From bef8d4784c518d52c1ef45916937aade7abc0c9d Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Feb 2026 21:34:51 +0700 Subject: [PATCH] server host config for dns and share --- flake.nix | 13 +++++- hosts/homelab/config.nix | 9 +++++ lib/options.nix | 4 ++ modules/hardware/homelab.nix | 13 ++++++ modules/system/homelab/dns.nix | 69 ++++++++++++++++++++++++++++++++ modules/system/homelab/share.nix | 38 ++++++++++++++++++ modules/system/server.nix | 9 +++++ 7 files changed, 153 insertions(+), 2 deletions(-) create mode 100644 hosts/homelab/config.nix create mode 100644 modules/hardware/homelab.nix create mode 100644 modules/system/homelab/dns.nix create mode 100644 modules/system/homelab/share.nix create mode 100644 modules/system/server.nix diff --git a/flake.nix b/flake.nix index f3ffb2d..728dfd0 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,15 @@ inherit inputs; } // import ./lib/options.nix; - nixosConfigForHost = host: inputs.nixpkgs.lib.nixosSystem { + nixosConfig = host: inputs.nixpkgs.lib.nixosSystem { + inherit pkgs; + specialArgs = args; + modules = [ + ./hosts/${host}/config.nix + ]; + }; + + nixosConfigWithHome = host: inputs.nixpkgs.lib.nixosSystem { inherit pkgs; specialArgs = args; modules = [ @@ -43,7 +51,8 @@ }; in { nixosConfigurations = { - thinkpad = nixosConfigForHost "thinkpad"; + thinkpad = nixosConfigWithHome "thinkpad"; + homelab = nixosConfig "homelab"; }; }; } diff --git a/hosts/homelab/config.nix b/hosts/homelab/config.nix new file mode 100644 index 0000000..21624c8 --- /dev/null +++ b/hosts/homelab/config.nix @@ -0,0 +1,9 @@ +{ ... }: { + imports = [ + ../../modules/scans/homelab.nix + ../../modules/hardware/homelab.nix + + ../../modules/system/server.nix + ../../modules/system/user.nix + ]; +} diff --git a/lib/options.nix b/lib/options.nix index c186f73..36a695a 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -14,6 +14,10 @@ wol = "enp0s31f6"; # set to iface name to enable Wake-on-LAN swapfile = 0; # * 1024; # swapfile size in MB, set to 0 to disable resume-dev = "/dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac"; # set to swap partition to enable hibernation, e.g. /dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac + + homelab = { + domain = "satr14.my.id"; + }; rice = { font = "monospace"; # global font for rice GUIs, leave empty to use monospace diff --git a/modules/hardware/homelab.nix b/modules/hardware/homelab.nix new file mode 100644 index 0000000..cddefde --- /dev/null +++ b/modules/hardware/homelab.nix @@ -0,0 +1,13 @@ +{ ... }: { + imports = [ + ./core/firmware.nix + ./core/igpu.nix + ./core/tpm.nix + ]; + + boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "virtio_console" ]; + services = { + qemuGuest.enable = true; + spice-vdagent.enable = true; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/dns.nix b/modules/system/homelab/dns.nix new file mode 100644 index 0000000..2081b66 --- /dev/null +++ b/modules/system/homelab/dns.nix @@ -0,0 +1,69 @@ +{ homelab, ... }: { + services.adguardhome = { + enable = true; + host = "0.0.0.0"; + port = 8088; + settings = { + dns = { + upstream_dns = [ "https://security.cloudflare-dns.com/dns-query" ]; + bootstrap_dns = [ "1.1.1.2" "1.0.0.2" ]; + }; + querylog = { + interval = "2160h"; + enabled = true; + }; + filtering = { + blocking_mode = "null_ip"; + protection_enabled = true; + safebrowsing_enabled = true; + parental_enabled = true; + rewrites_enabled = true; + filtering_enabled = true; + safe_search = { + enabled = true; + youtube = true; + google = true; + bing = true; + duckduckgo = true; + }; + rewrites = map (host: { enabled = true; domain = host[0]; answer = host[1]; }) [ + [ "router.dns.${homelab.domain}" "10.3.14.1" ] + [ "main.dns.${homelab.domain}" "10.3.14.42" ] + [ "websites.dns.${homelab.domain}" "10.3.14.36" ] + [ "games.dns.${homelab.domain}" "10.3.14.37" ] + [ "media.dns.${homelab.domain}" "10.3.14.55" ] + [ "workspace.dns.${homelab.domain}" "10.3.14.57" ] + [ "server.dns.${homelab.domain}" "10.3.14.69" ] + [ "home.dns.${homelab.domain}" "10.3.14.235" ] + [ "nas.dns.${homelab.domain}" "10.3.14.217" ] + [ "proxy.${homelab.domain}" "10.3.14.120" ] + [ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ] + [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] + [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] + ]; + }; + filters = map (url: { enabled = true; url = url; }) [ + "https://adaway.org/hosts.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt" + "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" + "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" + "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" + "https://v.firebog.net/hosts/static/w3kbl.txt" + "https://v.firebog.net/hosts/Prigent-Ads.txt" + "https://v.firebog.net/hosts/Admiral.txt" + "https://someonewhocares.org/hosts/hosts" + ]; + whitelist_filters = map (url: { enabled = true; url = url; }) [ + "https://gist.githubusercontent.com/mul14/eb05e88fcec5bb195cbb/raw/75a1fe122a4502e8d5a5268c9d0ec28332b19d5d/hosts" + ]; + }; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/share.nix b/modules/system/homelab/share.nix new file mode 100644 index 0000000..041a260 --- /dev/null +++ b/modules/system/homelab/share.nix @@ -0,0 +1,38 @@ +{ ... }: { + services = { + httpd = { + enable = true; + virtualHosts."cdn" = { + listen = [{ ip = "*"; port = 3000; }]; + documentRoot = "/srv/dev-disk-by-uuid-f1ee1d17-e852-4e02-ae86-eaf6116a2aeb/NAS"; + extraConfig = '' + Options +Indexes +FollowSymLinks + Require all granted + ''; + }; + }; + + samba = { + enable = true; + settings = { + global = { + workgroup = "WORKGROUP"; + "disable netbios" = "yes"; + "allow insecure wide links" = "yes"; + "server min protocol" = "SMB2_02"; + }; + "NAS" = { + path = "/srv/dev-disk-by-uuid-f1ee1d17-e852-4e02-ae86-eaf6116a2aeb/NAS/"; + browseable = "yes"; + "read only" = "no"; + "create mask" = "0664"; + "force create mode" = "0664"; + "directory mask" = "0775"; + "force directory mode" = "0775"; + "follow symlinks" = "yes"; + "wide links" = "yes"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix new file mode 100644 index 0000000..6e4fccf --- /dev/null +++ b/modules/system/server.nix @@ -0,0 +1,9 @@ +{ ... }: { + imports = [ + ./homelab/share.nix + ./homelab/dns.nix + ./base.nix + ]; + + services.openssh.enable = true; +} \ No newline at end of file