From 9492adaded6cb8b246db5a348fb2720dbc184214 Mon Sep 17 00:00:00 2001 From: Karel Kočí Date: Sat, 16 May 2026 13:12:33 +0200 Subject: treewide: systems modifications --- nixos/configurations/adm-omnia.nix | 53 +++++++++++++++++--------------------- nixos/configurations/lipwig.nix | 20 +++++++------- nixos/configurations/spt-omnia.nix | 6 +++++ nixos/configurations/zd-mox.nix | 6 +++++ nixos/modules/autounlock.nix | 1 + nixos/modules/desktop.nix | 4 +-- nixos/modules/develop.nix | 15 ++++++----- nixos/modules/hosts.nix | 8 ++---- nixos/modules/monitoring.nix | 1 + nixos/modules/openwrtone.nix | 2 +- nixos/modules/packages.nix | 2 +- nixos/modules/wifi-adm.nix | 24 +++-------------- 12 files changed, 66 insertions(+), 76 deletions(-) (limited to 'nixos') diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 2b80bbc..826563b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -15,11 +15,7 @@ in { wan = "pppoe-wan"; lanIP = hosts.omnia; staticLeases = { - "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; - "b8:27:eb:49:54:5a" = hosts.mpd; - }; - guestStaticLeases = { "f4:a9:97:a4:bd:59" = hosts.printer; }; }; @@ -40,18 +36,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.0.0/24" "10.8.1.0/24"]; + }; }; networking.useDHCP = false; @@ -82,7 +80,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan4"; + matchConfig.Name = "lan*"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -92,16 +90,6 @@ in { {VLAN = 2;} ]; }; - "lan-guest" = { - matchConfig.Name = "lan[0-3]"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; }; }; @@ -121,14 +109,21 @@ in { password 02 ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end2.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + after = ["sys-subsystem-net-devices-end2.device"]; + partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "wg" oifname "home" accept iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 556ca5d..291aa54 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -198,7 +198,7 @@ # Nextcloud ################################################################ services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; https = true; hostName = "cloud.cynerd.cz"; datadir = "/nas/nextcloud"; @@ -266,18 +266,18 @@ license = "agpl3Plus"; }; integration_gitlab = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v4.0.0/integration_gitlab-v4.0.0.tar.gz"; - hash = "sha256-0CKvAiwdG6Llomo9ROu0KLdUq1xfjAwlO1e1/LYzL4s="; - license = "agpl3Plus"; - }; - money = pkgs.fetchNextcloudApp { - url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; - hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + url = "https://github.com/nextcloud-releases/integration_gitlab/releases/download/v5.0.0/integration_gitlab-v5.0.0.tar.gz"; + hash = "sha256-f0D9UrlX8bsf4BSTCzb9bN1gYKDlSY9JxmgO6el7HZw="; license = "agpl3Plus"; }; + #money = pkgs.fetchNextcloudApp { + # url = "https://github.com/powerpaul17/nc_money/releases/download/v0.31.0/money.tar.gz"; + # hash = "sha256-6RlxWTCw6NP9RquHnfoLLBw/dmAXx21INCzYUcp3E/4="; + # license = "agpl3Plus"; + #}; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; - hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.1/passwords-lsr-81.tar.gz"; + hash = "sha256-NqeGO1iJC98fqgsEE+WZOUiTTI9Du/zRPSw/w5g9e/E="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index c2ef049..df19d82 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -119,6 +119,8 @@ in { defaultroute6 #usepeerdns maxfail 1 + #holdoff 5 + #persist user metronet password metronet ''; @@ -126,6 +128,10 @@ in { systemd.services."pppd-wan" = { after = ["sys-subsystem-net-devices-end2.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 6ce1b6b..54cc150 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -113,6 +113,8 @@ in { defaultroute defaultroute6 maxfail 1 + #holdoff 5 + #persist # user and password added in secrets ''; }; @@ -120,6 +122,10 @@ in { "pppd-wan" = { requires = ["sys-subsystem-net-devices-end0.848.device"]; partOf = ["systemd-networkd.service"]; + serviceConfig = { + Restart = "always"; + StartLimitBurst = 0; + }; }; "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; diff --git a/nixos/modules/autounlock.nix b/nixos/modules/autounlock.nix index d7d6a7c..912f55f 100644 --- a/nixos/modules/autounlock.nix +++ b/nixos/modules/autounlock.nix @@ -18,6 +18,7 @@ in { config = mkIf (cnf != {}) { environment.systemPackages = [pkgs.luks-hw-password]; boot.initrd = { + systemd.enable = false; extraFiles."/luks-hw-password".source = pkgs.luks-hw-password; luks.devices = mapAttrs (name: value: { diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index c39f9d2..575b85e 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -172,7 +172,7 @@ in { freecad kicad sweethome3d.application - qelectrotech + #qelectrotech super-slicer ] ++ (optionals cnf.laptop [ @@ -291,7 +291,7 @@ in { enable = true; discovery = true; }; - davfs2.enable = true; + #davfs2.enable = true; TODO!!! locate.enable = true; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 587477f..69c58bc 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -30,7 +30,7 @@ in { openssl tio vim-vint - nodePackages.vim-language-server + vim-language-server vale can-utils @@ -64,7 +64,7 @@ in { # C clang-tools - massif-visualizer + #massif-visualizer elf-size-analyze # Python @@ -164,6 +164,9 @@ in { linux-manual stdmanpages + # Writing documentation + docstrfmt + # SHV (shvcli.withPlugins [python3Packages.shvcli-ell]) @@ -173,10 +176,10 @@ in { # S3 rclone ]; - programs.wireshark = { - enable = true; - package = pkgs.wireshark; - }; + #programs.wireshark = { + # enable = true; + # package = pkgs.wireshark; + #}; documentation = { nixos = { diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index 6d901e0..0263d1c 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -73,10 +73,8 @@ in { "omnia2" = "10.8.3.3"; # Local "3dprint" = "10.8.3.80"; - "mpd" = "10.8.3.51"; - "printer" = "192.168.1.20"; + "printer" = "10.8.3.20"; # Portable - "albert" = "10.8.3.61"; "binky" = "10.8.3.63"; }; }; @@ -109,10 +107,8 @@ in { "${cnf.adm.omnia}" = ["omnia.adm"]; "10.8.3.2" = ["redmi.adm"]; "${cnf.adm.omnia2}" = ["omnia2.adm"]; - "${cnf.adm.albert}" = ["albert.adm"]; "${cnf.adm.binky}" = ["binky.adm"]; - "${cnf.adm."3dprint"}" = ["3dprint"]; - "${cnf.adm.mpd}" = ["mpd.adm"]; + "${cnf.adm.printer}" = ["printer.adm"]; }; }; } diff --git a/nixos/modules/monitoring.nix b/nixos/modules/monitoring.nix index e8ba2a9..481854c 100644 --- a/nixos/modules/monitoring.nix +++ b/nixos/modules/monitoring.nix @@ -150,6 +150,7 @@ in { security = { admin_user = "cynerd"; admin_password = "$__file{/run/secrets/grafana.admin.pass}"; + secret_key = "SW2YcwTIb9zpOOhoPsMm"; }; server = { domain = "grafana.cynerd.cz"; diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix index 40c1ed6..c70dcbc 100644 --- a/nixos/modules/openwrtone.nix +++ b/nixos/modules/openwrtone.nix @@ -56,7 +56,7 @@ in { }; # Use OpenWrt One specific kernel. It fixes SError with patch. - kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linuxOpenWrtOne); + kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linux_7_0); kernelParams = [ "fw_devlink=permissive" "clk_ignore_unused" diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index e97229f..a85f14a 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -63,7 +63,7 @@ in { wakeonlan speedtest-cli librespeed-cli - termshark + #termshark w3m lm_sensors diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix index 56ca65a..e69afd1 100644 --- a/nixos/modules/wifi-adm.nix +++ b/nixos/modules/wifi-adm.nix @@ -16,16 +16,8 @@ saePasswordsFile = "/run/secrets/hostapd-TurrisAdamkovi.pass"; }; }; - "${cnf."${name}".interface}.nela" = { - bssid = elemAt cnf."${name}".bssids 1; - ssid = "Nela"; - authentication = { - mode = "wpa2-sha256"; - wpaPasswordFile = "/run/secrets/hostapd-Nela.pass"; - }; - }; "${cnf."${name}".interface}.milan" = { - bssid = elemAt cnf."${name}".bssids 2; + bssid = elemAt cnf."${name}".bssids 1; ssid = "MILAN-AC"; authentication = { mode = "wpa2-sha1"; @@ -48,23 +40,13 @@ } ]; }; - "lan-${cnf."${name}".interface}.nela" = { - matchConfig.Name = "${cnf."${name}".interface}-nela"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - EgressUntagged = 2; - PVID = 2; - } - ]; - }; "lan-${cnf."${name}".interface}.milan" = { matchConfig.Name = "${cnf."${name}".interface}.milan"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - EgressUntagged = 2; - PVID = 2; + EgressUntagged = 1; + PVID = 1; } ]; }; -- cgit v1.3