sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: sam:2533603b65d4a3e898154586fd6f0ad7aac90901
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules
..
compare: sam:37901f39373eed5a072882453e2d18898af2e8be
Branches Tags
sam:master
sam:bitcoin
sam:docker
sam:docker-entrypoint
sam:incus
sam:lxd
sam:nebula
sam:overseer
sam:disko
sam:development
sam:change-decrypt-key
sam:media
sam:impermanence
sam:fileserver-host
sam:sops
sam:modules

No commits in common. "2533603b65d4a3e898154586fd6f0ad7aac90901" and "37901f39373eed5a072882453e2d18898af2e8be" have entirely different histories.
2533603b65 ... 37901f3937

3 changed files with 65 additions and 96 deletions
Show Stats Expand all files Collapse all files

78
flake.lock
View File

@ -185,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727826117, "lastModified": 1722555600,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -230,11 +230,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727854478, "lastModified": 1724857454,
"narHash": "sha256-/odH2nUMAwkMgOS2nG2z0exLQNJS4S2LfMW0teqU7co=", "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "5f58871c9657b5fc0a7f65670fe2ba99c26c1d79", "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -310,11 +310,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1720042825,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1720042825,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -348,11 +348,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1727649413, "lastModified": 1724489415,
"narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=", "narHash": "sha256-ey8vhwY/6XCKoh7fyTn3aIQs7WeYSYtLbYEG87VCzX4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "d0b38e550039a72aff896ee65b0918e975e6d48e", "rev": "c7f5b394397398c023000cf843986ee2571a1fd7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -412,11 +412,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727707210, "lastModified": 1724561770,
"narHash": "sha256-8XZp5XO2FC6INZEZ2WlwErtvFVpl45ACn8CJ2hfTA0Y=", "narHash": "sha256-zv8C9RNa86CIpyHwPIVO/k+5TfM8ZbjGwOOpTe1grls=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "f61d5f2051a387a15817007220e9fb3bbead57b3", "rev": "ac5694a0b855a981e81b4d9f14052e3ff46ca39e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -474,11 +474,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1725762081, "lastModified": 1721524707,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=", "narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05", "rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -506,11 +506,11 @@
}, },
"nixpkgs-unstable_2": { "nixpkgs-unstable_2": {
"locked": { "locked": {
"lastModified": 1728018373, "lastModified": 1724819573,
"narHash": "sha256-NOiTvBbRLIOe5F6RbHaAh6++BNjsb149fGZd1T4+KBg=", "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bc947f541ae55e999ffdb4013441347d83b00feb", "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -522,11 +522,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1728067476, "lastModified": 1724855419,
"narHash": "sha256-/uJcVXuBt+VFCPQIX+4YnYrHaubJSx4HoNsJVNRgANM=", "narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6e6b3dd395c3b1eb9be9f2d096383a8d05add030", "rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -550,11 +550,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1728083208, "lastModified": 1724910205,
"narHash": "sha256-jaoWQm2+oAUDU1ft+RWrxcgc/4lHGE0AkZlIBiVjQiQ=", "narHash": "sha256-eH2yPsTkaGp87rtxATx9d2dGBQUXH3kQPEOTKmaEb0s=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "e246bd57da2a09b18b0667f7de40dc1c55a94667", "rev": "d150ce320e4eda99d8865bbd4c74ee8c47a88097",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -566,11 +566,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1728121595, "lastModified": 1725083573,
"narHash": "sha256-e9kRLdv2D4Lk6obeLEzm/m2TYcnZuMnVtqtQUKBCMVs=", "narHash": "sha256-F9WeDQi+U1+y6BDGvW8PYyi9LALbpo4DlpzfZONh5a0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "b638dbc3cd5ecae15140d2de7897dc9395cd128e", "rev": "83ead973ba76b6ecf2d72dff9b60b56749e29518",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -603,11 +603,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1727734513, "lastModified": 1723501126,
"narHash": "sha256-i47LQwoGCVQq4upV2YHV0OudkauHNuFsv306ualB/Sw=", "narHash": "sha256-N9IcHgj/p1+2Pvk8P4Zc1bfrMwld5PcosVA0nL6IGdE=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3198a242e547939c5e659353551b0668ec150268", "rev": "be0eec2d27563590194a9206f551a6f73d52fa34",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -639,11 +639,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727984844, "lastModified": 1724833132,
"narHash": "sha256-xpRqITAoD8rHlXQafYZOLvUXCF6cnZkPfoq67ThN0Hc=", "narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "4446c7a6fc0775df028c5a3f6727945ba8400e64", "rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
"type": "github" "type": "github"
}, },
"original": { "original": {

49
hosts/common/optional/nix-bitcoin.nix
View File

@ -20,15 +20,16 @@ in {
networking.nat.enable = true; networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"]; networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0"; networking.nat.externalInterface = "eth0";
# networking.firewall.enable = true; networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [80 443 22]; networking.firewall.allowedTCPPorts = [80 443 22];
# networking.firewall.trustedInterfaces = ["ve-btcnode"]; networking.firewall.trustedInterfaces = ["ve-+" "ve-bitcoin-node"];
containers.bitcoin-node = { containers.bitcoin-node = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostBridge = "br0"; hostAddress = "10.0.21.1";
localAddress = "10.0.21.2";
nixpkgs = pkgs.path; nixpkgs = pkgs.path;
bindMounts = { bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = { "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
@ -47,31 +48,19 @@ in {
hostPath = "${bitcoin-HMAC-public}"; hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/bitcoind" = { "/var/lib/nix-bitcoin" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind"; hostPath = "/media/main-ssd/nix-bitcoin";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
isReadOnly = false; isReadOnly = false;
}; };
}; };
# forwardPorts = [ forwardPorts = [
# { {
# containerPort = 50001; containerPort = 80;
# hostPort = 50001; hostPort = 8080;
# protocol = "tcp"; protocol = "tcp";
# } }
# ]; ];
config = { config = {
pkgs, pkgs,
@ -87,8 +76,6 @@ in {
jq jq
]; ];
networking = { networking = {
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [ { "address" = "10.0.10.4"; "prefixLength" = 24; } ];
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
@ -97,7 +84,6 @@ in {
22 22
config.containers.bitcoin-node.config.services.bitcoind.rpc.port config.containers.bitcoin-node.config.services.bitcoind.rpc.port
config.containers.bitcoin-node.config.services.mempool.frontend.port config.containers.bitcoin-node.config.services.mempool.frontend.port
config.containers.bitcoin-node.config.services.electrs.port
]; ];
}; };
useHostResolvConf = lib.mkForce false; useHostResolvConf = lib.mkForce false;
@ -126,7 +112,7 @@ in {
tor.proxy = true; tor.proxy = true;
tor.enforce = true; tor.enforce = true;
enable = true; enable = true;
dataDir = "/var/lib/bitcoind"; dataDir = "/var/lib/nix-bitcoin/bitcoind";
dbCache = 5000; dbCache = 5000;
txindex = true; txindex = true;
rpc = { rpc = {
@ -148,8 +134,7 @@ in {
electrs = { electrs = {
tor.enforce = true; tor.enforce = true;
enable = true; enable = true;
dataDir = "/var/lib/electrs"; dataDir = "/var/lib/nix-bitcoin/electrs";
address = "0.0.0.0";
}; };
mempool = { mempool = {
enable = true; enable = true;

34
hosts/semita/default.nix
View File

@ -47,7 +47,6 @@ in {
../common/optional/nfs-mounts/homeshare.nix ../common/optional/nfs-mounts/homeshare.nix
../common/optional/printing.nix ../common/optional/printing.nix
../common/optional/docker ../common/optional/docker
../common/optional/docker/postgres.nix
../common/optional/nix-bitcoin.nix ../common/optional/nix-bitcoin.nix
]; ];
@ -87,35 +86,20 @@ in {
networking = { networking = {
hostName = "semita"; hostName = "semita";
nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"]; nameservers = ["10.0.10.60" "8.8.8.8"];
defaultGateway = "10.0.10.1"; interfaces.eth0 = {
useDHCP = false; useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [ ipv4.addresses = [
{ {
"address" = "10.0.10.3"; address = "10.0.10.3";
"prefixLength" = 24; prefixLength = 24;
} }
]; ];
}; };
# interfaces.br0 = { defaultGateway = {
# useDHCP = false; address = "10.0.10.1";
# ipv4.addresses = [ interface = "eth0";
# { };
# address = "10.0.10.3";
# prefixLength = 24;
# }
# ];
# };
# defaultGateway = {
# address = "10.0.10.1";
# interface = "eth0";
# };
}; };
services.libinput.enable = true; services.libinput.enable = true;