sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: nginx reverse proxy that shi

Browse source
This commit is contained in:
s-prechtl 2025-11-08 20:04:43 +01:00
parent 411755a47e
commit 8fc518d422
13 changed files with 98 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/goingmerry/configuration.nix
View file

@ -106,8 +106,8 @@
nixpkgs.config.allowUnfree = true;
nixpkgs.config.android_sdk.accept_license = true;
nixpkgs.config.permittedInsecurePackages = [
"python3.13-ecdsa-0.19.1"
];
"python3.13-ecdsa-0.19.1"
];
# List packages installed in system profile. To search, run:
# $ nix search wget

1
hosts/hitsugibune/configuration.nix
View file

@ -30,6 +30,7 @@
in {
imports = [
./hardware-configuration.nix
./nginx.nix
./nextcloud.nix
./teamspeak.nix
./matrix.nix

30
hosts/hitsugibune/llm.nix
View file

@ -1,5 +1,4 @@
{...} :
{
{config, ...}: {
services.open-webui = {
enable = true;
openFirewall = true;
@ -7,9 +6,26 @@
};
services.ollama = {
enable = true;
acceleration = "cuda";
loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ];
};
enable = true;
host = "chattn.sprechtl.me";
acceleration = "cuda";
loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
};
services.nginx = {
enable = true;
virtualHosts.${config.services.ollama.host} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
}

8
hosts/hitsugibune/mail.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
age.secrets.mail-admin = {
file = ../../secrets/mail-admin.age;
owner = "virtualMail";
@ -8,7 +12,7 @@
mailserver = {
enable = true;
fqdn = "mail.sprechtl.me";
domains = [ "sprechtl.me" ];
domains = ["sprechtl.me"];
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'

5
hosts/hitsugibune/nextcloud.nix
View file

@ -57,9 +57,4 @@
enableACME = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
}

12
hosts/hitsugibune/nginx.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
services.nginx = {
recommendedProxySettings = true;
recommendedTlsSettings = true;
enable = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
}

18
hosts/hitsugibune/nvidia.nix
View file

@ -1,9 +1,12 @@
{config, lib, ...}:
{
config,
lib,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"nvidia-x11"
"nvidia-settings"
];
# Enable OpenGL
hardware.graphics = {
@ -14,13 +17,12 @@
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
@ -30,9 +32,9 @@
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;

13
hosts/saberofxebec/configuration.nix
View file

@ -116,11 +116,12 @@ in {
"7575:7575"
];
volumes = [
"/var/lib/homarr/:/appdata"
"/var/lib/homarr/:/appdata"
"/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro"
];
extraOptions = [
"--network" "host"
"--network"
"host"
"--dns=192.168.0.201"
];
@ -180,10 +181,10 @@ in {
Username = "Spr3eZ";
Password_PBKDF2 = "@ByteArray(rSRSjyLjKHX4KeDHgtx8qA==:EdZC27+FdG0aFtqVtEsiuqQAA6NROdBRXVSySD6ktgBY7k9ORrq8Kgo2uIkXvAWssmMIFb+C3RZS2PMWAt/Ihw==)";
};
Scheduler = {
end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)'';
start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)'';
};
Scheduler = {
end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)'';
start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)'';
};
};
AutoRun = {
OnTorrentAdded.Enabled = true;

28
hosts/saberofxebec/disk-spindown.nix
View file

@ -1,14 +1,20 @@
{lib, pkgs, ...}: {
# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
services.udev.extraRules =
let
{
lib,
pkgs,
...
}: {
# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
services.udev.extraRules = let
mkRule = as: lib.concatStringsSep ", " as;
mkRules = rs: lib.concatStringsSep "\n" rs;
in mkRules ([( mkRule [
''ACTION=="add|change"''
''SUBSYSTEM=="block"''
''KERNEL=="sd[a-z]"''
''ATTR{queue/rotational}=="1"''
''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
])]);
in
mkRules [
(mkRule [
''ACTION=="add|change"''
''SUBSYSTEM=="block"''
''KERNEL=="sd[a-z]"''
''ATTR{queue/rotational}=="1"''
''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
])
];
}

4
hosts/saberofxebec/hardware-configuration.nix
View file

@ -16,7 +16,7 @@
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.supportedFilesystems = [ "ntfs" ];
boot.supportedFilesystems = ["ntfs"];
fileSystems."/" = {
device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee";
@ -26,7 +26,7 @@
fileSystems."/media" = {
device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe";
fsType = "ntfs-3g";
options = [ "rw" ];
options = ["rw"];
};
fileSystems."/boot" = {

10
hosts/saberofxebec/intel.nix
View file

@ -1,5 +1,9 @@
{config, pkgs, ...}: {
services.xserver.videoDrivers = [ "modesetting" ];
{
config,
pkgs,
...
}: {
services.xserver.videoDrivers = ["modesetting"];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
@ -7,5 +11,5 @@
vpl-gpu-rt # Enable QSV
];
};
environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; };
environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";};
}

18
hosts/saberofxebec/nvidia.nix
View file

@ -1,9 +1,12 @@
{config, lib, ...}:
{
config,
lib,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"nvidia-x11"
"nvidia-settings"
];
# Enable OpenGL
hardware.graphics = {
@ -14,13 +17,12 @@
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials.
powerManagement.enable = false;
@ -30,9 +32,9 @@
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
open = false;

5
modules/nixos/greetd.nix
View file

@ -1,7 +1,4 @@
{
pkgs,
...
}: {
{pkgs, ...}: {
services.greetd = {
enable = true;