diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/configurations/adm-omnia.nix | 14 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia2.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/binky.nix | 2 | ||||
-rw-r--r-- | nixos/configurations/lipwig.nix | 98 | ||||
-rw-r--r-- | nixos/configurations/spt-mox.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/spt-mox2.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/spt-omnia.nix | 8 | ||||
-rw-r--r-- | nixos/modules/bcg.nix | 167 | ||||
-rw-r--r-- | nixos/modules/default.nix | 1 | ||||
-rw-r--r-- | nixos/modules/desktop.nix | 1 | ||||
-rw-r--r-- | nixos/modules/develop.nix | 3 | ||||
-rw-r--r-- | nixos/modules/router.nix | 10 | ||||
-rw-r--r-- | nixos/modules/switch.nix | 6 | ||||
-rw-r--r-- | nixos/modules/wifi-adm.nix | 36 | ||||
-rw-r--r-- | nixos/modules/wifi-spt.nix | 16 | ||||
-rw-r--r-- | nixos/modules/wireguad.nix | 66 |
16 files changed, 162 insertions, 290 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 672788a..dad595b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -37,12 +37,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; "lan0-guest" = { @@ -50,10 +48,8 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 19ee446..2848bd9 100644 --- a/nixos/configurations/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -45,12 +45,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 6dfb6a5..4b552d5 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -75,7 +75,7 @@ in { DHCP = "yes"; IPv6AcceptRA = "yes"; }; - routes = [{routeConfig.Metric = 1088;}]; + routes = [{Metric = 1088;}]; linkConfig.RequiredForOnline = "routable"; }; }; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index e6ec96a..524a864 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -33,6 +33,10 @@ "/nas" = { device = "172.16.128.63:/nas/2682"; fsType = "nfs"; + options = [ + "_netdev" + "x-systemd.automount" + ]; }; "/nas/nextcloud-sync" = { device = "/nas/sync"; @@ -43,12 +47,11 @@ device = "nas@omnia.spt:/data/nas"; fsType = "fuse.sshfs"; options = [ - "noauto" - "x-systemd.automount" + "allow_other" "_netdev" + "x-systemd.automount" "reconnect" "identityfile=/run/secrets/nas.ssh.priv" - "allow_other" "idmap=user" "uid=nextcloud" "gid=nextcloud" @@ -104,8 +107,8 @@ root = "${pkgs.cgit}/cgit"; locations."/".tryFiles = "$uri @cgit"; locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; @@ -124,6 +127,14 @@ proxyWebsockets = true; }; }; + "searx.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/".extraConfig = '' + uwsgi_pass "unix:///run/searx/searx.sock"; + include ${config.services.nginx.package}/conf/uwsgi_params; + ''; + }; }; }; services.fcgiwrap = { @@ -134,9 +145,10 @@ acceptTerms = true; defaults.email = "cynerd+acme@email.cz"; certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" "cloud.cynerd.cz" + "git.cynerd.cz" "grafana.cynerd.cz" + "searx.cynerd.cz" ]; }; @@ -267,6 +279,82 @@ ensureDatabases = ["nextcloud"]; }; + # SearX #################################################################### + services.searx = { + enable = true; + environmentFile = "/run/secrets/searx.env"; + settings = { + server.secret_key = "@SEARX_SECRET_KEY@"; + search = { + autocomplete = "google"; + autocomplete_min = 2; + }; + ui = { + query_in_title = true; + infinite_scroll = true; + center_alignment = true; + hotkeys = "vim"; + }; + engines = [ + { + name = "seznam"; + disabled = false; + } + { + name = "material icons"; + disabled = false; + } + { + name = "svgrepo"; + disabled = false; + } + { + name = "peertube"; + disabled = false; + } + { + name = "lib.rs"; + disabled = false; + } + { + name = "gitlab"; + disabled = false; + } + { + name = "sourcehut"; + disabled = false; + } + { + name = "free software directory"; + disabled = false; + } + { + name = "cppreference"; + disabled = false; + } + { + name = "searchcode code"; + disabled = false; + } + { + name = "imdb"; + disabled = false; + } + { + name = "tmdb"; + disabled = false; + } + ]; + }; + runInUwsgi = true; + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + }; + redisCreateLocally = true; + }; + users.groups.searx.members = ["nginx"]; + # Old Syncthing ############################################################ services.syncthing = { enable = true; diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 4e29bca..0bc7627 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -42,12 +42,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index 9ffde96..085bb5f 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -41,12 +41,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index e97f29f..29fe8c4 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -156,12 +156,10 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/modules/bcg.nix b/nixos/modules/bcg.nix deleted file mode 100644 index 3146c15..0000000 --- a/nixos/modules/bcg.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.bcg; - configFile = (pkgs.formats.yaml {}).generate "bcg.conf.yaml" ( - filterAttrsRecursive (_: v: v != null) { - inherit (cfg) device name mqtt; - retain_node_messages = cfg.retainNodeMessages; - qos_node_messages = cfg.qosNodeMessages; - base_topic_prefix = cfg.baseTopicPrefix; - automatic_remove_kit_from_names = cfg.automaticRemoveKitFromNames; - automatic_rename_kit_nodes = cfg.automaticRenameKitNodes; - automatic_rename_generic_nodes = cfg.automaticRenameGenericNodes; - automatic_rename_nodes = cfg.automaticRenameNodes; - } - ); -in { - options = { - services.bcg = { - enable = mkEnableOption "BigClown gateway"; - package = mkPackageOption pkgs ["python3Packages" "bcg"] {}; - environmentFiles = mkOption { - type = types.listOf types.path; - default = []; - example = ["/run/keys/bcg.env"]; - description = '' - File to load as environment file. Environment variables from this file - will be interpolated into the config file using envsubst with this - syntax: `$ENVIRONMENT` or `''${VARIABLE}`. - This is useful to avoid putting secrets into the nix store. - ''; - }; - verbose = mkOption { - type = types.enum ["CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG"]; - default = "WARNING"; - description = "Verbosity level."; - }; - device = mkOption { - type = types.str; - description = "Device name to configure gateway to use."; - }; - name = mkOption { - type = with types; nullOr str; - default = null; - description = '' - Name for the device. - - Supported variables: - * `{ip}` IP address - * `{id}` The ID of the connected usb-dongle or core-module - - `null` can be used for automatic detection from gateway firmware. - ''; - }; - mqtt = { - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host where MQTT server is running."; - }; - port = mkOption { - type = types.port; - default = 1883; - description = "Port of MQTT server."; - }; - username = mkOption { - type = with types; nullOr str; - default = null; - description = "MQTT server access username."; - }; - password = mkOption { - type = with types; nullOr str; - default = null; - description = "MQTT server access password."; - }; - cafile = mkOption { - type = with types; nullOr str; - default = null; - description = "Certificate Authority file for MQTT server access."; - }; - certfile = mkOption { - type = with types; nullOr str; - default = null; - description = "Certificate file for MQTT server access."; - }; - keyfile = mkOption { - type = with types; nullOr str; - default = null; - description = "Key file for MQTT server access."; - }; - }; - retainNodeMessages = mkOption { - type = types.bool; - default = false; - description = "Specify that node messages should be retaied in MQTT broker."; - }; - qosNodeMessages = mkOption { - type = types.int; - default = 1; - description = "Set the guarantee of MQTT message delivery."; - }; - baseTopicPrefix = mkOption { - type = types.str; - default = ""; - description = "Topic prefix added to all MQTT messages."; - }; - automaticRemoveKitFromNames = mkOption { - type = types.bool; - default = true; - description = "Automatically remove kits."; - }; - automaticRenameKitNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename kit's nodes."; - }; - automaticRenameGenericNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename generic nodes."; - }; - automaticRenameNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename all nodes."; - }; - rename = mkOption { - type = with types; attrsOf str; - default = {}; - description = "Rename nodes to different name."; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - python3Packages.bcg - python3Packages.bch - ]; - - systemd.services.bcg = let - envConfig = cfg.environmentFiles != []; - finalConfig = - if envConfig - then "$RUNTIME_DIRECTORY/bcg.config.yaml" - else configFile; - in { - description = "BigClown Gateway"; - wantedBy = ["multi-user.target"]; - wants = ["network-online.target"] ++ lib.optional config.services.mosquitto.enable "mosquitto.service"; - after = ["network-online.target"]; - preStart = '' - umask 077 - ${pkgs.envsubst}/bin/envsubst -i "${configFile}" -o "${finalConfig}" - ''; - serviceConfig = { - EnvironmentFile = cfg.environmentFiles; - ExecStart = "${cfg.package}/bin/bcg -c ${finalConfig} -v ${cfg.verbose}"; - RuntimeDirectory = "bcg"; - }; - }; - }; -} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 6bc0d70..d45cb0a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -17,6 +17,5 @@ in // { default = { imports = attrValues modules ++ default_modules; - disabledModules = ["services/misc/bcg.nix"]; }; } diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 0c8f287..2b19b93 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -81,7 +81,6 @@ in { exts.pass-otp #exts.pass-audit ])) - nextcloud-client chromium ferdium diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index a18c7ac..2a20527 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -61,6 +61,8 @@ in { # C clang-tools + massif-visualizer + qcachegrind # Python (python3.withPackages (pypkgs: @@ -75,6 +77,7 @@ in { mypy scipy + statsmodels sympy pygraphviz diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index c8b1283..a658515 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -98,8 +98,8 @@ in { matchConfig.Name = "brlan"; networkConfig.VLAN = ["home" "guest"]; bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 1;} + {VLAN = 2;} ]; }; "home" = { @@ -121,10 +121,8 @@ in { }; dhcpServerStaticLeases = mapAttrsToList (n: v: { - dhcpServerStaticLeaseConfig = { - MACAddress = n; - Address = v; - }; + MACAddress = n; + Address = v; }) cnf.staticLeases; dhcpPrefixDelegationConfig = { diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix index 37ac687..e74102a 100644 --- a/nixos/modules/switch.nix +++ b/nixos/modules/switch.nix @@ -42,10 +42,8 @@ in { matchConfig.Name = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - PVID = 1; - EgressUntagged = 1; - }; + PVID = 1; + EgressUntagged = 1; } ]; networkConfig = { diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix index 40210e7..1db730c 100644 --- a/nixos/modules/wifi-adm.nix +++ b/nixos/modules/wifi-adm.nix @@ -117,10 +117,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -129,10 +127,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -141,10 +137,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -153,10 +147,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -165,10 +157,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -177,10 +167,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix index 669439d..2ecc3a3 100644 --- a/nixos/modules/wifi-spt.nix +++ b/nixos/modules/wifi-spt.nix @@ -130,10 +130,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -142,10 +140,8 @@ in { # networkConfig.Bridge = "brlan"; # bridgeVLANs = [ # { - # bridgeVLANConfig = { # EgressUntagged = 2; # PVID = 2; - # }; # } # ]; #}; @@ -159,10 +155,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -171,10 +165,8 @@ in { # networkConfig.Bridge = "brlan"; # bridgeVLANs = [ # { - # bridgeVLANConfig = { # EgressUntagged = 2; # PVID = 2; - # }; # } # ]; #}; diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix index eb25a6e..69e1ccd 100644 --- a/nixos/modules/wireguad.nix +++ b/nixos/modules/wireguad.nix @@ -29,27 +29,21 @@ in { }; wireguardPeers = [ - { - wireguardPeerConfig = - { - Endpoint = "cynerd.cz:51820"; - AllowedIPs = ["0.0.0.0/0"]; - PublicKey = config.secrets.wireguardPubs.lipwig; - } - // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}); - } - { - wireguardPeerConfig = - { - Endpoint = "spt.cynerd.cz:51820"; - AllowedIPs = [ - "${config.cynerd.hosts.wg.spt-omnia}/32" - "10.8.2.0/24" - ]; - PublicKey = config.secrets.wireguardPubs.spt-omnia; - } - // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}); - } + ({ + Endpoint = "cynerd.cz:51820"; + AllowedIPs = ["0.0.0.0/0"]; + PublicKey = config.secrets.wireguardPubs.lipwig; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) + ({ + Endpoint = "spt.cynerd.cz:51820"; + AllowedIPs = [ + "${config.cynerd.hosts.wg.spt-omnia}/32" + "10.8.2.0/24" + ]; + PublicKey = config.secrets.wireguardPubs.spt-omnia; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) #{ # wireguardPeerConfig = # { @@ -64,10 +58,8 @@ in { #} ] ++ (optionals is_endpoint (mapAttrsToList (n: v: { - wireguardPeerConfig = { - AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; - PublicKey = v; - }; + AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; + PublicKey = v; }) (filterAttrs (n: _: all (v: v != n) endpoints) config.secrets.wireguardPubs))); }; networks."wg" = { @@ -82,27 +74,21 @@ in { routes = (optional (hostName != "lipwig") { # OpenVPN network - routeConfig = { - Gateway = config.cynerd.hosts.wg.lipwig; - Destination = "10.8.0.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.lipwig; + Destination = "10.8.0.0/24"; + Metric = 2048; }) ++ (optional (hostName != "spt-omnia") { # SPT network - routeConfig = { - Gateway = config.cynerd.hosts.wg.spt-omnia; - Destination = "10.8.2.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.spt-omnia; + Destination = "10.8.2.0/24"; + Metric = 2048; }) ++ (optional (hostName != "adm-omnia" && hostName != "lipwig") { # Adamkovi network - routeConfig = { - Gateway = config.cynerd.hosts.wg.adm-omnia; - Destination = "10.8.3.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.adm-omnia; + Destination = "10.8.3.0/24"; + Metric = 2048; }); }; }; |