xeovalyte/nix
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added basic raspi config

Browse Source
This commit is contained in:
Timo Boomers 2025-05-20 16:36:44 +02:00
parent 2839974006
commit f51c7e4267
Signed by: xeovalyte
SSH Key Fingerprint: SHA256:GWI1hq+MNKR2UOcvk7n9tekASXT8vyazK7vDF9Xyciw
5 changed files with 229 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
README.md
View File

@ -3,6 +3,7 @@
## New system install guide ## New system install guide
### 1. Install Nixos with ISO ### 1. Install Nixos with ISO
[Nixos download](https://nixos.org/download) [Nixos download](https://nixos.org/download)
### 2. Copy hardware configuration to hosts directory ### 2. Copy hardware configuration to hosts directory
@ -10,14 +11,75 @@
### 3. Generate ssh-keys ### 3. Generate ssh-keys
**Archserver** **Archserver**
1. `ssh-keygen -f ~/.ssh/archserver` 1. `ssh-keygen -f ~/.ssh/archserver`
2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20` 2. `ssh-copy-id -i ~/.ssh/archserver 192.168.1.20`
**Gitea** **Gitea**
1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"` 1. `ssh-keygen -f ~/.ssh/gitea -t ed25519 -C "me+gitea@xeovalyte.dev"`
2. Upload to [Gitea](https://gitea.xeovalyt.dev) 2. Upload to [Gitea](https://gitea.xeovalyt.dev)
3. Verify ssh key (follow instructions on Gitea) 3. Verify ssh key (follow instructions on Gitea)
### 4. Add SSH keys ### 4. Add SSH keys
1. `ssh-add ~/.ssh/gitea` 1. `ssh-add ~/.ssh/gitea`
2. `ssh-add ~/.ssh/archserver` 2. `ssh-add ~/.ssh/archserver`
## Homelab
List over services
| Service | Description | Link |
| -------------- | -------------------- | ---------------------------------------------------------------------- |
| Caddy | Reverse proxy | - |
| Kanidm | Openid provider | [auth.tbmrs.nl](https://auth.tbmrs.nl) |
| Forgejo | Git provider | [git.tbmrs.nl](https://git.tbmrs.nl) |
| Immich | Photo and videos | [photos.tbmrs.nl](https://photos.tbmrs.nl) |
| Homepage | Dashboard | [home.tbmrs.nl](https://home.tbmrs.nl) |
| Uptime Kuma | Uptime monitor | [uptime.tbmrs.nl](https://uptime.tbmrs.nl) |
| Pingvin share | Sharing of files | [share.tbmrs.nl](https://share.tbmrs.nl) |
| Vaultwarden | Password manager | [vault.local.tbmrs.nl](https://vault.local.tbmrs.nl) |
| Paperless NGX | Documents management | [paperless.local.tbmrs.nl](https://paperless.local.tbmrs.nl) |
| Beszel | Resource usage | [monitor.local.tbmrs.nl](https://monitor.local.tbmrs.nl) |
| Dufs | File manager | [files.tbmrs.nl](https://files.tbmrs.nl) |
| Syncthing | File syncing | [syncthing.local.tbmrs.nl](https://syncthing.local.tbmrs.nl) |
| Home Assistant | Home automation | [home-assistant.local.tbmrs.nl](https://home-assistant.local.tbmrs.nl) |
| Karakeep | Bookmarking | [karakeep.local.tbmrs.nl](https://karakeep.local.tbmrs.nl) |
| Vikunja | Tasks management | [vikunja.local.tbmrs.nl](https://vikunja.local.tbmrs.nl) |
| Stalwart | Mailserver | [mail.tbmrs.nl](https://mail.tbmrs.nl) |
### Openid commands
#### Configure new openid client
From: [Kanidm Docs](https://kanidm.github.io/kanidm/master/integrations/oauth2/examples.html)
Replace `<service>` with the name of the service.
1. Create a new Kanidm group, and add your regular account to it:
```bash
$ kanidm group create <service>_users
$ kanidm group add-members <service>_users your_username
```
2. Create a new OAuth2 application configuration in Kanidm, configure the redirect URL, and scope access to the group:
```bash
$ kanidm system oauth2 create <service> <servicename> <service_login_url>
$ kanidm system oauth2 add-redirect-url <service> <redirect_url>
$ kanidm system oauth2 update-scope-map <service> <service>_users email openid profile groups
```
3. (Optional) Disable PKCE
```bash
$ kanidm system oauth2 warning-insecure-client-disable-pkce <service>
```
4. Get the OAuth2 client secret from Kanidm
```bash
$ kanidm system oauth2 show-basic-secret <service>
```

69
hosts/p-th-rpi-01/configuration.nix Normal file
View File

@ -0,0 +1,69 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ modulesPath, ... }:
{
imports = [
./hardware-configuration.nix
# Include the container-specific autogenerated configuration.
../../modules/system/default.nix
];
settings = {
hostname = "p-th-rpi-01";
display-manager = "none";
desktop-environments = {
cosmic.enable = false;
hyprland.enable = false;
gnome.enable = false;
};
applications = {
common.enable = true;
steam.enable = false;
thunar.enable = false;
};
services = {
docker.enable = false;
podman.enable = true;
quickemu.enable = false;
sunshine.enable = false;
garbage-collection.enable = true;
incus.enable = false;
ssh.enable = true;
};
hardware = {
fprint.enable = false;
printing.enable = false;
bluetooth.enable = false;
firewall.enable = true;
locale.enable = true;
nvidia.enable = false;
};
};
users.users.deploy = {
isNormalUser = true;
description = "Deploy";
extraGroups = [ "networkmanager" "wheel" "dialout" ];
linger = true;
};
# networking
networking = {
dhcpcd.enable = false;
useDHCP = false;
useHostResolvConf = false;
};
networking.hosts = {
"127.0.0.1" = [ "tbmrs.nl" ];
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 1080 1443 1053 ];
allowedUDPPorts = [ 1080 1443 1053 ];
};
}

74
hosts/p-th-rpi-01/home.nix Normal file
View File

@ -0,0 +1,74 @@
{ pkgs, ... }:
{
imports = [
# Modules
../../modules/home/default.nix
];
config = {
home = {
username = "deploy";
homeDirectory = "/home/deploy";
};
settings = {
applications.common.enable = false;
applications.alacritty.enable = false;
applications.devenv.enable = false;
applications.firefox.enable = false;
applications.git.enable = false;
applications.helix.enable = true;
applications.zsh.enable = true;
applications.ssh.enable = true;
applications.thunderbird.enable = false;
applications.yazi.enable = true;
applications.zellij.enable = true;
applications.wezterm.enable = false;
services.nextcloud-sync.enable = false;
services.podman.enable = true;
services.sops.enable = true;
theming.fonts.enable = false;
theming.stylix.enable = false;
theming.stylix.wallpaper = "wallpaper-2.png";
theming.stylix.theme = "da-one-ocean";
desktop-environments.hyprland.enable = false;
containers = {
network.enable = true;
nginx.enable = false;
caddy.enable = true;
kanidm.enable = false;
forgejo.enable = false;
immich.enable = false;
homepage.enable = false;
uptime-kuma.enable = false;
pingvin-share.enable = false;
vaultwarden.enable = false;
paperless-ngx.enable = false;
beszel.enable = false;
storage.enable = false;
homeassistant.enable = false;
karakeep.enable = false;
vikunja.enable = false;
stalwart.enable = false;
linkding.enable = false;
static.enable = true;
};
};
home.packages = with pkgs; [
unstable.helix
lazygit
];
# Enable home-manager
programs.home-manager.enable = true;
home.stateVersion = "24.05";
};
}

23
hosts/ti-clt-dsk01/configuration.nix
View File

@ -54,6 +54,29 @@
# Networking # Networking
networking.interfaces.enp7s0.wakeOnLan.enable = true; networking.interfaces.enp7s0.wakeOnLan.enable = true;
networking.hosts = {
"192.168.100.118" = [
"tbmrs.nl"
"auth.tbmrs.nl"
"git.tbmrs.nl"
"photos.tbmrs.nl"
"home.tbmrs.nl"
"uptime.tbmrs.nl"
"share.tbmrs.nl"
"files.tbmrs.nl"
"mail.tbmrs.nl"
"vault.local.tbmrs.nl"
"paperless.local.tbmrs.nl"
"monitor.local.tbmrs.nl"
"syncthing.local.tbmrs.nl"
"home-assistant.local.tbmrs.nl"
"karakeep.local.tbmrs.nl"
"vikunja.local.tbmrs.nl"
"linkding.local.tbmrs.nl"
];
};
# state version # state version
system.stateVersion = "24.11"; system.stateVersion = "24.11";

1
hosts/ti-clt-dsk01/home.nix
View File

@ -49,6 +49,7 @@
unstable.prismlauncher unstable.prismlauncher
unstable.vesktop unstable.vesktop
unstable.webcord unstable.webcord
unstable.legcord
unstable.rnote unstable.rnote
unstable.inkscape unstable.inkscape
unstable.gimp unstable.gimp