2023-12-03-10-16-26
This commit is contained in:
Alexander Szczepanski
135
machine/mini.nix
135
machine/mini.nix
@ -10,17 +10,28 @@ in {
|
||||
../configs/user.nix
|
||||
];
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ];
|
||||
boot = {
|
||||
loader = {
|
||||
grub = {
|
||||
enable = true;
|
||||
device = "nodev";
|
||||
efiSupport = true;
|
||||
configurationLimit = 5;
|
||||
};
|
||||
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ];
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
networking = {
|
||||
hostName = "mini";
|
||||
useDHCP = false;
|
||||
firewall = { enable = false; };
|
||||
networkmanager.enable = true;
|
||||
interfaces.enp3s0.useDHCP = true;
|
||||
interfaces.wlp0s20u1u1.useDHCP = true;
|
||||
wireguard.interfaces = {
|
||||
wg0 = {
|
||||
ips = [ "10.100.0.3/24" ];
|
||||
@ -30,35 +41,53 @@ in {
|
||||
publicKey = secrets.wireguard-vps-public;
|
||||
presharedKey = secrets.wireguard-preshared;
|
||||
allowedIPs = [ "10.100.0.0/24" ];
|
||||
endpoint = "szczepan.ski:51820";
|
||||
endpoint = "207.180.220.97:51820";
|
||||
persistentKeepalive = 25;
|
||||
}];
|
||||
|
||||
postSetup = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
# This undoes the above command
|
||||
postShutdown = ''
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nat = {
|
||||
enable = true;
|
||||
externalInterface = "wlp0s20u1u1";
|
||||
internalInterfaces = [ "wg0" ];
|
||||
};
|
||||
|
||||
wireless = {
|
||||
enable = true;
|
||||
networks.Skynet.psk = secrets.wifipassword;
|
||||
interfaces = [ "wlp0s20u1u1" ];
|
||||
};
|
||||
};
|
||||
|
||||
# nixpkgs.config.packageOverrides = pkgs: {
|
||||
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
# };
|
||||
# hardware.opengl = {
|
||||
# enable = true;
|
||||
# extraPackages = with pkgs; [
|
||||
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
# vaapiVdpau
|
||||
# libvdpau-va-gl
|
||||
# ];
|
||||
# };
|
||||
|
||||
services = {
|
||||
# k3s = {
|
||||
# enable = true;
|
||||
# role = "server";
|
||||
# };
|
||||
|
||||
# nextdns = {
|
||||
# arguments = pkgs.lib.mkForce [
|
||||
# "-config"
|
||||
# secrets.nextdnshash
|
||||
# "-cache-size"
|
||||
# "10MB"
|
||||
# "-listen"
|
||||
# "0.0.0.0:53"
|
||||
# "-listen"
|
||||
# ":::53"
|
||||
# "-forwarder"
|
||||
# secrets.nextdnsforwarder
|
||||
# "-report-client-info"
|
||||
# ];
|
||||
# };
|
||||
|
||||
ddclient = {
|
||||
enable = true;
|
||||
verbose = true;
|
||||
@ -68,26 +97,54 @@ in {
|
||||
domains = [ "home.beinacht.org" ];
|
||||
};
|
||||
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.brlaser ];
|
||||
browsing = true;
|
||||
listenAddresses = [
|
||||
"*:631"
|
||||
]; # Not 100% sure this is needed and you might want to restrict to the local network
|
||||
allowFrom = [
|
||||
"all"
|
||||
]; # this gives access to anyone on the interface you might want to limit it see the official documentation
|
||||
defaultShared = true; # If you want
|
||||
};
|
||||
# printing = {
|
||||
# enable = true;
|
||||
# drivers = [ pkgs.brlaser ];
|
||||
# browsing = true;
|
||||
# listenAddresses = [
|
||||
# "*:631"
|
||||
# ]; # Not 100% sure this is needed and you might want to restrict to the local network
|
||||
# allowFrom = [
|
||||
# "all"
|
||||
# ]; # this gives access to anyone on the interface you might want to limit it see the official documentation
|
||||
# defaultShared = true; # If you want
|
||||
# };
|
||||
|
||||
avahi = {
|
||||
enable = true;
|
||||
publish.enable = true;
|
||||
publish.userServices = true;
|
||||
# avahi = {
|
||||
# enable = true;
|
||||
# publish.enable = true;
|
||||
# publish.userServices = true;
|
||||
# };
|
||||
|
||||
borgbackup.jobs.home = rec {
|
||||
compression = "auto,zstd";
|
||||
encryption = {
|
||||
mode = "repokey-blake2";
|
||||
passphrase = secrets.borg-key;
|
||||
};
|
||||
extraCreateArgs =
|
||||
"--list --stats --verbose --checkpoint-interval 600 --exclude-caches";
|
||||
environment.BORG_RSH =
|
||||
"ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519";
|
||||
paths = [ "/home/alex" "/var/lib" ];
|
||||
repo = secrets.borg-repo;
|
||||
startAt = "daily";
|
||||
prune.keep = {
|
||||
daily = 7;
|
||||
weekly = 4;
|
||||
monthly = 6;
|
||||
};
|
||||
extraPruneArgs = "--save-space --list --stats";
|
||||
exclude = [ "/home/alex/.cache" ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
powerManagement = {
|
||||
enable = true;
|
||||
powertop.enable = true;
|
||||
cpuFreqGovernor = "powersave";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user