ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

many updates to lio and o001

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-04-25 08:59:32 -05:00
parent 214e6f289d
commit 06fe42789a
9 changed files with 230 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/oracle/o001/flake.lock generated
View file

@ -32,11 +32,11 @@
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1744320364,
"narHash": "sha256-nPIcgKhnK2hoLs00dNCNBiyyjKgR0aVbene/rXUKjKo=",
"lastModified": 1745444238,
"narHash": "sha256-zT1T9zC7dr+HApuC390eQHPpCJq4vYvOwYSq507DtFA=",
"ref": "refs/heads/master",
"rev": "dc9f1a278be4e7551275baa4ac636a203ea1f3f3",
"revCount": 396,
"rev": "214e6f289da1e888ff547aff173aaffc8517092b",
"revCount": 399,
"type": "git",
"url": "https://git.joshuabell.xyz/dotfiles"
},
@ -143,11 +143,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1742234739,
"narHash": "sha256-zFL6zsf/5OztR1NSNQF33dvS1fL/BzVUjabZq4qrtY4=",
"lastModified": 1744743431,
"narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=",
"owner": "rycee",
"repo": "home-manager",
"rev": "f6af7280a3390e65c2ad8fd059cdc303426cbd59",
"rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387",
"type": "github"
},
"original": {
@ -198,11 +198,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1742069588,
"narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=",
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"type": "github"
},
"original": {

4
hosts/oracle/o001/flake.nix
View file

@ -48,6 +48,9 @@
./nginx.nix
./containers/vaultwarden.nix
./containers/opengist.nix
./mods/postgresql.nix
./mods/atuin.nix
./mods/rustdesk-server.nix
(
{ pkgs, ... }:
{
@ -82,6 +85,7 @@
homeManager = {
users = {
root = {
programs.atuin.settings.sync_address = "http://localhost:8888";
imports = with common.homeManagerModules; [
tmux
atuin

24
hosts/oracle/o001/mods/atuin.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
...
}:
{
services.atuin = {
enable = true;
openRegistration = false;
openFirewall = false;
host = "127.0.0.1";
port = 8888;
};
services.nginx.virtualHosts."atuin.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${builtins.toString config.services.atuin.port}";
};
};
};
}

28
hosts/oracle/o001/mods/postgresql.nix Normal file
View file

@ -0,0 +1,28 @@
{
pkgs,
...
}:
{
services.postgresql = {
enable = true;
package = pkgs.postgresql_17.withJIT;
enableJIT = true;
extensions = with pkgs.postgresql17Packages; [
# NOTE add extensions here
pgvector
postgis
pgsodium
pg_squeeze
];
authentication = ''
local all all trust
host all all 127.0.0.1/8 trust
host all all ::1/128 trust
host all all 192.168.100.0/24 trust
'';
};
services.postgresqlBackup = {
enable = true;
};
}

31
hosts/oracle/o001/mods/rustdesk-server.nix Normal file
View file

@ -0,0 +1,31 @@
{
...
}:
let
TailscaleInterface = "tailscale0";
TCPPorts = [
21115
21116
21117
21118
21119
];
UDPPorts = [ 21116 ];
in
{
services = {
rustdesk-server = {
enable = true;
relay.enable = true;
signal.enable = true;
# Instead we only allow this on the tailnet IP range
openFirewall = false;
signal.relayHosts = [ "localhost" ];
};
};
networking.firewall.interfaces."${TailscaleInterface}" = {
allowedTCPPorts = TCPPorts;
allowedUDPPorts = UDPPorts;
};
}

103
hosts/oracle/o001/nginx.nix
View file

@ -30,52 +30,73 @@
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
# Redirect self IP to domain
"64.181.210.7" = {
locations."/" = {
return = "301 https://o001.joshuabell.xyz";
};
};
"o001.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/wasabi" = {
proxyPass = "http://192.168.100.11/";
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
virtualHosts =
let
tailnetConfig = {
locations = {
"/" = {
extraConfig = ''
default_type text/html;
return 200 '
<html>
jRmvVcy0mlTrVJGiPMHsiCF6pQ2JCDNe2LiYJwcwgm8=
</html>
';
'';
};
};
"/" = {
# return = "200 '<html>Hello World</html>'";
extraConfig = ''
default_type text/html;
return 200 '
<html>
<body style="width:100vw;height:100vh;overflow:hidden">
<div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
In the void you roam,</br>
A page that cannot be found-</br>
Turn back, seek anew.
</div>
</body>
</html>
';
'';
};
in
{
# Redirect self IP to domain
"64.181.210.7" = {
locations."/" = {
return = "301 https://o001.joshuabell.xyz";
};
};
"o001.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations = {
"/wasabi" = {
proxyPass = "http://192.168.100.11/";
extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break;
'';
};
"/" = {
# return = "200 '<html>Hello World</html>'";
extraConfig = ''
default_type text/html;
return 200 '
<html>
<body style="width:100vw;height:100vh;overflow:hidden">
<div style="display: flex;width:100vw;height:100vh;justify-content: center;align-items:center;text-align:center;overflow:hidden">
In the void you roam,</br>
A page that cannot be found-</br>
Turn back, seek anew.
</div>
</body>
</html>
';
'';
};
};
};
"100.64.0.11" = tailnetConfig;
"o001.net.joshuabell.xyz" = tailnetConfig;
"_" = {
default = true;
locations."/" = {
return = "404"; # 404 for not found or 444 for drop
};
};
};
"_" = {
default = true;
locations."/" = {
return = "404"; # 404 for not found or 444 for drop
};
};
};
};
networking.firewall.allowedTCPPorts = [