diff options
Diffstat (limited to 'Biz/Dev')
-rw-r--r-- | Biz/Dev/Beryllium.nix | 14 | ||||
-rw-r--r-- | Biz/Dev/Beryllium/Configuration.nix | 115 | ||||
-rw-r--r-- | Biz/Dev/Beryllium/Hardware.nix | 38 | ||||
-rw-r--r-- | Biz/Dev/Beryllium/Ollama.nix | 48 | ||||
-rw-r--r-- | Biz/Dev/Dns.nix | 19 | ||||
-rw-r--r-- | Biz/Dev/Guix.nix | 43 | ||||
-rw-r--r-- | Biz/Dev/Hoogle.nix | 81 | ||||
-rw-r--r-- | Biz/Dev/Lithium.nix | 27 | ||||
-rw-r--r-- | Biz/Dev/Lithium/Configuration.nix | 217 | ||||
-rw-r--r-- | Biz/Dev/Lithium/Hardware.nix | 32 | ||||
-rw-r--r-- | Biz/Dev/Networking.nix | 44 | ||||
-rw-r--r-- | Biz/Dev/Vpn.nix | 33 |
12 files changed, 0 insertions, 711 deletions
diff --git a/Biz/Dev/Beryllium.nix b/Biz/Dev/Beryllium.nix deleted file mode 100644 index 82374c3..0000000 --- a/Biz/Dev/Beryllium.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ bild }: -bild.os { - imports = [ - ../OsBase.nix - ../Packages.nix - ../Users.nix - ./Beryllium/Configuration.nix - ./Beryllium/Hardware.nix - ./Beryllium/Ollama.nix - ./Vpn.nix - ]; - networking.hostName = "beryllium"; - networking.domain = "beryl.simatime.com"; -} diff --git a/Biz/Dev/Beryllium/Configuration.nix b/Biz/Dev/Beryllium/Configuration.nix deleted file mode 100644 index 16f4bca..0000000 --- a/Biz/Dev/Beryllium/Configuration.nix +++ /dev/null @@ -1,115 +0,0 @@ -{ pkgs, ... }: - -let ports = import ../../Cloud/Ports.nix; -in { - imports = [ # Include the results of the hardware scan. - ./Hardware.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - boot.kernelModules = [ "v4l2loopback" ]; - boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/New_York"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - }; - - # don't auto suspend-to-RAM - powerManagement.enable = true; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Configure keymap in X11 - services.xserver = { - layout = "us"; - xkbVariant = ""; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - jack.enable = true; - wireplumber.enable = true; - }; - - hardware.opengl.enable = true; - hardware.opengl.driSupport32Bit = true; - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia.nvidiaPersistenced = true; - hardware.nvidia.modesetting.enable = true; - hardware.nvidia.powerManagement.enable = false; - hardware.nvidia.powerManagement.finegrained = false; - hardware.nvidia.open = true; - hardware.nvidia.nvidiaSettings = true; - - hardware.keyboard.zsa.enable = true; - - services.xserver.displayManager.autoLogin.enable = false; - services.xserver.displayManager.autoLogin.user = "ben"; - - services.clight.enable = true; - services.clight.temperature.day = 6500; - services.clight.temperature.night = 1800; - services.clight.settings.sunrise = "7:00"; - services.clight.settings.sunset = "17:00"; - location.latitude = 40.8; - location.longitude = -81.52; - - services.eternal-terminal.enable = true; - - environment.systemPackages = with pkgs; [ - v4l-utils - linuxPackages.v4l2loopback - nvtop - keymapp - wally-cli - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - systemd.services.NetworkManager-wait-online.enable = false; - - networking.firewall.allowedTCPPorts = [ ports.barrier ]; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? - -} diff --git a/Biz/Dev/Beryllium/Hardware.nix b/Biz/Dev/Beryllium/Hardware.nix deleted file mode 100644 index ecf425c..0000000 --- a/Biz/Dev/Beryllium/Hardware.nix +++ /dev/null @@ -1,38 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/f96eaa16-d0e2-4230-aece-131ce7b630da"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/A34A-6527"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp97s0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp99s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/Biz/Dev/Beryllium/Ollama.nix b/Biz/Dev/Beryllium/Ollama.nix deleted file mode 100644 index 35b4fe1..0000000 --- a/Biz/Dev/Beryllium/Ollama.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ pkgs, ... }: -/* Ollama API service - - Don't put too much work into this, there's a much better and more complete - ollama service (with webui!) being built here: - https://github.com/NixOS/nixpkgs/pull/275448 - - If you want to spend time on it, spend time over there. -*/ -let pkg = pkgs.unstable.ollama; -in { - - systemd.services.ollama = { - description = "ollama"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - environment = { - OLLAMA_HOST = "localhost:11434"; - # Where to store LLM model files. - HOME = "%S/ollama"; - OLLAMA_MODELS = "%S/ollama/models"; - OLLAMA_DEBUG = "1"; - }; - - serviceConfig = { - ExecStart = "${pkg}/bin/ollama serve"; - User = "ollama"; - Group = "ollama"; - Type = "simple"; - Restart = "on-failure"; - RestartSec = 3; - # Persistent storage for model files, i.e. /var/lib/<StateDirectory> - StateDirectory = [ "ollama" ]; - }; - }; - - # for administration, make this available to users' PATH - environment.systemPackages = [ pkg ]; - - users.groups.ollama = { }; - - users.users.ollama = { - group = "ollama"; - isSystemUser = true; - extraGroups = [ "render" "video" ]; - }; -} diff --git a/Biz/Dev/Dns.nix b/Biz/Dev/Dns.nix deleted file mode 100644 index baf79aa..0000000 --- a/Biz/Dev/Dns.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: - -{ - services.bind = { - enable = true; - forwarders = [ "8.8.8.8" "1.1.1.1" ]; - cacheNetworks = [ "127.0.0.0/8" "192.168.0.0/24" ]; - extraConfig = ""; - extraOptions = '' - dnssec-validation auto; - ''; - }; - - #networking.extraHosts = '' - # 192.168.0.1 router.home - # 192.168.0.196 lithium.home - #''; - -} diff --git a/Biz/Dev/Guix.nix b/Biz/Dev/Guix.nix deleted file mode 100644 index 0b261fb..0000000 --- a/Biz/Dev/Guix.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.guix; - -in { - - options.services.guix = { - enable = mkEnableOption "GNU Guix package manager"; - }; - - config = mkIf cfg.enable { - systemd.services.guix-daemon = { - description = "Build daemon for GNU Guix"; - - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Restart = "always"; - ExecStart = - "${pkgs.guix}/bin/guix-daemon --build-users-group=guixbuild"; - Environment = null; - RemainAfterExit = "yes"; - StandardOutput = "syslog"; - StandardError = "syslog"; - TaskMax = "8192"; - }; - }; - users = { - extraUsers = lib.attrs.genAttrs (lib.lists.range 1 10) (n: { - name = "guixbuilder${n}"; - isSystemUser = true; - extraGroups = [ "guixbuild" ]; - group = "guixbuild"; - description = "Guix build user ${n}"; - }); - extraGroups = { "guixbuild" = { }; }; - }; - }; -} diff --git a/Biz/Dev/Hoogle.nix b/Biz/Dev/Hoogle.nix deleted file mode 100644 index 213a31c..0000000 --- a/Biz/Dev/Hoogle.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.my-hoogle; - - hoogleEnv = pkgs.buildEnv { - name = "hoogle"; - paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ]; - }; - -in { - - options.services.my-hoogle = { - enable = mkEnableOption "Haskell documentation server"; - - port = mkOption { - type = types.int; - default = 8080; - description = '' - Port number Hoogle will be listening to. - ''; - }; - - packages = mkOption { - default = _hp: [ ]; - defaultText = "hp: []"; - example = "hp: with hp; [ text lens ]"; - description = '' - The Haskell packages to generate documentation for. - - The option value is a function that takes the package set specified in - the <varname>haskellPackages</varname> option as its sole parameter and - returns a list of packages. - ''; - }; - - haskellPackages = mkOption { - description = "Which haskell package set to use."; - default = pkgs.haskellPackages; - defaultText = "pkgs.haskellPackages"; - }; - - home = mkOption { - type = types.str; - description = "Url for hoogle logo"; - default = "https://hoogle.haskell.org"; - }; - - host = mkOption { - type = types.str; - description = "Set the host to bind on."; - default = "127.0.0.1"; - }; - }; - - config = mkIf cfg.enable { - systemd.services.hoogle = { - description = "Haskell documentation server"; - - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Restart = "always"; - ExecStart = "${hoogleEnv}/bin/hoogle server --local --port ${ - toString cfg.port - } --home ${cfg.home} --host ${cfg.host}"; - - DynamicUser = true; - - ProtectHome = true; - - RuntimeDirectory = "hoogle"; - WorkingDirectory = "%t/hoogle"; - }; - }; - }; - -} diff --git a/Biz/Dev/Lithium.nix b/Biz/Dev/Lithium.nix deleted file mode 100644 index 02488d9..0000000 --- a/Biz/Dev/Lithium.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ bild }: -# Dev machine for work and building stuff. - -bild.os { - imports = [ - ../OsBase.nix - ../Packages.nix - ../Users.nix - ./Lithium/Configuration.nix - ./Lithium/Hardware.nix - ./Hoogle.nix - ./Networking.nix - ./Dns.nix - ../Dragons.nix - #./Guix.nix # I need to package a bunch of guile libs first - ./Vpn.nix - ]; - networking.hostName = "lithium"; - networking.domain = "dev.simatime.com"; - services.dragons = { - enable = true; - port = 8095; - package = bild.run ../Dragons.hs; - keep = "/var/dragons/keep"; - depo = "/var/dragons/depo"; - }; -} diff --git a/Biz/Dev/Lithium/Configuration.nix b/Biz/Dev/Lithium/Configuration.nix deleted file mode 100644 index 97b00c8..0000000 --- a/Biz/Dev/Lithium/Configuration.nix +++ /dev/null @@ -1,217 +0,0 @@ -{ lib, pkgs, ... }: - -let - ghcCompiler = (import ../../Bild/Constants.nix).ghcCompiler; - ports = import ../../Cloud/Ports.nix; -in { - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.enableContainers = true; - - powerManagement.enable = false; - - time.timeZone = "America/New_York"; - - fonts.fonts = with pkgs; [ - google-fonts - mononoki - source-code-pro - fantasque-sans-mono - hack-font - fira - fira-code - fira-code-symbols - ]; - - environment.systemPackages = - [ pkgs.nvtop pkgs.k3s pkgs.wemux pkgs.tmux pkgs.wireguard-tools ]; - - hardware = { - opengl.enable = true; - pulseaudio = { - enable = true; - extraConfig = '' - load-module module-loopback - ''; - }; - }; - - #hardware.nvidia.nvidiaPersistenced = true; - - programs.bash.enableCompletion = true; - programs.command-not-found.enable = true; - programs.gnupg.agent.enable = true; - programs.gnupg.agent.enableSSHSupport = true; - programs.mosh.enable = true; - - virtualisation.docker.enable = true; - virtualisation.docker.liveRestore = false; - virtualisation.libvirtd.enable = false; - virtualisation.virtualbox.host.enable = false; - virtualisation.virtualbox.host.headless = false; - virtualisation.virtualbox.host.addNetworkInterface = false; - virtualisation.virtualbox.guest.enable = false; - - services.my-hoogle.enable = true; - services.my-hoogle.port = ports.hoogle; - services.my-hoogle.home = "//hoogle.simatime.com"; - services.my-hoogle.packages = pkgset: - lib.attrsets.attrVals (import ../../Bild/Deps/Haskell.nix) pkgset; - services.my-hoogle.haskellPackages = pkgs.haskell.packages.${ghcCompiler}; - services.my-hoogle.host = "0.0.0.0"; - - services.eternal-terminal.enable = true; - - services.k3s.enable = false; - services.k3s.role = "server"; - - services.syncthing.enable = true; - services.syncthing.guiAddress = "127.0.0.1:${toString ports.syncthing-gui}"; - services.syncthing.openDefaultPorts = true; - services.syncthing.systemService = true; - - services.tor.enable = true; - services.tor.client.enable = true; - services.tor.relay.role = "bridge"; - services.tor.settings.ORPort = ports.tor; - services.tor.settings.Nickname = "ydeee3q1cjo83tsuqcz"; - services.tor.settings.AccountingMax = "10 GBytes"; - services.tor.settings.AccountingStart = "month 1 1:00"; - services.tor.settings.ContactInfo = - "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2"; - - services.bitcoind.mainnet.enable = true; - services.bitcoind.mainnet.dataDir = "/mnt/campbell/bitcoind-mainnet/data"; - services.bitcoind.mainnet.configFile = - "/mnt/campbell/bitcoind-mainnet/bitcoin.conf"; - services.bitcoind.mainnet.prune = 10000; - - services.pcscd.enable = true; - services.logind.lidSwitch = "ignore"; - services.logind.extraConfig = "IdleAction=ignore"; - - services.deluge.enable = true; - services.deluge.openFilesLimit = 10240; - services.deluge.web.enable = true; - - services.printing.enable = true; - - services.murmur.enable = true; - services.murmur.registerName = "simatime"; - services.murmur.password = "simatime"; - services.murmur.port = ports.murmur; - - services.xserver.enable = true; - services.xserver.autorun = true; - services.xserver.layout = "us"; - services.xserver.xkbOptions = "caps:ctrl_modifier"; - services.xserver.videoDrivers = [ "nvidia" ]; - services.xserver.serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; - services.xserver.displayManager.sddm.enable = true; - services.xserver.displayManager.sddm.enableHidpi = true; - # Some of these have conflicting definitions, which might be the source of my - # problems with the display. Start here for debugging. - #services.xserver.displayManager.session.manage = "desktop"; - #services.xserver.displayManager.session.name = "home-manager"; - #services.xserver.displayManager.session.start = '' - # ${pkgs.runtimeShell} $HOME/.hm-xsession & - # waitPID=$! - #''; - #services.xserver.desktopManager.kodi.enable = false; - #services.xserver.desktopManager.plasma5.enable = false; - services.xserver.desktopManager.xterm.enable = true; - services.xserver.windowManager.xmonad.enable = true; - services.xserver.libinput.enable = true; - services.xserver.libinput.touchpad.tapping = true; - services.xserver.modules = [ pkgs.xf86_input_wacom ]; - services.xserver.wacom.enable = true; - - services.jupyter.enable = true; - services.jupyter.port = ports.jupyter; - services.jupyter.ip = "*"; - users.users.jupyter.group = "jupyter"; - users.groups.jupyter = { }; - services.jupyter.password = - "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'"; - services.jupyter.kernels.python3 = let - env = (pkgs.python3.withPackages (p: - with p; [ - ipykernel - pandas - scikitlearn - numpy - matplotlib - sympy - ipywidgets - ])); - in { - displayName = "py3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - # error: must be of type 'null or path' - #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png"; - #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png"; - }; - - # previously emby - services.jellyfin.enable = true; - services.jellyfin.user = "jellyfin"; - services.jellyfin.group = "jellyfin"; - - services.minidlna.enable = true; - services.minidlna.settings.notify_interval = 60; - services.minidlna.settings.friendly_name = "Sima Media"; - services.minidlna.settings.media_dir = [ - "V,/mnt/campbell/ben/youtube" - "A,/mnt/campbell/ben/music" - "V,/mnt/campbell/ben/torrents/done" - ]; - - services.vnstat.enable = true; - - documentation.enable = true; - documentation.dev.enable = true; - documentation.doc.enable = true; - documentation.info.enable = true; - documentation.man.enable = true; - documentation.nixos.enable = true; - - nix.settings.auto-optimise-store = true; - nix.settings.cores = 0; # use all available cores - # Since this is the dev machine, we can turn these on at the expense - # of extra disk space. - nix.extraOptions = '' - keep-outputs = true - keep-derivations = true - ''; - # 1 job * 2 cores = 2 maximum cores used at any one time - nix.settings.max-jobs = 1; - nix.sshServe.enable = true; - nix.sshServe.keys = lib.trivial.pipe ../../Keys/Ben.pub [ - builtins.readFile - (lib.strings.splitString "\n") - (lib.filter (s: s != "")) - ]; - nix.settings.trusted-users = [ "root" "ben" ]; - - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "20.09"; # Did you read the comment? - - # TODO: is this still necessary? Check nixpkgs upstream - users.users.jupyter.isSystemUser = true; -} diff --git a/Biz/Dev/Lithium/Hardware.nix b/Biz/Dev/Lithium/Hardware.nix deleted file mode 100644 index 54c07f5..0000000 --- a/Biz/Dev/Lithium/Hardware.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ lib, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/f08dd8f9-787c-4e2a-a0cc-7019edc2ce2b"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/C67C-D7B5"; - fsType = "vfat"; - }; - - fileSystems."/mnt/campbell" = { - device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; -} diff --git a/Biz/Dev/Networking.nix b/Biz/Dev/Networking.nix deleted file mode 100644 index c89add7..0000000 --- a/Biz/Dev/Networking.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ ... }: - -let ports = import ../Cloud/Ports.nix; -in { - networking = { - nameservers = [ "1.1.1.1" ]; - hostName = "lithium"; - hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; - - firewall = { - allowedTCPPorts = [ - ports.bitcoind - ports.bitcoind-rpc - ports.delugeWeb - ports.et - ports.gemini - ports.git - ports.http - ports.https - ports.jellyfin - ports.jupyter - ports.k3s - ports.mpd - ports.mpd-stream - ports.murmur - ports.radicale - ports.sabten - ports.ssh - ports.stableDiffusion - ports.tor - ]; - allowedTCPPortRanges = [ ports.torrents ports.httpdev ]; - allowedUDPPorts = [ ports.dns ports.et ports.murmur ]; - allowedUDPPortRanges = [ ports.torrents ]; - }; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - interfaces.enp2s0.useDHCP = true; - }; - -} diff --git a/Biz/Dev/Vpn.nix b/Biz/Dev/Vpn.nix deleted file mode 100644 index 9b791b7..0000000 --- a/Biz/Dev/Vpn.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ config, ... }: - -let - ports = import ../Cloud/Ports.nix; - domain = "headscale.simatime.com"; -in { - services.headscale = { - enable = true; - address = "0.0.0.0"; - port = ports.headscale; - settings = { dns.base_domain = "simatime.com"; }; - }; - - services.nginx.virtualHosts.${domain} = { - forceSSL = true; - enableAcme = true; - locations."/" = { - proxyPass = "http://localhost:${toString ports.headscale}"; - proxyWebsockets = true; - }; - }; - - environment.systemPackages = [ config.services.headscale.package ]; - - services.tailscale.enable = true; - - networking.firewall = { - checkReversePath = "loose"; - trustedInterfaces = [ "tailscale0" ]; - allowedUDPPorts = [ config.services.tailscale.port ]; - }; - -} |