SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 17:49:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

srv-core: Rename from homeserver

Browse source
This commit is contained in:
SebastianStork 2026-03-03 21:01:46 +01:00
parent ab59f54471
commit 185fd5a53b
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
9 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

78
hosts/srv-core/default.nix Normal file
View file

@ -0,0 +1,78 @@
{ config, self, ... }:
{
imports = [ self.nixosModules.server-profile ];
system.stateVersion = "25.11";
custom =
let
privateDomain = config.custom.networking.overlay.domain;
in
{
boot.loader.grub.enable = true;
networking = {
overlay.address = "10.254.250.6";
underlay = {
interface = "enp2s0";
cidr = "192.168.0.64/24";
gateway = "192.168.0.1";
};
};
services = {
recursive-nameserver.enable = true;
private-nameserver.enable = true;
syncthing = {
enable = true;
isServer = true;
gui.domain = "syncthing.${privateDomain}";
doBackups = true;
};
prometheus.storageRetentionSize = "20GB";
};
web-services = {
atuin = {
enable = true;
domain = "atuin.${privateDomain}";
};
filebrowser = {
enable = true;
domain = "files.${privateDomain}";
doBackups = true;
};
radicale = {
enable = true;
domain = "dav.${privateDomain}";
doBackups = true;
};
actualbudget = {
enable = true;
domain = "budget.${privateDomain}";
doBackups = true;
};
karakeep = {
enable = true;
domain = "bookmarks.${privateDomain}";
};
grafana = {
enable = true;
domain = "grafana.${privateDomain}";
};
gatus = {
enable = true;
domain = "status.${privateDomain}";
generateDefaultEndpoints = true;
};
};
};
}

111
hosts/srv-core/disko.nix Normal file
View file

@ -0,0 +1,111 @@
{
disko.devices = {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
};
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-id/nvme-eui.002538b581b34925";
content = {
type = "gpt";
partitions = {
swap = {
size = "8G";
content.type = "swap";
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "nvme.nvme0n1";
extraFormatArgs = [
"--discard"
"--durability=0"
];
};
};
};
};
};
sda = {
type = "disk";
device = "/dev/disk/by-id/ata-CT1000BX500SSD1_2527E9C5CD54";
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot1";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "sata.sda";
extraFormatArgs = [
"--discard"
"--durability=1"
];
};
};
};
};
};
sdb = {
type = "disk";
device = "/dev/disk/by-id/ata-Samsung_SSD_860_QVO_1TB_S4CZNF1N102994T";
content = {
type = "gpt";
partitions = {
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot2";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "bcachefs";
filesystem = "rootfs";
label = "sata.sdb";
extraFormatArgs = [
"--discard"
"--durability=1"
];
};
};
};
};
};
};
bcachefs_filesystems.rootfs = {
type = "bcachefs_filesystem";
extraFormatArgs = [
"--replicas=2"
"--compression=lz4"
];
subvolumes = {
nix.mountpoint = "/nix";
persist.mountpoint = "/persist";
};
};
};
}

33
hosts/srv-core/hardware.nix Normal file
View file

@ -0,0 +1,33 @@
_: {
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
kernelModules = [ "kvm-intel" ];
initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"sd_mod"
"sdhci_pci"
];
supportedFilesystems = [ "bcachefs" ];
loader = {
efi.canTouchEfiVariables = true;
grub = {
efiSupport = true;
mirroredBoots = [
{
devices = [ "nodev" ];
path = "/boot1";
}
{
devices = [ "nodev" ];
path = "/boot2";
}
];
};
};
};
}

1
hosts/srv-core/keys/age.pub Normal file
View file

@ -0,0 +1 @@
age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq

6
hosts/srv-core/keys/nebula.crt Normal file
View file

@ -0,0 +1,6 @@
-----BEGIN NEBULA CERTIFICATE V2-----
MIG8oFaACHNydi1jb3JloQcEBQr++gYYoxMMBnNlcnZlcgwJc3luY3RoaW5nhQRp
pz3vhgRrKH30hyAVQ/4ZW6re1yzFagxOA4SEMyUQWl7UCMJuYEUyO3NFaIIgGXve
nqUQ7cP6zE3RStsxjYq9SMDGo/sgUGZO/uc5DHWDQMuJeHoWRFXit1LEzlKFWrXR
/I4ZGhqCsE9r/bNYw5uYzVcVGb1DNIWu7KJJ/TPB2syGBYzYOWy8yJOa0rmU3wI=
-----END NEBULA CERTIFICATE V2-----

3
hosts/srv-core/keys/nebula.pub Normal file
View file

@ -0,0 +1,3 @@
-----BEGIN NEBULA X25519 PUBLIC KEY-----
GXvenqUQ7cP6zE3RStsxjYq9SMDGo/sgUGZO/uc5DHU=
-----END NEBULA X25519 PUBLIC KEY-----

1
hosts/srv-core/keys/syncthing.id Normal file
View file

@ -0,0 +1 @@
XDXIZVJ-YXIZLHB-GQCFJMI-GNXL2B3-3CARDG2-QONRVGK-AYZPGHG-TKR7YA2

49
hosts/srv-core/secrets.json Normal file
View file

@ -0,0 +1,49 @@
{
"seb-password": "ENC[AES256_GCM,data:sCMOhgNrWyGVRUlL0bFTjaXXd8/tQJI43yPfAHzzWu1M5KYzPu0G7GhzjsGUNIwYeP8CO01Zh6zqkBy1h4dNbuX8NvuVJDWZjA==,iv:ClzISC4OJ/EFHQI420D+JkdC18ZdB9I7bwnZDWa0pHs=,tag:oMfHJgyhb4tPoTg9OsB7BA==,type:str]",
"nebula": {
"host-key": "ENC[AES256_GCM,data:lFOyE+dn5Gg5qfOywA673g6x120unVNMiYG/bmkXAdGMCwUi4vknSIY4vDJsKNR5YAZJ26x6Ezboj9aM2pRzXwZC7duaGpkCNwMQS5+j+T/ClZOptFLaLnxnWNcLfVkupRr4uyAb2DlyTPI2uUGJFVWCKRric04fyOTd8T0TzQ==,iv:2se7H9YWtPIScMq5hCZyirM6KS9cVnlv/HPnlh2swfE=,tag:/N+Ewdl1tH9o6LVuoTSTcA==,type:str]"
},
"porkbun": {
"api-key": "ENC[AES256_GCM,data:eWZXxOfCQ7fXqwUAtsD968EjOeibkFbBeClNmazPk7uEtSR+WnpteB2pY0VFSEQhTKN7zCunKcfkKiSiG0C9r0TXxYM=,iv:FHmy/gR1Zzpro2Vm2e13nfTkHGEGwyw+81CDgkVlbYM=,tag:e4nBvSgw3wJU8viSp23Fjw==,type:str]",
"secret-api-key": "ENC[AES256_GCM,data:6Ss1wkeNMlnkwFtoytwtSHsIbpZN+CmPVshGu7GZfAH8FsHpc/Xyj8D1TRaUGpOI4gz/II4P/LZnmPR5bZ521MxbL+o=,iv:ycpfMGtis8l8TYj2sMO1plSNPKnFzBDF6i6xhxDabx4=,tag:WZCj0CDaPJ1vL6cap2rGvA==,type:str]"
},
"syncthing": {
"cert": "ENC[AES256_GCM,data:NFw/g8RKE69K7cS087Lo58AIDCOD3kNG9IFY15T+ELoeS9R1RNurrqVgQPo44ATfkMFm5I7jeB5zTLvnx1AUQPzc/HaMVMtUXG2ZabBjgIeIAZKLcdiO2Uidi6SsoBS/zKOQNd94hSPXTHpLH3ev0ARK0SwWHnv106VwXGaTO+qEskG8se/P2BUVLJB6P1r7GQQVVvODRSr2sbVOv3laSNRC1n3lodDpmn2gqwDQaawnmVgN1vk0eDOOv3bYZx04P3v17M92Zj1eKGN4YPt6tWkvbgBkFKG7Ob2a/tStNVPbL545tuD45NJoFqRQ0A23qh/1sWs/fn9VXMOdC2N+HApA2cMJoPGMG3XSbDHDsk3deJrhTYA+3t+LGa/+AMm7zIc1ouh8j44ShORWwXeeW72UaZBzDum6w+KdWyN300mprCwgvuF3N+LQGNzr2hWFGZccampoUD5vVE7y8iqF+423Ws7YdJt+i6mCeetCE0jlFFCcfEtCJ2/DUZ31Wss2fjFrZtmYVuz9MstaQMdA33zBWKaxeH/OuqEp82F53F9NiaKL7321iRd+ksrR3wmpF2kw1synxeMEPyalqnIm8pn6/u86Jlvzj1d3DkzghTi+Nqm4GctSR1iSrxkeR/h+a/4z576k5Bi4iT7YyYDvk4qLDT7LCDORNaJBJSZ7COjfJivtRozb8jVTryFjdoqDtsCFpZiVD0XGcLqaTu4X5uZBy1Wp31XBH1nt7T/qSbYVAnR96XbHeK2+F/0pfox6LshUNNpnzi/OqgPfvYG/DnIpfW3EaDukZ9Hra8woZ2VrU05Z2UK1Bxz4z4pBEOg=,iv:qYF05ihkcOYvHlnWcFiQdR0ksRledIFO4c301+bZMjQ=,tag:EnnNJ7QiFokqFlJ7hFzUfA==,type:str]",
"key": "ENC[AES256_GCM,data:uRx7whj5NKflCZqMk9C4canBmnOfDTcMPA+CTQHA/ndmVzliIIf9t8y6pssgYuEVM76N4AcdEo1rER3IsL5WWUlSAmrgz25brMINJXAf73oppz+Wx2sUb0h7vD4JQ5E+B0JvfHM1WtE6YkVPnjlVeWkZaRgzGaU=,iv:nySmQBrgCEp9QxAIpe/jP7DQ5F9XlFGotAa2oVrNzPk=,tag:znl6EdK1jWG2eCbqVezYPA==,type:str]"
},
"restic": {
"password": "ENC[AES256_GCM,data:Ggop4acLfi5CcrSR62gMKxKngSXFTxRO5eRV6/jo,iv:1wwA2V5kvbls/qmKMh8q8ZrXkpL6SqJqEntAMMMBuTI=,tag:znPTdekGqW9/p59OgOwLEA==,type:str]"
},
"backblaze": {
"key-id": "ENC[AES256_GCM,data:U2hevwbsSPsjawx7lQRqb2ekFr0393UB9g==,iv:QjazfXiKHxUBb8VqI5VWFoc/uHmr4gdSLSInMvHHp2w=,tag:ROiS2uica1w43Q2EL/5IwQ==,type:str]",
"application-key": "ENC[AES256_GCM,data:Jdux7MycXY5XuWUhMM7qQ7r3LPuMPj+eDBpYPZ+Spg==,iv:b93FmfupzWk9KFWgFJ9XE8EAA0KJ6ffGBqlKok4Zgsk=,tag:E50id5PE5gzshDmPqE5Ucg==,type:str]"
},
"healthchecks": {
"ping-key": "ENC[AES256_GCM,data:PNjkk96vDUnqIrvk5+ZksJ/xnu0g0A==,iv:M//QQIQG/xtpSddXqtj2lejMmN1x3HjhPrYl0L9jcYU=,tag:SzMtuJcmSFIzqtSNVZXAfA==,type:str]"
},
"karakeep": {
"openai-api-key": "ENC[AES256_GCM,data:n469mFZgT7d9e3r6G4agcK1mrSEVVheZ604e4YPQAA+vW2m7+bmNSBQHSPsqSTAfkmEc8wJKu4sED+Yd1dDug7hkLlOztHfVrvpkfEgEp5vZ6kpjamZd5A1j0Y+cwJqp2cwYH+39+FKB1FL5gS2GILTjjuXFiTbyZOf0l/oXYrcno5gT9tGUXtA0qFzlKadq57m/WzlqxFMuxQS41m6wJX9GMYs6cWA=,iv:xpsnjcRX1RMC8GzL1XqvsxO5jxJrLYy9DxVh7A0ByWE=,tag:IUjDTH8UoBZIJW34wUlLTQ==,type:str]"
},
"radicale": {
"htpasswd": "ENC[AES256_GCM,data:SuVrYk3BP3Hds9sKwiuEOgAA5RPBR3f3RW16xtpO6w9aUjZR37jPKPOPluHxBUIulap2p/Oj5VZvyyeDP2MxQw==,iv:sANgLVPRrZEjlC7n/r5zVma/qIDCraLxi88o/sVgayQ=,tag:KbUM7hTRM0Z9iiiQFUfp/w==,type:str]"
},
"grafana": {
"admin-password": "ENC[AES256_GCM,data:MNdjh+025bi5wtP77aKSGzcx8NgfY+YppH4qu/o=,iv:Hv8IF0n0A5+Hs6FQ7tXkdFbPN0ArdZD3vmrdovc0/Yg=,tag:8y0NsLQ+9k+mWnHbHzZvGg==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ0w4S1lHL21ld0Z1bDho\nMUV6UnpUYTdZZGZmSHRaK3MycVUvcitXU0M4CjdESGdwb2pnaXRkdnhIVGlvNW51\nRG4yVnFsUGIzSU16aUtuaFkxQlhGZjAKLS0tIGlFTUs4blhvYjFnS2lKcHp1MElu\neW5OV2FOYXEyUHhrQ3JlRnQ5MlRCNDgKo1abZY7O16Tqd+qMeeQtS+3aLB3bsi3g\nlSvatQ9R8D9Ogk8J7D1crrD8KMEX6Ob3Wov9OhY4tPSGfkRq61TLkw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOVRQU1R4VlBhdEFUdnR6\nZFNuNldaSkxJL3ptOVVscjRBNkQ4dFBmQUVBCmZrQmFMV0hWbTBQcm1FS3JrR0ZC\nbktvT04xczd6VkdCUWk2NnVVZHNFWkUKLS0tIGUwOHJSMHVsNTEyZEU2VWJFNGVy\nMVFDVThrRGQwZEtPeFYzZUVQYi80ZjAKUd/XzyzqMkMowvyeCnQDbOGJDKbuAUQb\nFClQuiH5iSQQrVPw7SHBNgdqbcdtC+hZ4tpPaV/wWtlpcqpr5mBJSA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2026-03-01T13:14:08Z",
"mac": "ENC[AES256_GCM,data:GywNeQDso210CV1rEY1LCwUu5ZDdjyP/W+QOJ5GJhLnLiF3BjivS4J9VbOANduhepnRLLHFKW0+zdzPJJl3ltBFpAuoDigEPF5PbXOT6R7oiEW3kkgD5LP79789ijkeGqGf2DUN0J04OFkcTnTy2tAd2O3kSnhi/EbIMvw7zjUY=,iv:TqXETQOQuuQCJ2+tvPeXHY08BGbhQ4fsu+RqX1EiPHY=,tag:qfaYvY/iuu0Ou9AxhJUnRQ==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}