Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move options

Browse Source
This commit is contained in:
Nathan
2026-01-18 17:08:05 -06:00
parent d530844886
commit 96ab25c6ad
9 changed files with 4 additions and 583 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
system/profiles/homebox/default.nix
View File

@@ -3,12 +3,8 @@
{
imports =
[
./hardware-configuration.nix
disko.nixosModules.default
(import ./disko.nix { device1 = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; device3 = "/dev/sda"; })
sops-nix.nixosModules.sops
home-manager.nixosModules.default
@@ -79,8 +75,6 @@
docker = {
enable = true;
nvidia = true;
portainer.enable = true;
pihole.enable = true;
ollama.enable = true;

145
system/profiles/homebox/disko.nix
View File

@@ -1,145 +0,0 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
device2,
device3,
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = device2;
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = device3;
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
}

39
system/profiles/homebox/hardware-configuration.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-de2feead48ad.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-blunkall-us.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-gitea.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-home-assnHYM.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-jellyfin.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-keycloak.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-n8n.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-netbird.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-nextcloud.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-ollama.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-traefik.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-wyoming.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
system/profiles/homebox/secrets.yaml
View File

@@ -1,41 +0,0 @@
nathan:
pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str]
authentik:
pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
pihole:
pass: ENC[AES256_GCM,data:hintZA==,iv:HA5K8mHYlLtf5s8iaLI/QRolYgcKwG8DWCH+LXnWI4k=,tag:DlnXxG0n9dBVpk2kILlPKg==,type:str]
gitea:
dbpass: ENC[AES256_GCM,data:hVRLXACRECNSnXRn8BEP0ZFT,iv:zuIvzStek6OEu+P4Nh8Wsq9eRVt/zP8KGVXYZWjSvW0=,tag:m4t8vKNGhz8NqkDWbCRgnA==,type:str]
keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird:
coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str]
gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
secrets:
secret: ENC[AES256_GCM,data:3/26giCD58RErtEDxQ90KxRl3aa8oH4co2Urw21r7hHCKaoSti1VpYoBtlvHdr5j,iv:SwliwLWSFfTZoc31JSm9YKBDGKiPQE7ujkiGaZmCQUc=,tag:2KT5BpJukixvhb6tnZb6lw==,type:str]
otp: ENC[AES256_GCM,data:RWOkQVPRsrJgPVtx49hiWRMAxVOszKxaDl40XQDL+QoDuoZi03wSxHiu4Ix9X2BR,iv:uO+CTR5S4r1q7n1ycQw0hYdu8JflSrvkgLiBbCmT8mk=,tag:gqCwNOqD78lFtgxUPyUw3A==,type:str]
db: ENC[AES256_GCM,data:rF4IIp1uFSGa67LVm8fy4/qFOmZLInRcG2IAfnuZG3+xtS9Z2RXpNcTZNFBDdOaD,iv:/KYwf3ZH6w48L49rY/FmaGQOt3jGdOUTZ9vFhmLZG60=,tag:f38iYIgpgdjWF34qD1fz2w==,type:str]
jws: ENC[AES256_GCM,data:C+GVDeO319QGjq2+fBMr1LaY6/6Tuz6jWomkvFVul6ydJjmMFO3A9dYI66WWY6g2iZgYEWDKUikW1qDK5sGgU5ZAZzaqS01LUsSsPHUcMqIg/AjtcRfaEvHYODYPPSEwdISzhceDaim8yqhrNTIOHUHvOxcILvtUmsI61hNfVSnOQbqifIJDgGP7bKaf96t8+qcBvp/UBwP1qHj/m4jD83yc8Pdih+ZuPmyNdo3Ew0nbLTykYVX3XsrO1RlJ/Gp+KPfRSJzVGAnqUKr8mI+32LUpXSJ96bEGA67/blSh1dbBxSVo3K83aZYuY6vvXb+Et6qd4piZYKGCxA+waSrTkYHvSgS5vJRbCGWauXKCYFASxxqmdJ3cu+rbphbshBVA3SIPHhZxun6BWaP0qTYZyfB/YsSU4J+kYiE3UEYX9GYEAY9bsO89IYZSsTsmYke2EI4KMcjyUFstZ2WTYqCpwJ6CMAuerDEMHP6N3xCO5MVDZfE4sKKHpfSCVQg8ak7IxV+3jZvZi2tUbvZZf/tYORzPeTUSEpcC4cGwwAJd3XKUetaiuDwQVkLa13xotfL0d+Lwc6eZil0e/sureLqvQM6kpWhK7yscu2hKGOzxx/OZClry2Uyc1fL5iWWxvM8Djg+ShoAS5m3Nt0R+mcLdgaylkZvMl9gNWFO1uzlnhGnJQtekVaXCJ9f9QZt5RizJYwM9pMKhSDTZ0vd4y69iZpz3YXhKtkvYX02RIFtTiqsbyU0pXVjK0SpKsb5T+yphacGeZRwQS9QadW9dE6xQsxwwYC//swm5l6ke+DyZrcsc/J+MBHFuN71D2st+jtfywZYg/YT9EcCFOMjqEgfDq7YICgyqfqRGAdVWQy660T5Mi+gYKcHqbYXaaB3VNL2RGIu/uybih/7ynGRM2+0ro9oKJ+fEbdi1alSFFJ0IvA5lU6XHd2CSyizEC9ak+HBLkYeSqOPfItfLH82jRiUtrY5u4fIlioLQTA1aKHax6q8cIf30FCGenhjM6jMj2WpXKI16+1xK9Om9mg94YmFjM+erQh3o/fbPuMbkNaNJQwabupshBK2h3caaE0cDUnDukUFUANHz9q5LVxSkw39GTjGpovxQJiZHbSdeIC/AzFXRVA1ojhzkeuefygdP27Aa+fLjEBn2x8AcdhyP1n8lQyjy0Wnxq9hJDbVXJF93FIdcCmF/JGejgHcr3YZUMY4OFG9gzISDEdgR99fYvKM+A9Pj2JNtCQ5iKCctg5opIEKA1z4RIpRQs0KmXq3JgjWhU1LeOWaX2YzS5rCJWyhxnTJXGk4a/cMvhbLRjFOKcDNNMp8yJrXk1pth7nFOJ4Put6o67jtjbgpgnPuEdelnXEEaReCfJEo2z8zka63kYqbIvcG4W2pKwsA4tT0QctVwltRdYU8YyKuOpQJtKvVdlZL0oxOwxPioTT8fOebRBaecKhQKF4fp9UGlE/GStud6oFSbN685U2TKihvYNmfLRSWQk1Y/APyCRlhOmhFLaIzJxogdlKzpg4AEg/2SRoEZPsqyZThI8uhCIT1qG0UBiZBTjey322fsEEZtNxO5nX/JeBDOVty3sIGs1OKBTjMXSZ+nzU9AIH6dek9Bz+Fix7a90IkQUB5xtgrIYgCH34L4a0o1jWy5bzT9fl53VnbzrICcT/wdRU/GznYYjxlF2uRBKIu7s0glDmsPXCZuorqvJlr2hySgN/hJKOlrCghraUD14pRk4OfRVKULkPQ7betgaCVbsihXplodrAgJ0BdIbf3tKRC8Ghx8+mYAWNXj+PtWBydEjEirCH70SJu53gjF5mNgl2EIaHNK7jqBgXhDr2/7uH97Tl+S9ue+TDlpr067T5JAqU3fOqq+ZS4wqEvqMYRfXd/V2FjNbBpoH8UW6pMuFaM06DBI+6p9O9xBl1eP3Sy3vrBwK2pCwLbi0LdJ2apQTl/51ZXp2xaaUAAh1Fu/bM21V7ENa5sGxpSTYwdSLyPnd8usqECw9W1XDNUI2EmJnp9AelD/joNwuL6U7pydrNUCguCjxHfbd+m0vc/te53GerJlSXbjEWz53f3RjSB90AaA6sOGhi1BFiHYSAjzMdqVSj4M68r+UF3YIuEuoaOzrVrkb5st3tYD0dz+ORhxo44aKEzgohseha5fg0wcTz9orqkeP/FyoOeItG2UwNVAWWGh/lBtXh8c4ILUMolZ1m2DWiYj/pyDvODVnP96u6TvyMC0H8aolgGHn7nDMTi+mCIvNFQYeXdVrRCpWS9aQik=,iv:cxdargXx2a7pET7BjCSZ/yXL7AnxNqncyDQ7CR3E3AA=,tag:2xKXfhBjynDqlvH377lpSA==,type:str]
oidc:
id: ENC[AES256_GCM,data:b6o2cCCSXJ5bIhA47InfhqwjO5Tjr0Mls+7VT5cunFfEHkdOInxplw==,iv:txren/8jnAUvCI/k9cxN29ZkSgCuPEAo0IpyREf2E9A=,tag:BFOZrM18zUJMEACpLz7KRw==,type:str]
secret: ENC[AES256_GCM,data:4HPPbVBOeDjdL81d402Rz6Luk1DZbk8InHfO+Sx/OJIvUf/shkCRyp3hStIDC03bA8HV66GeejvWFte+vQ2b5X3Fl2GXfHQi7brMFVEYfYdR2XRdra0aOeSrHtW5uUn0MpVCRwYDb1JahIWhLyqcYyOpV91xjNiIVg8S3MHr+mo=,iv:c3Q4qPMxZJuoO5XRzUDZh5XJOtff9eiMTlOx+MDMSaE=,tag:07fIkN9YXXJMEV59QEFIag==,type:str]
nextcloud:
pass: ENC[AES256_GCM,data:U/VI/uHDT1a5O4iAHUVwsz/h,iv:W0hAXBddFKhXmDWHpCB2JhjPPTEGer7721WtIRxg4Zo=,tag:OE4wzibNaaXsbfFuk0dwTA==,type:str]
sops:
age:
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDVFhtcWkreVV6UmJkcW1P
WUluUTlOcjYzME1yVVNpVWJldXVsWG1vN3dNCmlvYURNV285anlIa3FrbXRVTERB
dXZDWHhEbFp3YWw5d2w4Y09vbUVCNHcKLS0tIEF4ZU5ZdWI5MVBtN0FOUUZDQUR4
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T05:54:41Z"
mac: ENC[AES256_GCM,data:hLxsJDB3kr00fVVlkGC7L/pP3AH+W+IZbt4zHxGb9C7bhgs1zkLdDGGW8uqitsYQP5ZqSq00raym+JGGREH0q+SepQB+yrB26yDsac6thzKV1Yr3sIMhKdzSHJiNEawUxI7pTToKG3e6XDz2S0r0i0AvAoA6abPHoPH4ihojoXE=,iv:lSKAiSdkP1FxVoeKtSYs4i3HcyouNUeBHRvAXXqiBKY=,tag:hJGw0QhvbUf9M3AXC67iFA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

18
system/profiles/laptop/secrets.yaml
View File

@@ -1,18 +0,0 @@
nathan:
pass: ENC[AES256_GCM,data:H/duNPyclGoCF/Z90TQcqaUymowHOLRDmcfDxSubNGdmijknsCq+UH5PaWUmXGZ7uZqcpYWBcsVbYfQO/98OHH/kbwAFD/Hgkw==,iv:74M2PQqVzAgMXA8Z4RVLJKawt0Lzh94IKbn8YCTx3tY=,tag:B/xgA4mrhWEccaXQ+qvjCA==,type:str]
remoteBuildKey: ENC[AES256_GCM,data:CN7AyOCV4iYzYrwVh2Af5YB0nwR4raXfj5FbbeIZg5Bfha0sUPnLAG+oqVUyzVQA3yftFhfwPGaALOyb6VlT13pTifG+uEoyiq1dQP6dimlmk/p/6kVtg4aiETJ/61EUeQF/HTVTZ3F7akgQRsKNFQYbF2srcurPQSY0Q2gjlkkFA3A3aLoN2LrkFPJvtnNP6SJzXDFHVOTPmbc/DvF9UbMiYu0viIlfiPqeBs26lAqcOWhrYlOxKqEL2IoP3kADDncedxT42c1rCPB/2kGvKg+mXSlaIH3a0Hb8hrnjVUB0edyqYnNCurVhPF8mg2yoqrtyaxRkZKvUsa5LBZwS+iL9bYQdU/4hxT9c7wRC+ZtWkwF4l/gy8Ggc+VuB+YT9JUCJY96o8f2wKFup0BS+oiYLGJKpcOLMFrPJLEtOMrqPN/Z6+gZ9LVbhlSliIV/yUTJAa26el0w6tP9Ebs6tHiFakpkMahsBbRxmHBmqkHW5zfa5YpvD5Ii/EC+F8Vb/Efn6LkBZBwSB6K33NSOy,iv:4i0bGQe7wiDSvmygY2VNSEhuYfYIi9YY1g7qLgDTcMo=,tag:MJqOovOcZ97COsVjxZus8w==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2MEIyRjR0a25UU3hnR2Zw
WXFaaXJYNWFSMmZsR1FsYVB1WlBkZWptSHhzCkRGRitnNkc3MEtjV05KRXlXT3RR
TVhnVlpUdzFiSEwxbHNOT3dyQ0dzbG8KLS0tIElMc3g4SHRxZTVnOCtVcktRb25D
Y2ZpR25VNGVoMi9ibW8wbW5rYTQ3R00Ka6/KLXSSRP9WJDV0RBHHS5nALfd/3xDu
y+QS+Ueh56kQT2zbYpYBRIPDgI3LZgwlTifQCDJ9ZPq0LGgu4XbEqQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-23T03:46:50Z"
mac: ENC[AES256_GCM,data:QJLMqnmkrgtTqqmLN9NCfV8PPm5N/F0gtGw/XlX+nnfbesGVeYubSjtHmYWmY7ha41jEvLYu8rmIXaxDepfogyOf4wzuRPLkJxO7Wu0UVdr5uZlHNrcxZh4Ex6YGgg8Lbcjs0iVCev66lWfuhuxuvPOKsGLZvoNTq0V1hLpo/Fw=,iv:VFrL0L6tC1JvWM3BOJP4Dh+q1xSMBecCtPnNcY/loAU=,tag:p5VmBaGPTxyTmm1Ha9Le3Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

128
system/services/containers/ollama/default.nix
View File

@@ -1,128 +0,0 @@
{ config, lib, nixpkgs-us, ... }: {
options = {
sysconfig.virtualization.ollama.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.virtualization.ollama.enable {
networking = {
nat.internalInterfaces = [ "ve-ollama" ];
};
containers.ollama = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.24";
bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
"/etc/nvidia" = {
hostPath = "/etc/nvidia";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
"/dev/dri/renderD128" = {
hostPath = "/dev/dri/renderD128";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
/*
{
node = "/dev/dri";
modifier = "rw";
}
{
node = "/dev/dri/renderD128";
modifier = "rw";
}*/
];
config = {
services.ollama = {
enable = true;
acceleration = "cuda";
package = let
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "24000";
};
host = "0.0.0.0";
loadModels = [ "llama3.1:8b" ];
openFirewall = true;
user = "ollama";
};
users.users.ollama.extraGroups = [ "video" "render" ];
systemd.services.ollama.serviceConfig = {
PrivateDevices = lib.mkForce false;
DevicePolicy = lib.mkForce "auto";
};
system.stateVersion = "25.05";
};
};
};
}

204
system/services/containers/pihole/default.nix
View File

@@ -1,204 +0,0 @@
{ config, lib, nixpkgs-us, ... }: {
options.sysconfig.virtualization.pihole.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.virtualization.pihole.enable {
/* sops.secrets."pihole/pass" = {};
sops.templates."pihole.env" = {
content = ''
WEBPASSWORD=${config.sops.placeholder."pihole/pass"}
'';
path = "/ssd1/Pihole/.env";
};
*/
networking = {
nameservers = [
"192.168.100.28"
"1.1.1.1"
"1.0.0.1"
];
nat.internalInterfaces = [ "ve-pihole" ];
/*firewall.interfaces."ve-traefik" = {
allowedTCPPorts = [ 53 80 ];
allowedUDPPorts = [ 53 ];
};*/
};
/*services = {
pihole-web = {
enable = true;
hostName = "pihole.local";
ports = [ 80 ];
};
pihole-ftl = {
enable = true;
openFirewallDNS = true;
openFirewallWebserver = true;
lists = [
{
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
}
];
settings = {
dns = {
upstreams = [
#"127.0.0.1#5335"
"1.0.0.1"
"1.1.1.1"
];
cnameRecords = [
"traefik.local,local.internal.esotericbytes.com"
"pihole.local,local.internal.esotericbytes.com"
"hass.local,local.internal.esotericbytes.com"
];
};
misc.dnsmasq_lines = [ "interface=ve-traefik" ];
};
};
};*/
containers.pihole = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.28";
timeoutStartSec = "infinity";
config = let
pkgs-us = import nixpkgs-us { system = "x86_64-linux"; };
in {
/*imports = [
(import "${nixpkgs-us}/nixos/modules/services/networking/pihole-ftl.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;})
(import "${nixpkgs-us}/nixos/modules/services/web-apps/pihole-web.nix" { config = config.containers.pihole.config; inherit lib; pkgs = pkgs-us;})
];*/
services = {
pihole-web = {
enable = true;
hostName = "pihole.local";
ports = [ 80 ];
};
pihole-ftl = {
enable = true;
openFirewallDNS = true;
openFirewallWebserver = true;
lists = [
{
url = "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts";
}
];
settings = {
dns = {
upstreams = [
#"127.0.0.1#5335"
"1.0.0.1"
"1.1.1.1"
];
cnameRecords = [
"traefik.local,local.internal.esotericbytes.com"
"pihole.local,local.internal.esotericbytes.com"
"hass.local,local.internal.esotericbytes.com"
];
};
misc.dnsmasq_lines = [ "except-interface=nonexisting" ];
};
};
/*unbound = {
enable = true;
resolveLocalQueries = false;
settings = {
server = {
interface = [ "127.0.0.1" ];
port = 5335;
access-control = [ "127.0.0.1 allow" ];
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
prefetch = true;
edns-buffer-size = 1232;
hide-identity = true;
hide-version = true;
};
forward-zone = [
{
name = "cloudflare";
forward-addr = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
forward-tls-upstream = true;
}
];
};
};*/
};
/*systemd.services.pihole-ftl-setup.preStart = ''
while [[ ! ''$(ip l | grep eth0 | grep UP) ]]; do sleep 1; done;
'';*/
systemd.network = {
enable = true;
networks."eth0" = {
linkConfig.RequiredForOnline = "yes";
dns = [
"1.1.1.1"
"1.0.0.1"
];
};
};
networking = {
useHostResolvConf = false;
firewall.allowedTCPPorts = [ 5335 ];
firewall.allowedUDPPorts = [ 5335 ];
};
system.stateVersion = "25.05";
};
};
};
}

4
system/users/nathan/home-manager/packages/default.nix
View File

@@ -27,12 +27,14 @@
kjv
openssh
sops
busybox
host
toybox
btop
zip
unzip
rsync
curl
(python313.withPackages (ps: with ps; [
gpustat
numpy