cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cleanup overlays, don't use prezto, remove wireguard code, some time and network stuff

Browse source
This commit is contained in:
cy 2025-02-23 18:11:19 -05:00
parent 2e7c178862
commit a82a616f11
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
7 changed files with 45 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -1,21 +1,5 @@
{
"nodes": {
"anki": {
"locked": {
"lastModified": 1739471491,
"narHash": "sha256-ZCKWgsNqKWkVOAQFaFSmK3EN/uDdamNOcSItzvooWYs=",
"owner": "cything",
"repo": "nixpkgs",
"rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
"type": "github"
},
"original": {
"owner": "cything",
"repo": "nixpkgs",
"rev": "1562f5286858b3c1e5ea7e60f4bf6b3578519248",
"type": "github"
}
},
"attic": {
"inputs": {
"crane": "crane",
@ -1281,7 +1265,6 @@
},
"root": {
"inputs": {
"anki": "anki",
"conduwuit": "conduwuit",
"crane": "crane_2",
"disko": "disko",

3
flake.nix
View file

@ -100,9 +100,6 @@
flake-utils.url = "github:numtide/flake-utils";
crane.url = "github:ipetkov/crane";
flake-compat.url = "github:edolstra/flake-compat";
# unmerged PRs
anki.url = "github:cything/nixpkgs/1562f5286858b3c1e5ea7e60f4bf6b3578519248";
};
nixConfig = {

9
home/zsh/default.nix
View file

@ -37,10 +37,11 @@
searchDownKey = "^n";
};
prezto = {
enable = true;
caseSensitive = false;
};
# prezto = {
# enable = true;
# caseSensitive = false;
# editor.keymap = "vi";
# };
initExtra = ''
# disable control+s to pause terminal

19
hosts/chunk/default.nix
View file

@ -10,13 +10,11 @@
./backup.nix
./rclone.nix
./postgres.nix
./wireguard.nix
./adguard.nix
./hedgedoc.nix
./miniflux.nix
./redlib.nix
./vaultwarden.nix
./wireguard.nix
./grafana.nix
./conduwuit.nix
./immich.nix
@ -48,15 +46,6 @@
"hedgedoc/env" = {
sopsFile = ../../secrets/services/hedgedoc.yaml;
};
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-yt" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"wireguard/psk-phone" = {
sopsFile = ../../secrets/wireguard/chunk.yaml;
};
"miniflux/env" = {
sopsFile = ../../secrets/services/miniflux.yaml;
};
@ -100,11 +89,13 @@
];
allowedUDPPorts = [
443
51820
53
853
]; # 51820 is wireguard
trustedInterfaces = [ "wg0" ];
];
extraCommands = ''
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tailscaled.service" -j MARK --set-mark 1
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/tor.service" -j MARK --set-mark 2
'';
};
networking.interfaces.ens18 = {
ipv6.addresses = [

4
hosts/chunk/rclone.nix
View file

@ -34,7 +34,7 @@
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic ";
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 2G --allow-other rsyncnet:attic /mnt/attic ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
};
};
@ -55,6 +55,4 @@
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
};
};
programs.fuse.userAllowOther = true;
}

33
hosts/common.nix
View file

@ -41,15 +41,30 @@
'';
registry.nixpkgs.flake = inputs.nixpkgs;
};
time.timeZone = "America/Toronto";
networking.firewall.logRefusedConnections = false;
networking.nameservers = [
# quad9
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
time.timeZone = "America/New_York";
networking = {
firewall.logRefusedConnections = false;
nameservers = [
# quad9
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
timeServers = [
"ntppool1.time.nl"
"nts.netnod.se"
"ptbtime1.ptb.de"
"ohio.time.system76.com"
"time.txryan.com"
"time.dfm.dk"
];
};
services.chrony = {
enable = true;
enableNTS = true;
};
# this is true by default and mutually exclusive with
# programs.nix-index

42
hosts/ytnix/default.nix
View file

@ -20,12 +20,6 @@
"services/ntfy" = {
sopsFile = ../../secrets/services/ntfy.yaml;
};
"wireguard/private" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
"wireguard/psk" = {
sopsFile = ../../secrets/wireguard/yt.yaml;
};
"rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/yt.yaml;
};
@ -89,10 +83,14 @@
networkmanager = {
enable = true;
dns = "none";
wifi.backend = "iwd";
wifi = {
backend = "iwd";
powersave = false;
};
};
resolvconf.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [ 8080 ]; # for mitmproxy
};
};
@ -105,9 +103,7 @@
alsa.enable = true;
alsa.support32Bit = true;
wireplumber.extraConfig.bluetoothEnhancements = {
"wireplumber.settings" = {
"bluetooth.autoswitch-to-headset-profile" = false;
};
# https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
"monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true;
@ -115,6 +111,10 @@
"bluez5.roles" = [
"a2dp_sink"
"a2dp_source"
"hsp_hs"
"hsp_ag"
"hfp_hf"
"hfp_ag"
];
};
};
@ -375,28 +375,6 @@
services.ollama.enable = false;
# wireguard setup
networking.wg-quick.interfaces.wg0 = {
autostart = false;
address = [
"10.0.0.2/24"
"fdc9:281f:04d7:9ee9::2/64"
];
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [
{
publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "31.59.129.225:51820";
persistentKeepalive = 25;
presharedKeyFile = config.sops.secrets."wireguard/psk".path;
}
];
};
services.trezord.enable = false;
programs.niri.enable = false;