bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nix fmt rfc style (more or less)

Browse source
This commit is contained in:
Filippo Berto 2024-08-13 12:22:23 +02:00
parent e7496c447a
commit 515f098644
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
146 changed files with 2607 additions and 906 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/nixos/basics/btrfs-scrub.nix
View file

@ -2,10 +2,8 @@
let
inherit (builtins) mapAttrs attrValues;
inherit (lib) filterAttrs unique;
btrfsFileSystems =
filterAttrs (_k: v: v.fsType == "btrfs") config.fileSystems;
btrfsDevices =
unique (attrValues (mapAttrs (_: v: v.device) btrfsFileSystems));
btrfsFileSystems = filterAttrs (_k: v: v.fsType == "btrfs") config.fileSystems;
btrfsDevices = unique (attrValues (mapAttrs (_: v: v.device) btrfsFileSystems));
in
{
services.btrfs.autoScrub = {

5
modules/nixos/basics/distributed.nix
View file

@ -3,7 +3,10 @@
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-users = [ "root" "@wheel" ];
trusted-users = [
"root"
"@wheel"
];
trusted-public-keys = [
"thor:yRx3HglIxjUYocp4/jAP9dPWxWBEpgP6hqj1ofEfn1A="

4
modules/nixos/basics/fstrim.nix
View file

@ -1,3 +1 @@
{
services.fstrim.enable = true;
}
{ services.fstrim.enable = true; }

4
modules/nixos/basics/fwupd.nix
View file

@ -1,3 +1 @@
{
services.fwupd.enable = true;
}
{ services.fwupd.enable = true; }

3
modules/nixos/basics/remote-deploy.nix
View file

@ -1,4 +1,5 @@
{ lib, ... }: {
{ lib, ... }:
{
services.openssh = {
enable = true;
openFirewall = true;

6
modules/nixos/basics/tailscale.nix
View file

@ -1,7 +1,11 @@
{ lib, ... }:
let
hosts = import ../../../hosts.nix;
tailscale_hosts = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair v [ k ]) hosts.tailscale.ipv4;
tailscale_hosts = lib.attrsets.mapAttrs'
(
k: v: lib.attrsets.nameValuePair v [ k ]
)
hosts.tailscale.ipv4;
in
{
services.tailscale = {

6
modules/nixos/basics/zerotier.nix
View file

@ -1,7 +1,11 @@
{ lib, ... }:
let
hosts = import ../../../hosts.nix;
zerotier_hosts = lib.attrsets.mapAttrs' (k: v: lib.attrsets.nameValuePair v [ k ]) hosts.zerotier.ipv4;
zerotier_hosts = lib.attrsets.mapAttrs'
(
k: v: lib.attrsets.nameValuePair v [ k ]
)
hosts.zerotier.ipv4;
in
{
services.zerotierone = {

61
modules/nixos/big_data.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, modulesPath, ... }:
{ config
, lib
, pkgs
, modulesPath
, ...
}:
let
# setup_script = ''
# sudo mkdir -p /hdfs
@ -18,16 +23,18 @@ let
# '';
hadoop_keytab_path = "/etc/hadoop.keytab";
spark_keytab_path = "/etc/spark.keytab";
pysparkPackageSelector = p: with p; [ numpy pyspark ];
pysparkPackageSelector =
p: with p; [
numpy
pyspark
];
pysparkEnv = pkgs.python3.withPackages pysparkPackageSelector;
hadoopConf = import (modulesPath + "/services/cluster/hadoop/conf.nix") {
inherit pkgs lib;
cfg = config.services.hadoop;
};
hadoopConfDir = "${hadoopConf}/";
spark = pkgs.spark.override {
extraPythonPackages = pysparkPackageSelector pkgs.python3.pkgs;
};
spark = pkgs.spark.override { extraPythonPackages = pysparkPackageSelector pkgs.python3.pkgs; };
sparkConfDir = pkgs.stdenv.mkDerivation {
name = "spark-conf";
dontUnpack = true;
@ -81,7 +88,13 @@ in
{
networking = {
hosts = { "127.0.0.1" = [ "ds.my.engine" "kdc.my.engine" "my.engine" ]; };
hosts = {
"127.0.0.1" = [
"ds.my.engine"
"kdc.my.engine"
"my.engine"
];
};
};
@ -136,14 +149,12 @@ in
# NAME NODE SECURITY
"dfs.namenode.keytab.file" = hadoop_keytab_path;
"dfs.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
"dfs.namenode.kerberos.internal.spnego.principal" =
"HTTP/my.engine@MY.ENGINE";
"dfs.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
# SECONDARY NAME NODE SECURITY
"dfs.secondary.namenode.keytab.file" = hadoop_keytab_path;
"dfs.secondary.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
"dfs.secondary.namenode.kerberos.internal.spnego.principal" =
"HTTP/my.engine@MY.ENGINE";
"dfs.secondary.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
# DATA NODE SECURITY
"dfs.datanode.keytab.file" = hadoop_keytab_path;
@ -157,8 +168,7 @@ in
"dfs.webhdfs.enabled" = "true";
# WEB AUTHENTICATION CONFIG
"dfs.web.authentication.kerberos.principal" =
"HTTP/my.engine@MY.ENGINE";
"dfs.web.authentication.kerberos.principal" = "HTTP/my.engine@MY.ENGINE";
"dfs.web.authentication.kerberos.keytab" = hadoop_keytab_path;
"ignore.secure.ports.for.testing" = "true";
"dfs.http.policy" = "HTTP_ONLY";
@ -175,20 +185,15 @@ in
yarnSite = {
"yarn.nodemanager.admin-env" = "PATH=$PATH";
"yarn.nodemanager.aux-services" = "mapreduce_shuffle";
"yarn.nodemanager.aux-services.mapreduce_shuffle.class" =
"org.apache.hadoop.mapred.ShuffleHandler";
"yarn.nodemanager.aux-services.mapreduce_shuffle.class" = "org.apache.hadoop.mapred.ShuffleHandler";
"yarn.nodemanager.bind-host" = "0.0.0.0";
"yarn.nodemanager.container-executor.class" =
"org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
"yarn.nodemanager.env-whitelist" =
"JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
"yarn.nodemanager.container-executor.class" = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
"yarn.nodemanager.env-whitelist" = "JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
"yarn.nodemanager.linux-container-executor.group" = "hadoop";
"yarn.nodemanager.linux-container-executor.path" =
"/run/wrappers/yarn-nodemanager/bin/container-executor";
"yarn.nodemanager.linux-container-executor.path" = "/run/wrappers/yarn-nodemanager/bin/container-executor";
"yarn.nodemanager.log-dirs" = "/var/log/hadoop/yarn/nodemanager";
"yarn.resourcemanager.bind-host" = "0.0.0.0";
"yarn.resourcemanager.scheduler.class" =
"org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
"yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
"yarn.resourcemanager.keytab" = hadoop_keytab_path;
"yarn.resourcemanager.principal" = "rm/my.engine@MY.ENGINE";
@ -200,14 +205,12 @@ in
"yarn.scheduler.capacity.root.queues" = "default";
"yarn.scheduler.capacity.root.default.capacity" = 100;
# "yarn.scheduler.capacity.root.default.state" = "RUNNING";
"yarn.scheduler.capacity.root.acl_submit_applications" =
"hadoop,yarn,mapred,hdfs";
"yarn.scheduler.capacity.root.acl_submit_applications" = "hadoop,yarn,mapred,hdfs";
};
httpfsSite = {
"kerberos.realm" = "MY.ENGINE";
"httpfs.authentication.type" = "kerberos";
"httpfs.authentication.kerberos.principal " =
"HTTP/my.engine@MY.ENGINE";
"httpfs.authentication.kerberos.principal " = "HTTP/my.engine@MY.ENGINE";
"httpfs.authentication.kerberos.keytab" = hadoop_keytab_path;
"httpfs.hadoop.kerberos.principal " = "HTTP/my.engine@MY.ENGINE";
"httpfs.hadoop.kerberos.keytab" = hadoop_keytab_path;
@ -312,10 +315,8 @@ in
User = "spark";
Group = "spark";
WorkingDirectory = "${pkgs.spark}/lib/${pkgs.spark.untarDir}";
ExecStart =
"${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/start-history-server.sh";
ExecStop =
"${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/stop-history-server.sh";
ExecStart = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/start-history-server.sh";
ExecStop = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/stop-history-server.sh";
TimeoutSec = 300;
StartLimitBurst = 10;
Restart = "always";

11
modules/nixos/defcon.nix
View file

@ -9,11 +9,16 @@
"maitre.cb.cloud.mhackeroni.it"
"accountant.cb.cloud.mhackeroni.it"
];
"10.100.0.150" =
[ "flowgui.cloud.mhackeroni.it" "smb.cloud.mhackeroni.it" ];
"10.100.0.150" = [
"flowgui.cloud.mhackeroni.it"
"smb.cloud.mhackeroni.it"
];
"10.100.0.200" = [ "tunniceddu.cloud.mhackeroni.it" ];
"10.100.0.250" = [ "rev.cloud.mhackeroni.it" ];
"10.100.0.66" = [ "attackerbackup.cloud.mhackeroni.it" ];
"192.168.128.1" = [ "smb.hotel.mhackeroni.it" "rev.hotel.mhackeroni.it" ];
"192.168.128.1" = [
"smb.hotel.mhackeroni.it"
"rev.hotel.mhackeroni.it"
];
};
}

9
modules/nixos/dnsmasq.nix
View file

@ -1,8 +1,7 @@
let
blocklist = builtins.fetchurl {
sha256 = "sha256:16xcx2z8ziv2fbqhr4ajayxblcs4i1ckrwnf50iina9asgia18za";
url =
"https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
url = "https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt";
};
in
{
@ -11,7 +10,11 @@ in
services.dnsmasq = {
enable = true;
servers = [ "1.1.1.1" "8.8.8.8" "8.8.4.4" ];
servers = [
"1.1.1.1"
"8.8.8.8"
"8.8.4.4"
];
extraConfig = ''
cache-size=10000
log-queries

17
modules/nixos/garage.nix
View file

@ -1,7 +1,18 @@
{ pkgs, config, lib, ... }: {
{ pkgs
, config
, lib
, ...
}:
{
users.groups.garage = { };
users.users.garage = { isSystemUser = true; group = "garage"; };
age.secrets.garage_rpc_secret = { file = ../../secrets/garage_rpc_secret.age; owner = "garage"; };
users.users.garage = {
isSystemUser = true;
group = "garage";
};
age.secrets.garage_rpc_secret = {
file = ../../secrets/garage_rpc_secret.age;
owner = "garage";
};
networking.firewall.allowedTCPPorts = [
3900

3
modules/nixos/hyprland.nix
View file

@ -1,4 +1,5 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
programs.hyprland = {
enable = true;
package = pkgs.unstable_pkgs.hyprland;

14
modules/nixos/k3s.nix
View file

@ -1,13 +1,17 @@
{
services.k3s = { enable = true; };
services.k3s = {
enable = true;
};
networking.firewall = {
allowedTCPPorts = [
6443 # Kubernetes API
];
allowedTCPPortRanges = [{
from = 9000;
to = 15000;
}];
allowedTCPPortRanges = [
{
from = 9000;
to = 15000;
}
];
};
}

13
modules/nixos/kavita.nix
View file

@ -1,8 +1,15 @@
{ lib, config, ... }: {
{ lib, config, ... }:
{
age.secrets.kavita_token = { file = ../../secrets/kavita_token.age; owner = "kavita"; };
age.secrets.kavita_token = {
file = ../../secrets/kavita_token.age;
owner = "kavita";
};
services.kavita = { enable = true; tokenKeyFile = config.age.secrets.kavita_token.path; };
services.kavita = {
enable = true;
tokenKeyFile = config.age.secrets.kavita_token.path;
};
networking.firewall.allowedTCPPorts = lib.optionals config.services.kavita.enable [
config.services.kavita.port

16
modules/nixos/mind.nix
View file

@ -2,11 +2,17 @@
services.postgresql = {
enable = true;
ensureDatabases = [ "mfh" ];
ensureUsers = [{
name = "bertof";
ensurePermissions = { "DATABASE \"mfh\"" = "ALL PRIVILEGES"; };
}];
ensureUsers = [
{
name = "bertof";
ensurePermissions = {
"DATABASE \"mfh\"" = "ALL PRIVILEGES";
};
}
];
};
services.apache-kafka = { enable = true; };
services.apache-kafka = {
enable = true;
};
}

12
modules/nixos/minio.nix
View file

@ -1,5 +1,9 @@
{ config, lib, ... }: {
age.secrets.minio = { file = ../../secrets/minio.age; owner = "minio"; };
{ config, lib, ... }:
{
age.secrets.minio = {
file = ../../secrets/minio.age;
owner = "minio";
};
services.minio = {
enable = true;
@ -11,6 +15,8 @@
};
systemd.services.minio.serviceConfig.ExecStart =
let cfg = config.services.minio; in
let
cfg = config.services.minio;
in
lib.mkForce "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --console-address ${cfg.consoleAddress} ${toString cfg.dataDir}";
}

1
modules/nixos/musa.nix
View file

@ -3,4 +3,3 @@
172.20.28.150 ranger.musa.sesar.di.unimi.it
'';
}

26
modules/nixos/nextcloud.nix
View file

@ -5,8 +5,14 @@ in
{
age.secrets = {
nextcloud_admin_secret = { file = ../../secrets/nextcloud_admin_secret.age; owner = "nextcloud"; };
nextcloud_bucket_secret = { file = ../../secrets/nextcloud_bucket_secret.age; owner = "nextcloud"; };
nextcloud_admin_secret = {
file = ../../secrets/nextcloud_admin_secret.age;
owner = "nextcloud";
};
nextcloud_bucket_secret = {
file = ../../secrets/nextcloud_bucket_secret.age;
owner = "nextcloud";
};
};
# services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
@ -24,7 +30,17 @@ in
database.createLocally = true;
extraApps = { inherit (config.services.nextcloud.package.packages.apps) contacts calendar notes maps memories tasks richdocuments; };
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
calendar
notes
maps
memories
tasks
richdocuments
;
};
appstoreEnable = true;
autoUpdateApps.enable = true;
settings = {
@ -51,9 +67,7 @@ in
# "baldur.zto"
"baldur.tsn"
];
trusted_domains = [
"heimdall.tsn"
];
trusted_domains = [ "heimdall.tsn" ];
# overwriteprotocol = "http";
};
config = {

2
modules/nixos/rclone.nix
View file

@ -1,3 +1,3 @@
{ pkgs, ... }: {
{
# systemd.services.rclone-mounts = { };
}

6
modules/nixos/server/default.nix
View file

@ -1,5 +1 @@
{
imports = [
./automatic-upgrade.nix
];
}
{ imports = [ ./automatic-upgrade.nix ]; }

10
modules/nixos/steam.nix
View file

@ -11,7 +11,13 @@
# remotePlay.openFirewall = true; # incorrect values
};
networking.firewall = {
allowedTCPPorts = [ 27036 27037 ];
allowedUDPPorts = [ 27031 27036 ];
allowedTCPPorts = [
27036
27037
];
allowedUDPPorts = [
27031
27036
];
};
}

84
modules/nixos/torrentbox.nix
View file

@ -1,28 +1,76 @@
{
services =
{
# ombi = { enable = true; openFirewall = true; group = "users"; };
services = {
# ombi = { enable = true; openFirewall = true; group = "users"; };
bazarr = { enable = true; openFirewall = true; group = "users"; };
lidarr = { enable = true; openFirewall = true; group = "users"; };
prowlarr = { enable = true; openFirewall = true; };
radarr = { enable = true; openFirewall = true; group = "users"; };
readarr = { enable = true; openFirewall = true; group = "users"; };
sonarr = { enable = true; openFirewall = true; group = "users"; };
transmission = { enable = true; openFirewall = true; group = "users"; settings.download-dir = "/mnt/raid/condiviso/Torrent"; };
bazarr = {
enable = true;
openFirewall = true;
group = "users";
};
lidarr = {
enable = true;
openFirewall = true;
group = "users";
};
prowlarr = {
enable = true;
openFirewall = true;
};
radarr = {
enable = true;
openFirewall = true;
group = "users";
};
readarr = {
enable = true;
openFirewall = true;
group = "users";
};
sonarr = {
enable = true;
openFirewall = true;
group = "users";
};
transmission = {
enable = true;
openFirewall = true;
group = "users";
settings.download-dir = "/mnt/raid/condiviso/Torrent";
};
};
systemd.services = {
# ombi.serviceConfig = { MemoryHigh = "400M"; MemoryMax = "1G"; };
bazarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
lidarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
prowlarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
radarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
readarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
sonarr.serviceConfig = { MemoryHigh = "600M"; MemoryMax = "2G"; };
bazarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
lidarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
prowlarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
radarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
readarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
sonarr.serviceConfig = {
MemoryHigh = "600M";
MemoryMax = "2G";
};
transmission.serviceConfig = { MemoryHigh = "400M"; MemoryMax = "1G"; };
transmission.serviceConfig = {
MemoryHigh = "400M";
MemoryMax = "1G";
};
};
}

9
modules/nixos/users/bertof.nix
View file

@ -1,7 +1,14 @@
{
users.users.bertof = {
isNormalUser = true;
extraGroups = [ "libvirtd" "kvm" "network" "networkmanager" "wheel" "tss" ];
extraGroups = [
"libvirtd"
"kvm"
"network"
"networkmanager"
"wheel"
"tss"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7mcf8fbMo1eXqSJeVFWaweB+JOU+67dFuf8laZKZZG bertof@thor"

1
modules/nixos/users/tiziano.nix
View file

@ -8,4 +8,3 @@
];
};
}