BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

2023-12-03-10-16-26

Browse Source
This commit is contained in:
Alexander Szczepanski
2023-12-03 10:16:27 +01:00
parent 83648f860e
commit 13330aeb64
3 changed files with 98 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configs/docker.nix
View File

@ -12,5 +12,6 @@
docker-compose docker-compose
lazydocker lazydocker
minikube minikube
lazydocker
]; ];
} }

2
configs/user.nix
View File

@ -137,7 +137,7 @@ in
enable = true; enable = true;
enableAutosuggestions = true; enableAutosuggestions = true;
enableCompletion = true; enableCompletion = true;
enableSyntaxHighlighting = true; syntaxHighlighting.enable = true;
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
plugins = plugins =

139
machine/mini.nix
View File

@ -10,17 +10,28 @@ in {
../configs/user.nix ../configs/user.nix
]; ];
# Use the systemd-boot EFI boot loader. boot = {
boot.loader.systemd-boot.enable = true; loader = {
boot.loader.efi.canTouchEfiVariables = true; grub = {
boot.extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ]; enable = true;
device = "nodev";
efiSupport = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
};
extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ];
};
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
networking = { networking = {
hostName = "mini"; hostName = "mini";
useDHCP = false; useDHCP = false;
firewall = { enable = false; }; firewall = { enable = false; };
networkmanager.enable = true; interfaces.enp3s0.useDHCP = true;
interfaces.wlp0s20u1u1.useDHCP = true;
wireguard.interfaces = { wireguard.interfaces = {
wg0 = { wg0 = {
ips = [ "10.100.0.3/24" ]; ips = [ "10.100.0.3/24" ];
@ -30,35 +41,53 @@ in {
publicKey = secrets.wireguard-vps-public; publicKey = secrets.wireguard-vps-public;
presharedKey = secrets.wireguard-preshared; presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.0/24" ];
endpoint = "szczepan.ski:51820"; endpoint = "207.180.220.97:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
}]; }];
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
'';
}; };
}; };
nat = {
enable = true;
externalInterface = "wlp0s20u1u1";
internalInterfaces = [ "wg0" ];
}; };
wireless = {
enable = true;
networks.Skynet.psk = secrets.wifipassword;
interfaces = [ "wlp0s20u1u1" ];
};
};
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
# hardware.opengl = {
# enable = true;
# extraPackages = with pkgs; [
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
# ];
# };
services = { services = {
# k3s = { # k3s = {
# enable = true; # enable = true;
# role = "server"; # role = "server";
# }; # };
# nextdns = {
# arguments = pkgs.lib.mkForce [
# "-config"
# secrets.nextdnshash
# "-cache-size"
# "10MB"
# "-listen"
# "0.0.0.0:53"
# "-listen"
# ":::53"
# "-forwarder"
# secrets.nextdnsforwarder
# "-report-client-info"
# ];
# };
ddclient = { ddclient = {
enable = true; enable = true;
verbose = true; verbose = true;
@ -68,26 +97,54 @@ in {
domains = [ "home.beinacht.org" ]; domains = [ "home.beinacht.org" ];
}; };
printing = { # printing = {
# enable = true;
# drivers = [ pkgs.brlaser ];
# browsing = true;
# listenAddresses = [
# "*:631"
# ]; # Not 100% sure this is needed and you might want to restrict to the local network
# allowFrom = [
# "all"
# ]; # this gives access to anyone on the interface you might want to limit it see the official documentation
# defaultShared = true; # If you want
# };
# avahi = {
# enable = true;
# publish.enable = true;
# publish.userServices = true;
# };
borgbackup.jobs.home = rec {
compression = "auto,zstd";
encryption = {
mode = "repokey-blake2";
passphrase = secrets.borg-key;
};
extraCreateArgs =
"--list --stats --verbose --checkpoint-interval 600 --exclude-caches";
environment.BORG_RSH =
"ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519";
paths = [ "/home/alex" "/var/lib" ];
repo = secrets.borg-repo;
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
extraPruneArgs = "--save-space --list --stats";
exclude = [ "/home/alex/.cache" ];
};
};
powerManagement = {
enable = true; enable = true;
drivers = [ pkgs.brlaser ]; powertop.enable = true;
browsing = true; cpuFreqGovernor = "powersave";
listenAddresses = [
"*:631"
]; # Not 100% sure this is needed and you might want to restrict to the local network
allowFrom = [
"all"
]; # this gives access to anyone on the interface you might want to limit it see the official documentation
defaultShared = true; # If you want
}; };
avahi = { system.stateVersion = "23.11";
enable = true;
publish.enable = true;
publish.userServices = true;
};
};
system.stateVersion = "23.05";
} }