cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cleanup overlays, don't use prezto, remove wireguard code, some time and network stuff

Browse source
This commit is contained in:
cy 2025-02-23 18:11:19 -05:00
parent 2e7c178862
commit a82a616f11
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
7 changed files with 45 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -1,21 +1,5 @@
{ {
"nodes": { "nodes": {
"anki": {
"locked": {
"lastModified": 1739471491,
"narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=",
"owner": "cything",
"repo": "nixpkgs",
"rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
"type": "github"
},
"original": {
"owner": "cything",
"repo": "nixpkgs",
"rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
"type": "github"
}
},
"attic": { "attic": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
@ -1281,7 +1265,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"anki": "anki",
"conduwuit": "conduwuit", "conduwuit": "conduwuit",
"crane": "crane_2", "crane": "crane_2",
"disko": "disko", "disko": "disko",

3
flake.nix
View file

@ -100,9 +100,6 @@
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
crane.url = "github:ipetkov/crane"; crane.url = "github:ipetkov/crane";
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
# unmerged PRs
anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248";
}; };
nixConfig = { nixConfig = {

9
home/zsh/default.nix
View file

@ -37,10 +37,11 @@
searchDownKey = "^n"; searchDownKey = "^n";
}; };
prezto = { # prezto = {
enable = true; # enable = true;
caseSensitive = false; # caseSensitive = false;
}; # editor.keymap = "vi";
# };
initExtra = '' initExtra = ''
# disable control+s to pause terminal # disable control+s to pause terminal

19
hosts/chunk/default.nix
View file

@ -10,13 +10,11 @@
./backup.nix ./backup.nix
./rclone.nix ./rclone.nix
./postgres.nix ./postgres.nix
./wireguard.nix
./adguard.nix ./adguard.nix
./hedgedoc.nix ./hedgedoc.nix
./miniflux.nix ./miniflux.nix
./redlib.nix ./redlib.nix
./vaultwarden.nix ./vaultwarden.nix
./wireguard.nix
./grafana.nix ./grafana.nix
./conduwuit.nix ./conduwuit.nix
./immich.nix ./immich.nix
@ -48,15 +46,6 @@
"hedgedoc/env" = { "hedgedoc/env" = {
sopsFile = ../../secrets/services/hedgedoc.yaml; sopsFile = ../../secrets/services/hedgedoc.yaml;
}; };
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-yt" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-phone" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"miniflux/env" = { "miniflux/env" = {
sopsFile = ../../secrets/services/miniflux.yaml; sopsFile = ../../secrets/services/miniflux.yaml;
}; };
@ -100,11 +89,13 @@
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
443 443
51820
53 53
853 853
]; # 51820 is wireguard ];
trustedInterfaces = [ "wg0" ]; extraCommands = ''
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
'';
}; };
networking.interfaces.ens18 = { networking.interfaces.ens18 = {
ipv6.addresses = [ ipv6.addresses = [

4
hosts/chunk/rclone.nix
View file

@ -34,7 +34,7 @@
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
}; };
}; };
@ -55,6 +55,4 @@
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
}; };
}; };
programs.fuse.userAllowOther = true;
} }

21
hosts/common.nix
View file

@ -41,15 +41,30 @@
''; '';
registry.nixpkgs.flake = inputs.nixpkgs; registry.nixpkgs.flake = inputs.nixpkgs;
}; };
time.timeZone = "America/Toronto";
networking.firewall.logRefusedConnections = false; time.timeZone = "America/New_York";
networking.nameservers = [ networking = {
firewall.logRefusedConnections = false;
nameservers = [
# quad9 # quad9
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
"9.9.9.9" "9.9.9.9"
"149.112.112.112" "149.112.112.112"
]; ];
timeServers = [
"ntppool1.time.nl"
"nts.netnod.se"
"ptbtime1.ptb.de"
"ohio.time.system76.com"
"time.txryan.com"
"time.dfm.dk"
];
};
services.chrony = {
enable = true;
enableNTS = true;
};
# this is true by default and mutually exclusive with # this is true by default and mutually exclusive with
# programs.nix-index # programs.nix-index

42
hosts/ytnix/default.nix
View file

@ -20,12 +20,6 @@
"services/ntfy" = { "services/ntfy" = {
sopsFile = ../../secrets/services/ntfy.yaml; sopsFile = ../../secrets/services/ntfy.yaml;
}; };
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
"wireguard/psk" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
"rsyncnet/id_ed25519" = { "rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/yt.yaml; sopsFile = ../../secrets/zh5061/yt.yaml;
}; };
@ -89,10 +83,14 @@
networkmanager = { networkmanager = {
enable = true; enable = true;
dns = "none"; dns = "none";
wifi.backend = "iwd"; wifi = {
backend = "iwd";
powersave = false;
};
}; };
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
enable = true;
allowedTCPPorts = [ 8080 ]; # for mitmproxy allowedTCPPorts = [ 8080 ]; # for mitmproxy
}; };
}; };
@ -105,9 +103,7 @@
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
wireplumber.extraConfig.bluetoothEnhancements = { wireplumber.extraConfig.bluetoothEnhancements = {
"wireplumber.settings" = { # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
"bluetooth.autoswitch-to-headset-profile" = false;
};
"monitor.bluez.properties" = { "monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true; "bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true; "bluez5.enable-msbc" = true;
@ -115,6 +111,10 @@
"bluez5.roles" = [ "bluez5.roles" = [
"a2dp_sink" "a2dp_sink"
"a2dp_source" "a2dp_source"
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
]; ];
}; };
}; };
@ -375,28 +375,6 @@
services.ollama.enable = false; services.ollama.enable = false;
# wireguard setup
networking.wg-quick.interfaces.wg0 = {
autostart = false;
address = [
"10.0.0.2/24"
"fdc9:281f:04d7:9ee9::2/64"
];
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [
{
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "31.59.129.225:51820";
persistentKeepalive = 25;
presharedKeyFile = config.sops.secrets."wireguard/psk".path;
}
];
};
services.trezord.enable = false; services.trezord.enable = false;
programs.niri.enable = false; programs.niri.enable = false;