stitchy/dotfiles
1
0
Fork 1
Code Issues 2 Pull requests Activity
dotfiles/hosts/tanzanite/default.nix
stitchy f5f71010c8
fix(tanzanite): forgotten bracket 
that was a hard one ngl
2025-10-11 05:23:57 -07:00

251 lines
6.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, modulesPath, ... }:
let
in {
imports = [ ../default.nix ];
stitchyconf = {
form = "server";
};
networking.hostName = "tanzanite";
time.timeZone = "America/Los_Angeles";
virtualisation.docker = {
enable = true;
daemon.settings = {
data-root = "/opt/data/docker-data";
};
};
security.acme = {
acceptTerms = true;
defaults.email = "stitchy@stitchy.moe";
defaults.dnsProvider = "porkbun";
defaults.environmentFile = "/persist/acme/porkbun.tokens";
certs = {
"turn.stitchy.moe" = {};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "100m";
virtualHosts = {
"stitchy.moe" = {
enableACME = true;
forceSSL = true;
root = "/opt/www/stitchy.moe/public";
extraConfig = ''
add_header 'Access-Control-Allow-Origin' '*' always;
error_page 404 /404.html;
location = /404.html {
internal;
}
location ^~/shaders/ {
alias /opt/www/shader-web-test/;
}
location ^~/files/ {
alias /opt/www/files/;
}
location ^~/linux_isos/ {
alias /opt/docker-containers/torrenting/data/torrents/;
}
'';
};
"gay.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3333";
};
};
"matrix.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9008";
};
locations."/metrics" = {
return = "404";
};
};
"pics.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
"grafana.stitchy.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
extraConfig = ''
allow 10.100.0.0/24;
allow 192.168.51.2;
allow 192.168.51.1;
deny all;
'';
};
};
};
services = {
grafana = {
enable = true;
settings = {
analytics = {
feedback_links_enabled = false;
reporting_enabled = false;
};
};
};
immich = {
enable = true;
port = 2283;
mediaLocation = "/opt/services/immich";
};
postgresql = {
dataDir = "/opt/services/postgresql/${config.services.postgresql.package.psqlSchema}";
};
prometheus = {
enable = true;
exporters = {
node = {
enable = true;
};
unpoller = {
enable = true;
controllers = [{
user = "flyingstitchman";
pass = "/persist/unifi-pass.txt";
verify_ssl = false;
url = "https://localhost:7443";
save_dpi = true;
}];
};
};
globalConfig.scrape_interval = "10s";
scrapeConfigs = [{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}"];
}];
}
{
job_name = "dendrite";
static_configs = [{
targets = [ "localhost:9008"];
}];
}
{
job_name = "unpoller";
static_configs = [{
targets = [ "localhost:9130"];
}];
}
];
};
unpoller = {
};
};
networking.firewall = {
allowedTCPPorts = [ 22 80 222 443 3478 5349 ];
allowedUDPPorts = [ 3478 5349 ];
allowedUDPPortRanges = [
{ from = 19000; to = 20000; }
];
};
# Boot Config
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Redundant Storage
fileSystems."/opt/data" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@data" "compress=zstd" ];
};
fileSystems."/opt/docker-containers" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@docker-containers" "compress=zstd" ];
};
fileSystems."/opt/services" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@services" "compress=zstd" ];
};
fileSystems."/opt/www" = {
device = "/dev/disk/by-uuid/0acaee69-07df-45f3-a2f4-65e2f3fda529";
fsType = "btrfs";
options = [ "subvol=@www" "compress=zstd" ];
};
# Non-Redundant Storage
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix-root" "compress=zstd"];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix-home" "compress=zstd"];
};
fileSystems."/nix/store" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd"];
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/ac31f656-1882-415e-bbb7-b4d24c0af01c";
fsType = "btrfs";
options = [ "subvol=@persist" "compress=zstd"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/262D-F161";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/5c007a16-9f0f-42d0-8761-63bea3120f6d"; }
];
# Static Networking
systemd.network.enable = true;
networking.useNetworkd = true;
systemd.network.networks."10-lan" = {
matchConfig.Name = "enp0s31f6";
address = [
"192.168.51.3/24"
];
routes = [
{ Gateway = "192.168.51.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
system.stateVersion = "24.11";
}
Reference in a new issue View git blame Copy permalink