wizzy/home-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Ellie 2026-02-15 14:57:00 -08:00
commit b8402a9049
82 changed files with 1345 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

70
hosts/homeserver/configuration.nix Normal file
View file

@ -0,0 +1,70 @@
{
modulesPath,
lib,
pkgs,
config,
...
}:
{
boot.loader.systemd-boot = {
enable = true;
configurationLimit = 10;
};
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "ellie-server";
networking.useNetworkd = true;
systemd.network.enable = true;
hardware.graphics = {
enable = true;
};
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
open = false;
};
services.resolved.enable = true;
services.openssh = {
openFirewall = false;
};
networking.nftables.enable = true;
networking.firewall = {
enable = true;
allowPing = true;
checkReversePath = true;
rejectPackets = true;
allowedTCPPorts = [ ];
interfaces."enp34s0".allowedTCPPorts = [ ];
extraInputRules = ''
ip saddr 192.168.1.0/24 tcp dport {22, 8096, 8920, 3000, 8282, 9696, 8989, 7878, 80} accept
tcp dport {22, 8096, 8920, 3000, 8282, 9696, 8989, 7878, 80} drop
ip saddr 192.168.1.0/24 udp dport 5353 accept
udp dport 5353 drop
'';
};
users.groups.media = { };
#users.users.radarr.extraGroups = [ "media" ];
#users.users.sonarr.extraGroups = [ "media" ];
#users.users.jellyfin.extraGroups = [ "media" ];
sops.age.keyFile = "/home/ellie/.config/sops/age/keys.txt";
environment.systemPackages = with pkgs; [
git
vim
dropbear
age
sops
];
system.stateVersion = "25.05";
}

25
hosts/homeserver/hardware-configuration.nix Normal file
View file

@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci-pci"
"ahci"
"usbhid"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

91
hosts/homeserver/setup.nix Normal file
View file

@ -0,0 +1,91 @@
{ ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOv7i4ChPUm+DmELG6uRx0co4quhQ+h7QB4fgcxcC3qx contact@elliehigh.com"
];
shell = "/bin/cryptsetup-askpass";
hostKeys = [ "/etc/initrd-ssh/ssh_host_ed25519_dropbear" ];
};
};
boot.initrd.preLVMCommands = ''
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
'';
fileSystems."/media" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [
"subvol=/media"
"compress=zstd"
"noatime"
];
};
disko.devices.disk.main = {
type = "disk";
device = "/dev/sda";
content = {
"type" = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
# extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/jellyfin" = {
mountpoint = "/jellyfin";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "36G";
};
};
};
};
};
};
};
};
}