From d2353d8b59c1945a7bda9df6e94bbd37b00655c7 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 11:59:14 +0200 Subject: [PATCH 1/9] nuc: networking updates --- hosts/nuc/default.nix | 2 ++ hosts/nuc/modules/backup/default.nix | 5 +++++ hosts/nuc/modules/networks/default.nix | 5 ++++- hosts/nuc/modules/torrent/default.nix | 8 ++++---- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 768080d..4fcbd32 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -54,6 +54,8 @@ helix lsof btdu + tcpdump + mtr ]; programs.git = { enable = true; diff --git a/hosts/nuc/modules/backup/default.nix b/hosts/nuc/modules/backup/default.nix index c7771b9..bc50c25 100644 --- a/hosts/nuc/modules/backup/default.nix +++ b/hosts/nuc/modules/backup/default.nix @@ -19,6 +19,11 @@ "/var/log" "/nix/persist" ]; + # don't backup these for now + exclude_patterns = [ + "/var/lib/movies" + "/var/lib/shows" + ]; repositories = [ { label = "nuc"; diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index c547460..eebf8f8 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -34,7 +34,10 @@ routeConfig.Gateway = "192.168.42.1"; }]; networkConfig = { - DNS = "192.168.42.1"; + DNS = [ + "9.9.9.9" + "149.112.112.112" + ]; LLDP = true; EmitLLDP = "nearest-bridge"; DNSSEC = false; diff --git a/hosts/nuc/modules/torrent/default.nix b/hosts/nuc/modules/torrent/default.nix index 9c8d83b..2bff346 100644 --- a/hosts/nuc/modules/torrent/default.nix +++ b/hosts/nuc/modules/torrent/default.nix @@ -78,7 +78,7 @@ in Group = cfg.user; Restart = "always"; - PrivateNetwork = true; + # PrivateNetwork = true; NetworkNamespacePath = "/var/run/netns/torrent"; ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox --profile=${cfg.stateDir} --webui-port=${toString cfg.port}"; @@ -88,9 +88,9 @@ in # Avoid using nscd (leaks dns) InaccessiblePaths = [ "/run/nscd" ]; - # BindReadOnlyPaths = [ - # "/etc/netns/mullvad/resolv.conf:/etc/resolv.conf" - # ]; + BindReadOnlyPaths = [ + "/etc/netns/torrent/resolv.conf:/etc/resolv.conf" + ]; # systemd-analyze --no-pager security qbittorrent.service CapabilityBoundingSet = null; From 4670c5d32336ac3630bbfc5c0e818e7cc145308e Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 12:00:00 +0200 Subject: [PATCH 2/9] user updates --- users/rouven/modules/packages.nix | 1 + users/rouven/modules/ssh/default.nix | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 28b340f..fe33497 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -17,6 +17,7 @@ (zathura.override { plugins = [ zathuraPkgs.zathura_pdf_mupdf ]; }) gimp ffmpeg + jellyfin-media-player # bluetooth blueman diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 62ddb55..190dd8c 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -35,6 +35,14 @@ in hostname = "login.zih.tu-dresden.de"; user = "rose159e"; }; + "mininet" = { + hostname = "internet.netd.cs.tu-dresden.de"; + user = "root"; + port = 2133; + extraOptions = { + ProxyJump = "tud"; + }; + }; # iFSR "quitte" = { From 514fbdf6ca8ea56f31f61ac8288e04690d0046e7 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 12:00:21 +0200 Subject: [PATCH 3/9] thinkpad updates --- hosts/thinkpad/default.nix | 4 ++++ hosts/thinkpad/modules/networks/uni.nix | 1 + 2 files changed, 5 insertions(+) diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index d817b51..7d7080d 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -60,6 +60,10 @@ upower.enable = true; fwupd.enable = true; # firmware updates btrfs.autoScrub.enable = true; + mullvad-vpn = { + enable = true; + enableExcludeWrapper = false; + }; }; hardware.bluetooth = { enable = true; diff --git a/hosts/thinkpad/modules/networks/uni.nix b/hosts/thinkpad/modules/networks/uni.nix index 0b4855e..eedc098 100644 --- a/hosts/thinkpad/modules/networks/uni.nix +++ b/hosts/thinkpad/modules/networks/uni.nix @@ -23,6 +23,7 @@ identity="rose159e@tu-dresden.de" password="@EDUROAM_AUTH@" phase2="auth=PAP" + bssid_ignore=7c:5a:1c:02:3d:ef ''; extraConfig = '' scan_ssid=1 From d1773d8882bffcdbb493dc18a10203694de390b0 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 12:00:29 +0200 Subject: [PATCH 4/9] nix flake update --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 35a4a2b..34fb717 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1715290355, + "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "type": "github" }, "original": { @@ -216,11 +216,11 @@ ] }, "locked": { - "lastModified": 1714679908, - "narHash": "sha256-KzcXzDvDJjX34en8f3Zimm396x6idbt+cu4tWDVS2FI=", + "lastModified": 1715486357, + "narHash": "sha256-4pRuzsHZOW5W4CsXI9uhKtiJeQSUoe1d2M9mWU98HC4=", "owner": "nix-community", "repo": "home-manager", - "rev": "9036fe9ef8e15a819fa76f47a8b1f287903fb848", + "rev": "44677a1c96810a8e8c4ffaeaad10c842402647c1", "type": "github" }, "original": { @@ -317,11 +317,11 @@ ] }, "locked": { - "lastModified": 1714273701, - "narHash": "sha256-bmoeZ5zMSSO/e8P51yjrzaxA9uzA3SZAEFvih6S3LFo=", + "lastModified": 1715483403, + "narHash": "sha256-WMDuQj7J5jbpXI/X/E6FZRKgBFGcaSTvYyVxPnKE6KU=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "941c4973c824509e0356be455d89613611f76c8a", + "rev": "f9027322f48b427da23746aa359a6510dfcd0228", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714635257, - "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", + "lastModified": 1715447595, + "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", + "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "type": "github" }, "original": { From b6d25c0fbb143ef2ab9a2f74683c0e59c3a77e08 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 13:44:39 +0200 Subject: [PATCH 5/9] test systemd updates --- flake.lock | 15 ++++++++------- flake.nix | 3 ++- hosts/vm/default.nix | 1 + 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/flake.lock b/flake.lock index 34fb717..ea0187c 100644 --- a/flake.lock +++ b/flake.lock @@ -332,17 +332,18 @@ }, "nixpkgs": { "locked": { - "lastModified": 1715447595, - "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", - "owner": "NixOS", + "lastModified": 1714430104, + "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=", + "owner": "nikstur", "repo": "nixpkgs", - "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", + "rev": "12215c110b0f3a652953d215e827fd4b56e0f536", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" + "owner": "nikstur", + "ref": "systemd-256", + "repo": "nixpkgs", + "type": "github" } }, "nixpkgs-lib": { diff --git a/flake.nix b/flake.nix index b25b850..6f78fa5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,8 @@ description = "My nix setup"; inputs = { - nixpkgs.url = "nixpkgs/nixos-unstable"; + # nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nikstur/nixpkgs/systemd-256"; nix-index-database = { url = "github:nix-community/nix-index-database"; diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index fd17428..a2befa2 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -13,6 +13,7 @@ loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; tmp.useTmpfs = true; + initrd.systemd.enable = true; }; networking.hostName = "vm"; # environment.persistence."/nix/persistent/system" = { From 49ecc28a50a078e4245e73321216f308a51c0763 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 14:08:45 +0200 Subject: [PATCH 6/9] vm: tmp disable some stuff --- hosts/vm/default.nix | 2 +- shared/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index a2befa2..c7546cb 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -43,7 +43,7 @@ }; # Enable the OpenSSH daemon. - services.openssh.enable = true; + # services.openssh.enable = true; users.mutableUsers = false; users.users.root = { diff --git a/shared/default.nix b/shared/default.nix index 1774f04..1cc9113 100644 --- a/shared/default.nix +++ b/shared/default.nix @@ -3,7 +3,7 @@ programs.nix-index-database.comma.enable = true; imports = [ ./activation.nix - ./gpg.nix + # ./gpg.nix ./vim.nix ./nix.nix ./systemd.nix From b81eb6fa54fa3c8e6cc29806225f72eaf6e888b0 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 14:09:56 +0200 Subject: [PATCH 7/9] more minimalism! --- flake.nix | 2 +- shared/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 6f78fa5..958cca7 100644 --- a/flake.nix +++ b/flake.nix @@ -139,7 +139,7 @@ specialArgs = attrs; modules = [ ./hosts/vm - ./shared + ./shared/systemd.nix nix-index-database.nixosModules.nix-index ]; }; diff --git a/shared/default.nix b/shared/default.nix index 1cc9113..1774f04 100644 --- a/shared/default.nix +++ b/shared/default.nix @@ -3,7 +3,7 @@ programs.nix-index-database.comma.enable = true; imports = [ ./activation.nix - # ./gpg.nix + ./gpg.nix ./vim.nix ./nix.nix ./systemd.nix From fcfb3e50b17560dce622518c55928f21a59cdaea Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 14:22:08 +0200 Subject: [PATCH 8/9] vm : another systemd test --- flake.lock | 32 ++++++++++++++++++++++++-------- flake.nix | 5 +++-- shared/systemd.nix | 4 ++-- 3 files changed, 29 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ea0187c..a9c3792 100644 --- a/flake.lock +++ b/flake.lock @@ -332,18 +332,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1714430104, - "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=", - "owner": "nikstur", + "lastModified": 1715447595, + "narHash": "sha256-VsVAUQOj/cS1LCOmMjAGeRksXIAdPnFIjCQ0XLkCsT0=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "12215c110b0f3a652953d215e827fd4b56e0f536", + "rev": "062ca2a9370a27a35c524dc82d540e6e9824b652", "type": "github" }, "original": { - "owner": "nikstur", - "ref": "systemd-256", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" } }, "nixpkgs-lib": { @@ -377,6 +376,22 @@ "type": "github" } }, + "nixpkgs-systemd-256": { + "locked": { + "lastModified": 1714430104, + "narHash": "sha256-TGCTDeE8lEm/HC92Ev5ql2vx6Z4iUOwF2vsmLn/UjkM=", + "owner": "nikstur", + "repo": "nixpkgs", + "rev": "12215c110b0f3a652953d215e827fd4b56e0f536", + "type": "github" + }, + "original": { + "owner": "nikstur", + "ref": "systemd-256", + "repo": "nixpkgs", + "type": "github" + } + }, "pfersel": { "inputs": { "nixpkgs": [ @@ -458,6 +473,7 @@ "nix-colors": "nix-colors", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", + "nixpkgs-systemd-256": "nixpkgs-systemd-256", "pfersel": "pfersel", "purge": "purge", "trucksimulatorbot": "trucksimulatorbot" diff --git a/flake.nix b/flake.nix index 958cca7..87bfb00 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,8 @@ description = "My nix setup"; inputs = { - # nixpkgs.url = "nixpkgs/nixos-unstable"; - nixpkgs.url = "github:nikstur/nixpkgs/systemd-256"; + nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs-systemd-256.url = "github:nikstur/nixpkgs/systemd-256"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -51,6 +51,7 @@ outputs = { self , nixpkgs + , nixpkgs-systemd-256 , home-manager , dns , nix-index-database diff --git a/shared/systemd.nix b/shared/systemd.nix index 45193d8..cb53f89 100644 --- a/shared/systemd.nix +++ b/shared/systemd.nix @@ -1,9 +1,9 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, nixpkgs-systemd-256, ... }: { systemd = { - package = lib.mkDefault (pkgs.systemd.override { withHomed = false; }); + package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; }); sleep.extraConfig = '' HibernateDelaySec=2h ''; From 07fd2780e698ee3610ea413675f65c3d35b29416 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Mon, 13 May 2024 14:23:43 +0200 Subject: [PATCH 9/9] vm doesn't need the index --- flake.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake.nix b/flake.nix index 87bfb00..1a30099 100644 --- a/flake.nix +++ b/flake.nix @@ -141,7 +141,6 @@ modules = [ ./hosts/vm ./shared/systemd.nix - nix-index-database.nixosModules.nix-index ]; }; iso = nixpkgs.lib.nixosSystem {