diff options
| author | Karel Kočí <cynerd@email.cz> | 2026-05-16 13:12:33 +0200 |
|---|---|---|
| committer | Karel Kočí <cynerd@email.cz> | 2026-05-16 13:12:33 +0200 |
| commit | 9492adaded6cb8b246db5a348fb2720dbc184214 (patch) | |
| tree | 1fcef1bf43dcc3b99519928dbd8ca69260cc0c9b /nixos/configurations | |
| parent | d5ec7b775888827089a668aea58244b2ad4a1e70 (diff) | |
| download | nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.tar.gz nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.tar.bz2 nixos-personal-9492adaded6cb8b246db5a348fb2720dbc184214.zip | |
Diffstat (limited to 'nixos/configurations')
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 53 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 20 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 6 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 6 |
4 files changed, 46 insertions, 39 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 2b80bbc..826563b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -15,11 +15,7 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:49:54:5a" = hosts.mpd; - }; - guestStaticLeases = { "f4:a9:97:a4:bd:59" = hosts.printer; }; }; @@ -40,18 +36,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24"]; + }; }; networking.useDHCP = false; @@ -82,7 +80,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan4"; + matchConfig.Name = "lan*"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -92,16 +90,6 @@ in { {VLAN = 2;} ]; }; - "lan-guest" = { - matchConfig.Name = "lan[0-3]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; }; }; @@ -121,14 +109,21 @@ in { password 02 ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end2.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.device"]; + partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "wg" oifname "home" accept iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 556ca5d..291aa54 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -198,7 +198,7 @@ # Nextcloud ################################################################ services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; https = true; hostName = "cloud.cynerd.cz"; datadir = "/nas/nextcloud"; @@ -266,18 +266,18 @@ license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v4.0.0/integration_gitlab-v4.0.0.tar.gz"; - hash = "sha256-0CKvAiwdG6Llomo9ROu0KLdUq1xfjAwlO1e1/LYzL4s="; - license = "agpl3Plus"; - }; - money = pkgs.fetchNextcloudApp { - url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; - hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v5.0.0/integration_gitlab-v5.0.0.tar.gz"; + hash = "sha256-f0D9UrlX8bsf4BSTCzb9bN1gYKDlSY9JxmgO6el7HZw="; license = "agpl3Plus"; }; + #money = pkgs.fetchNextcloudApp { + # url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; + # hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + # license = "agpl3Plus"; + #}; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; - hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.1/passwords-lsr-81.tar.gz"; + hash = "sha256-NqeGO1iJC98fqgsEE+WZOUiTTI9Du/zRPSw/w5g9e/E="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index c2ef049..df19d82 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -119,6 +119,8 @@ in { defaultroute6 #usepeerdns maxfail 1 + #holdoff 5 + #persist user metronet password metronet ''; @@ -126,6 +128,10 @@ in { systemd.services."pppd-wan" = { after = ["sys-subsystem-net-devices-end2.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 6ce1b6b..54cc150 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -113,6 +113,8 @@ in { defaultroute defaultroute6 maxfail 1 + #holdoff 5 + #persist # user and password added in secrets ''; }; @@ -120,6 +122,10 @@ in { "pppd-wan" = { requires = ["sys-subsystem-net-devices-end0.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; |