Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lots

Browse Source
This commit is contained in:
Nathan
2026-01-15 18:47:31 -06:00
parent fd3f3639bd
commit f480a1f8c9
21 changed files with 195 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
system/profiles/homebox/default.nix
View File

@@ -39,11 +39,13 @@
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
@@ -59,6 +61,14 @@
pipewire.enable = true;
netbird.enable = true;
minecraft.enable = false;
ollama.enable = true;
wyoming = {
enable = true;
piper = false;
openwakeword = true;
faster-whisper = true;
};
};
programs = {
@@ -77,19 +87,27 @@
n8n.enable = true;
keycloak.enable = true;
netbird.enable = true;
ollama.enable = true;
ollama.enable = false;
openwebui.enable = true;
homeassistant.enable = true;
wyoming = {
enable = true;
enable = false;
piper = false;
openwakeword = true;
faster-whisper = true;
};
rustdesk.enable = false; #broken
#pihole.enable = false; #broken
code-server.enable = false;
pihole.enable = true; #broken
code-server.enable = false;
novnc.enable = false;
minecraft.enable = true;
#sandbox.enable = false;

13
system/profiles/laptop/default.nix
View File

@@ -105,8 +105,17 @@
programs.zsh.enable = true;
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
nameservers = [
"1.1.1.1"
"1.0.0.1"
"127.0.0.1"
];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
};

4
system/services/containers/authentik/default.nix
View File

@@ -5,10 +5,6 @@
default = false;
};
imports = [
sops-nix.nixosModules.sops
];
config = lib.mkIf config.sysconfig.virtualization.authentik.enable {
sops.secrets."authentik/dbpass" = {};

11
system/services/containers/default.nix
View File

@@ -1,6 +1,13 @@
{ ... }: {
imports = [
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./gitlab
./gitea
./traefik
@@ -21,5 +28,5 @@
./novnc
./minecraft
#./sandbox
];
];*/
}

9
system/services/containers/homeassistant/default.nix
View File

@@ -5,19 +5,10 @@
type = lib.types.bool;
default = false;
};
configvol = lib.options.mkOption {
type = lib.types.str;
default = "/ssd1/Home-Assistant/data:/config";
};
};
config = lib.mkIf config.sysconfig.virtualization.homeassistant.enable {
networking = {
hosts."192.168.100.25" = [ "hass.local" ];
nat.internalInterfaces = [ "ve-home-assnHYM" ];
};
containers.home-assistant = {
autoStart = true;

4
system/services/containers/keycloak/default.nix
View File

@@ -9,10 +9,6 @@
sops.secrets."keycloak/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-keycloak" ];
};
containers.keycloak = {

11
system/services/containers/minecraft/default.nix
View File

@@ -5,17 +5,8 @@
type = lib.types.bool;
default = false;
};
services.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
/*imports = [
nix-minecraft.nixosModules.minecraft-servers
];*/
config = lib.mkIf config.sysconfig.virtualization.minecraft.enable {
networking = {
@@ -23,8 +14,6 @@
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
};
nat.internalInterfaces = [ "ve-minecraft" ];
};
nixpkgs.overlays = [ nix-minecraft.overlay ];

20
system/services/containers/n8n/default.nix
View File

@@ -7,12 +7,6 @@
config = lib.mkIf config.sysconfig.virtualization.n8n.enable {
networking = {
hosts."192.168.100.21" = [ "n8n.local" ];
nat.internalInterfaces = [ "ve-n8n" ];
};
containers.n8n = {
autoStart = true;
@@ -42,21 +36,7 @@
#webhookUrl = "https://n8n.blunkall.us/";
};
/*
systemd.services.n8n = {
environment = {
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
};
*/
system.stateVersion = "25.05";
};
};

8
system/services/containers/netbird/default.nix
View File

@@ -16,7 +16,7 @@
};
config = let
pkgs-com = import nixpkgs-us {
pkgs-us = import nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
@@ -26,9 +26,9 @@
enable = config.sysconfig.services.netbird.enable;
ui = {
enable = true;
#package = pkgs-com.netbird-ui;
#package = pkgs-us.netbird-ui;
};
#package = pkgs-com.netbird;
#package = pkgs-us.netbird;
};
networking = {
@@ -96,7 +96,7 @@
NETBIRD_TOKEN_SOURCE = "accessToken";
};
package = pkgs-com.netbird-dashboard;
package = pkgs-us.netbird-dashboard;
};
management = {
enable = true;

5
system/services/containers/nginx/default.nix
View File

@@ -31,11 +31,6 @@
forceSSL = false;
root = "/var/www/data";
};
"homebox.vpn/esotericbytes" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};

2
system/services/containers/novnc/default.nix
View File

@@ -8,8 +8,6 @@
config = lib.mkIf config.sysconfig.virtualization.novnc.enable {
networking = {
hosts."192.168.100.30" = [ "novnc.local" ];
firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.virtualization.novnc.enable {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];

2
system/services/containers/ntfy/default.nix
View File

@@ -22,7 +22,7 @@
settings = {
base-url = "https://ntfy.blunkall.us";
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";

16
system/services/containers/ollama/default.nix
View File

@@ -41,7 +41,15 @@
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
"/etc/nvidia" = {
hostPath = "/etc/nvidia";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
"/dev/dri/renderD128" = {
hostPath = "/dev/dri/renderD128";
isReadOnly = false;
@@ -69,11 +77,15 @@
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
/*
{
node = "/dev/dri";
modifier = "rw";
}
{
node = "/dev/dri/renderD128";
modifier = "rw";
}
}*/
];
config = {

36
system/services/containers/pihole/default.nix
View File

@@ -19,8 +19,6 @@
*/
networking = {
nat.internalInterfaces = [ "ve-pihole" ];
nameservers = [ "192.168.100.28" ];
};
@@ -46,9 +44,7 @@
pihole-web = {
enable = true;
package = pkgs-us.pihole-web;
#hostName = "192.168.100.28";
hostName = "pihole.local";
ports = [ 80 ];
};
@@ -56,8 +52,6 @@
pihole-ftl = {
enable = true;
package = pkgs-us.pihole-ftl;
openFirewallDNS = true;
openFirewallWebserver = true;
@@ -69,21 +63,43 @@
settings = {
dns.upstreams = [ "127.0.0.1#5335" ];
files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
};
};
unbound = {
enable = true;
resolveLocalQueries = true;
settings = {
server = {
interface = [ "127.0.0.1" ];
port = 5335;
access-control = [ "127.0.0.1 allow" ];
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
prefetch = true;
edns-buffer-size = 1232;
hide-identity = true;
hide-version = true;
};
forward-zone = [
{
name = "cloudflare";
forward-addr = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
forward-tls-upstream = true;
}
];
};
};

2
system/services/containers/rustdesk/default.nix
View File

@@ -69,7 +69,7 @@
signal = {
enable = true;
#relayHosts = [ "blunkall.us" ];
#relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ];
extraArgs = [
"-k"

22
system/services/containers/sandbox/default.nix
View File

@@ -1,23 +1,10 @@
{ config, lib, nixpkgs-us, self, ... }: {
{ config, lib, self, ... }: {
options.sysconfig.virtualization.sandbox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
disabledModules = [
"virtualisation/nixos-containers.nix"
];
imports = [
(import "${nixpkgs-us}/nixos/modules/virtualisation/nixos-containers.nix" {
inherit config lib;
pkgs = (import nixpkgs-us {
system = "x86_64-linux";
});
})
];
config = lib.mkIf config.sysconfig.virtualization.sandbox.enable {
networking = {
@@ -37,7 +24,7 @@
flake = "${self}";
bindMounts = {
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
@@ -81,7 +68,10 @@
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];
];*/
config = {
};
};

41
system/services/containers/traefik/default.nix
View File

@@ -12,10 +12,6 @@
"esotericbytes.com"
"*.esotericbytes.com"
"esotericbytes.local"
"*.esotericbytes.local"
"traefik.esotericbytes.local"
];
firewall.allowedTCPPorts = [ 22 80 443 ];
@@ -84,14 +80,17 @@
certResolver = "cloudflare";
domains = {
main = "esotericbytes.com";
sans = [ "*.esotericbytes.com" ];
sans = [
"*.esotericbytes.com"
"local.internal.esotericbytes.com"
];
};
};
};
};
log = {
level = "DEBUG";
filePath = "/etc/traefik/data/traefik.log";
level = "INFO";
filePath = "/etc/traefik/data/logs/traefik.log";
format = "json";
};
certificatesResolvers = {
@@ -125,12 +124,12 @@
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};*/
/*homeassistant = {
homeassistant = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.esotericbytes.com`)";
rule = "Host(`hass.local`)";
service = "homeassistant";
tls.certResolver = "cloudflare";
};*/
};
jellyfin = {
entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.esotericbytes.com`)";
@@ -167,7 +166,7 @@
};
traefik = {
entryPoints = [ "websecure" ];
rule = "Host(`traefik.esotericbytes.local`)";
rule = "Host(`traefik.local`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
@@ -179,12 +178,12 @@
tls.certResolver = "cloudflare";
};*/
/*pihole = {
entryPoints = [ "localsecure" ];
rule = "Host(`pihole.esotericbytes.com`)";
pihole = {
entryPoints = [ "websecure" ];
rule = "Host(`pihole.local`)";
service = "pihole";
tls.certResolver = "cloudflare";
};*/
};
netbird = {
entryPoints = [ "websecure" ];
@@ -193,12 +192,12 @@
tls.certResolver = "cloudflare";
};
/*n8n = {
n8n = {
entryPoints = [ "websecure" ];
rule = "Host(`n8n.esotericbytes.com`)";
rule = "Host(`n8n.local`)";
service = "n8n";
tls.certResolver = "cloudflare";
};*/
};
};
@@ -221,7 +220,7 @@
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
#pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ];
pihole.loadBalancer.servers = [ { url = "http://192.168.100.28"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
@@ -236,7 +235,9 @@
servers = [ { url = "http://192.168.100.23:80"; } ];
};
#n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
homeassistant.loadBalancer.servers = [ "http://192.168.100.25:8123" ];
n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
};
};
};

11
system/services/default.nix
View File

@@ -1,12 +1,19 @@
{ ... }: {
imports = [
imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./ollama
./wyoming
./openssh
./pipewire
./containers
./sddm
./novnc
./kdePlasma6
];
];*/
}

2
system/services/ollama/default.nix
View File

@@ -12,7 +12,7 @@
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "16000";
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
};
package = let
pkgs-us = import nixpkgs-us {

68
system/services/wyoming/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, lib, ... }: {
options.sysconfig.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.wyoming.enable {
services.wyoming = {
piper = lib.mkIf config.sysconfig.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
};
};
}

3
system/users/nathan/home-manager/packages/default.nix
View File

@@ -27,13 +27,12 @@
kjv
openssh
sops
killall
busybox
btop
zip
unzip
rsync
curl
wget
(python313.withPackages (ps: with ps; [
gpustat
numpy