BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos-virtualbox-2024-11-02-22-28-41

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-11-02 22:28:41 +01:00
parent 35fc5c5a1e
commit 28030edba6
7 changed files with 172 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -6,6 +6,7 @@ keys:
- &framework age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4
- &vps-arm age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel
- &mini age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
- &nixos-vm age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw
creation_rules:
- path_regex: secrets.yaml$
key_groups:
@ -15,6 +16,7 @@ creation_rules:
- *vps-arm
- *framework
- *mini
- *nixos-vm
- path_regex: secrets-desktop.yaml$
key_groups:
- age:

28
configs/user.nix
View File

@ -106,30 +106,12 @@ in
matchBlocks."szczepan.ski" = { hostname = "szczepan.ski"; };
matchBlocks."mini" = { hostname = "mini"; };
matchBlocks."thinkpad" = { hostname = "thinkpad"; };
# matchBlocks."pi" = { hostname = "10.100.0.6"; };
# matchBlocks."vps2" = { hostname = "10.100.0.50"; };
# matchBlocks."vps3" = { hostname = "10.100.0.100"; };
# matchBlocks."router" = {
# hostname = "192.168.1.1";
# user = "root";
# localForwards = [{
# bind.address = "127.0.0.1";
# bind.port = 1337;
# host.address = "127.0.0.1";
# host.port = 80;
# }];
# };
matchBlocks."nixos-vm" = {
hostname = "127.0.0.1";
port = 1337;
};
# matchBlocks."homeserver" = {
# hostname = "192.168.0.100";
# localForwards = [{
# bind.address = "127.0.0.1";
# bind.port = 8385;
# host.address = "127.0.0.1";
# host.port = 8384;
# }];
# };
matchBlocks."thinkpad" = { hostname = "thinkpad"; };
};
git = {

5
flake.nix
View File

@ -121,11 +121,12 @@
];
};
nixos-libvirt = nixpkgs.lib.nixosSystem {
nixos-virtualbox = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs outputs; };
modules = [
./machine/nixos-libvirt/configuration.nix
sops-nix.nixosModules.sops
./machine/nixos-virtualbox/configuration.nix
];
};
};

42
kernelpatches/fix-netfilter-6.11.4.patch
View File

@ -1,42 +0,0 @@
diff --git a/net/netfilter/xt_NFLOG.c b/net/netfilter/xt_NFLOG.c
index d80abd6ccaf8f71fa70605fef7edada827a19ceb..6dcf4bc7e30b2ae364a1cd9ac8df954a90905c52 100644
--- a/net/netfilter/xt_NFLOG.c
+++ b/net/netfilter/xt_NFLOG.c
@@ -79,7 +79,7 @@ static struct xt_target nflog_tg_reg[] __read_mostly = {
{
.name = "NFLOG",
.revision = 0,
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_IPV6,
.checkentry = nflog_tg_check,
.destroy = nflog_tg_destroy,
.target = nflog_tg,
diff --git a/net/netfilter/xt_TRACE.c b/net/netfilter/xt_TRACE.c
index f3fa4f11348cd8ad796ce94f012cd48aa7a9020f..2a029b4adbcadf95e493b153f613a210624a9101 100644
--- a/net/netfilter/xt_TRACE.c
+++ b/net/netfilter/xt_TRACE.c
@@ -49,6 +49,7 @@ static struct xt_target trace_tg_reg[] __read_mostly = {
.target = trace_tg,
.checkentry = trace_tg_check,
.destroy = trace_tg_destroy,
+ .me = THIS_MODULE,
},
#endif
};
diff --git a/net/netfilter/xt_mark.c b/net/netfilter/xt_mark.c
index f76fe04fc9a4e19f18ac323349ba6f22a00eafd7..65b965ca40ea7ea5d9feff381b433bf267a424c4 100644
--- a/net/netfilter/xt_mark.c
+++ b/net/netfilter/xt_mark.c
@@ -62,7 +62,7 @@ static struct xt_target mark_tg_reg[] __read_mostly = {
{
.name = "MARK",
.revision = 2,
- .family = NFPROTO_IPV4,
+ .family = NFPROTO_IPV6,
.target = mark_tg,
.targetsize = sizeof(struct xt_mark_tginfo2),
.me = THIS_MODULE,
---
base-commit: 75aa74d52f43e75d0beb20572f98529071b700e5
change-id: 20241018-xtables-typos-dfeadb8b122d

59
machine/nixos-virtualbox/configuration.nix Executable file
View File

@ -0,0 +1,59 @@
{ config, pkgs, lib, outputs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
imports = [
./hardware-configuration.nix
../../configs/common.nix
../../configs/docker.nix
# ../../configs/plasma-wayland.nix
# ../../configs/user-gui.nix
../../configs/user.nix
];
sops = {
defaultSopsFile = ../../secrets.yaml;
validateSopsFiles = true;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
hashedPassword = {
neededForUsers = true;
};
};
};
networking.hostName = "nixos-virtualbox"; # Define your hostname.
time.timeZone = "Europe/Berlin";
boot = {
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
};
};
supportedFilesystems = [ "btrfs" ];
};
networking.networkmanager.enable = true;
programs.nix-ld.enable = true;
# services = {
# k3s = {
# enable = true;
# role = "server";
# };
# };
system.stateVersion = "24.11";
}

69
machine/nixos-virtualbox/hardware-configuration.nix Normal file
View File

@ -0,0 +1,69 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "ehci_pci" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "noatime" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/persist" =
{
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" "noatime" ];
neededForBoot = true;
};
fileSystems."/var/log" =
{
device = "/dev/disk/by-uuid/3719ec05-eb90-455f-98c0-0313c0bcb964";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
neededForBoot = true;
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/6F47-35E9";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.virtualbox.guest.enable = true;
}

59
secrets.yaml
View File

@ -8,47 +8,56 @@ sops:
- recipient: age1gjhlw6vkfers3f76yug3alwupe4jckjhg8ncr8kll5gj5g6wlqtqacqa73
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvcTFVblJnMklBeUJiVXlz
dzJTcDdQVkpNK1J0OEhYVkc2N3NaNGUvMjNzClVFVGN5S0tPSy9ob3cvaUhma2N4
Nm0wT0RaOEdQajAwSnkvQTc2N1FRSzQKLS0tIHd6dUxzWE5XVUVwWm9CMWxTdHM4
dXRuN045TFl0M1VwSWgwWGsxRXFVR0UKOTzo3qKjTsnWOsCKJy4gZyGjQjS7cFIE
kFdz0hRVkWrq/oenYt3xaEhf8H3bXURIhp8EnPSgo2Dr34c04AtaNw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTk96eDJhSm1xU1JwTVVt
Um9sdHo5YzNQQkRHYVR6bnBKMFFWaGhXM3lRClZuRnRTNDZLdjM5bGp2ODVGdThm
OCtOSVMxcm90dHY0bFJTZzBINUkxek0KLS0tIERObldlbEVOQzhsQlNFQWdTc25v
cTQ1KzJtUlJmaXNucHFBb1hTU1UzOGsKvH/IyBCKA3zzW+fvASz7q0y0XPl+m/j8
zolXT3V7Suj3QcZMhUbB4z9UdamO+nDTFmx4yio1IsaytzyHZRe9eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m873zl0umr6huvs7ft98t7dg3wqx7skzgdrd6vjzeh8h6kkgdghsy5atvx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQVdTaDdoZTh1ei9LV1Ro
UDdhQk9CU0R4Z0o1SElNOXpLcjRHR2pmK0VFCmtQUTJFVzJhMnprSFp4TFh4T3Yz
Zkk0bGR1bUp4Q2hZcHFEVUhRdDVvblUKLS0tIGFDdjNCVlplVHFxSG4zNXFtQUND
Ri9iQU5SRU5oMGdob1FDSlFmVVczU28K06xJtBqffr7G3+4ctAFf5Eh5lSHQ91Zf
lxyW9aXij61Nqhdkeo2GVtxw6Q3/MGWgacmZ5bHPaYz76YQI1ku9ag==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdjI2VFk3aU9yNVFZYVpy
QkZMZE81RVc5R1pjZGdudXdEQUh3TlFDVXpVCjlGR1Y1SFNzNC9WRFU4cTJMUDUr
M2laQ0t6YW1FZ1MwM0t5UGo3TEtmY0UKLS0tIGk0bVlJNlRoUzFQWURoSHpkSms4
SjFCb2RqQWpkZHNCT3lJZVUrR28xUjAKyz4RIevkYEzvruaHZQVoB1DNodryzAY4
cg1KYwUEdeysqUdUcLEnLa9uXUVZrV7ORXGPLXf4+3OuqH470LXeow==
-----END AGE ENCRYPTED FILE-----
- recipient: age14l4v7kmtpp49mgngftlqquqe2u0mpdnfvnmtgqzv5zlsxh8mpvdspk3mel
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlamhTbU5FclNRVEVjL01m
QWRFTGI3ZHJGTUtSNjI3cFE2NjA0SEZ1QWgwCjZRTGg5NXlCS0hxc2JCeXBBSmZ2
bHRhQjdFUE9ZM0JmaXZOVFAxMTk4Rk0KLS0tIFJtMHpnSTNqUkExQWpUT2wvR2kv
ZjNXem1KTDN1N0RZcHBpNklFVmpZNHcKb81FFkAZVz/vVCQJlqVBrJk+jdWG3inT
x+y8BDgZ/R/J0DhxdwbWzMxBT/Agb8I3It6ixlAQlOXcbS4lQE/1WA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBldlpNR0M4cm5NMUY3VjNC
V2xxejlwQlNCeVhBMVVadHNNbFNtbDY0NmxrCmNoT2hZc1E3aW5tM3NzK0pLSVJI
eEZxYmlsQXVyVUtQdi9RYW5ScHNZbzgKLS0tIExoR2Z1a2pBYjZYQ0FrbjlLV3Bm
OVR2V09mM2FEcGFIVjhoUnNhY1kyeEEKMcSdgu1Y9PrdBktjZvXQGCJeJhKKtkH2
VByVif04bW271JLB2QgjyTJOA73RJkOZuN7fcjqHYBNVoM/NdNkOpQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w3nq2g9ctm43f43lyzfrznywqpqlrk6x9de2qy3sr05mm4yk4u3s05slw4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTnRHT1BuYjVoVllJMktR
RGMzMTBFQjRhSkMwOENZeHFJVHRxQnl5RkJZCndQRWVRWmkwYjVKT1Z2SWFnODFm
OStNRGlzSlpSaWtMNEkzbzc1ZHpZZ1EKLS0tIExQb3ZNNVl6SWVKSTVzYnJTd00v
Sjc2cWJjK3doYnBqV0cxV05ublU2ZEUKCv4pTu6qLc4EErYpucbKVV4jnRs/kl/6
F2HgZdu+Fag2J8YqDTWJXntNKtEIfSeRy7X2BL9i98RIsqSBmMWchg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbTRZK2ZRRGVHZSthKytj
RXdlbCt3RWJNYkhJbmFwQUE1RFNqRm4rWUU0CmRoVktwVHgyTWhTb2VBa0ZJZm42
Uldqb05qeko5dDg3RmhNSnFqMkduOTQKLS0tIHFRZDIybDNxOWgvV2xramVNMEpy
c1Q2d25YMk1HYjNJYUord1BTM01DQUUKZ3LK0ouB8xkI6veYb0C4wmtnBFKrFdYH
VTFpmrxFeP8961M9ohgK2u7z5zcL7YrIOsdqyA9Plu56/md4xn81kQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hdv2nz7r5fv6glq7jac27uf864t2668a97ptx52q57yfg4jd7ypqkag7wd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WFFIUlFIWFptamxKd3NQ
Mk0yVnNwbXlTQ3FuUlRsWDFGdWhkTnlOc3dFClJpdlIyUHZzZTMrcXJUNngrOFo4
TlVVYndGeHlRNFZPRXdPeE43em5PaGMKLS0tIFo4c3F4TWhJY21Xcm9EUHZxNkZX
RXBXbzJ4QVlMV0pVeHpiVXFYUU9KV2sKfXcnRRV2woD8j6Wc57vaE+jHQssiic5n
62ob3gt7bPtZdDbTZqrZzwuiSp0NI4jTkmQyPG+E0Ehm3KX5BjXmOw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWS2FzZDZGbkFTbVA0UzV3
TEZCKzlZOEJDM1pmU3ZoaUFhZTNiMXNvd3o4Cm1GRHgvVERRc2tYOGcrakRLeTVw
dDAyZ1VNZWt6bDQ4b2tKMk5oRzk2WW8KLS0tIEJnUjh4RjcvZTM1UW81NTB5Zmph
QnFpMXR6ZVhqamVZQ1M2aHFmQzVrNTQKuV6D+MfkcAkT8aopZ9JZsXeGJIavkoW/
+rXWSLNwnWK84Fqiy1mu8KYId2g3dQjkn5GChpmzTB7tGGXMkIQ1Ow==
-----END AGE ENCRYPTED FILE-----
- recipient: age120fg86wv7vrcw6aeuunkzr7nerpwg8w0vu08xp8v8feqawtzqquq4763cw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZG9XYXBxc2pUTi9KQ2dl
Z1BjUVpsdlhRQWFNdzNvdjExV0ViYUZYNkZrCm9CSkFRRUI5Nm83NGxCZjk4MzJi
S3YvcGEvaU9NUVBiZ2l3NmVqWmlEQlkKLS0tIFZzS0Z2MTllV3pueHBWUm1va3V5
bTVOOXJ2UGQzSUJ3SHhwbzByS1RUQWcKg5A6CPu6PgF972SimG9jE8bURR1DIh5l
mI4d72mbUkkoWwetxkUNMFOA3JJvfM+BqsPdz/gm3snfdPDEhR8Zhg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-31T15:55:06Z"
mac: ENC[AES256_GCM,data:KQraWMxoXkcrEHCG6R+M31qRCGMwXekA9hIgyULXLaCjkHHJ1JRovgMD0ujTgZVseLipXBCXzH2RJvErNDhozXyrSEpzU0hBb50c0BCD3yaSPojTFCHDGIt/9qi4YHVnOHBP7jVxrFSGk84TNgMqO16dUNsMu6faEYX8CpkHoZM=,iv:ci/kWQCWuV98YdCtgKqQCOgsfAup/pG4smoWvFXRWX4=,tag:2ivvnVo0+ft3BIts3axMGw==,type:str]