bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-23 16:29:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: bryan:887dcaf16ffc7350d8261bd211405f1e02e3b009
Branches Tags
bryan:master
..
compare: bryan:e011aa48d75eec676a26e55f3669ff16cc87f3e4
Branches Tags
bryan:master

No commits in common. "887dcaf16ffc7350d8261bd211405f1e02e3b009" and "e011aa48d75eec676a26e55f3669ff16cc87f3e4" have entirely different histories.
887dcaf16f ... e011aa48d7

7 changed files with 3 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -29,7 +29,6 @@
inherit system; inherit system;
config = { config = {
allowUnfree = true; allowUnfree = true;
nvidia.acceptLicense = true;
}; };
overlays = [ overlays = [
nur.overlays.default nur.overlays.default

19
src/system/machines/desktop/system.nix
View file

@ -94,24 +94,7 @@ in
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 ];
}; };
}; nameservers = [ "192.168.0.154" ];
services.dnsmasq = {
enable = true;
settings = {
# Explicit subdomains -> local server
address = [
"/git.ramos.codes/192.168.0.154"
"/ln.ramos.codes/192.168.0.154"
"/photos.ramos.codes/192.168.0.154"
"/test.ramos.codes/192.168.0.154"
"/electrum.ramos.codes/192.168.0.154"
"/immich.ramos.codes/192.168.0.154"
"/forgejo.ramos.codes/192.168.0.154"
"/frigate.ramos.codes/192.168.0.154"
];
server = [ "192.168.0.1" ];
};
}; };
services = { services = {

15
src/system/machines/server/system.nix
View file

@ -102,19 +102,12 @@
networking = { networking = {
hostName = "server"; hostName = "server";
useDHCP = false; useDHCP = false;
interfaces.enp2s0f0 = { interfaces.eno1 = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "192.168.0.154"; address = "192.168.0.154";
prefixLength = 24; prefixLength = 24;
}]; }];
}; };
# Camera network - isolated, no gateway
interfaces.enp2s0f1 = {
ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ]; nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = { firewall = {
@ -138,12 +131,6 @@
"8.8.8.8" "8.8.8.8"
]; ];
cache-size = 1000; cache-size = 1000;
# Camera network DHCP (isolated - no gateway = no internet)
interface = "enp2s0f1";
bind-interfaces = true;
dhcp-range = "192.168.1.100,192.168.1.200,24h";
# No gateway option = cameras can't route to internet
}; };
}; };

8
src/system/machines/workstation/hardware.nix
View file

@ -80,19 +80,13 @@
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
nvidia = { nvidia = {
open = false; open = false;
powerManagement.enable = false; powerManagement.enable = false;
powerManagement.finegrained = false; powerManagement.finegrained = false;
modesetting.enable = true; modesetting.enable = true;
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver { package = config.boot.kernelPackages.nvidiaPackages.stable;
version = "550.120";
sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc=";
settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU=";
persistencedSha256 = lib.fakeSha256;
};
}; };
}; };

2
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -16,5 +16,3 @@ listenonion=1
torcontrol=127.0.0.1:9051 torcontrol=127.0.0.1:9051
txindex=1 txindex=1
dbcache=1024

1
src/system/modules/forgejo/default.nix
View file

@ -52,7 +52,6 @@ in
APP_SLOGAN = ""; APP_SLOGAN = "";
}; };
service.REQUIRE_SIGNIN_VIEW = false;
server = { server = {
DOMAIN = "git.${domain}"; DOMAIN = "git.${domain}";
ROOT_URL = "https://git.${domain}/"; ROOT_URL = "https://git.${domain}/";

13
src/system/modules/nginx/default.nix
View file

@ -28,25 +28,12 @@ in
}; };
}; };
services.sslh = {
enable = true;
listenAddresses = [ "0.0.0.0" ];
port = 443;
settings = {
protocols = [
{ name = "ssh"; host = "127.0.0.1"; port = "22"; }
{ name = "tls"; host = "127.0.0.1"; port = "4443"; }
];
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;"; eventsConfig = "worker_connections 4096;";
defaultSSLListenPort = 4443;
# Catch-all default - friendly error for unknown subdomains # Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = { virtualHosts."_" = {