BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mini-2024-08-30-21-03-06

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-08-30 21:03:06 +02:00
parent 0ef8c6662f
commit 387a2d6d38
7 changed files with 272 additions and 385 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,5 +1,2 @@
.gitsecret/keys/random_seed .gitsecret/keys/random_seed
!*.secret !*.secret
configs/secrets.nix
configs/secrets-desktop.nix
configs/secrets-thinkpad.nix

207
config.json
View File

@ -1,207 +0,0 @@
{
"defaultStrategy": "lazy",
"strategyOnDischarging": "",
"batteryChargingStatusPath": "",
"strategies": {
"sleep": {
"fanSpeedUpdateFrequency": 5,
"movingAverageInterval": 40,
"speedCurve": [
{
"temp": 0,
"speed": 0
}
]
},
"lazyest": {
"fanSpeedUpdateFrequency": 5,
"movingAverageInterval": 40,
"speedCurve": [
{
"temp": 0,
"speed": 0
},
{
"temp": 45,
"speed": 0
},
{
"temp": 65,
"speed": 25
},
{
"temp": 70,
"speed": 35
},
{
"temp": 75,
"speed": 50
},
{
"temp": 85,
"speed": 100
}
]
},
"lazy": {
"fanSpeedUpdateFrequency": 5,
"movingAverageInterval": 30,
"speedCurve": [
{
"temp": 0,
"speed": 15
},
{
"temp": 50,
"speed": 15
},
{
"temp": 65,
"speed": 25
},
{
"temp": 70,
"speed": 35
},
{
"temp": 75,
"speed": 50
},
{
"temp": 85,
"speed": 100
}
]
},
"medium": {
"fanSpeedUpdateFrequency": 5,
"movingAverageInterval": 30,
"speedCurve": [
{
"temp": 0,
"speed": 15
},
{
"temp": 40,
"speed": 15
},
{
"temp": 60,
"speed": 30
},
{
"temp": 70,
"speed": 40
},
{
"temp": 75,
"speed": 80
},
{
"temp": 85,
"speed": 100
}
]
},
"agile": {
"fanSpeedUpdateFrequency": 3,
"movingAverageInterval": 15,
"speedCurve": [
{
"temp": 0,
"speed": 15
},
{
"temp": 40,
"speed": 15
},
{
"temp": 60,
"speed": 30
},
{
"temp": 70,
"speed": 40
},
{
"temp": 75,
"speed": 80
},
{
"temp": 85,
"speed": 100
}
]
},
"very-agile": {
"fanSpeedUpdateFrequency": 2,
"movingAverageInterval": 5,
"speedCurve": [
{
"temp": 0,
"speed": 15
},
{
"temp": 40,
"speed": 15
},
{
"temp": 60,
"speed": 30
},
{
"temp": 70,
"speed": 40
},
{
"temp": 75,
"speed": 80
},
{
"temp": 85,
"speed": 100
}
]
},
"deaf": {
"fanSpeedUpdateFrequency": 2,
"movingAverageInterval": 5,
"speedCurve": [
{
"temp": 0,
"speed": 20
},
{
"temp": 40,
"speed": 30
},
{
"temp": 50,
"speed": 50
},
{
"temp": 60,
"speed": 100
}
]
},
"aeolus": {
"fanSpeedUpdateFrequency": 2,
"movingAverageInterval": 5,
"speedCurve": [
{
"temp": 0,
"speed": 20
},
{
"temp": 40,
"speed": 50
},
{
"temp": 65,
"speed": 100
}
]
}
}
}

1
ddclient.conf
View File

@ -1 +0,0 @@
rtGAAbKqSiCi9yqJDezwTl40YXniShCWWoBygXMyIMJWFellAXMRbl9dZY2fNwcB

10
flake.nix
View File

@ -66,12 +66,20 @@
}; };
vps-arm = nixpkgs.lib.nixosSystem { vps-arm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "aarch64-linux";
specialArgs = { inherit inputs outputs; }; specialArgs = { inherit inputs outputs; };
modules = [ modules = [
./machine/vps-arm/configuration.nix ./machine/vps-arm/configuration.nix
]; ];
}; };
mini = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs outputs; };
modules = [
./machine/mini/configuration.nix
];
};
}; };
}; };
} }

172
machine/mini.nix
View File

@ -1,172 +0,0 @@
{ config, pkgs, ... }:
let secrets = import ../configs/secrets.nix;
in {
imports = [
<nixos-hardware/common/cpu/intel>
/etc/nixos/hardware-configuration.nix
../configs/docker.nix
../configs/libvirt.nix
../configs/common.nix
../configs/user.nix
];
boot = {
loader = {
grub = {
enable = true;
device = "nodev";
efiSupport = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
};
extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ];
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "mini";
useDHCP = false;
firewall = { enable = false; };
interfaces = {
enp3s0.useDHCP = true;
wlp0s20u1u1.useDHCP = true;
};
nftables.enable = true;
wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.3/24" ];
privateKey = secrets.wireguard-mini-private;
peers = [{
publicKey = secrets.wireguard-vps-public;
presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.0/24" ];
endpoint = "[2a02:c207:3008:1547::1]:51820";
persistentKeepalive = 25;
}];
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
'';
};
};
# nat = {
# enable = true;
# externalInterface = "enp3s0";
# internalInterfaces = [ "tailscale0" ];
# };
wireless = {
enable = true;
networks.Skynet.psk = secrets.wifipassword;
interfaces = [ "wlp0s20u1u1" ];
};
};
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
# hardware.opengl = {
# enable = true;
# extraPackages = with pkgs; [
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
# ];
# };
services = {
# k3s = {
# enable = true;
# role = "server";
# };
# printing = {
# enable = true;
# drivers = [ pkgs.brlaser ];
# browsing = true;
# listenAddresses = [
# "*:631"
# ]; # Not 100% sure this is needed and you might want to restrict to the local network
# allowFrom = [
# "all"
# ]; # this gives access to anyone on the interface you might want to limit it see the official documentation
# defaultShared = true; # If you want
# };
# avahi = {
# enable = true;
# publish.enable = true;
# publish.userServices = true;
# };
tailscale = {
enable = true;
useRoutingFeatures = "both";
extraUpFlags = "--advertise-exit-node --login-server=https://headscale.szczepan.ski";
};
borgbackup.jobs.home = rec {
compression = "auto,zstd";
encryption = {
mode = "repokey-blake2";
passphrase = secrets.borg-key;
};
extraCreateArgs =
"--list --stats --verbose --checkpoint-interval 600 --exclude-caches";
environment.BORG_RSH =
"ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519";
paths = [ "/home/alex" "/var/lib" ];
repo = secrets.borg-repo;
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
extraPruneArgs = "--save-space --list --stats";
exclude = [ "/home/alex/.cache" ];
};
};
# systemd.services.tailscale-autoconnect = {
# description = "Automatic connection to Tailscale";
# # make sure tailscale is running before trying to connect to tailscale
# after = [ "network-pre.target" "tailscale.service" ];
# wants = [ "network-pre.target" "tailscale.service" ];
# wantedBy = [ "multi-user.target" ];
# # set this service as a oneshot job
# serviceConfig.Type = "oneshot";
# # have the job run this shell script
# script = with pkgs; ''
# # wait for tailscaled to settle
# sleep 2
# # otherwise authenticate with tailscale
# ${tailscale}/bin/tailscale up --advertise-exit-node --login-server=https://headscale.szczepan.ski
# '';
# };
powerManagement = {
enable = true;
powertop.enable = true;
# cpuFreqGovernor = "powersave";
};
system.stateVersion = "24.05";
}

233
machine/mini/configuration.nix Executable file
View File

@ -0,0 +1,233 @@
{ config, pkgs, inputs, outputs, ... }:
let secrets = import ../../configs/secrets.nix;
in {
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
imports = [
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.common-cpu-intel
../../configs/docker.nix
../../configs/common.nix
../../configs/user.nix
];
boot = {
loader = {
grub = {
enable = true;
device = "nodev";
efiSupport = true;
configurationLimit = 5;
};
efi.canTouchEfiVariables = true;
};
extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ];
};
time.timeZone = "Europe/Berlin";
networking = {
hostName = "mini";
useDHCP = false;
firewall = { enable = false; };
interfaces = {
enp3s0.useDHCP = true;
# wlp0s20u1u1.useDHCP = true;
wlp0s20u1u2.ipv4.addresses = [{ address = "192.168.12.1"; prefixLength = 24; }];
};
nftables.enable = true;
# wireguard.interfaces = {
# wg0 = {
# ips = [ "10.100.0.3/24" ];
# privateKey = secrets.wireguard-mini-private;
# peers = [{
# publicKey = secrets.wireguard-vps-public;
# presharedKey = secrets.wireguard-preshared;
# allowedIPs = [ "10.100.0.0/24" ];
# endpoint = "[2a02:c207:3008:1547::1]:51820";
# persistentKeepalive = 25;
# }];
# postSetup = ''
# ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
# '';
# # This undoes the above command
# postShutdown = ''
# ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp3s0 -j MASQUERADE
# '';
# };
# };
# nat = {
# enable = true;
# enableIPv6 = true;
# # externalInterface = "enp3s0";
# # internalInterfaces = [ "tailscale0" ];
# };
# wireless = {
# enable = true;
# networks.Skynet.psk = secrets.wifipassword;
# interfaces = [ "wlp0s20u1u1" ];
# };
};
environment.systemPackages = with pkgs; [
nyx
];
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
# hardware.opengl = {
# enable = true;
# extraPackages = with pkgs; [
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
# ];
# };
services = {
tor = {
enable = true;
# openFirewall = true;
};
hostapd = {
enable = true;
radios = {
wlp0s20u1u2 = {
# wifi4.enable = false;
# wifi5.enable = false;
# settings.ieee80211n = true; # otherwise enabled by wifi4.enable
networks.wlp0s20u1u2 = {
ssid = "Skynet-Tor";
authentication.saePasswords = [
{ password = "REMOVED_OLD_PASSWORD_FROM_HISTORY"; }
];
};
};
};
};
# dnsmasq = {
# enable = true;
# extraConfig = ''
# interface=wlp0s20u1u2
# bind-interfaces
# dhcp-range=192.168.12.10,192.168.12.254,24h
# '';
# };
kea.dhcp4 = {
enable = true;
# interfaces = [ "wlp0s20u1u2" ];
settings = {
interfaces-config = {
interfaces = [
"wlp0s20u1u2"
];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
rebind-timer = 2000;
renew-timer = 1000;
subnet4 = [
{
pools = [
{
pool = "192.168.12.100 - 192.168.12.240";
}
];
subnet = "192.168.12.0/24";
}
];
valid-lifetime = 4000;
};
};
haveged.enable = true;
# k3s = {
# enable = true;
# role = "server";
# };
# printing = {
# enable = true;
# drivers = [ pkgs.brlaser ];
# browsing = true;
# listenAddresses = [
# "*:631"
# ]; # Not 100% sure this is needed and you might want to restrict to the local network
# allowFrom = [
# "all"
# ]; # this gives access to anyone on the interface you might want to limit it see the official documentation
# defaultShared = true; # If you want
# };
# avahi = {
# enable = true;
# publish.enable = true;
# publish.userServices = true;
# };
tailscale = {
enable = true;
useRoutingFeatures = "both";
extraUpFlags = "--advertise-exit-node --login-server=https://headscale.szczepan.ski";
};
borgbackup.jobs.home = rec {
compression = "auto,zstd";
encryption = {
mode = "repokey-blake2";
passphrase = secrets.borg-key;
};
extraCreateArgs =
"--list --stats --verbose --checkpoint-interval 600 --exclude-caches";
environment.BORG_RSH =
"ssh -o StrictHostKeyChecking=no -i /home/alex/.ssh/id_ed25519";
paths = [ "/home/alex" "/var/lib" ];
repo = secrets.borg-repo;
startAt = "daily";
prune.keep = {
daily = 7;
weekly = 4;
monthly = 6;
};
extraPruneArgs = "--save-space --list --stats";
exclude = [ "/home/alex/.cache" ];
};
};
powerManagement = {
enable = true;
powertop.enable = true;
# cpuFreqGovernor = "powersave";
};
system.stateVersion = "24.05";
}

29
machine/mini/hardware-configuration.nix Normal file
View File

@ -0,0 +1,29 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8be3b4e5-7219-4427-bba4-340f1dc4b868";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/7C10-C8BD";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/edb5324f-3cd2-4b8c-bb05-cca045adeaf6"; }
];
}