diff options
author | Karel Kočí <cynerd@email.cz> | 2024-03-15 09:13:05 +0100 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2024-03-15 16:57:21 +0100 |
commit | a48d057700c636666a5e835cbcb0b667848008c2 (patch) | |
tree | 6e6dc0b9fcf2e85415c2f66b2beb567403be73ca /nixos/machine | |
parent | 422ef34e58bc8a187594779d95ef8d74e8332a47 (diff) | |
download | nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.gz nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.tar.bz2 nixos-personal-a48d057700c636666a5e835cbcb0b667848008c2.zip |
nixos: rework configurations management
Diffstat (limited to 'nixos/machine')
-rw-r--r-- | nixos/machine/adm-mpd.nix | 54 | ||||
-rw-r--r-- | nixos/machine/adm-omnia.nix | 80 | ||||
-rw-r--r-- | nixos/machine/adm-omnia2.nix | 56 | ||||
-rw-r--r-- | nixos/machine/albert.nix | 39 | ||||
-rw-r--r-- | nixos/machine/binky.nix | 70 | ||||
-rw-r--r-- | nixos/machine/dean.nix | 38 | ||||
-rw-r--r-- | nixos/machine/default.nix | 9 | ||||
-rw-r--r-- | nixos/machine/errol.nix | 141 | ||||
-rw-r--r-- | nixos/machine/gaspode.nix | 15 | ||||
-rw-r--r-- | nixos/machine/lipwig.nix | 228 | ||||
-rw-r--r-- | nixos/machine/ridcully.nix | 72 | ||||
-rw-r--r-- | nixos/machine/spt-mox.nix | 52 | ||||
-rw-r--r-- | nixos/machine/spt-mox2.nix | 51 | ||||
-rw-r--r-- | nixos/machine/spt-mpd.nix | 9 | ||||
-rw-r--r-- | nixos/machine/spt-omnia.nix | 193 | ||||
-rw-r--r-- | nixos/machine/spt-omniax.nix | 49 |
16 files changed, 0 insertions, 1156 deletions
diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix deleted file mode 100644 index ae2ea01..0000000 --- a/nixos/machine/adm-mpd.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - ... -}: let - inherit (lib) filterAttrs; -in { - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; - }; - - networking.wireless = { - enable = true; - networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks; - environmentFile = "/run/secrets/wifi.env"; - userControlled.enable = true; - }; - - #services.pipewire = { - #enable = true; - #alsa.enable = true; - #pulse.enable = true; - #}; - hardware.pulseaudio = { - enable = true; - systemWide = true; - zeroconf.publish.enable = true; - }; - - services.spotifyd = { - enable = true; - settings.global = { - device_name = "Adámkovi"; - device = "sysdefault"; - mixer = "Master"; - bitrate = 320; - cache_path = "/var/cahe/spotify"; - no_audio_cache = true; - volume_normalisation = true; - normalisation_pregain = -10; - initial_volume = 60; - }; - }; -} diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix deleted file mode 100644 index 08db3fd..0000000 --- a/nixos/machine/adm-omnia.nix +++ /dev/null @@ -1,80 +0,0 @@ -{config, ...}: { - cynerd = { - router = { - enable = true; - wan = "pppoe-wan"; - lanIP = config.cynerd.hosts.adm.omnia; - }; - wifiAP.adm = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; - }; - openvpn.oldpersonal = false; - monitoring.speedtest = true; - }; - - networking.useDHCP = false; - systemd.network = { - networks = { - "end2" = { - matchConfig.Name = "end2"; - #networkConfig = { - # DHCP = "ipv6"; - # IPv6AcceptRA = "yes"; - # DHCPPrefixDelegation = "yes"; - #}; - #dhcpPrefixDelegationConfig = { - # UplinkInterface = ":self"; - # SubnetId = 0; - # Announce = "no"; - #}; - linkConfig.RequiredForOnline = "routable"; - }; - "lan-brlan" = { - matchConfig.Name = "lan[1-4]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - "lan0-guest" = { - matchConfig.Name = "lan0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; - } - ]; - }; - }; - }; - - services.pppd = { - enable = true; - peers."wan".config = '' - plugin pppoe.so end2 - ifname pppoe-wan - lcp-echo-interval 1 - lcp-echo-failure 5 - lcp-echo-adaptive - +ipv6 - defaultroute - defaultroute6 - usepeerdns - maxfail 1 - user O2 - password 02 - ''; - }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"]; -} diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix deleted file mode 100644 index 6a9831a..0000000 --- a/nixos/machine/adm-omnia2.nix +++ /dev/null @@ -1,56 +0,0 @@ -{config, ...}: { - deploy = { - enable = true; - ssh.host = "omnia2.adm"; - }; - - cynerd = { - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.adm.omnia2}/24"; - lanGateway = config.cynerd.hosts.adm.omnia; - }; - wifiAP.adm = { - enable = true; - ar9287 = { - interface = "wlp1s0"; - bssids = ["12:f0:21:23:2b:00" "12:f0:21:23:2b:01" "12:f0:21:23:2b:02"]; - channel = 11; - }; - qca988x = { - interface = "wlp2s0"; - bssids = ["12:f0:21:23:2b:03" "12:f0:21:23:2b:04" "12:f0:21:23:2b:05"]; - channel = 36; - }; - }; - }; - - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; - - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "lan* end2"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; -} diff --git a/nixos/machine/albert.nix b/nixos/machine/albert.nix deleted file mode 100644 index b9a2c8e..0000000 --- a/nixos/machine/albert.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ - cynerd = { - desktop = { - enable = true; - laptop = true; - }; - wifiClient = true; - openvpn = { - oldpersonal = true; - }; - }; - - boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"]; - - hardware.cpu.intel.updateMicrocode = true; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/E403-124B"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - }; -} diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix deleted file mode 100644 index 569fccb..0000000 --- a/nixos/machine/binky.nix +++ /dev/null @@ -1,70 +0,0 @@ -{lib, ...}: let - inherit (lib) mkDefault; -in { - deploy = { - enable = true; - default = false; - }; - - cynerd = { - desktop = { - enable = true; - laptop = true; - }; - wifiClient = true; - develop = true; - openvpn = { - oldpersonal = true; - elektroline = true; - }; - }; - - boot = { - initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-amd"]; - }; - - hardware.cpu.amd.updateMicrocode = true; - - boot.initrd.luks.devices = { - "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8"; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@"]; - }; - "/nix" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/8F7D-A154"; - fsType = "vfat"; - }; - }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; -} diff --git a/nixos/machine/dean.nix b/nixos/machine/dean.nix deleted file mode 100644 index 0a97e33..0000000 --- a/nixos/machine/dean.nix +++ /dev/null @@ -1,38 +0,0 @@ -{pkgs, ...}: { - cynerd = { - openvpn = { - oldpersonal = true; - }; - monitoring.speedtest = true; - }; - - networking = { - bridges = { - brlan = { - interfaces = [ - "eth0" - "lan1" - "lan2" - "lan3" - "lan4" - ]; - }; - }; - dhcpcd.allowInterfaces = ["brlan"]; - }; - - swapDevices = [ - { - device = "/var/swap"; - priority = 1; - } - ]; - - environment.systemPackages = with pkgs; [ - #openocd - tio - ]; - - # TODO: ubootTools build is broken! - firmware.environment.enable = false; -} diff --git a/nixos/machine/default.nix b/nixos/machine/default.nix deleted file mode 100644 index 4aa05ba..0000000 --- a/nixos/machine/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: let - inherit (builtins) readDir; - inherit (self.inputs.nixpkgs.lib) filterAttrs nameValuePair mapAttrs' hasSuffix removeSuffix; -in - mapAttrs' - (n: v: nameValuePair "machine-${removeSuffix ".nix" n}" (import (./. + "/${n}"))) - (filterAttrs - (n: v: v == "regular" && hasSuffix ".nix" n && n != "default.nix") - (readDir ./.)) diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix deleted file mode 100644 index 6f48a17..0000000 --- a/nixos/machine/errol.nix +++ /dev/null @@ -1,141 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { - deploy.enable = true; - - cynerd = { - desktop.enable = true; - develop = true; - gaming = true; - openvpn = { - elektroline = true; - }; - }; - - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; - boot.kernelModules = ["kvm-amd"]; - - hardware.cpu.amd.updateMicrocode = true; - services.hardware.openrgb.motherboard = "amd"; - - cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6"; - "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe"; - "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed"; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/49D9-3A0D"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/mapper/enchdd1"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/home2"]; - }; - #services.beesd.filesystems = { - # root = { - # spec = "/"; - # hashTableSizeMB = 4096; # 4KB blocks for 1TB drive - # extraOptions = ["--workaround-btrfs-send"]; - # }; - # hdd = { - # spec = "/home2"; - # hashTableSizeMB = 8192; # 4KB blocks for 2TB drive - # extraOptions = ["--workaround-btrfs-send"]; - # }; - #}; - - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; - - nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO - services.home-assistant = { - enable = true; - openFirewall = true; - configDir = "/var/lib/hass"; - config = { - homeassistant = { - name = "SPT"; - latitude = "!secret latitude"; - longitude = "!secret longitude"; - elevation = "!secret elevation"; - time_zone = "Europe/Prague"; - country = "CZ"; - }; - http.server_port = 8808; - mqtt = { - sensor = import ../modules/home-assistant/sensors.nix; - light = import ../modules/home-assistant/light.nix; - }; - default_config = {}; - automation = "!include automations.yaml"; - }; - extraComponents = ["met"]; - package = pkgs.home-assistant.override { - extraPackages = pkgs: - with pkgs; [ - securetar - pyipp - ]; - }; - }; - - services.zigbee2mqtt = { - enable = true; - settings = { - serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; - mqtt = { - server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; - user = "zigbee2mqtt"; - password = "!secret.yaml mqtt_password"; - }; - advanced = { - network_key = "!secret.yaml network_key"; - homeassistant_legacy_entity_attributes = false; - legacy_api = false; - legacy_availability_payload = false; - last_seen = "epoch"; - }; - frontend = true; - availability = true; - homeassistant = { - legacy_triggers = false; - }; - device_options.legacy = false; - permit_join = false; - devices = config.secrets.zigbee2mqttDevices; - }; - }; -} diff --git a/nixos/machine/gaspode.nix b/nixos/machine/gaspode.nix deleted file mode 100644 index 5e57456..0000000 --- a/nixos/machine/gaspode.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - fileSystems = { - "/" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mmcblk0p2"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/mmcblk0p1"; - }; - }; -} diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix deleted file mode 100644 index ac868f5..0000000 --- a/nixos/machine/lipwig.nix +++ /dev/null @@ -1,228 +0,0 @@ -{ - config, - pkgs, - ... -}: { - deploy = { - enable = true; - ssh.host = "cynerd.cz"; - }; - - cynerd = { - syncthing = { - enable = false; - baseDir = "/nas"; - }; - openvpn.oldpersonal = true; - }; - - fileSystems."/nas" = { - device = "172.16.128.63:/nas/2682"; - fsType = "nfs"; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - allowedUDPPorts = [1194]; - }; - - # Web ###################################################################### - services.nginx = { - enable = true; - virtualHosts = { - "cynerd.cz" = { - forceSSL = true; - enableACME = true; - locations = { - "/".root = ../../web; - "/radicale/" = { - proxyPass = "http://127.0.0.1:5232/"; - extraConfig = '' - proxy_set_header X-Script-Name /radicale; - proxy_pass_header Authorization; - ''; - }; - }; - }; - "git.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - root = "${pkgs.cgit}/cgit"; - locations."/".tryFiles = "$uri @cgit"; - locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - }; - "cloud.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - }; - "grafana.cynerd.cz" = { - forceSSL = true; - useACMEHost = "cynerd.cz"; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/"; - extraConfig = "proxy_set_header Host $host;"; - proxyWebsockets = true; - }; - }; - }; - }; - services.fcgiwrap = { - enable = true; - inherit (config.services.nginx) group; - }; - security.acme = { - acceptTerms = true; - defaults.email = "cynerd+acme@email.cz"; - certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" - "cloud.cynerd.cz" - "grafana.cynerd.cz" - ]; - }; - - # Git ###################################################################### - services.gitolite = { - enable = true; - user = "git"; - group = "git"; - dataDir = "/var/lib/git"; - adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key"; - }; - services.gitDaemon = { - enable = false; - user = "gitdemon"; - group = "gitdaemon"; - basePath = "/var/lib/git/repositories"; - }; - environment.etc."cgitrc".text = '' - root-title=Cynerd's git repository - root-desc=All my projects (at least those released to public) - #logo=cynerd.cz/wolf.svg - virtual-root=/ - - # Allow download of tar.gz, tar.bz2 and zip-files - snapshots=tar.gz tar.bz2 zip - ## List of common mimetypes - mimetype.gif=image/gif - mimetype.html=text/html - mimetype.jpg=image/jpeg - mimetype.jpeg=image/jpeg - mimetype.pdf=application/pdf - mimetype.png=image/png - mimetype.svg=image/svg+xml - - source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh - - readme=:README.md - readme=:README.adoc - - enable-index-owner=0 - enable-index-links=1 - enable-http-clone=1 - clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL - enable-commit-graph=1 - branch-sort=age - - remove-suffix=1 - enable-git-config=1 - project-list=/var/lib/git/projects.list - scan-path=/var/lib/git/repositories/ - ''; - - # Nextcloud ################################################################ - services.nextcloud = { - enable = true; - package = pkgs.nextcloud28; - https = true; - hostName = "cloud.cynerd.cz"; - datadir = "/nas/nextcloud"; - config = { - adminuser = "cynerd"; - adminpassFile = "/run/secrets/nextcloud.admin.pass"; - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbtableprefix = "oc_"; - }; - settings = { - #log_type = "systemd"; - default_phone_region = "CZ"; - }; - phpExtraExtensions = php: [php.pgsql php.pdo_pgsql]; - phpOptions = { - "opcache.interned_strings_buffer" = "16"; - }; - maxUploadSize = "1G"; - appstoreEnable = false; - extraApps = { - inherit - (config.services.nextcloud.package.packages.apps) - bookmarks - calendar - contacts - cookbook - deck - forms - groupfolders - impersonate - maps - memories - notes - phonetrack - previewgenerator - spreed - tasks - twofactor_nextcloud_notification - twofactor_webauthn - ; - # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab" - passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz"; - sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7"; - license = "agpl3"; - }; - integration_github = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz"; - sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6"; - license = "agpl3"; - }; - integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz"; - sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi"; - license = "agpl3"; - }; - }; - }; - environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs]; - - # Postgresql ############################################################### - services.postgresql = { - enable = true; - ensureUsers = [ - { - name = "nextcloud"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = ["nextcloud"]; - }; - - # Old Syncthing ############################################################ - services.syncthing = { - enable = true; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/nas/sync"; - configDir = "/nas/sync/.syncthing"; - }; -} diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix deleted file mode 100644 index f4af643..0000000 --- a/nixos/machine/ridcully.nix +++ /dev/null @@ -1,72 +0,0 @@ -{lib, ...}: let - inherit (lib) mkDefault; -in { - deploy.enable = true; - - cynerd = { - desktop.enable = true; - develop = true; - gaming = true; - openvpn = { - elektroline = true; - }; - }; - - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"]; - boot.kernelModules = ["kvm-amd"]; - - hardware.cpu.amd.updateMicrocode = true; - services.hardware.openrgb.motherboard = "amd"; - - cynerd.autounlock = { - "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71"; - "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db"; - }; - fileSystems = { - "/" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/6DAD-3819"; - fsType = "vfat"; - }; - - "/home2" = { - device = "/dev/mapper/enchdd"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; - }; - }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/home2"]; - }; - - #networking.vlans."enp6s0.adm" = { - #id = 2; - #interface = "enp6s0"; - #}; - - services.syncthing = { - enable = true; - user = mkDefault "cynerd"; - group = mkDefault "cynerd"; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/home/cynerd"; - configDir = "/home/cynerd/.config/syncthing"; - }; - - # Force nix to use less jobs - nix.settings.max-jobs = 8; -} diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix deleted file mode 100644 index edeae8a..0000000 --- a/nixos/machine/spt-mox.nix +++ /dev/null @@ -1,52 +0,0 @@ -{config, ...}: { - deploy = { - enable = true; - ssh.host = "mox.spt"; - }; - - cynerd = { - home-assistant = true; - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.spt.mox}/24"; - lanGateway = config.cynerd.hosts.spt.omnia; - }; - wifiAP.spt = { - enable = true; - qca988x = { - interface = "wls1"; - bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"]; - channel = 7; - }; - }; - }; - - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; - - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "lan* end0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; -} diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix deleted file mode 100644 index 45035d4..0000000 --- a/nixos/machine/spt-mox2.nix +++ /dev/null @@ -1,51 +0,0 @@ -{config, ...}: { - deploy = { - enable = true; - ssh.host = "mox2.spt"; - }; - - cynerd = { - switch = { - enable = true; - lanAddress = "${config.cynerd.hosts.spt.mox2}/24"; - lanGateway = config.cynerd.hosts.spt.omnia; - }; - wifiAP.spt = { - enable = true; - qca988x = { - interface = "wls1"; - bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"]; - channel = 1; - }; - }; - }; - - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; - - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - - networking = { - useNetworkd = true; - useDHCP = false; - }; - systemd.network.networks = { - "lan-brlan" = { - matchConfig.Name = "end0"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; -} diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix deleted file mode 100644 index 28f5f99..0000000 --- a/nixos/machine/spt-mpd.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - fileSystems = { - "/" = { - device = "/dev/mmcblk0p1"; - fsType = "btrfs"; - options = ["compress=lzo"]; - }; - }; -} diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix deleted file mode 100644 index ea5b4e1..0000000 --- a/nixos/machine/spt-omnia.nix +++ /dev/null @@ -1,193 +0,0 @@ -{ - config, - pkgs, - ... -}: let - hosts = config.cynerd.hosts.spt; -in { - deploy = { - enable = true; - ssh.host = "omnia.spt"; - }; - - cynerd = { - router = { - enable = true; - wan = "pppoe-wan"; - lanIP = hosts.omnia; - staticLeases = { - "a8:a1:59:10:32:c4" = hosts.errol; - "7c:b0:c2:bb:9c:ca" = hosts.albert; - "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:57:a2:31" = hosts.mpd; - "74:bf:c0:42:82:19" = hosts.printer; - }; - }; - wifiAP.spt = { - enable = true; - ar9287 = { - interface = "wlp1s0"; - bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"]; - channel = 11; - }; - qca988x = { - interface = "wlp3s0"; - bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"]; - channel = 36; - }; - }; - openvpn.oldpersonal = true; - monitoring.speedtest = true; - }; - - services.journald.extraConfig = '' - SystemMaxUse=512M - ''; - - environment = { - etc.crypttab.text = '' - nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks - nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks - ''; - systemPackages = with pkgs; [ - cryptsetup - ]; - }; - fileSystems = { - "/data" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@data" "nofail"]; - }; - "/srv" = { - device = "/dev/mapper/nas"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@srv" "nofail"]; - depends = ["/data"]; - }; - }; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/" "/data"]; - }; - services.udev.packages = [ - (pkgs.writeTextFile rec { - name = "queue_depth_sata.rules"; - destination = "/etc/udev/rules.d/50-${name}"; - text = '' - SUBSYSTEMS=="pci", DRIVER=="ahci", ATTR{device}!="0x0612", GOTO="turris_pci_end" - ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{vendor}=="ATA", ATTR{queue_depth}="1" - LABEL="turris_pci_end" - ''; - }) - ]; - - users = { - groups.nas = {}; - users = { - nas = { - group = "nas"; - openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")]; - isNormalUser = true; - home = "/data/nas"; - homeMode = "770"; - }; - cynerd.extraGroups = ["nas"]; - }; - }; - services.openssh = { - settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access - extraConfig = '' - Match User nas - X11Forwarding no - AllowTcpForwarding no - AllowAgentForwarding no - ForceCommand internal-sftp -d /data/nas - ''; - }; - services.fail2ban.enable = true; - - networking.useDHCP = false; - systemd.network = { - netdevs = { - "end2.848" = { - netdevConfig = { - Kind = "vlan"; - Name = "end2.848"; - }; - vlanConfig.Id = 848; - }; - }; - networks = { - "end2" = { - matchConfig.Name = "end2"; - networkConfig.VLAN = ["end2.848"]; - }; - "end2.848" = { - matchConfig.Name = "end2.848"; - networkConfig.BindCarrier = "end2"; - }; - "pppoe-wan" = { - matchConfig.Name = "pppoe-wan"; - networkConfig = { - BindCarrier = "end2.848"; - DHCP = "ipv6"; - IPv6AcceptRA = "no"; - DHCPPrefixDelegation = "yes"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = ":self"; - SubnetId = 0; - Announce = "no"; - }; - linkConfig.RequiredForOnline = "routable"; - }; - "lan-brlan" = { - matchConfig.Name = "lan*"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; - }; - - services.pppd = { - enable = true; - peers."wan".config = '' - plugin pppoe.so end2.848 - ifname pppoe-wan - lcp-echo-interval 1 - lcp-echo-failure 5 - lcp-echo-adaptive - defaultroute - defaultroute6 - usepeerdns - maxfail 1 - user metronet - password metronet - ''; - }; - systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"]; - # TODO limit NSS clamping to just pppoe-wan - networking.firewall.extraForwardRules = '' - tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept - ''; - - services.syncthing = { - enable = false; - openDefaultPorts = true; - - overrideDevices = false; - overrideFolders = false; - - dataDir = "/data"; # TODO this can't be the location - }; -} diff --git a/nixos/machine/spt-omniax.nix b/nixos/machine/spt-omniax.nix deleted file mode 100644 index 8edef49..0000000 --- a/nixos/machine/spt-omniax.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - cynerd = { - router = { - enable = true; - wan = "end2"; - lanIP = "192.168.2.1"; - }; - wifiAP.spt = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; - }; - monitoring.speedtest = true; - }; - - networking.useDHCP = false; - systemd.network = { - networks = { - "end2" = { - matchConfig.Name = "end2"; - networkConfig = { - BindCarrier = "end2"; - DHCP = "yes"; - IPv6AcceptRA = "yes"; - DHCPPrefixDelegation = "yes"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = ":self"; - SubnetId = 0; - Announce = "no"; - }; - linkConfig.RequiredForOnline = "routable"; - }; - "lan-brlan" = { - matchConfig.Name = "lan*"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; - }; -} |