iofq/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

opentofu incus
Some checks failed
/ check (push) Has been cancelled
Details

Browse source
This commit is contained in:
iofq 2026-03-21 13:41:50 -05:00
parent e4f5ca2fc9
commit 3d8242b314
22 changed files with 340 additions and 211 deletions
Download patch file Download diff file Expand all files Collapse all files

168
nixos/zen/old-configuration.nix Normal file
View file

@ -0,0 +1,168 @@
{
host,
config,
pkgs,
pkgs-unstable,
...
}:
{
imports = [
./hardware-configuration.nix
];
# boot = {
# kernel.sysctl = {
# "vm.swappiness" = 6;
# };
# };
# sops = {
# secrets = {
# "password".sopsFile = ../../secrets/k8s.yaml;
# # "tailscale-auth".sopsFile = ../../secrets/tailscale.yaml;
# forgejo-runner.sopsFile = ../../secrets/forgejo-runner.yaml;
# "b2-immich/env".sopsFile = ../../secrets/restic.yaml;
# "b2-immich/repo".sopsFile = ../../secrets/restic.yaml;
# "b2-immich/password".sopsFile = ../../secrets/restic.yaml;
# "cf-dns-key".sopsFile = ../../secrets/cf-acme.yaml;
# };
# };
# services.restic.backups = {
# b2-immich = {
# initialize = true;
# environmentFile = config.sops.secrets."b2-immich/env".path;
# repositoryFile = config.sops.secrets."b2-immich/repo".path;
# passwordFile = config.sops.secrets."b2-immich/password".path;
#
# paths = [
# "/tank/immich"
# ];
# timerConfig = {
# OnCalendar = "06:00";
# };
# pruneOpts = [
# "--keep-daily 31"
# "--keep-monthly 6"
# "--keep-yearly 1"
# ];
# };
# };
# networking = {
# nftables.enable = true;
# hostId = "44238132";
# firewall = {
# allowedTCPPorts = [
# 22
# 80
# 443
# 2049 # nfs
# ];
# trustedInterfaces = [
# "tailscale0"
# "incusbr0"
# ];
# };
# };
services = {
zfs.autoScrub.enable = true;
zfs.autoSnapshot.enable = true;
fstrim.enable = true;
nfs.server.enable = true;
# immich = {
# enable = true;
# package = pkgs-unstable.immich;
# port = 2283;
# host = "localhost";
# openFirewall = true;
# machine-learning.enable = true;
# mediaLocation = "/tank/immich";
# accelerationDevices = null;
# };
# nginx = {
# enable = true;
# virtualHosts."img.10110110.xyz" = {
# forceSSL = true;
# useACMEHost = "10110110.xyz";
# locations."/" = {
# proxyPass = "http://localhost:${toString config.services.immich.port}";
# proxyWebsockets = true;
# recommendedProxySettings = true;
# extraConfig = ''
# client_max_body_size 50000M;
# proxy_read_timeout 600s;
# proxy_send_timeout 600s;
# send_timeout 600s;
# '';
# };
# };
# };
};
# services.gitea-actions-runner = {
# package = pkgs.forgejo-runner;
# instances.default = {
# enable = true;
# name = host.hostName;
# settings = {
# runner.capacity = 3;
# container = {
# force_pull = true;
# valid_volumes = [
# "/nix/store"
# "/nix/var/nix/daemon-socket"
# ];
# };
# };
# url = "https://git.10110110.xyz";
# tokenFile = config.sops.secrets.forgejo-runner.path;
# labels = [
# "ubuntu-latest:docker://node:24-bullseye"
# "nix-upstream-latest:docker://nixos/nix:latest"
# "nix-latest:docker://git.10110110.xyz/ci/nix"
# ];
# };
# };
# services.k3s = {
# enable = true;
# role = "server";
# extraFlags = toString [
# "--disable=traefik"
# "--vpn-auth=file=${config.sops.secrets."tailscale-auth".path}"
# "--node-external-ip=100.64.246.41"
# ];
# tokenFile = config.sops.secrets."password".path;
# serverAddr = "https://zen:6443";
# };
# systemd.services.k3s = {
# preStart = ''
# until ${pkgs.tailscale}/bin/tailscale status; do
# sleep 1
# done
# '';
# };
# security.acme = {
# acceptTerms = true;
# defaults.email = "acme@10110110.xyz";
# certs = {
# "10110110.xyz" = {
# domain = "*.10110110.xyz";
# group = config.services.nginx.group;
# dnsProvider = "cloudflare";
# environmentFile = config.sops.secrets."cf-dns-key".path;
# };
# };
# };
# virtualisation = {
# podman.enable = false;
# incus.enable = true;
# };
# hardware = {
# graphics.enable = true;
# nvidia = {
# modesetting.enable = true;
# nvidiaSettings = true;
# open = false;
# package = config.boot.kernelPackages.nvidiaPackages.stable;
# };
# enableRedistributableFirmware = true;
# firmware = [ pkgs.linux-firmware ];
# };
}