diff --git a/flake.lock b/flake.lock index 109b1f7..2d63083 100755 --- a/flake.lock +++ b/flake.lock @@ -6,8 +6,8 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1756785063, - "narHash": "sha256-1FFTyq3/evKrFi/0U/e5b93BxyYm5gcv7Hr3H9hd/HU=", + "lastModified": 1758080529, + "narHash": "sha256-Sup4+HacL6Xe6mTk23N6sD4uXoU9dcoqRgc9Mu0oQ5E=", "path": "/home/e/dev/dart.nvim", "type": "path" }, @@ -26,7 +26,6 @@ }, "locked": { "lastModified": 1756719547, - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", "owner": "serokell", "repo": "deploy-rs", "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", @@ -51,12 +50,12 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1757033802, - "narHash": "sha256-BLUHtWWoHFR6UJJJwkmivSv7RTjo92wlT0Y7kbCd2MY=", - "rev": "e154f8433851f8f2509490f33680e3285d553df4", - "revCount": 301, + "lastModified": 1757699119, + "narHash": "sha256-iOOoVdrkcyk95Xg68TuPeAwpz+v80mgZCqil0jpPZuY=", + "rev": "1e16c8f8a44573bb0648c76b6c98352436f5171e", + "revCount": 304, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.11.1/01991762-b4e5-7a3b-8bfc-5d0f1ed4965e/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.11.2/01993f0b-1215-7072-ac1a-f2b27b566115/source.tar.gz" }, "original": { "type": "tarball", @@ -66,37 +65,37 @@ "determinate-nixd-aarch64-darwin": { "flake": false, "locked": { - "narHash": "sha256-Dym4kTLMTxAxNyZcrHRKRVMBINQPA7qgr+7dHozNrps=", + "narHash": "sha256-q1tqDvmfjDgLk/wbYf4pRhyHDS94iY85Q79FPBtcv7g=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/macOS" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/macOS" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/macOS" } }, "determinate-nixd-aarch64-linux": { "flake": false, "locked": { - "narHash": "sha256-eYVSpk+ly2YRSYvgT47ABmFRwG0DliNO/8ntBkoRmjI=", + "narHash": "sha256-E1vGfcQ5dqtRG9EDP6eOQWCnCIRB2XFkFBp2C4FgQ8c=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/aarch64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/aarch64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/aarch64-linux" } }, "determinate-nixd-x86_64-linux": { "flake": false, "locked": { - "narHash": "sha256-ZvRoKG/v0WS2XrDgkV+/hq3ARGokGisyelncKwlefvk=", + "narHash": "sha256-GtxtkI0cOC2A30Xw6gCDTN7JxN1zJGh7/eIXr6AlTSA=", "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/x86_64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" }, "original": { "type": "file", - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.1/x86_64-linux" + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.11.2/x86_64-linux" } }, "flake-compat": { @@ -270,27 +269,6 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "hercules-ci-effects", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "id": "flake-parts", - "type": "indirect" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -308,7 +286,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nvim", @@ -330,7 +308,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nvim", @@ -407,7 +385,7 @@ }, "gen-luarc": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "git-hooks": "git-hooks_2", "luvit-meta": "luvit-meta", "nixpkgs": [ @@ -439,11 +417,11 @@ ] }, "locked": { - "lastModified": 1757239681, - "narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -618,18 +596,21 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": [ + "neovim-nightly-overlay", + "flake-parts" + ], "nixpkgs": [ "neovim-nightly-overlay", "nixpkgs" ] }, "locked": { - "lastModified": 1755233722, - "narHash": "sha256-AavrbMltJKcC2Fx0lfJoZfmy7g87ebXU0ddVenhajLA=", + "lastModified": 1758022363, + "narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=", "owner": "hercules-ci", "repo": "hercules-ci-effects", - "rev": "99e03e72e3f7e13506f80ef9ebaedccb929d84d0", + "rev": "1a3667d33e247ad35ca250698d63f49a5453d824", "type": "github" }, "original": { @@ -640,7 +621,7 @@ }, "hercules-ci-effects_2": { "inputs": { - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_5", "nixpkgs": [ "nvim", "neovim-nightly-overlay", @@ -668,11 +649,10 @@ ] }, "locked": { - "lastModified": 1757529548, - "narHash": "sha256-If5AT3dPXH0BM+q+pwyZvtWLTmlqJmGW6IDZ2MqlGRU=", + "lastModified": 1758593331, "owner": "nix-community", "repo": "home-manager", - "rev": "e0154ae41614e32a443c43ee51eee9eed3ad9a48", + "rev": "9a2dc0efbc569ce9352a6ffb8e8ec8dbc098e142", "type": "github" }, "original": { @@ -691,11 +671,10 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1757497639, - "narHash": "sha256-VPauACTdeoMi8DyyRbSBSbaWOmHuAl7D1jv49DC/Shk=", + "lastModified": 1758574386, "owner": "jj-vcs", "repo": "jj", - "rev": "5f6f938a243385071ca2b22cf66b86f55efdcf43", + "rev": "86bbe5a3cb5ea3bf79c97f907dc476c79fdc4aa3", "type": "github" }, "original": { @@ -731,11 +710,10 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1757549103, - "narHash": "sha256-g9yeQvHbdZhudGCm8tpLACcRIm+mGG6kqqwzCI1y4eY=", + "lastModified": 1758585901, "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "c6159f587252f3269c462d25db23b3432f53c410", + "rev": "095a690e04f89107ba15c3b7ebd1954e0802adfe", "type": "github" }, "original": { @@ -747,7 +725,7 @@ "neovim-nightly-overlay_2": { "inputs": { "flake-compat": "flake-compat_6", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "git-hooks": "git-hooks_3", "hercules-ci-effects": "hercules-ci-effects_2", "neovim-src": "neovim-src_2", @@ -771,11 +749,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1757544943, - "narHash": "sha256-zcbqe73qpBAW6jHqObRXXXInVHf80EST3DbX1w3iBHg=", + "lastModified": 1758583287, + "narHash": "sha256-Sg1Ge7rBC3jL9kg/xlkdr9rbvJILIUu6jkMnV28zMEE=", "owner": "neovim", "repo": "neovim", - "rev": "9076fdc1238c4d9720efa89c72b44154be729a2c", + "rev": "78371610769f980cd0a629853628de5fe9127cee", "type": "github" }, "original": { @@ -800,26 +778,6 @@ "type": "github" } }, - "nh": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1757505144, - "narHash": "sha256-ZYlFuJO0gOeWGgClBfAI7quhfmpksQspoOp66gEhdPc=", - "owner": "nix-community", - "repo": "nh", - "rev": "a7d8a3ff279d52236632f8fab33017f74cc3a9dd", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nh", - "type": "github" - } - }, "nix": { "inputs": { "flake-parts": "flake-parts", @@ -829,12 +787,12 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1757029043, - "narHash": "sha256-/XtKs/hpYXJPeT3WppFVFZH1WvPDmeTt11hMWt/Bwas=", - "rev": "7143558a0989008c8e08cc27c3cb6a031f30b356", - "revCount": 22309, + "lastModified": 1757694985, + "narHash": "sha256-3Ia+y7Hbwnzcuf1hyuVnFtbnSR6ErQeFjemHdVxjCNE=", + "rev": "766f43aa6acb1b3578db488c19fbbedf04ed9f24", + "revCount": 22340, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.11.1/01991737-661d-7932-b7c9-d3a0499b4c3f/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.11.2/01993ee9-f8e7-7b80-80df-ec0a20a32514/source.tar.gz" }, "original": { "type": "tarball", @@ -848,11 +806,10 @@ ] }, "locked": { - "lastModified": 1757218147, - "narHash": "sha256-IwOwN70HvoBNB2ckaROxcaCvj5NudNc52taPsv5wtLk=", + "lastModified": 1758427679, "owner": "nix-community", "repo": "nix-index-database", - "rev": "9b144dc3ef6e42b888c4190e02746aab13b0e97f", + "rev": "fd2569ca2ef7d69f244cd9ffcb66a0540772ff85", "type": "github" }, "original": { @@ -863,11 +820,10 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1757103352, - "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", + "lastModified": 1757943327, "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", + "rev": "67a709cfe5d0643dafd798b0b613ed579de8be05", "type": "github" }, "original": { @@ -952,12 +908,12 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756696532, - "narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=", - "rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f", - "revCount": 854745, + "lastModified": 1757034884, + "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", + "rev": "ca77296380960cd497a765102eeb1356eb80fed0", + "revCount": 856744, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.854745%2Brev-58dcbf1ec551914c3756c267b8b9c8c86baa1b2f/019908ed-e731-796e-b7c5-ea173f5d3b8d/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.856744%2Brev-ca77296380960cd497a765102eeb1356eb80fed0/01992cf9-9347-761a-8963-9cbe43abe2fa/source.tar.gz" }, "original": { "type": "tarball", @@ -966,11 +922,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1757034884, - "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", + "lastModified": 1758446476, + "narHash": "sha256-5rdAi7CTvM/kSs6fHe1bREIva5W3TbImsto+dxG4mBo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ca77296380960cd497a765102eeb1356eb80fed0", + "rev": "a1f79a1770d05af18111fbbe2a3ab2c42c0f6cd0", "type": "github" }, "original": { @@ -982,11 +938,10 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1757347588, - "narHash": "sha256-tLdkkC6XnsY9EOZW9TlpesTclELy8W7lL2ClL+nma8o=", + "lastModified": 1758277210, "owner": "nixos", "repo": "nixpkgs", - "rev": "b599843bad24621dcaa5ab60dac98f9b0eb1cabe", + "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", "type": "github" }, "original": { @@ -1054,8 +1009,8 @@ "nvim-treesitter-textobjects": "nvim-treesitter-textobjects" }, "locked": { - "lastModified": 1756787950, - "narHash": "sha256-QBC/2h8Da1yq3Cd9Erhgk7icwWouDcMAoBoDJVxB0sA=", + "lastModified": 1758080920, + "narHash": "sha256-0songGRyfBLDBIHqQKMi0JL9I1fjCT8c3wYEnxDvr3o=", "path": "/home/e/dev/nvim.nix", "type": "path" }, @@ -1107,11 +1062,10 @@ ] }, "locked": { - "lastModified": 1757239681, - "narHash": "sha256-E9spYi9lxm2f1zWQLQ7xQt8Xs2nWgr1T4QM7ZjLFphM=", + "lastModified": 1758108966, "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ab82ab08d6bf74085bd328de2a8722c12d97bd9d", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -1127,7 +1081,6 @@ "home-manager": "home-manager", "jj": "jj", "neovim-nightly-overlay": "neovim-nightly-overlay", - "nh": "nh", "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_4", @@ -1166,11 +1119,10 @@ ] }, "locked": { - "lastModified": 1757503115, - "narHash": "sha256-S9F6bHUBh+CFEUalv/qxNImRapCxvSnOzWBUZgK1zDU=", + "lastModified": 1758425756, "owner": "Mic92", "repo": "sops-nix", - "rev": "0bf793823386187dff101ee2a9d4ed26de8bbf8c", + "rev": "e0fdaea3c31646e252a60b42d0ed8eafdb289762", "type": "github" }, "original": { @@ -1242,15 +1194,15 @@ "systems_5": { "locked": { "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", "repo": "default", "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "id": "systems", - "type": "indirect" + "owner": "nix-systems", + "repo": "default", + "type": "github" } }, "treefmt-nix": { @@ -1261,11 +1213,11 @@ ] }, "locked": { - "lastModified": 1756662192, - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "lastModified": 1758206697, + "narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", "type": "github" }, "original": { @@ -1303,11 +1255,10 @@ ] }, "locked": { - "lastModified": 1756662192, - "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=", + "lastModified": 1758206697, "owner": "numtide", "repo": "treefmt-nix", - "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4", + "rev": "128222dc911b8e2e18939537bed1762b7f3a04aa", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8d24ce0..c25aaf3 100755 --- a/flake.nix +++ b/flake.nix @@ -33,16 +33,13 @@ url = "github:serokell/deploy-rs"; inputs.nixpkgs.follows = "nixpkgs"; }; - nh = { - url = "github:nix-community/nh"; - inputs.nixpkgs.follows = "nixpkgs"; - }; jj = { url = "github:jj-vcs/jj"; inputs.nixpkgs.follows = "nixpkgs"; }; neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; + systems.url = "github:nix-systems/default"; }; outputs = { @@ -62,10 +59,10 @@ overlays = [ inputs.neovim-nightly-overlay.overlays.default inputs.nvim.overlays.default - inputs.nh.overlays.default (old: new: { jujutsu = inputs.jj.packages.${system}.jujutsu; }) + (import ./pkgs/overlay.nix) ]; }; eachSystem = f: nixpkgs.lib.genAttrs (import systems) (system: f nixpkgs.legacyPackages.${system}); @@ -93,13 +90,22 @@ deploy.nodes = { consensus = { hostname = "consensus"; - sshUser = "e"; + sshUser = "root"; remoteBuild = true; profiles.system = { user = "root"; path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.consensus; }; }; + oracle = { + hostname = "129.213.119.29"; + sshUser = "root"; + remoteBuild = true; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.oracle; + }; + }; }; formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper); devShells.${system}.default = pkgs.mkShell { diff --git a/home-manager/t14/home.nix b/home-manager/t14/home.nix index 7f07a83..6f5d011 100755 --- a/home-manager/t14/home.nix +++ b/home-manager/t14/home.nix @@ -2,8 +2,7 @@ pkgs, lib, ... -}: -{ +}: { imports = [ ../shared/programs/default.nix ../shared/wayland/default.nix @@ -14,6 +13,7 @@ prismlauncher runelite jdk21 + august-rsps # comms signal-desktop @@ -33,7 +33,6 @@ appimage-run wireguard-tools android-tools - nh ]; sessionVariables = { MOZ_ENABLE_WAYLAND = 1; diff --git a/nixos/consensus/configuration.nix b/nixos/consensus/configuration.nix index c6c6532..31748c5 100644 --- a/nixos/consensus/configuration.nix +++ b/nixos/consensus/configuration.nix @@ -24,13 +24,14 @@ }; environment.systemPackages = with pkgs; [ git - nvim-pkg + vim docker-compose tmux ]; services = { # zfs.autoScrub.enable = true; # zfs.autoSnapshot.enable = true; + fstrim.enable = true; tailscale.enable = true; k3s = { enable = true; @@ -46,6 +47,7 @@ ignoreIP = [ "172.16.0.0/12" "192.168.0.0/16" + "10.0.0.0/8" "tailc353f.ts.net" ]; @@ -93,10 +95,9 @@ }; nginx = { enable = false; - virtualHosts."img.consensus.tailc353f.ts.net" = { - # forceSSL = true; - # sslCertificate = "/etc/nginx/certs/consensus.tailc353f.ts.net.crt"; - # sslCertificateKey = "/etc/nginx/certs/consensus.tailc353f.ts.net.key"; + virtualHosts."img.10110110.xyz" = { + forceSSL = true; + useACMEHost = "10110110.xyz"; locations."/" = { proxyPass = "http://localhost:${toString config.services.immich.port}"; proxyWebsockets = true; @@ -122,7 +123,7 @@ swapDevices = [ { device = "/swapfile"; - size = 8 * 1024; + size = 16 * 1024; } ]; virtualisation.docker.enable = true; diff --git a/nixos/default.nix b/nixos/default.nix index e50ec56..3d3b326 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -4,14 +4,16 @@ attrs, system, ... -}: let +}: +let defaultModules = [ ./configuration.nix inputs.sops-nix.nixosModules.sops inputs.nix-index-database.nixosModules.nix-index inputs.determinate.nixosModules.default ]; -in { +in +{ t14 = inputs.nixpkgs.lib.nixosSystem { inherit pkgs; specialArgs = { @@ -21,12 +23,10 @@ in { inherit (attrs) username; }; }; - modules = - defaultModules - ++ [ - ./t14/configuration.nix - inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 - ]; + modules = defaultModules ++ [ + ./t14/configuration.nix + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 + ]; }; consensus = inputs.nixpkgs.lib.nixosSystem { inherit pkgs; @@ -37,10 +37,21 @@ in { inherit (attrs) username; }; }; - modules = - defaultModules - ++ [ - ./consensus/configuration.nix - ]; + modules = defaultModules ++ [ + ./consensus/configuration.nix + ]; + }; + oracle = inputs.nixpkgs.lib.nixosSystem { + inherit pkgs; + specialArgs = { + inherit inputs system attrs; + host = { + hostName = "oracle1"; + inherit (attrs) username; + }; + }; + modules = defaultModules ++ [ + ./oracle/configuration.nix + ]; }; } diff --git a/nixos/oracle/configuration.nix b/nixos/oracle/configuration.nix new file mode 100644 index 0000000..acbbedd --- /dev/null +++ b/nixos/oracle/configuration.nix @@ -0,0 +1,44 @@ +{ ... }: +{ + imports = [ + ./hardware-configuration.nix + ]; + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + swapDevices = [ + { + device = "/swapfile"; + size = 16 * 1024; + } + ]; + services = { + fail2ban.enable = true; + fail2ban.maxretry = 5; + fail2ban.bantime = "1h"; + fail2ban.ignoreIP = [ + "172.16.0.0/12" + "192.168.0.0/16" + "10.0.0.0/8" + "tailc353f.ts.net" + ]; + + fail2ban.bantime-increment = { + enable = true; + multipliers = "1 2 4 8 16 32 64 128 256"; + maxtime = "24h"; + overalljails = true; + }; + tailscale.enable = true; + openssh.enable = true; + }; + networking = { + domain = ""; + hostId = "81238132"; + hostName = "iofq-oracle-x840"; + }; + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcL53Gdrj5V9YDwKlCBIcgqiS+zHtOQpJlnOHTevJCJ e@t14'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHM4Zr0PFN7QdOG2aJ+nuzRCK6caulrpY6bphA1Ppl8Y e@t14'' + ]; + system.stateVersion = "23.11"; +} diff --git a/nixos/oracle/hardware-configuration.nix b/nixos/oracle/hardware-configuration.nix new file mode 100644 index 0000000..8814763 --- /dev/null +++ b/nixos/oracle/hardware-configuration.nix @@ -0,0 +1,25 @@ +{ lib, modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/DC8B-AC35"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/nixos/t14/configuration.nix b/nixos/t14/configuration.nix index 97b9761..bb0201e 100755 --- a/nixos/t14/configuration.nix +++ b/nixos/t14/configuration.nix @@ -2,12 +2,10 @@ pkgs, attrs, ... -}: -let +}: let # Horrid workaround for https://github.com/nix-community/home-manager/issues/1011 homeManagerSessionVars = "/etc/profiles/per-user/${attrs.username}/etc/profile.d/hm-session-vars.sh"; -in -{ +in { imports = [ ./hardware-configuration.nix ./backups.nix @@ -26,7 +24,7 @@ in loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; kernelPackages = pkgs.linuxPackages_latest; - blacklistedKernelModules = [ "bluetooth" ]; + blacklistedKernelModules = ["bluetooth"]; }; # Networking networking = { @@ -41,9 +39,9 @@ in }; firewall = { enable = true; - allowedTCPPorts = [ 11111 ]; - allowedUDPPorts = [ ]; - trustedInterfaces = [ "tailscale0" ]; + allowedTCPPorts = [11111]; + allowedUDPPorts = []; + trustedInterfaces = ["tailscale0"]; logRefusedConnections = true; }; }; @@ -55,11 +53,11 @@ in }; }; - security.pam.services.swaylock = { }; + security.pam.services.swaylock = {}; xdg.portal = { enable = true; xdgOpenUsePortal = false; - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; + extraPortals = [pkgs.xdg-desktop-portal-gtk]; }; programs = { light.enable = true; @@ -70,6 +68,7 @@ in steam.enable = true; adb.enable = true; fish.enable = true; # enable vendor completions + nh.enable = true; }; # workaround for wait-online killing nixos build @@ -136,7 +135,7 @@ in enable = true; keyboards = { default = { - ids = [ "*" ]; + ids = ["*"]; settings = { main = { pause = "timeout(esc, 150, space)"; @@ -161,7 +160,7 @@ in nerd-fonts.ubuntu-mono spleen ]; - fontconfig.defaultFonts.monospace = [ "UbuntuMono" ]; + fontconfig.defaultFonts.monospace = ["UbuntuMono"]; }; system.stateVersion = "22.11"; } diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix new file mode 100644 index 0000000..02046a9 --- /dev/null +++ b/pkgs/overlay.nix @@ -0,0 +1,47 @@ +final: prev: { + august-rsps = prev.stdenv.mkDerivation rec { + pname = "august-rsps"; + version = "0.0.1"; + + jar = prev.fetchurl { + url = "https://cdn.discordapp.com/attachments/1223340813317308580/1291311940165046302/AugustRSPS_Launcher.jar?ex=68cfb375&is=68ce61f5&hm=33c31fbfe089624dc8aced1ddf1e663dc5c6eccec3072e36b458d38bbca2edc8&"; + hash = "sha256-RY191f/LjNaJiobwoSMNm1yWEBSV7dFRfqru/BNNhv4="; + }; + + jogl = prev.fetchurl { + url = "https://repo.runelite.net/net/runelite/jogl/jogl-all/2.4.0-rc-20200429/jogl-all-2.4.0-rc-20200429-natives-linux-amd64.jar"; + hash = "sha512-OmJIbk5pKtvf1n1I5UHu6iaOKNrPgmaJTPhqC8yMjaRh/Hso1vV/+Eu+zKu7d5UiVggVUzJxqDKatmEnqFrzbg=="; + }; + gluegen = prev.fetchurl { + url = "https://repo.runelite.net/net/runelite/gluegen/gluegen-rt/2.4.0-rc-20220318/gluegen-rt-2.4.0-rc-20220318-natives-linux-amd64.jar"; + hash = "sha512-kF+RdDzYEhBuZOJ6ZwMhaEVcjYLxiwR8tYAm08FXDML45iP4HBEfmqHOLJpIakK06aQFj99/296vx810eDFX5A=="; + }; + dontUnpack = true; + + nativeBuildInputs = [ + prev.makeWrapper + prev.unzip + ]; + installPhase = '' + mkdir -p $out/share/august-rsps + mkdir -p $out/natives + + unzip ${jogl} 'natives/*' -d $out + unzip ${gluegen} 'natives/*' -d $out + + ln -s ${jar} $out/share/august-rsps/AugustRSPS_Launcher.jar + + makeWrapper ${prev.jre}/bin/java $out/bin/august-rsps \ + --chdir "$out" \ + --prefix LD_LIBRARY_PATH : "${prev.xorg.libXxf86vm}/lib" \ + --prefix LD_LIBRARY_PATH : "/run/opengl-driver/lib:/run/opengl-driver-32/lib" \ + --add-flags "-jar $out/share/august-rsps/AugustRSPS_Launcher.jar" + ''; + + meta = with prev.lib; { + description = "August RSPS Launcher"; + maintainers = with maintainers; [iofq]; + platforms = ["x86_64-linux"]; + }; + }; +}