dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:caa208b288b372e4290b0b82983e4db11edcacd0
Branches Tags
dev:master dev:fastback-ssh
dev:installer
..
compare: dev:installer
Branches Tags
dev:master dev:fastback-ssh
dev:installer

13 Commits
caa208b288 ... installer

Author SHA1 Message Date
Jack O'Sullivan
820bb2de5b lib: River IP update
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h4m34s
Details
Installer / Build installer (push) Successful in 5m54s
Details
2025-01-01 19:14:04 +00:00
Jack O'Sullivan
7d3ad52a44 devshell: Add git config safe.directory for build-n-switch
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h2m7s
Details
2024-12-23 10:32:13 +00:00
Jack O'Sullivan
2cdb98e898 nixos/common: Disable channels
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 53m0s
Details
2024-12-12 12:38:01 +00:00
Jack O'Sullivan
b717b1ceb4 nixos/gui: Add /dev/player0 VID
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 1h1m16s
Details
2024-12-11 17:17:33 +00:00
Jack O'Sullivan
f31ce61c2b Update borgthin
All checks were successful
CI / Check, build and cache nixfiles (push) Successful in 2h31m34s
Details
2024-11-30 19:31:58 +00:00
Jack O'Sullivan
aec22942f7 Update latest Linux kernel to 6.12 2024-11-30 19:31:43 +00:00
Jack O'Sullivan
fc8676c3bb devshell: Remove deprecated Nix command stuff 2024-11-30 19:19:23 +00:00
Jack O'Sullivan
2915e42a1d ci: Group CI jobs
Some checks failed
CI / Check, build and cache nixfiles (push) Failing after 33m39s
Details
2024-11-30 18:05:22 +00:00
Jack O'Sullivan
5783d3a51e Update nixpkgs-stable to 24.11 2024-11-30 17:45:59 +00:00
Jack O'Sullivan
2fe94bba23 nixos/git: Add longer timeout for Gitea actions runner
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 2h29m25s
Details
2024-11-27 12:29:04 +00:00
Jack O'Sullivan
4b42960d26 home-manager/gui: Update alacritty import setting to new section
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 3h1m26s
Details
2024-11-26 23:19:58 +00:00
Jack O'Sullivan
56e9abf945 ci: Build and grab path for jobs in separate calls
Some checks failed
CI / Check, build and cache Nix flake (push) Has been cancelled
Details 
The old build-n-parse seemed to output null sometimes.....
 2024-11-26 22:45:19 +00:00
Jack O'Sullivan
4e2c2f92f0 nixos/middleman: Remove config for Matrix sliding sync proxy
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 6m29s
Details
2024-11-26 22:15:53 +00:00
26 changed files with 175 additions and 174 deletions
Expand all files Collapse all files

18
.gitea/workflows/ci.yaml
View File

@@ -6,7 +6,7 @@ on:
jobs: jobs:
check: check:
name: Check, build and cache Nix flake name: Check, build and cache nixfiles
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -26,18 +26,22 @@ jobs:
- name: Check flake - name: Check flake
run: nix flake check --no-build run: nix flake check --no-build
- name: Build (and cache) the world - name: Build (and cache) the world
id: build id: build
env: env:
HARMONIA_SSH_KEY: ${{ secrets.HARMONIA_SSH_KEY }} HARMONIA_SSH_KEY: ${{ secrets.HARMONIA_SSH_KEY }}
run: | run: |
nix eval --json --apply "builtins.attrNames" .#ci.x86_64-linux | jq -cr '.[]' | while read job; do nix eval --json --apply "builtins.attrNames" .#ci.x86_64-linux | jq -cr '.[]' | while read job; do
echo "Building CI job $job" echo "::group::Build $job"
path="$(nix build --no-link .#ci.x86_64-linux."$job" --json | jq -r .[0].outputs.out)" nix build --no-link .#ci.x86_64-linux."$job"
echo "Caching CI job $job" echo "::endgroup::"
ci/push-to-cache.sh "$path"
echo "::group::Cache $job"
ci/push-to-cache.sh "$(nix eval --raw .#ci.x86_64-linux."$job")"
echo "::endgroup::"
done done
echo "Building and caching CI derivation" echo "Building and caching CI derivation"
path="$(nix build --no-link .#ciDrv.x86_64-linux --json | jq -r .[0].outputs.out)" nix build --no-link .#ciDrv.x86_64-linux
UPDATE_PROFILE=1 ci/push-to-cache.sh "$path" UPDATE_PROFILE=1 ci/push-to-cache.sh "$(nix eval --raw .#ciDrv.x86_64-linux)"

23
devshell/commands.nix
View File

@@ -77,7 +77,12 @@ in
name = "build-n-switch"; name = "build-n-switch";
category = "tasks"; category = "tasks";
help = "Shortcut to nixos-rebuild for this flake"; help = "Shortcut to nixos-rebuild for this flake";
command = ''doas nixos-rebuild --flake . "$@"''; command = ''
# HACK: Upstream changes in Git + Nix makes this necessary
# https://github.com/NixOS/nix/issues/10202
doas git config --global --add safe.directory "$PWD"
doas nixos-rebuild --flake . "$@"
'';
} }
{ {
name = "run-vm"; name = "run-vm";
@@ -115,29 +120,17 @@ in
help = "Build home-manager configuration"; help = "Build home-manager configuration";
command = ''nix build "''${@:2}" ".#homeConfigurations.\"$1\".activationPackage"''; command = ''nix build "''${@:2}" ".#homeConfigurations.\"$1\".activationPackage"'';
} }
{
name = "update-inputs";
category = "tasks";
help = "Update flake inputs";
command = ''
args=()
for f in "$@"; do
args+=(--update-input "$f")
done
nix flake lock "''${args[@]}"
'';
}
{ {
name = "update-nixpkgs"; name = "update-nixpkgs";
category = "tasks"; category = "tasks";
help = "Update nixpkgs flake inputs"; help = "Update nixpkgs flake inputs";
command = ''update-inputs nixpkgs-{unstable,stable,mine,mine-stable}''; command = ''nix flake update nixpkgs-{unstable,stable,mine,mine-stable}'';
} }
{ {
name = "update-home-manager"; name = "update-home-manager";
category = "tasks"; category = "tasks";
help = "Update home-manager flake inputs"; help = "Update home-manager flake inputs";
command = ''update-inputs home-manager-{unstable,stable}''; command = ''nix flake update home-manager-{unstable,stable}'';
} }
{ {
name = "update-installer"; name = "update-installer";

2
devshell/default.nix
View File

@@ -11,7 +11,7 @@ in
NIX_USER_CONF_FILES = toString (pkgs.writeText "nix.conf" NIX_USER_CONF_FILES = toString (pkgs.writeText "nix.conf"
'' ''
experimental-features = nix-command flakes ca-derivations repl-flake experimental-features = nix-command flakes ca-derivations
connect-timeout = 5 connect-timeout = 5
fallback = true fallback = true
${lib.my.c.nix.cache.conf} ${lib.my.c.nix.cache.conf}

46
flake.lock generated
View File

@@ -56,11 +56,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1692446555, "lastModified": 1732994213,
"narHash": "sha256-Uzl8TiGKVBCjwYhkprSwbcu8xlcQwnDNIqsk9rM+P9w=", "narHash": "sha256-3v8cTsPB+TIdWmc1gmRNd0Mi0elpfi39CXRsA/2x/Oo=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "borg", "repo": "borg",
"rev": "44a3dc19b014ebc8d33db0b3e145ed7bfc9a0cb7", "rev": "795f5009445987d42f32de1b49fdeb2d88326a64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -437,16 +437,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1732466619,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-T1e5oceypZu3Q8vzICjv1X/sGs9XfJRMW5OuXHgpB3c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "f3111f62a23451114433888902a55cf0692b408d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "home-manager", "id": "home-manager",
"ref": "release-24.05", "ref": "release-24.11",
"type": "indirect" "type": "indirect"
} }
}, },
@@ -457,11 +457,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1732482255, "lastModified": 1732884235,
"narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a9953635d7f34e7358d5189751110f87e3ac17da", "rev": "819f682269f4e002884702b87e445c82840c68f2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -545,11 +545,11 @@
}, },
"nixpkgs-mine": { "nixpkgs-mine": {
"locked": { "locked": {
"lastModified": 1731774603, "lastModified": 1732985787,
"narHash": "sha256-d8Y7nqzdjKqG/sOkEm52J0C6jBX0cn1GHGuh0GUTqyI=", "narHash": "sha256-6rSJ9L4QywpHLi/xvpOHdTuPm6/eOJcXxnYzDbP3U1k=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0712614f7c9f98eddf838c2a6ae1a2e315ca6b83", "rev": "a28c46933ef5038fb7a2dd483b85152a539c7969",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -561,11 +561,11 @@
}, },
"nixpkgs-mine-stable": { "nixpkgs-mine-stable": {
"locked": { "locked": {
"lastModified": 1731774637, "lastModified": 1732985894,
"narHash": "sha256-j2swiGIVhYDpbsf+uCfMmxZ69nzy5VvW6OKUSJFifds=", "narHash": "sha256-YYuQQCcSF6KjgtAenZJiBmqt5jqP3UvYgC424VQ+22s=",
"owner": "devplayer0", "owner": "devplayer0",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "682a245504aa86e26aab8d4a5273333946d19689", "rev": "e0a3f4e2bbc5f7b681e344b389dcbab23f2e92a8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -577,26 +577,26 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1731797254, "lastModified": 1732824227,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "narHash": "sha256-fYNXgpu1AEeLyd3fQt4Ym0tcVP7cdJ8wRoqJ+CtTRyY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "rev": "c71ad5c34d51dcbda4c15f44ea4e4aa6bb6ac1e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"type": "indirect" "type": "indirect"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1732758367,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@@ -7,13 +7,13 @@
devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; devshell.inputs.nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nixpkgs-stable.url = "nixpkgs/nixos-24.05"; nixpkgs-stable.url = "nixpkgs/nixos-24.11";
nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0";
nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable";
home-manager-unstable.url = "home-manager"; home-manager-unstable.url = "home-manager";
home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable";
home-manager-stable.url = "home-manager/release-24.05"; home-manager-stable.url = "home-manager/release-24.11";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
# Stuff used by the flake for build / deployment # Stuff used by the flake for build / deployment

7
home-manager/modules/gui/default.nix
View File

@@ -42,9 +42,8 @@ in
xdg-utils xdg-utils
font.package font.package
(nerdfonts.override { nerd-fonts.sauce-code-pro
fonts = [ "DroidSansMono" "SourceCodePro" ]; nerd-fonts.droid-sans-mono
})
noto-fonts-emoji noto-fonts-emoji
grim grim
@@ -80,7 +79,7 @@ in
alacritty = { alacritty = {
enable = true; enable = true;
settings = { settings = {
import = [ ./alacritty-xterm.toml ]; general.import = [ ./alacritty-xterm.toml ];
font = { font = {
size = font.size; size = font.size;

4
lib/constants.nix
View File

@@ -27,7 +27,7 @@ rec {
kernel = { kernel = {
lts = pkgs: pkgs.linuxKernel.packages.linux_6_6; lts = pkgs: pkgs.linuxKernel.packages.linux_6_6;
latest = pkgs: pkgs.linuxKernel.packages.linux_6_11; latest = pkgs: pkgs.linuxKernel.packages.linux_6_12;
}; };
nginx = rec { nginx = rec {
@@ -267,7 +267,7 @@ rec {
"stream" "stream"
]; ];
routersPubV4 = [ routersPubV4 = [
"80.111.122.16" "109.255.31.155"
"109.255.252.63" "109.255.252.63"
]; ];

4
nixos/boxes/britway/default.nix
View File

@@ -106,7 +106,7 @@ in
{ {
matchConfig.Name = "as211024"; matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false; networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = lib.my.c.colony.prefixes.all.v4; Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address; Gateway = allAssignments.estuary.as211024.ipv4.address;
@@ -123,7 +123,7 @@ in
Table = "ts-extra"; Table = "ts-extra";
} }
]; ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ routingPolicyRules = [
{ {
IncomingInterface = "tailscale0"; IncomingInterface = "tailscale0";
To = lib.my.c.colony.prefixes.all.v6; To = lib.my.c.colony.prefixes.all.v6;

12
nixos/boxes/colony/default.nix
View File

@@ -252,10 +252,10 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.vms.v6; Prefix = prefixes.vms.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = prefixes.ctrs.v4; Destination = prefixes.ctrs.v4;
Gateway = allAssignments.shill.routing.ipv4.address; Gateway = allAssignments.shill.routing.ipv4.address;
@@ -327,10 +327,10 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.mail.v6; Prefix = prefixes.mail.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = prefixes.mail.v4; Destination = prefixes.mail.v4;
Scope = "link"; Scope = "link";
@@ -350,10 +350,10 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.darts.v6; Prefix = prefixes.darts.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = prefixes.darts.v4; Destination = prefixes.darts.v4;
Scope = "link"; Scope = "link";

99
nixos/boxes/colony/vms/estuary/default.nix
View File

@@ -164,11 +164,9 @@ in
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = { PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E=";
PublicKey = "7N9YdQaCMWWIwAnW37vrthm9ZpbnG4Lx3gheHeRYz2E="; AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ];
AllowedIPs = [ allAssignments.kelder.estuary.ipv4.address ]; PersistentKeepalive = 25;
PersistentKeepalive = 25;
};
} }
]; ];
}; };
@@ -278,52 +276,51 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.base.v6; Prefix = prefixes.base.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) (flatten routes = flatten ([
([ {
{ Destination = prefixes.vip1;
Destination = prefixes.vip1; Gateway = allAssignments.colony.routing.ipv4.address;
Gateway = allAssignments.colony.routing.ipv4.address; }
} {
{ Destination = prefixes.vip3;
Destination = prefixes.vip3; Gateway = allAssignments.colony.routing.ipv4.address;
Gateway = allAssignments.colony.routing.ipv4.address; }
} {
{ Destination = prefixes.darts.v4;
Destination = prefixes.darts.v4; Gateway = allAssignments.colony.routing.ipv4.address;
Gateway = allAssignments.colony.routing.ipv4.address; }
} {
{ Destination = prefixes.cust.v6;
Destination = prefixes.cust.v6; Gateway = allAssignments.colony.internal.ipv6.address;
Gateway = allAssignments.colony.internal.ipv6.address; }
}
{ {
Destination = lib.my.c.tailscale.prefix.v4; Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.colony.routing.ipv4.address; Gateway = allAssignments.colony.routing.ipv4.address;
} }
{ {
Destination = lib.my.c.tailscale.prefix.v6; Destination = lib.my.c.tailscale.prefix.v6;
Gateway = allAssignments.colony.internal.ipv6.address; Gateway = allAssignments.colony.internal.ipv6.address;
} }
{ {
Destination = prefixes.qclk.v4; Destination = prefixes.qclk.v4;
Gateway = allAssignments.colony.routing.ipv4.address; Gateway = allAssignments.colony.routing.ipv4.address;
} }
] ++ ] ++
(map (pName: [ (map (pName: [
{ {
Gateway = allAssignments.colony.routing.ipv4.address; Gateway = allAssignments.colony.routing.ipv4.address;
Destination = prefixes."${pName}".v4; Destination = prefixes."${pName}".v4;
} }
{ {
Destination = prefixes."${pName}".v6; Destination = prefixes."${pName}".v6;
Gateway = allAssignments.colony.internal.ipv6.address; Gateway = allAssignments.colony.internal.ipv6.address;
} }
]) [ "vms" "ctrs" "oci" ]))); ]) [ "vms" "ctrs" "oci" ]));
} }
]; ];
@@ -332,7 +329,7 @@ in
{ {
matchConfig.Name = "as211024"; matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false; networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = lib.my.c.home.prefixes.all.v4; Destination = lib.my.c.home.prefixes.all.v4;
Gateway = lib.my.c.home.vips.as211024.v4; Gateway = lib.my.c.home.vips.as211024.v4;
@@ -344,10 +341,8 @@ in
matchConfig.Name = "kelder"; matchConfig.Name = "kelder";
routes = [ routes = [
{ {
routeConfig = { Destination = allAssignments.kelder.estuary.ipv4.address;
Destination = allAssignments.kelder.estuary.ipv4.address; Scope = "link";
Scope = "link";
};
} }
]; ];
}; };

5
nixos/boxes/colony/vms/git/gitea-actions.nix
View File

@@ -35,6 +35,11 @@ in
]; ];
url = "https://git.${pubDomain}"; url = "https://git.${pubDomain}";
tokenFile = config.age.secrets."gitea/actions-runner.env".path; tokenFile = config.age.secrets."gitea/actions-runner.env".path;
settings = {
runner = {
timeout = "8h";
};
};
}; };
}; };
}; };

4
nixos/boxes/colony/vms/shill/containers-ext.nix
View File

@@ -47,10 +47,10 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.jam.v6; Prefix = prefixes.jam.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = prefixes.jam.v4; Destination = prefixes.jam.v4;
Scope = "link"; Scope = "link";

8
nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
View File

@@ -94,6 +94,14 @@ in
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = { services = {
netdata.enable = true; netdata.enable = true;

14
nixos/boxes/colony/vms/shill/containers/jackflix/networking.nix
View File

@@ -71,14 +71,12 @@ in
RouteTable = routeTable; RouteTable = routeTable;
}; };
wireguardPeers = [ wireguardPeers = [
# AirVPN NL
{ {
# AirVPN NL Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637";
wireguardPeerConfig = { PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
Endpoint = "2a00:1678:1337:2329:e5f:35d4:4404:ef9f:1637"; PresharedKeyFile = config.age.secrets."${pskFile}".path;
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; AllowedIPs = [ "0.0.0.0/0" "::/0" ];
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
} }
]; ];
}; };
@@ -94,7 +92,7 @@ in
matchConfig.Name = "vpn"; matchConfig.Name = "vpn";
address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ]; address = [ "10.182.97.37/32" "fd7d:76ee:e68f:a993:735d:ef5e:6907:b122/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ]; dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ routingPolicyRules = [
{ {
Family = "both"; Family = "both";
SuppressPrefixLength = 0; SuppressPrefixLength = 0;

5
nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
View File

@@ -35,7 +35,6 @@ let
# For clients # For clients
(mkWellKnown "matrix/client" (toJSON { (mkWellKnown "matrix/client" (toJSON {
"m.homeserver".base_url = "https://matrix.nul.ie"; "m.homeserver".base_url = "https://matrix.nul.ie";
"org.matrix.msc3575.proxy".url = "https://matrix-syncv3.nul.ie";
})) }))
]; ];
}; };
@@ -182,10 +181,6 @@ in
]; ];
useACMEHost = pubDomain; useACMEHost = pubDomain;
}; };
"matrix-syncv3.${pubDomain}" = {
locations."/".proxyPass = "http://chatterbox-ctr.${domain}:8009";
useACMEHost = pubDomain;
};
"element.${pubDomain}" = "element.${pubDomain}" =
let let

2
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@@ -237,7 +237,7 @@ in
harmonia = { harmonia = {
enable = true; enable = true;
signKeyPath = config.age.secrets."nix-cache.key".path; signKeyPaths = [ config.age.secrets."nix-cache.key".path ];
settings = { settings = {
priority = 30; priority = 30;
}; };

4
nixos/boxes/colony/vms/shill/default.nix
View File

@@ -140,10 +140,10 @@ in
}; };
ipv6Prefixes = [ ipv6Prefixes = [
{ {
ipv6PrefixConfig.Prefix = prefixes.ctrs.v6; Prefix = prefixes.ctrs.v6;
} }
]; ];
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = lib.my.c.tailscale.prefix.v4; Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.waffletail.internal.ipv4.address; Gateway = allAssignments.waffletail.internal.ipv4.address;

2
nixos/boxes/home/castle/default.nix
View File

@@ -36,7 +36,7 @@ in
cpu = { cpu = {
amd.updateMicrocode = true; amd.updateMicrocode = true;
}; };
opengl.extraPackages = with pkgs; [ graphics.extraPackages = with pkgs; [
intel-media-driver intel-media-driver
]; ];
bluetooth.enable = true; bluetooth.enable = true;

4
nixos/boxes/home/routing-common/default.nix
View File

@@ -276,7 +276,7 @@ in
{ {
matchConfig.Name = "as211024"; matchConfig.Name = "as211024";
networkConfig.IPv6AcceptRA = mkForce false; networkConfig.IPv6AcceptRA = mkForce false;
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = lib.my.c.colony.prefixes.all.v4; Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address; Gateway = allAssignments.estuary.as211024.ipv4.address;
@@ -301,7 +301,7 @@ in
{ {
"60-lan-hi" = { "60-lan-hi" = {
routes = map (r: { routeConfig = r; }) [ routes = [
{ {
Destination = elemAt routersPubV4 otherIndex; Destination = elemAt routersPubV4 otherIndex;
Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4; Gateway = net.cidr.host (otherIndex + 1) prefixes.hi.v4;

10
nixos/boxes/kelder/containers/acquisition/default.nix
View File

@@ -26,7 +26,7 @@ in
config = { config = {
# Hardware acceleration for Jellyfin # Hardware acceleration for Jellyfin
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
vaapiIntel vaapiIntel
@@ -78,6 +78,14 @@ in
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [
# FIXME: This is needed for Sonarr
"aspnetcore-runtime-wrapped-6.0.36"
"aspnetcore-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
];
services = { services = {
transmission = { transmission = {
enable = true; enable = true;

14
nixos/boxes/kelder/containers/acquisition/networking.nix
View File

@@ -73,14 +73,12 @@ in
RouteTable = routeTable; RouteTable = routeTable;
}; };
wireguardPeers = [ wireguardPeers = [
# AirVPN IE
{ {
# AirVPN IE Endpoint = "146.70.94.2:1637";
wireguardPeerConfig = { PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
Endpoint = "146.70.94.2:1637"; PresharedKeyFile = config.age.secrets."${pskFile}".path;
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; AllowedIPs = [ "0.0.0.0/0" "::/0" ];
PresharedKeyFile = config.age.secrets."${pskFile}".path;
AllowedIPs = [ "0.0.0.0/0" "::/0" ];
};
} }
]; ];
}; };
@@ -97,7 +95,7 @@ in
matchConfig.Name = "vpn"; matchConfig.Name = "vpn";
address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ]; address = [ "10.161.170.28/32" "fd7d:76ee:e68f:a993:b12d:6d15:c80a:9516/128" ];
dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ]; dns = [ "10.128.0.1" "fd7d:76ee:e68f:a993::1" ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ routingPolicyRules = [
{ {
Family = "both"; Family = "both";
SuppressPrefixLength = 0; SuppressPrefixLength = 0;

17
nixos/boxes/kelder/default.nix
View File

@@ -121,8 +121,7 @@ in
samba = { samba = {
enable = true; enable = true;
enableNmbd = true; settings = {
shares = {
storage = { storage = {
path = "/mnt/storage"; path = "/mnt/storage";
browseable = "yes"; browseable = "yes";
@@ -131,6 +130,8 @@ in
"directory mask" = "0775"; "directory mask" = "0775";
}; };
}; };
nmbd.enable = true;
}; };
samba-wsdd.enable = true; samba-wsdd.enable = true;
@@ -180,12 +181,10 @@ in
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = { PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU=";
PublicKey = "bP1XUNxp9i8NLOXhgPaIaRzRwi5APbam44/xjvYcyjU="; Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}";
Endpoint = "${allAssignments.estuary.internal.ipv4.address}:${toString lib.my.c.kelder.vpn.port}"; AllowedIPs = [ "0.0.0.0/0" ];
AllowedIPs = [ "0.0.0.0/0" ]; PersistentKeepalive = 25;
PersistentKeepalive = 25;
};
} }
]; ];
}; };
@@ -213,7 +212,7 @@ in
address = with assignments.estuary; [ address = with assignments.estuary; [
(with ipv4; "${address}/${toString mask}") (with ipv4; "${address}/${toString mask}")
]; ];
routingPolicyRules = map (r: { routingPolicyRuleConfig = r; }) [ routingPolicyRules = [
{ {
Family = "both"; Family = "both";
SuppressPrefixLength = 0; SuppressPrefixLength = 0;

10
nixos/modules/common.nix
View File

@@ -40,6 +40,7 @@ in
nix = { nix = {
package = pkgs'.mine.nix; package = pkgs'.mine.nix;
channel.enable = false;
settings = with lib.my.c.nix; { settings = with lib.my.c.nix; {
trusted-users = [ "@wheel" ]; trusted-users = [ "@wheel" ];
experimental-features = [ "nix-command" "flakes" "ca-derivations" ]; experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
@@ -144,7 +145,10 @@ in
fish.enable = mkDefault true; fish.enable = mkDefault true;
# TODO: This is expecting to look up the channel for the database... # TODO: This is expecting to look up the channel for the database...
command-not-found.enable = mkDefault false; command-not-found.enable = mkDefault false;
vim.defaultEditor = true; vim = {
enable = true;
defaultEditor = true;
};
}; };
services = { services = {
@@ -239,9 +243,7 @@ in
} }
(mkIf config.services.kmscon.enable { (mkIf config.services.kmscon.enable {
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
(nerdfonts.override { nerd-fonts.sauce-code-pro
fonts = [ "SourceCodePro" ];
})
]; ];
}) })
]; ];

4
nixos/modules/gui.nix
View File

@@ -12,7 +12,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
hardware = { hardware = {
opengl.enable = mkDefault true; graphics.enable = mkDefault true;
}; };
systemd = { systemd = {
@@ -53,6 +53,8 @@ in
SUBSYSTEM=="usb", ATTR{idVendor}=="057e", MODE="0664", GROUP="wheel" SUBSYSTEM=="usb", ATTR{idVendor}=="057e", MODE="0664", GROUP="wheel"
# FT # FT
SUBSYSTEM=="usb", ATTR{idVendor}=="0403", MODE="0664", GROUP="wheel" SUBSYSTEM=="usb", ATTR{idVendor}=="0403", MODE="0664", GROUP="wheel"
# /dev/player0
SUBSYSTEM=="usb", ATTR{idVendor}=="6969", MODE="0664", GROUP="wheel"
''; '';
}; };
}; };

6
nixos/modules/l2mesh.nix
View File

@@ -44,10 +44,8 @@ let
toString (mesh.baseMTU - overhead); toString (mesh.baseMTU - overhead);
bridgeFDBs = mapAttrsToList (n: peer: { bridgeFDBs = mapAttrsToList (n: peer: {
bridgeFDBConfig = { MACAddress = "00:00:00:00:00:00";
MACAddress = "00:00:00:00:00:00"; Destination = peer.addr;
Destination = peer.addr;
};
}) otherPeers; }) otherPeers;
}; };
}; };

21
nixos/modules/tmproot.nix
View File

@@ -147,6 +147,15 @@ in
"/var/lib/systemd" "/var/lib/systemd"
{ directory = "/root/.cache/nix"; mode = "0700"; } { directory = "/root/.cache/nix"; mode = "0700"; }
# Including these unconditionally due to infinite recursion problems...
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
@@ -260,18 +269,6 @@ in
my.tmproot.persistence.config.files = my.tmproot.persistence.config.files =
concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
}) })
(mkIf config.services.lvm.enable {
my.tmproot.persistence.config.directories = [
{
directory = "/etc/lvm/archive";
mode = "0700";
}
{
directory = "/etc/lvm/backup";
mode = "0700";
}
];
})
(mkIf (config.security.acme.certs != { }) { (mkIf (config.security.acme.certs != { }) {
my.tmproot.persistence.config.directories = [ my.tmproot.persistence.config.directories = [
{ {