rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 17:11:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

networking updates, too many to write down

Browse source
This commit is contained in:
Rouven Seifert 2023-11-07 19:56:10 +01:00
parent 45b01c5979
commit 2bb6fa41e0
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
13 changed files with 151 additions and 152 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

135
flake.lock
View file

@ -1,5 +1,29 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
@ -49,45 +73,29 @@
"type": "github"
}
},
"deploy-rs": {
"darwin": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": [
"agenix",
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1695052866,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -171,11 +179,11 @@
]
},
"locked": {
"lastModified": 1698670511,
"narHash": "sha256-jQIu3UhBMPHXzVkHQO1O2gg8SVo5lqAVoC6mOaLQcLQ=",
"lastModified": 1699368917,
"narHash": "sha256-nUtGIWf86BOkUbtksWtfglvCZ/otP0FTZlQH8Rzc7PA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8e5416b478e465985eec274bc3a018024435c106",
"rev": "6a8444467c83c961e2f5ff64fb4f422e303c98d3",
"type": "github"
},
"original": {
@ -191,11 +199,11 @@
]
},
"locked": {
"lastModified": 1698313822,
"narHash": "sha256-YBsZB7IVcOfeofWel2UczNt68i0uaY6PUQndxAFjXUs=",
"lastModified": 1698482687,
"narHash": "sha256-M+ycfhVZO/c8rQYvdUxLkNS8Ttqg/dRckVOnKnxiEss=",
"owner": "therealr5",
"repo": "TruckSimulatorBot-images",
"rev": "6f0726ef62d346d8b8276335f7294a4634b4714d",
"rev": "c2eabb6964354a57eb0bc3979dae515fcc3eed32",
"type": "github"
},
"original": {
@ -222,7 +230,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
@ -272,11 +280,11 @@
]
},
"locked": {
"lastModified": 1698550809,
"narHash": "sha256-Um8+Wi6EAH5dCgfgl7OqaVd4wFJn6FKLafcP5QPr/98=",
"lastModified": 1699156599,
"narHash": "sha256-Qk9ZE/pG9lNIGUVNArJxL0Hc0Soa92eQPPIhcDwWinU=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "1f0981f5baeb78e3c89a8980ff1a39f06876fa8c",
"rev": "5388a4002179d6778d212dc2fdcc7ac3fdbd5b65",
"type": "github"
},
"original": {
@ -287,11 +295,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1698053470,
"narHash": "sha256-sP8D/41UiwC2qn0X40oi+DfuVzNHMROqIWdSdCI/AYA=",
"lastModified": 1699159446,
"narHash": "sha256-cL63IjsbPl2otS7R4kdXbVOJOXYMpGw5KGZoWgdCuCM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "80d98a7d55c6e27954a166cb583a41325e9512d7",
"rev": "627bc9b88256379578885a7028c9e791c29fb581",
"type": "github"
},
"original": {
@ -301,11 +309,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1698318101,
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"type": "github"
},
"original": {
@ -347,11 +355,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1698544399,
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=",
"lastModified": 1699110214,
"narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9",
"rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee",
"type": "github"
},
"original": {
@ -419,11 +427,11 @@
]
},
"locked": {
"lastModified": 1698314496,
"narHash": "sha256-LMuYKvaRaVPYbJo9mJR0fJg1a7uAsmQosq28+Ir44/M=",
"lastModified": 1698828202,
"narHash": "sha256-QjcqU0V5ewwgLfyLg/sUzCkYzr74Ih3UruEoWQ7rGT0=",
"owner": "therealr5",
"repo": "purge",
"rev": "bc1264a7954bcc572582d485c9384c62797e4ebc",
"rev": "5820a3d4696ff82ccd45602d25ba6f91bf1d3191",
"type": "github"
},
"original": {
@ -434,7 +442,7 @@
},
"root": {
"inputs": {
"deploy-rs": "deploy-rs",
"agenix": "agenix",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
@ -481,11 +489,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1698548647,
"narHash": "sha256-7c03OjBGqnwDW0FBaBc+NjfEBxMkza+dxZGJPyIzfFE=",
"lastModified": 1699311858,
"narHash": "sha256-W/sQrghPAn5J9d+9kMnHqi4NPVWVpy0V/qzQeZfS/dM=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "632c3161a6cc24142c8e3f5529f5d81042571165",
"rev": "664187539871f63857bda2d498f452792457b998",
"type": "github"
},
"original": {
@ -516,11 +524,11 @@
]
},
"locked": {
"lastModified": 1698314552,
"narHash": "sha256-WR3jJC/vLx4jdom17Fk3SGynZy/mC0w80sVHB6ItVCg=",
"lastModified": 1698828178,
"narHash": "sha256-qG++eRZ3Hpxxvif0JMGFEhsz1WETAW5qsAVKScqz/xU=",
"owner": "therealr5",
"repo": "TruckSimulatorBot",
"rev": "1d572d6b5b7f1ea84ea7e81a3899bd84da2907c7",
"rev": "4da79ba1d6df945ebf3bae8f0d6f4847238837b9",
"type": "github"
},
"original": {
@ -528,21 +536,6 @@
"repo": "TruckSimulatorBot",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

32
flake.nix
View file

@ -11,16 +11,15 @@
sops-nix = {
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
impermanence.url = "github:nix-community/impermanence";
deploy-rs = {
url = "github:serokell/deploy-rs";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
home-manager = {
inputs = {
nixpkgs.follows = "nixpkgs";
@ -55,8 +54,8 @@
, home-manager
, nix-index-database
, sops-nix
, agenix
, impermanence
, deploy-rs
, nix-colors
, nixos-hardware
, lanzaboote
@ -88,6 +87,7 @@
nixos-hardware.nixosModules.common-pc-laptop-ssd
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
agenix.nixosModules.default
nix-index-database.nixosModules.nix-index
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
@ -154,21 +154,5 @@
];
};
};
deploy.nodes = {
nuc = {
hostname = "nuc";
profiles.system = {
sshUser = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.nuc;
};
};
falkenstein-1 = {
hostname = "falkenstein-1";
profiles.system = {
sshUser = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.falkenstein-1;
};
};
};
};
}

3
hosts/falkenstein-1/default.nix
View file

@ -4,7 +4,7 @@
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# ./modules/backup
./modules/backup
./modules/fail2ban
./modules/mail
./modules/networks
@ -31,6 +31,7 @@
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
systemd.package = pkgs.systemd.override { withHomed = false; };
environment.systemPackages = with pkgs; [
vim

2
hosts/falkenstein-1/modules/backup/default.nix
View file

@ -13,7 +13,7 @@
repositories = [
{
path = "ssh://root@192.168.10.2/mnt/backup/falkenstein";
path = "ssh://root@192.168.42.2/mnt/backup/falkenstein";
label = "nuc";
}
];

7
hosts/falkenstein-1/modules/mail/default.nix
View file

@ -118,9 +118,10 @@ in
sslServerKey = "/var/lib/acme/${hostname}/key.pem";
protocols = [ "imap" "sieve" ];
mailPlugins = {
globally.enable = [ "listescape" ];
perProtocol = {
imap = {
enable = [ "imap_sieve" ];
enable = [ "imap_sieve" "imap_filter_sieve" ];
};
lmtp = {
enable = [ "sieve" ];
@ -168,6 +169,10 @@ in
service_count = 1
}
namespace inbox {
separator = /
inbox = yes
}
service lmtp {
unix_listener dovecot-lmtp {
group = postfix

3
hosts/nuc/default.nix
View file

@ -6,7 +6,7 @@
./hardware-configuration.nix
# ./modules/adguard
./modules/networks
# ./modules/backup
./modules/backup
./modules/grafana
./modules/prometheus
./modules/matrix
@ -22,6 +22,7 @@
loader.efi.canTouchEfiVariables = true;
tmp.useTmpfs = true;
};
systemd.package = pkgs.systemd.override { withHomed = false; };
services.btrfs.autoScrub.enable = true;
sops.secrets."store/secretkey" = { };

40
hosts/thinkpad/default.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib, agenix, ... }:
{
imports =
[
./hardware-configuration.nix
# ./modules/backup
./modules/backup
./modules/networks
./modules/greetd
./modules/virtualisation
@ -33,6 +33,7 @@
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
tmp.useTmpfs = true;
};
systemd.package = pkgs.systemd.override { withHomed = false; };
environment.persistence."/nix/persist/system" = {
directories = [
@ -83,6 +84,7 @@
noto-fonts-cjk
noto-fonts-emoji
dejavu_fonts
fira
];
# Enable sound.
@ -114,16 +116,18 @@
programs.light.enable = true;
services = {
homed.enable = true;
# homed.enable = true;
blueman.enable = true; # bluetooth
devmon.enable = true; # automount stuff
printing = {
enable = true;
browsedConf = ''
BrowsePoll cups.agdsn.network
LocalQueueNamingRemoteCUPS RemoteName
'';
};
# printing = {
# enable = true;
# stateless = true;
# browsedConf = ''
# BrowsePoll tomate.local
# BrowsePoll cups.agdsn.network
# LocalQueueNamingRemoteCUPS RemoteName
# '';
# };
avahi = {
# autodiscover printers
enable = true;
@ -192,10 +196,24 @@
pciutils
lm_sensors
sbctl
deploy-rs
man-pages
openssl
cups
agenix.packages.x86_64-linux.default
];
programs.java.enable = true;
programs.wireshark = {
enable = true;
package = pkgs.wireshark-qt;
};
security.wrappers.etherape = {
source = "${pkgs.etherape}/bin/etherape";
capabilities = "cap_net_raw,cap_net_admin+eip";
owner = "root";
group = "wireshark"; # too lazy to create a new one
permissions = "u+rx,g+x";
};
documentation.dev.enable = true;

2
hosts/thinkpad/modules/backup/default.nix
View file

@ -16,7 +16,7 @@
repositories = [
{
label = "nuc";
path = "ssh://root@192.168.10.2/mnt/backup/thinkpad";
path = "ssh://root@192.168.42.2/mnt/backup/thinkpad";
}
];
exclude_patterns = [

6
secrets/rouven.yaml
View file

@ -1,6 +1,6 @@
email:
tu-dresden: ENC[AES256_GCM,data:0c/NpILreIbyZ5PIIDR55og//b/cNA==,iv:vf6b93deMdX5l7nRAgE+YfMp4S3z24zydf4TrUpnCq0=,tag:i6PxkzY5X1tmkNvWWXN73Q==,type:str]
rfive: ENC[AES256_GCM,data:j51G8LkEu3e3HPhZVTrBDsjJkDGIMZ3PPw==,iv:FtcO97LF57h4p8ZyvZPQ7gsLlQUyg+RzyIPlPYhLYK0=,tag:XbDBwcvWAlbuLvvV0I+2LA==,type:str]
rfive: ENC[AES256_GCM,data:5Gx00fozp3Fb1DPUVNeec2t1Ms+XC86ZLRhc0khSkj+v2g==,iv:+HBth0dBOs/bLPRNCe/ivhKodDFSe1KtX+vAkYXQoMs=,tag:e79QaG4BfXH6in0FAXVcoA==,type:str]
google: ENC[AES256_GCM,data:044yUHWp8PvtTytFwfCAhg==,iv:nRWzcxXCogombevZQxYsMuLL4us1kv6WKfChRphLR48=,tag:fnHxnweczc5bElK8kGa6rw==,type:str]
ifsr: ENC[AES256_GCM,data:debmpTL+VYNE3InslDyV0FW1sKjBFA==,iv:ZKwyOMsfQivesFoEJeDCNnPzOgwlP0xmJ0GNsA57njM=,tag:CJZhWTb2MfsR+rv2VY6Xmw==,type:str]
agdsn: ENC[AES256_GCM,data:ark7+PHOOd5IwkGOSShVnrwQ1g0tQuJ5,iv:d+rj8C3FUHg+bSjDAYd4bQ20vvocTpyjcQKwXEHVY/o=,tag:VC1ISQsA/u0iDY0DgJ6yfA==,type:str]
@ -24,8 +24,8 @@ sops:
N08rUm1KNCtOaHlYVnFZUFViZnNHeUkKvQTAtOKQqCJP54eV6bxxCWX5CKACPJQP
MBkKw0jbgjBI4SuDdPQVaXE0gEllJPjENUjqXGVatYbhBStbIraZQQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-30T14:26:57Z"
mac: ENC[AES256_GCM,data:AuhCdkJDrc02Iw+D1OqDrQPwjbxYn8a1QGs2bqgsZvL+XxOyjEv+q/m3esLrET92v0+ZAiU4qlOxk7+SHqvsrHWgq2i+xDKXPlPNL4xDO4G/ysOpLzDX/u/4UBicWp/yqlBYUO2qrDOhsSqqKziR8XFTWP3fPrBpa2TzafbohXY=,iv:JlrQBYoDQFUfwgY993DVbrxEatTMrTyvCrK76QoyurY=,tag:0lhAs5jHIEgbStTYmnj7cw==,type:str]
lastmodified: "2023-11-05T18:57:42Z"
mac: ENC[AES256_GCM,data:Op3aUdt0pnacMJ++zAJsjJOhiKnV9b8t2jrAci5+ZNwIdY2MNVauByQtD0QcD/ApcJzpvS0fblj/EU36mmpoWE5HBQziFDoKi82t/Wpemmvefph1UdjSeqxN4oq68j7QJO0ESso3LlXeSRg08Nre8f7/ReLMgUrEVi1OI2/+C04=,iv:dpnOMM5hj8ugXI9q2BKtzLiaio1nngHYlwIjOjaeGag=,tag:0snf53Zb3zg+T4k0RaRo1g==,type:str]
pgp:
- created_at: "2023-02-25T23:44:24Z"
enc: |-

1
shared/zsh.nix
View file

@ -9,6 +9,7 @@
duf
trash-cli
nix-output-monitor
iperf
];
users.defaultUserShell = pkgs.zsh;
programs.fzf = {

2
users/rouven/default.nix
View file

@ -5,7 +5,7 @@
users.users.rouven = {
description = "Rouven Seifert";
isNormalUser = true;
extraGroups = [ "wheel" "video" "libvirtd" "tss" "input" "_lldpd" ];
extraGroups = [ "wheel" "video" "libvirtd" "tss" "input" "_lldpd" "wireshark" ];
initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1";
};
home-manager.useUserPackages = true;

62
users/rouven/modules/accounts/default.nix
View file

@ -49,7 +49,6 @@ in
};
# set sidebar_indent_string = ' '
# set sidebar_width = 80
# set sidebar_folder_indent = yes
mbsync.enable = true;
};
accounts.email.accounts = {
@ -239,8 +238,8 @@ in
extraConfig.Create = "near";
};
channels.reports = {
nearPattern = "Reports";
farPattern = "Reports";
nearPattern = "Root/Reports";
farPattern = "Root/Reports";
extraConfig.Create = "near";
};
channels.trash = {
@ -300,33 +299,33 @@ in
enable = true;
create = "maildir";
expunge = "both";
groups.ifsr = {
channels.inbox = {
nearPattern = "INBOX";
farPattern = "INBOX";
extraConfig.Create = "near";
};
channels.trash = {
nearPattern = "Trash";
farPattern = "Trash";
extraConfig.Create = "near";
};
channels.sent = {
nearPattern = "Sent";
farPattern = "Sent";
extraConfig.Create = "near";
};
channels.junk = {
nearPattern = "Junk";
farPattern = "Junk";
extraConfig.Create = "near";
};
channels.drafts = {
nearPattern = "Drafts";
farPattern = "Drafts";
extraConfig.Create = "near";
};
};
# groups.ifsr = {
# channels.inbox = {
# nearPattern = "INBOX";
# farPattern = "INBOX";
# extraConfig.Create = "near";
# };
# channels.trash = {
# nearPattern = "Trash";
# farPattern = "Trash";
# extraConfig.Create = "near";
# };
# channels.sent = {
# nearPattern = "Sent";
# farPattern = "Sent";
# extraConfig.Create = "near";
# };
# channels.junk = {
# nearPattern = "Junk";
# farPattern = "Junk";
# extraConfig.Create = "near";
# };
# channels.drafts = {
# nearPattern = "Drafts";
# farPattern = "Drafts";
# extraConfig.Create = "near";
# };
# };
extraConfig = {
account = {
AuthMechs = "Login";
@ -338,7 +337,8 @@ in
{
enable = true;
mailboxName = " 󰒍 AG DSN";
extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
# extraMailboxes = lib.lists.forEach [ c.sent c.trash c.junk c.drafts ] (x: x.nearPattern);
extraMailboxes = [ "+Sent" "+Trash" "+Junk" "+Drafts" "+Lists/intern" ];
};
};
"gmail" = rec {

8
users/rouven/modules/packages.nix
View file

@ -1,11 +1,7 @@
{ pkgs, ... }:
let
tex = (pkgs.texlive.combine {
inherit (pkgs.texlive) scheme-small
dvisvgm dvipng# for preview and export as html
wrapfig amsmath ulem hyperref capt-of;
# (setq org-latex-compiler "lualatex")
#(setq org-preview-latex-default-process 'dvisvgm)
inherit (pkgs.texlive) scheme-full;
});
in
{
@ -27,6 +23,7 @@ in
drawio
leafpad
gamescope
gnome.simple-scan
# sound
pavucontrol
@ -40,7 +37,6 @@ in
google-chrome
filezilla
dbeaver
apache-directory-studio
# messaging
discord