satr14/nix-flake
1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server host config for dns and share

Browse source
This commit is contained in:
Satria 2026-02-25 21:34:51 +07:00
commit bef8d4784c
7 changed files with 153 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
flake.nix
View file

@ -24,7 +24,15 @@
inherit inputs; inherit inputs;
} // import ./lib/options.nix; } // import ./lib/options.nix;
nixosConfigForHost = host: inputs.nixpkgs.lib.nixosSystem { nixosConfig = host: inputs.nixpkgs.lib.nixosSystem {
inherit pkgs;
specialArgs = args;
modules = [
./hosts/${host}/config.nix
];
};
nixosConfigWithHome = host: inputs.nixpkgs.lib.nixosSystem {
inherit pkgs; inherit pkgs;
specialArgs = args; specialArgs = args;
modules = [ modules = [
@ -43,7 +51,8 @@
}; };
in { in {
nixosConfigurations = { nixosConfigurations = {
thinkpad = nixosConfigForHost "thinkpad"; thinkpad = nixosConfigWithHome "thinkpad";
homelab = nixosConfig "homelab";
}; };
}; };
} }

9
hosts/homelab/config.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }: {
imports = [
../../modules/scans/homelab.nix
../../modules/hardware/homelab.nix
../../modules/system/server.nix
../../modules/system/user.nix
];
}

4
lib/options.nix
View file

@ -15,6 +15,10 @@
swapfile = 0; # * 1024; # swapfile size in MB, set to 0 to disable swapfile = 0; # * 1024; # swapfile size in MB, set to 0 to disable
resume-dev = "/dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac"; # set to swap partition to enable hibernation, e.g. /dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac resume-dev = "/dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac"; # set to swap partition to enable hibernation, e.g. /dev/disk/by-uuid/1721721a-bb5a-4166-a077-9500d30be2ac
homelab = {
domain = "satr14.my.id";
};
rice = { rice = {
font = "monospace"; # global font for rice GUIs, leave empty to use monospace font = "monospace"; # global font for rice GUIs, leave empty to use monospace
bar = { bar = {

13
modules/hardware/homelab.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }: {
imports = [
./core/firmware.nix
./core/igpu.nix
./core/tpm.nix
];
boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "virtio_console" ];
services = {
qemuGuest.enable = true;
spice-vdagent.enable = true;
};
}

69
modules/system/homelab/dns.nix Normal file
View file

@ -0,0 +1,69 @@
{ homelab, ... }: {
services.adguardhome = {
enable = true;
host = "0.0.0.0";
port = 8088;
settings = {
dns = {
upstream_dns = [ "https://security.cloudflare-dns.com/dns-query" ];
bootstrap_dns = [ "1.1.1.2" "1.0.0.2" ];
};
querylog = {
interval = "2160h";
enabled = true;
};
filtering = {
blocking_mode = "null_ip";
protection_enabled = true;
safebrowsing_enabled = true;
parental_enabled = true;
rewrites_enabled = true;
filtering_enabled = true;
safe_search = {
enabled = true;
youtube = true;
google = true;
bing = true;
duckduckgo = true;
};
rewrites = map (host: { enabled = true; domain = host[0]; answer = host[1]; }) [
[ "router.dns.${homelab.domain}" "10.3.14.1" ]
[ "main.dns.${homelab.domain}" "10.3.14.42" ]
[ "websites.dns.${homelab.domain}" "10.3.14.36" ]
[ "games.dns.${homelab.domain}" "10.3.14.37" ]
[ "media.dns.${homelab.domain}" "10.3.14.55" ]
[ "workspace.dns.${homelab.domain}" "10.3.14.57" ]
[ "server.dns.${homelab.domain}" "10.3.14.69" ]
[ "home.dns.${homelab.domain}" "10.3.14.235" ]
[ "nas.dns.${homelab.domain}" "10.3.14.217" ]
[ "proxy.${homelab.domain}" "10.3.14.120" ]
[ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ]
[ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ]
[ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ]
];
};
filters = map (url: { enabled = true; url = url; }) [
"https://adaway.org/hosts.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt"
"https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://v.firebog.net/hosts/static/w3kbl.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://someonewhocares.org/hosts/hosts"
];
whitelist_filters = map (url: { enabled = true; url = url; }) [
"https://gist.githubusercontent.com/mul14/eb05e88fcec5bb195cbb/raw/75a1fe122a4502e8d5a5268c9d0ec28332b19d5d/hosts"
];
};
};
}

38
modules/system/homelab/share.nix Normal file
View file

@ -0,0 +1,38 @@
{ ... }: {
services = {
httpd = {
enable = true;
virtualHosts."cdn" = {
listen = [{ ip = "*"; port = 3000; }];
documentRoot = "/srv/dev-disk-by-uuid-f1ee1d17-e852-4e02-ae86-eaf6116a2aeb/NAS";
extraConfig = ''
Options +Indexes +FollowSymLinks
Require all granted
'';
};
};
samba = {
enable = true;
settings = {
global = {
workgroup = "WORKGROUP";
"disable netbios" = "yes";
"allow insecure wide links" = "yes";
"server min protocol" = "SMB2_02";
};
"NAS" = {
path = "/srv/dev-disk-by-uuid-f1ee1d17-e852-4e02-ae86-eaf6116a2aeb/NAS/";
browseable = "yes";
"read only" = "no";
"create mask" = "0664";
"force create mode" = "0664";
"directory mask" = "0775";
"force directory mode" = "0775";
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
};
}

9
modules/system/server.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }: {
imports = [
./homelab/share.nix
./homelab/dns.nix
./base.nix
];
services.openssh.enable = true;
}