rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2025-01-18 09:01:39 +01:00
Code Issues Projects Releases Packages Wiki Activity

lots of updates

Browse source
This commit is contained in:
Rouven Seifert 2024-12-31 16:02:29 +01:00
parent 91f700f9a5
commit 60586106be
11 changed files with 55 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
flake.lock
View file

@ -37,11 +37,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1732215451,
"narHash": "sha256-P2VVlzRGKBNsiHsN1yMZcSMXpwtIx9ysMFZAqKFJ14o=",
"lastModified": 1733851514,
"narHash": "sha256-fQt/HzF+OBC8xLRYeHiYLSEzjrgOLNWhyd102aY2oLU=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "9d9c0a3a94a91cfed654a18239e27cf56970daa4",
"rev": "b059e1d6e7a94bbeabb4e87d47b5f5097fd61823",
"type": "github"
},
"original": {
@ -53,16 +53,16 @@
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1732213300,
"narHash": "sha256-4Pv35cnZGiTxe6j2O0F9L9sHzxVIC1SazeAUD5kWeBs=",
"lastModified": 1733849292,
"narHash": "sha256-gJYgrRxytoGHkjeEsiKY/tl06D8XOnZZ9SDpK1WSyUw=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "527e584699abc93712114b05f70f59c5187caa66",
"rev": "0edd7531a152910e6bdd4f7d3d0cde3ed5fdd956",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2024.10.4",
"ref": "version/2024.10.5",
"repo": "authentik",
"type": "github"
}
@ -134,11 +134,11 @@
]
},
"locked": {
"lastModified": 1726867691,
"narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
"lastModified": 1733919067,
"narHash": "sha256-ZsL5pKwEDhcZhVJh+3IwgHus7kSW/N8qOlBscwB6BCI=",
"owner": "nix-community",
"repo": "dns.nix",
"rev": "a3196708a56dee76186a9415c187473b94e6cbae",
"rev": "a23f43f9762aa96d3e35c8eeefa7610bd0cdf456",
"type": "github"
},
"original": {
@ -301,11 +301,11 @@
]
},
"locked": {
"lastModified": 1733045511,
"narHash": "sha256-n8AldXJRNVMm2UZ6yN0HwVxlARY2Cm/uhdOw76tQ0OI=",
"lastModified": 1735381016,
"narHash": "sha256-CyCZFhMUkuYbSD6bxB/r43EdmDE7hYeZZPTCv0GudO4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4964f3c6fc17ae4578e762d3dc86b10fe890860e",
"rev": "10e99c43cdf4a0713b4e81d90691d22c6a58bdf2",
"type": "github"
},
"original": {
@ -336,11 +336,11 @@
},
"impermanence": {
"locked": {
"lastModified": 1731242966,
"narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=",
"lastModified": 1734945620,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
"type": "github"
},
"original": {
@ -450,11 +450,11 @@
]
},
"locked": {
"lastModified": 1733024876,
"narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=",
"lastModified": 1735443188,
"narHash": "sha256-AydPpRBh8+NOkrLylG7vTsHrGO2b5L7XkMEL5HlzcA8=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "6e0b7f81367069589a480b91603a10bcf71f3103",
"rev": "55ab1e1df5daf2476e6b826b69a82862dcbd7544",
"type": "github"
},
"original": {
@ -524,11 +524,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1732837521,
"narHash": "sha256-jNRNr49UiuIwaarqijgdTR2qLPifxsVhlJrKzQ8XUIE=",
"lastModified": 1735471104,
"narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "970e93b9f82e2a0f3675757eb0bfc73297cc6370",
"rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
"type": "github"
},
"original": {

8
hosts/nuc/default.nix
View file

@ -20,6 +20,14 @@
];
nix.settings.system-features = [ "gccarch-tigerlake" ];
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;

4
hosts/nuc/modules/matrix/default.nix
View file

@ -16,10 +16,6 @@ in
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
};
};
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
"olm-3.2.16"
];
services = {
postgresql = {

2
hosts/nuc/modules/monitoring/default.nix
View file

@ -64,7 +64,7 @@ in
auth_url = "https://auth.rfive.de/application/o/authorize/";
token_url = "https://auth.rfive.de/application/o/token/";
api_url = "https://auth.rfive.de/application/o/userinfo/";
role_attribute_path = "contains(roles, 'Grafana Admin') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
role_attribute_path = "contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'";
};

1
hosts/nuc/modules/torrent/default.nix
View file

@ -42,6 +42,7 @@ in
};
# scripted wireguard since systemd-networkd doesn't support netns yet
networking.wireguard.useNetworkd = false;
networking.wireguard.interfaces."wg0-mullvad" = {
# Funny Mole
privateKeyFile = config.age.secrets.mullvad.path;

4
hosts/thinkpad/default.nix
View file

@ -14,7 +14,6 @@
./modules/virtualisation
];
nix.settings.system-features = [ "gccarch-tigerlake" ];
systemd.additionalUpstreamSystemUnits = [
"soft-reboot.target"
@ -50,6 +49,9 @@
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "en_US.UTF-8";
programs.direnv = {
enable = true;
};
console.keyMap = "dvorak";

19
hosts/thinkpad/modules/networks/default.nix
View file

@ -25,7 +25,7 @@
nmap
curlFull
wireguard-tools
etherape
# etherape
];
services.timesyncd.servers = lib.mkForce [ ];
services.resolved = {
@ -186,12 +186,13 @@
enable = true;
package = pkgs.wireshark-qt;
};
users.groups.etherape = { };
security.wrappers.etherape = {
source = "${pkgs.etherape}/bin/etherape";
capabilities = "cap_net_raw,cap_net_admin+eip";
owner = "root";
group = "etherape";
permissions = "u+rx,g+x";
};
programs.wavemon.enable = true;
# # users.groups.etherape = { };
# security.wrappers.etherape = {
# source = "${pkgs.etherape}/bin/etherape";
# capabilities = "cap_net_raw,cap_net_admin+eip";
# owner = "root";
# group = "etherape";
# permissions = "u+rx,g+x";
# };
}

2
hosts/thinkpad/modules/networks/uni.nix
View file

@ -140,7 +140,7 @@
systemd.services = {
openfortivpn-agdsn = {
description = "AG DSN Fortinet VPN";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 249db14f96c8ea6174d80a3b964868bfbe8c56bc27bf031bf0afb9aeca8eb978";
script = "${pkgs.openfortivpn}/bin/openfortivpn vpn.agdsn.de:443 --realm admin-vpn -u r5 -p $(cat $CREDENTIALS_DIRECTORY/password) --trusted-cert 2edda9c8797e09af039bbefeb083a9238c353cbc913210ad8a4f737820c35a91";
requires = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
serviceConfig = {

6
hosts/thinkpad/modules/virtualisation/default.nix
View file

@ -13,9 +13,9 @@
qemu = {
runAsRoot = false;
swtpm.enable = true;
ovmf.packages = [
(pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
];
# ovmf.packages = [
# (pkgs.OVMF.override ({ tpmSupport = true; secureBoot = true; })).fd
# ];
};
};
spiceUSBRedirection.enable = true;

5
shared/nix.nix
View file

@ -8,7 +8,9 @@
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
distributedBuilds = true;
settings = {
extra-platforms = [ "aarch64-linux" ];
auto-optimise-store = true;
system-features = [ "big-parallel" ];
experimental-features = [ "nix-command" "flakes" ];
substituters = [
"https://cache.rfive.de"
@ -18,6 +20,9 @@
"cache.rfive.de:of5d+o6mfGXQSR3lk6ApfDBr4ampAUaNHux1O/XY3Tw="
"cache.ifsr.de:y55KBAMF4YkjIzXwYOKVk9fcQS+CZ9RM1zAAMYQJtsg="
];
trusted-users = [
"@wheel"
];
};
# buildMachines = [
# # {

2
users/rouven/modules/packages.nix
View file

@ -52,7 +52,7 @@
hut
wine
ansible
ansible-lint
# ansible-lint
# programming languages
cargo