tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

merge alpine zenix and framework

Browse source
This commit is contained in:
Tristan 2025-08-09 16:13:59 +01:00
commit aca68cadb0
9 changed files with 136 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -84,6 +84,7 @@
alpine = mkConf {
nixos-modules = [
./hardware/alpine.nix
./nixos/services/fail2ban.nix
./nixos/services/anki.nix
./nixos/services/forgejo.nix
./nixos/services/vaultwarden.nix

3
home/desktop/niri/default.nix
View file

@ -42,6 +42,9 @@
input.focus-follows-mouse = {
enable = true;
};
input.touchpad = {
dwt = true; # disable when typing
};
prefer-no-csd = true;
spawn-at-startup = [
{command = [(lib.getExe pkgs.xwayland-satellite)];}

2
nixos/services/authentik.nix
View file

@ -10,7 +10,7 @@
};
authentik-config = {
autoStart = true;
image = "ghcr.io/goauthentik/server:2025.6.0";
image = "ghcr.io/goauthentik/server:2025.6.3";
volumes = ["/home/tristan/pods/authentik/media:/media"];
environment = {
AUTHENTIK_POSTGRESQL__USER = postgres.user;

5
nixos/services/fail2ban.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
services.fail2ban = {
enable = true;
};
}

2
nixos/services/grafana.nix
View file

@ -48,7 +48,7 @@ in {
{
name = "synapse";
url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
sha256 = "sha256:16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb";
}
];
}];

119
nixos/services/loki.nix
View file

@ -21,78 +21,77 @@ in {
storage_config."filesystem".directory = "/tmp/loki/chunks";
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmemory";
};
replication_factor = 1;
path_prefix = "/tmp/loki";
};
# https://grafana.com/docs/loki/latest/configure/#limits_config
limits_config = {
ingestion_rate_strategy = "local";
ingestion_rate_mb = 24;
ingestion_burst_size_mb = 36;
ingestion_rate_mb = 128;
ingestion_burst_size_mb = 256;
max_streams_per_user = 0;
max_global_streams_per_user = 0;
};
};
};
services.prometheus.scrapeConfigs = [{
job_name = "loki";
static_configs = [
{
targets = ["localhost:3100"];
}
];
}];
services.promtail = {
enable = true;
# https://grafana.com/docs/loki/latest/send-data/promtail/configuration/
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
clients = [
{url = "http://localhost:3100/loki/api/v1/push";}
];
scrape_configs = [
services.prometheus.scrapeConfigs = [
{
job_name = "loki";
static_configs = [
{
job_name = "system";
journal = {
path = "/var/log/journal/";
};
relabel_configs = [
{
source_labels = ["__journal_message"];
target_label = "message";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_unit"];
target_label = "systemd_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_user_unit"];
target_label = "systemd_user_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__transport"];
target_label = "transport";
regex = "(.+)";
}
{
source_labels = ["__journal__priority_keyword"];
target_label = "severity";
regex = "(.+)";
}
];
targets = ["localhost:3100"];
}
];
};
}
];
services.alloy = {
enable = true;
extraFlags = [
"--server.http.listen-addr=100.106.241.122:12345"
];
};
services.grafana.provision.datasources.settings.datasources = [{
name = "Loki";
type = "loki";
url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
}];
environment.etc."alloy/config.alloy" = {
text = ''
discovery.relabel "system" {
targets = []
rule {
source_labels = ["__journal__systemd_unit", "__journal__systemd_user_unit"]
regex = "(.+)"
target_label = "systemd_unit"
}
rule {
source_labels = ["__journal__priority_keyword"]
regex = "(.+)"
target_label = "severity"
}
}
loki.source.journal "system" {
max_age = "1h0m0s"
path = "/var/log/journal/"
relabel_rules = discovery.relabel.system.rules
forward_to = [loki.write.default.receiver]
labels = {}
}
loki.write "default" {
endpoint {
url = "http://localhost:3100/loki/api/v1/push"
}
max_streams = 64
}
'';
};
services.grafana.provision.datasources.settings.datasources = [
{
name = "Loki";
type = "loki";
url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
}
];
}

13
nixos/services/nfs.nix Normal file
View file

@ -0,0 +1,13 @@
{config, ...}: {
services.nfs = {
settings = {
mountd.manage-gids = true;
};
server = {
enable = true;
exports = ''
/mnt/storage/media 100.106.241.122/8(rw,fsid=root)
'';
};
};
}

52
nixos/services/samba.nix Normal file
View file

@ -0,0 +1,52 @@
{...}: {
users.users.guest = {
extraGroups = ["media"];
isNormalUser = true;
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "Tristan's Media Server";
"netbios name" = "alpine";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.1. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "guest";
"map to guest" = "bad user";
};
"Music" = {
"path" = "/mnt/storage/media/Public/";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"guest only" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
publish.enable = true;
publish.userServices = true;
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
openFirewall = true;
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
}

1
nixos/services/synapse/default.nix
View file

@ -63,6 +63,7 @@ in {
services.matrix-synapse = {
enable = true;
extraConfigFiles = [templates."synapse/secrets.yaml".path];
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
settings = {
signing_key_path = secrets."synapse/signing_key".path;
server_name = domain;