diff --git a/.gitignore b/.gitignore index 4b52d32..7490912 100755 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,2 @@ .gitsecret/keys/random_seed -!*.secret -configs/secrets.nix -configs/secrets-desktop.nix -configs/secrets-thinkpad.nix +!*.secret \ No newline at end of file diff --git a/config.json b/config.json deleted file mode 100755 index fc2b13f..0000000 --- a/config.json +++ /dev/null @@ -1,207 +0,0 @@ -{ - "defaultStrategy": "lazy", - "strategyOnDischarging": "", - "batteryChargingStatusPath": "", - "strategies": { - "sleep": { - "fanSpeedUpdateFrequency": 5, - "movingAverageInterval": 40, - "speedCurve": [ - { - "temp": 0, - "speed": 0 - } - ] - }, - "lazyest": { - "fanSpeedUpdateFrequency": 5, - "movingAverageInterval": 40, - "speedCurve": [ - { - "temp": 0, - "speed": 0 - }, - { - "temp": 45, - "speed": 0 - }, - { - "temp": 65, - "speed": 25 - }, - { - "temp": 70, - "speed": 35 - }, - { - "temp": 75, - "speed": 50 - }, - { - "temp": 85, - "speed": 100 - } - ] - }, - "lazy": { - "fanSpeedUpdateFrequency": 5, - "movingAverageInterval": 30, - "speedCurve": [ - { - "temp": 0, - "speed": 15 - }, - { - "temp": 50, - "speed": 15 - }, - { - "temp": 65, - "speed": 25 - }, - { - "temp": 70, - "speed": 35 - }, - { - "temp": 75, - "speed": 50 - }, - { - "temp": 85, - "speed": 100 - } - ] - }, - "medium": { - "fanSpeedUpdateFrequency": 5, - "movingAverageInterval": 30, - "speedCurve": [ - { - "temp": 0, - "speed": 15 - }, - { - "temp": 40, - "speed": 15 - }, - { - "temp": 60, - "speed": 30 - }, - { - "temp": 70, - "speed": 40 - }, - { - "temp": 75, - "speed": 80 - }, - { - "temp": 85, - "speed": 100 - } - ] - }, - "agile": { - "fanSpeedUpdateFrequency": 3, - "movingAverageInterval": 15, - "speedCurve": [ - { - "temp": 0, - "speed": 15 - }, - { - "temp": 40, - "speed": 15 - }, - { - "temp": 60, - "speed": 30 - }, - { - "temp": 70, - "speed": 40 - }, - { - "temp": 75, - "speed": 80 - }, - { - "temp": 85, - "speed": 100 - } - ] - }, - "very-agile": { - "fanSpeedUpdateFrequency": 2, - "movingAverageInterval": 5, - "speedCurve": [ - { - "temp": 0, - "speed": 15 - }, - { - "temp": 40, - "speed": 15 - }, - { - "temp": 60, - "speed": 30 - }, - { - "temp": 70, - "speed": 40 - }, - { - "temp": 75, - "speed": 80 - }, - { - "temp": 85, - "speed": 100 - } - ] - }, - "deaf": { - "fanSpeedUpdateFrequency": 2, - "movingAverageInterval": 5, - "speedCurve": [ - { - "temp": 0, - "speed": 20 - }, - { - "temp": 40, - "speed": 30 - }, - { - "temp": 50, - "speed": 50 - }, - { - "temp": 60, - "speed": 100 - } - ] - }, - "aeolus": { - "fanSpeedUpdateFrequency": 2, - "movingAverageInterval": 5, - "speedCurve": [ - { - "temp": 0, - "speed": 20 - }, - { - "temp": 40, - "speed": 50 - }, - { - "temp": 65, - "speed": 100 - } - ] - } - } -} diff --git a/ddclient.conf b/ddclient.conf deleted file mode 100755 index c6bcc9b..0000000 --- a/ddclient.conf +++ /dev/null @@ -1 +0,0 @@ -rtGAAbKqSiCi9yqJDezwTl40YXniShCWWoBygXMyIMJWFellAXMRbl9dZY2fNwcB \ No newline at end of file diff --git a/flake.nix b/flake.nix index f8d2f34..d002291 100644 --- a/flake.nix +++ b/flake.nix @@ -66,12 +66,20 @@ }; vps-arm = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + system = "aarch64-linux"; specialArgs = { inherit inputs outputs; }; modules = [ ./machine/vps-arm/configuration.nix ]; }; + + mini = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs outputs; }; + modules = [ + ./machine/mini/configuration.nix + ]; + }; }; }; } diff --git a/machine/mini.nix b/machine/mini.nix deleted file mode 100755 index b743a5f..0000000 --- a/machine/mini.nix +++ /dev/null @@ -1,172 +0,0 @@ -{ config, pkgs, ... }: -let secrets = import ../configs/secrets.nix; -in { - imports = [ - - /etc/nixos/hardware-configuration.nix - ../configs/docker.nix - ../configs/libvirt.nix - ../configs/common.nix - ../configs/user.nix - ]; - - boot = { - loader = { - grub = { - enable = true; - device = "nodev"; - efiSupport = true; - configurationLimit = 5; - }; - - efi.canTouchEfiVariables = true; - }; - - extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ]; - }; - - time.timeZone = "Europe/Berlin"; - networking = { - hostName = "mini"; - useDHCP = false; - firewall = { enable = false; }; - interfaces = { - enp3s0.useDHCP = true; - wlp0s20u1u1.useDHCP = true; - }; - - nftables.enable = true; - wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.3/24" ]; - privateKey = secrets.wireguard-mini-private; - - peers = [{ - publicKey = secrets.wireguard-vps-public; - presharedKey = secrets.wireguard-preshared; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "[2a02:c207:3008:1547::1]:51820"; - persistentKeepalive = 25; - }]; - - postSetup = '' - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE - ''; - - # This undoes the above command - postShutdown = '' - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE - ''; - }; - }; - - # nat = { - # enable = true; - # externalInterface = "enp3s0"; - # internalInterfaces = [ "tailscale0" ]; - # }; - - wireless = { - enable = true; - networks.Skynet.psk = secrets.wifipassword; - interfaces = [ "wlp0s20u1u1" ]; - }; - }; - - # nixpkgs.config.packageOverrides = pkgs: { - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; - # }; - # hardware.opengl = { - # enable = true; - # extraPackages = with pkgs; [ - # intel-media-driver # LIBVA_DRIVER_NAME=iHD - # vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - # vaapiVdpau - # libvdpau-va-gl - # ]; - # }; - - services = { - # k3s = { - # enable = true; - # role = "server"; - # }; - - # printing = { - # enable = true; - # drivers = [ pkgs.brlaser ]; - # browsing = true; - # listenAddresses = [ - # "*:631" - # ]; # Not 100% sure this is needed and you might want to restrict to the local network - # allowFrom = [ - # "all" - # ]; # this gives access to anyone on the interface you might want to limit it see the official documentation - # defaultShared = true; # If you want - # }; - - # avahi = { - # enable = true; - # publish.enable = true; - # publish.userServices = true; - # }; - - tailscale = { - enable = true; - useRoutingFeatures = "both"; - extraUpFlags = "--advertise-exit-node --login-server=https://headscale.szczepan.ski"; - }; - - borgbackup.jobs.home = rec { - compression = "auto,zstd"; - encryption = { - mode = "repokey-blake2"; - passphrase = secrets.borg-key; - }; - extraCreateArgs = - "--list --stats --verbose --checkpoint-interval 600 --exclude-caches"; - environment.BORG_RSH = - "ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519"; - paths = [ "/home/alex" "/var/lib" ]; - repo = secrets.borg-repo; - startAt = "daily"; - prune.keep = { - daily = 7; - weekly = 4; - monthly = 6; - }; - extraPruneArgs = "--save-space --list --stats"; - exclude = [ "/home/alex/.cache" ]; - }; - - }; - - # systemd.services.tailscale-autoconnect = { - # description = "Automatic connection to Tailscale"; - - # # make sure tailscale is running before trying to connect to tailscale - # after = [ "network-pre.target" "tailscale.service" ]; - # wants = [ "network-pre.target" "tailscale.service" ]; - # wantedBy = [ "multi-user.target" ]; - - # # set this service as a oneshot job - # serviceConfig.Type = "oneshot"; - - # # have the job run this shell script - # script = with pkgs; '' - # # wait for tailscaled to settle - # sleep 2 - - # # otherwise authenticate with tailscale - # ${tailscale}/bin/tailscale up --advertise-exit-node --login-server=https://headscale.szczepan.ski - # ''; - # }; - - powerManagement = { - enable = true; - powertop.enable = true; - # cpuFreqGovernor = "powersave"; - }; - - system.stateVersion = "24.05"; -} diff --git a/machine/mini/configuration.nix b/machine/mini/configuration.nix new file mode 100755 index 0000000..ef8e2f5 --- /dev/null +++ b/machine/mini/configuration.nix @@ -0,0 +1,233 @@ +{ config, pkgs, inputs, outputs, ... }: +let secrets = import ../../configs/secrets.nix; +in { + + nixpkgs = { + overlays = [ + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + ]; + config = { + allowUnfree = true; + }; + }; + + imports = [ + ./hardware-configuration.nix + inputs.nixos-hardware.nixosModules.common-cpu-intel + ../../configs/docker.nix + ../../configs/common.nix + ../../configs/user.nix + ]; + + boot = { + loader = { + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + configurationLimit = 5; + }; + + efi.canTouchEfiVariables = true; + }; + + extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ]; + }; + + time.timeZone = "Europe/Berlin"; + networking = { + hostName = "mini"; + useDHCP = false; + firewall = { enable = false; }; + interfaces = { + enp3s0.useDHCP = true; + # wlp0s20u1u1.useDHCP = true; + wlp0s20u1u2.ipv4.addresses = [{ address = "192.168.12.1"; prefixLength = 24; }]; + }; + + nftables.enable = true; + # wireguard.interfaces = { + # wg0 = { + # ips = [ "10.100.0.3/24" ]; + # privateKey = secrets.wireguard-mini-private; + + # peers = [{ + # publicKey = secrets.wireguard-vps-public; + # presharedKey = secrets.wireguard-preshared; + # allowedIPs = [ "10.100.0.0/24" ]; + # endpoint = "[2a02:c207:3008:1547::1]:51820"; + # persistentKeepalive = 25; + # }]; + + # postSetup = '' + # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE + # ''; + + # # This undoes the above command + # postShutdown = '' + # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE + # ''; + # }; + # }; + + # nat = { + # enable = true; + # enableIPv6 = true; + # # externalInterface = "enp3s0"; + # # internalInterfaces = [ "tailscale0" ]; + # }; + + # wireless = { + # enable = true; + # networks.Skynet.psk = secrets.wifipassword; + # interfaces = [ "wlp0s20u1u1" ]; + # }; + + }; + + environment.systemPackages = with pkgs; [ + nyx + ]; + + + # nixpkgs.config.packageOverrides = pkgs: { + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + # }; + # hardware.opengl = { + # enable = true; + # extraPackages = with pkgs; [ + # intel-media-driver # LIBVA_DRIVER_NAME=iHD + # vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + # vaapiVdpau + # libvdpau-va-gl + # ]; + # }; + + services = { + tor = { + enable = true; + # openFirewall = true; + }; + + hostapd = { + enable = true; + radios = { + wlp0s20u1u2 = { + # wifi4.enable = false; + # wifi5.enable = false; + # settings.ieee80211n = true; # otherwise enabled by wifi4.enable + networks.wlp0s20u1u2 = { + ssid = "Skynet-Tor"; + authentication.saePasswords = [ + { password = "REMOVED_OLD_PASSWORD_FROM_HISTORY"; } + ]; + }; + + }; + }; + }; + + # dnsmasq = { + # enable = true; + # extraConfig = '' + # interface=wlp0s20u1u2 + # bind-interfaces + # dhcp-range=192.168.12.10,192.168.12.254,24h + # ''; + # }; + + kea.dhcp4 = { + enable = true; + # interfaces = [ "wlp0s20u1u2" ]; + settings = { + interfaces-config = { + interfaces = [ + "wlp0s20u1u2" + ]; + }; + lease-database = { + name = "/var/lib/kea/dhcp4.leases"; + persist = true; + type = "memfile"; + }; + rebind-timer = 2000; + renew-timer = 1000; + subnet4 = [ + { + pools = [ + { + pool = "192.168.12.100 - 192.168.12.240"; + } + ]; + subnet = "192.168.12.0/24"; + } + ]; + valid-lifetime = 4000; + }; + }; + + haveged.enable = true; + + # k3s = { + # enable = true; + # role = "server"; + # }; + + # printing = { + # enable = true; + # drivers = [ pkgs.brlaser ]; + # browsing = true; + # listenAddresses = [ + # "*:631" + # ]; # Not 100% sure this is needed and you might want to restrict to the local network + # allowFrom = [ + # "all" + # ]; # this gives access to anyone on the interface you might want to limit it see the official documentation + # defaultShared = true; # If you want + # }; + + # avahi = { + # enable = true; + # publish.enable = true; + # publish.userServices = true; + # }; + + tailscale = { + enable = true; + useRoutingFeatures = "both"; + extraUpFlags = "--advertise-exit-node --login-server=https://headscale.szczepan.ski"; + }; + + borgbackup.jobs.home = rec { + compression = "auto,zstd"; + encryption = { + mode = "repokey-blake2"; + passphrase = secrets.borg-key; + }; + extraCreateArgs = + "--list --stats --verbose --checkpoint-interval 600 --exclude-caches"; + environment.BORG_RSH = + "ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519"; + paths = [ "/home/alex" "/var/lib" ]; + repo = secrets.borg-repo; + startAt = "daily"; + prune.keep = { + daily = 7; + weekly = 4; + monthly = 6; + }; + extraPruneArgs = "--save-space --list --stats"; + exclude = [ "/home/alex/.cache" ]; + }; + }; + + powerManagement = { + enable = true; + powertop.enable = true; + # cpuFreqGovernor = "powersave"; + }; + + system.stateVersion = "24.05"; +} diff --git a/machine/mini/hardware-configuration.nix b/machine/mini/hardware-configuration.nix new file mode 100644 index 0000000..f153f08 --- /dev/null +++ b/machine/mini/hardware-configuration.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7C10-C8BD"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6"; } + ]; +}