Infra/pi
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: try rework

Browse source
This commit is contained in:
Katharina Heidenreich 2026-04-04 11:42:19 +02:00
parent 1ddbd3b8b6
commit ecf10628c3
51 changed files with 1941 additions and 445 deletions
Download patch file Download diff file Expand all files Collapse all files

108
data/network.nix
View file

@ -1,108 +0,0 @@
let
lib = import <nixpkgs/lib>;
in
rec {
network = {
subnet = "192.168.2.0/24";
subnet_base = "192.168.2.0";
gateway = ips.router;
cidr = 24;
};
ips = {
pi = "192.168.2.100";
desktop = "192.168.2.101";
router = "192.168.2.1";
remoteProxy = "193.31.24.99";
};
dhcp = {
pool_start = "192.168.2.50";
pool_end = "192.168.2.90";
default_lease = 3600;
max_lease = 86400;
reservations = [{
ip-address = ips.desktop;
hw-address = "30:9c:23:81:91:ea";
hostname = "desktop";
}];
};
fallback_dns_servers = [
"1.1.1.1"
"8.8.8.8"
];
local_domain = "home";
services = {
"pi" = {
ip = ips.pi;
};
"desktop" = {
ip = ips.desktop;
};
"torrent" = {
ip = ips.pi;
reverse_proxy = {
port = 8085;
};
};
"wiki" = {
ip = ips.pi;
reverse_proxy = {
port = 8086;
};
};
"router" = {
ip = ips.router;
};
"remoteProxy" = {
ip = ips.remoteProxy;
};
"continuwuity" = {
ip = ips.pi;
reverse_proxy = {
port = 6167;
ssl = true;
allowExternConnections = true;
listen = [
{
port = 80;
}
{
port = 443;
ssl = true;
}
{
port = 8448;
ssl = true;
}];
endpoints = ["/_matrix/"];
};
domainOverride = "nudelerde.de";
};
};
_serviceNames = (builtins.attrNames services);
_dnsMappingObjects = builtins.listToAttrs (
map (name: {
name = "${name}.${local_domain}";
value = services.${name}.ip;
})
_serviceNames
);
_predOnlyLocalObjs = (name: value: !(value ? domainOverride));
dnsMappings = lib.filterAttrs _predOnlyLocalObjs _dnsMappingObjects;
reverse_proxy = lib.filterAttrs (name: value: value ? reverse_proxy) services;
_portsUsedInService = (service: if service ? reverse_proxy
then if service.reverse_proxy ? listen
then map (obj: obj.port) service.reverse_proxy.listen
else if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
then [80 443]
else [80]
else [80]);
usedPorts = lib.unique (lib.concatLists (map _portsUsedInService (builtins.attrValues services)));
}

29
data/services.nix
View file

@ -1,29 +0,0 @@
let
lib = import <nixpkgs/lib>;
storage_data = import ./storage.nix;
in
rec {
qbittorrent = {
root_dir = "${storage_data.ssd.path}/qbittorrent";
vpn = {
username = "KNLdup50RYT1911K";
password = "FQCd6rfszoze0BJGgBhMHa3pIzpUdtyt";
};
};
kiwix = {
root_dir = "${storage_data.ssd.path}/kiwix";
urls = [
"https://ftp.fau.de/kiwix/zim/wikipedia/wikipedia_en_all_nopic_2025-08.zim"
"https://download.kiwix.org/zim/wikipedia/wikipedia_de_all_nopic_2026-01.zim"
];
};
matrix = {
trusted_servers = [ "matrix.org" ];
};
autossh = {
key_path = "/etc/auto-ssh_secrets/key";
known_hosts = "/etc/auto-ssh_secrets/known_hosts";
forwards = [];
};
}

34
data/ssh.nix
View file

@ -1,34 +0,0 @@
let
allKeyDir = "/etc/nixos/ssh_keys";
readKeyFile = filePath:
let
content = builtins.readFile filePath;
lines = builtins.filter (line: line != "") (
builtins.filter builtins.isString (
builtins.split "\n" content
)
);
in lines;
getUserKeys = username:
let
userDir = "${allKeyDir}/${username}";
in
if builtins.pathExists userDir then
let
files = builtins.attrNames (builtins.readDir userDir);
allKeys = builtins.concatMap (file:
readKeyFile "${userDir}/${file}"
) files;
in allKeys
else [];
users = builtins.attrNames (builtins.readDir allKeyDir);
in
rec {
keys = builtins.listToAttrs (map (user: {
name = user;
value = getUserKeys user;
}) users);
ssh_users = users;
getKeys = getUserKeys;
}

26
data/storage.nix
View file

@ -1,26 +0,0 @@
rec {
sdcard = {
path = "/";
type = "ext4";
source = "/dev/disk/by-label/NIXOS_SD";
options = ["noatime"];
};
ssd = {
path = "/mnt/ssd";
type = "ext4";
source = "/dev/disk/by-uuid/e44fedd5-150c-4af6-a2a0-0476da78e651";
options = ["noatime"];
};
varlib-storage = {
path = "/var/lib";
type = "ext4";
source = "/dev/disk/by-uuid/c9aacddc-00ab-4d36-8a04-1051586b071c";
options = ["noatime"];
extra = {
neededForBoot = true;
};
};
}
#rwxrwxrwx 1 root root 10 Jan 1 1970 a3ffb02e-fe9f-4bce-bd94-af0294ebff8f -> ../../sda1
#lrwxrwxrwx 1 root root 10 Jan 1 1970 c9aacddc-00ab-4d36-8a04-1051586b071c -> ../../sda2

34
data/web.nix
View file

@ -1,34 +0,0 @@
let
lib = import <nixpkgs/lib>;
mapFileNameToContent = fileName: {
status = 200;
contentType = "text/html";
content = builtins.readFile fileName;
};
findFiles = dir:
let content = builtins.readDir dir;
processEntry = name: type:
if type == "directory" then
findFiles (dir + "/${name}")
else if type == "regular" then
[ (dir + "/${name}") ]
else
[];
in
lib.concatLists (lib.mapAttrsToList processEntry content);
removePrefix = str: prefix: if builtins.substring 0 (builtins.stringLength prefix) str == prefix
then builtins.substring (builtins.stringLength prefix) (builtins.stringLength str - builtins.stringLength prefix) str
else str;
contentFn = basePath:
let
files = findFiles basePath;
baseLength = builtins.stringLength basePath;
files' = builtins.filter (file: builtins.match ".*\\.html$" file != null) files;
in builtins.listToAttrs (map (file: {
name = removePrefix file basePath;
value = mapFileNameToContent file;
}) files');
in
rec {
"web.nudelerde.de" = contentFn "/etc/nixos/data/web/";
}