sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'development'

This commit is contained in:
Sam 2025-01-22 20:47:01 +00:00
parent daef8c69a5 d89fe5e5e7
commit 41e0737541
9 changed files with 58 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/common/optional/arion-containers/arrstack.nix
View File

@ -1,5 +1,4 @@
{config, ...}: {config, ...}: let
let
openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path; openVpnPwd = config.sops.secrets."software/proton/openvpn_password".path;
openVpnUser = config.sops.secrets."software/proton/openvpn_user".path; openVpnUser = config.sops.secrets."software/proton/openvpn_user".path;
in { in {
@ -8,6 +7,18 @@ in {
"software/proton/openvpn_user" = {}; "software/proton/openvpn_user" = {};
}; };
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
6887
];
allowedUDPPorts = [
6887
];
};
};
virtualisation.arion = { virtualisation.arion = {
backend = "podman-socket"; backend = "podman-socket";
projects.arrstack = { projects.arrstack = {
@ -31,6 +42,7 @@ in {
VPN_SERVICE_PROVIDER = "protonvpn"; VPN_SERVICE_PROVIDER = "protonvpn";
VPN_TYPE = "openvpn"; VPN_TYPE = "openvpn";
SERVER_COUNTRIES = "Switzerland"; SERVER_COUNTRIES = "Switzerland";
VPN_PORT_FORWARDING = "on";
}; };
devices = ["/dev/net/tun:/dev/net/tun"]; devices = ["/dev/net/tun:/dev/net/tun"];
}; };
@ -41,7 +53,7 @@ in {
restart = "always"; restart = "always";
volumes = [ volumes = [
"/srv/docker/media-server/arrstack/qbittorrent:/config" "/srv/docker/media-server/arrstack/qbittorrent:/config"
"/media/media:/media" "/media/media/downloads:/downloads"
]; ];
environment = { environment = {
TZ = "Europe/London"; TZ = "Europe/London";
@ -52,7 +64,6 @@ in {
}; };
network_mode = "service:gluetun"; network_mode = "service:gluetun";
}; };
}; };
}; };
}; };

8
hosts/common/optional/nixos-containers/baseddata-worker.nix
View File

@ -17,6 +17,14 @@ in {
]; ];
}; };
services.restic.backups = {
daily = {
paths = [
baseddataData
];
};
};
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"]; networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0"; networking.nat.externalInterface = "br0";

2
hosts/common/optional/nixos-containers/docker.nix
View File

@ -23,8 +23,6 @@ in {
paths = [ paths = [
dockerContainerData dockerContainerData
]; ];
exclude = [
];
}; };
}; };

2
hosts/common/optional/nixos-containers/metrics-server.nix
View File

@ -21,8 +21,6 @@ in {
paths = [ paths = [
metricsServerContainerData metricsServerContainerData
]; ];
exclude = [
];
}; };
}; };

10
hosts/common/optional/nixos-containers/nix-bitcoin.nix
View File

@ -10,6 +10,7 @@
containerIp = configVars.networking.addresses.bitcoin-node.ip; containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port; mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
bitcoinNodeContainerData = configVars.locations.bitcoinNodeContainerData; bitcoinNodeContainerData = configVars.locations.bitcoinNodeContainerData;
bitcoindData = configVars.locations.bitcoindData;
gatewayIp = configVars.networking.addresses.gateway.ip; gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip; allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
@ -19,10 +20,7 @@ in {
daily = { daily = {
paths = [ paths = [
bitcoinNodeContainerData bitcoinNodeContainerData
]; bitcoindData
exclude = [
"${bitcoinNodeContainerData}/bitcoind"
"${bitcoinNodeContainerData}/electrs"
]; ];
}; };
}; };
@ -48,6 +46,10 @@ in {
hostPath = bitcoinNodeContainerData; hostPath = bitcoinNodeContainerData;
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/bitcoind" = {
hostPath = bitcoindData;
isReadOnly = false;
};
}; };
config = { config = {

2
hosts/common/optional/nixos-containers/pihole.nix
View File

@ -21,8 +21,6 @@ in {
paths = [ paths = [
piholeContainerData piholeContainerData
]; ];
exclude = [
];
}; };
}; };

8
hosts/common/optional/nixos-containers/semitamaps-worker.nix
View File

@ -24,6 +24,14 @@ in {
]; ];
}; };
services.restic.backups = {
daily = {
paths = [
semitamapsData
];
};
};
containers."${containerName}" = { containers."${containerName}" = {
enableTun = true; enableTun = true;

10
hosts/merlin/default.nix
View File

@ -12,6 +12,8 @@
btrfsMountDevice = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f-part2"; btrfsMountDevice = "/dev/disk/by-id/wwn-0x5001b448b5f7cc7f-part2";
impermanence = true; impermanence = true;
homeshareDataLocation = configVars.locations.homeshareDataLocation;
piholeIp = configVars.networking.addresses.pihole.ip; piholeIp = configVars.networking.addresses.pihole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip; gatewayIp = configVars.networking.addresses.gateway.ip;
merlinIp = configVars.networking.addresses.merlin.ip; merlinIp = configVars.networking.addresses.merlin.ip;
@ -110,6 +112,14 @@ in {
]; ];
}; };
services.restic.backups = {
daily = {
paths = [
homeshareDataLocation
];
};
};
# Enable OpenGL # Enable OpenGL
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;

10
vars/default.nix
View File

@ -8,16 +8,16 @@
mediaDataMountPoint = "/media/media"; mediaDataMountPoint = "/media/media";
photosDataMountPoint = "/media/photos"; photosDataMountPoint = "/media/photos";
personalDataMountPoint = "/media/personal"; personalDataMountPoint = "/media/personal";
homeshareDataLocation = "/mnt/main-ssd/homeshare"; homeshareDataLocation = "/mnt/main-ssd/homeshare";
metricsServerContainerData = "/mnt/main-ssd/metrics-server"; metricsServerContainerData = "/mnt/main-ssd/metrics-server";
dockerContainerData = "/mnt/main-ssd/docker"; dockerContainerData = "/mnt/main-ssd/docker";
piholeContainerData = "/mnt/main-ssd/docker/pihole"; piholeContainerData = "/mnt/main-ssd/docker/pihole";
bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin";
backupContainerData = "/mnt/main-ssd/backup";
postgresContainerData = "/mnt/main-ssd/postgresql";
semitamapsData = "/mnt/main-ssd/semitamaps-data";
baseddataData = "/mnt/main-ssd/baseddata-data"; baseddataData = "/mnt/main-ssd/baseddata-data";
bitcoinNodeContainerData = "/mnt/main-ssd/nix-bitcoin";
bitcoindData = "/mnt/btcnode/bitcoind";
backupContainerData = "/mnt/deepzfs/backup";
postgresContainerData = "/mnt/nvme-zpool/postgresql";
semitamapsData = "/mnt/nvme-zpool/semitamaps-data";
}; };
} }