From 91703951ecd6cdadf1359eb6fb3b309a37c7be98 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 1 Jul 2021 02:05:43 +0200 Subject: [PATCH] cleaned a bit --- hosts/giupi/default.nix | 187 ++++++++++++++++++++-------------------- 1 file changed, 93 insertions(+), 94 deletions(-) diff --git a/hosts/giupi/default.nix b/hosts/giupi/default.nix index 5a50726..a6aa884 100644 --- a/hosts/giupi/default.nix +++ b/hosts/giupi/default.nix @@ -16,22 +16,51 @@ in { ../../common.nix ../../users.nix ]; - - variables.hostname = hostname; - # Set your time zone. - time.timeZone = "Europe/Rome"; + boot = { + kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"]; - networking = { - hostName = hostname; - useDHCP = false; - interfaces = { - enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }]; - enp6s0.useDHCP = false; - wlp4s0.useDHCP = false; + initrd = { + availableKernelModules = ["igc" "r8169"]; + network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = [/boot/host_ecdsa_key]; + authorizedKeys = pubkeys; + }; + + postCommands = '' + echo "zfs load-key -a; killall zfs" >> /root/.profile + ''; }; - defaultGateway = "10.0.0.1"; - extraHosts = '' + }; + + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + supportedFilesystems = ["zfs"]; + zfs.requestEncryptionCredentials = true; + }; + + variables.hostname = hostname; + + time.timeZone = "Europe/Rome"; + + networking = { + hostName = hostname; + hostId = "49350853"; + useDHCP = false; + interfaces = { + enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }]; + enp6s0.useDHCP = false; + wlp4s0.useDHCP = false; + }; + defaultGateway = "10.0.0.1"; + extraHosts = '' 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost # LAN @@ -83,92 +112,62 @@ ${lan_address} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giu ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters + ''; + }; + + environment.systemPackages = with pkgs; + [ + neovim + docker + htop + glances + git + home-manager + openiscsi + wireguard + dnscrypt-proxy2 + restic + ]; + + + services = { + zfs.autoScrub.enable = true; + xserver.videoDrivers = [ "nvidia" ]; + + dnsmasq = { + enable = true; + servers = ["127.0.0.1#5353"]; + extraConfig = '' + localise-queries ''; }; - boot = { - kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"]; - - initrd = { - availableKernelModules = ["igc" "r8169"]; - network = { - enable = true; - ssh = { - enable = true; - port = 2222; - hostKeys = [/boot/host_ecdsa_key]; - authorizedKeys = pubkeys; - }; - - postCommands = '' - echo "zfs load-key -a; killall zfs" >> /root/.profile - ''; - }; - }; - - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - supportedFilesystems = ["zfs"]; - zfs.requestEncryptionCredentials = true; - }; - - networking.hostId = "49350853"; - environment.systemPackages = with pkgs; - [ - neovim - docker - htop - glances - git - home-manager - openiscsi - wireguard - dnscrypt-proxy2 - restic - ]; - - - services = { - zfs.autoScrub.enable = true; - xserver.videoDrivers = [ "nvidia" ]; - - dnsmasq = { - enable = true; - servers = ["127.0.0.1#5353"]; - extraConfig = '' - localise-queries - ''; - }; - - dnscrypt-proxy2 = { - enable = true; - settings = { - listen_addresses = ["127.0.0.1:5353"]; - ipv4_servers = true; - ipv6_servers = false; - dnscrypt_servers = true; - doh_servers = true; - require_nolog = true; - require_nofilter = true; - timeout = 350; - lb_strategy = "p4"; - lb_estimator = true; - ignore_system_dns = true; - fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; - }; - }; - - openssh = { - enable = true; - passwordAuthentication = false; + dnscrypt-proxy2 = { + enable = true; + settings = { + listen_addresses = ["127.0.0.1:5353"]; + ipv4_servers = true; + ipv6_servers = false; + dnscrypt_servers = true; + doh_servers = true; + require_nolog = true; + require_nofilter = true; + timeout = 350; + lb_strategy = "p4"; + lb_estimator = true; + ignore_system_dns = true; + fallback_resolvers = ["1.1.1.1:53" "9.9.9.9:53"]; }; }; - system.stateVersion = "21.05"; # Did you read the comment? + openssh = { + enable = true; + passwordAuthentication = false; + }; + }; - users.users.giulio.openssh.authorizedKeys.keys = pubkeys; - } + system.stateVersion = "21.05"; # Did you read the comment? + + users.users.giulio.openssh.authorizedKeys.keys = pubkeys; +}