iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

random rice

Browse source
This commit is contained in:
iofq 2025-06-20 23:39:52 -05:00
parent f080730c99
commit 60613b0a1d
No known key found for this signature in database
GPG key ID: ECF3B2DA38BF7183
17 changed files with 221 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/configuration.nix
View file

@ -1,7 +1,9 @@
{
host,
...
}: { # Create plugdev group
inputs,
host,
...
}: {
# Create plugdev group
networking.hostName = host.hostName;
time.timeZone = "America/Chicago";
users = {
@ -28,6 +30,7 @@ host,
# Enable flakes and unfree packages
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
settings = {
auto-optimise-store = true;
substituters = [
@ -40,11 +43,15 @@ host,
];
trusted-users = [host.username];
experimental-features = ["nix-command" "flakes"];
lazy-trees = true;
};
channel.enable = false;
nixPath = ["nixpkgs=flake:nixpkgs"];
gc = {
automatic = true;
dates = "00:00";
options = "--delete-older-than 14d";
};
};
security.sudo-rs.enable = true;
}

47
nixos/consensus/configuration.nix
View file

@ -1,11 +1,16 @@
{lib, pkgs, config, ...}: {
{
lib,
pkgs,
config,
...
}: {
imports = [
./hardware-configuration.nix
./backups.nix
];
sops = {
secrets = {
"env" = { sopsFile = ../../secrets/cf-acme.yaml; };
"env" = {sopsFile = ../../secrets/cf-acme.yaml;};
};
};
documentation = {
@ -44,26 +49,26 @@
port = 2283;
host = "localhost";
openFirewall = true;
machine-learning.enable = false;
machine-learning.enable = true;
mediaLocation = "/rice/immich";
};
nginx = {
enable = true;
virtualHosts."img.10110110.xyz" = {
useACMEHost = "10110110.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
enable = true;
virtualHosts."img.10110110.xyz" = {
useACMEHost = "10110110.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
};
};
boot = {
@ -76,8 +81,8 @@
zramSwap.enable = false;
swapDevices = [
{
device = "/var/swapfile";
size = 4 * 1024;
device = "/swapfile";
size = 8 * 1024;
}
];
virtualisation.docker.enable = true;
@ -115,7 +120,7 @@
];
};
};
security.sudo.wheelNeedsPassword = false;
security.sudo-rs.wheelNeedsPassword = false;
security.acme = {
acceptTerms = true;
defaults.email = "acme@10110110.xyz";

3
nixos/default.nix
View file

@ -6,6 +6,7 @@
...
}: let
defaultModules = [
./configuration.nix
inputs.sops-nix.nixosModules.sops
inputs.nix-index-database.nixosModules.nix-index
inputs.determinate.nixosModules.default
@ -23,7 +24,6 @@ in {
modules =
defaultModules
++ [
./configuration.nix
./t14/configuration.nix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
];
@ -40,7 +40,6 @@ in {
modules =
defaultModules
++ [
./configuration.nix
./consensus/configuration.nix
];
};

1
nixos/t14/backups.nix
View file

@ -17,6 +17,7 @@
paths = [
"/home/e/backmeup"
"/home/e/orgfiles"
"/home/e/.ssh"
"/home/e/.librewolf"
"/home/e/.runelite"

1
nixos/t14/configuration.nix
View file

@ -15,6 +15,7 @@ in {
cryptsetup
nfs-utils
nerdctl
(lib.hiPrio uutils-coreutils-noprefix)
];
extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
};