bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-23 16:29:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: bryan:887dcaf16ffc7350d8261bd211405f1e02e3b009
Branches Tags
bryan:master
..
compare: bryan:e011aa48d75eec676a26e55f3669ff16cc87f3e4
Branches Tags
bryan:master

No commits in common. "887dcaf16ffc7350d8261bd211405f1e02e3b009" and "e011aa48d75eec676a26e55f3669ff16cc87f3e4" have entirely different histories.
887dcaf16f ... e011aa48d7

7 changed files with 3 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -29,7 +29,6 @@
inherit system;
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
overlays = [
nur.overlays.default

19
src/system/machines/desktop/system.nix
View file

@ -94,24 +94,7 @@ in
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
};
services.dnsmasq = {
enable = true;
settings = {
# Explicit subdomains -> local server
address = [
"/git.ramos.codes/192.168.0.154"
"/ln.ramos.codes/192.168.0.154"
"/photos.ramos.codes/192.168.0.154"
"/test.ramos.codes/192.168.0.154"
"/electrum.ramos.codes/192.168.0.154"
"/immich.ramos.codes/192.168.0.154"
"/forgejo.ramos.codes/192.168.0.154"
"/frigate.ramos.codes/192.168.0.154"
];
server = [ "192.168.0.1" ];
};
nameservers = [ "192.168.0.154" ];
};
services = {

15
src/system/machines/server/system.nix
View file

@ -102,19 +102,12 @@
networking = {
hostName = "server";
useDHCP = false;
interfaces.enp2s0f0 = {
interfaces.eno1 = {
ipv4.addresses = [{
address = "192.168.0.154";
prefixLength = 24;
}];
};
# Camera network - isolated, no gateway
interfaces.enp2s0f1 = {
ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
@ -138,12 +131,6 @@
"8.8.8.8"
];
cache-size = 1000;
# Camera network DHCP (isolated - no gateway = no internet)
interface = "enp2s0f1";
bind-interfaces = true;
dhcp-range = "192.168.1.100,192.168.1.200,24h";
# No gateway option = cameras can't route to internet
};
};

8
src/system/machines/workstation/hardware.nix
View file

@ -80,19 +80,13 @@
enable = true;
enable32Bit = true;
};
nvidia = {
open = false;
powerManagement.enable = false;
powerManagement.finegrained = false;
modesetting.enable = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "550.120";
sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc=";
settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU=";
persistencedSha256 = lib.fakeSha256;
};
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
};

2
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -16,5 +16,3 @@ listenonion=1
torcontrol=127.0.0.1:9051
txindex=1
dbcache=1024

1
src/system/modules/forgejo/default.nix
View file

@ -52,7 +52,6 @@ in
APP_SLOGAN = "";
};
service.REQUIRE_SIGNIN_VIEW = false;
server = {
DOMAIN = "git.${domain}";
ROOT_URL = "https://git.${domain}/";

13
src/system/modules/nginx/default.nix
View file

@ -28,25 +28,12 @@ in
};
};
services.sslh = {
enable = true;
listenAddresses = [ "0.0.0.0" ];
port = 443;
settings = {
protocols = [
{ name = "ssh"; host = "127.0.0.1"; port = "22"; }
{ name = "tls"; host = "127.0.0.1"; port = "4443"; }
];
};
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;";
defaultSSLListenPort = 4443;
# Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = {