iofq/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add headscale, eth clients to htz

Browse source
This commit is contained in:
iofq 2024-02-04 01:57:41 -06:00
parent 4293324f36
commit 1849fdc496
No known key found for this signature in database
GPG key ID: ECF3B2DA38BF7183
15 changed files with 289 additions and 417 deletions
Download patch file Download diff file Expand all files Collapse all files

283
flake.lock generated
View file

@ -40,18 +40,21 @@
},
"devshell": {
"inputs": {
"flake-utils": [
"ethereum-nix",
"flake-utils"
],
"nixpkgs": [
"ethereum-nix",
"nixpkgs"
],
"systems": "systems_2"
]
},
"locked": {
"lastModified": 1701787589,
"narHash": "sha256-ce+oQR4Zq9VOsLoh9bZT8Ip9PaMLcjjBUHVPzW5d7Cw=",
"lastModified": 1705332421,
"narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=",
"owner": "numtide",
"repo": "devshell",
"rev": "44ddedcbcfc2d52a76b64fb6122f209881bd3e1e",
"rev": "83cb93d6d063ad290beee669f4badf9914cc16ec",
"type": "github"
},
"original": {
@ -67,6 +70,7 @@
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-root": "flake-root",
"flake-utils": "flake-utils",
"foundry-nix": "foundry-nix",
"lib-extras": "lib-extras",
"mynixpkgs": "mynixpkgs",
@ -75,14 +79,14 @@
],
"nixpkgs-unstable": "nixpkgs-unstable",
"poetry2nix": "poetry2nix",
"treefmt-nix": "treefmt-nix_2"
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1706156436,
"narHash": "sha256-2NnO15PUkUriGJ749AxImbAcg3CT7StkQDJBZoEIt+U=",
"ref": "refs/heads/main",
"rev": "3042078d2ea4d96befdf6cd05d0f87fcca0c6b1f",
"revCount": 302,
"dirtyRev": "7da1e0822231f28e531299df54d654fe4a326bae-dirty",
"dirtyShortRev": "7da1e08-dirty",
"lastModified": 1707027839,
"narHash": "sha256-0ErCspT4oXC4neSK//US+DaKOY9Mw0/ZissymeQy0to=",
"type": "git",
"url": "file:///home/e/dev/ethereum.nix/"
},
@ -146,11 +150,11 @@
]
},
"locked": {
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
@ -175,12 +179,18 @@
}
},
"flake-utils": {
"inputs": {
"systems": [
"ethereum-nix",
"systems"
]
},
"locked": {
"lastModified": 1644229661,
"narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=",
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
@ -194,11 +204,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -208,6 +218,24 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_5"
},
@ -225,53 +253,23 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_6"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_5": {
"inputs": {
"systems": "systems_7"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"foundry-nix": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
"flake-utils": [
"ethereum-nix",
"flake-utils"
],
"nixpkgs": [
"ethereum-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1706432964,
"narHash": "sha256-AtOO3RwfS2Q66IqNmFA0byGAhb6n1nBbi67/kufouHo=",
"lastModified": 1705309865,
"narHash": "sha256-HkTSsjmR3DE1xKr1M0bBWKyTl4f616166Przd2mwNxw=",
"owner": "shazow",
"repo": "foundry.nix",
"rev": "c898f1ac4d89f953dd77bc360a995742c6b6328f",
"rev": "883243b30a4b8dbb1b515b79b750e2caf7df1a79",
"type": "github"
},
"original": {
@ -332,15 +330,15 @@
]
},
"locked": {
"lastModified": 1706306660,
"narHash": "sha256-lZvgkHtVeduGByPb0Tz9LpAi4olfkEm8XPgv0o7GRsk=",
"owner": "nix-community",
"lastModified": 1706999133,
"narHash": "sha256-SYAhYDqIWBDi1w66o8bY0FUWMPXAL0a1eFNXz+c+KQc=",
"owner": "iofq",
"repo": "home-manager",
"rev": "b2f56952074cb46e93902ecaabfb04dd93733434",
"rev": "a0c9213aefd6bd117c5f51dcd772d96ac558e8d7",
"type": "github"
},
"original": {
"owner": "nix-community",
"owner": "iofq",
"repo": "home-manager",
"type": "github"
}
@ -385,7 +383,7 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
@ -438,11 +436,11 @@
]
},
"locked": {
"lastModified": 1702230402,
"narHash": "sha256-PwhdihM7lOp9l8jxqiNHDT29h0saSgedw6TYs1Y+bkQ=",
"lastModified": 1706558129,
"narHash": "sha256-ZKGarjd5pNhY2GgLO9e8ia9PYoPCmtvw3EH5tVbcIaA=",
"owner": "aldoborrero",
"repo": "mynixpkgs",
"rev": "67a7db27330f85af19f3ce52ae06671e573968ea",
"rev": "e314504ac0eb2b27f7813c63d00a9050c2e31784",
"type": "github"
},
"original": {
@ -475,11 +473,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1706182238,
"narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=",
"lastModified": 1706834982,
"narHash": "sha256-3CfxA7gZ+DVv/N9Pvw61bV5Oe/mWfxYPyVQGqp9TMJA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "f84eaffc35d1a655e84749228cde19922fcf55f1",
"rev": "83e571bb291161682b9c3ccd48318f115143a550",
"type": "github"
},
"original": {
@ -491,15 +489,18 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705677747,
"narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
"path": "/nix/store/kwd6lmx004rkv2r00vj3fcg5ijfvnagk-source",
"rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
"type": "path"
"lastModified": 1706732774,
"narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
@ -520,11 +521,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1704161960,
"narHash": "sha256-QGua89Pmq+FBAro8NriTuoO/wNaUtugt29/qqA8zeeM=",
"lastModified": 1706173671,
"narHash": "sha256-lciR7kQUK2FCAYuszyd7zyRRmTaXVeoZsCyK6QFpGdk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "63143ac2c9186be6d9da6035fa22620018c85932",
"rev": "4fddc9be4eaf195d631333908f2a454b03628ee5",
"type": "github"
},
"original": {
@ -534,35 +535,19 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1706191920,
"narHash": "sha256-eLihrZAPZX0R6RyM5fYAWeKVNuQPYjAkCUBr+JNvtdE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ae5c332cbb5827f6b1f02572496b141021de335f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706391650,
"narHash": "sha256-k2698eTOVfHN6LFpttmiuboW0LUP+FeL3N6+yXBl5NM=",
"lastModified": 1707004404,
"narHash": "sha256-Zm94jTu9pJO3r8Fol1JyuYShssvwP0JnO8n6pTOgHIE=",
"owner": "iofq",
"repo": "nvim.nix",
"rev": "1d10de72aa4c26b9963357ba57b55881e4cf88e6",
"rev": "b6d3c5a7e2f36f0d0ca514154fd52eb18ba2d71a",
"type": "github"
},
"original": {
@ -573,21 +558,30 @@
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": [
"ethereum-nix",
"flake-utils"
],
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"ethereum-nix",
"nixpkgs"
],
"systems": "systems_4",
"treefmt-nix": "treefmt-nix"
"systems": [
"ethereum-nix",
"systems"
],
"treefmt-nix": [
"ethereum-nix",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1704540236,
"narHash": "sha256-VKQ7JUjINd34sYhH7DKTtqnARvRySJ808cW9hoYA8NQ=",
"lastModified": 1705060653,
"narHash": "sha256-puYyylgrBS4AFAHeyVRTjTUVD8DZdecJfymWJe7H438=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "74921da7e0cc8918adc2e9989bd3e9c127b25ff6",
"rev": "e0b44e9e2d3aa855d1dd77b06f067cd0e0c3860d",
"type": "github"
},
"original": {
@ -599,7 +593,7 @@
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_5",
"flake-utils": "flake-utils_4",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
@ -627,12 +621,12 @@
"home-manager": "home-manager",
"microvm": "microvm",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_8",
"systems": "systems_6",
"tfa": "tfa",
"treefmt-nix": "treefmt-nix_3"
"treefmt-nix": "treefmt-nix_2"
}
},
"spectrum": {
@ -706,8 +700,9 @@
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
@ -726,36 +721,6 @@
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -793,16 +758,15 @@
"inputs": {
"nixpkgs": [
"ethereum-nix",
"poetry2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1699786194,
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
"lastModified": 1706285206,
"narHash": "sha256-3WWX6fckgMsFFOmYCuCRJqnLKFB2L3rS2EF6amD+Fp8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
"rev": "fbef7c773be115ed33f37e97256a9e8f6312b925",
"type": "github"
},
"original": {
@ -812,27 +776,6 @@
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"ethereum-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704233915,
"narHash": "sha256-GYDC4HjyVizxnyKRbkrh1GugGp8PP3+fJuh40RPCN7k=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e434da615ef74187ba003b529cc72f425f5d941e",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixpkgs"

21
flake.nix
View file

@ -13,7 +13,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
url = "github:iofq/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
@ -25,9 +25,9 @@
inputs.nixpkgs.follows = "nixpkgs";
};
ethereum-nix = {
# url = "github:nix-community/ethereum.nix";
url = "git+file:///home/e/dev/ethereum.nix/";
inputs.nixpkgs.follows = "nixpkgs";
inputs.foundry-nix.url = "github:shazow/foundry.nix";
};
treefmt-nix = {
url = "github:numtide/treefmt-nix";
@ -43,7 +43,6 @@
nixpkgs,
home-manager,
nvim,
ethereum-nix,
deploy-rs,
systems,
...
@ -56,16 +55,18 @@
inherit system;
config.allowUnfree = true;
overlays = [
(final: _prev: {
(final: _prev:
{
inherit (inputs.nvim.packages.${final.system}) full;
inherit (inputs.tfa.packages.${final.system}) twofa;
})
}
// import ./overlay.nix {inherit pkgs;})
];
};
eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system});
treefmtEval = eachSystem (pkgs: inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix);
in {
nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system ethereum-nix;};
nixosConfigurations = import ./nixos {inherit inputs pkgs attrs system;};
homeConfigurations = import ./home-manager {inherit inputs pkgs attrs;};
deploy.nodes = {
htz = {
@ -90,17 +91,21 @@
checks = {
pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run {
src = ./.;
hooks.treefmt.enable = true;
hooks.treefmt.package = pkgs: treefmtEval.${pkgs.system}.config.build.wrapper;
hooks = {
treefmt.enable = true;
};
settings.treefmt.package = treefmtEval.${system}.config.build.wrapper;
};
};
formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
devShells.${system}.default = pkgs.mkShell {
inherit (self.checks.pre-commit-check) shellHook;
buildInputs = [
pkgs.nix
pkgs.home-manager
pkgs.git
deploy-rs.packages.${system}.deploy-rs
treefmtEval.${system}.config.build.wrapper
];
};
};

7
home-manager/shared/programs/shell/default.nix
View file

@ -72,4 +72,11 @@
historyWidgetOptions = ["--height 60% --preview ''"];
fileWidgetCommand = "command find -L . -mindepth 1 -o -fstype 'sysfs' -o -fstype 'devfs' -o -fstype 'devtmpfs' -o -fstype 'proc' -prune";
};
programs.mcfly = {
enable = true;
fzf.enable = false;
keyScheme = "vim";
interfaceView = "BOTTOM";
fuzzySearchFactor = 3;
};
}

5
home-manager/shared/programs/shell/git.nix
View file

@ -13,6 +13,11 @@ _: {
extraConfig = {
core.editor = "nvim";
};
signing = {
key = "cjriddz@protonmail.com";
signByDefault = true;
};
extraConfig.pull.rebase = true;
aliases = {
a = "add . -p";
s = "status";

1
home-manager/t14/home.nix
View file

@ -12,6 +12,7 @@
homeDirectory = "/home/" + attrs.username;
packages = with pkgs; [
# gaming
steam
prismlauncher
runelite
jdk17

6
nixos/default.nix
View file

@ -7,7 +7,7 @@
}: {
t14 = inputs.nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs system pkgs;
inherit inputs system pkgs attrs;
host = {
hostName = "t14";
inherit (attrs) username;
@ -36,10 +36,10 @@
specialArgs = {
inherit inputs system pkgs;
addressList = {
vm-test = {
vm-headscale = {
ipv4 = "10.0.0.2";
subnet = "/24";
mac = "02:00:00:00:00:01";
mac = "02:00:00:00:00:02";
};
};
host = {

62
nixos/htz/configuration.nix
View file

@ -1,37 +1,67 @@
{
pkgs,
addressList,
...
}: {
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
./vms
#./eth.nix
./eth.nix
];
environment.systemPackages = with pkgs; [
vim
git
bridge-utils
comma
];
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
networking = {
hostName = "htz";
domain = "";
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedTCPPorts = [22 80 443];
allowedUDPPorts = [];
logRefusedConnections = true;
};
nat = {
};
fileSystems."/var/lib/private/nimbus-beacon-mainnet" = {
device = "/eth2";
options = ["bind"];
};
fileSystems."/var/lib/private/geth-mainnet" = {
device = "/eth1";
options = ["bind"];
};
services = let
domain = "ts.10110110.xyz";
in {
openssh.enable = true;
tailscale.enable = true;
headscale = {
enable = true;
forwardPorts = [
{
proto = "tcp";
sourcePort = 80;
destination = addressList.vm-test.ipv4;
}
];
address = "0.0.0.0";
port = 8080;
serverUrl = "https://${domain}";
dns = {baseDomain = domain;};
settings = {logtail.enabled = false;};
};
nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8080";
proxyWebsockets = true;
};
};
services.openssh.enable = true;
};
};
security.acme = {
acceptTerms = true;
defaults.email = "mail@10110110.xyz";
};
users.users = {
root = {
openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14''];

59
nixos/htz/eth.nix
View file

@ -1,74 +1,27 @@
{
system,
ethereum-nix,
inputs,
...
}: {
services.ethereum.geth.mainnet = {
enable = true;
package = ethereum-nix.packages.${system}.geth;
package = inputs.ethereum-nix.packages.${system}.geth;
openFirewall = true;
args = {
http = {
enable = false;
api = ["net" "web3" "eth"];
};
authrpc.jwtsecret = "/etc/nixos/eth_jwt";
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."contabo.10110110.xyz" = {
addSSL = true;
enableACME = true;
root = "/var/www/fam";
};
security.acme = {
acceptTerms = true;
defaults.email = "cjriddz@protonmail.com";
};
networking.firewall = {
enable = true;
allowedTCPPorts = [80 443];
allowedUDPPorts = [];
logRefusedConnections = true;
};
services.ethereum.nimbus-beacon.mainnet = {
enable = true;
package = ethereum-nix.packages.${system}.nimbus;
package = inputs.ethereum-nix.packages.${system}.nimbus;
openFirewall = true;
args = {
nat = "any";
network = "mainnet";
user = "nimbus";
jwt-secret = "/etc/nixos/eth_jwt";
trusted-node-url = "https://sync.invis.tools";
el = ["http://127.0.0.1:8551"];
listen-address = "0.0.0.0";
tcp-port = 9000;
udp-port = 9000;
enr-auto-update = true;
max-peers = "160";
doppelganger-detection = true;
history = "prune";
graffiti = "yo";
metrics = {
enable = true;
port = 5054;
address = "127.0.0.1";
};
rest = {
enable = true;
port = 5052;
address = "0.0.0.0";
allow-origin = "*";
};
payload-builder = {
enable = true;
url = "http://localhost";
};
light-client-data = {
serve = true;
import-mode = "only-new";
max-periods = "3";
};
rest.enable = true;
light-client-data.max-periods = "3";
};
};
}

40
nixos/htz/hardware-configuration.nix
View file

@ -1,40 +1,54 @@
{
modulesPath,
lib,
config,
...
}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot = {
kernelModules = ["kvm-intel"];
tmp.cleanOnBoot = true;
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
initrd.availableKernelModules = [
initrd = {
kernelModules = ["nvme" "dm-snapshot"];
availableKernelModules = [
"ahci"
"ata_piix"
"sd_mod"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
"xen_blkfront"
"xhci_pci"
];
initrd.kernelModules = ["nvme"];
};
fileSystems = {
"/boot" = {
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/2d5aa5d0-e6c5-4b5d-b295-d5248da994fc";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8480-5FBB";
fsType = "vfat";
};
"/" = {
device = "/dev/mapper/ssd1-root";
fileSystems."/eth1" = {
device = "/dev/disk/by-uuid/d674ba1d-dde0-4c8d-bdc7-0cb240d6de62";
fsType = "ext4";
};
fileSystems."/eth2" = {
device = "/dev/disk/by-uuid/c2c7cf35-dc97-4ca3-823f-1e892bcba6f5";
fsType = "ext4";
};
swapDevices = [
{
device = "/dev/dm-1";
}
{device = "/dev/disk/by-uuid/d4b0d80e-d570-4d21-bbe4-0f31bd50cbcc";}
];
zramSwap.enable = false;
networking = {
useNetworkd = true;
@ -71,4 +85,6 @@
};
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

46
nixos/htz/vms/default.nix
View file

@ -1,44 +1,8 @@
{
lib,
pkgs,
addressList,
...
}: let
genVMConfig = {
name,
config ? {},
ro-store ? true,
}: {
restartIfChanged = true;
inherit pkgs;
config =
config
// {
microvm = {
shares = lib.mkIf ro-store [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
];
interfaces = [
{
type = "tap";
id = name;
inherit (addressList.${name}) mac;
}
];
};
}
// import ./vmDefaults.nix {inherit name addressList;};
};
in {
_: {
microvm.vms = {
vm-test = genVMConfig {
name = "vm-test";
config = import ./vm-test.nix {inherit pkgs addressList;};
};
# vm-headscale = genVMConfig {
# name = "vm-headscale";
# config = import ./headscale.nix { inherit config; };
# };
};
}

27
nixos/htz/vms/headscale.nix
View file

@ -1,27 +0,0 @@
{config, ...}: let
domain = "ts.10110110.xyz";
in {
services = {
headscale = {
enable = true;
address = "0.0.0.0";
port = 8080;
serverUrl = "https://${domain}";
dns = {baseDomain = "10110110.xyz";};
settings = {logtail.enabled = false;};
};
services.nginx = {
enable = true;
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
};
};
};
system.stateVersion = "23.11";
}

14
nixos/htz/vms/vm-test.nix
View file

@ -1,14 +0,0 @@
_: {
networking.firewall = {
enable = true;
allowedTCPPorts = [80];
allowedUDPPorts = [];
logRefusedConnections = true;
};
services.nginx.enable = true;
services.nginx.virtualHosts."default_server" = {
addSSL = false;
enableACME = false;
};
system.stateVersion = "23.11";
}

46
nixos/htz/vms/vmDefaults.nix
View file

@ -1,46 +0,0 @@
{
name,
addressList,
...
}: {
systemd.network = {
enable = true;
networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [(addressList.${name}.ipv4 + addressList.${name}.subnet)];
Gateway = "10.0.0.1";
DNS = ["1.1.1.1"];
IPv6AcceptRA = true;
DHCP = "no";
};
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
networking.firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [];
logRefusedConnections = true;
};
users.users = {
root = {
openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItTJm2iu/5xacOoh4/JAvMtHE62duDlVVXpvVP+uQMR root@htz''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''
];
};
e = {
isNormalUser = true;
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItTJm2iu/5xacOoh4/JAvMtHE62duDlVVXpvVP+uQMR root@htz''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILU2TUxKyGKoZ68IG4hw23RmxVf72u5K9W0StkgTr0b2 e@t14''
];
};
};
}

56
nixos/t14/configuration.nix
View file

@ -1,4 +1,11 @@
{pkgs, ...}: {
{
pkgs,
attrs,
...
}: let
# Horrid workaround for https://github.com/nix-community/home-manager/issues/1011
homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh";
in {
imports = [
./hardware-configuration.nix
./nano.nix
@ -6,22 +13,44 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [11111 80];
allowedUDPPorts = [];
logRefusedConnections = true;
};
environment.systemPackages = with pkgs; [
cryptsetup
nfs-utils
comma
];
environment.extraInit = "[[ -f ${homeManagerSessionVars} ]] && source ${homeManagerSessionVars} && echo 'x' > /tmp/test";
# Networking
networking = {
nameservers = ["1.1.1.1#one.one.one.one"];
networkmanager = {
enable = true;
dns = "systemd-resolved";
};
firewall = {
enable = true;
allowedTCPPorts = [11111];
allowedUDPPorts = [];
trustedInterfaces = ["tailscale0"];
logRefusedConnections = true;
};
};
services.resolved = {
enable = true;
fallbackDns = [
"1.1.1.1#one.one.one.one"
];
extraConfig = ''
DNSOverTLS=yes
'';
};
services.tailscale.enable = true;
# Services
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
programs.light.enable = true;
security.pam.services.swaylock = {};
services.pipewire = {
@ -81,13 +110,14 @@
};
};
hardware.opengl.enable = true;
hardware.opengl.extraPackages = [
hardware.opengl = {
enable = true;
setLdLibraryPath = true;
extraPackages = [
pkgs.mesa.drivers
pkgs.libGL
];
hardware.opengl.setLdLibraryPath = true;
};
boot.kernelPackages = pkgs.linuxPackages_latest;
system.stateVersion = "22.11";
}

5
overlay.nix Normal file
View file

@ -0,0 +1,5 @@
{pkgs, ...}: {
steam = pkgs.writeShellScriptBin "steam" ''
flatpak run com.valvesoftware.Steam -pipewire "$@"
'';
}