dotfiles/hosts/oracle/default.nix

{ inputs, globals, ... }:

with inputs;

# System configuration for an Oracle free server

# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/

nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
  specialArgs = { };
  modules = [
    (removeAttrs globals [ "mailServer" ])
    home-manager.nixosModules.home-manager
    {
      gui.enable = false;
      colorscheme = (import ../../modules/colorscheme/gruvbox);

      # FQDNs for various services
      networking.hostName = "oracle";
      bookServer = "books.masu.rs";
      streamServer = "stream.masu.rs";
      nextcloudServer = "cloud.masu.rs";
      transmissionServer = "download.masu.rs";
      metricsServer = "metrics.masu.rs";
      vaultwardenServer = "vault.masu.rs";
      giteaServer = "git.masu.rs";

      # Disable passwords, only use SSH key
      publicKey =
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";

      # Nextcloud backup config
      backupS3 = {
        endpoint = "s3.us-west-002.backblazeb2.com";
        bucket = "noahmasur-backup";
        accessKeyId = "0026b0e73b2e2c80000000005";
      };

      # Grant access to Jellyfin directories from Nextcloud
      users.users.nextcloud.extraGroups = [ "jellyfin" ];

      # Wireguard config for Transmission
      networking.wireguard.interfaces.wg0 = {

        # The local IPs for this machine within the Wireguard network
        # Any inbound traffic bound for these IPs should be kept on localhost
        ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];

        peers = [{

          # Identity of Wireguard target peer (VPN)
          publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";

          # The public internet address of the target peer
          endpoint = "86.106.143.132:51820";

          # Which outgoing IP ranges should be sent through Wireguard
          allowedIPs = [ "0.0.0.0/0" "::0/0" ];

          # Send heartbeat signal within the network
          persistentKeepalive = 25;

        }];

      };

      # VPN port forwarding
      services.transmission.settings.peer-port = 57599;

      # Grant access to Transmission directories from Jellyfin
      users.users.jellyfin.extraGroups = [ "transmission" ];
    }
    ./hardware-configuration.nix
    ../common.nix
    ../../modules/nixos
    ../../modules/hardware/server.nix
    ../../modules/services/sshd.nix
    ../../modules/services/calibre.nix
    ../../modules/services/jellyfin.nix
    ../../modules/services/nextcloud.nix
    ../../modules/services/cloudflare.nix
    ../../modules/services/transmission.nix
    ../../modules/services/prometheus.nix
    ../../modules/services/vaultwarden.nix
    ../../modules/services/gitea.nix
    ../../modules/gaming/minecraft-server.nix
  ];
}
clean up flake inputs and allow standalone home-manager closes #11 2022-10-31 00:14:41 +00:00			`{ inputs, globals, ... }:`

			`with inputs;`
add generic server host 2022-07-27 01:11:07 +00:00
try adding oracle server config 2022-10-01 16:21:34 +00:00			`# System configuration for an Oracle free server`
grant nextcloud access to jellyfin 2022-10-04 00:45:05 +00:00
			`# How to install:`
			`# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/`

add generic server host 2022-07-27 01:11:07 +00:00			`nixpkgs.lib.nixosSystem {`
try adding oracle server config 2022-10-01 16:21:34 +00:00			`system = "aarch64-linux";`
add generic server host 2022-07-27 01:11:07 +00:00			`specialArgs = { };`
			`modules = [`
try adding oracle server config 2022-10-01 16:21:34 +00:00			`(removeAttrs globals [ "mailServer" ])`
add generic server host 2022-07-27 01:11:07 +00:00			`home-manager.nixosModules.home-manager`
			`{`
grant nextcloud access to jellyfin 2022-10-04 00:45:05 +00:00			`gui.enable = false;`
			`colorscheme = (import ../../modules/colorscheme/gruvbox);`

			`# FQDNs for various services`
try adding oracle server config 2022-10-01 16:21:34 +00:00			`networking.hostName = "oracle";`
setup caddy and calibre-web 2022-10-02 14:48:51 +00:00			`bookServer = "books.masu.rs";`
add jellyfin, switch caddy to one listener 2022-10-02 17:40:10 +00:00			`streamServer = "stream.masu.rs";`
working nextcloud configuration 2022-10-02 20:54:26 +00:00			`nextcloudServer = "cloud.masu.rs";`
wireguard working but not transmission 2022-10-09 14:12:31 +00:00			`transmissionServer = "download.masu.rs";`
change metrics server hostname 2022-10-14 13:08:13 +00:00			`metricsServer = "metrics.masu.rs";`
working vaultwarden haven't tested websockets 2022-10-16 18:10:11 +00:00			`vaultwardenServer = "vault.masu.rs";`
add gitea service 2022-10-16 20:34:28 +00:00			`giteaServer = "git.masu.rs";`
grant nextcloud access to jellyfin 2022-10-04 00:45:05 +00:00
			`# Disable passwords, only use SSH key`
try adding oracle server config 2022-10-01 16:21:34 +00:00			`publicKey =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";`
grant nextcloud access to jellyfin 2022-10-04 00:45:05 +00:00
refactor wireguard and add port forwarding 2022-10-10 03:13:16 +00:00			`# Nextcloud backup config`
litestream backups for nextcloud 2022-10-08 15:52:05 +00:00			`backupS3 = {`
			`endpoint = "s3.us-west-002.backblazeb2.com";`
			`bucket = "noahmasur-backup";`
backup calibre data 2022-10-16 03:47:21 +00:00			`accessKeyId = "0026b0e73b2e2c80000000005";`
litestream backups for nextcloud 2022-10-08 15:52:05 +00:00			`};`

refactor wireguard and add port forwarding 2022-10-10 03:13:16 +00:00			`# Grant access to Jellyfin directories from Nextcloud`
grant nextcloud access to jellyfin 2022-10-04 00:45:05 +00:00			`users.users.nextcloud.extraGroups = [ "jellyfin" ];`
refactor wireguard and add port forwarding 2022-10-10 03:13:16 +00:00
			`# Wireguard config for Transmission`
			`networking.wireguard.interfaces.wg0 = {`

			`# The local IPs for this machine within the Wireguard network`
			`# Any inbound traffic bound for these IPs should be kept on localhost`
			`ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];`

			`peers = [{`

			`# Identity of Wireguard target peer (VPN)`
			`publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";`

			`# The public internet address of the target peer`
			`endpoint = "86.106.143.132:51820";`

			`# Which outgoing IP ranges should be sent through Wireguard`
			`allowedIPs = [ "0.0.0.0/0" "::0/0" ];`

			`# Send heartbeat signal within the network`
			`persistentKeepalive = 25;`

			`}];`

			`};`

			`# VPN port forwarding`
			`services.transmission.settings.peer-port = 57599;`

			`# Grant access to Transmission directories from Jellyfin`
			`users.users.jellyfin.extraGroups = [ "transmission" ];`
add generic server host 2022-07-27 01:11:07 +00:00			`}`
add oracle hardware config 2022-10-01 16:29:16 +00:00			`./hardware-configuration.nix`
add generic server host 2022-07-27 01:11:07 +00:00			`../common.nix`
			`../../modules/nixos`
add server bootloader 2022-10-01 16:24:44 +00:00			`../../modules/hardware/server.nix`
try adding oracle server config 2022-10-01 16:21:34 +00:00			`../../modules/services/sshd.nix`
setup calibre server 2022-10-01 21:39:36 +00:00			`../../modules/services/calibre.nix`
add jellyfin, switch caddy to one listener 2022-10-02 17:40:10 +00:00			`../../modules/services/jellyfin.nix`
working nextcloud configuration 2022-10-02 20:54:26 +00:00			`../../modules/services/nextcloud.nix`
move cloudflare to separate file 2022-10-15 19:00:37 +00:00			`../../modules/services/cloudflare.nix`
wireguard working but not transmission 2022-10-09 14:12:31 +00:00			`../../modules/services/transmission.nix`
switch from netdata to grafana 2022-10-14 04:01:41 +00:00			`../../modules/services/prometheus.nix`
working vaultwarden haven't tested websockets 2022-10-16 18:10:11 +00:00			`../../modules/services/vaultwarden.nix`
add gitea service 2022-10-16 20:34:28 +00:00			`../../modules/services/gitea.nix`
add minecraft server 2022-10-10 23:09:32 +00:00			`../../modules/gaming/minecraft-server.nix`
add generic server host 2022-07-27 01:11:07 +00:00			`];`
			`}`