-
Notifications
You must be signed in to change notification settings - Fork 0
/
configuration.nix-barbatos
129 lines (105 loc) · 2.86 KB
/
configuration.nix-barbatos
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# -*- nix -*-
{ config, lib, pkgs, ... }:
let
hosts = import ./nixops/personal-hosts.nix;
hostName = "barbatos";
hostConf = hosts.${hostName};
in
{
imports = [
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
./modules/force-my-version.nix
./profile/my-vpn-server.nix
./profile/pi-hole-in-docker.nix
./profile/server.nix
./users/binarin.nix
./profile/emacs.nix
];
my-vpn-server.enable = true;
services.pi-hole = {
enable = true;
bindIp = hostConf.lan.ip;
dnsMasqConfig = ''
server=/localdomain/192.168.2.1
server=/2.168.192.in-addr.arpa/192.168.2.1
'';
};
networking = {
hostName = hostName;
hostId = hostConf.hostId;
useDHCP = false;
defaultGateway = {
address = hosts.usg.lan.ip;
interface = "br0";
};
nameservers = [
hostConf.lan.ip
hosts.usg.lan.ip
"8.8.8.8"
];
search = hosts.usg.searchDomains;
domain = hosts.usg.domain;
interfaces = {
enp6s0 = {
macAddress = "9e:e2:64:f5:00:fe"; # something random, to move original hw address to br0
};
br0 = {
ipv4.addresses = [
{ address = hostConf.lan.ip; prefixLength = 24; }
];
macAddress = hostConf.lan.mac;
};
};
bridges = {
br0 = {
interfaces = [ "enp6s0" ];
};
};
};
virtualisation.libvirtd.enable = true;
environment.systemPackages = [ pkgs.virtinst pkgs.libguestfs-with-appliance ];
nix.maxJobs = lib.mkDefault 24;
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdb" ];
boot.supportedFilesystems = [ "zfs "];
fileSystems."/" = {
device = "rpool/root/nixos";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/home";
fsType = "zfs";
};
fileSystems."/var/lib/libvirt/images/hass" = {
device = "rpool/vm-images/hass";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "ext4";
};
services.nginx.upstreams."hass.binarin.ru".servers = {
"192.168.2.23:8123" = {};
};
services.nginx.virtualHosts."hass.binarin.ru" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://hass.binarin.ru";
extraConfig = ''
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
};
}