k/nixos_configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: k:07eb383a26c01d6214cf26353d41776290c41c4b
Branches Tags
k:master
...
compare: k:5086aba84829303b6767f7c8d5d5c54a22c062c3
Branches Tags
k:master

13 commits
07eb383a26 ... 5086aba848

Author SHA1 Message Date
k
5086aba848 Merge branch 'master' of ssh://git.dhilton.xyz:2020/k/nixos_configs
Some checks failed
Verify Nix Flake / verify_build (push) Failing after 2s
Details
2026-05-10 15:49:41 -04:00
k
e737bbcbf4 Add rodant user 2026-05-10 15:49:00 -04:00
k
b8fe345989 remove akkoma 2026-05-10 15:48:48 -04:00
k
0e1f86d230 add gra endpoint 2026-05-10 15:48:29 -04:00
k
87dadbdcfc Renable home manager 2026-05-10 15:48:00 -04:00
k
e6bef7bf70 Some ratchat tweeks 2026-05-10 15:47:26 -04:00
k
abba34b8ec Ollama 2026-05-10 15:46:17 -04:00
k
d49f8611d5 gitea -> forgejo 2026-05-10 15:44:55 -04:00
k
6e69171320 port and fail2ban update 2026-05-10 15:42:33 -04:00
k
37d2d2c2d6 change ssh port 2026-05-10 15:37:29 -04:00
k
26a60e0df8 Merge branch 'master' of https://git.dhilton.xyz/k/nixos_configs 2026-01-28 06:04:59 +00:00
k
dfd41745bc minor update 2026-01-28 06:04:57 +00:00
k
1da6dc34eb added mlflow 2026-01-28 06:04:26 +00:00
2 changed files with 139 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/server/configuration.nix
View file

@ -32,6 +32,11 @@
motd = "Welcome to the Server"; motd = "Welcome to the Server";
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
rodant = {
isNormalUser = true;
description = "llm user";
packages = with pkgs; [git python3 nodejs cargo ripgrep curl wget ffmpeg imagemagick texliveFull ];
};
k = { k = {
isNormalUser = true; isNormalUser = true;
description = "k"; description = "k";
@ -54,7 +59,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
microcodeIntel microcode-intel
firefox firefox
]; ];
@ -65,10 +70,9 @@
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
intel-vaapi-driver intel-vaapi-driver
vaapiVdpau libva-vdpau-driver
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
]; ];
}; };

165
hosts/server/service.nix
View file

@ -6,8 +6,8 @@
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443 22 25565 26615 8080 53 19132]; allowedTCPPorts = [80 443 51820 2020 26615];
allowedUDPPorts = [26615 8080 1900 51820 53 19132]; allowedUDPPorts = [51820 24454 26615];
}; };
nat.externalInterface = "wlp0s20f3"; nat.externalInterface = "wlp0s20f3";
nat.internalInterfaces = ["wg0"]; nat.internalInterfaces = ["wg0"];
@ -47,11 +47,51 @@
}; };
services = { services = {
openssh = {enable = true;}; openssh = {
enable = true;
ports = [2020];
};
jellyfin = {enable = true;}; jellyfin = {enable = true;};
fail2ban = {enable = true;}; fail2ban = {
enable = true;
jails = {
nginx-http-auth = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/error.log";
# "auto" or "polling" is required for file-based logs on NixOS
backend = "auto";
};
};
nginx-botsearch = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/access.log";
backend = "auto";
maxretry = 2;
};
};
recidive = {
settings = {
enabled = true;
port = "allports";
protocol = "all";
# Look for 'Ban' messages in fail2ban's own log
backend = "systemd";
#logpath = "/var/log/fail2ban.log";
#backend = "auto";
bantime = "1w"; # Ban for 1 week
findtime = "1d"; # Look back 1 day
maxretry = 5; # If they were banned 5 times in 24 hours
};
};
};
};
postgresql = {enable = true;}; postgresql = {enable = true;};
@ -62,18 +102,68 @@
secretKeyFile = "/var/cache-priv-key.pem"; secretKeyFile = "/var/cache-priv-key.pem";
}; };
prometheus = {
enable = true;
scrapeConfigs = [{
job_name = "ratchat-server";
static_configs = [{
targets = [ "127.0.0.1:9011" ];
}];
}];
};
grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3000;
};
};
provision = {
enable = true;
datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:9090";
}];
};
};
ollama = { ollama = {
enable = false; enable = true;
package = pkgs.ollama-intel; package = pkgs.ollama-vulkan;
environmentVariables = {
GGML_VK_DISABLE_INTEGER_DOT_PRODUCT = "1";
OLLAMA_FLASH_ATTENTION = "1";
OLLAMA_VULKAN = "1";
OLLAMA_HOST = "0.0.0.0:11434";
};
};
anubis = {
defaultOptions = {
enable = true;
settings.SERVE_ROBOTS_TXT = true;
firewall.enabled = true;
firewall.block_openai = true;
firewall.block_google = true;
};
}; };
gitea = { open-webui = {
enable = true;
port = 5009;
};
forgejo = {
enable = true; enable = true;
settings = { settings = {
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
service.ENABLE_PUSH_CREATE_USER = true; service.ENABLE_PUSH_CREATE_USER = true;
server = { server = {
HTTP_PORT = 8001; HTTP_PORT = 8001;
SSH_PORT = 2020;
DOMAIN = "dhilton.xyz"; DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz"; ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
@ -81,6 +171,7 @@
}; };
}; };
gitea-actions-runner.package = pkgs.forgejo-runner;
gitea-actions-runner.instances.home = { gitea-actions-runner.instances.home = {
enable = true; enable = true;
url = "https://git.dhilton.xyz"; url = "https://git.dhilton.xyz";
@ -96,8 +187,8 @@
}; };
home-assistant = { home-assistant = {
enable = false; enable = true;
extraComponents = ["wiz" "fail2ban" "ollama" "wyoming" "androidtv" "androidtv_remote"]; extraComponents = ["wiz" "fail2ban" "ollama" "wyoming" "bluetooth" "ios" "homekit" "jellyfin" "apple_tv" "androidtv" "androidtv_remote"];
config = { config = {
default_config = {}; default_config = {};
"automation ui" = "!include automations.yaml"; "automation ui" = "!include automations.yaml";
@ -111,12 +202,12 @@
wyoming = { wyoming = {
piper.servers."piperNix" = { piper.servers."piperNix" = {
enable = false; enable = true;
uri = "tcp://0.0.0.0:10200"; uri = "tcp://0.0.0.0:10200";
voice = "en-us-ryan-low"; voice = "en-us-ryan-low";
}; };
faster-whisper.servers."whisperNix" = { faster-whisper.servers."whisperNix" = {
enable = false; enable = true;
uri = "tcp://0.0.0.0:10300"; uri = "tcp://0.0.0.0:10300";
language = "en"; language = "en";
}; };
@ -131,30 +222,18 @@
}; };
}; };
akkoma = {
enable = true;
initDb.enable = true;
config = {
":pleroma" = {
":instance" = {
name = "dhilton fedi";
description = "dhilton akkoma server";
email = "markers711@gmail.com";
registration_open = false;
};
"Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";};
};
};
nginx = {
enableACME = true;
forceSSL = true;
};
};
nginx = { nginx = {
enable = true; enable = true;
commonHttpConfig = ''
map $http_authorization $is_allowed_user {
default 0;
"Bearer ratToken" 1;
"Bearer notRatToken" 1;
}
'';
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
clientMaxBodySize = "4g";
virtualHosts = { virtualHosts = {
"dhilton.xyz" = { "dhilton.xyz" = {
@ -181,6 +260,17 @@
}; };
}; };
"rat.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9011";
extraConfig = ''
if ($is_allowed_user = 0) { return 401; }
'';
};
};
"hom.dhilton.xyz" = { "hom.dhilton.xyz" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -199,11 +289,20 @@
}; };
}; };
"map.dhilton.xyz" = { "oai.dhilton.xyz" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8100"; proxyPass = "http://127.0.0.1:5009";
proxyWebsockets = true;
};
};
"gfa.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };