aboutsummaryrefslogtreecommitdiff
path: root/nixos/modules
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-04-01 12:14:45 +0200
committerKarel Kočí <cynerd@email.cz>2024-04-01 12:14:45 +0200
commita9738a94e009610163e3c49e9686c12051917af7 (patch)
treeb5ec298b6b9892ee59bca9d116646d78a7ea29be /nixos/modules
parente84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe (diff)
downloadnixos-personal-a9738a94e009610163e3c49e9686c12051917af7.tar.gz
nixos-personal-a9738a94e009610163e3c49e9686c12051917af7.tar.bz2
nixos-personal-a9738a94e009610163e3c49e9686c12051917af7.zip
nixos: few more fixes
Diffstat (limited to 'nixos/modules')
-rw-r--r--nixos/modules/develop.nix5
-rw-r--r--nixos/modules/generic.nix5
-rw-r--r--nixos/modules/home-assistant.nix3
-rw-r--r--nixos/modules/hosts.nix10
-rw-r--r--nixos/modules/openvpn.nix8
-rw-r--r--nixos/modules/router.nix1
-rw-r--r--nixos/modules/switch.nix5
-rw-r--r--nixos/modules/wireguad.nix33
8 files changed, 43 insertions, 27 deletions
diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index e5510c6..d07bc66 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -73,8 +73,13 @@ in {
coverage
mypy
+ scipy
+ sympy
+
pygraphviz
matplotlib
+ plotly
+ pygal
python-gitlab
PyGithub
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index e4ac094..97391b8 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -177,7 +177,10 @@ in {
commands = ["ALL"];
}
];
- networking.dhcpcd.extraConfig = "controlgroup wheel";
+ networking = {
+ nftables.enable = true;
+ dhcpcd.extraConfig = "controlgroup wheel";
+ };
services.openssh = {
enable = true;
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index 769b1c7..ab16e8a 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -55,9 +55,10 @@ in {
enable = true;
device = "/dev/ttyUSB0";
baseTopicPrefix = "bigclown/";
+ environmentFiles = ["/run/secrets/bigclown.env"];
mqtt = {
username = "bigclown";
- keyfile = "/run/secrets/mqtt-bigclown.pass";
+ password = "\${MQTT_PASSWORD}";
};
};
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index 054098d..e7ad76b 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -30,12 +30,6 @@ in {
cynerd.hosts = {
vpn = {
"lipwig" = "10.8.0.1";
- # Portable
- "binky" = "10.8.0.2";
- "albert" = "10.8.0.3";
- "android" = "10.8.0.6";
- # Endpoints
- "spt-omnia" = "10.8.0.50";
"adm-omnia" = "10.8.0.51";
};
wg = {
@@ -79,10 +73,6 @@ in {
networking.hosts = mkIf cnf.enable {
# VPN
"${cnf.vpn.lipwig}" = ["lipwig.vpn"];
- "${cnf.vpn.android}" = ["android.vpn"];
- "${cnf.vpn.albert}" = ["albert.vpn"];
- "${cnf.vpn.binky}" = ["binky.vpn"];
- "${cnf.vpn.spt-omnia}" = ["spt.vpn"];
"${cnf.vpn.adm-omnia}" = ["adm.vpn"];
# Wireguard
"${cnf.wg.lipwig}" = ["lipwig.wg"];
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index d80dd9d..789d430 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -8,11 +8,6 @@
in {
options = {
cynerd.openvpn = {
- personal = mkOption {
- type = types.bool;
- default = false;
- description = "My personal OpenVPN";
- };
oldpersonal = mkOption {
type = types.bool;
default = false;
@@ -28,9 +23,6 @@ in {
config = {
services.openvpn.servers = {
- personal = mkIf cnf.personal {
- config = "config /run/secrets/personal.ovpn";
- };
oldpersonal = mkIf cnf.oldpersonal {
config = "config /run/secrets/old.ovpn";
};
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index 3002d9b..c8b1283 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -50,7 +50,6 @@ in {
config = mkIf cnf.enable {
networking = {
useNetworkd = true;
- nftables.enable = true;
firewall = {
logRefusedConnections = false;
interfaces = {
diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix
index 669b6ab..37ac687 100644
--- a/nixos/modules/switch.nix
+++ b/nixos/modules/switch.nix
@@ -21,10 +21,7 @@ in {
};
config = mkIf cnf.enable {
- networking = {
- useNetworkd = true;
- nftables.enable = true;
- };
+ networking.useNetworkd = true;
systemd.network = {
netdevs = {
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index d96fc9e..ca28818 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -81,18 +81,47 @@ in {
IPForward = is_endpoint;
};
routes =
- (optional (hostName != "spt-omnia") {
+ (optional (hostName != "lipwig") {
+ # OpenVPN network
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.lipwig;
+ Destination = "10.8.0.0/24";
+ Metric = 2048;
+ };
+ })
+ ++ (optional (hostName != "spt-omnia") {
+ # SPT network
routeConfig = {
Gateway = config.cynerd.hosts.wg.spt-omnia;
Destination = "10.8.2.0/24";
+ Metric = 2048;
};
})
++ (optional (hostName != "adm-omnia" && hostName != "lipwig") {
+ # Adamkovi network
routeConfig = {
Gateway = config.cynerd.hosts.wg.adm-omnia;
Destination = "10.8.3.0/24";
+ Metric = 2048;
};
- });
+ })
+ ++ (optionals (hostName != "dean") [
+ # Elektroline
+ {
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.dean;
+ Destination = "10.0.0.0/22";
+ Metric = 2048;
+ };
+ }
+ {
+ routeConfig = {
+ Gateway = config.cynerd.hosts.wg.dean;
+ Destination = "10.0.20.0/24";
+ Metric = 2048;
+ };
+ }
+ ]);
};
};
networking.firewall.allowedUDPPorts = [51820];