bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-23 16:29:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: bryan:e011aa48d75eec676a26e55f3669ff16cc87f3e4
Branches Tags
bryan:master
...
compare: bryan:887dcaf16ffc7350d8261bd211405f1e02e3b009
Branches Tags
bryan:master

11 commits
e011aa48d7 ... 887dcaf16f

Author SHA1 Message Date
Bryan Ramos
887dcaf16f camera network 2026-03-13 21:40:58 -04:00
Bryan Ramos
178d9e9842 x 2026-03-13 20:48:02 -04:00
Bryan Ramos
0ff940eb22 dnsmasq 2026-03-13 20:33:51 -04:00
Bryan Ramos
b4daedf74e fix nginx ssl 2026-03-13 20:14:33 -04:00
Bryan Ramos
d67a67b5e7 again 2026-03-13 20:13:12 -04:00
Bryan Ramos
3ba1a63124 fix sslh 2026-03-13 20:11:43 -04:00
Bryan Ramos
6040b4a1e6 fixes 2026-03-13 19:59:36 -04:00
Bryan Ramos
c8d05d5145 switch nic 2026-03-13 19:08:47 -04:00
Bryan Ramos
ab09b54ee9
Merge branch 'main' 2026-03-13 17:45:37 -04:00
Bryan Ramos
0a90e2f7b2
sshl 2026-03-13 17:43:08 -04:00
Bryan Ramos
851a198428
changed to nvidia 550 2025-03-05 14:22:41 -05:00
7 changed files with 56 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -29,6 +29,7 @@
inherit system; inherit system;
config = { config = {
allowUnfree = true; allowUnfree = true;
nvidia.acceptLicense = true;
}; };
overlays = [ overlays = [
nur.overlays.default nur.overlays.default

19
src/system/machines/desktop/system.nix
View file

@ -94,7 +94,24 @@ in
enable = true; enable = true;
allowedTCPPorts = [ 22 80 443 ]; allowedTCPPorts = [ 22 80 443 ];
}; };
nameservers = [ "192.168.0.154" ]; };
services.dnsmasq = {
enable = true;
settings = {
# Explicit subdomains -> local server
address = [
"/git.ramos.codes/192.168.0.154"
"/ln.ramos.codes/192.168.0.154"
"/photos.ramos.codes/192.168.0.154"
"/test.ramos.codes/192.168.0.154"
"/electrum.ramos.codes/192.168.0.154"
"/immich.ramos.codes/192.168.0.154"
"/forgejo.ramos.codes/192.168.0.154"
"/frigate.ramos.codes/192.168.0.154"
];
server = [ "192.168.0.1" ];
};
}; };
services = { services = {

15
src/system/machines/server/system.nix
View file

@ -102,12 +102,19 @@
networking = { networking = {
hostName = "server"; hostName = "server";
useDHCP = false; useDHCP = false;
interfaces.eno1 = { interfaces.enp2s0f0 = {
ipv4.addresses = [{ ipv4.addresses = [{
address = "192.168.0.154"; address = "192.168.0.154";
prefixLength = 24; prefixLength = 24;
}]; }];
}; };
# Camera network - isolated, no gateway
interfaces.enp2s0f1 = {
ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1"; defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ]; nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = { firewall = {
@ -131,6 +138,12 @@
"8.8.8.8" "8.8.8.8"
]; ];
cache-size = 1000; cache-size = 1000;
# Camera network DHCP (isolated - no gateway = no internet)
interface = "enp2s0f1";
bind-interfaces = true;
dhcp-range = "192.168.1.100,192.168.1.200,24h";
# No gateway option = cameras can't route to internet
}; };
}; };

8
src/system/machines/workstation/hardware.nix
View file

@ -80,13 +80,19 @@
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
nvidia = { nvidia = {
open = false; open = false;
powerManagement.enable = false; powerManagement.enable = false;
powerManagement.finegrained = false; powerManagement.finegrained = false;
modesetting.enable = true; modesetting.enable = true;
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable; package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "550.120";
sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc=";
settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU=";
persistencedSha256 = lib.fakeSha256;
};
}; };
}; };

2
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -16,3 +16,5 @@ listenonion=1
torcontrol=127.0.0.1:9051 torcontrol=127.0.0.1:9051
txindex=1 txindex=1
dbcache=1024

1
src/system/modules/forgejo/default.nix
View file

@ -52,6 +52,7 @@ in
APP_SLOGAN = ""; APP_SLOGAN = "";
}; };
service.REQUIRE_SIGNIN_VIEW = false;
server = { server = {
DOMAIN = "git.${domain}"; DOMAIN = "git.${domain}";
ROOT_URL = "https://git.${domain}/"; ROOT_URL = "https://git.${domain}/";

13
src/system/modules/nginx/default.nix
View file

@ -28,12 +28,25 @@ in
}; };
}; };
services.sslh = {
enable = true;
listenAddresses = [ "0.0.0.0" ];
port = 443;
settings = {
protocols = [
{ name = "ssh"; host = "127.0.0.1"; port = "22"; }
{ name = "tls"; host = "127.0.0.1"; port = "4443"; }
];
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
eventsConfig = "worker_connections 4096;"; eventsConfig = "worker_connections 4096;";
defaultSSLListenPort = 4443;
# Catch-all default - friendly error for unknown subdomains # Catch-all default - friendly error for unknown subdomains
virtualHosts."_" = { virtualHosts."_" = {