diff options
| -rw-r--r-- | devShells/apo.nix | 2 | ||||
| -rw-r--r-- | flake.lock | 56 | ||||
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 53 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 20 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 6 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/autounlock.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/desktop.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/develop.nix | 15 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 8 | ||||
| -rw-r--r-- | nixos/modules/monitoring.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/openwrtone.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/wifi-adm.nix | 24 | ||||
| -rw-r--r-- | pkgs/default.nix | 15 | ||||
| -rw-r--r-- | pkgs/docrstfmt/default.nix | 52 |
16 files changed, 95 insertions, 172 deletions
diff --git a/devShells/apo.nix b/devShells/apo.nix index 0178214..80b533c 100644 --- a/devShells/apo.nix +++ b/devShells/apo.nix @@ -14,7 +14,7 @@ in glibc.static riscvPkgs.buildPackages.gcc pkgsCross.armv7l-hf-multiplatform.buildPackages.gcc - pkgsCross.armv7l-hf-multiplatform.glibc.static + pkgsCross.armv7l-hf-multiplatform.buildPackages.gcc.libc.static ]; inputsFrom = [c]; meta.platforms = pkgs.lib.platforms.linux; @@ -195,11 +195,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1774777275, - "narHash": "sha256-qogBiYFq8hZusDPeeKRqzelBAhZvREc7Cl+qlewGUCg=", + "lastModified": 1778593042, + "narHash": "sha256-xYGrSg6354UK2K4WSQd4+TfyvfqmvFbSY+ZtGQUXK0c=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "b8f81636927f1af0cca812d22c876bad0a883ccd", + "rev": "9bd7c80d43e258aaa607d83b43661df11444d808", "type": "github" }, "original": { @@ -213,11 +213,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1763464078, - "narHash": "sha256-3Cs9aieAQ3wobCvtQtj/3DLHcmAJEfhEUbnc6do5zWI=", + "lastModified": 1777303401, + "narHash": "sha256-4bTBzCWRNOCKJa7efbWrJLEPK7YIk1RDmauc7Bh/Cj4=", "owner": "cynerd", "repo": "nixosdeploy", - "rev": "29035b5ed027b057cdddf35cb46a7fcc1e12e9e9", + "rev": "51d4f4c886e0660cc9302cc20913f32d70a355f0", "type": "gitlab" }, "original": { @@ -244,11 +244,11 @@ }, "nixpkgsUnstable": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1778443072, + "narHash": "sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "da5ad661ba4e5ef59ba743f0d112cbc30e474f32", "type": "github" }, "original": { @@ -318,11 +318,11 @@ }, "nixpkgs_14": { "locked": { - "lastModified": 1774388614, - "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", + "lastModified": 1778430510, + "narHash": "sha256-Ti+ZBvW6yrWWAg2szExVTwCd4qOJ3KlVr1tFHfyfi8Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", + "rev": "8fd9daa3db09ced9700431c5b7ad0e8ba199b575", "type": "github" }, "original": { @@ -334,11 +334,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1763375004, - "narHash": "sha256-e81Xfa7xhRZfqGB4s3xEvrg4p1v+fToM6CIQlXUyaX0=", + "lastModified": 1776329215, + "narHash": "sha256-a8BYi3mzoJ/AcJP8UldOx8emoPRLeWqALZWu4ZvjPXw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8b6600824693a9c706ef09bd86711ca393703466", + "rev": "b86751bc4085f48661017fa226dee99fab6c651b", "type": "github" }, "original": { @@ -348,11 +348,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1774709303, - "narHash": "sha256-D3Q07BbIA2KnTcSXIqqu9P586uWxN74zNoCH3h2ESHg=", + "lastModified": 1778443072, + "narHash": "sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8110df5ad7abf5d4c0f6fb0f8f978390e77f9685", + "rev": "da5ad661ba4e5ef59ba743f0d112cbc30e474f32", "type": "github" }, "original": { @@ -465,11 +465,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1773235164, - "narHash": "sha256-t+F8K0zEKT2wCWUc48155yH5i5/DebXCNTmnrEKUBDg=", + "lastModified": 1778483387, + "narHash": "sha256-GFZfCna4pnfSlbgVhoYpIxtCWs37E10Qb3YwOxoFNqw=", "ref": "refs/heads/master", - "rev": "a063151ab272e6c700422cf8f2ab939ff6774da8", - "revCount": 148, + "rev": "fa262e8140eb6b01d839eaf39ea9ca10438a6bab", + "revCount": 149, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -597,11 +597,11 @@ "shvcli": "shvcli_2" }, "locked": { - "lastModified": 1770914802, - "narHash": "sha256-4H2J2xywTbGSvF6qGfo2yKGk38jDnLyLIuCex4yRLH4=", + "lastModified": 1778673602, + "narHash": "sha256-RpEm9/Xv8AOHs6DyhRqVNwJYzX7WeSdSNjDFgwtHJyg=", "owner": "elektroline-predator", "repo": "shvcli-ell", - "rev": "956e5a871ecc5d9a3ff5d62da08176cae5e1b9b9", + "rev": "cf8b0e628a49604ff90530f9362adec94e3a95ca", "type": "gitlab" }, "original": { @@ -796,11 +796,11 @@ "nixpkgsUnstable": "nixpkgsUnstable" }, "locked": { - "lastModified": 1774847484, - "narHash": "sha256-+B9RZEtOWH4gjqWavmHs04f1Fjd4Ad/m2a/uqNJYpb4=", + "lastModified": 1778652133, + "narHash": "sha256-9M97dqXn09Y7J/WHJZ0OepSKY1rIZL45REyo35WyrV0=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "e7d00c14ff39d4ea709cf77692508aa52f8cab6f", + "rev": "8f5dc3f1b2febf5ea897dfd37933ac1f16414c03", "type": "github" }, "original": { diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 2b80bbc..826563b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -15,11 +15,7 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:49:54:5a" = hosts.mpd; - }; - guestStaticLeases = { "f4:a9:97:a4:bd:59" = hosts.printer; }; }; @@ -40,18 +36,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24"]; + }; }; networking.useDHCP = false; @@ -82,7 +80,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan4"; + matchConfig.Name = "lan*"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -92,16 +90,6 @@ in { {VLAN = 2;} ]; }; - "lan-guest" = { - matchConfig.Name = "lan[0-3]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; }; }; @@ -121,14 +109,21 @@ in { password 02 ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end2.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.device"]; + partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "wg" oifname "home" accept iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 556ca5d..291aa54 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -198,7 +198,7 @@ # Nextcloud ################################################################ services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; https = true; hostName = "cloud.cynerd.cz"; datadir = "/nas/nextcloud"; @@ -266,18 +266,18 @@ license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v4.0.0/integration_gitlab-v4.0.0.tar.gz"; - hash = "sha256-0CKvAiwdG6Llomo9ROu0KLdUq1xfjAwlO1e1/LYzL4s="; - license = "agpl3Plus"; - }; - money = pkgs.fetchNextcloudApp { - url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; - hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v5.0.0/integration_gitlab-v5.0.0.tar.gz"; + hash = "sha256-f0D9UrlX8bsf4BSTCzb9bN1gYKDlSY9JxmgO6el7HZw="; license = "agpl3Plus"; }; + #money = pkgs.fetchNextcloudApp { + # url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; + # hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + # license = "agpl3Plus"; + #}; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; - hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.1/passwords-lsr-81.tar.gz"; + hash = "sha256-NqeGO1iJC98fqgsEE+WZOUiTTI9Du/zRPSw/w5g9e/E="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index c2ef049..df19d82 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -119,6 +119,8 @@ in { defaultroute6 #usepeerdns maxfail 1 + #holdoff 5 + #persist user metronet password metronet ''; @@ -126,6 +128,10 @@ in { systemd.services."pppd-wan" = { after = ["sys-subsystem-net-devices-end2.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 6ce1b6b..54cc150 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -113,6 +113,8 @@ in { defaultroute defaultroute6 maxfail 1 + #holdoff 5 + #persist # user and password added in secrets ''; }; @@ -120,6 +122,10 @@ in { "pppd-wan" = { requires = ["sys-subsystem-net-devices-end0.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix index d7d6a7c..912f55f 100644 --- a/nixos/modules/autounlock.nix +++ b/nixos/modules/autounlock.nix @@ -18,6 +18,7 @@ in { config = mkIf (cnf != {}) { environment.systemPackages = [pkgs.luks-hw-password]; boot.initrd = { + systemd.enable = false; extraFiles."/luks-hw-password".source = pkgs.luks-hw-password; luks.devices = mapAttrs (name: value: { diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index c39f9d2..575b85e 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -172,7 +172,7 @@ in { freecad kicad sweethome3d.application - qelectrotech + #qelectrotech super-slicer ] ++ (optionals cnf.laptop [ @@ -291,7 +291,7 @@ in { enable = true; discovery = true; }; - davfs2.enable = true; + #davfs2.enable = true; TODO!!! locate.enable = true; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 587477f..69c58bc 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -30,7 +30,7 @@ in { openssl tio vim-vint - nodePackages.vim-language-server + vim-language-server vale can-utils @@ -64,7 +64,7 @@ in { # C clang-tools - massif-visualizer + #massif-visualizer elf-size-analyze # Python @@ -164,6 +164,9 @@ in { linux-manual stdmanpages + # Writing documentation + docstrfmt + # SHV (shvcli.withPlugins [python3Packages.shvcli-ell]) @@ -173,10 +176,10 @@ in { # S3 rclone ]; - programs.wireshark = { - enable = true; - package = pkgs.wireshark; - }; + #programs.wireshark = { + # enable = true; + # package = pkgs.wireshark; + #}; documentation = { nixos = { diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index 6d901e0..0263d1c 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -73,10 +73,8 @@ in { "omnia2" = "10.8.3.3"; # Local "3dprint" = "10.8.3.80"; - "mpd" = "10.8.3.51"; - "printer" = "192.168.1.20"; + "printer" = "10.8.3.20"; # Portable - "albert" = "10.8.3.61"; "binky" = "10.8.3.63"; }; }; @@ -109,10 +107,8 @@ in { "${cnf.adm.omnia}" = ["omnia.adm"]; "10.8.3.2" = ["redmi.adm"]; "${cnf.adm.omnia2}" = ["omnia2.adm"]; - "${cnf.adm.albert}" = ["albert.adm"]; "${cnf.adm.binky}" = ["binky.adm"]; - "${cnf.adm."3dprint"}" = ["3dprint"]; - "${cnf.adm.mpd}" = ["mpd.adm"]; + "${cnf.adm.printer}" = ["printer.adm"]; }; }; } diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix index e8ba2a9..481854c 100644 --- a/nixos/modules/monitoring.nix +++ b/nixos/modules/monitoring.nix @@ -150,6 +150,7 @@ in { security = { admin_user = "cynerd"; admin_password = "$__file{/run/secrets/grafana.admin.pass}"; + secret_key = "SW2YcwTIb9zpOOhoPsMm"; }; server = { domain = "grafana.cynerd.cz"; diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix index 40c1ed6..c70dcbc 100644 --- a/nixos/modules/openwrtone.nix +++ b/nixos/modules/openwrtone.nix @@ -56,7 +56,7 @@ in { }; # Use OpenWrt One specific kernel. It fixes SError with patch. - kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linuxOpenWrtOne); + kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linux_7_0); kernelParams = [ "fw_devlink=permissive" "clk_ignore_unused" diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index e97229f..a85f14a 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -63,7 +63,7 @@ in { wakeonlan speedtest-cli librespeed-cli - termshark + #termshark w3m lm_sensors diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix index 56ca65a..e69afd1 100644 --- a/nixos/modules/wifi-adm.nix +++ b/nixos/modules/wifi-adm.nix @@ -16,16 +16,8 @@ saePasswordsFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; }; }; - "${cnf."${name}".interface}.nela" = { - bssid = elemAt cnf."${name}".bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; "${cnf."${name}".interface}.milan" = { - bssid = elemAt cnf."${name}".bssids 2; + bssid = elemAt cnf."${name}".bssids 1; ssid = "MILAN-AC"; authentication = { mode = "wpa2-sha1"; @@ -48,23 +40,13 @@ } ]; }; - "lan-${cnf."${name}".interface}.nela" = { - matchConfig.Name = "${cnf."${name}".interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; "lan-${cnf."${name}".interface}.milan" = { matchConfig.Name = "${cnf."${name}".interface}.milan"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - EgressUntagged = 2; - PVID = 2; + EgressUntagged = 1; + PVID = 1; } ]; }; diff --git a/pkgs/default.nix b/pkgs/default.nix index 2cd621b..376a9d8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -24,7 +24,6 @@ final: prev: { dodo = final.callPackage ./dodo {}; elf-size-analyze = final.callPackage ./elf-size-analyze {}; - docstrfmt = final.callPackage ./docrstfmt {}; # OpenWrt One armTrustedFirmwareMT7981 = final.callPackage ./mtk-arm-trusted-firmware rec { @@ -75,20 +74,6 @@ final: prev: { }).overrideAttrs (oldAttrs: { nativeBuildInputs = [final.buildPackages.unixtools.xxd] ++ oldAttrs.nativeBuildInputs; }); - linuxOpenWrtOne = final.buildLinux { - version = "6.19.0-rc2"; - src = final.buildPackages.fetchgit { - url = "git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git"; - rev = "b927546677c876e26eba308550207c2ddf812a43"; - hash = "sha256-Ti4No/FUoc2RgHxat908Uy0HnETlnyF/ZAJ4JmxD+jY="; - }; - kernelPatches = [ - { - name = "openwrt-one"; - patch = ./linux-openwrt-one-6_19.patch; - } - ]; - }; # RaspberryPi ubootRaspberryPi3_btrfs = prev.buildUBoot { diff --git a/pkgs/docrstfmt/default.nix b/pkgs/docrstfmt/default.nix deleted file mode 100644 index 9d2761a..0000000 --- a/pkgs/docrstfmt/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - lib, - python3, - fetchFromGitHub, -}: -python3.pkgs.buildPythonApplication rec { - pname = "docstrfmt"; - version = "2.0.1"; - pyproject = true; - - src = fetchFromGitHub { - owner = "LilSpazJoekp"; - repo = "docstrfmt"; - tag = "v${version}"; - hash = "sha256-DoxRBRCHl/F7nvUiA4+c3DtxggzH9hHtHuoJsyPCA94="; - }; - - build-system = [ - python3.pkgs.flit-core - ]; - - dependencies = with python3.pkgs; [ - black - click - coverage - docutils - libcst - platformdirs - roman - sphinx - tabulate - types-docutils - ]; - - nativeCheckInputs = with python3.pkgs; [ - pytestCheckHook - pytest-aiohttp - ]; - - pythonImportsCheck = [ - "docstrfmt" - ]; - - meta = { - description = "Formatter for reStructuredText"; - homepage = "https://github.com/LilSpazJoekp/docstrfmt"; - changelog = "https://github.com/LilSpazJoekp/docstrfmt/blob/${src.tag}/CHANGES.rst"; - license = lib.licenses.mit; - maintainers = with lib.maintainers; [doronbehar]; - mainProgram = "docstrfmt"; - }; -} |