mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

idk

Browse Source
This commit is contained in:
mjallen18
2026-02-09 11:26:58 -06:00
parent 525cc60739
commit 9ad06425c8
23 changed files with 1612 additions and 1466 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/nixos/gaming/default.nix
View File

@@ -21,10 +21,10 @@ in
package = pkgs.steam.override {
extraPkgs =
_pkgs: with pkgs; [
xorg.libXcursor
xorg.libXi
xorg.libXinerama
xorg.libXScrnSaver
libXcursor
libXi
libXinerama
libXScrnSaver
libpng
libpulseaudio
libvorbis

51
modules/nixos/homeassistant/automations/motion-light/default.nix
View File

@@ -68,57 +68,6 @@ let
mode: single
'';
automationToYamlSwitch = mlcfg: ''
- id: '${toString mlcfg.id}'
alias: ${mlcfg.alias}
description: '${mlcfg.description}'
triggers:
- device_id: ${mlcfg.motion-sensor.mqttDeviceId}
entity_id: ${mlcfg.motion-sensor.mqttEntityId}
domain: binary_sensor
id: occupied
subtype: on_press
trigger: device
type: occupied
for:
hours: 0
minutes: 0
seconds: 0
- device_id: ${mlcfg.motion-sensor.mqttDeviceId}
entity_id: ${mlcfg.motion-sensor.mqttEntityId}
domain: binary_sensor
id: vacant
subtype: off_press
trigger: device
type: not_occupied
for:
hours: 0
minutes: 0
seconds: 5
conditions: []
actions:
- choose:
- conditions:
- condition: trigger
id:
- occupied
sequence:
- type: turn_on
device_id: ${mlcfg.switch.deviceId}
entity_id: ${mlcfg.switch.entityId}
domain: switch
- conditions:
- condition: trigger
id:
- vacant
sequence:
- type: turn_off
device_id: ${mlcfg.switch.deviceId}
entity_id: ${mlcfg.switch.entityId}
domain: switch
mode: single
'';
motionLightAutomations = concatStringsSep "\n" (
mapAttrsToList (_: automationToYaml) cfg.motion-light
);

23
modules/nixos/programs/default.nix
View File

@@ -62,18 +62,17 @@ in
SDL2
util-linux
vulkan-loader
xorg.libX11
xorg.libICE
xorg.libSM
xorg.libXcursor
xorg.libXrandr
xorg.libXi
xorg.libXcomposite
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libX11
xorg.libxcb
libICE
libSM
libXcursor
libXrandr
libXi
libXcomposite
libXdamage
libXext
libXfixes
# libx11
libxcb
zlib
];
};

77
modules/nixos/services/coturn/default.nix Normal file
View File

@@ -0,0 +1,77 @@
{
config,
lib,
namespace,
...
}:
let
name = "coturn";
cfg = config.${namespace}.services.${name};
coturnConfig = lib.${namespace}.mkModule {
inherit config name;
serviceName = "${name}-synapse";
description = "config";
options = { };
moduleConfig = {
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "Lucifer008!";
listening-port = cfg.port;
realm = "turn.mjallen.dev";
# cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
# pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=172.16.0.0-172.31.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
'';
};
networking.firewall = {
interfaces.enp197s0 = let
range = with config.services.coturn; [ {
from = min-port;
to = max-port;
} ];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 5349 ];
allowedTCPPortRanges = [ ];
allowedTCPPorts = [ 3478 5349 ];
};
};
};
};
in
{
imports = [ coturnConfig ];
}

4
modules/nixos/services/matrix/default.nix
View File

@@ -59,6 +59,7 @@ let
dataDir = "${cfg.configDir}/matrix-synapse";
configureRedisLocally = true;
enableRegistrationScript = true;
withJemalloc = true;
extras = [
"oidc"
"redis"
@@ -118,6 +119,9 @@ let
server_name = "matrix.org";
}
];
turn_uris = ["turn:${config.services.coturn.realm}:3478?transport=udp" "turn:${config.services.coturn.realm}:3478?transport=tcp"];
turn_shared_secret = config.services.coturn.static-auth-secret;
turn_user_lifetime = "1h";
};
};

90
modules/nixos/services/matrix/livekit.nix Normal file
View File

@@ -0,0 +1,90 @@
{ config, lib, pkgs, ... }:
let
cfg = config.${namespace}.services.${name};
keyFile = "/run/livekit.key";
file = pkgs.writeText "file.txt" ''
{
"m.homeserver": {
"base_url": "https://matrix.mjallen.dev"
},
"m.identity_server": {
"base_url": "https://vector.im"
},
"org.matrix.msc3575.proxy": {
"url": "https://matrix.mjallen.dev"
},
"org.matrix.msc4143.rtc_foci": [
{
"type": "livekit", "livekit_service_url": "https://mjallen.dev/livekit/jwt"
}
]
}
'';
in
{
services.livekit = {
enable = true;
openFirewall = true;
settings.room.auto_create = false;
inherit keyFile;
};
services.lk-jwt-service = {
enable = true;
# can be on the same virtualHost as synapse
livekitUrl = "wss://mjallen.dev/livekit/sfu";
inherit keyFile;
};
config = lib.mkIf cfg.enable {
# generate the key when needed
systemd.services.livekit-key = {
before = [
"lk-jwt-service.service"
"livekit.service"
];
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
livekit
coreutils
gawk
];
script = ''
echo "Key missing, generating key"
echo "lk-jwt-service: $(livekit-server generate-keys | tail -1 | awk '{print $3}')" > "${keyFile}"
'';
serviceConfig.Type = "oneshot";
unitConfig.ConditionPathExists = "!${keyFile}";
};
# restrict access to livekit room creation to a homeserver
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = "mjallen.dev";
services.nginx.virtualHosts = {
"matrix.mjallen.dev".locations = {
"^~ /.well-known/matrix/client" = {
alias = file;
extraConfig = "default_type text/plain;";
};
"mjallen.dev".locations = {
"^~ /livekit/jwt/" = {
priority = 400;
proxyPass = "http://[::1]:${toString config.services.lk-jwt-service.port}/";
};
"^~ /livekit/sfu/" = {
extraConfig = ''
proxy_send_timeout 120;
proxy_read_timeout 120;
proxy_buffering off;
proxy_set_header Accept-Encoding gzip;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
priority = 400;
proxyPass = "http://[::1]:${toString config.services.livekit.settings.port}/";
proxyWebsockets = true;
};
};
}
};
}