Csxr2VRRagyPnF/T7Thoz1Fq9F/NIAa0o
--- /VPi7PCZNCHPL5dSS+QeSsZLUqBzJZygOWHKVYMyLIM
<EFBFBD> <20><>qA<71>s<EFBFBD> <09>x

2
secrets/secrets.nix
View File

@@ -34,6 +34,8 @@ in {
"manatee/root.manatee.pub.age".publicKeys = [ manatee alex ];
"manatee/alex.manatee-git.ppp.pm.age".publicKeys = [ manatee alex ];
"manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ];
"manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
"manatee/syncthing-key.age".publicKeys = [ manatee alex ];
"backwards/root.backwards.age".publicKeys = [ backwards alex ];
"backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];

1
shared-modules/syncthing.nix
View File

@@ -3,6 +3,7 @@
syncthing = {
phone = "HCL2CKI-SA3NWOT-PMJZNFP-I7QETYE-JOKZHXN-TSI74FV-ZA6RDO2-QQMXPAP";
pinwheel = "AKS5L2A-NFCG5GV-3U5SSSZ-PLOX6BQ-ZL5ALXI-D7OK4KE-R2JPWRJ-B6AQJQ7";
manatee = "6YDVLXR-NZV6XKD-ASWPZQS-WKBRHAD-52JV5HU-JEPQ32G-6RGY7KJ-OVBO7AM";
backwards = "XRSQ4NZ-LHCZS6H-R3A75S5-W4FH7F4-3DGA5X2-SOPYWOP-A2WRKGC-IPXH4AM";
tablet = "5BEPSWB-BN4MDZM-7W3ITMP-KJ53J6M-WJMLWEF-GTDJTWI-C4C5SPQ-SFS3DAY";
};