sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: nginx reverse proxy that shi

Browse source
This commit is contained in:
s-prechtl 2025-11-08 20:04:43 +01:00
parent 411755a47e
commit 8fc518d422
13 changed files with 98 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/goingmerry/configuration.nix
View file

@ -106,8 +106,8 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.config.android_sdk.accept_license = true; nixpkgs.config.android_sdk.accept_license = true;
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"python3.13-ecdsa-0.19.1" "python3.13-ecdsa-0.19.1"
]; ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget

1
hosts/hitsugibune/configuration.nix
View file

@ -30,6 +30,7 @@
in { in {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./nginx.nix
./nextcloud.nix ./nextcloud.nix
./teamspeak.nix ./teamspeak.nix
./matrix.nix ./matrix.nix

30
hosts/hitsugibune/llm.nix
View file

@ -1,5 +1,4 @@
{...} : {config, ...}: {
{
services.open-webui = { services.open-webui = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -7,9 +6,26 @@
}; };
services.ollama = { services.ollama = {
enable = true; enable = true;
acceleration = "cuda"; host = "chattn.sprechtl.me";
loadModels = [ "llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b" ]; acceleration = "cuda";
loadModels = ["llama3.2:3b" "deepseek-r1:1.5b" "gpt-oss:20b"];
}; };
services.nginx = {
enable = true;
virtualHosts.${config.services.ollama.host} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
} }

8
hosts/hitsugibune/mail.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: { {
config,
pkgs,
...
}: {
age.secrets.mail-admin = { age.secrets.mail-admin = {
file = ../../secrets/mail-admin.age; file = ../../secrets/mail-admin.age;
owner = "virtualMail"; owner = "virtualMail";
@ -8,7 +12,7 @@
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "mail.sprechtl.me"; fqdn = "mail.sprechtl.me";
domains = [ "sprechtl.me" ]; domains = ["sprechtl.me"];
# A list of all login accounts. To create the password hashes, use # A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'

5
hosts/hitsugibune/nextcloud.nix
View file

@ -57,9 +57,4 @@
enableACME = true; enableACME = true;
}; };
}; };
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
} }

12
hosts/hitsugibune/nginx.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
services.nginx = {
recommendedProxySettings = true;
recommendedTlsSettings = true;
enable = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "stefan@tague.at";
};
}

18
hosts/hitsugibune/nvidia.nix
View file

@ -1,9 +1,12 @@
{config, lib, ...}:
{ {
config,
lib,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
]; ];
# Enable OpenGL # Enable OpenGL
hardware.graphics = { hardware.graphics = {
@ -14,13 +17,12 @@
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = { hardware.nvidia = {
# Modesetting is required. # Modesetting is required.
modesetting.enable = true; modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking # Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials. # of just the bare essentials.
powerManagement.enable = false; powerManagement.enable = false;
@ -30,9 +32,9 @@
# Use the NVidia open source kernel module (not to be confused with the # Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver). # independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of # Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at: # supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+ # Only available from driver 515.43.04+
open = false; open = false;

13
hosts/saberofxebec/configuration.nix
View file

@ -116,11 +116,12 @@ in {
"7575:7575" "7575:7575"
]; ];
volumes = [ volumes = [
"/var/lib/homarr/:/appdata" "/var/lib/homarr/:/appdata"
"/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro" "/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt:/usr/local/share/ca-certificates/root.crt:ro"
]; ];
extraOptions = [ extraOptions = [
"--network" "host" "--network"
"host"
"--dns=192.168.0.201" "--dns=192.168.0.201"
]; ];
@ -180,10 +181,10 @@ in {
Username = "Spr3eZ"; Username = "Spr3eZ";
Password_PBKDF2 = "@ByteArray(rSRSjyLjKHX4KeDHgtx8qA==:EdZC27+FdG0aFtqVtEsiuqQAA6NROdBRXVSySD6ktgBY7k9ORrq8Kgo2uIkXvAWssmMIFb+C3RZS2PMWAt/Ihw==)"; Password_PBKDF2 = "@ByteArray(rSRSjyLjKHX4KeDHgtx8qA==:EdZC27+FdG0aFtqVtEsiuqQAA6NROdBRXVSySD6ktgBY7k9ORrq8Kgo2uIkXvAWssmMIFb+C3RZS2PMWAt/Ihw==)";
}; };
Scheduler = { Scheduler = {
end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)''; end_time = ''@Variant(\0\0\0\xf\0\x36\xee\x80)'';
start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)''; start_time = ''@Variant(\0\0\0\xf\x1\xb7t\0)'';
}; };
}; };
AutoRun = { AutoRun = {
OnTorrentAdded.Enabled = true; OnTorrentAdded.Enabled = true;

28
hosts/saberofxebec/disk-spindown.nix
View file

@ -1,14 +1,20 @@
{lib, pkgs, ...}: { {
# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet. lib,
services.udev.extraRules = pkgs,
let ...
}: {
# Disables spindown on all disks of /dev/sd* format. -S might be used later not sure if needed yet.
services.udev.extraRules = let
mkRule = as: lib.concatStringsSep ", " as; mkRule = as: lib.concatStringsSep ", " as;
mkRules = rs: lib.concatStringsSep "\n" rs; mkRules = rs: lib.concatStringsSep "\n" rs;
in mkRules ([( mkRule [ in
''ACTION=="add|change"'' mkRules [
''SUBSYSTEM=="block"'' (mkRule [
''KERNEL=="sd[a-z]"'' ''ACTION=="add|change"''
''ATTR{queue/rotational}=="1"'' ''SUBSYSTEM=="block"''
''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"'' ''KERNEL=="sd[a-z]"''
])]); ''ATTR{queue/rotational}=="1"''
''RUN+="${pkgs.hdparm}/bin/hdparm -B 254 /dev/%k"''
])
];
} }

4
hosts/saberofxebec/hardware-configuration.nix
View file

@ -16,7 +16,7 @@
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"]; boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.supportedFilesystems = [ "ntfs" ]; boot.supportedFilesystems = ["ntfs"];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee"; device = "/dev/disk/by-uuid/5af04782-c4e8-4414-a967-c98415965eee";
@ -26,7 +26,7 @@
fileSystems."/media" = { fileSystems."/media" = {
device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe"; device = "/dev/disk/by-partuuid/be8b55ea-2591-4f50-a08e-38e30e1039fe";
fsType = "ntfs-3g"; fsType = "ntfs-3g";
options = [ "rw" ]; options = ["rw"];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {

10
hosts/saberofxebec/intel.nix
View file

@ -1,5 +1,9 @@
{config, pkgs, ...}: { {
services.xserver.videoDrivers = [ "modesetting" ]; config,
pkgs,
...
}: {
services.xserver.videoDrivers = ["modesetting"];
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
@ -7,5 +11,5 @@
vpl-gpu-rt # Enable QSV vpl-gpu-rt # Enable QSV
]; ];
}; };
environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; environment.sessionVariables = {LIBVA_DRIVER_NAME = "iHD";};
} }

18
hosts/saberofxebec/nvidia.nix
View file

@ -1,9 +1,12 @@
{config, lib, ...}:
{ {
config,
lib,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [ builtins.elem (lib.getName pkg) [
"nvidia-x11" "nvidia-x11"
"nvidia-settings" "nvidia-settings"
]; ];
# Enable OpenGL # Enable OpenGL
hardware.graphics = { hardware.graphics = {
@ -14,13 +17,12 @@
services.xserver.videoDrivers = ["nvidia"]; services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = { hardware.nvidia = {
# Modesetting is required. # Modesetting is required.
modesetting.enable = true; modesetting.enable = true;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail. # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
# Enable this if you have graphical corruption issues or application crashes after waking # Enable this if you have graphical corruption issues or application crashes after waking
# up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead
# of just the bare essentials. # of just the bare essentials.
powerManagement.enable = false; powerManagement.enable = false;
@ -30,9 +32,9 @@
# Use the NVidia open source kernel module (not to be confused with the # Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver). # independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of # Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at: # supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+ # Only available from driver 515.43.04+
open = false; open = false;

5
modules/nixos/greetd.nix
View file

@ -1,7 +1,4 @@
{ {pkgs, ...}: {
pkgs,
...
}: {
services.greetd = { services.greetd = {
enable = true; enable = true;