notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

Compare commits

base: notohh:a4943c475b184ee457aec5f8c6569c65bf9d8993
Branches Tags
notohh:master
..
compare: notohh:3a7e80184a9e2a4cbe702d262ebd00c3f5c6d101
Branches Tags
notohh:master

No commits in common. "a4943c475b184ee457aec5f8c6569c65bf9d8993" and "3a7e80184a9e2a4cbe702d262ebd00c3f5c6d101" have entirely different histories.
a4943c475b ... 3a7e80184a

21 changed files with 17 additions and 316 deletions
Show stats Expand all files Collapse all files

4
home/default.nix
View file

@ -67,10 +67,6 @@
HostName 100.82.146.40
User notoh
IdentityFile ~/.ssh/tsuru
Host haru
HostName 100.73.192.45
User notoh
IdentityFile ~/.ssh/haru
Host basegbot
HostName 100.83.81.116
User basegbot

1
home/nushell/config.nu
View file

@ -20,7 +20,6 @@ alias yuki = nix run github:serokell/deploy-rs ".#yuki"
alias arashi = nix run github:serokell/deploy-rs ".#arashi"
alias sora = nix run github:serokell/deploy-rs ".#sora"
alias tsuru = nix run github:serokell/deploy-rs ".#tsuru"
alias haru = nix run github:serokell/deploy-rs ".#haru"
alias dx = nix run "nixpkgs#deadnix"
alias sx = nix run "nixpkgs#statix" -- check
alias sxfix = nix run "nixpkgs#statix" -- fix

4
hosts/ame/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

4
hosts/arashi/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

12
hosts/arashi/services/redis.nix
View file

@ -25,17 +25,5 @@
protected-mode = "no";
};
};
blocky = {
enable = true;
openFirewall = true;
port = 6381;
bind = null;
databases = 16;
logLevel = "debug";
requirePass = "blocky";
settings = {
protected-mode = "no";
};
};
};
}

20
hosts/default.nix
View file

@ -173,24 +173,4 @@ in {
}
];
};
haru = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
modules = [
./haru
sopsModule
hmModule
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.notoh = {
imports = [
./haru/home.nix
];
};
};
}
];
};
}

10
hosts/deploy.nix
View file

@ -60,15 +60,5 @@ inputs: {
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
magicRollback = true;
};
haru = {
hostname = "100.73.192.45";
profiles.system = {
user = "root";
path = activate.nixos inputs.self.nixosConfigurations.haru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
magicRollback = true;
};
};
}

33
hosts/haru/default.nix
View file

@ -1,33 +0,0 @@
{...}: {
imports = [
./hardware-configuration.nix
./services
./networking.nix
../../modules
];
boot.loader = {
grub = {
enable = true;
configurationLimit = 5;
device = "/dev/sda";
useOSProber = false;
};
};
networking = {
hostName = "haru";
};
services.xserver = {
layout = "us";
xkbVariant = "";
};
users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdSO5g6IZQUzeH0Xf7hEVjKZ4cAWn/DjN+GQ2Ujd+qD haru"
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
];
}

29
hosts/haru/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/06177115-2e39-493b-81fb-5a1980ae0534";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/c879fa21-fd80-422c-9aef-0becce5ff19c";}
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

14
hosts/haru/home.nix
View file

@ -1,14 +0,0 @@
{...}: {
imports = [
../../home
];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;
home = {
username = "notoh";
homeDirectory = "/home/notoh";
stateVersion = "23.05";
};
}

17
hosts/haru/networking.nix
View file

@ -1,17 +0,0 @@
_: {
networking = {
networkmanager.enable = true;
nameservers = ["1.1.1.1"];
firewall = {
enable = true;
};
};
environment.etc = {
"resolv.conf".text = ''
nameserver 1.1.1.1
nameserver 1.0.0.1
'';
};
services.tailscale.enable = true;
}

132
hosts/haru/services/blocky.nix
View file

@ -1,132 +0,0 @@
{...}: {
networking.firewall.allowedTCPPorts = [53 4000];
networking.firewall.allowedUDPPorts = [53];
services.blocky = {
enable = true;
settings = {
connectIPVersion = "v4";
upstreamTimeout = "30s";
startVerifyUpstream = false;
minTlsServeVersion = "1.2";
log = {
level = "debug";
privacy = true;
};
ports = {
dns = 53;
http = 4000;
https = 443;
};
upstream.default = [
"1.1.1.1"
"1.0.0.1"
"9.9.9.9"
"https://1.1.1.1/dns-query"
"https://dns.quad9.net/dns-query"
"https://dns-unfiltered.adguard.com/dns-query"
];
blocking = {
loading = {
strategy = "fast";
concurrency = 8;
};
blackLists = {
ads = [
"https://blocklistproject.github.io/Lists/ads.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
];
tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt"
];
misc = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts"
];
};
whiteLists = {
default = [
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt"
# "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt"
];
};
clientGroupsBlock = {
default = [
"ads"
"tracking"
"malicious"
"misc"
];
};
};
customDNS = {
customTTL = "1h";
mapping = {
# infra
"truenas.internal.flake.sh" = "192.168.1.199";
"assistant.internal.flake.sh" = "192.168.1.189";
"dashboard.internal.flake.sh" = "192.168.1.36";
"udm.internal.flake.sh" = "192.168.1.1";
"pve.internal.flake.sh" = "192.168.1.37";
# media
"jellyfin.internal.flake.sh" = "192.168.1.36";
"jellyseerr.internal.flake.sh" = "192.168.1.36";
"sonarr.internal.flake.sh" = "192.168.1.54";
"radarr.internal.flake.sh" = "192.168.1.54";
"bazarr.internal.flake.sh" = "192.168.1.54";
"prowlarr.internal.flake.sh" = "192.168.1.54";
"stash.internal.flake.sh" = "192.168.1.36";
# misc
"wallos.internal.flake.sh" = "192.168.1.36";
};
};
redis = {
address = "100.94.214.100:6381";
password = "blocky";
database = 2;
required = false;
connectionAttempts = 10;
connectionCooldown = "5s";
};
caching = {
minTime = "2h";
maxTime = "12h";
maxItemsCount = 0;
prefetching = true;
prefetchExpires = "2h";
prefetchThreshold = 5;
};
prometheus = {
enable = true;
path = "/metrics";
};
};
};
}

5
hosts/haru/services/default.nix
View file

@ -1,5 +0,0 @@
_: {
imports = [
./blocky.nix
];
}

4
hosts/kariru/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

4
hosts/sakura/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

19
hosts/sakura/services/grafana.nix
View file

@ -2,8 +2,6 @@ _: {
services.grafana = {
enable = true;
settings = {
"auth.anonymous".enabled = true;
"auth.basic".enabled = false;
server = {
root_url = "https://metrics.flake.sh";
domain = "metrics.flake.sh";
@ -11,6 +9,8 @@ _: {
http_addr = "0.0.0.0";
http_port = 3100;
};
"auth.anonymous".enabled = true;
"auth.basic".enabled = false;
users = {
allow_signup = false;
};
@ -21,10 +21,6 @@ _: {
user = "grafana";
ssl_mode = "disable";
};
panels = {
disable_sanitize_html = false;
enable_alpha = true;
};
};
provision = {
datasources.settings = {
@ -59,17 +55,6 @@ _: {
url = "http://100.104.42.96:9090";
orgId = 1;
}
{
name = "Prometheus-haru";
type = "prometheus";
url = "http://100.73.192.45:9090";
orgId = 1;
jsonData = {
graphiteVersion = "1.1";
tlsAuth = false;
tlsAuthWithCACert = false;
};
}
];
};
};

4
hosts/tsuki/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

4
hosts/tsuru/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

4
hosts/yuki/networking.nix
View file

@ -8,8 +8,8 @@ _: {
};
environment.etc = {
"resolv.conf".text = ''
nameserver 192.168.1.103
nameserver 1.1.1.1
nameserver 192.168.1.221
nameserver 192.168.1.153
'';
};

2
modules/nix.nix
View file

@ -30,7 +30,6 @@
"https://cache.garnix.io"
"https://nix-gaming.cachix.org"
"https://anyrun.cachix.org"
"https://viperml.cachix.org"
];
trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
@ -38,7 +37,6 @@
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
];
};
};

7
modules/prometheus/default.nix
View file

@ -16,7 +16,7 @@ _: {
{
job_name = "traefik";
scrape_interval = "15s";
static_configs = [{targets = ["100.104.42.96:8080"];}];
static_configs = [{targets = ["100.87.54.48:8080"];}];
}
{
job_name = "redis_exporter";
@ -28,11 +28,6 @@ _: {
scrape_interval = "15s";
static_configs = [{targets = ["100.94.214.100:9003"];}];
}
{
job_name = "blocky";
scrape_interval = "15s";
static_configs = [{targets = ["100.73.192.45:4000"];}];
}
];
exporters = {
node = {