diff --git a/flake.lock b/flake.lock index 35a4a2b..a9c3792 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -216,11 +216,11 @@ ] }, "locked": { - "lastModified": 1714679908, - "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1714273701, - "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=", + "lastModified": 1715483403, + "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "941c4973c824509e0356be455d89613611f76c8a", + "rev": "f9027322f48b427da23746aa359a6510dfcd0228", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1715447595, + "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "type": "github" }, "original": { @@ -376,6 +376,22 @@ "type": "github" } }, + "nixpkgs-systemd-256": { + "locked": { + "lastModified": 1714430104, + "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=", + "owner": "nikstur", + "repo": "nixpkgs", + "rev": "12215c110b0f3a652953d215e827fd4b56e0f536", + "type": "github" + }, + "original": { + "owner": "nikstur", + "ref": "systemd-256", + "repo": "nixpkgs", + "type": "github" + } + }, "pfersel": { "inputs": { "nixpkgs": [ @@ -457,6 +473,7 @@ "nix-colors": "nix-colors", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", + "nixpkgs-systemd-256": "nixpkgs-systemd-256", "pfersel": "pfersel", "purge": "purge", "trucksimulatorbot": "trucksimulatorbot" diff --git a/flake.nix b/flake.nix index b25b850..1a30099 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs-systemd-256.url = "github:nikstur/nixpkgs/systemd-256"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -50,6 +51,7 @@ outputs = { self , nixpkgs + , nixpkgs-systemd-256 , home-manager , dns , nix-index-database @@ -138,8 +140,7 @@ specialArgs = attrs; modules = [ ./hosts/vm - ./shared - nix-index-database.nixosModules.nix-index + ./shared/systemd.nix ]; }; iso = nixpkgs.lib.nixosSystem { diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 768080d..4fcbd32 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -54,6 +54,8 @@ helix lsof btdu + tcpdump + mtr ]; programs.git = { enable = true; diff --git a/hosts/nuc/modules/backup/default.nix b/hosts/nuc/modules/backup/default.nix index c7771b9..bc50c25 100644 --- a/hosts/nuc/modules/backup/default.nix +++ b/hosts/nuc/modules/backup/default.nix @@ -19,6 +19,11 @@ "/var/log" "/nix/persist" ]; + # don't backup these for now + exclude_patterns = [ + "/var/lib/movies" + "/var/lib/shows" + ]; repositories = [ { label = "nuc"; diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index c547460..eebf8f8 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -34,7 +34,10 @@ routeConfig.Gateway = "192.168.42.1"; }]; networkConfig = { - DNS = "192.168.42.1"; + DNS = [ + "9.9.9.9" + "149.112.112.112" + ]; LLDP = true; EmitLLDP = "nearest-bridge"; DNSSEC = false; diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 9c8d83b..2bff346 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -78,7 +78,7 @@ in Group = cfg.user; Restart = "always"; - PrivateNetwork = true; + # PrivateNetwork = true; NetworkNamespacePath = "/var/run/netns/torrent"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}"; @@ -88,9 +88,9 @@ in # Avoid using nscd (leaks dns) InaccessiblePaths = [ "/run/nscd" ]; - # BindReadOnlyPaths = [ - # "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf" - # ]; + BindReadOnlyPaths = [ + "/etc/netns/torrent/resolv.conf:/etc/resolv.conf" + ]; # systemd-analyze --no-pager security qbittorrent.service CapabilityBoundingSet = null; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index d817b51..7d7080d 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -60,6 +60,10 @@ upower.enable = true; fwupd.enable = true; # firmware updates btrfs.autoScrub.enable = true; + mullvad-vpn = { + enable = true; + enableExcludeWrapper = false; + }; }; hardware.bluetooth = { enable = true; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 0b4855e..eedc098 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,6 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" + bssid_ignore=7c:5a:1c:02:3d:ef ''; extraConfig = '' scan_ssid=1 diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index fd17428..c7546cb 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -13,6 +13,7 @@ loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; tmp.useTmpfs = true; + initrd.systemd.enable = true; }; networking.hostName = "vm"; # environment.persistence."/nix/persistent/system" = { @@ -42,7 +43,7 @@ }; # Enable the OpenSSH daemon. - services.openssh.enable = true; + # services.openssh.enable = true; users.mutableUsers = false; users.users.root = { diff --git a/shared/systemd.nix b/shared/systemd.nix index 45193d8..cb53f89 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -1,9 +1,9 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, nixpkgs-systemd-256, ... }: { systemd = { - package = lib.mkDefault (pkgs.systemd.override { withHomed = false; }); + package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; }); sleep.extraConfig = '' HibernateDelaySec=2h ''; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 28b340f..fe33497 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -17,6 +17,7 @@ (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; }) gimp ffmpeg + jellyfin-media-player # bluetooth blueman diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 62ddb55..190dd8c 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -35,6 +35,14 @@ in hostname = "login.zih.tu-dresden.de"; user = "rose159e"; }; + "mininet" = { + hostname = "internet.netd.cs.tu-dresden.de"; + user = "root"; + port = 2133; + extraOptions = { + ProxyJump = "tud"; + }; + }; # iFSR "quitte" = {