quinn/configuration.nix

@@ -58,45 +58,31 @@
   # Enable touchpad support (enabled default in most desktopManager).
   # services.libinput.enable = true;
 
-  users.groups.step = {};
-
   # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.eliribble = {
      isNormalUser = true;
      description = "Eli Ribble";
-     extraGroups = [ "docker" "networkmanager" "podman" "wheel" ]; # Enable ‘sudo’ for the user.
+     extraGroups = [ "docker" "networkmanager" "wheel" ]; # Enable ‘sudo’ for the user.
   #   packages = with pkgs; [
   #     firefox
   #     tree
   #   ];
    };
-  users.users.step = {
-    group = "step";
-    isNormalUser = false;
-    isSystemUser = true;
-    description = "User for step-ca certs";
-  };
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
     chezmoi
-    dig
     fish
     git
     htop
     #mongodb
     neovim
-    nginx
     python3
-    step-ca
-    step-cli
     tmux
     #unifi8
     wget
   ];
-
-
   networking.hostName = "quinn";
   # Allow specific unfree packages
   nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
@@ -118,77 +104,21 @@
 
   # List services that you want to enable:
 
-  services.nginx = {
+  # Enable Tailscale
-    enable = true;
+  services.tailscale.enable = true;
-    virtualHosts."pihole.home.arpa" = {
-      addSSL = false;
-      enableACME = false;
-      locations."/".extraConfig = ''
-        proxy_pass http://127.0.0.1:10000;
-	client_body_buffer_size 128k;
-        client_max_body_size 10G;
-
-        #Timeout if the real server is dead
-        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
-
-        # Advanced Proxy Config
-        send_timeout 5m;
-        proxy_read_timeout 360;
-        proxy_send_timeout 360;
-        proxy_connect_timeout 360;
-        proxy_headers_hash_max_size 512;
-        proxy_headers_hash_bucket_size 128;
-
-        # Basic Proxy Config
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Forwarded-Server $host;
-        proxy_set_header X-Forwarded-Uri $request_uri;
-        proxy_set_header X-Forwarded-Ssl on;
-        proxy_set_header X-Scheme $scheme;
-        proxy_http_version 1.1;
-        # proxy_set_header Connection "";
-        proxy_cache_bypass $cookie_session;
-        proxy_no_cache $cookie_session;
-        proxy_buffers 64 256k;
-        proxy_buffer_size 128k;
-        proxy_busy_buffers_size 256k;
-
-        # If behind reverse proxy, forwards the correct IP
-        set_real_ip_from 10.0.0.0/8;
-        set_real_ip_from 172.16.0.0/12;
-        set_real_ip_from 192.168.0.0/16;
-        set_real_ip_from fc00::/7;
-        real_ip_header X-Forwarded-For;
-        real_ip_recursive on;
-
-      '';
-    };
-  };
-
 
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
-  # Enable Tailscale
-  services.tailscale.enable = true;
-
   # Enable the Unifi controller service
   #services.unifi.enable = true;
   #services.unifi.unifiPackage = pkgs.unifi8;
 
   # Open ports in the firewall.
-  networking.firewall = {
+  # networking.firewall.allowedTCPPorts = [ ... ];
-    enable = true;
+  # networking.firewall.allowedUDPPorts = [ ... ];
-    allowedTCPPorts = [ 80 443 ];
+  # Or disable the firewall altogether.
-    allowedUDPPortRanges = [
+  # networking.firewall.enable = false;
-      #{ from = 4000; to = 4007; }
-      #{ from = 8000; to = 8010; }
-    ];
-  };
 
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
@@ -214,31 +144,7 @@
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
   system.stateVersion = "24.05"; # Did you read the comment?
 
-  # Enable podman since we are on NixOS 21.05
+  # Enable docker
-  virtualisation.docker.enable = false;
+  virtualisation.docker.enable = true;
-  virtualisation.oci-containers.backend = "podman";
-  virtualisation.oci-containers.containers = {
-    pihole = {
-      autoStart = true;
-      environment = {
-        TZ = "America/Phoenix";
-	DNSMASQ_LISTENING = "all";
-      };
-      image = "docker.io/pihole/pihole:2024.07.0";
-      ports = [
-	"192.168.1.5:53:53/tcp"
-	"192.168.1.5:53:53/udp"
-	"192.168.1.5:67:67"
-	"127.0.0.1:10000:80"
-      ];
-      volumes = [
-        "/etc/pihole/config:/etc/pihole"
-	"/etc/pihole/dnsmasq.d:/etc/dnsmasq.d"
-      ];
-    };
-  };
-  virtualisation.podman.enable = true;
-  virtualisation.podman.dockerSocket.enable = true;
-  virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
 }
 

quinn/containers/pihole.sh

@@ -1,18 +0,0 @@
-#!/run/current-system/sw/bin/env bash
-podman run -it --rm \
-	--env TZ=America/Phoenix \
-	--env DNSMASQ_LISTENING=all \
-	--name pihole \
-	-p 192.168.1.5:53:53/tcp \
-	-p 192.168.1.5:53:53/udp \
-	-p 192.168.1.5:67:67 \
-	-p 127.0.0.1:10000:80 \
-	-v /etc/pihole/config:/etc/pihole \
-	-v /etc/pihole/dnsmasq.d:/etc/dnsmasq.d \
-	docker.io/pihole/pihole:latest
-	#--add-host postgresql:192.168.1.1 \
-	#--conmon-pidfile /opt/run/gitea.pid \
-	#-v /etc/timezone:/etc/timezone:ro \
-	#-v /etc/localtime:/etc/localtime:ro \
-	#-d \
-	#--net slirp4netns:allow_host_loopback=true \

sync

@@ -10,7 +10,7 @@ def main() -> None:
 	source = Path("/etc/nixos")
 	destination = Path(__file__).parent / hostname
 	print(source, destination)
-	shutil.copytree(source, destination / "etc" / "nixos", dirs_exist_ok=True)
+	shutil.copytree(source, destination, dirs_exist_ok=True)