JuliusFreudenberger/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: JuliusFreudenberger:c9326284d35422ed520004dddc153042f25808b4
Branches Tags
JuliusFreudenberger:main
JuliusFreudenberger:sway
..
compare: JuliusFreudenberger:f894c27799cff19a0f52ea44db60faff4f2b91cd
Branches Tags
JuliusFreudenberger:main
JuliusFreudenberger:sway

No commits in common. "c9326284d35422ed520004dddc153042f25808b4" and "f894c27799cff19a0f52ea44db60faff4f2b91cd" have entirely different histories.
c9326284d3 ... f894c27799

10 changed files with 42 additions and 172 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.lock generated
View file

@ -50,11 +50,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777713215, "lastModified": 1776613567,
"narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=", "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267", "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -144,11 +144,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1777771528, "lastModified": 1775425411,
"narHash": "sha256-YycygK6n7KeW1YCobdFJcORWzkmrvNcp6xT+IovA0d4=", "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0585fbf645640973e3398863bbaf3bd1ddce4a51", "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -181,11 +181,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1777796046, "lastModified": 1776983936,
"narHash": "sha256-bEJp/zaQApzynGRaAO62BZSz9tFikKtIHCn2yIA/s7Q=", "narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "eeb02f6e29fc8139c0b15af5ff0fdfdc6d0d3d90", "rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -197,11 +197,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1777673416, "lastModified": 1776734388,
"narHash": "sha256-5c2POKPOjU40Kh0MirOdScBLG0bu9TAuPYAtPRNZMBs=", "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "26ef669cffa904b6f6832ab57b77892a37c1a671", "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -261,11 +261,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1777578337, "lastModified": 1776877367,
"narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "narHash": "sha256-EHq1/OX139R1RvBzOJ0aMRT3xnWyqtHBRUBuO1gFzjI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "rev": "0726a0ecb6d4e08f6adced58726b95db924cef57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -307,11 +307,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1777731636, "lastModified": 1775228763,
"narHash": "sha256-OkFcWIKnrl0n5ULcFnzmLjdfD7Z8IHtYLge3e7EuARs=", "narHash": "sha256-8fKOEOouCaPZLBTdWPS+uU0bxsPp1OmfloDNoNSiu8w=",
"owner": "SaumonNet", "owner": "SaumonNet",
"repo": "proxmox-nixos", "repo": "proxmox-nixos",
"rev": "22b690085bfb2b82cbbc8e9d637a67c9c704b6db", "rev": "e803cb839e5e5207fa37d92bc6ac7290f4dba633",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View file

@ -143,9 +143,6 @@
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
pkgs-unstable = import nixpkgs-unstable {
inherit system;
};
}; };
modules = [ modules = [
@ -180,6 +177,7 @@
inherit inputs outputs; inherit inputs outputs;
pkgs-unstable = import nixpkgs-unstable { pkgs-unstable = import nixpkgs-unstable {
inherit system; inherit system;
config.allowUnfree = true;
}; };
}; };

10
hosts/busch-main-docker/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, outputs, config, lib, pkgs, pkgs-unstable, ... }: { inputs, outputs, config, lib, pkgs, ... }:
{ {
imports = imports =
@ -12,7 +12,6 @@
../../modules/server-cli.nix ../../modules/server-cli.nix
../../modules/sshd.nix ../../modules/sshd.nix
../../modules/docker.nix ../../modules/docker.nix
../../modules/netbird-client.nix
"${inputs.secrets}/modules/opkssh.nix" "${inputs.secrets}/modules/opkssh.nix"
# Include the results of the hardware scan. # Include the results of the hardware scan.
@ -27,13 +26,6 @@
}; };
networking.hostName = "docker-main"; # Define your hostname. networking.hostName = "docker-main"; # Define your hostname.
services.netbird-client = {
enable = true;
managementUrl = "https://netbird.jfreudenberger.de";
host.setupKey = "DB64713B-FB23-49F1-A4A7-9B9E37B585D4";
docker.setupKey = "B9ECD884-B445-4156-8643-D0F34D64C200";
};
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
# Most users should NEVER change this value after the initial install, for any reason, # Most users should NEVER change this value after the initial install, for any reason,

17
hosts/srv03/default.nix
View file

@ -1,4 +1,4 @@
{ inputs, outputs, config, lib, pkgs, pkgs-unstable, ... }: { inputs, outputs, config, lib, pkgs, ... }:
{ {
imports = imports =
@ -17,8 +17,6 @@
../../modules/traefik.nix ../../modules/traefik.nix
../../modules/pocket-id.nix ../../modules/pocket-id.nix
../../modules/netbird-docker.nix ../../modules/netbird-docker.nix
../../modules/netbird-client.nix
../../modules/dockhand.nix
../../modules/auto-upgrade.nix ../../modules/auto-upgrade.nix
"${inputs.secrets}/modules/opkssh.nix" "${inputs.secrets}/modules/opkssh.nix"
# Include the results of the hardware scan. # Include the results of the hardware scan.
@ -46,11 +44,6 @@
environmentFile = config.age.secrets.pocket-id.path; environmentFile = config.age.secrets.pocket-id.path;
}; };
dockhand = {
enable = true;
appUrl = "dockhand.jfreudenberger.de";
};
netbird-docker = { netbird-docker = {
enable = true; enable = true;
secrets = config.age.secrets.netbird-server; secrets = config.age.secrets.netbird-server;
@ -66,16 +59,10 @@
management.domain = domain; management.domain = domain;
dashboard.domain = domain; dashboard.domain = domain;
signal.domain = domain; signal.domain = domain;
management.oidcConfigEndpoint = "https://login.jfreudenberger.de/.well-known/openid-configuration";
}; };
}; };
services.netbird-client = {
enable = true;
managementUrl = "https://netbird.jfreudenberger.de";
host.setupKey = "B57B7B1D-AFBF-4D73-91F5-014A0D8645A4";
docker.setupKey = "F49C8243-DB76-4C8C-9136-25498D72B494";
};
systemd.network = { systemd.network = {
enable = true; enable = true;
networks."10-wan" = { networks."10-wan" = {

12
modules/dockhand.nix
View file

@ -17,7 +17,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {
dockhand = { dockhand = {
image = "fnsys/dockhand:v1.0.27"; image = "fnsys/dockhand:v1.0.12";
volumes = [ volumes = [
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/docker.sock:/var/run/docker.sock"
]; ];
@ -26,8 +26,16 @@ in {
PGID = "1000"; PGID = "1000";
}; };
networks = [ networks = [
"webproxy" "pangolin"
]; ];
labels = {
"pangolin.public-resources.dockhand.name" = "dockhand";
"pangolin.public-resources.dockhand.full-domain" = cfg.appUrl;
"pangolin.public-resources.dockhand.protocol" = "http";
"pangolin.public-resources.dockhand.auth.sso-enabled" = "true";
"pangolin.public-resources.dockhand.auth.auto-login-idp" = "1";
"pangolin.public-resources.dockhand.targets[0].method" = "http";
};
extraOptions = [ extraOptions = [
''--mount=type=volume,source=dockhand-data,target=/app/data,volume-driver=local'' ''--mount=type=volume,source=dockhand-data,target=/app/data,volume-driver=local''
''--group-add=${toString config.ids.gids.docker}'' ''--group-add=${toString config.ids.gids.docker}''

15
modules/gui-coding.nix
View file

@ -11,21 +11,6 @@
zed-editor.fhs zed-editor.fhs
k6 k6
(pkgs.lazy-app.override {
pkg = pkgs.dbeaver-bin;
desktopItem = pkgs.makeDesktopItem {
name = "DBeaver";
exec = "env NO_AT_BRIDGE=1 dbeaver %U";
icon = "dbeaver";
desktopName = "DBeaver";
comment = "SQL Integrated Development Environment";
categories = [ "IDE" "Development" ];
mimeTypes = [
"application/sql"
];
};
})
]; ];
} }

99
modules/netbird-client.nix
View file

@ -1,99 +0,0 @@
{
pkgs,
pkgs-unstable,
utils,
config,
lib,
...
}:
let
cfg = config.services.netbird-client;
clientVersion = "0.69.0";
clientConfiguration = lib.types.submodule {
options = {
setupKey = lib.mkOption {
description = "Setup Key for this client";
type = lib.types.str;
};
};
};
in {
options.services.netbird-client = {
enable = lib.mkEnableOption "Netbird client, with possiblities for host connection and for docker based connection.";
managementUrl = lib.mkOption {
description = "Management URL of netbird server.";
type = lib.types.str;
};
host = lib.mkOption {
description = "Configuration for host connection";
type = clientConfiguration;
};
docker = lib.mkOption {
description = "Configuration for docker connection";
type = clientConfiguration;
};
};
config = lib.mkIf cfg.enable {
services.netbird = {
package = pkgs-unstable.netbird;
useRoutingFeatures = "both";
clients.wt0 = {
hardened = false;
login = {
enable = true;
setupKeyFile = (pkgs.writeText "setupKey" cfg.host.setupKey).outPath;
};
port = 51820;
environment = {
NB_MANAGEMENT_URL = cfg.managementUrl;
};
};
};
systemd.services.${config.services.netbird.clients.wt0.service.name}.path = [ pkgs.shadow ];
virtualisation.oci-containers.containers = {
netbird = {
image = "netbirdio/netbird:${clientVersion}-rootless";
autoStart = true;
hostname = "${config.networking.hostName}-docker";
networks = [
"webproxy"
];
environment = {
NB_MANAGEMENT_URL = cfg.managementUrl;
PEER_NAME = "${config.networking.hostName}-docker";
NB_SETUP_KEY = cfg.docker.setupKey;
};
extraOptions = [
''--mount=type=volume,source=netbird_client_data,target=/var/lib/netbird,volume-driver=local''
];
};
};
systemd.services."docker-netbird" = {
after = [
"docker-network-webproxy.service"
];
requires = [
"docker-network-webproxy.service"
];
};
systemd.services."docker-network-webproxy" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
};
script = ''
docker network inspect webproxy || docker network create webproxy --ipv4 --ipv6 --subnet=172.20.0.0/16 --gateway=172.20.0.1
'';
};
};
}

6
modules/netbird-docker.nix
View file

@ -54,7 +54,7 @@ in {
image = "netbirdio/dashboard:v${dashboardVersion}"; image = "netbirdio/dashboard:v${dashboardVersion}";
autoStart = true; autoStart = true;
networks = [ networks = [
"traefik" "webproxy"
]; ];
environment = { environment = {
NETBIRD_MGMT_API_ENDPOINT = "https://${netbirdCfg.server.management.domain}"; NETBIRD_MGMT_API_ENDPOINT = "https://${netbirdCfg.server.management.domain}";
@ -88,7 +88,7 @@ in {
image = "netbirdio/netbird-server:${serverVersion}"; image = "netbirdio/netbird-server:${serverVersion}";
autoStart = true; autoStart = true;
networks = [ networks = [
"traefik" "webproxy"
]; ];
entrypoint = "/bin/sh"; entrypoint = "/bin/sh";
cmd = [ cmd = [
@ -169,7 +169,7 @@ in {
"51820:51820/udp" "51820:51820/udp"
]; ];
networks = [ networks = [
"traefik" "webproxy"
]; ];
dependsOn = [ dependsOn = [
"netbird-server" "netbird-server"

3
modules/pocket-id.nix
View file

@ -21,13 +21,12 @@ in {
image = "ghcr.io/pocket-id/pocket-id:v${version}"; image = "ghcr.io/pocket-id/pocket-id:v${version}";
autoStart = true; autoStart = true;
networks = [ networks = [
"traefik" "webproxy"
]; ];
environment = { environment = {
APP_URL = pocketidCfg.settings.APP_URL; APP_URL = pocketidCfg.settings.APP_URL;
TRUST_PROXY = lib.boolToString pocketidCfg.settings.TRUST_PROXY; TRUST_PROXY = lib.boolToString pocketidCfg.settings.TRUST_PROXY;
ANALYTICS_DISABLED = lib.boolToString pocketidCfg.settings.ANALYTICS_DISABLED; ANALYTICS_DISABLED = lib.boolToString pocketidCfg.settings.ANALYTICS_DISABLED;
GEOLITE_DB_URL = "https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City/download?suffix=tar.gz";
}; };
environmentFiles = [ pocketidCfg.environmentFile ]; environmentFiles = [ pocketidCfg.environmentFile ];
extraOptions = [ extraOptions = [

12
modules/traefik.nix
View file

@ -35,7 +35,7 @@ in {
"--providers.docker=true" "--providers.docker=true"
"--providers.docker.endpoint=http://docker-socket-proxy:2375" "--providers.docker.endpoint=http://docker-socket-proxy:2375"
"--providers.docker.exposedByDefault=false" "--providers.docker.exposedByDefault=false"
"--providers.docker.network=traefik" "--providers.docker.network=webproxy"
"--providers.file.directory=/dynamic-config" "--providers.file.directory=/dynamic-config"
"--log.level=INFO" "--log.level=INFO"
"--api=true" "--api=true"
@ -62,7 +62,7 @@ in {
"443:443" "443:443"
]; ];
networks = [ networks = [
"traefik" "webproxy"
"docker-socket" "docker-socket"
]; ];
environmentFiles = lib.forEach cfg.dnsSecrets (secret: secret.path); environmentFiles = lib.forEach cfg.dnsSecrets (secret: secret.path);
@ -102,22 +102,22 @@ in {
systemd.services."docker-traefik" = { systemd.services."docker-traefik" = {
after = [ after = [
"docker-network-traefik.service" "docker-network-webproxy.service"
"docker-network-docker-socket.service" "docker-network-docker-socket.service"
]; ];
requires = [ requires = [
"docker-network-traefik.service" "docker-network-webproxy.service"
"docker-network-docker-socket.service" "docker-network-docker-socket.service"
]; ];
}; };
systemd.services."docker-network-traefik" = { systemd.services."docker-network-webproxy" = {
path = [ pkgs.docker ]; path = [ pkgs.docker ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
}; };
script = '' script = ''
docker network inspect traefik || docker network create traefik --ipv4 --ipv6 --subnet=172.18.0.0/16 --gateway=172.18.0.1 docker network inspect webproxy || docker network create webproxy --ipv4 --ipv6 --subnet=172.18.0.0/16 --gateway=172.18.0.1
''; '';
}; };