Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lots

Browse Source
This commit is contained in:
Nathan
2026-01-15 18:47:31 -06:00
parent fd3f3639bd
commit f480a1f8c9
21 changed files with 195 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
system/profiles/homebox/default.nix
View File

@@ -39,11 +39,13 @@
enable = true; enable = true;
dns = "none"; dns = "none";
}; };
useDHCP = false;
dhcpcd.enable = false;
nftables = {}; nftables = {};
nat = { nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet #externalInterface = "enp6s0"; # ethernet
}; };
@@ -59,6 +61,14 @@
pipewire.enable = true; pipewire.enable = true;
netbird.enable = true; netbird.enable = true;
minecraft.enable = false; minecraft.enable = false;
ollama.enable = true;
wyoming = {
enable = true;
piper = false;
openwakeword = true;
faster-whisper = true;
};
}; };
programs = { programs = {
@@ -77,19 +87,27 @@
n8n.enable = true; n8n.enable = true;
keycloak.enable = true; keycloak.enable = true;
netbird.enable = true; netbird.enable = true;
ollama.enable = true;
ollama.enable = false;
openwebui.enable = true; openwebui.enable = true;
homeassistant.enable = true; homeassistant.enable = true;
wyoming = { wyoming = {
enable = true; enable = false;
piper = false; piper = false;
openwakeword = true; openwakeword = true;
faster-whisper = true; faster-whisper = true;
}; };
rustdesk.enable = false; #broken rustdesk.enable = false; #broken
#pihole.enable = false; #broken
pihole.enable = true; #broken
code-server.enable = false; code-server.enable = false;
novnc.enable = false; novnc.enable = false;
minecraft.enable = true; minecraft.enable = true;
#sandbox.enable = false; #sandbox.enable = false;

13
system/profiles/laptop/default.nix
View File

@@ -105,8 +105,17 @@
programs.zsh.enable = true; programs.zsh.enable = true;
networking = { networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [
networkmanager.enable = true; "1.1.1.1"
"1.0.0.1"
"127.0.0.1"
];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
}; };

4
system/services/containers/authentik/default.nix
View File

@@ -5,10 +5,6 @@
default = false; default = false;
}; };
imports = [
sops-nix.nixosModules.sops
];
config = lib.mkIf config.sysconfig.virtualization.authentik.enable { config = lib.mkIf config.sysconfig.virtualization.authentik.enable {
sops.secrets."authentik/dbpass" = {}; sops.secrets."authentik/dbpass" = {};

11
system/services/containers/default.nix
View File

@@ -1,6 +1,13 @@
{ ... }: { { ... }: {
imports = [ imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./gitlab ./gitlab
./gitea ./gitea
./traefik ./traefik
@@ -21,5 +28,5 @@
./novnc ./novnc
./minecraft ./minecraft
#./sandbox #./sandbox
]; ];*/
} }

9
system/services/containers/homeassistant/default.nix
View File

@@ -5,19 +5,10 @@
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
}; };
configvol = lib.options.mkOption {
type = lib.types.str;
default = "/ssd1/Home-Assistant/data:/config";
};
}; };
config = lib.mkIf config.sysconfig.virtualization.homeassistant.enable { config = lib.mkIf config.sysconfig.virtualization.homeassistant.enable {
networking = {
hosts."192.168.100.25" = [ "hass.local" ];
nat.internalInterfaces = [ "ve-home-assnHYM" ];
};
containers.home-assistant = { containers.home-assistant = {
autoStart = true; autoStart = true;

4
system/services/containers/keycloak/default.nix
View File

@@ -9,10 +9,6 @@
sops.secrets."keycloak/dbpass" = {}; sops.secrets."keycloak/dbpass" = {};
networking = {
nat.internalInterfaces = [ "ve-keycloak" ];
};
containers.keycloak = { containers.keycloak = {

11
system/services/containers/minecraft/default.nix
View File

@@ -5,16 +5,7 @@
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
}; };
services.minecraft.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
}; };
};
/*imports = [
nix-minecraft.nixosModules.minecraft-servers
];*/
config = lib.mkIf config.sysconfig.virtualization.minecraft.enable { config = lib.mkIf config.sysconfig.virtualization.minecraft.enable {
@@ -23,8 +14,6 @@
allowedTCPPorts = [ 25565 ]; allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ]; allowedUDPPorts = [ 25565 ];
}; };
nat.internalInterfaces = [ "ve-minecraft" ];
}; };
nixpkgs.overlays = [ nix-minecraft.overlay ]; nixpkgs.overlays = [ nix-minecraft.overlay ];

20
system/services/containers/n8n/default.nix
View File

@@ -7,12 +7,6 @@
config = lib.mkIf config.sysconfig.virtualization.n8n.enable { config = lib.mkIf config.sysconfig.virtualization.n8n.enable {
networking = {
hosts."192.168.100.21" = [ "n8n.local" ];
nat.internalInterfaces = [ "ve-n8n" ];
};
containers.n8n = { containers.n8n = {
autoStart = true; autoStart = true;
@@ -42,21 +36,7 @@
#webhookUrl = "https://n8n.blunkall.us/"; #webhookUrl = "https://n8n.blunkall.us/";
}; };
/*
systemd.services.n8n = {
environment = {
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
};
*/
system.stateVersion = "25.05"; system.stateVersion = "25.05";
}; };
}; };

8
system/services/containers/netbird/default.nix
View File

@@ -16,7 +16,7 @@
}; };
config = let config = let
pkgs-com = import nixpkgs-us { pkgs-us = import nixpkgs-us {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
}; };
@@ -26,9 +26,9 @@
enable = config.sysconfig.services.netbird.enable; enable = config.sysconfig.services.netbird.enable;
ui = { ui = {
enable = true; enable = true;
#package = pkgs-com.netbird-ui; #package = pkgs-us.netbird-ui;
}; };
#package = pkgs-com.netbird; #package = pkgs-us.netbird;
}; };
networking = { networking = {
@@ -96,7 +96,7 @@
NETBIRD_TOKEN_SOURCE = "accessToken"; NETBIRD_TOKEN_SOURCE = "accessToken";
}; };
package = pkgs-com.netbird-dashboard; package = pkgs-us.netbird-dashboard;
}; };
management = { management = {
enable = true; enable = true;

5
system/services/containers/nginx/default.nix
View File

@@ -31,11 +31,6 @@
forceSSL = false; forceSSL = false;
root = "/var/www/data"; root = "/var/www/data";
}; };
"homebox.vpn/esotericbytes" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
}; };
}; };

2
system/services/containers/novnc/default.nix
View File

@@ -8,8 +8,6 @@
config = lib.mkIf config.sysconfig.virtualization.novnc.enable { config = lib.mkIf config.sysconfig.virtualization.novnc.enable {
networking = { networking = {
hosts."192.168.100.30" = [ "novnc.local" ];
firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.virtualization.novnc.enable { firewall.interfaces."ve-novnc" = lib.mkIf config.sysconfig.virtualization.novnc.enable {
allowedTCPPorts = [ 5900 ]; allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ]; allowedUDPPorts = [ 5900 ];

2
system/services/containers/ntfy/default.nix
View File

@@ -22,7 +22,7 @@
settings = { settings = {
base-url = "https://ntfy.blunkall.us"; base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80"; listen-http = ":80";

16
system/services/containers/ollama/default.nix
View File

@@ -41,7 +41,15 @@
hostPath = "/dev/nvidia-uvm-tools"; hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false; isReadOnly = false;
}; };
"/etc/nvidia" = {
hostPath = "/etc/nvidia";
isReadOnly = false;
};
"/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
"/dev/dri/renderD128" = { "/dev/dri/renderD128" = {
hostPath = "/dev/dri/renderD128"; hostPath = "/dev/dri/renderD128";
isReadOnly = false; isReadOnly = false;
@@ -69,11 +77,15 @@
node = "/dev/nvidia-uvm-tools"; node = "/dev/nvidia-uvm-tools";
modifier = "rw"; modifier = "rw";
} }
/*
{
node = "/dev/dri";
modifier = "rw";
}
{ {
node = "/dev/dri/renderD128"; node = "/dev/dri/renderD128";
modifier = "rw"; modifier = "rw";
} }*/
]; ];
config = { config = {

36
system/services/containers/pihole/default.nix
View File

@@ -19,8 +19,6 @@
*/ */
networking = { networking = {
nat.internalInterfaces = [ "ve-pihole" ];
nameservers = [ "192.168.100.28" ]; nameservers = [ "192.168.100.28" ];
}; };
@@ -46,9 +44,7 @@
pihole-web = { pihole-web = {
enable = true; enable = true;
package = pkgs-us.pihole-web; hostName = "pihole.local";
#hostName = "192.168.100.28";
ports = [ 80 ]; ports = [ 80 ];
}; };
@@ -56,8 +52,6 @@
pihole-ftl = { pihole-ftl = {
enable = true; enable = true;
package = pkgs-us.pihole-ftl;
openFirewallDNS = true; openFirewallDNS = true;
openFirewallWebserver = true; openFirewallWebserver = true;
@@ -69,21 +63,43 @@
settings = { settings = {
dns.upstreams = [ "127.0.0.1#5335" ]; dns.upstreams = [ "127.0.0.1#5335" ];
files.macvendor = lib.mkForce "/var/lib/pihole/macvendor.db";
}; };
}; };
unbound = { unbound = {
enable = true; enable = true;
resolveLocalQueries = true;
settings = { settings = {
server = { server = {
interface = [ "127.0.0.1" ]; interface = [ "127.0.0.1" ];
port = 5335; port = 5335;
access-control = [ "127.0.0.1 allow" ];
harden-glue = true;
harden-dnssec-stripped = true;
use-caps-for-id = false;
prefetch = true;
edns-buffer-size = 1232;
hide-identity = true;
hide-version = true;
}; };
forward-zone = [
{
name = "cloudflare";
forward-addr = [
"1.1.1.1#one.one.one.one"
"1.0.0.1#one.one.one.one"
];
forward-tls-upstream = true;
}
];
}; };
}; };

2
system/services/containers/rustdesk/default.nix
View File

@@ -69,7 +69,7 @@
signal = { signal = {
enable = true; enable = true;
#relayHosts = [ "blunkall.us" ]; #relayHosts = [ "esotericbytes.com" ];
relayHosts = [ "192.168.100.27" ]; relayHosts = [ "192.168.100.27" ];
extraArgs = [ extraArgs = [
"-k" "-k"

22
system/services/containers/sandbox/default.nix
View File

@@ -1,23 +1,10 @@
{ config, lib, nixpkgs-us, self, ... }: { { config, lib, self, ... }: {
options.sysconfig.virtualization.sandbox.enable = lib.mkOption { options.sysconfig.virtualization.sandbox.enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
}; };
disabledModules = [
"virtualisation/nixos-containers.nix"
];
imports = [
(import "${nixpkgs-us}/nixos/modules/virtualisation/nixos-containers.nix" {
inherit config lib;
pkgs = (import nixpkgs-us {
system = "x86_64-linux";
});
})
];
config = lib.mkIf config.sysconfig.virtualization.sandbox.enable { config = lib.mkIf config.sysconfig.virtualization.sandbox.enable {
networking = { networking = {
@@ -37,7 +24,7 @@
flake = "${self}"; flake = "${self}";
bindMounts = { /*bindMounts = {
"/dev/nvidia0" = { "/dev/nvidia0" = {
hostPath = "/dev/nvidia0"; hostPath = "/dev/nvidia0";
isReadOnly = false; isReadOnly = false;
@@ -81,7 +68,10 @@
node = "/dev/nvidia-uvm-tools"; node = "/dev/nvidia-uvm-tools";
modifier = "rw"; modifier = "rw";
} }
]; ];*/
config = {
};
}; };

41
system/services/containers/traefik/default.nix
View File

@@ -12,10 +12,6 @@
"esotericbytes.com" "esotericbytes.com"
"*.esotericbytes.com" "*.esotericbytes.com"
"esotericbytes.local"
"*.esotericbytes.local"
"traefik.esotericbytes.local"
]; ];
firewall.allowedTCPPorts = [ 22 80 443 ]; firewall.allowedTCPPorts = [ 22 80 443 ];
@@ -84,14 +80,17 @@
certResolver = "cloudflare"; certResolver = "cloudflare";
domains = { domains = {
main = "esotericbytes.com"; main = "esotericbytes.com";
sans = [ "*.esotericbytes.com" ]; sans = [
"*.esotericbytes.com"
"local.internal.esotericbytes.com"
];
}; };
}; };
}; };
}; };
log = { log = {
level = "DEBUG"; level = "INFO";
filePath = "/etc/traefik/data/traefik.log"; filePath = "/etc/traefik/data/logs/traefik.log";
format = "json"; format = "json";
}; };
certificatesResolvers = { certificatesResolvers = {
@@ -125,12 +124,12 @@
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ]; #middlewares = [ "authentik" ];
};*/ };*/
/*homeassistant = { homeassistant = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`hass.esotericbytes.com`)"; rule = "Host(`hass.local`)";
service = "homeassistant"; service = "homeassistant";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
};*/ };
jellyfin = { jellyfin = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`jellyfin.esotericbytes.com`)"; rule = "Host(`jellyfin.esotericbytes.com`)";
@@ -167,7 +166,7 @@
}; };
traefik = { traefik = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`traefik.esotericbytes.local`)"; rule = "Host(`traefik.local`)";
service = "api@internal"; service = "api@internal";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ]; #middlewares = [ "authentik" ];
@@ -179,12 +178,12 @@
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
};*/ };*/
/*pihole = { pihole = {
entryPoints = [ "localsecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`pihole.esotericbytes.com`)"; rule = "Host(`pihole.local`)";
service = "pihole"; service = "pihole";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
};*/ };
netbird = { netbird = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
@@ -193,12 +192,12 @@
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
}; };
/*n8n = { n8n = {
entryPoints = [ "websecure" ]; entryPoints = [ "websecure" ];
rule = "Host(`n8n.esotericbytes.com`)"; rule = "Host(`n8n.local`)";
service = "n8n"; service = "n8n";
tls.certResolver = "cloudflare"; tls.certResolver = "cloudflare";
};*/ };
}; };
@@ -221,7 +220,7 @@
authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ]; authentik.loadBalancer.servers = [ { url = "http://192.168.100.10:9000"; } ];
#pihole.loadBalancer.servers = [ { url = "http://192.168.100.10:8080"; } ]; pihole.loadBalancer.servers = [ { url = "http://192.168.100.28"; } ];
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ]; keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
@@ -236,7 +235,9 @@
servers = [ { url = "http://192.168.100.23:80"; } ]; servers = [ { url = "http://192.168.100.23:80"; } ];
}; };
#n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ]; homeassistant.loadBalancer.servers = [ "http://192.168.100.25:8123" ];
n8n.loadBalancer.servers = [ { url = "http://192.168.100.21:5678"; } ];
}; };
}; };
}; };

11
system/services/default.nix
View File

@@ -1,12 +1,19 @@
{ ... }: { { ... }: {
imports = [ imports = let
dir = builtins.readDir ./.;
in builtins.map (x: ./${x}) (builtins.filter
(file: (dir.${file} == "directory"))
(builtins.attrNames dir)
);
/*imports = [
./ollama ./ollama
./wyoming
./openssh ./openssh
./pipewire ./pipewire
./containers ./containers
./sddm ./sddm
./novnc ./novnc
./kdePlasma6 ./kdePlasma6
]; ];*/
} }

2
system/services/ollama/default.nix
View File

@@ -12,7 +12,7 @@
enable = true; enable = true;
acceleration = "cuda"; acceleration = "cuda";
environmentVariables = { environmentVariables = {
OLLAMA_CONTEXT_LENGTH = "16000"; OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
}; };
package = let package = let
pkgs-us = import nixpkgs-us { pkgs-us = import nixpkgs-us {

68
system/services/wyoming/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, lib, ... }: {
options.sysconfig.wyoming = {
enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
piper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
openwakeword = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
faster-whisper = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
satellite = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf config.sysconfig.wyoming.enable {
services.wyoming = {
piper = lib.mkIf config.sysconfig.wyoming.piper {
servers.piper = {
enable = true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = lib.mkIf config.sysconfig.wyoming.openwakeword {
enable = true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = lib.mkIf config.sysconfig.wyoming.faster-whisper {
servers.whisper = {
enable = true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = lib.mkIf config.sysconfig.wyoming.satellite {
enable = true;
uri = "tcp://0.0.0.0:11431";
#user = "nathan";
vad.enable = false;
};
};
};
}

3
system/users/nathan/home-manager/packages/default.nix
View File

@@ -27,13 +27,12 @@
kjv kjv
openssh openssh
sops sops
killall busybox
btop btop
zip zip
unzip unzip
rsync rsync
curl curl
wget
(python313.withPackages (ps: with ps; [ (python313.withPackages (ps: with ps; [
gpustat gpustat
numpy numpy