Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

top level restructure

Browse Source
This commit is contained in:
Nathan
2026-04-22 08:25:10 -05:00
parent 846d33ac50
commit 63559c16ac
163 changed files with 0 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
modules/features/virtualization/containers/code-server/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers.code-server.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.code-server.enable {
containers.code-server = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
config = {
services.code-server = {
enable = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableUpdateCheck = true;
disableTelemetry = true;
disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
};
};
};
};
}

115
modules/features/virtualization/containers/gitea/default.nix Normal file
View File

@@ -0,0 +1,115 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers.gitea.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.gitea.enable {
networking = {
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
};
containers.gitea = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
};
services.gitea = {
enable = true;
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
};
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
};
};
};
};
}

46
modules/features/virtualization/containers/nginx/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers."esotericbytes.com".enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers."esotericbytes.com".enable {
containers.esotericbytes-com = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
bindMounts = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
config = {
services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
};
}

55
modules/features/virtualization/containers/novnc/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
options.sysconfig.containers.novnc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.novnc.enable {
networking = {
firewall.interfaces."ve-novnc" = {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];
};
};
containers.novnc = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
config = {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
};
};
};
};
}

46
modules/features/virtualization/containers/ntfy/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers.ntfy.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.ntfy.enable {
containers.ntfy = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
config = {
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
};
}

88
modules/features/virtualization/containers/rustdesk/default.nix Normal file
View File

@@ -0,0 +1,88 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers.rustdesk.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.rustdesk.enable {
/*networking = {
firewall.allowedTCPPorts = [ 21115 21116 21117 21118 21119 ];
firewall.allowedUDPPorts = [ 21116 ];
};*/
containers.rustdesk = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.27";
/* forwardPorts = [
{
containerPort = 21115;
hostPort = 21115;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "tcp";
}
{
containerPort = 21116;
hostPort = 21116;
protocol = "udp";
}
{
containerPort = 21117;
hostPort = 21117;
protocol = "tcp";
}
{
containerPort = 21118;
hostPort = 21118;
protocol = "tcp";
}
{
containerPort = 21119;
hostPort = 21119;
protocol = "tcp";
}
];*/
config = {
services.rustdesk-server = {
enable = true;
openFirewall = true;
relay = {
enable = true;
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
signal = {
enable = true;
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"
"AAAAC3NzaC1lZDI1NTE5AAAAIIPztDjwgB3xCza5+p5z1jpGVYoVQNl3fqD69pPCm0NA"
];
};
};
system.stateVersion = "24.05";
};
};
};
};
}

82
modules/features/virtualization/containers/sandbox/default.nix Normal file
View File

@@ -0,0 +1,82 @@
{ ... }: {
flake.nixosModules.default = { config, lib, self, ... }: {
options.sysconfig.containers.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.containers.sandbox.enable {
networking = {
nat.internalInterfaces = [ "ve-sandbox" ];
};
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
};
};
};
}

134
modules/features/virtualization/containers/wyoming/default.nix Normal file
View File

@@ -0,0 +1,134 @@
{ ... }: {
flake.nixosModules.default = { config, lib, ... }: {
options.sysconfig.containers.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.containers.wyoming.enable {
containers.wyoming = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.26";
bindMounts = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
config = {
networking.firewall = {
allowedTCPPorts = [ 11431 11432 11433 11435 ];
};
services.wyoming = {
piper = lib.mkIf config.sysconfig.containers.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.containers.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.containers.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.containers.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
};
system.stateVersion = "25.05";
};
};
};
};
}