diff --git a/.gitignore b/.gitignore index 18f0700..2c71f08 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,3 @@ result result/ -flake.lock diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..6680f54 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,6 @@ +[submodule "pkgs/binaryninja"] + path = pkgs/binaryninja + url = ssh://gitea@git.giugl.io:10022/peperunas/binaryninja.git +[submodule "pkgs/ida"] + path = pkgs/ida + url = ssh://gitea@git.giugl.io:10022/peperunas/ida.git diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7dbb2a9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,66 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1633596850, + "narHash": "sha256-5+qVLYvfOropjLAvpQs/APtD8eYnEIbAd9a36lGHZM0=", + "owner": "rycee", + "repo": "home-manager", + "rev": "49695f33aac22358b59e49c94fe6472218e5d766", + "type": "github" + }, + "original": { + "owner": "rycee", + "ref": "release-21.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixos-unstable": { + "locked": { + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1634115022, + "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "564cb4d81d4f734dd068684adec5a60077397fe9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixos-unstable": "nixos-unstable", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix index e217ad0..5eda88f 100644 --- a/flake.nix +++ b/flake.nix @@ -8,13 +8,29 @@ }; }; - outputs = { self, nixpkgs, nixos-unstable, home-manager }: let - util = import ./utils.nix { inherit nixpkgs nixos-unstable home-manager; }; + outputs = inputs @ { self, nixpkgs, nixos-unstable, home-manager }: let + system = "x86_64-linux"; + + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ (final: prev: { inherit unstable; }) ]; + }; + + unstable = import nixos-unstable { + inherit system; + config.allowUnfree = true; + }; + + utils = import ./lib { inherit pkgs unstable nixpkgs nixos-unstable home-manager; }; + + inherit (utils) host; + inherit (utils) user; in { nixosConfigurations = { - architect = util.mkHost { name = "architect"; }; - gAluminum = util.mkHost { name = "gAluminum"; }; - proxy = util.mkHost { name = "proxy"; }; + architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = []; } ]; }; + gAluminum = host.mkHost { name = "gAluminum"; users = [ { user = "giulio"; roles = [ "desktop" "ssh" "git" ]; } ]; roles = [ "gnome" ]; }; + proxy = host.mkHost { name = "proxy"; }; }; }; } diff --git a/home/default.nix b/home/default.nix deleted file mode 100644 index df495b4..0000000 --- a/home/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, pkgs, ... }: - -let - albert_autostart = (pkgs.makeAutostartItem { - name = "albert"; - package = pkgs.albert; - }); - guake_autostart = (pkgs.makeAutostartItem { - name = "guake"; - package = pkgs.guake; - }); -in - { - imports = [ - ./zsh.nix - ./code.nix - ./git.nix - ./gnome.nix - ./ssh.nix - ]; - - nixpkgs.config.allowUnfree = true; - - home = { - stateVersion = "21.05"; - sessionVariables = { - EDITOR = "nvim"; - VISUAL = "nvim"; - }; - - packages = with pkgs; [ - # essentials - albert - guake - - # browsers - firefox - brave - chromium - - # reversing - rizin - - nmap - - slack - signal-desktop - teams - discord - element-desktop - - # music - spotify - - # misc - bind - - # system - gparted - sshfs - - # autostart - albert_autostart - guake_autostart - ]; -}; -} diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix index 8006250..483f8f1 100644 --- a/hosts/architect/bazarr.nix +++ b/hosts/architect/bazarr.nix @@ -18,7 +18,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${bazarrdomain} ${architect-lan} ${bazarrdomain} ${architect-wg} ${bazarrdomain} ''; diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 0871c81..4000ff3 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -10,8 +10,6 @@ in [ # Include the results of the hardware scan. ./backup.nix ./hardware.nix - ../../common.nix - ../../users.nix ./firewall.nix ./nginx.nix ./gitea.nix @@ -25,9 +23,9 @@ in ./minio.nix ./matrix.nix ./fail2ban.nix - ./plex.nix ./dns.nix ./minecraft.nix +# ./prowlarr.nix ./plex.nix ]; @@ -87,18 +85,17 @@ in wlp4s0.useDHCP = false; }; extraHosts = '' - 127.0.0.1 ${hostname}.devs.giugl.io giugl.io localhost + 127.0.0.1 ${hostname}.devs.giugl.io localhost # LAN - ${architect-lan} ${hostname}.devs.giugl.io giugl.io + ${architect-lan} ${hostname}.devs.giugl.io - 10.0.0.1 router.devs.giugl.io ${dvr-lan} dvr.devs.giugl.io ${nas-lan} nas.devs.giugl.io ${giupi-lan} giupi.devs.giugl.io # Wireguard hosts - ${architect-wg} ${hostname}.devs.giugl.io giugl.io + ${architect-wg} ${hostname}.devs.giugl.io ${galuminum-wg} galuminum.devs.giugl.io ${oneplus-wg} oneplus.devs.giugl.io ${ipad-wg} ipad.devs.giugl.io @@ -111,10 +108,9 @@ in ${padulino-wg} padulino.devs.giugl.io ${shield-wg} shield.devs.giugl.io ${angelino-wg} angelino.devs.giugl.io - ${pepos_one-wg} peposone.devs.giugl.io ${pepos_two-wg} pepostwo.devs.giugl.io ${eleonora-wg} eleonora.devs.giugl.io - ${broccolino-wg} broccolino.devs.giugl.io + ${angellane-wg} angellane.devs.giugl.io ${hotpottino-wg} hotpottino.devs.giugl.io ${salvatore-wg} salvatore.devs.giugl.io ${papa-wg} papa.devs.giugl.io @@ -144,11 +140,6 @@ in 0.0.0.0 analytics.oneplus.cn 0.0.0.0 click.oneplus.cn 0.0.0.0 analytics-api.samsunghealthcn.com - - # The following lines are desirable for IPv6 capable hosts - ::1 localhost ip6-localhost ip6-loopback - ff02::1 ip6-allnodes - ff02::2 ip6-allrouters ''; }; diff --git a/hosts/architect/dns.nix b/hosts/architect/dns.nix index db0c6a3..f1d354c 100644 --- a/hosts/architect/dns.nix +++ b/hosts/architect/dns.nix @@ -4,15 +4,19 @@ services = { dnsmasq = { enable = true; - servers = ["127.0.0.1#5353"]; + servers = ["127.0.0.1#5300"]; extraConfig = '' localise-queries min-cache-ttl=120 max-cache-ttl=2400 - addn-hosts=/etc/adblock_hosts ''; }; + adguardhome = { + enable= true; + port = 3031; + }; + dnscrypt-proxy2 = { enable = true; settings = { @@ -34,73 +38,4 @@ }; }; }; - - systemd = { - timers.update-adblock = { - wantedBy = [ "timers.target" ]; - partOf = [ "update-adblock.service" ]; - timerConfig.OnCalendar = "daily"; - }; - - services.update-adblock = { - serviceConfig.Type = "oneshot"; - requiredBy = [ "dnsmasq.service" ]; - postStop = "systemctl restart dnsmasq"; - script = '' - #!/bin/sh - - EASYLIST_HOSTSNAME="easylist_hosts.txt" - EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt" - STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt" - - get_easylist() { - EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt" - - tmpfile=`mktemp` - - # download easylist - ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile - - # remove IP addresses and prepend 0.0.0.0 to create hosts file - cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME - - rm $tmpfile - } - - get_easyprivacy() { - EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt" - - tmpfile=`mktemp` - - # download easylist - ${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile - - # remove IP addresses and prepend 0.0.0.0 to create hosts file - - cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME - - rm $tmpfile - } - - get_stevenblack() { - STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts" - - ${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME - } - - - get_easylist - get_easyprivacy - get_stevenblack - - -# create unified file - - cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts - - rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME - - ''; - }; - }; } diff --git a/hosts/architect/firewall.nix b/hosts/architect/firewall.nix index ed2d898..5062a37 100644 --- a/hosts/architect/firewall.nix +++ b/hosts/architect/firewall.nix @@ -61,6 +61,7 @@ in { iifname ${wan-if} ip saddr ${vpn-net} drop comment "bind any ip to intf ${wan-if}" iifname ${wan-if} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${wan-if}" iifname ${wan-if} accept comment "bind any ip to intf ${wan-if}" + iifname ${proxy-if} ip saddr ${proxy-net} accept comment "bind ip ${proxy-net} to intf ${proxy-if}" iifname ${vpn-if} ip saddr ${vpn-net} accept comment "bind ip ${vpn-net} to intf ${vpn-if}" iifname "lo" accept comment "bind any ip to intf lo" jump mangle_drop @@ -115,6 +116,7 @@ in { ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" ip saddr ${lan-net} accept comment "lan > local" + ip saddr ${proxy-wg} accept comment "proxy > local" iifname ${wan-if} tcp dport {${open_tcp_ports}} accept iifname ${wan-if} udp dport {${open_udp_ports}} accept diff --git a/hosts/architect/gitea.nix b/hosts/architect/gitea.nix index 54875e4..a3c627b 100644 --- a/hosts/architect/gitea.nix +++ b/hosts/architect/gitea.nix @@ -20,13 +20,13 @@ with import ./network.nix; allow 127.0.0.1; allow 10.0.0.0/24; allow 10.3.0.0/24; + allow 10.4.0.0/24; deny all; ''; }; }; networking.extraHosts = '' - 127.0.0.1 ${gitdomain} ${architect-lan} ${gitdomain} ${architect-wg} ${gitdomain} ''; diff --git a/hosts/architect/jellyfin.nix b/hosts/architect/jellyfin.nix index 0f28f2c..0d2a45a 100644 --- a/hosts/architect/jellyfin.nix +++ b/hosts/architect/jellyfin.nix @@ -8,7 +8,10 @@ with import ./network.nix; ]; services = { - jellyfin.enable = true; + jellyfin = { + enable = true; + package = pkgs.unstable.jellyfin; + }; nginx.virtualHosts.${mediadomain} = { forceSSL = true; @@ -25,7 +28,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${mediadomain} ${architect-lan} ${mediadomain} ${architect-wg} ${mediadomain} ''; diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index d4f7a83..60d6eaf 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -10,7 +10,7 @@ with import ./network.nix; public_baseurl = "https://${matrixdomain}"; registration_shared_secret = "runas!"; dynamic_thumbnails = true; - #enable_registration = true; +# enable_registration = true; app_service_config_files = [ "/var/lib/matrix-synapse/discord-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml" @@ -37,6 +37,12 @@ with import ./network.nix; ]; } ]; + turn_uris = [ + "turns:turn.giugl.io:5349?transport=udp" + "turns:turn.giugl.io:5349?transport=tcp" + ]; + turn_shared_secret = "69duck duck fuck420"; + turn_user_lifetime = "1h"; }; postgresql = { @@ -159,6 +165,11 @@ with import ./network.nix; background = "020202"; # only for gif, transparency not supported }; }; + + encryption = { + allow = true; + default = true; + }; }; }; }; @@ -171,10 +182,8 @@ systemd.services.mautrix-telegram.path = with pkgs; [ ]; networking.extraHosts = '' - 127.0.0.1 ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain} ${architect-wg} ${matrixdomain} ${matrixwebdomain} ''; -users.groups.acme.members = [ "turnserver" ]; } diff --git a/hosts/architect/minio.nix b/hosts/architect/minio.nix index 5f9722c..bb499e5 100644 --- a/hosts/architect/minio.nix +++ b/hosts/architect/minio.nix @@ -18,7 +18,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${miniodomain} ${architect-lan} ${miniodomain} ${architect-wg} ${miniodomain} ''; diff --git a/hosts/architect/network.nix b/hosts/architect/network.nix index 41ad687..69459d0 100644 --- a/hosts/architect/network.nix +++ b/hosts/architect/network.nix @@ -2,10 +2,12 @@ rec { # interfaces wan-if = "enp5s0"; vpn-if = "wg0"; + proxy-if = "proxy"; # nets lan-net = "10.0.0.0/24"; vpn-net = "10.3.0.0/24"; + proxy-net = "10.4.0.0/24"; external_lan-net = "192.168.1.0/24"; # ips @@ -13,7 +15,8 @@ rec { nas-lan = "10.0.0.3"; architect-lan = "10.0.0.250"; giupi-lan = "10.0.0.251"; - + + proxy-wg = "10.4.0.1"; architect-wg = "10.3.0.1"; galuminum-wg = "10.3.0.2"; oneplus-wg = "10.3.0.3"; @@ -39,14 +42,14 @@ rec { dima-wg = "10.3.0.23"; mikey-wg = "10.3.0.24"; eleonora-wg = "10.3.0.100"; - broccolino-wg = "10.3.0.200"; + angellane-wg = "10.3.0.200"; hotpottino-wg = "10.3.0.201"; dodino-wg = "10.3.0.202"; boogino-wg = "10.3.0.203"; # groups gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ]; - routers-wg = [ hotpottino-wg broccolino-wg dodino-wg ]; + routers-wg = [ hotpottino-wg angellane-wg dodino-wg ]; c2c-wg = [ ] ++ gdevices-wg; towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; @@ -62,4 +65,6 @@ rec { clouddomain = "cloud.giugl.io"; matrixdomain = "matrix.giugl.io"; matrixwebdomain = "chat.giugl.io"; + prowlarrdomain = "htpro.giugl.io"; + jupyterdomain = "labs.giugl.io"; } diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index a6ca9e8..0f629ba 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -40,7 +40,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${clouddomain} ${architect-lan} ${clouddomain} ${architect-wg} ${clouddomain} ''; diff --git a/hosts/architect/nginx.nix b/hosts/architect/nginx.nix index e37f70b..6afe640 100644 --- a/hosts/architect/nginx.nix +++ b/hosts/architect/nginx.nix @@ -1,9 +1,6 @@ {services, ...}: { - security.acme.acceptTerms = true; - security.acme.email = "giupi@giugl.io"; - services.nginx = { enable = true; recommendedGzipSettings = true; diff --git a/hosts/architect/nzbget.nix b/hosts/architect/nzbget.nix index 174ec5f..42dbe52 100644 --- a/hosts/architect/nzbget.nix +++ b/hosts/architect/nzbget.nix @@ -18,7 +18,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${nzbgetdomain} ${architect-lan} ${nzbgetdomain} ${architect-wg} ${nzbgetdomain} ''; diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index d4e0356..aae9147 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -5,6 +5,7 @@ with import ./network.nix; services.plex = { enable = true; package = pkgs.unstable.plex; + dataDir = "/plex"; }; services.nginx = { @@ -71,13 +72,12 @@ with import ./network.nix; proxy_buffering off; ''; locations."/" = { - proxyPass = "https://localhost:32400"; + proxyPass = "http://localhost:32400"; }; }; }; networking.extraHosts = '' - 127.0.0.1 ${mediadomain} ${architect-lan} ${mediadomain} ${architect-wg} ${mediadomain} ''; diff --git a/hosts/architect/prowlarr.nix b/hosts/architect/prowlarr.nix new file mode 100644 index 0000000..c722a6f --- /dev/null +++ b/hosts/architect/prowlarr.nix @@ -0,0 +1,34 @@ +with import ./network.nix; +{ + services = { + prowlarr.enable = true; + + nginx.virtualHosts.${prowlarrdomain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:9696"; + extraConfig = '' + allow 10.0.0.0/24; + allow 10.3.0.0/24; + deny all; + ''; + }; + +# locations."/api" = { +# proxyPass = "http://127.0.0.1:9696/prowlarr/api"; +# }; +# +# locations."/Content" = { +# proxyPass = "http://127.0.0.1:9696/prowlarr/Content"; +# }; + }; + }; + + networking.extraHosts = '' + ${architect-lan} ${prowlarrdomain} + ${architect-wg} ${prowlarrdomain} + ''; + + users.groups.media.members = ["prowlarr"]; +} diff --git a/hosts/architect/radarr.nix b/hosts/architect/radarr.nix index 956514f..c48c1bc 100644 --- a/hosts/architect/radarr.nix +++ b/hosts/architect/radarr.nix @@ -18,7 +18,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${radarrdomain} ${architect-lan} ${radarrdomain} ${architect-wg} ${radarrdomain} ''; diff --git a/hosts/architect/sonarr.nix b/hosts/architect/sonarr.nix index c7b7924..b3ccb77 100644 --- a/hosts/architect/sonarr.nix +++ b/hosts/architect/sonarr.nix @@ -18,7 +18,6 @@ with import ./network.nix; }; networking.extraHosts = '' - 127.0.0.1 ${sonarrdomain} ${architect-lan} ${sonarrdomain} ${architect-wg} ${sonarrdomain} ''; diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index 35507d2..b8e2375 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -1,6 +1,19 @@ with import ./network.nix; { networking.wireguard = { + interfaces.${proxy-if} = { + ips = ["10.4.0.2/32"]; + privateKeyFile = "/secrets/wireguard/proxy.key"; + peers = [ + { + publicKey = "WmJBpXpYebcmJEF8nVTKMqQK01KyBe42vzc38K66rVs="; + allowedIPs = ["10.4.0.1/32"]; + endpoint = "giugl.io:1195"; + persistentKeepalive = 21; + } + ]; + }; + interfaces.${vpn-if} = { listenPort = 1194; ips = ["10.3.0.1/24"]; @@ -17,7 +30,8 @@ with import ./network.nix; { # OnePlus allowedIPs = [oneplus-wg]; - publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU="; +# publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU="; + publicKey = "zynSERy6VhxN5zBf1ih3BOAHxvigDixHB9YKnSBgYFs="; } @@ -85,9 +99,9 @@ with import ./network.nix; { - # broccolino - allowedIPs = [broccolino-wg]; - publicKey = "Ig97XCKYZvMperGlQgoKdqvw6VyNHf5+MvcimKEUs1Y="; + # angellane + allowedIPs = [angellane-wg]; + publicKey = "MZ+nZklHpBxTL7QN9QJpBBx7yOYRZLONfvqAnuk85x0="; } @@ -139,7 +153,7 @@ with import ./network.nix; { # defy allowedIPs = [defy-wg]; - publicKey = "wEkDNap9/qmkGd0a0PN8ANHgXgxwp+ZdmDW1CmIl4kM="; + publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4="; } { diff --git a/hosts/gAluminum/default.nix b/hosts/gAluminum/default.nix index 6a26534..4dd6b04 100644 --- a/hosts/gAluminum/default.nix +++ b/hosts/gAluminum/default.nix @@ -5,14 +5,11 @@ let in { imports = [ ./hardware.nix - ../../variables.nix - ../../common.nix - ../../users.nix + ./wireguard.nix ]; - - variables.hostname = hostname; boot = { + supportedFilesystems = [ "ntfs" ]; loader = { efi.canTouchEfiVariables = true; efi.efiSysMountPoint = "/boot/efi"; @@ -30,68 +27,22 @@ in { networking = { hostName = hostname; - - wg-quick.interfaces = { - giupi = { - address = ["10.3.0.2/32"]; - privateKeyFile = "/etc/wireguard/giupi.key"; - dns = ["10.3.0.1"]; - peers = [ - { - publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "giugl.io:1194"; - persistentKeepalive = 25; - } - ]; - }; + networkmanager.wifi = { + powersave = false; + macAddress = "random"; }; }; time.timeZone = "Europe/London"; - services = { - xserver = { - enable = true; - displayManager.gdm.enable = true; - desktopManager.gnome.enable = true; - libinput.enable = true; - layout = "us"; - xkbOptions = "eurosign:e"; - }; - - printing.enable = true; - dbus.packages = with pkgs; [ gnome3.dconf ]; - udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ]; - }; + virtualisation.virtualbox.host.enable = true; + virtualisation.virtualbox.host.enableExtensionPack = true; + users.extraGroups.vboxusers.members = [ "giulio" ]; + services.printing.enable = true; sound.enable = true; hardware.pulseaudio.enable = true; - - environment.systemPackages = with pkgs; [ - wget - git - pciutils - curl - virtualbox - cmake - ninja - gdb - htop - glances - tcpdump - restic - gnomeExtensions.appindicator - binutils - efibootmgr - neovim - home-manager - ]; - - fonts.fonts = with pkgs; [cascadia-code]; - + environment.systemPackages = with pkgs; [ efibootmgr ]; system.stateVersion = "21.05"; # Did you read the comment? - - security.pam.services.gdm.enableGnomeKeyring = true; } diff --git a/hosts/gAluminum/wireguard.nix b/hosts/gAluminum/wireguard.nix new file mode 100644 index 0000000..72a6b00 --- /dev/null +++ b/hosts/gAluminum/wireguard.nix @@ -0,0 +1,17 @@ +{ + networking.wg-quick.interfaces = { + giupi = { + address = ["10.3.0.2/32"]; + privateKeyFile = "/etc/wireguard/giupi.key"; + dns = ["10.3.0.1"]; + peers = [ + { + publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw="; + allowedIPs = ["0.0.0.0/0"]; + endpoint = "architect.devs.giugl.io:1194"; + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..0423072 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,5 @@ +{ pkgs, unstable, nixpkgs, nixos-unstable, home-manager, ...}: +rec { + user = import ./user.nix { inherit pkgs; }; + host = import ./host.nix { inherit pkgs nixpkgs unstable nixos-unstable home-manager user; }; +} diff --git a/lib/host.nix b/lib/host.nix new file mode 100644 index 0000000..e7579d5 --- /dev/null +++ b/lib/host.nix @@ -0,0 +1,40 @@ +{ pkgs, nixpkgs, nixos-unstable, unstable, home-manager, user, ... }: + +{ + mkHost = { name, users, roles ? [] }: + let + system = "x86_64-linux"; + + mkRole = role : import (../roles + "/${role}.nix"); + + users_mod= (map (u: user.mkUser {name = u.user; roles = u.roles; }) users); + roles_mod = (map (r: mkRole r) roles); + in nixpkgs.lib.nixosSystem { + inherit system; + + modules = [ + { + imports = users_mod ++ roles_mod; + + nixpkgs.pkgs = pkgs; + nix.nixPath = [ + "nixpkgs=${nixpkgs}" + "unstable=${nixos-unstable}" + ]; + nix.registry.nixpkgs.flake = nixpkgs; + nix.registry.unstable.flake = nixos-unstable; + + users.users.root = { + shell = pkgs.zsh; + }; + + home-manager.users.root.imports = [ ../roles/home/common.nix ]; + } + + home-manager.nixosModules.home-manager + ../roles/common.nix + ../roles/acme.nix + ../hosts/${name}/default.nix + ]; + }; +} diff --git a/lib/user.nix b/lib/user.nix new file mode 100644 index 0000000..18b055f --- /dev/null +++ b/lib/user.nix @@ -0,0 +1,23 @@ +{ pkgs, ...}: + +{ + mkUser = { name, roles ? [] }: + let + mkRole = role: import (../roles/home + "/${role}.nix"); + roles_mod = (map (r: mkRole r) roles); + in { + fileSystems."/home/${name}/Downloads" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = ["size=3G"]; + }; + + users.users.${name} = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ "wheel" ]; + }; + + home-manager.users.${name}.imports = [ ../roles/home/common.nix ] ++ roles_mod; + }; +} diff --git a/pkgs/binaryninja b/pkgs/binaryninja new file mode 160000 index 0000000..8ed0f28 --- /dev/null +++ b/pkgs/binaryninja @@ -0,0 +1 @@ +Subproject commit 8ed0f28dc78dfc482c397056b73a6a1e680e8af0 diff --git a/pkgs/ida b/pkgs/ida new file mode 160000 index 0000000..fe8eed0 --- /dev/null +++ b/pkgs/ida @@ -0,0 +1 @@ +Subproject commit fe8eed08ff9f6e09abaa8216beaa45aa83767862 diff --git a/acme.nix b/roles/acme.nix similarity index 100% rename from acme.nix rename to roles/acme.nix diff --git a/common.nix b/roles/common.nix similarity index 91% rename from common.nix rename to roles/common.nix index cfe90da..d9a581c 100644 --- a/common.nix +++ b/roles/common.nix @@ -28,6 +28,8 @@ }; }; + fonts.fonts = with pkgs; [cascadia-code]; + environment.systemPackages = with pkgs; [ file pciutils @@ -41,12 +43,13 @@ restic binutils neovim - home-manager ripgrep tmux parted unzip tree smartmontools + nmap + ripgrep ]; } diff --git a/roles/gnome.nix b/roles/gnome.nix new file mode 100644 index 0000000..0b4fc52 --- /dev/null +++ b/roles/gnome.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + services = { + xserver = { + enable = true; + displayManager.gdm.enable = true; + desktopManager.gnome.enable = true; + libinput.enable = true; + layout = "us"; + xkbOptions = "eurosign:e"; + }; + + dbus.packages = with pkgs; [ gnome3.dconf ]; + udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ]; + }; + + environment.systemPackages = with pkgs; [ gnomeExtensions.appindicator ]; + security.pam.services.gdm.enableGnomeKeyring = true; +} diff --git a/home/code.nix b/roles/home/common.nix similarity index 78% rename from home/code.nix rename to roles/home/common.nix index cee2e5b..fe1b6a2 100644 --- a/home/code.nix +++ b/roles/home/common.nix @@ -1,15 +1,26 @@ -{ config, pkgs, lib, home, ... }: +{ config, pkgs, ... }: -{ - nixpkgs.config.allowUnfree = true; +{ + imports = [ ./zsh.nix ]; - home.packages = with pkgs; [ - nixfmt - vscode - ]; + home = { + stateVersion = "21.05"; + sessionVariables = { + EDITOR = "nvim"; + VISUAL = "nvim"; + }; + + packages = with pkgs; [ + rizin + sshfs + nixfmt + ]; + }; programs.neovim = { enable = true; + #package = pkgs.unstable.neovim-unwrapped; + extraConfig = '' " syntax syntax enable @@ -22,9 +33,9 @@ set wildmode=longest:full,full " remapping popup menu (command autocompletion) -" cnoremap pumvisible() ? "" : " -" cnoremap pumvisible() ? "" : "" -" cnoremap pumvisible() ? "":"" + " cnoremap pumvisible() ? "" : " + " cnoremap pumvisible() ? "" : "" + " cnoremap pumvisible() ? "":"" " set line numbers set number @@ -65,6 +76,10 @@ " Fix for code not being aligned if between comment blocks set cindent cinkeys-=0# set expandtab shiftwidth=2 tabstop=2 softtabstop=2 + + set statusline+=%#warningmsg# + set statusline+=%{SyntasticStatuslineFlag()} + set statusline+=%* ''; viAlias = true; @@ -83,7 +98,7 @@ vim-fugitive vim-yaml vim-autoformat + vimtex ]; }; - } diff --git a/roles/home/desktop.nix b/roles/home/desktop.nix new file mode 100644 index 0000000..323ad24 --- /dev/null +++ b/roles/home/desktop.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: + +let + albert_autostart = (pkgs.makeAutostartItem { + name = "albert"; + package = pkgs.albert; + }); + guake_autostart = (pkgs.makeAutostartItem { + name = "guake"; + package = pkgs.guake; + }); +in + { + imports = [ ./gnome.nix ]; + + nixpkgs.config.allowUnfree = true; + home.packages = with pkgs; [ + albert + guake + + firefox + brave + chromium + + slack + signal-desktop + teams + discord + element-desktop + + spotify + + gparted + + libreoffice + vscode + jetbrains.idea-ultimate + + albert_autostart + guake_autostart + ]; + } diff --git a/home/git.nix b/roles/home/git.nix similarity index 100% rename from home/git.nix rename to roles/home/git.nix diff --git a/home/gnome.nix b/roles/home/gnome.nix similarity index 100% rename from home/gnome.nix rename to roles/home/gnome.nix diff --git a/home/ssh.nix b/roles/home/ssh.nix similarity index 97% rename from home/ssh.nix rename to roles/home/ssh.nix index b72e2db..c01b34b 100644 --- a/home/ssh.nix +++ b/roles/home/ssh.nix @@ -4,6 +4,11 @@ compression = true; matchBlocks = { + "giugl.io" = { + user = "root"; + identityFile = "~/.ssh/architectproxy"; + }; + "tommy.devs.giugl.io" = { user = "giulio"; identityFile = "~/.ssh/tommypc"; diff --git a/home/zsh.nix b/roles/home/zsh.nix similarity index 61% rename from home/zsh.nix rename to roles/home/zsh.nix index bd76a89..cf12329 100644 --- a/home/zsh.nix +++ b/roles/home/zsh.nix @@ -1,5 +1,5 @@ { config, pkgs, lib, ... }: { - home.packages = with pkgs; [ zsh ]; + home.packages = with pkgs; [ zsh any-nix-shell ]; programs.zsh = { enable = true; @@ -9,5 +9,9 @@ plugins = [ "git" "sudo" "docker" "docker-compose" "adb" "systemd" ]; theme = "bira"; }; + + initExtra = '' + any-nix-shell zsh --info-right | source /dev/stdin + ''; }; } diff --git a/roles/zsh.nix b/roles/zsh.nix new file mode 100644 index 0000000..6eb0786 --- /dev/null +++ b/roles/zsh.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + programs.zsh = { + enableBashCompletion = true; + enableCompletion = true; + }; +} diff --git a/users.nix b/users.nix deleted file mode 100644 index 3996b42..0000000 --- a/users.nix +++ /dev/null @@ -1,35 +0,0 @@ -{config, pkgs, home-manager, ...}: - -{ - users.users = { - giulio = { - description = "Giulio De Pasquale"; - isNormalUser = true; - shell = pkgs.zsh; - extraGroups = [ "wheel" "docker" "networkmanager" ]; - }; - - root = { - shell = pkgs.zsh; - }; - }; - - programs.zsh = { - enableBashCompletion = true; - enableCompletion = true; - }; - - home-manager.users.root = { - imports = [ ./home/zsh.nix ./home/ssh.nix ./home/code.nix ]; - }; - - home-manager.users.giulio = { - imports = [ ./home ]; - }; - - fileSystems."/home/giulio/Downloads" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = ["size=3G"]; - }; -} diff --git a/utils.nix b/utils.nix deleted file mode 100644 index 6a2c8e6..0000000 --- a/utils.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ nixos-unstable, nixpkgs, home-manager, ... }: - -{ - mkHost = {name}: - let - system = "x86_64-linux"; - - unstable = import nixos-unstable { - inherit system; - config.allowUnfree = true; - }; - - pkgs = import nixpkgs { - inherit system; - config.allowUnfree = true; - overlays = [ (final: prev: { inherit unstable; }) ]; - }; - in nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - { - nixpkgs.pkgs = pkgs; - nix.nixPath = [ - "nixpkgs=${nixpkgs}" - "unstable=${nixos-unstable}" - ]; - nix.registry.nixpkgs.flake = nixpkgs; - nix.registry.unstable.flake = nixos-unstable; - } - - ./common.nix - ./users.nix - home-manager.nixosModules.home-manager - ./hosts/${name}/default.nix - ./acme.nix - ]; - }; -} diff --git a/variables.nix b/variables.nix deleted file mode 100644 index 8516086..0000000 --- a/variables.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, ... }: - -with lib; - -{ - options.variables = mkOption { - type = types.attrs; - default = {}; - }; - - config._module.args.variables = config.variables; -}