feat: add self-hosted cache server
This commit is contained in:
danny
parent
05bc6a185f
commit
69705431bf
16 changed files with 313 additions and 95 deletions
|
|
@ -13,6 +13,7 @@ in
|
|||
./hardware-configuration.nix
|
||||
./boot.nix
|
||||
./sops-conf.nix
|
||||
../../modules/printer.nix
|
||||
../../modules/presets/basic.nix
|
||||
../../modules/gaming.nix
|
||||
../../modules/virtualization.nix
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
pkgs,
|
||||
username,
|
||||
config,
|
||||
system,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
|
@ -12,9 +14,6 @@ let
|
|||
"desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271"
|
||||
"desc:Acer Technologies XV272U V3 1322131231233"
|
||||
];
|
||||
memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix {
|
||||
url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/";
|
||||
};
|
||||
in
|
||||
{
|
||||
networking.firewall.allowedTCPPortRanges = [
|
||||
|
|
@ -90,7 +89,6 @@ in
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
memeSelector
|
||||
rustdesk
|
||||
((blender.override { cudaSupport = true; }).overrideAttrs (prev: {
|
||||
postInstall = ''
|
||||
|
|
@ -177,22 +175,7 @@ in
|
|||
|
||||
# Hyprland
|
||||
(import ../../../home/user/hyprland.nix { inherit monitors; })
|
||||
{
|
||||
wayland.windowManager.hyprland = {
|
||||
settings = {
|
||||
monitor = [
|
||||
''desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271, 2560x1440@165, 0x0, 1''
|
||||
''desc:Acer Technologies XV272U V3 1322131231233, 2560x1440@180, -1440x-600, 1, transform, 1''
|
||||
];
|
||||
misc = {
|
||||
vrr = 0;
|
||||
};
|
||||
bind = [
|
||||
"$mainMod ctrl, M, exec, ${memeSelector}/bin/memeSelector"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
./hyprland.nix
|
||||
|
||||
# Git
|
||||
(import ../../../home/user/git.nix {
|
||||
|
|
|
|||
26
system/dev/dn-pre7780/hyprland.nix
Normal file
26
system/dev/dn-pre7780/hyprland.nix
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix {
|
||||
url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/";
|
||||
};
|
||||
in
|
||||
{
|
||||
home.packages = [
|
||||
memeSelector
|
||||
];
|
||||
|
||||
wayland.windowManager.hyprland = {
|
||||
settings = {
|
||||
monitor = [
|
||||
''desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271, 2560x1440@165, 0x0, 1''
|
||||
''desc:Acer Technologies XV272U V3 1322131231233, 2560x1440@180, -1440x-600, 1, transform, 1''
|
||||
];
|
||||
misc = {
|
||||
vrr = 0;
|
||||
};
|
||||
bind = [
|
||||
"$mainMod ctrl, M, exec, ${memeSelector}/bin/memeSelector"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -9,7 +9,7 @@ openldap:
|
|||
lam:
|
||||
env: ENC[AES256_GCM,data:f1LlC/VvilH8o2Ra7MrSHsMEGlGw3LOV2O9JJf9f,iv:u7cXM8n3jJeLBfxXtA0QMyijBqTcC+yJeW/OO9JuZMI=,tag:QL5FkcCPI5Gxudi0NmCZWg==,type:str]
|
||||
stalwart:
|
||||
adminPassword: ENC[AES256_GCM,data:6tUL7b2s3gLtF4Ors9CgYQ==,iv:9UQowgXKr9HR/poELP6SZijp3c2HVTHzEfwf1tZI/3w=,tag:KIOiYEwLsZLH31E2Xb478A==,type:str]
|
||||
adminPassword: ENC[AES256_GCM,data:hHQlmztndbB8Ct5Zig8BChz1,iv:kDgSVglIKxEghV/lkcKKxKCzgwVJqcH4l8aXYt7k+W8=,tag:vD14vP2iJEOG4WR6djab1A==,type:str]
|
||||
tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str]
|
||||
db: ENC[AES256_GCM,data:ZRZ2ZzUotYMe2GfkMS7o7dz0aGg=,iv:ys6ogueueESp0y6A+hUG9zTnqmCVobuIzyqA4WVtewo=,tag:p74G+8XhMcpgDnIfh1aXTg==,type:str]
|
||||
dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str]
|
||||
|
|
@ -29,7 +29,7 @@ sops:
|
|||
MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w
|
||||
lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-09-20T11:44:16Z"
|
||||
mac: ENC[AES256_GCM,data:ZNSn4h4r1d+9YBBpjJfI+AsYGOcC8r+A61KmmRf9JfyQiI0U8Le9C+ut45YQCMW3Q57a5q8NUN1GA72iCaXUk00UuESl4ybuqotrs0SVQ/QUbQCCANkItFck7XiNJ3AJY2zbWT09tI4FlnoW/ZHXMlSiPvo+hzCAEtAaM83JpIs=,iv:QKDsRjrJ7AVOY8TZm9O/g1vc81WD8xLYFBS9A/pfxZE=,tag:IMhI59NUHKH52Rs06TTZYg==,type:str]
|
||||
lastmodified: "2025-09-22T14:30:13Z"
|
||||
mac: ENC[AES256_GCM,data:Ak9QKKRWDFQk9GNkk2yiN+42DB/Gj7dXmiNOna0BKRwI7gkVl+ie4Iis6jhZ2aEe1vO8rgBurcSQd9xVyFOIJa16p7L1GD1doZWn0Gq3yerIwzjtaQMoS84e/cTTiWnj9shAe+Sm7vhk3ZJzJzbpYtBTspVE+iyZ+LafIE3XSCc=,iv:j53phA/h5cqWEiEviIjgbLxcPPOGWUq+UHFG1tCWkrw=,tag:Z5fnbnE2hfeHQ74Li3EVVw==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.10.2
|
||||
|
|
|
|||
40
system/dev/dn-server/atticd.nix
Normal file
40
system/dev/dn-server/atticd.nix
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
config,
|
||||
inputs,
|
||||
system,
|
||||
...
|
||||
}:
|
||||
let
|
||||
listenPort = 30098;
|
||||
in
|
||||
{
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
environmentFile = config.sops.secrets."atticd/secret".path;
|
||||
settings = {
|
||||
listen = "127.0.0.1:${toString listenPort}";
|
||||
jwt = { };
|
||||
|
||||
chunking = {
|
||||
nar-size-threshold = 64 * 1024;
|
||||
min-size = 16 * 1024;
|
||||
avg-size = 64 * 1024;
|
||||
max-size = 256 * 1024;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."cache.${config.networking.domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:${toString listenPort}";
|
||||
extraConfig = ''
|
||||
client_max_body_size 10240M;
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = with inputs.attic.packages.${system}; [
|
||||
attic-server
|
||||
attic
|
||||
];
|
||||
}
|
||||
|
|
@ -25,6 +25,7 @@ in
|
|||
./services.nix
|
||||
./nginx.nix
|
||||
./step-ca.nix
|
||||
./atticd.nix
|
||||
../../modules/presets/minimal.nix
|
||||
../../modules/bluetooth.nix
|
||||
../../modules/gc.nix
|
||||
|
|
@ -96,7 +97,7 @@ in
|
|||
|
||||
mail-server = {
|
||||
enable = true;
|
||||
configuraACME = true;
|
||||
configureACME = true;
|
||||
mailDir = "~/Maildir";
|
||||
caFile = "" + ../../extra/ca.crt;
|
||||
virtualMailDir = "/var/mail/vhosts";
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -63,6 +63,7 @@ in
|
|||
"paperless/adminPassword" = mkIf config.services.paperless.enable {
|
||||
owner = config.services.paperless.user;
|
||||
};
|
||||
"atticd/secret" = mkIf config.services.atticd.enable { };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,8 +9,9 @@ let
|
|||
inherit (lib) optionalString;
|
||||
geVersion = "10-15";
|
||||
faceIcon = pkgs.fetchurl {
|
||||
url = "https://instagram.ftpe7-1.fna.fbcdn.net/v/t51.2885-19/424428026_677208484625994_7040235245478168411_n.jpg?efg=eyJ2ZW5jb2RlX3RhZyI6InByb2ZpbGVfcGljLmRqYW5nby4xMDA4LmMyIn0&_nc_ht=instagram.ftpe7-1.fna.fbcdn.net&_nc_cat=106&_nc_oc=Q6cZ2QE3VBo0agfb2uRkv76VZxrXrKy3ZqOgrbVuuGMU_OUraKQBrsxhJCQdBRCwxri_CkI&_nc_ohc=p8gNQ2JIMw8Q7kNvwHo_GSn&_nc_gid=gdlrYsCRM-aXXlo0UnZp9Q&edm=ALGbJPMBAAAA&ccb=7-5&oh=00_AfYdDCxoYilhrom6hx55-j-HgfN-XbizFuIjg52Ci14P8Q&oe=68D0471D&_nc_sid=7d3ac5";
|
||||
hash = "sha256-qea72vVrZJ3DPH0h4i8TORXZjQZMyQnOlM7xi/0Enw0=";
|
||||
url = "https://files.net.dn/skydrive.jpg";
|
||||
hash = "sha256-aMjl6VL1Zy+r3ElfFyhFOlJKWn42JOnAFfBXF+GPB/Q=";
|
||||
curlOpts = "-k";
|
||||
};
|
||||
|
||||
memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix {
|
||||
|
|
@ -37,6 +38,7 @@ in
|
|||
./boot.nix # Extra Boot Options
|
||||
./disk.nix
|
||||
./sops-conf.nix
|
||||
../../modules/printer.nix
|
||||
../../modules/gaming.nix
|
||||
../../modules/wine.nix
|
||||
../../modules/localsend.nix
|
||||
|
|
|
|||
|
|
@ -3,7 +3,16 @@
|
|||
documentation.nixos.enable = false;
|
||||
nix = {
|
||||
settings = {
|
||||
substituters = [
|
||||
"https://cache.net.dn/dn-main"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k="
|
||||
];
|
||||
warn-dirty = false;
|
||||
trusted-users = [
|
||||
"@wheel"
|
||||
];
|
||||
experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
|
|
|
|||
23
system/modules/printer.nix
Normal file
23
system/modules/printer.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = with pkgs; [
|
||||
gutenprint
|
||||
gutenprintBin
|
||||
brlaser
|
||||
brgenml1lpr
|
||||
brgenml1cupswrapper
|
||||
splix
|
||||
hplip
|
||||
epson-escpr2
|
||||
epson-escpr
|
||||
];
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
}
|
||||
|
|
@ -103,7 +103,7 @@ in
|
|||
acme."letsencrypt" = mkIf (acmeConf != null) acmeConf;
|
||||
|
||||
session.auth = {
|
||||
mechanisms = "[PLAIN LOGIN OAUTHBEARER]";
|
||||
mechanisms = "[plain login oauthbearer]";
|
||||
directory = mkCondition "listener != 'smtp'" "'ldap'" false;
|
||||
require = mkCondition "listener != 'smtp'" true false;
|
||||
};
|
||||
|
|
@ -117,12 +117,6 @@ in
|
|||
"in-memory" = {
|
||||
type = "memory";
|
||||
principals = [
|
||||
{
|
||||
name = "danny";
|
||||
class = "individual";
|
||||
secret = "%{file:${adminPassFile}}%";
|
||||
email = [ "danny@${domain}" ];
|
||||
}
|
||||
{
|
||||
name = "postmaster";
|
||||
class = "individual";
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue