Merge branch 'main' of ssh://gitea.xeovalyte.dev:2222/xeovalyte/nix

2025-05-02 08:57:28 +02:00
parent eb9ca5e5e1 d7056e8f38
commit bde66ffbe2
24 changed files with 906 additions and 29 deletions
--- a/hosts/ti-clt-dsk01/default.nix
+++ b/hosts/ti-clt-dsk01/default.nix
@@ -77,7 +77,18 @@
  nix.settings.trusted-users = [ "root" "xeovalyte" ];

  networking.hosts = {
-    "192.168.100.118" = [ "timo.bmrs.nl" "www.timo.bmrs.nl" "homeassistant.timo.bmrs.nl" "adguard.timo.bmrs.nl" "git.timo.bmrs.nl" "auth.timo.bmrs.nl" "ldap.timo.bmrs.nl" "dozzle.timo.bmrs.nl" "home.timo.bmrs.nl" "immich.timo.bmrs.nl" "paperless.timo.bmrs.nl" "search.timo.bmrs.nl" ];
+    "192.168.100.118" = [
+      "tbmrs.nl"
+      "auth.tbmrs.nl"
+      "git.tbmrs.nl"
+      "photos.tbmrs.nl"
+      "home.tbmrs.nl"
+      "uptime.tbmrs.nl"
+      "share.tbmrs.nl"
+      "vault.local.tbmrs.nl"
+      "paperless.local.tbmrs.nl"
+      "monitor.local.tbmrs.nl"
+    ];
  };

  services.openssh.enable = true;
--- a/hosts/v-th-ctr-01/configuration.nix
+++ b/hosts/v-th-ctr-01/configuration.nix
@@ -0,0 +1,31 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ modulesPath, ... }:
+
+{
+  imports = [
+    # Include the default incus configuration.
+    "${modulesPath}/virtualisation/lxc-container.nix"
+    # Include the container-specific autogenerated configuration.
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+  };
+
+  systemd.network = {
+    enable = true;
+    networks."50-eth0" = {
+      matchConfig.Name = "eth0";
+      networkConfig = {
+        DHCP = "ipv4";
+        IPv6AcceptRA = true;
+      };
+      linkConfig.RequiredForOnline = "routable";
+    };
+  };
+}
--- a/hosts/v-th-ctr-01/default.nix
+++ b/hosts/v-th-ctr-01/default.nix
@@ -56,14 +56,19 @@

  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ 80 443 53 ];
-    allowedUDPPorts = [ 80 443 53 ];
+    allowedTCPPorts = [ 1080 1443 1053 ];
+    allowedUDPPorts = [ 1080 1443 1053 ];
+  };
+
+  networking.hosts = {
+    "127.0.0.1" = [ "tbmrs.nl" ];
  };

  users.users.deploy = {
    isNormalUser = true;
    description = "Deploy";
    extraGroups = [ "networkmanager" "wheel" "dialout" ];
+    linger = true;
  };

  nix.settings.trusted-users = [ "root" "deploy" ];
--- a/hosts/v-th-ctr-01/home.nix
+++ b/hosts/v-th-ctr-01/home.nix
@@ -23,10 +23,11 @@
      applications.ssh.enable = true;
      applications.thunderbird.enable = false;
      applications.yazi.enable = true;
-      applications.zellij.enable = false;
+      applications.zellij.enable = true;

      services.nextcloud-sync.enable = false;
      services.podman.enable = true;
+      services.sops.enable = true;

      theming.fonts.enable = false;
      theming.stylix.enable = false;
@@ -36,12 +37,25 @@
      desktop-environments.hyprland.enable = false;

      containers = {
+        network.enable = true;
+
        nginx.enable = true;
-        caddy.enbale = true;
+        caddy.enable = true;
+        kanidm.enable = true;
+        forgejo.enable = true;
+        immich.enable = true;
+        homepage.enable = true;
+        uptime-kuma.enable = true;
+        pingvin-share.enable = true;
+        vaultwarden.enable = true;
+        paperless-ngx.enable = true;
+        beszel.enable = true;
      };
    };

    home.packages = with pkgs; [
+      unstable.helix
+      lazygit
    ];

    # Enable home-manager