BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mini-2024-07-15-15-26-27

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-07-15 15:26:27 +02:00
parent 4594dbe949
commit 7f0ad0a85e
2 changed files with 45 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
configs/libvirt.nix
View File

@ -1,4 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
# let
# unstable = import <nixos-unstable> { config.allowUnfree = true; };
# in
{ {
virtualisation = { virtualisation = {
libvirtd = { libvirtd = {
@ -10,6 +13,7 @@
enable = true; enable = true;
packages = [ packages = [
(pkgs.OVMF.override { (pkgs.OVMF.override {
# (unstable.pkgs.OVMF.override {
secureBoot = true; secureBoot = true;
tpmSupport = true; tpmSupport = true;
}).fd }).fd

60
machine/mini.nix
View File

@ -30,8 +30,12 @@ in {
hostName = "mini"; hostName = "mini";
useDHCP = false; useDHCP = false;
firewall = { enable = false; }; firewall = { enable = false; };
interfaces.enp3s0.useDHCP = true; interfaces = {
interfaces.wlp0s20u1u1.useDHCP = true; enp3s0.useDHCP = true;
wlp0s20u1u1.useDHCP = true;
};
nftables.enable = true;
wireguard.interfaces = { wireguard.interfaces = {
wg0 = { wg0 = {
ips = [ "10.100.0.3/24" ]; ips = [ "10.100.0.3/24" ];
@ -41,7 +45,7 @@ in {
publicKey = secrets.wireguard-vps-public; publicKey = secrets.wireguard-vps-public;
presharedKey = secrets.wireguard-preshared; presharedKey = secrets.wireguard-preshared;
allowedIPs = [ "10.100.0.0/24" ]; allowedIPs = [ "10.100.0.0/24" ];
endpoint = "207.180.220.97:51820"; endpoint = "[2a02:c207:3008:1547::1]:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
}]; }];
@ -56,11 +60,11 @@ in {
}; };
}; };
nat = { # nat = {
enable = true; # enable = true;
externalInterface = "wlp0s20u1u1"; # externalInterface = "enp3s0";
internalInterfaces = [ "wg0" ]; # internalInterfaces = [ "tailscale0" ];
}; # };
wireless = { wireless = {
enable = true; enable = true;
@ -88,15 +92,6 @@ in {
# role = "server"; # role = "server";
# }; # };
ddclient = {
enable = true;
verbose = true;
server = "dyndns.strato.com/nic/update";
username = "beinacht.org";
passwordFile = "/home/alex/nixos-config/ddclient.conf";
domains = [ "home.beinacht.org" ];
};
# printing = { # printing = {
# enable = true; # enable = true;
# drivers = [ pkgs.brlaser ]; # drivers = [ pkgs.brlaser ];
@ -116,6 +111,12 @@ in {
# publish.userServices = true; # publish.userServices = true;
# }; # };
tailscale = {
enable = true;
useRoutingFeatures = "both";
extraUpFlags = "--advertise-exit-node --login-server=https://headscale.szczepan.ski";
};
borgbackup.jobs.home = rec { borgbackup.jobs.home = rec {
compression = "auto,zstd"; compression = "auto,zstd";
encryption = { encryption = {
@ -140,11 +141,32 @@ in {
}; };
# systemd.services.tailscale-autoconnect = {
# description = "Automatic connection to Tailscale";
# # make sure tailscale is running before trying to connect to tailscale
# after = [ "network-pre.target" "tailscale.service" ];
# wants = [ "network-pre.target" "tailscale.service" ];
# wantedBy = [ "multi-user.target" ];
# # set this service as a oneshot job
# serviceConfig.Type = "oneshot";
# # have the job run this shell script
# script = with pkgs; ''
# # wait for tailscaled to settle
# sleep 2
# # otherwise authenticate with tailscale
# ${tailscale}/bin/tailscale up --advertise-exit-node --login-server=https://headscale.szczepan.ski
# '';
# };
powerManagement = { powerManagement = {
enable = true; enable = true;
powertop.enable = true; powertop.enable = true;
cpuFreqGovernor = "powersave"; # cpuFreqGovernor = "powersave";
}; };
system.stateVersion = "23.11"; system.stateVersion = "24.05";
} }