diff --git a/flake.lock b/flake.lock index 74ddcf3..d75a1c3 100644 --- a/flake.lock +++ b/flake.lock @@ -59,6 +59,25 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1756068868, + "narHash": "sha256-CmviJx9dcIpdkqMtJEJJBsTiA5/skVtIF4ziBFddr+A=", + "owner": "9001", + "repo": "copyparty", + "rev": "48d6224ec899b47b6a3509625af744fc60cc1903", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "dolphin-overlay": { "inputs": { "nixpkgs": [ @@ -144,6 +163,21 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -283,7 +317,7 @@ "hyprlang": "hyprlang", "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems", "xdph": "xdph" @@ -519,7 +553,7 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1756001208, @@ -639,6 +673,21 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1748162331, + "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-25.05", + "type": "indirect" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1751792365, "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", @@ -654,7 +703,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1755829505, "narHash": "sha256-4/Jd+LkQ2ssw8luQVkqVs9spDBVE6h/u/hC/tzngsPo=", @@ -670,7 +719,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1755922037, "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=", @@ -686,7 +735,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1755615617, "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", @@ -729,13 +778,14 @@ "root": { "inputs": { "colmena": "colmena", + "copyparty": "copyparty", "dolphin-overlay": "dolphin-overlay", "home-manager": "home-manager", "hyprland-plugins": "hyprland-plugins", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-unstable": "nixpkgs-unstable", "zen-browser": "zen-browser" } @@ -821,7 +871,7 @@ "zen-browser": { "inputs": { "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1756009581, diff --git a/flake.nix b/flake.nix index a4ec17d..e9598bd 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,8 @@ nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; colmena.url = "github:zhaofengli/colmena"; + + copyparty.url = "github:9001/copyparty"; }; outputs = { nixpkgs, colmena, zen-browser, dolphin-overlay, hyprland-plugins, home-manager, nixpkgs-unstable, nix-gaming, nix-index-database, ... }@attrs: { @@ -61,6 +63,7 @@ system = "x86_64-linux"; overlays = []; }; + specialArgs = attrs; }; eisen = import ./servers/eisen/configuration.nix; diff --git a/servers/eisen/configuration.nix b/servers/eisen/configuration.nix index 6a025c9..6c4607c 100644 --- a/servers/eisen/configuration.nix +++ b/servers/eisen/configuration.nix @@ -1,11 +1,24 @@ -{ config, pkgs, lib, name ? "eisen", ... }: +{ config, pkgs, lib, name ? "eisen", copyparty, ... }: +let + # these are used both in service configuration but also to + # create mappings {name}.eisen.danbulant.cloud to port in caddy + ports = { + "uptime-kuma" = 3001; + "glance" = 5678; + "copyparty" = 3210; + "syncthing" = 8384; + }; +in { deployment = { buildOnTarget = true; }; + nixpkgs.overlays = [ copyparty.overlays.default ]; + imports = [ + copyparty.nixosModules.default ./hardware-configuration.nix ]; @@ -23,8 +36,6 @@ time.timeZone = lib.mkForce "Europe/Prague"; i18n.defaultLocale = "en_US.UTF-8"; - services.dnsmasq.enable = true; - security = { rtkit.enable = true; polkit.enable = true; @@ -32,7 +43,8 @@ services = { logind.lidSwitchExternalPower = "ignore"; - + + geoclue2.enable = true; localtimed.enable = true; openssh.enable = true; tailscale = { @@ -43,12 +55,102 @@ }; avahi.enable = true; lldpd.enable = true; + syncthing = { enable = true; openDefaultPorts = true; + settings = { + gui = { + insecureSkipHostCheck = true; + }; + }; + }; + + copyparty = { + enable = true; + + settings = { + p = ports.copyparty; + idp-hm-usr = "^X-Webauth-Login^danbulant@github^dan"; + }; + + # accounts = { + # dan = { + + # }; + # }; + + volumes = { + "/" = { + path = "/media/large"; + access = {}; + }; + }; + + openFilesLimit = 8192; + }; + + dnsmasq = { + enable = true; + }; + + uptime-kuma = { + enable = true; + settings = { + PORT = toString ports."uptime-kuma"; + }; + }; + + # perhaps add ntfy.sh + + glance = { + enable = true; + settings = { + server = { + port = ports.glance; + }; + pages = import ./glance-pages.nix; + }; }; + caddy = { + enable = true; + extraConfig = '' + (auth) { + forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock { + uri /auth + header_up Remote-Addr {remote_host} + header_up Remote-Port {remote_port} + header_up Original-URI {uri} + copy_headers { + Tailscale-User>X-Webauth-User + Tailscale-Name>X-Webauth-Name + Tailscale-Login>X-Webauth-Login + Tailscale-Tailnet>X-Webauth-Tailnet + Tailscale-Profile-Picture>X-Webauth-Profile-Picture + } + } + } + ''; + + virtualHosts = builtins.listToAttrs ( + map (k: { + name = "${k}.eisen.danbulant.cloud:80, ${k}.eisen:80"; + value = { + extraConfig = '' + import auth + reverse_proxy http://localhost:${toString ports.${k}} + ''; + }; + }) (builtins.attrNames ports) + ); + }; + tailscaleAuth = { + # this is what's used above in forward_auth + enable = true; + group = "caddy"; + }; }; systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; diff --git a/servers/eisen/glance-pages.nix b/servers/eisen/glance-pages.nix new file mode 100644 index 0000000..ada5286 --- /dev/null +++ b/servers/eisen/glance-pages.nix @@ -0,0 +1,137 @@ +[ + { + name = "Home"; + columns = [ + { + size = "small"; + widgets = [ + { + type = "calendar"; + "first-day-of-week" = "monday"; + } + { + type = "rss"; + limit = 10; + "collapse-after" = 3; + cache = "12h"; + feeds = [ + { + url = "https://selfh.st/rss/"; + title = "selfh.st"; + limit = 4; + } + { + url = "https://ciechanow.ski/atom.xml"; + } + { + url = "https://www.joshwcomeau.com/rss.xml"; + title = "Josh Comeau"; + } + { + url = "https://samwho.dev/rss.xml"; + } + { + url = "https://ishadeed.com/feed.xml"; + title = "Ahmad Shadeed"; + } + ]; + } + { + type = "twitch-channels"; + channels = [ + "theprimeagen" + "j_blow" + "piratesoftware" + "cohhcarnage" + "christitustech" + "EJ_SA" + ]; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "group"; + widgets = [ + { type = "hacker-news"; } + { type = "lobsters"; } + ]; + } + { + type = "videos"; + channels = [ + "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips + "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling + "UCsBjURrPoezykLs9EqgamOA" # Fireship + "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee + "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium + ]; + } + { + type = "group"; + widgets = [ + { + type = "reddit"; + subreddit = "technology"; + "show-thumbnails" = true; + } + { + type = "reddit"; + subreddit = "selfhosted"; + "show-thumbnails" = true; + } + ]; + } + ]; + } + { + size = "small"; + widgets = [ + { + type = "weather"; + location = "London, United Kingdom"; + units = "metric"; + "hour-format" = "12h"; + } + { + type = "markets"; + markets = [ + { + symbol = "SPY"; + name = "S&P 500"; + } + { + symbol = "BTC-USD"; + name = "Bitcoin"; + } + { + symbol = "NVDA"; + name = "NVIDIA"; + } + { + symbol = "AAPL"; + name = "Apple"; + } + { + symbol = "MSFT"; + name = "Microsoft"; + } + ]; + } + { + type = "releases"; + cache = "1d"; + repositories = [ + "glanceapp/glance" + "go-gitea/gitea" + "immich-app/immich" + "syncthing/syncthing" + ]; + } + ]; + } + ]; + } +] diff --git a/servers/eisen/hardware-configuration.nix b/servers/eisen/hardware-configuration.nix index 1bf141d..d342b22 100644 --- a/servers/eisen/hardware-configuration.nix +++ b/servers/eisen/hardware-configuration.nix @@ -25,9 +25,9 @@ }; fileSystems."/media/large" = { - device = "/dev/disk/by-label/large"; + device = "/dev/disk/by-uuid/79f63619-39db-4fbe-8036-f2279f6067a3"; fsType = "btrfs"; - options = [ "subvol=@" "nofail" "exec" "users" ]; + options = [ "nofail" "defaults" ]; }; swapDevices =