k/nixos_configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: k:5086aba84829303b6767f7c8d5d5c54a22c062c3
Branches Tags
k:master
..
compare: k:07eb383a26c01d6214cf26353d41776290c41c4b
Branches Tags
k:master

No commits in common. "5086aba84829303b6767f7c8d5d5c54a22c062c3" and "07eb383a26c01d6214cf26353d41776290c41c4b" have entirely different histories.
5086aba848 ... 07eb383a26

2 changed files with 36 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/server/configuration.nix
View file

@ -32,11 +32,6 @@
motd = "Welcome to the Server"; motd = "Welcome to the Server";
defaultUserShell = pkgs.zsh; defaultUserShell = pkgs.zsh;
users = { users = {
rodant = {
isNormalUser = true;
description = "llm user";
packages = with pkgs; [git python3 nodejs cargo ripgrep curl wget ffmpeg imagemagick texliveFull ];
};
k = { k = {
isNormalUser = true; isNormalUser = true;
description = "k"; description = "k";
@ -59,7 +54,7 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
microcode-intel microcodeIntel
firefox firefox
]; ];
@ -70,9 +65,10 @@
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver intel-media-driver
intel-vaapi-driver intel-vaapi-driver
libva-vdpau-driver vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
]; ];
}; };

165
hosts/server/service.nix
View file

@ -6,8 +6,8 @@
networking = { networking = {
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [80 443 51820 2020 26615]; allowedTCPPorts = [80 443 22 25565 26615 8080 53 19132];
allowedUDPPorts = [51820 24454 26615]; allowedUDPPorts = [26615 8080 1900 51820 53 19132];
}; };
nat.externalInterface = "wlp0s20f3"; nat.externalInterface = "wlp0s20f3";
nat.internalInterfaces = ["wg0"]; nat.internalInterfaces = ["wg0"];
@ -47,51 +47,11 @@
}; };
services = { services = {
openssh = { openssh = {enable = true;};
enable = true;
ports = [2020];
};
jellyfin = {enable = true;}; jellyfin = {enable = true;};
fail2ban = { fail2ban = {enable = true;};
enable = true;
jails = {
nginx-http-auth = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/error.log";
# "auto" or "polling" is required for file-based logs on NixOS
backend = "auto";
};
};
nginx-botsearch = {
settings = {
enabled = true;
port = "http,https";
logpath = "/var/log/nginx/access.log";
backend = "auto";
maxretry = 2;
};
};
recidive = {
settings = {
enabled = true;
port = "allports";
protocol = "all";
# Look for 'Ban' messages in fail2ban's own log
backend = "systemd";
#logpath = "/var/log/fail2ban.log";
#backend = "auto";
bantime = "1w"; # Ban for 1 week
findtime = "1d"; # Look back 1 day
maxretry = 5; # If they were banned 5 times in 24 hours
};
};
};
};
postgresql = {enable = true;}; postgresql = {enable = true;};
@ -102,68 +62,18 @@
secretKeyFile = "/var/cache-priv-key.pem"; secretKeyFile = "/var/cache-priv-key.pem";
}; };
prometheus = {
enable = true;
scrapeConfigs = [{
job_name = "ratchat-server";
static_configs = [{
targets = [ "127.0.0.1:9011" ];
}];
}];
};
grafana = {
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3000;
};
};
provision = {
enable = true;
datasources.settings.datasources = [{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:9090";
}];
};
};
ollama = { ollama = {
enable = true; enable = false;
package = pkgs.ollama-vulkan; package = pkgs.ollama-intel;
environmentVariables = {
GGML_VK_DISABLE_INTEGER_DOT_PRODUCT = "1";
OLLAMA_FLASH_ATTENTION = "1";
OLLAMA_VULKAN = "1";
OLLAMA_HOST = "0.0.0.0:11434";
};
};
anubis = {
defaultOptions = {
enable = true;
settings.SERVE_ROBOTS_TXT = true;
firewall.enabled = true;
firewall.block_openai = true;
firewall.block_google = true;
};
}; };
open-webui = { gitea = {
enable = true;
port = 5009;
};
forgejo = {
enable = true; enable = true;
settings = { settings = {
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
service.ENABLE_PUSH_CREATE_USER = true; service.ENABLE_PUSH_CREATE_USER = true;
server = { server = {
HTTP_PORT = 8001; HTTP_PORT = 8001;
SSH_PORT = 2020;
DOMAIN = "dhilton.xyz"; DOMAIN = "dhilton.xyz";
ROOT_URL = "https://git.dhilton.xyz"; ROOT_URL = "https://git.dhilton.xyz";
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;
@ -171,7 +81,6 @@ grafana = {
}; };
}; };
gitea-actions-runner.package = pkgs.forgejo-runner;
gitea-actions-runner.instances.home = { gitea-actions-runner.instances.home = {
enable = true; enable = true;
url = "https://git.dhilton.xyz"; url = "https://git.dhilton.xyz";
@ -187,8 +96,8 @@ grafana = {
}; };
home-assistant = { home-assistant = {
enable = true; enable = false;
extraComponents = ["wiz" "fail2ban" "ollama" "wyoming" "bluetooth" "ios" "homekit" "jellyfin" "apple_tv" "androidtv" "androidtv_remote"]; extraComponents = ["wiz" "fail2ban" "ollama" "wyoming" "androidtv" "androidtv_remote"];
config = { config = {
default_config = {}; default_config = {};
"automation ui" = "!include automations.yaml"; "automation ui" = "!include automations.yaml";
@ -202,12 +111,12 @@ grafana = {
wyoming = { wyoming = {
piper.servers."piperNix" = { piper.servers."piperNix" = {
enable = true; enable = false;
uri = "tcp://0.0.0.0:10200"; uri = "tcp://0.0.0.0:10200";
voice = "en-us-ryan-low"; voice = "en-us-ryan-low";
}; };
faster-whisper.servers."whisperNix" = { faster-whisper.servers."whisperNix" = {
enable = true; enable = false;
uri = "tcp://0.0.0.0:10300"; uri = "tcp://0.0.0.0:10300";
language = "en"; language = "en";
}; };
@ -222,18 +131,30 @@ grafana = {
}; };
}; };
akkoma = {
enable = true;
initDb.enable = true;
config = {
":pleroma" = {
":instance" = {
name = "dhilton fedi";
description = "dhilton akkoma server";
email = "markers711@gmail.com";
registration_open = false;
};
"Pleroma.Web.Endpoint" = {url.host = "fed.dhilton.xyz";};
};
};
nginx = {
enableACME = true;
forceSSL = true;
};
};
nginx = { nginx = {
enable = true; enable = true;
commonHttpConfig = ''
map $http_authorization $is_allowed_user {
default 0;
"Bearer ratToken" 1;
"Bearer notRatToken" 1;
}
'';
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
clientMaxBodySize = "4g";
virtualHosts = { virtualHosts = {
"dhilton.xyz" = { "dhilton.xyz" = {
@ -260,17 +181,6 @@ commonHttpConfig = ''
}; };
}; };
"rat.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9011";
extraConfig = ''
if ($is_allowed_user = 0) { return 401; }
'';
};
};
"hom.dhilton.xyz" = { "hom.dhilton.xyz" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -289,20 +199,11 @@ extraConfig = ''
}; };
}; };
"oai.dhilton.xyz" = { "map.dhilton.xyz" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:5009"; proxyPass = "http://127.0.0.1:8100";
proxyWebsockets = true;
};
};
"gfa.dhilton.xyz" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };