aboutsummaryrefslogtreecommitdiff
path: root/nixos/machine
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/machine')
-rw-r--r--nixos/machine/adm-mpd.nix88
-rw-r--r--nixos/machine/adm-omnia.nix154
-rw-r--r--nixos/machine/adm-omnia2.nix72
-rw-r--r--nixos/machine/albert.nix67
-rw-r--r--nixos/machine/binky.nix114
-rw-r--r--nixos/machine/dean.nix68
-rw-r--r--nixos/machine/errol.nix216
-rw-r--r--nixos/machine/gaspode.nix30
-rw-r--r--nixos/machine/lipwig.nix392
-rw-r--r--nixos/machine/ridcully.nix117
-rw-r--r--nixos/machine/spt-mox.nix91
-rw-r--r--nixos/machine/spt-mox2.nix88
-rw-r--r--nixos/machine/spt-mpd.nix18
-rw-r--r--nixos/machine/spt-omnia.nix316
-rw-r--r--nixos/machine/spt-omniax.nix88
15 files changed, 929 insertions, 990 deletions
diff --git a/nixos/machine/adm-mpd.nix b/nixos/machine/adm-mpd.nix
index a35c944..ae2ea01 100644
--- a/nixos/machine/adm-mpd.nix
+++ b/nixos/machine/adm-mpd.nix
@@ -1,56 +1,54 @@
{
config,
lib,
- pkgs,
...
-}:
-with lib; {
- config = {
- fileSystems = {
- "/" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/mmcblk0p1";
- };
+}: let
+ inherit (lib) filterAttrs;
+in {
+ fileSystems = {
+ "/" = {
+ device = "/dev/mmcblk0p2";
+ options = ["compress=lzo" "subvol=@nix"];
};
-
- networking.wireless = {
- enable = true;
- networks = filterAttrs (n: v: n == "Nela") config.secrets.wifiNetworks;
- environmentFile = "/run/secrets/wifi.env";
- userControlled.enable = true;
+ "/home" = {
+ device = "/dev/mmcblk0p2";
+ options = ["compress=lzo" "subvol=@home"];
};
-
- #services.pipewire = {
- #enable = true;
- #alsa.enable = true;
- #pulse.enable = true;
- #};
- hardware.pulseaudio = {
- enable = true;
- systemWide = true;
- zeroconf.publish.enable = true;
+ "/boot" = {
+ device = "/dev/mmcblk0p1";
};
+ };
+
+ networking.wireless = {
+ enable = true;
+ networks = filterAttrs (n: _: n == "Nela") config.secrets.wifiNetworks;
+ environmentFile = "/run/secrets/wifi.env";
+ userControlled.enable = true;
+ };
+
+ #services.pipewire = {
+ #enable = true;
+ #alsa.enable = true;
+ #pulse.enable = true;
+ #};
+ hardware.pulseaudio = {
+ enable = true;
+ systemWide = true;
+ zeroconf.publish.enable = true;
+ };
- services.spotifyd = {
- enable = true;
- settings.global = {
- device_name = "Adámkovi";
- device = "sysdefault";
- mixer = "Master";
- bitrate = 320;
- cache_path = "/var/cahe/spotify";
- no_audio_cache = true;
- volume_normalisation = true;
- normalisation_pregain = -10;
- initial_volume = 60;
- };
+ services.spotifyd = {
+ enable = true;
+ settings.global = {
+ device_name = "Adámkovi";
+ device = "sysdefault";
+ mixer = "Master";
+ bitrate = 320;
+ cache_path = "/var/cahe/spotify";
+ no_audio_cache = true;
+ volume_normalisation = true;
+ normalisation_pregain = -10;
+ initial_volume = 60;
};
};
}
diff --git a/nixos/machine/adm-omnia.nix b/nixos/machine/adm-omnia.nix
index 088481f..08db3fd 100644
--- a/nixos/machine/adm-omnia.nix
+++ b/nixos/machine/adm-omnia.nix
@@ -1,88 +1,80 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- cynerd = {
- router = {
- enable = true;
- wan = "pppoe-wan";
- lanIP = config.cynerd.hosts.adm.omnia;
- };
- wifiAP.adm = {
- enable = true;
- ar9287.interface = "wlp3s0";
- qca988x.interface = "wlp2s0";
- };
- openvpn.oldpersonal = false;
- monitoring.speedtest = true;
+{config, ...}: {
+ cynerd = {
+ router = {
+ enable = true;
+ wan = "pppoe-wan";
+ lanIP = config.cynerd.hosts.adm.omnia;
};
+ wifiAP.adm = {
+ enable = true;
+ ar9287.interface = "wlp3s0";
+ qca988x.interface = "wlp2s0";
+ };
+ openvpn.oldpersonal = false;
+ monitoring.speedtest = true;
+ };
- networking.useDHCP = false;
- systemd.network = {
- networks = {
- "end2" = {
- matchConfig.Name = "end2";
- #networkConfig = {
- # DHCP = "ipv6";
- # IPv6AcceptRA = "yes";
- # DHCPPrefixDelegation = "yes";
- #};
- #dhcpPrefixDelegationConfig = {
- # UplinkInterface = ":self";
- # SubnetId = 0;
- # Announce = "no";
- #};
- linkConfig.RequiredForOnline = "routable";
- };
- "lan-brlan" = {
- matchConfig.Name = "lan[1-4]";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
- "lan0-guest" = {
- matchConfig.Name = "lan0";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 2;
- PVID = 2;
- };
- }
- ];
- };
+ networking.useDHCP = false;
+ systemd.network = {
+ networks = {
+ "end2" = {
+ matchConfig.Name = "end2";
+ #networkConfig = {
+ # DHCP = "ipv6";
+ # IPv6AcceptRA = "yes";
+ # DHCPPrefixDelegation = "yes";
+ #};
+ #dhcpPrefixDelegationConfig = {
+ # UplinkInterface = ":self";
+ # SubnetId = 0;
+ # Announce = "no";
+ #};
+ linkConfig.RequiredForOnline = "routable";
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan[1-4]";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
+ };
+ "lan0-guest" = {
+ matchConfig.Name = "lan0";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 2;
+ PVID = 2;
+ };
+ }
+ ];
};
};
+ };
- services.pppd = {
- enable = true;
- peers."wan".config = ''
- plugin pppoe.so end2
- ifname pppoe-wan
- lcp-echo-interval 1
- lcp-echo-failure 5
- lcp-echo-adaptive
- +ipv6
- defaultroute
- defaultroute6
- usepeerdns
- maxfail 1
- user O2
- password 02
- '';
- };
- systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"];
+ services.pppd = {
+ enable = true;
+ peers."wan".config = ''
+ plugin pppoe.so end2
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ +ipv6
+ defaultroute
+ defaultroute6
+ usepeerdns
+ maxfail 1
+ user O2
+ password 02
+ '';
};
+ systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.device"];
}
diff --git a/nixos/machine/adm-omnia2.nix b/nixos/machine/adm-omnia2.nix
index 2573372..be245e2 100644
--- a/nixos/machine/adm-omnia2.nix
+++ b/nixos/machine/adm-omnia2.nix
@@ -1,47 +1,39 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- cynerd = {
- switch = {
- enable = true;
- lanAddress = "${config.cynerd.hosts.adm.omnia2}/24";
- lanGateway = config.cynerd.hosts.adm.omnia;
- };
- wifiAP.adm = {
- enable = true;
- ar9287.interface = "wlp2s0";
- qca988x.interface = "wlp1s0";
- };
+{config, ...}: {
+ cynerd = {
+ switch = {
+ enable = true;
+ lanAddress = "${config.cynerd.hosts.adm.omnia2}/24";
+ lanGateway = config.cynerd.hosts.adm.omnia;
};
-
- services.btrfs.autoScrub = {
+ wifiAP.adm = {
enable = true;
- fileSystems = ["/"];
+ ar9287.interface = "wlp2s0";
+ qca988x.interface = "wlp1s0";
};
+ };
- networking = {
- useNetworkd = true;
- useDHCP = false;
- };
- systemd.network.networks = {
- "lan-brlan" = {
- matchConfig.Name = "lan* eth0";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ };
+ systemd.network.networks = {
+ "lan-brlan" = {
+ matchConfig.Name = "lan* eth0";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
};
};
}
diff --git a/nixos/machine/albert.nix b/nixos/machine/albert.nix
index 85bc943..b9a2c8e 100644
--- a/nixos/machine/albert.nix
+++ b/nixos/machine/albert.nix
@@ -1,46 +1,39 @@
{
- config,
- lib,
- pkgs,
- ...
-}: {
- config = {
- cynerd = {
- desktop = {
- enable = true;
- laptop = true;
- };
- wifiClient = true;
- openvpn = {
- oldpersonal = true;
- };
+ cynerd = {
+ desktop = {
+ enable = true;
+ laptop = true;
};
+ wifiClient = true;
+ openvpn = {
+ oldpersonal = true;
+ };
+ };
- boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"];
+ boot.initrd.availableKernelModules = ["xhci_pci" "usb_storage" "sd_mod"];
- hardware.cpu.intel.updateMicrocode = true;
+ hardware.cpu.intel.updateMicrocode = true;
- fileSystems = {
- "/" = {
- device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/E403-124B";
- fsType = "vfat";
- };
+ fileSystems = {
+ "/" = {
+ device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@nix"];
+ };
+ "/home" = {
+ device = "/dev/disk/by-uuid/1c9bafac-fcf8-41c4-b394-bca5917ca82d";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
+ };
+ "/boot" = {
+ device = "/dev/disk/by-uuid/E403-124B";
+ fsType = "vfat";
+ };
- "/home2" = {
- device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
+ "/home2" = {
+ device = "/dev/disk/by-uuid/55e177a1-215e-475b-ba9c-771b5fa3f8f0";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
};
};
}
diff --git a/nixos/machine/binky.nix b/nixos/machine/binky.nix
index a210a4b..569fccb 100644
--- a/nixos/machine/binky.nix
+++ b/nixos/machine/binky.nix
@@ -1,72 +1,70 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
+{lib, ...}: let
inherit (lib) mkDefault;
in {
- config = {
- cynerd = {
- desktop = {
- enable = true;
- laptop = true;
- };
- wifiClient = true;
- develop = true;
- openvpn = {
- oldpersonal = true;
- elektroline = true;
- };
- };
+ deploy = {
+ enable = true;
+ default = false;
+ };
- boot = {
- initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"];
- kernelModules = ["kvm-amd"];
+ cynerd = {
+ desktop = {
+ enable = true;
+ laptop = true;
+ };
+ wifiClient = true;
+ develop = true;
+ openvpn = {
+ oldpersonal = true;
+ elektroline = true;
};
+ };
+
+ boot = {
+ initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"];
+ kernelModules = ["kvm-amd"];
+ };
- hardware.cpu.amd.updateMicrocode = true;
+ hardware.cpu.amd.updateMicrocode = true;
- boot.initrd.luks.devices = {
- "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8";
+ boot.initrd.luks.devices = {
+ "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8";
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@"];
};
- fileSystems = {
- "/" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@"];
- };
- "/nix" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/8F7D-A154";
- fsType = "vfat";
- };
+ "/nix" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@nix"];
};
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
+ "/home" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
};
+ "/boot" = {
+ device = "/dev/disk/by-uuid/8F7D-A154";
+ fsType = "vfat";
+ };
+ };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
- services.syncthing = {
- enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
+ services.syncthing = {
+ enable = true;
+ user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+ openDefaultPorts = true;
- overrideDevices = false;
- overrideFolders = false;
+ overrideDevices = false;
+ overrideFolders = false;
- dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
- };
+ dataDir = "/home/cynerd";
+ configDir = "/home/cynerd/.config/syncthing";
};
}
diff --git a/nixos/machine/dean.nix b/nixos/machine/dean.nix
index 906881f..0a97e33 100644
--- a/nixos/machine/dean.nix
+++ b/nixos/machine/dean.nix
@@ -1,46 +1,38 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- cynerd = {
- openvpn = {
- oldpersonal = true;
- };
- monitoring.speedtest = true;
+{pkgs, ...}: {
+ cynerd = {
+ openvpn = {
+ oldpersonal = true;
};
+ monitoring.speedtest = true;
+ };
- networking = {
- bridges = {
- brlan = {
- interfaces = [
- "eth0"
- "lan1"
- "lan2"
- "lan3"
- "lan4"
- ];
- };
+ networking = {
+ bridges = {
+ brlan = {
+ interfaces = [
+ "eth0"
+ "lan1"
+ "lan2"
+ "lan3"
+ "lan4"
+ ];
};
- dhcpcd.allowInterfaces = ["brlan"];
};
+ dhcpcd.allowInterfaces = ["brlan"];
+ };
- swapDevices = [
- {
- device = "/var/swap";
- priority = 1;
- }
- ];
+ swapDevices = [
+ {
+ device = "/var/swap";
+ priority = 1;
+ }
+ ];
- environment.systemPackages = with pkgs; [
- #openocd
- tio
- ];
+ environment.systemPackages = with pkgs; [
+ #openocd
+ tio
+ ];
- # TODO: ubootTools build is broken!
- firmware.environment.enable = false;
- };
+ # TODO: ubootTools build is broken!
+ firmware.environment.enable = false;
}
diff --git a/nixos/machine/errol.nix b/nixos/machine/errol.nix
index 8491f92..6f48a17 100644
--- a/nixos/machine/errol.nix
+++ b/nixos/machine/errol.nix
@@ -6,126 +6,136 @@
}: let
inherit (lib) mkDefault;
in {
- config = {
- deploy.enable = true;
+ deploy.enable = true;
- cynerd = {
- desktop.enable = true;
- develop = true;
- gaming = true;
- openvpn = {
- elektroline = true;
- };
+ cynerd = {
+ desktop.enable = true;
+ develop = true;
+ gaming = true;
+ openvpn = {
+ elektroline = true;
};
+ };
- boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
- boot.kernelModules = ["kvm-amd"];
+ boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
+ boot.kernelModules = ["kvm-amd"];
- hardware.cpu.amd.updateMicrocode = true;
- services.hardware.openrgb.motherboard = "amd";
+ hardware.cpu.amd.updateMicrocode = true;
+ services.hardware.openrgb.motherboard = "amd";
- cynerd.autounlock = {
- "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6";
- "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe";
- "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed";
+ cynerd.autounlock = {
+ "encroot" = "/dev/disk/by-uuid/7c412ae6-6016-45af-8c2a-8fcc394dbbe6";
+ "enchdd1" = "/dev/disk/by-uuid/87f16080-5ff6-43dd-89f3-307455a46fbe";
+ "enchdd2" = "/dev/disk/by-uuid/be4a33fa-8bc6-431d-a3ac-787668f223ed";
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@nix"];
};
- fileSystems = {
- "/" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/49D9-3A0D";
- fsType = "vfat";
- };
-
- "/home2" = {
- device = "/dev/mapper/enchdd1";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
+ "/home" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
+ };
+ "/boot" = {
+ device = "/dev/disk/by-uuid/49D9-3A0D";
+ fsType = "vfat";
};
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/" "/home2"];
+
+ "/home2" = {
+ device = "/dev/mapper/enchdd1";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
};
+ };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/" "/home2"];
+ };
+ #services.beesd.filesystems = {
+ # root = {
+ # spec = "/";
+ # hashTableSizeMB = 4096; # 4KB blocks for 1TB drive
+ # extraOptions = ["--workaround-btrfs-send"];
+ # };
+ # hdd = {
+ # spec = "/home2";
+ # hashTableSizeMB = 8192; # 4KB blocks for 2TB drive
+ # extraOptions = ["--workaround-btrfs-send"];
+ # };
+ #};
- services.syncthing = {
- enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
+ services.syncthing = {
+ enable = true;
+ user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+ openDefaultPorts = true;
- overrideDevices = false;
- overrideFolders = false;
+ overrideDevices = false;
+ overrideFolders = false;
- dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
- };
+ dataDir = "/home/cynerd";
+ configDir = "/home/cynerd/.config/syncthing";
+ };
- nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
- services.home-assistant = {
- enable = true;
- openFirewall = true;
- configDir = "/var/lib/hass";
- config = {
- homeassistant = {
- name = "SPT";
- latitude = "!secret latitude";
- longitude = "!secret longitude";
- elevation = "!secret elevation";
- time_zone = "Europe/Prague";
- country = "CZ";
- };
- http.server_port = 8808;
- mqtt = {
- sensor = import ../modules/home-assistant/sensors.nix;
- light = import ../modules/home-assistant/light.nix;
- };
- default_config = {};
- automation = "!include automations.yaml";
+ nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
+ services.home-assistant = {
+ enable = true;
+ openFirewall = true;
+ configDir = "/var/lib/hass";
+ config = {
+ homeassistant = {
+ name = "SPT";
+ latitude = "!secret latitude";
+ longitude = "!secret longitude";
+ elevation = "!secret elevation";
+ time_zone = "Europe/Prague";
+ country = "CZ";
};
- extraComponents = ["met"];
- package = pkgs.home-assistant.override {
- extraPackages = pkgs:
- with pkgs; [
- securetar
- pyipp
- ];
+ http.server_port = 8808;
+ mqtt = {
+ sensor = import ../modules/home-assistant/sensors.nix;
+ light = import ../modules/home-assistant/light.nix;
};
+ default_config = {};
+ automation = "!include automations.yaml";
};
+ extraComponents = ["met"];
+ package = pkgs.home-assistant.override {
+ extraPackages = pkgs:
+ with pkgs; [
+ securetar
+ pyipp
+ ];
+ };
+ };
- services.zigbee2mqtt = {
- enable = true;
- settings = {
- serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
- mqtt = {
- server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
- user = "zigbee2mqtt";
- password = "!secret.yaml mqtt_password";
- };
- advanced = {
- network_key = "!secret.yaml network_key";
- homeassistant_legacy_entity_attributes = false;
- legacy_api = false;
- legacy_availability_payload = false;
- last_seen = "epoch";
- };
- frontend = true;
- availability = true;
- homeassistant = {
- legacy_triggers = false;
- };
- device_options.legacy = false;
- permit_join = false;
- devices = config.secrets.zigbee2mqttDevices;
+ services.zigbee2mqtt = {
+ enable = true;
+ settings = {
+ serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
+ mqtt = {
+ server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
+ user = "zigbee2mqtt";
+ password = "!secret.yaml mqtt_password";
+ };
+ advanced = {
+ network_key = "!secret.yaml network_key";
+ homeassistant_legacy_entity_attributes = false;
+ legacy_api = false;
+ legacy_availability_payload = false;
+ last_seen = "epoch";
+ };
+ frontend = true;
+ availability = true;
+ homeassistant = {
+ legacy_triggers = false;
};
+ device_options.legacy = false;
+ permit_join = false;
+ devices = config.secrets.zigbee2mqttDevices;
};
};
}
diff --git a/nixos/machine/gaspode.nix b/nixos/machine/gaspode.nix
index cbd08bb..5e57456 100644
--- a/nixos/machine/gaspode.nix
+++ b/nixos/machine/gaspode.nix
@@ -1,23 +1,15 @@
{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- fileSystems = {
- "/" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mmcblk0p2";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/mmcblk0p1";
- };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mmcblk0p2";
+ options = ["compress=lzo" "subvol=@nix"];
+ };
+ "/home" = {
+ device = "/dev/mmcblk0p2";
+ options = ["compress=lzo" "subvol=@home"];
+ };
+ "/boot" = {
+ device = "/dev/mmcblk0p1";
};
};
}
diff --git a/nixos/machine/lipwig.nix b/nixos/machine/lipwig.nix
index 7b4b7f6..ac868f5 100644
--- a/nixos/machine/lipwig.nix
+++ b/nixos/machine/lipwig.nix
@@ -1,228 +1,228 @@
{
config,
- lib,
pkgs,
...
}: {
- config = {
- deploy = {
- enable = true;
- ssh.host = "cynerd.cz";
- };
+ deploy = {
+ enable = true;
+ ssh.host = "cynerd.cz";
+ };
- cynerd = {
- syncthing = {
- enable = false;
- baseDir = "/nas";
- };
- openvpn.oldpersonal = true;
+ cynerd = {
+ syncthing = {
+ enable = false;
+ baseDir = "/nas";
};
+ openvpn.oldpersonal = true;
+ };
- fileSystems."/nas" = {
- device = "172.16.128.63:/nas/2682";
- fsType = "nfs";
- };
+ fileSystems."/nas" = {
+ device = "172.16.128.63:/nas/2682";
+ fsType = "nfs";
+ };
- networking.firewall = {
- allowedTCPPorts = [80 443];
- allowedUDPPorts = [1194];
- };
+ networking.firewall = {
+ allowedTCPPorts = [80 443];
+ allowedUDPPorts = [1194];
+ };
- # Web ######################################################################
- services.nginx = {
- enable = true;
- virtualHosts = {
- "cynerd.cz" = {
- forceSSL = true;
- enableACME = true;
- locations = {
- "/".root = ../../web;
- "/radicale/" = {
- proxyPass = "http://127.0.0.1:5232/";
- extraConfig = ''
- proxy_set_header X-Script-Name /radicale;
- proxy_pass_header Authorization;
- '';
- };
+ # Web ######################################################################
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "cynerd.cz" = {
+ forceSSL = true;
+ enableACME = true;
+ locations = {
+ "/".root = ../../web;
+ "/radicale/" = {
+ proxyPass = "http://127.0.0.1:5232/";
+ extraConfig = ''
+ proxy_set_header X-Script-Name /radicale;
+ proxy_pass_header Authorization;
+ '';
};
};
- "git.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- root = "${pkgs.cgit}/cgit";
- locations."/".tryFiles = "$uri @cgit";
- locations."@cgit".extraConfig = ''
- fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
- fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
- fastcgi_param PATH_INFO $uri;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- '';
- };
- "cloud.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- };
- "grafana.cynerd.cz" = {
- forceSSL = true;
- useACMEHost = "cynerd.cz";
- locations."/" = {
- proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
- extraConfig = "proxy_set_header Host $host;";
- proxyWebsockets = true;
- };
+ };
+ "git.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ root = "${pkgs.cgit}/cgit";
+ locations."/".tryFiles = "$uri @cgit";
+ locations."@cgit".extraConfig = ''
+ fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi;
+ fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ '';
+ };
+ "cloud.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ };
+ "grafana.cynerd.cz" = {
+ forceSSL = true;
+ useACMEHost = "cynerd.cz";
+ locations."/" = {
+ proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}/";
+ extraConfig = "proxy_set_header Host $host;";
+ proxyWebsockets = true;
};
};
};
- services.fcgiwrap = {
- enable = true;
- inherit (config.services.nginx) group;
- };
- security.acme = {
- acceptTerms = true;
- defaults.email = "cynerd+acme@email.cz";
- certs."cynerd.cz".extraDomainNames = [
- "git.cynerd.cz"
- "cloud.cynerd.cz"
- "grafana.cynerd.cz"
- ];
- };
+ };
+ services.fcgiwrap = {
+ enable = true;
+ inherit (config.services.nginx) group;
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ certs."cynerd.cz".extraDomainNames = [
+ "git.cynerd.cz"
+ "cloud.cynerd.cz"
+ "grafana.cynerd.cz"
+ ];
+ };
- # Git ######################################################################
- services.gitolite = {
- enable = true;
- user = "git";
- group = "git";
- dataDir = "/var/lib/git";
- adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
- };
- services.gitDaemon = {
- enable = false;
- user = "gitdemon";
- group = "gitdaemon";
- basePath = "/var/lib/git/repositories";
- };
- environment.etc."cgitrc".text = ''
- root-title=Cynerd's git repository
- root-desc=All my projects (at least those released to public)
- #logo=cynerd.cz/wolf.svg
- virtual-root=/
+ # Git ######################################################################
+ services.gitolite = {
+ enable = true;
+ user = "git";
+ group = "git";
+ dataDir = "/var/lib/git";
+ adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMmBV0wPvG5JQIWxi20IDlLokhRBumTEbUUD9TNWoY Bootstrap gitolite key";
+ };
+ services.gitDaemon = {
+ enable = false;
+ user = "gitdemon";
+ group = "gitdaemon";
+ basePath = "/var/lib/git/repositories";
+ };
+ environment.etc."cgitrc".text = ''
+ root-title=Cynerd's git repository
+ root-desc=All my projects (at least those released to public)
+ #logo=cynerd.cz/wolf.svg
+ virtual-root=/
- # Allow download of tar.gz, tar.bz2 and zip-files
- snapshots=tar.gz tar.bz2 zip
- ## List of common mimetypes
- mimetype.gif=image/gif
- mimetype.html=text/html
- mimetype.jpg=image/jpeg
- mimetype.jpeg=image/jpeg
- mimetype.pdf=application/pdf
- mimetype.png=image/png
- mimetype.svg=image/svg+xml
+ # Allow download of tar.gz, tar.bz2 and zip-files
+ snapshots=tar.gz tar.bz2 zip
+ ## List of common mimetypes
+ mimetype.gif=image/gif
+ mimetype.html=text/html
+ mimetype.jpg=image/jpeg
+ mimetype.jpeg=image/jpeg
+ mimetype.pdf=application/pdf
+ mimetype.png=image/png
+ mimetype.svg=image/svg+xml
- source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
- about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
- readme=:README.md
- readme=:README.adoc
+ readme=:README.md
+ readme=:README.adoc
- enable-index-owner=0
- enable-index-links=1
- enable-http-clone=1
- clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
- enable-commit-graph=1
- branch-sort=age
+ enable-index-owner=0
+ enable-index-links=1
+ enable-http-clone=1
+ clone-url=https://git.cynerd.cz/$CGIT_REPO_URL git://cynerd.cz/$CGIT_REPO_URL.git git@cynerd.cz:$CGIT_REPO_URL
+ enable-commit-graph=1
+ branch-sort=age
- remove-suffix=1
- enable-git-config=1
- project-list=/var/lib/git/projects.list
- scan-path=/var/lib/git/repositories/
- '';
+ remove-suffix=1
+ enable-git-config=1
+ project-list=/var/lib/git/projects.list
+ scan-path=/var/lib/git/repositories/
+ '';
- # Nextcloud ################################################################
- services.nextcloud = {
- enable = true;
- package = pkgs.nextcloud28;
- https = true;
- hostName = "cloud.cynerd.cz";
- datadir = "/nas/nextcloud";
- config = {
- adminuser = "cynerd";
- adminpassFile = "/run/secrets/nextcloud.admin.pass";
- dbtype = "pgsql";
- dbhost = "/run/postgresql";
- dbtableprefix = "oc_";
- };
- settings = {
- #log_type = "systemd";
- default_phone_region = "CZ";
+ # Nextcloud ################################################################
+ services.nextcloud = {
+ enable = true;
+ package = pkgs.nextcloud28;
+ https = true;
+ hostName = "cloud.cynerd.cz";
+ datadir = "/nas/nextcloud";
+ config = {
+ adminuser = "cynerd";
+ adminpassFile = "/run/secrets/nextcloud.admin.pass";
+ dbtype = "pgsql";
+ dbhost = "/run/postgresql";
+ dbtableprefix = "oc_";
+ };
+ settings = {
+ #log_type = "systemd";
+ default_phone_region = "CZ";
+ };
+ phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
+ phpOptions = {
+ "opcache.interned_strings_buffer" = "16";
+ };
+ maxUploadSize = "1G";
+ appstoreEnable = false;
+ extraApps = {
+ inherit
+ (config.services.nextcloud.package.packages.apps)
+ bookmarks
+ calendar
+ contacts
+ cookbook
+ deck
+ forms
+ groupfolders
+ impersonate
+ maps
+ memories
+ notes
+ phonetrack
+ previewgenerator
+ spreed
+ tasks
+ twofactor_nextcloud_notification
+ twofactor_webauthn
+ ;
+ # Additional modules can be fetched with:
+ # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
+ passwords = pkgs.fetchNextcloudApp {
+ url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2024.2.0/passwords.tar.gz";
+ sha256 = "0s5z6pxkcwmhlbzy9s2g0s05n1iqjmxr2jqxz7ayklin9kcgr3h7";
+ license = "agpl3";
};
- phpExtraExtensions = php: [php.pgsql php.pdo_pgsql];
- phpOptions = {
- "opcache.interned_strings_buffer" = "16";
+ integration_github = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
+ sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
+ license = "agpl3";
};
- maxUploadSize = "1G";
- appstoreEnable = false;
- extraApps = {
- inherit
- (config.services.nextcloud.package.packages.apps)
- bookmarks
- calendar
- contacts
- cookbook
- deck
- groupfolders
- maps
- memories
- notes
- phonetrack
- previewgenerator
- tasks
- twofactor_nextcloud_notification
- twofactor_webauthn
- ;
- # Additional modules can be fetched with:
- # NEXTCLOUD_VERSIONS=28 nix run nixpkgs#nc4nix -- -apps "passwords,integration_homeassistant,integration_github,integration_gitlab"
- passwords = pkgs.fetchNextcloudApp {
- url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2023.12.2/passwords.tar.gz";
- sha256 = "17qkkkmc3gai6pryl3lb4y074pzbjk26swnpgvy6qfvkp64n8bw1";
- license = "agpl3";
- };
- integration_github = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_github/releases/download/v2.0.6/integration_github-v2.0.6.tar.gz";
- sha256 = "0rjdlsalayb21nmh3j5bl42dcbavxka2r5g9csagz7vc9dl0qrw6";
- license = "agpl3";
- };
- integration_gitlab = pkgs.fetchNextcloudApp {
- url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
- sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
- license = "agpl3";
- };
+ integration_gitlab = pkgs.fetchNextcloudApp {
+ url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v1.0.18/integration_gitlab-v1.0.18.tar.gz";
+ sha256 = "13vlbr7sigqrh480a9zp7zl9nbzb4pk8m1zzlqv9lkzj3zywp7mi";
+ license = "agpl3";
};
};
- environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
+ };
+ environment.systemPackages = with pkgs; [exiftool ffmpeg-headless nodejs];
- # Postgresql ###############################################################
- services.postgresql = {
- enable = true;
- ensureUsers = [
- {
- name = "nextcloud";
- ensureDBOwnership = true;
- }
- ];
- ensureDatabases = ["nextcloud"];
- };
+ # Postgresql ###############################################################
+ services.postgresql = {
+ enable = true;
+ ensureUsers = [
+ {
+ name = "nextcloud";
+ ensureDBOwnership = true;
+ }
+ ];
+ ensureDatabases = ["nextcloud"];
+ };
- # Old Syncthing ############################################################
- services.syncthing = {
- enable = true;
- openDefaultPorts = true;
+ # Old Syncthing ############################################################
+ services.syncthing = {
+ enable = true;
+ openDefaultPorts = true;
- overrideDevices = false;
- overrideFolders = false;
+ overrideDevices = false;
+ overrideFolders = false;
- dataDir = "/nas/sync";
- configDir = "/nas/sync/.syncthing";
- };
+ dataDir = "/nas/sync";
+ configDir = "/nas/sync/.syncthing";
};
}
diff --git a/nixos/machine/ridcully.nix b/nixos/machine/ridcully.nix
index d16cdb2..f4af643 100644
--- a/nixos/machine/ridcully.nix
+++ b/nixos/machine/ridcully.nix
@@ -1,79 +1,72 @@
-{
- config,
- lib,
- pkgs,
- ...
-}: let
+{lib, ...}: let
inherit (lib) mkDefault;
in {
- config = {
- deploy.enable = true;
+ deploy.enable = true;
- cynerd = {
- desktop.enable = true;
- develop = true;
- gaming = true;
- openvpn = {
- elektroline = true;
- };
+ cynerd = {
+ desktop.enable = true;
+ develop = true;
+ gaming = true;
+ openvpn = {
+ elektroline = true;
};
+ };
- boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
- boot.kernelModules = ["kvm-amd"];
+ boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage"];
+ boot.kernelModules = ["kvm-amd"];
- hardware.cpu.amd.updateMicrocode = true;
- services.hardware.openrgb.motherboard = "amd";
+ hardware.cpu.amd.updateMicrocode = true;
+ services.hardware.openrgb.motherboard = "amd";
- cynerd.autounlock = {
- "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
- "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ cynerd.autounlock = {
+ "encroot" = "/dev/disk/by-uuid/bc7d2ba4-6e04-4c49-b40c-3aecd1a86c71";
+ "enchdd" = "/dev/disk/by-uuid/7fee3cda-efa0-47cd-8832-fdead9a7e6db";
+ };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@nix"];
};
- fileSystems = {
- "/" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@nix"];
- };
- "/home" = {
- device = "/dev/mapper/encroot";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
- "/boot" = {
- device = "/dev/disk/by-uuid/6DAD-3819";
- fsType = "vfat";
- };
-
- "/home2" = {
- device = "/dev/mapper/enchdd";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@home"];
- };
+ "/home" = {
+ device = "/dev/mapper/encroot";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
};
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/" "/home2"];
+ "/boot" = {
+ device = "/dev/disk/by-uuid/6DAD-3819";
+ fsType = "vfat";
};
- #networking.vlans."enp6s0.adm" = {
- #id = 2;
- #interface = "enp6s0";
- #};
+ "/home2" = {
+ device = "/dev/mapper/enchdd";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@home"];
+ };
+ };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/" "/home2"];
+ };
- services.syncthing = {
- enable = true;
- user = mkDefault "cynerd";
- group = mkDefault "cynerd";
- openDefaultPorts = true;
+ #networking.vlans."enp6s0.adm" = {
+ #id = 2;
+ #interface = "enp6s0";
+ #};
- overrideDevices = false;
- overrideFolders = false;
+ services.syncthing = {
+ enable = true;
+ user = mkDefault "cynerd";
+ group = mkDefault "cynerd";
+ openDefaultPorts = true;
- dataDir = "/home/cynerd";
- configDir = "/home/cynerd/.config/syncthing";
- };
+ overrideDevices = false;
+ overrideFolders = false;
- # Force nix to use less jobs
- nix.settings.max-jobs = 8;
+ dataDir = "/home/cynerd";
+ configDir = "/home/cynerd/.config/syncthing";
};
+
+ # Force nix to use less jobs
+ nix.settings.max-jobs = 8;
}
diff --git a/nixos/machine/spt-mox.nix b/nixos/machine/spt-mox.nix
index 2371b5e..edeae8a 100644
--- a/nixos/machine/spt-mox.nix
+++ b/nixos/machine/spt-mox.nix
@@ -1,57 +1,52 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with builtins;
-with lib; {
- config = {
- deploy = {
+{config, ...}: {
+ deploy = {
+ enable = true;
+ ssh.host = "mox.spt";
+ };
+
+ cynerd = {
+ home-assistant = true;
+ switch = {
enable = true;
- ssh.host = "mox.spt";
+ lanAddress = "${config.cynerd.hosts.spt.mox}/24";
+ lanGateway = config.cynerd.hosts.spt.omnia;
};
-
- cynerd = {
- home-assistant = true;
- switch = {
- enable = true;
- lanAddress = "${config.cynerd.hosts.spt.mox}/24";
- lanGateway = config.cynerd.hosts.spt.omnia;
- };
- wifiAP.spt = {
- enable = true;
- qca988x = {
- interface = "wls1";
- bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"];
- channel = 7;
- };
+ wifiAP.spt = {
+ enable = true;
+ qca988x = {
+ interface = "wls1";
+ bssids = ["04:f0:21:24:24:d2" "08:f0:21:24:24:d2"];
+ channel = 7;
};
};
+ };
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
- };
+ services.journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
- networking = {
- useNetworkd = true;
- useDHCP = false;
- };
- systemd.network.networks = {
- "lan-brlan" = {
- matchConfig.Name = "lan* end0";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ };
+ systemd.network.networks = {
+ "lan-brlan" = {
+ matchConfig.Name = "lan* end0";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
};
};
}
diff --git a/nixos/machine/spt-mox2.nix b/nixos/machine/spt-mox2.nix
index 73aba50..45035d4 100644
--- a/nixos/machine/spt-mox2.nix
+++ b/nixos/machine/spt-mox2.nix
@@ -1,55 +1,51 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- deploy = {
+{config, ...}: {
+ deploy = {
+ enable = true;
+ ssh.host = "mox2.spt";
+ };
+
+ cynerd = {
+ switch = {
enable = true;
- ssh.host = "mox2.spt";
+ lanAddress = "${config.cynerd.hosts.spt.mox2}/24";
+ lanGateway = config.cynerd.hosts.spt.omnia;
};
-
- cynerd = {
- switch = {
- enable = true;
- lanAddress = "${config.cynerd.hosts.spt.mox2}/24";
- lanGateway = config.cynerd.hosts.spt.omnia;
- };
- wifiAP.spt = {
- enable = true;
- qca988x = {
- interface = "wls1";
- bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"];
- channel = 1;
- };
+ wifiAP.spt = {
+ enable = true;
+ qca988x = {
+ interface = "wls1";
+ bssids = ["04:f0:21:45:d3:47" "08:f0:21:45:d3:47"];
+ channel = 1;
};
};
+ };
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
- };
+ services.journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
- networking = {
- useNetworkd = true;
- useDHCP = false;
- };
- systemd.network.networks = {
- "lan-brlan" = {
- matchConfig.Name = "end0";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
+
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ };
+ systemd.network.networks = {
+ "lan-brlan" = {
+ matchConfig.Name = "end0";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
};
};
}
diff --git a/nixos/machine/spt-mpd.nix b/nixos/machine/spt-mpd.nix
index ab960b5..28f5f99 100644
--- a/nixos/machine/spt-mpd.nix
+++ b/nixos/machine/spt-mpd.nix
@@ -1,17 +1,9 @@
{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- fileSystems = {
- "/" = {
- device = "/dev/mmcblk0p1";
- fsType = "btrfs";
- options = ["compress=lzo"];
- };
+ fileSystems = {
+ "/" = {
+ device = "/dev/mmcblk0p1";
+ fsType = "btrfs";
+ options = ["compress=lzo"];
};
};
}
diff --git a/nixos/machine/spt-omnia.nix b/nixos/machine/spt-omnia.nix
index c897abc..ea5b4e1 100644
--- a/nixos/machine/spt-omnia.nix
+++ b/nixos/machine/spt-omnia.nix
@@ -1,189 +1,193 @@
{
config,
- lib,
pkgs,
...
}: let
hosts = config.cynerd.hosts.spt;
in {
- config = {
- deploy = {
+ deploy = {
+ enable = true;
+ ssh.host = "omnia.spt";
+ };
+
+ cynerd = {
+ router = {
enable = true;
- ssh.host = "omnia.spt";
+ wan = "pppoe-wan";
+ lanIP = hosts.omnia;
+ staticLeases = {
+ "a8:a1:59:10:32:c4" = hosts.errol;
+ "7c:b0:c2:bb:9c:ca" = hosts.albert;
+ "4c:d5:77:0d:85:d9" = hosts.binky;
+ "b8:27:eb:57:a2:31" = hosts.mpd;
+ "74:bf:c0:42:82:19" = hosts.printer;
+ };
};
-
- cynerd = {
- router = {
- enable = true;
- wan = "pppoe-wan";
- lanIP = hosts.omnia;
- staticLeases = {
- "a8:a1:59:10:32:c4" = hosts.errol;
- "7c:b0:c2:bb:9c:ca" = hosts.albert;
- "4c:d5:77:0d:85:d9" = hosts.binky;
- "b8:27:eb:57:a2:31" = hosts.mpd;
- "74:bf:c0:42:82:19" = hosts.printer;
- };
+ wifiAP.spt = {
+ enable = true;
+ ar9287 = {
+ interface = "wlp1s0";
+ bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"];
+ channel = 11;
};
- wifiAP.spt = {
- enable = true;
- ar9287 = {
- interface = "wlp1s0";
- bssids = ["04:f0:21:24:21:93" "08:f0:21:24:21:93"];
- channel = 11;
- };
- qca988x = {
- interface = "wlp3s0";
- bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"];
- channel = 36;
- };
+ qca988x = {
+ interface = "wlp3s0";
+ bssids = ["04:f0:21:23:16:64" "08:f0:21:23:16:64"];
+ channel = 36;
};
- openvpn.oldpersonal = true;
- monitoring.speedtest = true;
};
+ openvpn.oldpersonal = true;
+ monitoring.speedtest = true;
+ };
- environment = {
- etc.crypttab.text = ''
- nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks
- nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks
- '';
- systemPackages = with pkgs; [
- cryptsetup
- ];
- };
- fileSystems = {
- "/data" = {
- device = "/dev/mapper/nas";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@data" "nofail"];
- };
- "/srv" = {
- device = "/dev/mapper/nas";
- fsType = "btrfs";
- options = ["compress=lzo" "subvol=@srv" "nofail"];
- depends = ["/data"];
- };
+ services.journald.extraConfig = ''
+ SystemMaxUse=512M
+ '';
+
+ environment = {
+ etc.crypttab.text = ''
+ nas UUID=3472bef9-cbae-48bd-873e-fd4858a0b72f /run/secrets/luks-spt-omnia-nas.key luks
+ nassec UUID=016e9e75-bbc8-4b24-8bb7-c800c8f6a500 /run/secrets/luks-spt-omnia-nas.key luks
+ '';
+ systemPackages = with pkgs; [
+ cryptsetup
+ ];
+ };
+ fileSystems = {
+ "/data" = {
+ device = "/dev/mapper/nas";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@data" "nofail"];
};
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/" "/data"];
+ "/srv" = {
+ device = "/dev/mapper/nas";
+ fsType = "btrfs";
+ options = ["compress=lzo" "subvol=@srv" "nofail"];
+ depends = ["/data"];
};
- services.udev.packages = [
- (pkgs.writeTextFile rec {
- name = "queue_depth_sata.rules";
- destination = "/etc/udev/rules.d/50-${name}";
- text = ''
- ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{queue_depth}="1"
- '';
- })
- ];
+ };
+ services.btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/" "/data"];
+ };
+ services.udev.packages = [
+ (pkgs.writeTextFile rec {
+ name = "queue_depth_sata.rules";
+ destination = "/etc/udev/rules.d/50-${name}";
+ text = ''
+ SUBSYSTEMS=="pci", DRIVER=="ahci", ATTR{device}!="0x0612", GOTO="turris_pci_end"
+ ACTION=="add|change", SUBSYSTEM=="scsi", ATTR{vendor}=="ATA", ATTR{queue_depth}="1"
+ LABEL="turris_pci_end"
+ '';
+ })
+ ];
+ users = {
+ groups.nas = {};
users = {
- groups.nas = {};
- users = {
- nas = {
- group = "nas";
- openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")];
- isNormalUser = true;
- home = "/data/nas";
- homeMode = "770";
- };
- cynerd.extraGroups = ["nas"];
+ nas = {
+ group = "nas";
+ openssh.authorizedKeys.keyFiles = [(config.personal-secrets + "/unencrypted/nas.pub")];
+ isNormalUser = true;
+ home = "/data/nas";
+ homeMode = "770";
};
+ cynerd.extraGroups = ["nas"];
};
- services.openssh = {
- settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access
- extraConfig = ''
- Match User nas
- X11Forwarding no
- AllowTcpForwarding no
- AllowAgentForwarding no
- ForceCommand internal-sftp -d /data/nas
- '';
- };
+ };
+ services.openssh = {
+ settings.Macs = ["hmac-sha2-256"]; # Allow sha2-256 for Nexcloud access
+ extraConfig = ''
+ Match User nas
+ X11Forwarding no
+ AllowTcpForwarding no
+ AllowAgentForwarding no
+ ForceCommand internal-sftp -d /data/nas
+ '';
+ };
+ services.fail2ban.enable = true;
- networking.useDHCP = false;
- systemd.network = {
- netdevs = {
- "end2.848" = {
- netdevConfig = {
- Kind = "vlan";
- Name = "end2.848";
- };
- vlanConfig.Id = 848;
+ networking.useDHCP = false;
+ systemd.network = {
+ netdevs = {
+ "end2.848" = {
+ netdevConfig = {
+ Kind = "vlan";
+ Name = "end2.848";
};
+ vlanConfig.Id = 848;
};
- networks = {
- "end2" = {
- matchConfig.Name = "end2";
- networkConfig.VLAN = ["end2.848"];
- };
- "end2.848" = {
- matchConfig.Name = "end2.848";
- networkConfig.BindCarrier = "end2";
- };
- "pppoe-wan" = {
- matchConfig.Name = "pppoe-wan";
- networkConfig = {
- BindCarrier = "end2.848";
- DHCP = "ipv6";
- IPv6AcceptRA = "no";
- DHCPPrefixDelegation = "yes";
- };
- dhcpPrefixDelegationConfig = {
- UplinkInterface = ":self";
- SubnetId = 0;
- Announce = "no";
- };
- linkConfig.RequiredForOnline = "routable";
+ };
+ networks = {
+ "end2" = {
+ matchConfig.Name = "end2";
+ networkConfig.VLAN = ["end2.848"];
+ };
+ "end2.848" = {
+ matchConfig.Name = "end2.848";
+ networkConfig.BindCarrier = "end2";
+ };
+ "pppoe-wan" = {
+ matchConfig.Name = "pppoe-wan";
+ networkConfig = {
+ BindCarrier = "end2.848";
+ DHCP = "ipv6";
+ IPv6AcceptRA = "no";
+ DHCPPrefixDelegation = "yes";
};
- "lan-brlan" = {
- matchConfig.Name = "lan*";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
+ dhcpPrefixDelegationConfig = {
+ UplinkInterface = ":self";
+ SubnetId = 0;
+ Announce = "no";
};
+ linkConfig.RequiredForOnline = "routable";
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan*";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
};
};
+ };
- services.pppd = {
- enable = true;
- peers."wan".config = ''
- plugin pppoe.so end2.848
- ifname pppoe-wan
- lcp-echo-interval 1
- lcp-echo-failure 5
- lcp-echo-adaptive
- defaultroute
- defaultroute6
- usepeerdns
- maxfail 1
- user metronet
- password metronet
- '';
- };
- systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"];
- # TODO limit NSS clamping to just pppoe-wan
- networking.firewall.extraForwardRules = ''
- tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
- iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept
+ services.pppd = {
+ enable = true;
+ peers."wan".config = ''
+ plugin pppoe.so end2.848
+ ifname pppoe-wan
+ lcp-echo-interval 1
+ lcp-echo-failure 5
+ lcp-echo-adaptive
+ defaultroute
+ defaultroute6
+ usepeerdns
+ maxfail 1
+ user metronet
+ password metronet
'';
+ };
+ systemd.services."pppd-wan".after = ["sys-subsystem-net-devices-end2.848.device"];
+ # TODO limit NSS clamping to just pppoe-wan
+ networking.firewall.extraForwardRules = ''
+ tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
+ iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept
+ '';
- services.syncthing = {
- enable = false;
- openDefaultPorts = true;
+ services.syncthing = {
+ enable = false;
+ openDefaultPorts = true;
- overrideDevices = false;
- overrideFolders = false;
+ overrideDevices = false;
+ overrideFolders = false;
- dataDir = "/data"; # TODO this can't be the location
- };
+ dataDir = "/data"; # TODO this can't be the location
};
}
diff --git a/nixos/machine/spt-omniax.nix b/nixos/machine/spt-omniax.nix
index 9bdc3d3..8edef49 100644
--- a/nixos/machine/spt-omniax.nix
+++ b/nixos/machine/spt-omniax.nix
@@ -1,56 +1,48 @@
{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; {
- config = {
- cynerd = {
- router = {
- enable = true;
- wan = "end2";
- lanIP = "192.168.2.1";
- };
- wifiAP.spt = {
- enable = true;
- ar9287.interface = "wlp3s0";
- qca988x.interface = "wlp2s0";
- };
- monitoring.speedtest = true;
+ cynerd = {
+ router = {
+ enable = true;
+ wan = "end2";
+ lanIP = "192.168.2.1";
+ };
+ wifiAP.spt = {
+ enable = true;
+ ar9287.interface = "wlp3s0";
+ qca988x.interface = "wlp2s0";
};
+ monitoring.speedtest = true;
+ };
- networking.useDHCP = false;
- systemd.network = {
- networks = {
- "end2" = {
- matchConfig.Name = "end2";
- networkConfig = {
- BindCarrier = "end2";
- DHCP = "yes";
- IPv6AcceptRA = "yes";
- DHCPPrefixDelegation = "yes";
- };
- dhcpPrefixDelegationConfig = {
- UplinkInterface = ":self";
- SubnetId = 0;
- Announce = "no";
- };
- linkConfig.RequiredForOnline = "routable";
+ networking.useDHCP = false;
+ systemd.network = {
+ networks = {
+ "end2" = {
+ matchConfig.Name = "end2";
+ networkConfig = {
+ BindCarrier = "end2";
+ DHCP = "yes";
+ IPv6AcceptRA = "yes";
+ DHCPPrefixDelegation = "yes";
};
- "lan-brlan" = {
- matchConfig.Name = "lan*";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
+ dhcpPrefixDelegationConfig = {
+ UplinkInterface = ":self";
+ SubnetId = 0;
+ Announce = "no";
};
+ linkConfig.RequiredForOnline = "routable";
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan*";
+ networkConfig.Bridge = "brlan";
+ bridgeVLANs = [
+ {
+ bridgeVLANConfig = {
+ EgressUntagged = 1;
+ PVID = 1;
+ };
+ }
+ {bridgeVLANConfig.VLAN = 2;}
+ ];
};
};
};