dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 1

add code formatter and reformat

Browse source
This commit is contained in:
Tim Schubert 2022-08-04 21:05:37 +02:00
parent a055f4fa40
commit 8cd6ed1502
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
69 changed files with 1016 additions and 797 deletions
Download patch file Download diff file Expand all files Collapse all files

10
nixos/agares/configuration.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
imports = [
./hardware-configuration.nix
];
@ -44,10 +48,10 @@
networking.bridges = {
"br-lan" = {
interfaces = [ "lan" ];
interfaces = ["lan"];
};
"br-backup" = {
interfaces = [ "backup" ];
interfaces = ["backup"];
};
};

28
nixos/agares/hardware-configuration.nix
View file

@ -1,24 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/sda1";
fileSystems."/" = {
device = "/dev/sda1";
fsType = "btrfs";
options = [ "subvol=root" ];
options = ["subvol=root"];
};
swapDevices = [ ];
swapDevices = [];
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config

133
nixos/configurations.nix
View file

@ -1,84 +1,97 @@
{ self
, admins
, nixpkgs
, nixosSystem
, home-manager
, homePage
, nixos-hardware
, nvd
, scripts
, recipemd
}:
let
{
self,
admins,
nixpkgs,
nixosSystem,
home-manager,
homePage,
nixos-hardware,
nvd,
scripts,
recipemd,
}: let
adapterModule = system: {
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.overlays = (nixpkgs.lib.attrValues self.overlays) ++ [
(final: prev: { homePage = homePage.defaultPackage.${system}; })
(final: prev: { s = scripts; })
(final: prev: { n = nvd; })
(final: prev: { recipemd = recipemd.defaultPackage.${system}; })
];
nixpkgs.config.allowUnfreePredicate = pkg: true;
nixpkgs.overlays =
(nixpkgs.lib.attrValues self.overlays)
++ [
(final: prev: {homePage = homePage.defaultPackage.${system};})
(final: prev: {s = scripts;})
(final: prev: {n = nvd;})
(final: prev: {recipemd = recipemd.defaultPackage.${system};})
];
};
lib = nixpkgs.lib;
adminConfig = users: {
dadada.admin.users = lib.getAttrs users admins;
};
in
{
in {
gorgon = nixosSystem rec {
system = "x86_64-linux";
modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [
(adapterModule system)
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
{ manual.manpages.enable = false;}
];
home-manager.users.dadada = import ../home/home;
}
./modules/profiles/laptop.nix
./gorgon/configuration.nix
];
modules =
(nixpkgs.lib.attrValues self.nixosModules)
++ [
(adapterModule system)
nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules =
(nixpkgs.lib.attrValues self.hmModules)
++ [
{manual.manpages.enable = false;}
];
home-manager.users.dadada = import ../home/home;
}
./modules/profiles/laptop.nix
./gorgon/configuration.nix
];
};
ifrit = nixosSystem rec {
system = "x86_64-linux";
modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [
(adminConfig [ "dadada" ])
(adapterModule system)
./modules/profiles/server.nix
./ifrit/configuration.nix
];
modules =
(nixpkgs.lib.attrValues self.nixosModules)
++ [
(adminConfig ["dadada"])
(adapterModule system)
./modules/profiles/server.nix
./ifrit/configuration.nix
];
};
surgat = nixosSystem rec {
system = "x86_64-linux";
modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [
(adminConfig [ "dadada" ])
(adapterModule system)
./modules/profiles/server.nix
./surgat/configuration.nix
];
modules =
(nixpkgs.lib.attrValues self.nixosModules)
++ [
(adminConfig ["dadada"])
(adapterModule system)
./modules/profiles/server.nix
./surgat/configuration.nix
];
};
pruflas = nixosSystem rec {
system = "x86_64-linux";
modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [
(adminConfig [ "dadada" ])
(adapterModule system)
./modules/profiles/laptop.nix
./pruflas/configuration.nix
];
modules =
(nixpkgs.lib.attrValues self.nixosModules)
++ [
(adminConfig ["dadada"])
(adapterModule system)
./modules/profiles/laptop.nix
./pruflas/configuration.nix
];
};
agares = nixosSystem rec {
system = "x86_64-linux";
modules = (nixpkgs.lib.attrValues self.nixosModules) ++ [
(adminConfig [ "dadada" ])
(adapterModule system)
./modules/profiles/server.nix
./agares/configuration.nix
];
modules =
(nixpkgs.lib.attrValues self.nixosModules)
++ [
(adminConfig ["dadada"])
(adapterModule system)
./modules/profiles/server.nix
./agares/configuration.nix
];
};
}

40
nixos/gorgon/configuration.nix
View file

@ -1,6 +1,11 @@
{ config, pkgs, lib, ... }:
let
signHook = pkgs.writeShellScript "/etc/nix/sign-cache.sh"
{
config,
pkgs,
lib,
...
}: let
signHook =
pkgs.writeShellScript "/etc/nix/sign-cache.sh"
''
set -eu
set -f # disable globbing
@ -9,20 +14,19 @@ let
echo "Signing paths" $OUT_PATHS
nix store sign --key-file /etc/nix/key.private $OUT_PATHS
'';
in
{
in {
imports = [
./hardware-configuration.nix
];
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
keep-outputs = true
keep-derivations = true
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
keep-outputs = true
keep-derivations = true
'';
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = ["kvm-amd"];
networking.hostName = "gorgon";
@ -39,9 +43,9 @@ in
networking = {
enableBsShare = true;
localResolver = {
enable= true;
uwu= true;
s0= true;
enable = true;
uwu = true;
s0 = true;
};
vpnExtension = "3";
};
@ -99,23 +103,23 @@ in
users.users = {
dadada = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ];
extraGroups = ["wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker"];
shell = "/run/current-system/sw/bin/zsh";
};
};
networking.hosts = {
"10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ];
"127.0.0.2" = [ "kanboard.dadada.li" ];
"10.1.2.9" = ["fgprinter.fginfo.tu-bs.de"];
"127.0.0.2" = ["kanboard.dadada.li"];
};
networking.wireguard.interfaces.uwupn = {
ips = [ "10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128" ];
ips = ["10.11.0.24/32" "fc00:1337:dead:beef::10.11.0.24/128"];
privateKeyFile = "/var/lib/wireguard/uwu";
peers = [
{
publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ];
allowedIPs = ["10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23"];
endpoint = "53c70r.de:51820";
persistentKeepalive = 25;
}

61
nixos/gorgon/hardware-configuration.nix
View file

@ -1,42 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5B90-D460";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/5B90-D460";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db";}
];
nix.settings.max-jobs = lib.mkDefault 16;
}

43
nixos/ifrit/configuration.nix
View file

@ -1,13 +1,16 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
hostAliases = [
"ifrit.dadada.li"
"media.dadada.li"
"backup0.dadada.li"
];
backups = "/mnt/storage/backup";
in
{
in {
imports = [
./hardware-configuration.nix
];
@ -23,50 +26,50 @@ in
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/gorgon";
quota = "1T";
};
"surgat" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/surgat";
quota = "50G";
};
"pruflas" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/pruflas";
quota = "50G";
};
"wohnzimmerpi" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/wohnzimmerpi";
quota = "50G";
};
"fginfo" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/fginfo";
quota = "10G";
};
"fginfo-git" = {
allowSubRepos = false;
authorizedKeysAppendOnly = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" ];
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ];
authorizedKeysAppendOnly = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git"];
authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis"];
path = "${backups}/fginfo-git";
quota = "10G";
};
@ -98,7 +101,7 @@ in
device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7";
mountPoint = "/mnt/storage";
neededForBoot = false;
options = [ "nofail" ];
options = ["nofail"];
};
networking.firewall = {
@ -113,7 +116,7 @@ in
isNormalUser = true;
};
environment.systemPackages = [ pkgs.curl ];
environment.systemPackages = [pkgs.curl];
system.stateVersion = "20.03";
}

36
nixos/ifrit/hardware-configuration.nix
View file

@ -1,26 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix" )
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/0b4f5f01-5849-4f05-9822-b648abbc2485";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/53b5715e-2724-4800-9cfc-f892115681b6";}
];
nix.settings.max-jobs = lib.mkDefault 2;
}

36
nixos/modules/admin.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.admin;
extraGroups = [ "wheel" "libvirtd" ];
extraGroups = ["wheel" "libvirtd"];
shells = {
"bash" = pkgs.bashInteractive;
@ -13,11 +16,15 @@ let
shellNames = builtins.attrNames shells;
adminOpts = { name, config, ... }: {
adminOpts = {
name,
config,
...
}: {
options = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
default = [];
apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x;
description = ''
The keys that should be able to access the account.
@ -35,15 +42,14 @@ let
};
};
};
in
{
in {
options = {
dadada.admin = {
enable = mkEnableOption "Enable admin access";
users = mkOption {
type = with types; attrsOf (submodule adminOpts);
default = { };
default = {};
description = ''
Admin users with root access machine.
'';
@ -68,14 +74,14 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh.openFirewall = true;
users.users = mapAttrs
(user: keys: (
{
users.users =
mapAttrs
(user: keys: {
shell = shells."${keys.shell}";
extraGroups = extraGroups;
isNormalUser = true;
openssh.authorizedKeys.keys = keys.keys;
}))
})
cfg.users;
nix.trustedUsers = builtins.attrNames cfg.users;
@ -90,7 +96,7 @@ in
services.tor.relay.onionServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
map = [{ port = 22; }];
map = [{port = 22;}];
};
};
};

146
nixos/modules/backup.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
backupExcludes = [
"/backup"
"/dev"
@ -20,87 +24,87 @@ let
"/var/tmp"
];
cfg = config.dadada.backupClient;
in
{
options = {
dadada.backupClient = {
gs = {
enable = mkEnableOption "Enable backup to GS location";
passphrasePath = mkOption {
type = with types; nullOr str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/gs/passphrase";
};
in {
options = {
dadada.backupClient = {
gs = {
enable = mkEnableOption "Enable backup to GS location";
passphrasePath = mkOption {
type = with types; nullOr str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/gs/passphrase";
};
bs = {
enable = mkEnableOption "Enable backup to BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/bs/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/bs/id_ed25519";
};
};
bs = {
enable = mkEnableOption "Enable backup to BS location";
passphrasePath = mkOption {
type = types.str;
description = ''
The path to the passphrase file.
'';
default = "/var/lib/borgbackup/bs/passphrase";
};
sshIdentityFile = mkOption {
type = types.str;
description = ''
Path to the SSH key that is used to transmit the backup.
'';
default = "/var/lib/borgbackup/bs/id_ed25519";
};
};
};
};
config = mkIf cfg.gs.enable {
fileSystems = mkIf cfg.gs {
"/backup" = {
device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5";
fsType = "ext4";
options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ];
options = ["x-systemd.automount" "noauto" "x-systemd.idle-timeout=600"];
};
};
services.borgbackup.jobs.gs = {
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.gs.passphrasePath}";
services.borgbackup.jobs.gs =
{
paths = "/";
exclude = backupExcludes;
repo = "/backup/${config.networking.hostName}";
doInit = false;
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.gs.passphrasePath}";
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
}
// mkIf cfg.bs.enable {
services.borgbackup.jobs.bs = {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.bs.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
};
};
compression = "auto,lz4";
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 2;
monthly = -1; # Keep at least one archive for each month
yearly = -1; # Keep at least one archive for each year
};
startAt = "monthly";
} // mkIf cfg.bs.enable {
services.borgbackup.jobs.bs = {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}";
doInit = false;
environment = {
BORG_RSH = "ssh -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'";
};
encryption = {
mode = "repokey";
passCommand = "cat ${cfg.bs.passphrasePath}";
};
compression = "auto,lz4";
startAt = "daily";
environment = {
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
};
};
};
};
}

56
nixos/modules/ddns.nix
View file

@ -1,40 +1,46 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.ddns;
ddnsConfig = hostNames: {
systemd.timers = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}"
{
wantedBy = [ "timers.target" ];
partOf = [ "ddns-${hostname}.service" ];
timerConfig.OnCalendar = "hourly";
}));
systemd.timers = listToAttrs (forEach hostNames (hostname:
nameValuePair "ddns-${hostname}"
{
wantedBy = ["timers.target"];
partOf = ["ddns-${hostname}.service"];
timerConfig.OnCalendar = "hourly";
}));
systemd.services = listToAttrs (forEach hostNames (hostname: nameValuePair "ddns-${hostname}"
{
serviceConfig.Type = "oneshot";
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
systemd.services = listToAttrs (forEach hostNames (hostname:
nameValuePair "ddns-${hostname}"
{
serviceConfig.Type = "oneshot";
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
IFS=':'
read -r user password < /var/lib/ddns/credentials
unset IFS
IFS=':'
read -r user password < /var/lib/ddns/credentials
unset IFS
curl_url=$(url "$user" "$password" ${hostname})
curl_url=$(url "$user" "$password" ${hostname})
${pkgs.curl}/bin/curl -4 "$curl_url"
${pkgs.curl}/bin/curl -6 "$curl_url"
'';
}));
${pkgs.curl}/bin/curl -4 "$curl_url"
${pkgs.curl}/bin/curl -6 "$curl_url"
'';
}));
};
in {
options = {
dadada.ddns.domains = mkOption {
type = types.listOf types.str;
description = ''
Enables DDNS for these domains.
Enables DDNS for these domains.
'';
example = ''
[ "example.com" ]

3
nixos/modules/default.nix
View file

@ -1,5 +1,4 @@
{ ... }@inputs:
{
{...} @ inputs: {
admin = import ./admin.nix;
backup = import ./backup.nix;
ddns = import ./ddns.nix;

11
nixos/modules/element.nix
View file

@ -1,8 +1,11 @@
{ config, pkgs, lib, ... }:
let
cfg = config.dadada.element;
in
{
config,
pkgs,
lib,
...
}: let
cfg = config.dadada.element;
in {
options.dadada.element = {
enable = lib.mkEnableOption "Enable element webapp";
};

14
nixos/modules/fido2.nix
View file

@ -1,10 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
luks = config.dadada.luks;
fido2 = config.dadada.fido2;
in
{
in {
options = {
dadada.luks = {
uuid = mkOption {
@ -52,5 +55,4 @@ in
cue = true;
};
};
}

12
nixos/modules/fileShare.nix
View file

@ -1,12 +1,14 @@
{ config, lib, ... }:
with lib;
let
{
config,
lib,
...
}:
with lib; let
cfg = config.dadada.fileShare;
sharePath = "/mnt/storage/share";
ipv6 = "fd42:dead:beef::/48";
ipv4 = "192.168.42.0/24";
in
{
in {
options.dadada.fileShare = {
enable = mkEnableOption "Enable file share server";
};

11
nixos/modules/gitea.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
redisSocket = "127.0.0.1:6379";
cfg = config.dadada.gitea;
in
{
in {
options.dadada.gitea = {
enable = lib.mkEnableOption "Enable gitea";
};

15
nixos/modules/headphones.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.headphones;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.headphones;
in {
options = {
dadada.headphones = {
enable = mkEnableOption "Enable bluetooth headphones with more audio codecs.";
@ -14,7 +17,7 @@ in
bluetooth.enable = true;
pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
extraModules = [pkgs.pulseaudio-modules-bt];
extraConfig = ''
set-source-volume 1 10000
'';

34
nixos/modules/homepage.nix
View file

@ -1,18 +1,22 @@
{ config, pkgs, lib, ... }:
let
{
config,
pkgs,
lib,
...
}: let
cfg = config.dadada.homePage;
in
with lib; {
options.dadada.homePage = {
enable = mkEnableOption "Enable home page";
};
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.homePage}";
with lib; {
options.dadada.homePage = {
enable = mkEnableOption "Enable home page";
};
};
}
config = mkIf cfg.enable {
services.nginx.enable = true;
services.nginx.virtualHosts."dadada.li" = {
enableACME = true;
forceSSL = true;
root = "${pkgs.homePage}";
};
};
}

49
nixos/modules/kanboard/default.nix
View file

@ -1,6 +1,10 @@
# Source https://github.com/NixOS/nixpkgs/issues/113384
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
cfg = config.dadada.kanboard;
in {
options = {
@ -32,27 +36,30 @@ in {
name = "kanboard-configured";
paths = [
(pkgs.runCommand "kanboard-over" {meta.priority = 0;} ''
mkdir -p $out
for f in index.php jsonrpc.php ; do
echo "<?php require('$out/config.php');" > $out/$f
tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
| sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
done
ln -s /var/lib/kanboard $out/data
ln -s ${./kanboard-config.php} $out/config.php
mkdir -p $out
for f in index.php jsonrpc.php ; do
echo "<?php require('$out/config.php');" > $out/$f
tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
| sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
done
ln -s /var/lib/kanboard $out/data
ln -s ${./kanboard-config.php} $out/config.php
'')
{ outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; }
];
};
locations = {
"/".index = "index.php";
"~ \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
'';
};
{
outPath = "${pkgs.kanboard}/share/kanboard";
meta.priority = 10;
}
];
};
locations = {
"/".index = "index.php";
"~ \\.php$" = {
tryFiles = "$uri =404";
extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.kanboard.socket};
'';
};
};
};
};
};

58
nixos/modules/networking.nix
View file

@ -1,10 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.networking;
vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
in
{
in {
options = {
dadada.networking = {
localResolver = {
@ -15,7 +18,7 @@ in
wanInterfaces = mkOption {
type = with types; listOf str;
description = "WAN network interfaces";
default = [ ];
default = [];
};
vpnExtension = mkOption {
type = with types; nullOr str;
@ -83,20 +86,22 @@ in
"149.112.112.112@853#dns.quad9.net"
];
}
(mkIf cfg.localResolver.uwu {
name = "uwu.";
forward-addr = [
"fc00:1337:dead:beef::10.11.0.1"
"10.11.0.1"
];
}
(
mkIf cfg.localResolver.uwu {
name = "uwu.";
forward-addr = [
"fc00:1337:dead:beef::10.11.0.1"
"10.11.0.1"
];
}
)
(mkIf cfg.localResolver.s0 {
name = "s0.";
forward-addr = [
"192.168.178.1"
];
}
(
mkIf cfg.localResolver.s0 {
name = "s0.";
forward-addr = [
"192.168.178.1"
];
}
)
{
name = "dyn.dadada.li.";
@ -110,13 +115,14 @@ in
networking.useDHCP = false;
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i {
useDHCP = true;
}));
networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i:
nameValuePair i {
useDHCP = true;
}));
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
dadada = {
ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ];
ips = ["fd42:9c3b:f96d:201::${cfg.vpnExtension}/64"];
listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey";
@ -124,7 +130,7 @@ in
peers = [
{
publicKey = vpnPubKey;
allowedIPs = [ "fd42:9c3b:f96d::/48" ];
allowedIPs = ["fd42:9c3b:f96d::/48"];
endpoint = "vpn.dadada.li:51234";
persistentKeepalive = 25;
}
@ -134,8 +140,8 @@ in
# https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
systemd.timers.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
wantedBy = [ "timers.target" ];
partOf = [ "wg-reresolve-dns.service" ];
wantedBy = ["timers.target"];
partOf = ["wg-reresolve-dns.service"];
timerConfig.OnCalendar = "hourly";
};
systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {

15
nixos/modules/nix.nix
View file

@ -1,9 +1,14 @@
{ self
, home-manager
, nixpkgs
, ...
{
self,
home-manager,
nixpkgs,
...
}: {
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
# Global settings for nix daemon
{
nix.nixPath = [

10
nixos/modules/profiles/laptop.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
@ -25,7 +29,7 @@ with lib;
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
highlighters = ["main" "brackets" "pattern" "root" "line"];
};
};

8
nixos/modules/profiles/server.nix
View file

@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
with lib;
{
config,
pkgs,
lib,
...
}:
with lib; {
networking.domain = mkDefault "dadada.li";
networking.tempAddresses = "disabled";

14
nixos/modules/share.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.share;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.share;
in {
options.dadada.share = {
enable = mkEnableOption "Enable file share";
};

15
nixos/modules/steam.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.steam;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.steam;
in {
options = {
dadada.steam = {
enable = mkEnableOption "Enable Steam config";
@ -15,7 +18,7 @@ in
hardware.opengl = {
enable = true;
driSupport32Bit = true;
extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
extraPackages32 = with pkgs.pkgsi686Linux; [libva];
};
hardware.pulseaudio.support32Bit = true;

14
nixos/modules/update.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.autoUpgrade;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.autoUpgrade;
in {
options.dadada.autoUpgrade = {
enable = mkEnableOption "Enable automatic upgrades";
};

32
nixos/modules/vpnServer.nix
View file

@ -1,9 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.vpnServer;
wgPeer = { name, ... }: {
wgPeer = {name, ...}: {
options = {
name = mkOption {
internal = true;
@ -21,14 +24,13 @@ let
};
};
};
in
{
in {
options.dadada.vpnServer = {
enable = mkEnableOption "Enable wireguard gateway";
peers = mkOption {
description = "Set of extensions and public keys of peers";
type = with types; attrsOf (submodule wgPeer);
default = { };
default = {};
};
};
config = mkIf cfg.enable {
@ -37,14 +39,14 @@ in
interfaces."wg0" = {
allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0201::0/64" ];
ips = ["fd42:9c3b:f96d:0201::0/64"];
listenPort = 51234;
peers = map
(peer: (
{
allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
publicKey = peer.key;
}))
peers =
map
(peer: {
allowedIPs = ["fd42:9c3b:f96d:0201::${peer.id}/128"];
publicKey = peer.key;
})
(attrValues cfg.peers);
postSetup = ''
wg set wg0 fwmark 51234

14
nixos/modules/weechat.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.dadada.weechat;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.dadada.weechat;
in {
options.dadada.weechat = {
enable = mkEnableOption "Enable weechat relay";
};

8
nixos/modules/zsh.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}: {
programs.zsh = {
enable = true;
autosuggestions.enable = true;
@ -8,7 +12,7 @@
vteIntegration = true;
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "pattern" "root" "line" ];
highlighters = ["main" "brackets" "pattern" "root" "line"];
};
};
}

20
nixos/pruflas/configuration.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, lib, ... }:
with lib;
{
imports = [ ./hardware-configuration.nix ];
config,
pkgs,
lib,
...
}:
with lib; {
imports = [./hardware-configuration.nix];
networking.hostName = "pruflas";
@ -12,7 +16,7 @@ with lib;
package = pkgs.hydra-unstable;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
buildMachinesFiles = [];
useSubstitutes = true;
listenHost = "hydra.dadada.li";
port = 3000;
@ -22,7 +26,7 @@ with lib;
{
hostName = "localhost";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
supportedFeatures = ["kvm" "nixos-test" "big-parallel" "benchmark"];
maxJobs = 8;
}
];
@ -61,7 +65,7 @@ with lib;
];
};
boot.kernelModules = [ "kvm-intel" ];
boot.kernelModules = ["kvm-intel"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
@ -91,12 +95,12 @@ with lib;
hardware.pulseaudio.enable = false;
environment.systemPackages = [ pkgs.spotify pkgs.mpv ];
environment.systemPackages = [pkgs.spotify pkgs.mpv];
users.users."media" = {
isNormalUser = true;
description = "Media playback user";
extraGroups = [ "users" "video" ];
extraGroups = ["users" "video"];
};
networking.domain = "dadada.li";

48
nixos/pruflas/hardware-configuration.nix
View file

@ -1,34 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/6d7ea470-1909-4e84-82a6-d5d5e9eecf78";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/337f04a7-4fe9-49a2-8a58-07dd4bc85168";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0494-CB52";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0494-CB52";
fsType = "vfat";
};
swapDevices = [ ];
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

25
nixos/surgat/configuration.nix
View file

@ -1,8 +1,11 @@
{ config, pkgs, lib, ... }:
let
hostName = "surgat";
in
{
config,
pkgs,
lib,
...
}: let
hostName = "surgat";
in {
imports = [
./hardware-configuration.nix
];
@ -72,10 +75,12 @@ in
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking.interfaces."ens3".ipv6.addresses = [{
address = "2a01:4f8:c17:1d70::";
prefixLength = 64;
}];
networking.interfaces."ens3".ipv6.addresses = [
{
address = "2a01:4f8:c17:1d70::";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
address = "fe80::1";
@ -98,7 +103,7 @@ in
];
networking.wireguard.interfaces."hydra" = {
ips = [ "10.3.3.1/24" ];
ips = ["10.3.3.1/24"];
listenPort = 51235;
privateKeyFile = "/var/lib/wireguard/hydra";
@ -106,7 +111,7 @@ in
peers = [
{
publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw=";
allowedIPs = [ "10.3.3.3/32" ];
allowedIPs = ["10.3.3.3/32"];
persistentKeepalive = 25;
}
];

41
nixos/surgat/hardware-configuration.nix
View file

@ -1,30 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11";
fsType = "ext4";
};
boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3";
fsType = "ext2";
};
swapDevices = [ ];
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3";
fsType = "ext2";
};
swapDevices = [];
}