aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-04-01 12:14:45 +0200
committerKarel Kočí <cynerd@email.cz>2024-04-01 12:14:45 +0200
commita9738a94e009610163e3c49e9686c12051917af7 (patch)
treeb5ec298b6b9892ee59bca9d116646d78a7ea29be
parente84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe (diff)
downloadnixos-personal-a9738a94e009610163e3c49e9686c12051917af7.tar.gz
nixos-personal-a9738a94e009610163e3c49e9686c12051917af7.tar.bz2
nixos-personal-a9738a94e009610163e3c49e9686c12051917af7.zip
nixos: few more fixes
-rw-r--r--flake.lock26
-rw-r--r--nixos/configurations/adm-omnia.nix1
-rw-r--r--nixos/configurations/dean.nix17
-rw-r--r--nixos/configurations/errol.nix9
-rw-r--r--nixos/configurations/lipwig.nix7
-rw-r--r--nixos/configurations/spt-omnia.nix1
-rw-r--r--nixos/modules/develop.nix5
-rw-r--r--nixos/modules/generic.nix5
-rw-r--r--nixos/modules/home-assistant.nix3
-rw-r--r--nixos/modules/hosts.nix10
-rw-r--r--nixos/modules/openvpn.nix8
-rw-r--r--nixos/modules/router.nix1
-rw-r--r--nixos/modules/switch.nix5
-rw-r--r--nixos/modules/wireguad.nix33
14 files changed, 78 insertions, 53 deletions
diff --git a/flake.lock b/flake.lock
index 2bcba70..115aa8b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -256,11 +256,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1710783728,
- "narHash": "sha256-eIsfu3c9JUBgm3cURSKTXLEI9Dlk1azo+MWKZVqrmkc=",
+ "lastModified": 1711352745,
+ "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "1e679b9a9970780cd5d4dfe755a74a8f96d33388",
+ "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
"type": "github"
},
"original": {
@@ -314,11 +314,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1710861126,
- "narHash": "sha256-q8fiy9mgUvTAt2OMjiVpQgDlykyGury9Fpsm0jekBfY=",
+ "lastModified": 1711939449,
+ "narHash": "sha256-k8HBuawAk2hWNzNkCiGebbStq3opqnyV1RdHXXojxNg=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "2dcadb7087e38314cebb15af65f8f2a15d2940cc",
+ "rev": "292a4d8fa11907f90eb2e9730b8cf2414f03bf58",
"type": "github"
},
"original": {
@@ -432,11 +432,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1710863858,
- "narHash": "sha256-6qKqa5cdchvGSBGigs/K4VWVfITGdMudrKYw2Sc79wo=",
+ "lastModified": 1711963377,
+ "narHash": "sha256-0hTTeEEzK4ZhFmjfT4gVzliNlhfJFmugGuSFYCeUpq4=",
"ref": "refs/heads/master",
- "rev": "0306d300b34e6221230bb7886f077bb78997da3a",
- "revCount": 101,
+ "rev": "a402800a9d82061610250f2f37aebd5694896c50",
+ "revCount": 104,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
@@ -697,11 +697,11 @@
},
"vpsadminos": {
"locked": {
- "lastModified": 1710509949,
- "narHash": "sha256-U4rYEcV40x7VpZfeOw21cZFIZrh+bjxx2iYRtnCRfTc=",
+ "lastModified": 1711619904,
+ "narHash": "sha256-BVmRhYvidQAT5t63EzGKOCGRlhCrfjLjf1oz8BozBns=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
- "rev": "d61fad3eedeaae209870f3f8f4e65e996e778ad0",
+ "rev": "8c8eb700db5d18e07d167e048756135f877442d9",
"type": "github"
},
"original": {
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 3f857ee..672788a 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -12,7 +12,6 @@
ar9287.interface = "wlp3s0";
qca988x.interface = "wlp2s0";
};
- openvpn.oldpersonal = false;
monitoring.speedtest = true;
};
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index 44feaea..c903794 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,4 +1,10 @@
-{pkgs, ...}: {
+{
+ lib,
+ pkgs,
+ ...
+}: let
+ inherit (lib) mkForce;
+in {
turris.board = "mox";
deploy.enable = true;
@@ -10,6 +16,11 @@
networking = {
useNetworkd = true;
useDHCP = false;
+ nat = {
+ enable = true;
+ externalInterface = "brlan";
+ internalInterfaces = ["wg"];
+ };
};
systemd.network = {
netdevs."brlab".netdevConfig = {
@@ -28,6 +39,7 @@
matchConfig.Name = "lan* end0";
networkConfig.Bridge = "brlan";
};
+ "wg".networkConfig.IPForward = mkForce "yes";
};
# TODO investigate why it doesn't work
wait-online.enable = false;
@@ -37,7 +49,4 @@
#openocd
tio
];
-
- # TODO: ubootTools build is broken!
- firmware.environment.enable = false;
}
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index a9475ef..3f7ad8c 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -13,9 +13,7 @@ in {
desktop.enable = true;
develop = true;
gaming = true;
- openvpn = {
- elektroline = true;
- };
+ openvpn.elektroline = true;
};
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
@@ -35,6 +33,11 @@ in {
fsType = "btrfs";
options = ["compress=lzo" "subvol=@nix"];
};
+ "/nix" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@nix-store"];
+ };
"/home" = {
device = "/dev/mapper/encroot";
fsType = "btrfs";
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index 0eefe5f..2e5253d 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -33,7 +33,6 @@
networking = {
useNetworkd = true;
useDHCP = false;
- nftables.enable = true;
firewall = {
allowedTCPPorts = [80 443];
allowedUDPPorts = [1194];
@@ -206,17 +205,17 @@
passwords = pkgs.fetchNextcloudApp {
url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
- license = "agpl3";
+ license = "gpl3";
};
integration_github = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
- license = "agpl3";
+ license = "gpl3";
};
integration_gitlab = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
- license = "agpl3";
+ license = "gpl3";
};
};
};
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 8456368..22d9ecc 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -38,7 +38,6 @@ in {
};
};
wireguard = true;
- openvpn.oldpersonal = true;
monitoring.speedtest = true;
};
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index e5510c6..d07bc66 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -73,8 +73,13 @@ in {
coverage
mypy
+ scipy
+ sympy
+
pygraphviz
matplotlib
+ plotly
+ pygal
python-gitlab
PyGithub
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index e4ac094..97391b8 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -177,7 +177,10 @@ in {
commands = ["ALL"];
}
];
- networking.dhcpcd.extraConfig = "controlgroup wheel";
+ networking = {
+ nftables.enable = true;
+ dhcpcd.extraConfig = "controlgroup wheel";
+ };
services.openssh = {
enable = true;
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index 769b1c7..ab16e8a 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -55,9 +55,10 @@ in {
enable = true;
device = "/dev/ttyUSB0";
baseTopicPrefix = "bigclown/";
+ environmentFiles = ["/run/secrets/bigclown.env"];
mqtt = {
username = "bigclown";
- keyfile = "/run/secrets/mqtt-bigclown.pass";
+ password = "\${MQTT_PASSWORD}";
};
};
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index 054098d..e7ad76b 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -30,12 +30,6 @@ in {
cynerd.hosts = {
vpn = {
"lipwig" = "10.8.0.1";
- # Portable
- "binky" = "10.8.0.2";
- "albert" = "10.8.0.3";
- "android" = "10.8.0.6";
- # Endpoints
- "spt-omnia" = "10.8.0.50";
"adm-omnia" = "10.8.0.51";
};
wg = {
@@ -79,10 +73,6 @@ in {
networking.hosts = mkIf cnf.enable {
# VPN
"${cnf.vpn.lipwig}" = ["lipwig.vpn"];
- "${cnf.vpn.android}" = ["android.vpn"];
- "${cnf.vpn.albert}" = ["albert.vpn"];
- "${cnf.vpn.binky}" = ["binky.vpn"];
- "${cnf.vpn.spt-omnia}" = ["spt.vpn"];
"${cnf.vpn.adm-omnia}" = ["adm.vpn"];
# Wireguard
"${cnf.wg.lipwig}" = ["lipwig.wg"];
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index d80dd9d..789d430 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -8,11 +8,6 @@
in {
options = {
cynerd.openvpn = {
- personal = mkOption {
- type = types.bool;
- default = false;
- description = "My personal OpenVPN";
- };
oldpersonal = mkOption {
type = types.bool;
default = false;
@@ -28,9 +23,6 @@ in {
config = {
services.openvpn.servers = {
- personal = mkIf cnf.personal {
- config = "config /run/secrets/personal.ovpn";
- };
oldpersonal = mkIf cnf.oldpersonal {
config = "config /run/secrets/old.ovpn";
};
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index 3002d9b..c8b1283 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -50,7 +50,6 @@ in {
config = mkIf cnf.enable {
networking = {
useNetworkd = true;
- nftables.enable = true;
firewall = {
logRefusedConnections = false;
interfaces = {
diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix
index 669b6ab..37ac687 100644
--- a/nixos/modules/switch.nix
+++ b/nixos/modules/switch.nix
@@ -21,10 +21,7 @@ in {
};
config = mkIf cnf.enable {
- networking = {
- useNetworkd = true;
- nftables.enable = true;
- };
+ networking.useNetworkd = true;
systemd.network = {
netdevs = {
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index d96fc9e..ca28818 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -81,18 +81,47 @@ in {
IPForward = is_endpoint;
};
routes =
- (optional (hostName != "spt-omnia") {
+ (optional (hostName != "lipwig") {
+ # OpenVPN network
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.lipwig;
+ Destination = "10.8.0.0/24";
+ Metric = 2048;
+ };
+ })
+ ++ (optional (hostName != "spt-omnia") {
+ # SPT network
routeConfig = {
Gateway = config.cynerd.hosts.wg.spt-omnia;
Destination = "10.8.2.0/24";
+ Metric = 2048;
};
})
++ (optional (hostName != "adm-omnia" && hostName != "lipwig") {
+ # Adamkovi network
routeConfig = {
Gateway = config.cynerd.hosts.wg.adm-omnia;
Destination = "10.8.3.0/24";
+ Metric = 2048;
};
- });
+ })
+ ++ (optionals (hostName != "dean") [
+ # Elektroline
+ {
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.dean;
+ Destination = "10.0.0.0/22";
+ Metric = 2048;
+ };
+ }
+ {
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.dean;
+ Destination = "10.0.20.0/24";
+ Metric = 2048;
+ };
+ }
+ ]);
};
};
networking.firewall.allowedUDPPorts = [51820];