this repo has no description
add mast route to box
+94
-87
+60
-72
flake.nix
+60
-72
flake.nix
···
27
27
poonam.url = "git+ssh://gitea@git.sealight.xyz/aynish/kitaab?ref=main";
28
28
poonam.inputs.nixpkgs.follows = "nixpkgs";
29
29
basant.url = "git+ssh://gitea@git.sealight.xyz/aynish/basant?ref=main";
30
-
vimwikicli.url = "git+ssh://gitea@git.sealight.xyz/aynish/vimwiki-cli?ref=main";
30
+
vimwikicli.url =
31
+
"git+ssh://gitea@git.sealight.xyz/aynish/vimwiki-cli?ref=main";
31
32
basant.inputs.nixpkgs.follows = "nixpkgs";
32
33
basant.inputs.poonam.follows = "poonam";
33
34
vimwikicli.inputs.nixpkgs.follows = "nixpkgs";
···
54
55
# muneem.inputs.nixpkgs.follows = "nixpkgs";
55
56
};
56
57
57
-
outputs =
58
-
{ self
59
-
, nixpkgs
60
-
, unstable
61
-
, nixos-hardware
62
-
, home-manager
63
-
, deploy-rs
64
-
, agenix
65
-
, disko
66
-
, basant
67
-
, grasp
68
-
, nix-matrix-appservices
69
-
, nur
70
-
, tidalcycles
71
-
, rust-overlay
72
-
, vimwikicli
73
-
, ...
74
-
}@inputs:
58
+
outputs = { self, nixpkgs, unstable, nixos-hardware, home-manager, deploy-rs
59
+
, agenix, disko, basant, grasp, nix-matrix-appservices, nur, tidalcycles
60
+
, rust-overlay, vimwikicli, ... }@inputs:
75
61
let
76
62
forAllSystems = nixpkgs.lib.genAttrs [
77
63
"aarch64-linux"
···
89
75
vimwiki-cli = vimwikicli.packages.${prev.system}.vimwiki-cli;
90
76
};
91
77
92
-
nixpkgsFor = forAllSystems (system: import nixpkgs {
93
-
inherit system;
94
-
config.allowUnfreePredicate = pkg: builtins.elem (nixpkgs.lib.getName pkg) [
95
-
"ripcord"
96
-
"vcv-rack"
97
-
"SunVox"
98
-
"renoise"
99
-
];
100
-
# config.permittedInsecurePackages = [
101
-
# "python3.10-django-3.1.14" # Needed for archivebox deployments on curve
102
-
# # Check when archive box updates it's dependeny
103
-
# ];
104
-
overlays = [
105
-
rust-overlay.overlays.default
106
-
tidalcycles.overlays.default
107
-
agenix.overlays.default
108
-
nur.overlay
109
-
nix-matrix-appservices.overlay
110
-
unstableOverlay
111
-
vimwikiOverlay
112
-
self.overlays.additions
113
-
self.overlays.modifications
114
-
];
115
-
});
78
+
nixpkgsFor = forAllSystems (system:
79
+
import nixpkgs {
80
+
inherit system;
81
+
config.allowUnfreePredicate = pkg:
82
+
builtins.elem (nixpkgs.lib.getName pkg) [
83
+
"ripcord"
84
+
"vcv-rack"
85
+
"SunVox"
86
+
"renoise"
87
+
];
88
+
# config.permittedInsecurePackages = [
89
+
# "python3.10-django-3.1.14" # Needed for archivebox deployments on curve
90
+
# # Check when archive box updates it's dependeny
91
+
# ];
92
+
overlays = [
93
+
rust-overlay.overlays.default
94
+
tidalcycles.overlays.default
95
+
agenix.overlays.default
96
+
nur.overlay
97
+
nix-matrix-appservices.overlay
98
+
unstableOverlay
99
+
vimwikiOverlay
100
+
self.overlays.additions
101
+
self.overlays.modifications
102
+
];
103
+
});
116
104
117
105
# for when space matters
118
-
litePkgsFor = forAllSystems (system: import nixpkgs {
119
-
inherit system;
120
-
# config.permittedInsecurePackages = [
121
-
# "forgejo-1.19.4-0" # Needed for archivebox deployments on curve
122
-
# # Check when archive box updates it's dependeny
123
-
# ];
124
-
overlays = [
125
-
agenix.overlays.default
126
-
self.overlays.additions
127
-
self.overlays.modifications
128
-
tidalcycles.overlays.default # needed for nvim which comes pre-installed lol
129
-
];
130
-
});
131
-
in
132
-
{
106
+
litePkgsFor = forAllSystems (system:
107
+
import nixpkgs {
108
+
inherit system;
109
+
# config.permittedInsecurePackages = [
110
+
# "forgejo-1.19.4-0" # Needed for archivebox deployments on curve
111
+
# # Check when archive box updates it's dependeny
112
+
# ];
113
+
overlays = [
114
+
agenix.overlays.default
115
+
self.overlays.additions
116
+
self.overlays.modifications
117
+
tidalcycles.overlays.default # needed for nvim which comes pre-installed lol
118
+
];
119
+
});
120
+
in {
133
121
# Your custom packages
134
122
# Acessible through 'nix build', 'nix shell', etc
135
123
packages = forAllSystems (system:
136
124
let pkgs = nixpkgsFor.${system};
137
-
in import ./pkgs { pkgs = pkgs; }
138
-
);
125
+
in import ./pkgs { pkgs = pkgs; });
139
126
# Devshell for bootstrapping
140
127
# Acessible through 'nix develop' or 'nix-shell' (legacy)
141
128
devShells = forAllSystems (system:
142
129
let pkgs = nixpkgsFor.${system};
143
-
in import ./shell.nix { pkgs = pkgs; }
144
-
);
130
+
in import ./shell.nix { pkgs = pkgs; });
145
131
146
132
# Your custom packages and modifications, exported as overlays
147
133
overlays = import ./overlays;
···
233
219
nix.registry.nixpkgs.flake = nixpkgs;
234
220
home-manager.useGlobalPkgs = true;
235
221
home-manager.useUserPackages = true;
236
-
home-manager.users.anish = import ./home/core;
222
+
home-manager.users.anish = import ./home/dev;
237
223
}
238
224
];
239
225
};
···
243
229
# Available through 'home-manager --flake .#your-username@your-hostname'
244
230
homeConfigurations = {
245
231
"anish@work" = home-manager.lib.homeManagerConfiguration {
246
-
pkgs = nixpkgsFor."x86_64-linux"; # Home-manager requires 'pkgs' instance
232
+
pkgs =
233
+
nixpkgsFor."x86_64-linux"; # Home-manager requires 'pkgs' instance
247
234
extraSpecialArgs = { inherit inputs; };
248
-
modules = [
249
-
./home/core.nix
250
-
./home/profiles/firefox
251
-
];
235
+
modules = [ ./home/core.nix ./home/profiles/firefox ];
252
236
};
253
237
};
254
238
···
260
244
remoteBuild = true;
261
245
profiles.system = {
262
246
user = "root";
263
-
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.box;
247
+
path = deploy-rs.lib.x86_64-linux.activate.nixos
248
+
self.nixosConfigurations.box;
264
249
};
265
250
};
266
251
lituus = {
···
268
253
# autoRollback = false;
269
254
profiles.system = {
270
255
user = "root";
271
-
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.lituus;
256
+
path = deploy-rs.lib.x86_64-linux.activate.nixos
257
+
self.nixosConfigurations.lituus;
272
258
};
273
259
};
274
260
helix = {
···
277
263
magicRollback = false;
278
264
profiles.system = {
279
265
user = "root";
280
-
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.helix;
266
+
path = deploy-rs.lib.x86_64-linux.activate.nixos
267
+
self.nixosConfigurations.helix;
281
268
};
282
269
};
283
270
};
284
271
285
-
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
272
+
checks = builtins.mapAttrs
273
+
(system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
286
274
};
287
275
}
+5
home/dev/default.nix
+5
home/dev/default.nix
+14
-3
hosts/box/default.nix
+14
-3
hosts/box/default.nix
···
1
-
{ self, pkgs, ... }:
2
-
{
1
+
{ self, pkgs, ... }: {
3
2
imports = [
4
3
./configuration.nix
5
4
../profiles/core
···
48
47
"/data/books" # calibre-web
49
48
# "/home/anish/usr/nonfiction" # syncthing
50
49
"/home/anish/usr/finance" # beancount
51
-
"/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul
50
+
"/mnt/two/postgres" # sealight postgres backups TODO remove once moved to capsul
52
51
];
53
52
# seafile
54
53
};
···
67
66
locations."/" = {
68
67
extraConfig = ''
69
68
proxy_pass http://localhost:9091/;
69
+
proxy_set_header X-Forwarded-Host $host;
70
+
'';
71
+
};
72
+
};
73
+
74
+
services.nginx.virtualHosts."mast.mossnet.lan" = {
75
+
enableACME = false;
76
+
forceSSL = false;
77
+
78
+
locations."/" = {
79
+
extraConfig = ''
80
+
proxy_pass http://localhost:5731/;
70
81
proxy_set_header X-Forwarded-Host $host;
71
82
'';
72
83
};
+15
-12
hosts/profiles/dns/default.nix
+15
-12
hosts/profiles/dns/default.nix
···
3
3
adblockLocalZones = pkgs.stdenv.mkDerivation {
4
4
name = "unbound-zones-adblock";
5
5
6
-
src = (pkgs.fetchFromGitHub
7
-
{
8
-
owner = "StevenBlack";
9
-
repo = "hosts";
10
-
rev = "3.12.21";
11
-
sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s=";
12
-
} + "/hosts");
6
+
src = (pkgs.fetchFromGitHub {
7
+
owner = "StevenBlack";
8
+
repo = "hosts";
9
+
rev = "3.12.21";
10
+
sha256 = "Yzr6PY/zqQE+AHH0J6ioHTsgkikM+dz4aelbGpQJa1s=";
11
+
} + "/hosts");
13
12
14
13
phases = [ "installPhase" ];
15
14
···
19
18
};
20
19
21
20
mossnet = "192.168.1.240"; # The local lan-ip for box
22
-
wg-mossnet = "10.0.69.4"; # The wireguard ip for box
21
+
wg-mossnet = "10.0.69.4"; # The wireguard ip for box
23
22
mossnet-hosts = [
24
23
"mossnet.lan"
25
24
"headphones.mossnet.lan"
···
40
39
"grasp.mossnet.lan"
41
40
"photos.mossnet.lan"
42
41
"pod.mossnet.lan"
42
+
"mast.mossnet.lan"
43
43
];
44
44
45
-
in
46
-
{
45
+
in {
47
46
services.unbound = {
48
47
enable = true;
49
48
settings = {
···
55
54
cache-min-ttl = 0;
56
55
serve-expired = "yes";
57
56
interface = [ "0.0.0.0" ];
58
-
access-control = [ "127.0.0.0/8 allow" "192.168.1.0/24 allow" "10.0.69.0/24 allow" ];
57
+
access-control =
58
+
[ "127.0.0.0/8 allow" "192.168.1.0/24 allow" "10.0.69.0/24 allow" ];
59
59
access-control-view = "10.0.69.0/24 wireguard";
60
60
# so-reuseport = "yes";
61
61
tls-upstream = "yes";
···
65
65
};
66
66
forward-zone = [{
67
67
name = ".";
68
-
forward-addr = [ "45.90.28.0#6939b9.dns.nextdns.io" "1.1.1.1@853#cloudflare-dns.com" ];
68
+
forward-addr = [
69
+
"45.90.28.0#6939b9.dns.nextdns.io"
70
+
"1.1.1.1@853#cloudflare-dns.com"
71
+
];
69
72
# non-tls
70
73
# forward-addr = ["45.90.30.49" "45.90.28.49" "1.1.1.1" "8.8.8.8"]
71
74
}];