pixelifytica/nixos
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge branch 'main' of https://git.xenia.me.uk/xenia/nixos

Browse source
This commit is contained in:
Evie Litherland-Smith 2023-06-04 11:33:22 +01:00
parent 8a0d241ac2 0264eeb6fc
commit fadae629da
4 changed files with 174 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
Legion.nix Normal file
View file

@ -0,0 +1,28 @@
{pkgs, ...}: {
imports = [
./home
./common.nix
./locales/en_GB.nix
./services/Legion.nix
];
networking = {
hostName = "Legion"; # Define your hostname.
nameservers = ["9.9.9.9"];
firewall = {enable = true;};
};
users.users.xenia = {
isNormalUser = true;
description = "Evie Litherland-Smith";
extraGroups = ["networkmanager" "wheel"];
shell = pkgs.fish;
openssh.authorizedKeys.keys = import ./auth/authorized_keys.nix;
};
home-manager.users.xenia = import ./home/Legion/xenia.nix;
system.autoUpgrade = {
enable = true;
allowReboot = false;
};
}

15
services/Legion.nix Normal file
View file

@ -0,0 +1,15 @@
{...}: {
imports = [
./adguardhome
./gitea
./nextcloud
./openvpn/Legion.nix
./sshd
./syncthing/Legion.nix
./terraria/windy_limbo_of_melancholy.nix
./traefik/adguardhome.nix
./traefik/gitea.nix
./traefik/nextcloud.nix
./traefik/qbittorrent.nix
];
}

71
services/openvpn/Legion.nix Normal file
View file

@ -0,0 +1,71 @@
{...}: let
# generate via openvpn --genkey --secret openvpn-laptop.key
client-key = "/root/openvpn.key";
domain = "vpn.xenia.me.uk";
vpn-dev = "tun0";
port = 1194;
in {
networking = {
nat = {
enable = true;
externalInterface = "enp42s0";
internalInterfaces = [vpn-dev];
};
firewall = {
trustedInterfaces = [vpn-dev];
allowedUDPPorts = [port];
};
};
services.openvpn = {
restartAfterSleep = true;
servers.xenia.config = ''
dev ${vpn-dev}
proto udp
ifconfig 10.8.0.1 10.8.0.2
secret ${client-key}
port ${toString port}
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
'';
};
environment.etc."openvpn/client.ovpn" = {
text = ''
dev tun
remote "${domain}"
ifconfig 10.8.0.2 10.8.0.1
port ${toString port}
redirect-gateway def1
cipher AES-256-CBC
auth-nocache
comp-lzo
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
secret [inline]
'';
mode = "600";
};
system.activationScripts.openvpn-addkey = ''
f="/etc/openvpn/client.ovpn"
if ! grep -q '<secret>' $f; then
echo "appending secret key"
echo "<secret>" >> $f
cat ${client-key} >> $f
echo "</secret>" >> $f
fi
'';
}

60
services/syncthing/Legion.nix Normal file
View file

@ -0,0 +1,60 @@
{...}: {
imports = [./default.nix ./devices];
services.syncthing = {
user = "xenia";
group = "users";
dataDir = "/var/lib/syncthing";
folders = {
"Archive" = {
path = "/var/lib/syncthing/archive";
devices = ["ion" "monarch" "northstar"];
enable = true;
};
"Books" = {
path = "/var/lib/syncthing/books";
devices = ["monarch" "northstar" "remarkable"];
enable = true;
};
"Camera" = {
path = "/var/lib/syncthing/camera";
devices = ["ion"];
enable = true;
};
"Comics" = {
path = "/home/xenia/Documents/Comics";
devices = ["ion" "monarch" "northstar"];
enable = true;
};
"Documents" = {
path = "/var/lib/syncthing/documents";
devices = ["monarch" "northstar"];
enable = true;
};
"Exports" = {
path = "/var/lib/syncthing/exports";
devices = ["monarch"];
enable = true;
};
"Movies" = {
path = "/var/lib/syncthing/movies";
devices = ["ion" "monarch" "northstar"];
enable = true;
};
"Notes" = {
path = "/home/xenia/notes";
devices = ["ion" "monarch" "northstar" "H0615"];
enable = true;
};
"Pictures" = {
path = "/var/lib/syncthing/pictures";
devices = ["ion" "monarch" "northstar"];
enable = true;
};
"Xochitl" = {
path = "/var/lib/syncthing/xochitl";
devices = ["remarkable"];
enable = true;
};
};
};
}