peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of https://git.giugl.io/peperunas/nixos

Browse Source
This commit is contained in:
Giulio De Pasquale 2021-10-14 15:44:39 +00:00
commit 576e2f5791
42 changed files with 393 additions and 340 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
result result
result/ result/
flake.lock

6
.gitmodules vendored Normal file
View File

@ -0,0 +1,6 @@
[submodule "pkgs/binaryninja"]
path = pkgs/binaryninja
url = ssh://gitea@git.giugl.io:10022/peperunas/binaryninja.git
[submodule "pkgs/ida"]
path = pkgs/ida
url = ssh://gitea@git.giugl.io:10022/peperunas/ida.git

66
flake.lock generated Normal file
View File

@ -0,0 +1,66 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1633596850,
"narHash": "sha256-5+qVLYvfOropjLAvpQs/APtD8eYnEIbAd9a36lGHZM0=",
"owner": "rycee",
"repo": "home-manager",
"rev": "49695f33aac22358b59e49c94fe6472218e5d766",
"type": "github"
},
"original": {
"owner": "rycee",
"ref": "release-21.05",
"repo": "home-manager",
"type": "github"
}
},
"nixos-unstable": {
"locked": {
"lastModified": 1633971123,
"narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1634115022,
"narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "564cb4d81d4f734dd068684adec5a60077397fe9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

26
flake.nix
View File

@ -8,13 +8,29 @@
}; };
}; };
outputs = { self, nixpkgs, nixos-unstable, home-manager }: let outputs = inputs @ { self, nixpkgs, nixos-unstable, home-manager }: let
util = import ./utils.nix { inherit nixpkgs nixos-unstable home-manager; }; system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (final: prev: { inherit unstable; }) ];
};
unstable = import nixos-unstable {
inherit system;
config.allowUnfree = true;
};
utils = import ./lib { inherit pkgs unstable nixpkgs nixos-unstable home-manager; };
inherit (utils) host;
inherit (utils) user;
in { in {
nixosConfigurations = { nixosConfigurations = {
architect = util.mkHost { name = "architect"; }; architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = []; } ]; };
gAluminum = util.mkHost { name = "gAluminum"; }; gAluminum = host.mkHost { name = "gAluminum"; users = [ { user = "giulio"; roles = [ "desktop" "ssh" "git" ]; } ]; roles = [ "gnome" ]; };
proxy = util.mkHost { name = "proxy"; }; proxy = host.mkHost { name = "proxy"; };
}; };
}; };
} }

67
home/default.nix
View File

@ -1,67 +0,0 @@
{ config, pkgs, ... }:
let
albert_autostart = (pkgs.makeAutostartItem {
name = "albert";
package = pkgs.albert;
});
guake_autostart = (pkgs.makeAutostartItem {
name = "guake";
package = pkgs.guake;
});
in
{
imports = [
./zsh.nix
./code.nix
./git.nix
./gnome.nix
./ssh.nix
];
nixpkgs.config.allowUnfree = true;
home = {
stateVersion = "21.05";
sessionVariables = {
EDITOR = "nvim";
VISUAL = "nvim";
};
packages = with pkgs; [
# essentials
albert
guake
# browsers
firefox
brave
chromium
# reversing
rizin
nmap
slack
signal-desktop
teams
discord
element-desktop
# music
spotify
# misc
bind
# system
gparted
sshfs
# autostart
albert_autostart
guake_autostart
];
};
}

1
hosts/architect/bazarr.nix
View File

@ -18,7 +18,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${bazarrdomain}
${architect-lan} ${bazarrdomain} ${architect-lan} ${bazarrdomain}
${architect-wg} ${bazarrdomain} ${architect-wg} ${bazarrdomain}
''; '';

19
hosts/architect/default.nix
View File

@ -10,8 +10,6 @@ in
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./backup.nix ./backup.nix
./hardware.nix ./hardware.nix
../../common.nix
../../users.nix
./firewall.nix ./firewall.nix
./nginx.nix ./nginx.nix
./gitea.nix ./gitea.nix
@ -25,9 +23,9 @@ in
./minio.nix ./minio.nix
./matrix.nix ./matrix.nix
./fail2ban.nix ./fail2ban.nix
./plex.nix
./dns.nix ./dns.nix
./minecraft.nix ./minecraft.nix
# ./prowlarr.nix
./plex.nix ./plex.nix
]; ];
@ -87,18 +85,17 @@ in
wlp4s0.useDHCP = false; wlp4s0.useDHCP = false;
}; };
extraHosts = '' extraHosts = ''
127.0.0.1 ${hostname}.devs.giugl.io giugl.io localhost 127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN # LAN
${architect-lan} ${hostname}.devs.giugl.io giugl.io ${architect-lan} ${hostname}.devs.giugl.io
10.0.0.1 router.devs.giugl.io
${dvr-lan} dvr.devs.giugl.io ${dvr-lan} dvr.devs.giugl.io
${nas-lan} nas.devs.giugl.io ${nas-lan} nas.devs.giugl.io
${giupi-lan} giupi.devs.giugl.io ${giupi-lan} giupi.devs.giugl.io
# Wireguard hosts # Wireguard hosts
${architect-wg} ${hostname}.devs.giugl.io giugl.io ${architect-wg} ${hostname}.devs.giugl.io
${galuminum-wg} galuminum.devs.giugl.io ${galuminum-wg} galuminum.devs.giugl.io
${oneplus-wg} oneplus.devs.giugl.io ${oneplus-wg} oneplus.devs.giugl.io
${ipad-wg} ipad.devs.giugl.io ${ipad-wg} ipad.devs.giugl.io
@ -111,10 +108,9 @@ in
${padulino-wg} padulino.devs.giugl.io ${padulino-wg} padulino.devs.giugl.io
${shield-wg} shield.devs.giugl.io ${shield-wg} shield.devs.giugl.io
${angelino-wg} angelino.devs.giugl.io ${angelino-wg} angelino.devs.giugl.io
${pepos_one-wg} peposone.devs.giugl.io
${pepos_two-wg} pepostwo.devs.giugl.io ${pepos_two-wg} pepostwo.devs.giugl.io
${eleonora-wg} eleonora.devs.giugl.io ${eleonora-wg} eleonora.devs.giugl.io
${broccolino-wg} broccolino.devs.giugl.io ${angellane-wg} angellane.devs.giugl.io
${hotpottino-wg} hotpottino.devs.giugl.io ${hotpottino-wg} hotpottino.devs.giugl.io
${salvatore-wg} salvatore.devs.giugl.io ${salvatore-wg} salvatore.devs.giugl.io
${papa-wg} papa.devs.giugl.io ${papa-wg} papa.devs.giugl.io
@ -144,11 +140,6 @@ in
0.0.0.0 analytics.oneplus.cn 0.0.0.0 analytics.oneplus.cn
0.0.0.0 click.oneplus.cn 0.0.0.0 click.oneplus.cn
0.0.0.0 analytics-api.samsunghealthcn.com 0.0.0.0 analytics-api.samsunghealthcn.com
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
''; '';
}; };

77
hosts/architect/dns.nix
View File

@ -4,15 +4,19 @@
services = { services = {
dnsmasq = { dnsmasq = {
enable = true; enable = true;
servers = ["127.0.0.1#5353"]; servers = ["127.0.0.1#5300"];
extraConfig = '' extraConfig = ''
localise-queries localise-queries
min-cache-ttl=120 min-cache-ttl=120
max-cache-ttl=2400 max-cache-ttl=2400
addn-hosts=/etc/adblock_hosts
''; '';
}; };
adguardhome = {
enable= true;
port = 3031;
};
dnscrypt-proxy2 = { dnscrypt-proxy2 = {
enable = true; enable = true;
settings = { settings = {
@ -34,73 +38,4 @@
}; };
}; };
}; };
systemd = {
timers.update-adblock = {
wantedBy = [ "timers.target" ];
partOf = [ "update-adblock.service" ];
timerConfig.OnCalendar = "daily";
};
services.update-adblock = {
serviceConfig.Type = "oneshot";
requiredBy = [ "dnsmasq.service" ];
postStop = "systemctl restart dnsmasq";
script = ''
#!/bin/sh
EASYLIST_HOSTSNAME="easylist_hosts.txt"
EASYPRIVACY_HOSTSNAME="easyprivacy_hosts.txt"
STEVENBLACK_HOSTSNAME="stevenblack_hosts.txt"
get_easylist() {
EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easylist/easylist_adservers.txt"
tmpfile=`mktemp`
# download easylist
${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
# remove IP addresses and prepend 0.0.0.0 to create hosts file
cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYLIST_HOSTSNAME
rm $tmpfile
}
get_easyprivacy() {
EASYLIST_URL="https://raw.githubusercontent.com/easylist/easylist/master/easyprivacy/easyprivacy_trackingservers.txt"
tmpfile=`mktemp`
# download easylist
${pkgs.wget}/bin/wget $EASYLIST_URL -O $tmpfile
# remove IP addresses and prepend 0.0.0.0 to create hosts file
cat $tmpfile | egrep -v "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -oP "^\|\|(\K[a-zA-Z0-9\.\-]+)" | ${pkgs.gawk}/bin/gawk '{print "0.0.0.0 " $0}' > $EASYPRIVACY_HOSTSNAME
rm $tmpfile
}
get_stevenblack() {
STEVENBLACK_URL="https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
${pkgs.wget}/bin/wget $STEVENBLACK_URL -O $STEVENBLACK_HOSTSNAME
}
get_easylist
get_easyprivacy
get_stevenblack
# create unified file
cat *hosts.txt | sort | uniq | grep "^0" > /etc/adblock_hosts
rm $EASYLIST_HOSTSNAME $STEVENBLACK_HOSTSNAME $EASYPRIVACY_HOSTSNAME
'';
};
};
} }

2
hosts/architect/firewall.nix
View File

@ -61,6 +61,7 @@ in {
iifname ${wan-if} ip saddr ${vpn-net} drop comment "bind any ip to intf ${wan-if}" iifname ${wan-if} ip saddr ${vpn-net} drop comment "bind any ip to intf ${wan-if}"
iifname ${wan-if} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${wan-if}" iifname ${wan-if} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${wan-if}"
iifname ${wan-if} accept comment "bind any ip to intf ${wan-if}" iifname ${wan-if} accept comment "bind any ip to intf ${wan-if}"
iifname ${proxy-if} ip saddr ${proxy-net} accept comment "bind ip ${proxy-net} to intf ${proxy-if}"
iifname ${vpn-if} ip saddr ${vpn-net} accept comment "bind ip ${vpn-net} to intf ${vpn-if}" iifname ${vpn-if} ip saddr ${vpn-net} accept comment "bind ip ${vpn-net} to intf ${vpn-if}"
iifname "lo" accept comment "bind any ip to intf lo" iifname "lo" accept comment "bind any ip to intf lo"
jump mangle_drop jump mangle_drop
@ -115,6 +116,7 @@ in {
ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
ip saddr ${lan-net} accept comment "lan > local" ip saddr ${lan-net} accept comment "lan > local"
ip saddr ${proxy-wg} accept comment "proxy > local"
iifname ${wan-if} tcp dport {${open_tcp_ports}} accept iifname ${wan-if} tcp dport {${open_tcp_ports}} accept
iifname ${wan-if} udp dport {${open_udp_ports}} accept iifname ${wan-if} udp dport {${open_udp_ports}} accept

2
hosts/architect/gitea.nix
View File

@ -20,13 +20,13 @@ with import ./network.nix;
allow 127.0.0.1; allow 127.0.0.1;
allow 10.0.0.0/24; allow 10.0.0.0/24;
allow 10.3.0.0/24; allow 10.3.0.0/24;
allow 10.4.0.0/24;
deny all; deny all;
''; '';
}; };
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${gitdomain}
${architect-lan} ${gitdomain} ${architect-lan} ${gitdomain}
${architect-wg} ${gitdomain} ${architect-wg} ${gitdomain}
''; '';

6
hosts/architect/jellyfin.nix
View File

@ -8,7 +8,10 @@ with import ./network.nix;
]; ];
services = { services = {
jellyfin.enable = true; jellyfin = {
enable = true;
package = pkgs.unstable.jellyfin;
};
nginx.virtualHosts.${mediadomain} = { nginx.virtualHosts.${mediadomain} = {
forceSSL = true; forceSSL = true;
@ -25,7 +28,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${mediadomain}
${architect-lan} ${mediadomain} ${architect-lan} ${mediadomain}
${architect-wg} ${mediadomain} ${architect-wg} ${mediadomain}
''; '';

15
hosts/architect/matrix.nix
View File

@ -10,7 +10,7 @@ with import ./network.nix;
public_baseurl = "https://${matrixdomain}"; public_baseurl = "https://${matrixdomain}";
registration_shared_secret = "runas!"; registration_shared_secret = "runas!";
dynamic_thumbnails = true; dynamic_thumbnails = true;
#enable_registration = true; # enable_registration = true;
app_service_config_files = [ app_service_config_files = [
"/var/lib/matrix-synapse/discord-registration.yaml" "/var/lib/matrix-synapse/discord-registration.yaml"
"/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml"
@ -37,6 +37,12 @@ with import ./network.nix;
]; ];
} }
]; ];
turn_uris = [
"turns:turn.giugl.io:5349?transport=udp"
"turns:turn.giugl.io:5349?transport=tcp"
];
turn_shared_secret = "69duck duck fuck420";
turn_user_lifetime = "1h";
}; };
postgresql = { postgresql = {
@ -159,6 +165,11 @@ with import ./network.nix;
background = "020202"; # only for gif, transparency not supported background = "020202"; # only for gif, transparency not supported
}; };
}; };
encryption = {
allow = true;
default = true;
};
}; };
}; };
}; };
@ -171,10 +182,8 @@ systemd.services.mautrix-telegram.path = with pkgs; [
]; ];
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${matrixdomain} ${matrixwebdomain}
${architect-lan} ${matrixdomain} ${matrixwebdomain} ${architect-lan} ${matrixdomain} ${matrixwebdomain}
${architect-wg} ${matrixdomain} ${matrixwebdomain} ${architect-wg} ${matrixdomain} ${matrixwebdomain}
''; '';
users.groups.acme.members = [ "turnserver" ];
} }

1
hosts/architect/minio.nix
View File

@ -18,7 +18,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${miniodomain}
${architect-lan} ${miniodomain} ${architect-lan} ${miniodomain}
${architect-wg} ${miniodomain} ${architect-wg} ${miniodomain}
''; '';

11
hosts/architect/network.nix
View File

@ -2,10 +2,12 @@ rec {
# interfaces # interfaces
wan-if = "enp5s0"; wan-if = "enp5s0";
vpn-if = "wg0"; vpn-if = "wg0";
proxy-if = "proxy";
# nets # nets
lan-net = "10.0.0.0/24"; lan-net = "10.0.0.0/24";
vpn-net = "10.3.0.0/24"; vpn-net = "10.3.0.0/24";
proxy-net = "10.4.0.0/24";
external_lan-net = "192.168.1.0/24"; external_lan-net = "192.168.1.0/24";
# ips # ips
@ -13,7 +15,8 @@ rec {
nas-lan = "10.0.0.3"; nas-lan = "10.0.0.3";
architect-lan = "10.0.0.250"; architect-lan = "10.0.0.250";
giupi-lan = "10.0.0.251"; giupi-lan = "10.0.0.251";
proxy-wg = "10.4.0.1";
architect-wg = "10.3.0.1"; architect-wg = "10.3.0.1";
galuminum-wg = "10.3.0.2"; galuminum-wg = "10.3.0.2";
oneplus-wg = "10.3.0.3"; oneplus-wg = "10.3.0.3";
@ -39,14 +42,14 @@ rec {
dima-wg = "10.3.0.23"; dima-wg = "10.3.0.23";
mikey-wg = "10.3.0.24"; mikey-wg = "10.3.0.24";
eleonora-wg = "10.3.0.100"; eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200"; angellane-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201"; hotpottino-wg = "10.3.0.201";
dodino-wg = "10.3.0.202"; dodino-wg = "10.3.0.202";
boogino-wg = "10.3.0.203"; boogino-wg = "10.3.0.203";
# groups # groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ]; gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];
routers-wg = [ hotpottino-wg broccolino-wg dodino-wg ]; routers-wg = [ hotpottino-wg angellane-wg dodino-wg ];
c2c-wg = [ ] ++ gdevices-wg; c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
@ -62,4 +65,6 @@ rec {
clouddomain = "cloud.giugl.io"; clouddomain = "cloud.giugl.io";
matrixdomain = "matrix.giugl.io"; matrixdomain = "matrix.giugl.io";
matrixwebdomain = "chat.giugl.io"; matrixwebdomain = "chat.giugl.io";
prowlarrdomain = "htpro.giugl.io";
jupyterdomain = "labs.giugl.io";
} }

1
hosts/architect/nextcloud.nix
View File

@ -40,7 +40,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${clouddomain}
${architect-lan} ${clouddomain} ${architect-lan} ${clouddomain}
${architect-wg} ${clouddomain} ${architect-wg} ${clouddomain}
''; '';

3
hosts/architect/nginx.nix
View File

@ -1,9 +1,6 @@
{services, ...}: {services, ...}:
{ {
security.acme.acceptTerms = true;
security.acme.email = "giupi@giugl.io";
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

1
hosts/architect/nzbget.nix
View File

@ -18,7 +18,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${nzbgetdomain}
${architect-lan} ${nzbgetdomain} ${architect-lan} ${nzbgetdomain}
${architect-wg} ${nzbgetdomain} ${architect-wg} ${nzbgetdomain}
''; '';

4
hosts/architect/plex.nix
View File

@ -5,6 +5,7 @@ with import ./network.nix;
services.plex = { services.plex = {
enable = true; enable = true;
package = pkgs.unstable.plex; package = pkgs.unstable.plex;
dataDir = "/plex";
}; };
services.nginx = { services.nginx = {
@ -71,13 +72,12 @@ with import ./network.nix;
proxy_buffering off; proxy_buffering off;
''; '';
locations."/" = { locations."/" = {
proxyPass = "https://localhost:32400"; proxyPass = "http://localhost:32400";
}; };
}; };
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${mediadomain}
${architect-lan} ${mediadomain} ${architect-lan} ${mediadomain}
${architect-wg} ${mediadomain} ${architect-wg} ${mediadomain}
''; '';

34
hosts/architect/prowlarr.nix Normal file
View File

@ -0,0 +1,34 @@
with import ./network.nix;
{
services = {
prowlarr.enable = true;
nginx.virtualHosts.${prowlarrdomain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9696";
extraConfig = ''
allow 10.0.0.0/24;
allow 10.3.0.0/24;
deny all;
'';
};
# locations."/api" = {
# proxyPass = "http://127.0.0.1:9696/prowlarr/api";
# };
#
# locations."/Content" = {
# proxyPass = "http://127.0.0.1:9696/prowlarr/Content";
# };
};
};
networking.extraHosts = ''
${architect-lan} ${prowlarrdomain}
${architect-wg} ${prowlarrdomain}
'';
users.groups.media.members = ["prowlarr"];
}

1
hosts/architect/radarr.nix
View File

@ -18,7 +18,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${radarrdomain}
${architect-lan} ${radarrdomain} ${architect-lan} ${radarrdomain}
${architect-wg} ${radarrdomain} ${architect-wg} ${radarrdomain}
''; '';

1
hosts/architect/sonarr.nix
View File

@ -18,7 +18,6 @@ with import ./network.nix;
}; };
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${sonarrdomain}
${architect-lan} ${sonarrdomain} ${architect-lan} ${sonarrdomain}
${architect-wg} ${sonarrdomain} ${architect-wg} ${sonarrdomain}
''; '';

24
hosts/architect/wireguard.nix
View File

@ -1,6 +1,19 @@
with import ./network.nix; with import ./network.nix;
{ {
networking.wireguard = { networking.wireguard = {
interfaces.${proxy-if} = {
ips = ["10.4.0.2/32"];
privateKeyFile = "/secrets/wireguard/proxy.key";
peers = [
{
publicKey = "WmJBpXpYebcmJEF8nVTKMqQK01KyBe42vzc38K66rVs=";
allowedIPs = ["10.4.0.1/32"];
endpoint = "giugl.io:1195";
persistentKeepalive = 21;
}
];
};
interfaces.${vpn-if} = { interfaces.${vpn-if} = {
listenPort = 1194; listenPort = 1194;
ips = ["10.3.0.1/24"]; ips = ["10.3.0.1/24"];
@ -17,7 +30,8 @@ with import ./network.nix;
{ {
# OnePlus # OnePlus
allowedIPs = [oneplus-wg]; allowedIPs = [oneplus-wg];
publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU="; # publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU=";
publicKey = "zynSERy6VhxN5zBf1ih3BOAHxvigDixHB9YKnSBgYFs=";
} }
@ -85,9 +99,9 @@ with import ./network.nix;
{ {
# broccolino # angellane
allowedIPs = [broccolino-wg]; allowedIPs = [angellane-wg];
publicKey = "Ig97XCKYZvMperGlQgoKdqvw6VyNHf5+MvcimKEUs1Y="; publicKey = "MZ+nZklHpBxTL7QN9QJpBBx7yOYRZLONfvqAnuk85x0=";
} }
@ -139,7 +153,7 @@ with import ./network.nix;
{ {
# defy # defy
allowedIPs = [defy-wg]; allowedIPs = [defy-wg];
publicKey = "wEkDNap9/qmkGd0a0PN8ANHgXgxwp+ZdmDW1CmIl4kM="; publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
} }
{ {

69
hosts/gAluminum/default.nix
View File

@ -5,14 +5,11 @@ let
in { in {
imports = [ imports = [
./hardware.nix ./hardware.nix
../../variables.nix ./wireguard.nix
../../common.nix
../../users.nix
]; ];
variables.hostname = hostname;
boot = { boot = {
supportedFilesystems = [ "ntfs" ];
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi"; efi.efiSysMountPoint = "/boot/efi";
@ -30,68 +27,22 @@ in {
networking = { networking = {
hostName = hostname; hostName = hostname;
networkmanager.wifi = {
wg-quick.interfaces = { powersave = false;
giupi = { macAddress = "random";
address = ["10.3.0.2/32"];
privateKeyFile = "/etc/wireguard/giupi.key";
dns = ["10.3.0.1"];
peers = [
{
publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw=";
allowedIPs = ["0.0.0.0/0"];
endpoint = "giugl.io:1194";
persistentKeepalive = 25;
}
];
};
}; };
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
services = { virtualisation.virtualbox.host.enable = true;
xserver = { virtualisation.virtualbox.host.enableExtensionPack = true;
enable = true; users.extraGroups.vboxusers.members = [ "giulio" ];
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
layout = "us";
xkbOptions = "eurosign:e";
};
printing.enable = true;
dbus.packages = with pkgs; [ gnome3.dconf ];
udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ];
};
services.printing.enable = true;
sound.enable = true; sound.enable = true;
hardware.pulseaudio.enable = true; hardware.pulseaudio.enable = true;
environment.systemPackages = with pkgs; [ efibootmgr ];
environment.systemPackages = with pkgs; [
wget
git
pciutils
curl
virtualbox
cmake
ninja
gdb
htop
glances
tcpdump
restic
gnomeExtensions.appindicator
binutils
efibootmgr
neovim
home-manager
];
fonts.fonts = with pkgs; [cascadia-code];
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
security.pam.services.gdm.enableGnomeKeyring = true;
} }

17
hosts/gAluminum/wireguard.nix Normal file
View File

@ -0,0 +1,17 @@
{
networking.wg-quick.interfaces = {
giupi = {
address = ["10.3.0.2/32"];
privateKeyFile = "/etc/wireguard/giupi.key";
dns = ["10.3.0.1"];
peers = [
{
publicKey = "I4glUMvIGjjhvQMKhwGc8copPl2t9Us/YYRjT0BKuiw=";
allowedIPs = ["0.0.0.0/0"];
endpoint = "architect.devs.giugl.io:1194";
persistentKeepalive = 25;
}
];
};
};
}

5
lib/default.nix Normal file
View File

@ -0,0 +1,5 @@
{ pkgs, unstable, nixpkgs, nixos-unstable, home-manager, ...}:
rec {
user = import ./user.nix { inherit pkgs; };
host = import ./host.nix { inherit pkgs nixpkgs unstable nixos-unstable home-manager user; };
}

40
lib/host.nix Normal file
View File

@ -0,0 +1,40 @@
{ pkgs, nixpkgs, nixos-unstable, unstable, home-manager, user, ... }:
{
mkHost = { name, users, roles ? [] }:
let
system = "x86_64-linux";
mkRole = role : import (../roles + "/${role}.nix");
users_mod= (map (u: user.mkUser {name = u.user; roles = u.roles; }) users);
roles_mod = (map (r: mkRole r) roles);
in nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
imports = users_mod ++ roles_mod;
nixpkgs.pkgs = pkgs;
nix.nixPath = [
"nixpkgs=${nixpkgs}"
"unstable=${nixos-unstable}"
];
nix.registry.nixpkgs.flake = nixpkgs;
nix.registry.unstable.flake = nixos-unstable;
users.users.root = {
shell = pkgs.zsh;
};
home-manager.users.root.imports = [ ../roles/home/common.nix ];
}
home-manager.nixosModules.home-manager
../roles/common.nix
../roles/acme.nix
../hosts/${name}/default.nix
];
};
}

23
lib/user.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ...}:
{
mkUser = { name, roles ? [] }:
let
mkRole = role: import (../roles/home + "/${role}.nix");
roles_mod = (map (r: mkRole r) roles);
in {
fileSystems."/home/${name}/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
users.users.${name} = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" ];
};
home-manager.users.${name}.imports = [ ../roles/home/common.nix ] ++ roles_mod;
};
}

1
pkgs/binaryninja Submodule

@ -0,0 +1 @@
Subproject commit 8ed0f28dc78dfc482c397056b73a6a1e680e8af0

1
pkgs/ida Submodule

@ -0,0 +1 @@
Subproject commit fe8eed08ff9f6e09abaa8216beaa45aa83767862

0
acme.nix → roles/acme.nix
View File

5
common.nix → roles/common.nix
View File

@ -28,6 +28,8 @@
}; };
}; };
fonts.fonts = with pkgs; [cascadia-code];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
file file
pciutils pciutils
@ -41,12 +43,13 @@
restic restic
binutils binutils
neovim neovim
home-manager
ripgrep ripgrep
tmux tmux
parted parted
unzip unzip
tree tree
smartmontools smartmontools
nmap
ripgrep
]; ];
} }

20
roles/gnome.nix Normal file
View File

@ -0,0 +1,20 @@
{ pkgs, ... }:
{
services = {
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
libinput.enable = true;
layout = "us";
xkbOptions = "eurosign:e";
};
dbus.packages = with pkgs; [ gnome3.dconf ];
udev.packages = with pkgs; [ gnome3.gnome-settings-daemon ];
};
environment.systemPackages = with pkgs; [ gnomeExtensions.appindicator ];
security.pam.services.gdm.enableGnomeKeyring = true;
}

37
home/code.nix → roles/home/common.nix
View File

@ -1,15 +1,26 @@
{ config, pkgs, lib, home, ... }: { config, pkgs, ... }:
{ {
nixpkgs.config.allowUnfree = true; imports = [ ./zsh.nix ];
home.packages = with pkgs; [ home = {
nixfmt stateVersion = "21.05";
vscode sessionVariables = {
]; EDITOR = "nvim";
VISUAL = "nvim";
};
packages = with pkgs; [
rizin
sshfs
nixfmt
];
};
programs.neovim = { programs.neovim = {
enable = true; enable = true;
#package = pkgs.unstable.neovim-unwrapped;
extraConfig = '' extraConfig = ''
" syntax " syntax
syntax enable syntax enable
@ -22,9 +33,9 @@
set wildmode=longest:full,full set wildmode=longest:full,full
" remapping popup menu (command autocompletion) " remapping popup menu (command autocompletion)
" cnoremap <expr> <up> pumvisible() ? "<C-p>" : "<up> " cnoremap <expr> <up> pumvisible() ? "<C-p>" : "<up>
" cnoremap <expr> <down> pumvisible() ? "<C-n>" : "<down>" " cnoremap <expr> <down> pumvisible() ? "<C-n>" : "<down>"
" cnoremap <expr> <CR> pumvisible() ? "<C-e>":"<CR>" " cnoremap <expr> <CR> pumvisible() ? "<C-e>":"<CR>"
" set line numbers " set line numbers
set number set number
@ -65,6 +76,10 @@
" Fix for code not being aligned if between comment blocks " Fix for code not being aligned if between comment blocks
set cindent cinkeys-=0# set cindent cinkeys-=0#
set expandtab shiftwidth=2 tabstop=2 softtabstop=2 set expandtab shiftwidth=2 tabstop=2 softtabstop=2
set statusline+=%#warningmsg#
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
''; '';
viAlias = true; viAlias = true;
@ -83,7 +98,7 @@
vim-fugitive vim-fugitive
vim-yaml vim-yaml
vim-autoformat vim-autoformat
vimtex
]; ];
}; };
} }

42
roles/home/desktop.nix Normal file
View File

@ -0,0 +1,42 @@
{ pkgs, ... }:
let
albert_autostart = (pkgs.makeAutostartItem {
name = "albert";
package = pkgs.albert;
});
guake_autostart = (pkgs.makeAutostartItem {
name = "guake";
package = pkgs.guake;
});
in
{
imports = [ ./gnome.nix ];
nixpkgs.config.allowUnfree = true;
home.packages = with pkgs; [
albert
guake
firefox
brave
chromium
slack
signal-desktop
teams
discord
element-desktop
spotify
gparted
libreoffice
vscode
jetbrains.idea-ultimate
albert_autostart
guake_autostart
];
}

0
home/git.nix → roles/home/git.nix
View File

0
home/gnome.nix → roles/home/gnome.nix
View File

5
home/ssh.nix → roles/home/ssh.nix
View File

@ -4,6 +4,11 @@
compression = true; compression = true;
matchBlocks = { matchBlocks = {
"giugl.io" = {
user = "root";
identityFile = "~/.ssh/architectproxy";
};
"tommy.devs.giugl.io" = { "tommy.devs.giugl.io" = {
user = "giulio"; user = "giulio";
identityFile = "~/.ssh/tommypc"; identityFile = "~/.ssh/tommypc";

6
home/zsh.nix → roles/home/zsh.nix
View File

@ -1,5 +1,5 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
home.packages = with pkgs; [ zsh ]; home.packages = with pkgs; [ zsh any-nix-shell ];
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -9,5 +9,9 @@
plugins = [ "git" "sudo" "docker" "docker-compose" "adb" "systemd" ]; plugins = [ "git" "sudo" "docker" "docker-compose" "adb" "systemd" ];
theme = "bira"; theme = "bira";
}; };
initExtra = ''
any-nix-shell zsh --info-right | source /dev/stdin
'';
}; };
} }

8
roles/zsh.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
programs.zsh = {
enableBashCompletion = true;
enableCompletion = true;
};
}

35
users.nix
View File

@ -1,35 +0,0 @@
{config, pkgs, home-manager, ...}:
{
users.users = {
giulio = {
description = "Giulio De Pasquale";
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = [ "wheel" "docker" "networkmanager" ];
};
root = {
shell = pkgs.zsh;
};
};
programs.zsh = {
enableBashCompletion = true;
enableCompletion = true;
};
home-manager.users.root = {
imports = [ ./home/zsh.nix ./home/ssh.nix ./home/code.nix ];
};
home-manager.users.giulio = {
imports = [ ./home ];
};
fileSystems."/home/giulio/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
}

38
utils.nix
View File

@ -1,38 +0,0 @@
{ nixos-unstable, nixpkgs, home-manager, ... }:
{
mkHost = {name}:
let
system = "x86_64-linux";
unstable = import nixos-unstable {
inherit system;
config.allowUnfree = true;
};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
overlays = [ (final: prev: { inherit unstable; }) ];
};
in nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{
nixpkgs.pkgs = pkgs;
nix.nixPath = [
"nixpkgs=${nixpkgs}"
"unstable=${nixos-unstable}"
];
nix.registry.nixpkgs.flake = nixpkgs;
nix.registry.unstable.flake = nixos-unstable;
}
./common.nix
./users.nix
home-manager.nixosModules.home-manager
./hosts/${name}/default.nix
./acme.nix
];
};
}

12
variables.nix
View File

@ -1,12 +0,0 @@
{ config, lib, ... }:
with lib;
{
options.variables = mkOption {
type = types.attrs;
default = {};
};
config._module.args.variables = config.variables;
}