From dea4ca937793ec2d99d040a2580556fa291af2e3 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Sun, 5 Oct 2025 12:24:27 +0200 Subject: [PATCH] added ports module from m3ta-nixpkgs / prep for rewrite --- flake.lock | 15 +-- flake.nix | 4 +- home/common/default.nix | 1 + home/features/desktop/coding.nix | 116 ------------------ home/features/desktop/theme.nix | 2 - home/m3tam3re/m3-ares.nix | 1 - home/m3tam3re/services/librechat.nix | 18 --- hosts/common/default.nix | 1 + hosts/common/ports.nix | 72 +++++++++++ hosts/m3-ares/services/postgres.nix | 5 +- hosts/m3-ares/services/sound.nix | 4 +- .../m3-atlas/services/containers/baserow.nix | 4 +- .../services/containers/restreamer.nix | 4 +- hosts/m3-atlas/services/gitea.nix | 6 +- hosts/m3-atlas/services/paperless.nix | 6 +- hosts/m3-atlas/services/postgres.nix | 10 +- hosts/m3-helios/services/adguard.nix | 8 +- modules/nixos/default.nix | 3 + 18 files changed, 111 insertions(+), 169 deletions(-) delete mode 100644 home/m3tam3re/services/librechat.nix create mode 100644 hosts/common/ports.nix create mode 100644 modules/nixos/default.nix diff --git a/flake.lock b/flake.lock index eb5b541..daf48df 100644 --- a/flake.lock +++ b/flake.lock @@ -249,17 +249,14 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1759495926, - "narHash": "sha256-FfM1dBK43RQ96J3ZZ7737VP0t0wmndvKE6N7MPf2tco=", - "ref": "refs/heads/master", - "rev": "e2ef49ef422ec7707b109c32349018ad4834233f", - "revCount": 1, - "type": "git", - "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + "lastModified": 1759658382, + "narHash": "sha256-VfiWf2rFWZEULnNACqX8AZR5K3/2cnaHyGmswlC4RBE=", + "path": "/home/m3tam3re/p/nix/nixpkgs", + "type": "path" }, "original": { - "type": "git", - "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + "path": "/home/m3tam3re/p/nix/nixpkgs", + "type": "path" } }, "nix-ai-tools": { diff --git a/flake.nix b/flake.nix index 01cdd3c..df93f74 100644 --- a/flake.nix +++ b/flake.nix @@ -22,8 +22,8 @@ nixpkgs-9e58ed7.url = "github:nixos/nixpkgs/9e58ed7ba759d81c98f033b7f5eba21ca68f53b0"; nixpkgs-master.url = "github:nixos/nixpkgs/master"; - m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; - + # m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; + m3ta-nixpkgs.url = "path:/home/m3tam3re/p/nix/nixpkgs"; nur = { url = "github:nix-community/NUR"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/home/common/default.nix b/home/common/default.nix index 3cc0b79..e8aa9de 100644 --- a/home/common/default.nix +++ b/home/common/default.nix @@ -51,4 +51,5 @@ warn-dirty = false; }; }; + colorScheme = inputs.nix-colors.colorSchemes.dracula; } diff --git a/home/features/desktop/coding.nix b/home/features/desktop/coding.nix index b05ea16..b6a12bf 100644 --- a/home/features/desktop/coding.nix +++ b/home/features/desktop/coding.nix @@ -19,121 +19,5 @@ in { neovim.enable = true; zed.enable = true; }; - # programs.zed-editor = { - # enable = true; - # userSettings = { - # features = { - # inline_prediction_provider = "zed"; - # edit_prediction_provider = "zed"; - # copilot = false; - # }; - # telemetry = { - # metrics = false; - # }; - # lsp = { - # rust_analyzer = { - # binary = {path_lookup = true;}; - # }; - # }; - # languages = { - # Nix = { - # language_servers = ["nixd"]; - # formatter = { - # external = { - # command = "alejandra"; - # arguments = ["-q" "-"]; - # }; - # }; - # }; - # Python = { - # language_servers = ["pyrefly"]; - # formatter = { - # external = { - # command = "black"; - # arguments = ["-"]; - # }; - # }; - # }; - # }; - # lsp = { - # "pyrefly" = { - # command = { - # path = "pyrefly"; - # args = ["--lsp"]; - # env = {}; - # }; - # settings = {}; - # }; - # }; - # context_servers = { - # "some-context-server" = { - # command = { - # path = "some-command"; - # args = ["arg-1" "arg-2"]; - # env = {}; - # }; - # settings = {}; - # }; - # }; - # assistant = { - # version = "2"; - # default_model = { - # provider = "anthropic"; - # model = "Claude 3.7 Sonnet"; - # }; - # }; - # language_models = { - # anthropic = { - # version = "1"; - # api_url = "https://api.anthropic.com"; - # }; - # openai = { - # version = "1"; - # api_url = "https://api.openai.com/v1"; - # }; - # ollama = { - # api_url = "http://localhost:11434"; - # }; - # }; - # ssh_connections = [ - # { - # host = "152.53.85.162"; - # nickname = "m3-atlas"; - # args = ["-i" "~/.ssh/m3tam3re"]; - # } - # { - # host = "95.217.189.186"; - # port = 2222; - # nickname = "self-host-playbook"; - # args = ["-i" "~/.ssh/self-host-playbook"]; - # "projects" = [ - # { - # paths = ["/etc/nixos/current-systemconfig"]; - # } - # ]; - # } - # { - # host = "192.168.1.152"; - # port = 22; - # nickname = "m3-daedalus"; - # args = ["-i" "~/.ssh/m3tam3re"]; - # "projects" = [ - # { - # paths = ["/home/m3tam3re/home-config"]; - # } - # ]; - # } - # ]; - # auto_update = false; - # format_on_save = "on"; - # vim_mode = true; - # load_direnv = "shell_hook"; - # theme = "Dracula"; - # buffer_font_family = "FiraCode Nerd Font"; - # ui_font_size = 16; - # buffer_font_size = 16; - # show_edit_predictions = true; - # }; - # }; }; } diff --git a/home/features/desktop/theme.nix b/home/features/desktop/theme.nix index a22db01..936956c 100644 --- a/home/features/desktop/theme.nix +++ b/home/features/desktop/theme.nix @@ -1,9 +1,7 @@ { pkgs, - inputs, ... }: { - colorScheme = inputs.nix-colors.colorSchemes.dracula; qt = { enable = true; platformTheme.name = "gtk"; diff --git a/home/m3tam3re/m3-ares.nix b/home/m3tam3re/m3-ares.nix index cfa1e42..ec65da0 100644 --- a/home/m3tam3re/m3-ares.nix +++ b/home/m3tam3re/m3-ares.nix @@ -10,7 +10,6 @@ with lib; { ../features/cli ../features/coding ../features/desktop - #./services/librechat.nix ]; config = mkMerge [ diff --git a/home/m3tam3re/services/librechat.nix b/home/m3tam3re/services/librechat.nix deleted file mode 100644 index ba544a3..0000000 --- a/home/m3tam3re/services/librechat.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - systemd.user.services.librechat = { - Unit = { - Description = "LibreChat Start"; - After = ["network-online.target"]; - Wants = ["network-online.target"]; - }; - Install = {WantedBy = ["default.target"];}; - Service = { - Type = "oneshot"; - RemainAfterExit = "yes"; - WorkingDirectory = "/home/m3tam3re/p/r/ai/LibreChat"; - ExecStart = "/run/current-system/sw/bin/podman-compose up -d"; - ExecStop = "/run/current-system/sw/bin/podman-compose down"; - Restart = "on-failure"; - }; - }; -} diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 3a2b2f5..98d3752 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -8,6 +8,7 @@ }: { imports = [ ./extraServices + ./ports.nix ./users inputs.home-manager.nixosModules.home-manager ]; diff --git a/hosts/common/ports.nix b/hosts/common/ports.nix new file mode 100644 index 0000000..826e7bf --- /dev/null +++ b/hosts/common/ports.nix @@ -0,0 +1,72 @@ +{config, ...}: { + m3ta.ports = { + enable = true; + definitions = { + # System services + ssh = 22; + + # Web & proxy services + traefik = 80; + traefik-ssl = 443; + + # Databases + postgres = 5432; + mysql = 3306; + redis = 6379; + + # VPN & networking + wireguard = 51820; + tailscale = 41641; + headscale = 3009; + + # Containers & web apps + gitea = 3030; + baserow = 3001; + ghost = 3002; + wastebin = 3003; + littlelink = 3004; + searx = 3005; + restreamer = 3006; + paperless = 3012; + vaultwarden = 3013; + slash = 3010; + slash-nemoti = 3016; + kestra = 3018; + outline = 3019; + pangolin = 3020; + pangolin-api = 3021; + pangolin-ws = 3022; + + # Home automation + homarr = 7575; + + # DNS + adguardhome = 53; + }; + + hostOverrides = { + # Host-specific overrides + m3-ares = { + # Any custom port overrides for m3-ares + }; + + m3-atlas = { + # Any custom port overrides for m3-atlas + }; + + m3-helios = { + # Any custom port overrides for m3-helios + }; + + m3-kratos = { + # Any custom port overrides for m3-kratos + }; + }; + }; + environment.etc."info/all-ports.json" = { + text = builtins.toJSON { + hostname = config.networking.hostName; + ports = config.m3ta.ports.all; # TODO should only return actually used ports + }; + }; +} diff --git a/hosts/m3-ares/services/postgres.nix b/hosts/m3-ares/services/postgres.nix index eb46ca8..4b8feec 100644 --- a/hosts/m3-ares/services/postgres.nix +++ b/hosts/m3-ares/services/postgres.nix @@ -1,4 +1,7 @@ -{pkgs, ...}: { +{ + pkgs, + ... +}: { services.postgresql = { enable = true; package = pkgs.postgresql_17; diff --git a/hosts/m3-ares/services/sound.nix b/hosts/m3-ares/services/sound.nix index 2e8841e..1e334f8 100644 --- a/hosts/m3-ares/services/sound.nix +++ b/hosts/m3-ares/services/sound.nix @@ -1,6 +1,4 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - ]; +{ security.rtkit.enable = true; services.pipewire = { enable = true; diff --git a/hosts/m3-atlas/services/containers/baserow.nix b/hosts/m3-atlas/services/containers/baserow.nix index f0352dd..760a7b3 100644 --- a/hosts/m3-atlas/services/containers/baserow.nix +++ b/hosts/m3-atlas/services/containers/baserow.nix @@ -2,7 +2,7 @@ virtualisation.oci-containers.containers."baserow" = { image = "docker.io/baserow/baserow:1.34.2"; environmentFiles = [config.age.secrets.baserow-env.path]; - ports = ["127.0.0.1:3001:80"]; + ports = ["127.0.0.1:${toString (config.m3ta.ports.get "baserow")}:80"]; volumes = ["baserow_data:/baserow/data"]; extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"]; }; @@ -10,7 +10,7 @@ services.traefik.dynamicConfigOptions.http = { services.baserow.loadBalancer.servers = [ { - url = "http://localhost:3001/"; + url = "http://localhost:${toString (config.m3ta.ports.get "baserow")}/"; } ]; diff --git a/hosts/m3-atlas/services/containers/restreamer.nix b/hosts/m3-atlas/services/containers/restreamer.nix index 960c098..7a648fd 100644 --- a/hosts/m3-atlas/services/containers/restreamer.nix +++ b/hosts/m3-atlas/services/containers/restreamer.nix @@ -4,7 +4,7 @@ environmentFiles = [config.age.secrets.restreamer-env.path]; # Modified ports to include RTMPS ports = [ - "127.0.0.1:3006:8080" # Web UI + "127.0.0.1:${toString (config.m3ta.ports.get "restreamer")}:8080" # Web UI "127.0.0.1:1936:1935" # RTMP ]; volumes = [ @@ -20,7 +20,7 @@ http = { services.restreamer.loadBalancer.servers = [ { - url = "http://localhost:3006/"; + url = "http://localhost:${toString (config.m3ta.ports.get "restreamer")}/"; } ]; diff --git a/hosts/m3-atlas/services/gitea.nix b/hosts/m3-atlas/services/gitea.nix index d437e3b..a70eaaa 100644 --- a/hosts/m3-atlas/services/gitea.nix +++ b/hosts/m3-atlas/services/gitea.nix @@ -1,10 +1,10 @@ -{ +{config, ...}: { services.gitea = { enable = true; settings = { server = { ROOT_URL = "https://code.m3ta.dev"; - HTTP_PORT = 3030; + HTTP_PORT = config.m3ta.ports.get "gitea"; }; mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; service.DISABLE_REGISTRATION = true; @@ -21,7 +21,7 @@ services.traefik.dynamicConfigOptions.http = { services.gitea.loadBalancer.servers = [ { - url = "http://localhost:3030/"; + url = "http://localhost:${toString (config.m3ta.ports.get "gitea")}/"; } ]; diff --git a/hosts/m3-atlas/services/paperless.nix b/hosts/m3-atlas/services/paperless.nix index 2e3e179..4c86a5f 100644 --- a/hosts/m3-atlas/services/paperless.nix +++ b/hosts/m3-atlas/services/paperless.nix @@ -1,13 +1,13 @@ {config, ...}: { services.paperless = { enable = true; - port = 3012; + port = config.m3ta.ports.get "paperless"; database.createLocally = true; passwordFile = config.age.secrets.paperless-key.path; configureTika = true; settings = { PAPERLESS_URL = "https://pl.m3ta.dev"; - DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:5432/paperless"; + DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:${toString (config.m3ta.ports.get "postgres")}/paperless"; PAPERLESS_CONSUMER_IGNORE_PATTERN = [ ".DS_STORE/*" "desktop.ini" @@ -25,7 +25,7 @@ services.traefik.dynamicConfigOptions.http = { services.paperless.loadBalancer.servers = [ { - url = "http://localhost:3012/"; + url = "http://localhost:${toString (config.m3ta.ports.get "paperless")}/"; } ]; routers.paperless = { diff --git a/hosts/m3-atlas/services/postgres.nix b/hosts/m3-atlas/services/postgres.nix index 470816f..b23bf9d 100644 --- a/hosts/m3-atlas/services/postgres.nix +++ b/hosts/m3-atlas/services/postgres.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { services.postgresql = { enable = true; enableTCPIP = true; @@ -36,8 +40,8 @@ }; networking.firewall = { extraCommands = '' - iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT - iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT + iptables -A INPUT -p tcp -s 127.0.0.1 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT + iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport ${toString (config.m3ta.ports.get "postgres")} -j ACCEPT ''; }; } diff --git a/hosts/m3-helios/services/adguard.nix b/hosts/m3-helios/services/adguard.nix index f0ad0f9..e68ac62 100644 --- a/hosts/m3-helios/services/adguard.nix +++ b/hosts/m3-helios/services/adguard.nix @@ -1,10 +1,10 @@ -{ +{config, ...}: { services.adguardhome = { enable = true; openFirewall = true; settings = { dns = { - port = 53; + port = config.m3ta.ports.get "adguardhome"; upstream_dns = [ "1.1.1.1" "8.8.8.8" @@ -20,6 +20,6 @@ }; }; }; - networking.firewall.allowedTCPPorts = [53]; - networking.firewall.allowedUDPPorts = [53]; + networking.firewall.allowedTCPPorts = [(config.m3ta.ports.get "adguardhome")]; + networking.firewall.allowedUDPPorts = [(config.m3ta.ports.get "adguardhome")]; } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..dbd7336 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,3 @@ +{ + #module = import ./module.nix; +}