diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg index 8a19230..4305c78 100644 --- a/.gitsecret/paths/mapping.cfg +++ b/.gitsecret/paths/mapping.cfg @@ -1 +1 @@ -configs/secrets.nix:28a25a9edc1fefbbba58af63907caca202a800cd671a41f737c7984313845899 +configs/secrets.nix:259586563a3c51652650618e0cc26aaee07b482ea801e2a1641d24510446bf50 diff --git a/configs/.bin/fzip b/configs/bin/fzip similarity index 100% rename from configs/.bin/fzip rename to configs/bin/fzip diff --git a/configs/.bin/rofi-default-sink.sh b/configs/bin/rofi-default-sink.sh similarity index 100% rename from configs/.bin/rofi-default-sink.sh rename to configs/bin/rofi-default-sink.sh diff --git a/configs/common.nix b/configs/common.nix index 50651dd..0f5b08a 100644 --- a/configs/common.nix +++ b/configs/common.nix @@ -76,6 +76,7 @@ in wget graphviz nix-tree + hdparm ]; documentation.enable = false; diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret index 991acdc..e986f2f 100644 Binary files a/configs/secrets.nix.secret and b/configs/secrets.nix.secret differ diff --git a/configs/user-gui.nix b/configs/user-gui.nix index 1b6782f..193cc08 100644 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -6,12 +6,22 @@ in { imports = [ ]; + # systemd.user.services.barrierc = { + # Unit = { + # Description = "Barrier Server daemon"; + # After = [ "graphical-session-pre.target" ]; + # PartOf = [ "graphical-session.target" ]; + # }; + # Install.WantedBy = [ "graphical-session.target" ]; + # Service.ExecStart = "${unstable.pkgs.barrier}/bin/barrierc -c ~/.barrier"; + # }; + home-manager.users.alex = { pkgs, ... }: { home = { file = { ".bin/rofi-default-sink.sh" = { executable = true; - source = ./.bin/rofi-default-sink.sh; + source = ./bin/rofi-default-sink.sh; }; }; packages = with unstable.pkgs; [ @@ -59,6 +69,7 @@ in vulkan-tools wine winetricks + obs-studio ]; }; @@ -218,11 +229,11 @@ in # }; # }; - keychain = { - enable = true; - enableXsessionIntegration = true; - enableZshIntegration = true; - }; + # keychain = { + # enable = true; + # enableXsessionIntegration = true; + # enableZshIntegration = true; + # }; }; services = { @@ -295,10 +306,6 @@ in }; }; - barrier.client = { - enable = true; - }; - nextcloud-client = { enable = true; startInBackground = true; diff --git a/machine/desktop.nix b/machine/desktop.nix index f120742..78b9796 100644 --- a/machine/desktop.nix +++ b/machine/desktop.nix @@ -33,7 +33,7 @@ in boot.initrd.kernelModules = [ "amdgpu" ]; boot.plymouth.enable = true; boot.extraModulePackages = with pkgs.linuxPackages; [ it87 ]; - boot.kernelModules = [ "it87" ]; + boot.kernelModules = [ "it87" "v4l2loopback" ]; networking.hostName = "desktop"; # Define your hostname. diff --git a/machine/homeserver.nix b/machine/homeserver.nix index 5f9d806..e000d2a 100644 --- a/machine/homeserver.nix +++ b/machine/homeserver.nix @@ -28,9 +28,7 @@ mergerfs samba openssl - hdparm smartmontools - docker-compose ]; systemd = { diff --git a/machine/mini.nix b/machine/mini.nix index bd459f9..385afb7 100644 --- a/machine/mini.nix +++ b/machine/mini.nix @@ -15,7 +15,6 @@ boot.loader.efi.canTouchEfiVariables = true; boot.extraModulePackages = with pkgs.linuxPackages; [ rtl88x2bu ]; - networking = { hostName = "mini"; useDHCP = false; @@ -26,6 +25,7 @@ }; networkmanager.enable = true; }; + services.k3s.enable = true; services.k3s.role = "server"; diff --git a/machine/thinkpad.nix b/machine/thinkpad.nix index f1e685e..01649da 100644 --- a/machine/thinkpad.nix +++ b/machine/thinkpad.nix @@ -157,8 +157,9 @@ in home-manager.users.alex.services.barrier.client = { enable = true; + enableCrypto = false; name = "thinkpad"; - server = "192.168.0.150:24800" + server = "192.168.0.150:24800"; }; environment.systemPackages = with pkgs; [ diff --git a/machine/vps.nix b/machine/vps.nix index 428a0df..ccd2f74 100644 --- a/machine/vps.nix +++ b/machine/vps.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: - +let + secrets = import ./secrets.nix; +in { imports = [ # Include the results of the hardware scan. @@ -18,8 +20,37 @@ # Set your time zone. time.timeZone = "Europe/Berlin"; - networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; + networking = { + useDHCP = false; + interfaces.ens3.useDHCP = true; + wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE + ''; + privateKey = secrets.wireguard-vps-private; + peers = [{ + publicKey = secrets.wireguard-desktop-public; + presharedKey = secrets.wireguard-preshared; + allowedIPs = [ "10.100.0.2/32" ]; + }]; + }; + + nat = { + enable = true; + externalInterface = "ens3"; + internalInterfaces = [ "wg0" ]; + }; + firewall = { + allowedTCPPorts = [ 80 443 ]; + allowedUDPPorts = [ 80 443 51820 ]; + }; + }; # List packages installed in system profile. To search, run: environment.systemPackages = with pkgs; [ @@ -94,9 +125,6 @@ # Limit stack size to reduce memory usage systemd.services.fail2ban.serviceConfig.LimitSTACK = 256 * 1024; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; - system.stateVersion = "21.05"; }