peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: peperunas:40b00f3eeb7198f6be3352aeef921fad29c03388
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit
..
compare: peperunas:3e356fe7032bc1af9fc75d671fdda902b7ef7285
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit

No commits in common. "40b00f3eeb7198f6be3352aeef921fad29c03388" and "3e356fe7032bc1af9fc75d671fdda902b7ef7285" have entirely different histories.
40b00f3eeb ... 3e356fe703

17 changed files with 249 additions and 346 deletions
Show Stats Expand all files Collapse all files

18
flake.lock generated
View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1637019201, "lastModified": 1633596850,
"narHash": "sha256-lq4gz51fx4m5FXfx1SCB444aEBeaYtLMVm3P18Wi9ls=", "narHash": "sha256-5+qVLYvfOropjLAvpQs/APtD8eYnEIbAd9a36lGHZM0=",
"owner": "rycee", "owner": "rycee",
"repo": "home-manager", "repo": "home-manager",
"rev": "bcf03fa16a1f06b8a0abb27bf49afa8d6fffe8f1", "rev": "49695f33aac22358b59e49c94fe6472218e5d766",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -23,11 +23,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1637595801, "lastModified": 1633971123,
"narHash": "sha256-LkIMwVFKCuEqidaUdg8uxwpESAXjsPo4oCz3eJ7RaRw=", "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "263ef4cc4146c9fab808085487438c625d4426a9", "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1637615379, "lastModified": 1634115022,
"narHash": "sha256-wL5+nm7z+42IHyhc52P3aAj1Kp2fQ6C8IyPBihj7Bjg=", "narHash": "sha256-K9DZMQ47VRrg9gtTPwex5p0E8LnwM/dDkNe7AQW0qj0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "09650059d7f5ae59a7f0fb2dd3bfc6d2042a74de", "rev": "564cb4d81d4f734dd068684adec5a60077397fe9",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View File

@ -28,7 +28,7 @@
inherit (utils) user; inherit (utils) user;
in { in {
nixosConfigurations = { nixosConfigurations = {
architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = [ "git" ]; } ]; }; architect = host.mkHost { name = "architect"; users = [ { user = "giulio"; roles = []; } ]; };
gAluminum = host.mkHost { name = "gAluminum"; users = [ { user = "giulio"; roles = [ "desktop" "ssh" "git" ]; } ]; roles = [ "gnome" ]; }; gAluminum = host.mkHost { name = "gAluminum"; users = [ { user = "giulio"; roles = [ "desktop" "ssh" "git" ]; } ]; roles = [ "gnome" ]; };
proxy = host.mkHost { name = "proxy"; users = []; }; proxy = host.mkHost { name = "proxy"; users = []; };
}; };

274
hosts/architect/default.nix
View File

@ -2,141 +2,169 @@
with import ./network.nix; with import ./network.nix;
let let
pubkeys = [ pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230" hostname = "architect";
]; in
hostname = "architect"; {
in { imports =
imports = [ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./backup.nix ./backup.nix
./hardware.nix ./hardware.nix
./firewall.nix ./firewall.nix
./nginx.nix ./nginx.nix
./gitea.nix ./gitea.nix
./sonarr.nix ./sonarr.nix
./radarr.nix ./radarr.nix
./bazarr.nix ./bazarr.nix
./nzbget.nix ./nzbget.nix
./nextcloud.nix # ./jellyfin.nix
./wireguard.nix ./nextcloud.nix
./minio.nix ./wireguard.nix
./matrix.nix ./minio.nix
./fail2ban.nix ./matrix.nix
./dns.nix ./fail2ban.nix
./minecraft.nix ./dns.nix
./prowlarr.nix ./minecraft.nix
./plex.nix # ./prowlarr.nix
./transmission.nix ./plex.nix
./githubrunner.nix ];
];
time.timeZone = "Europe/Rome"; time.timeZone = "Europe/Rome";
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
users.users.giulio.openssh.authorizedKeys.keys = pubkeys; users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
fileSystems."/tmp" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=20G"];
};
fileSystems."/tmp" = { boot = {
device = "tmpfs"; kernelParams = ["ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off"];
fsType = "tmpfs"; kernel.sysctl."net.ipv4.ip_forward" = 1;
options = [ "size=20G" ];
};
boot = { initrd = {
kernelParams = availableKernelModules = ["igc" "r8169"];
[ "ip=${architect-lan}::10.0.0.1:255.255.255.0::${wan-if}:off" ]; network = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd = {
availableKernelModules = [ "igc" "r8169" ];
network = {
enable = true;
ssh = {
enable = true; enable = true;
port = 22; ssh = {
hostKeys = [ /boot/ssh_host_rsa_key ]; enable = true;
authorizedKeys = pubkeys; port = 22;
hostKeys = [/boot/ssh_host_rsa_key];
authorizedKeys = pubkeys;
};
postCommands = ''
zpool import backedpool
zpool import zpool
mkdir /mnt-root
echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
'';
}; };
postCommands = ''
zpool import backedpool
zpool import zpool
mkdir /mnt-root
echo "zfs load-key -ar; mount -t zfs zpool/nixos/root /mnt-root; zfs load-key -a; umount /mnt-root; rmdir /mnt-root; killall zfs" >> /root/.profile
'';
}; };
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["zfs"];
zfs.enableUnstable = true;
zfs.requestEncryptionCredentials = true;
}; };
loader = { networking = {
systemd-boot.enable = true; hostName = hostname;
efi.canTouchEfiVariables = true; hostId = "49350853";
useDHCP = false;
defaultGateway = "10.0.0.1";
interfaces = {
enp5s0.ipv4.addresses = [{ address = architect-lan; prefixLength = 24; }];
enp6s0.useDHCP = false;
wlp4s0.useDHCP = false;
};
extraHosts = ''
127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN
${architect-lan} ${hostname}.devs.giugl.io
${dvr-lan} dvr.devs.giugl.io
${nas-lan} nas.devs.giugl.io
${giupi-lan} giupi.devs.giugl.io
# Wireguard hosts
${architect-wg} ${hostname}.devs.giugl.io
${galuminum-wg} galuminum.devs.giugl.io
${oneplus-wg} oneplus.devs.giugl.io
${ipad-wg} ipad.devs.giugl.io
${manduria-wg} manduria.devs.giugl.io
${antonio-wg} antonio.devs.giugl.io
${gbeast-wg} gbeast.devs.giugl.io
${parisaphone-wg} parisa-phone.devs.giugl.io
${parisapc-wg} parisa-pc.devs.giugl.io
${peppiniell-wg} peppiniell.devs.giugl.io
${padulino-wg} padulino.devs.giugl.io
${shield-wg} shield.devs.giugl.io
${angelino-wg} angelino.devs.giugl.io
${pepos_two-wg} pepostwo.devs.giugl.io
${eleonora-wg} eleonora.devs.giugl.io
${angellane-wg} angellane.devs.giugl.io
${hotpottino-wg} hotpottino.devs.giugl.io
${salvatore-wg} salvatore.devs.giugl.io
${papa-wg} papa.devs.giugl.io
${defy-wg} defy.devs.giugl.io
${germano-wg} germano.devs.giugl.io
${dodino-wg} dodino.devs.giugl.io
${tommy-wg} tommy.devs.giugl.io
${alain-wg} alain.devs.giugl.io
${dima-wg} dima.devs.giugl.io
${boogino-wg} boogino.devs.giugl.io
${mikey-wg} mikey.devs.giugl.io
# Blacklist
0.0.0.0 metrics.plex.tv
0.0.0.0 analytics.plex.tv
0.0.0.0 cdn.luckyorange.com
0.0.0.0 w1.luckyorange.com
0.0.0.0 browser.sentry-cdn.com
0.0.0.0 analytics.facebook.com
0.0.0.0 ads.facebook.com
0.0.0.0 extmaps-api.yandex.net
0.0.0.0 logservice.hicloud.com
0.0.0.0 logbak.hicloud.com
0.0.0.0 logservice1.hicloud.com
0.0.0.0 samsung-com.112.2o7.net
0.0.0.0 supportmetrics.apple.com
0.0.0.0 analytics.oneplus.cn
0.0.0.0 click.oneplus.cn
0.0.0.0 analytics-api.samsunghealthcn.com
'';
}; };
supportedFilesystems = [ "zfs" ]; environment.systemPackages = with pkgs;
zfs.enableUnstable = true; [
zfs.requestEncryptionCredentials = true; wireguard
}; cudatoolkit
];
networking = { hardware = {
hostName = hostname; cpu.amd.updateMicrocode = true;
hostId = "49350853"; opengl.enable = true;
useDHCP = false; opengl.extraPackages= with pkgs; [vaapiVdpau];
defaultGateway = "10.0.0.1"; opengl.driSupport = true;
interfaces = {
enp5s0.ipv4.addresses = [{
address = architect-lan;
prefixLength = 24;
}];
enp6s0.useDHCP = false;
wlp4s0.useDHCP = false;
}; };
extraHosts = ''
127.0.0.1 ${hostname}.devs.giugl.io localhost
# LAN services = {
${architect-lan} ${hostname}.devs.giugl.io zfs.autoScrub.enable = true;
xserver.videoDrivers = [ "nvidia" ];
openssh.enable = true;
smartd.enable = true;
};
${dvr-lan} dvr.devs.giugl.io environment.variables = {
${nas-lan} nas.devs.giugl.io LIBVA_DRIVER_NAME="vdpau";
${giupi-lan} giupi.devs.giugl.io };
}
# Blacklist
0.0.0.0 metrics.plex.tv
0.0.0.0 analytics.plex.tv
0.0.0.0 cdn.luckyorange.com
0.0.0.0 w1.luckyorange.com
0.0.0.0 browser.sentry-cdn.com
0.0.0.0 analytics.facebook.com
0.0.0.0 ads.facebook.com
0.0.0.0 extmaps-api.yandex.net
0.0.0.0 logservice.hicloud.com
0.0.0.0 logbak.hicloud.com
0.0.0.0 logservice1.hicloud.com
0.0.0.0 samsung-com.112.2o7.net
0.0.0.0 supportmetrics.apple.com
0.0.0.0 analytics.oneplus.cn
0.0.0.0 click.oneplus.cn
0.0.0.0 analytics-api.samsunghealthcn.com
'';
};
environment.systemPackages = with pkgs; [ cudatoolkit ];
hardware = {
cpu.amd.updateMicrocode = true;
opengl.enable = true;
opengl.extraPackages = with pkgs; [ vaapiVdpau ];
opengl.driSupport = true;
};
boot.crashDump.enable = true;
services.das_watchdog.enable = true;
services = {
zfs.autoScrub.enable = true;
xserver.videoDrivers = [ "nvidia" ];
openssh.enable = true;
smartd.enable = true;
};
environment.variables = { LIBVA_DRIVER_NAME = "vdpau"; };
}

3
hosts/architect/firewall.nix
View File

@ -9,12 +9,10 @@ let
443 # https 443 # https
8448 # matrix 8448 # matrix
10022 # gitea 10022 # gitea
51413 # transmission
]; ];
open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [ open_udp_ports = lib.concatMapStringsSep "," (x: toString x) [
1194 # wireguard 1194 # wireguard
3478 # turn 3478 # turn
51413 # transmission
]; ];
in { in {
networking = { networking = {
@ -136,7 +134,6 @@ in {
# gdevices talking to everyone in VPN # gdevices talking to everyone in VPN
ip saddr {${lib.concatStringsSep "," gdevices-wg}} ip daddr ${vpn-net} accept ip saddr {${lib.concatStringsSep "," gdevices-wg}} ip daddr ${vpn-net} accept
ip saddr {${lib.concatStringsSep "," gamenet-wg}} ip daddr {${lib.concatStringsSep "," gamenet-wg}} accept
# nat to wan # nat to wan
oifname ${wan-if} ip saddr {${lib.concatStringsSep "," towan-wg}} accept oifname ${wan-if} ip saddr {${lib.concatStringsSep "," towan-wg}} accept

15
hosts/architect/githubrunner.nix
View File

@ -1,15 +0,0 @@
{ ... }:
{
services.github-runner = {
enable = true;
url = "https://github.com/ropfuscator";
tokenFile = "/secrets/github-runner/token";
replace = true;
};
nix.extraOptions = ''
tarball-ttl = 0
access-tokens = github.com=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
'';
}

16
hosts/architect/network.nix
View File

@ -29,7 +29,9 @@ rec {
peppiniell-wg = "10.3.0.10"; peppiniell-wg = "10.3.0.10";
padulino-wg = "10.3.0.11"; padulino-wg = "10.3.0.11";
shield-wg = "10.3.0.12"; shield-wg = "10.3.0.12";
pepos-wg = "10.3.0.15"; angelino-wg = "10.3.0.13";
pepos_one-wg = "10.3.0.14";
pepos_two-wg = "10.3.0.15";
salvatore-wg = "10.3.0.16"; salvatore-wg = "10.3.0.16";
papa-wg = "10.3.0.17"; papa-wg = "10.3.0.17";
defy-wg = "10.3.0.18"; defy-wg = "10.3.0.18";
@ -39,23 +41,17 @@ rec {
alain-wg = "10.3.0.22"; alain-wg = "10.3.0.22";
dima-wg = "10.3.0.23"; dima-wg = "10.3.0.23";
mikey-wg = "10.3.0.24"; mikey-wg = "10.3.0.24";
andrew-wg = "10.3.0.25";
mikeylaptop-wg = "10.3.0.26";
andrewdesktop-wg = "10.3.0.27";
jacopo-wg = "10.3.0.28";
frznn-wg = "10.3.0.29";
eleonora-wg = "10.3.0.100"; eleonora-wg = "10.3.0.100";
angellane-wg = "10.3.0.200"; angellane-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201"; hotpottino-wg = "10.3.0.201";
dodino-wg = "10.3.0.202"; dodino-wg = "10.3.0.202";
wolfsonhouse-wg = "10.3.0.203"; boogino-wg = "10.3.0.203";
# groups # groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg ]; gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];
routers-wg = [ hotpottino-wg angellane-wg dodino-wg wolfsonhouse-wg ]; routers-wg = [ hotpottino-wg angellane-wg dodino-wg ];
c2c-wg = [ ] ++ gdevices-wg; c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg; towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
gamenet-wg = [ andrew-wg galuminum-wg gbeast-wg mikey-wg andrewdesktop-wg mikeylaptop-wg flavio-wg salvatore-wg ];
# domains # domains
sonarrdomain = "htson.giugl.io"; sonarrdomain = "htson.giugl.io";

44
hosts/architect/nginx.nix
View File

@ -8,28 +8,28 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
# virtualHosts."giugl.io" = { virtualHosts."giugl.io" = {
# default = true; default = true;
# enableACME = true; enableACME = true;
# addSSL = true; addSSL = true;
# root = "/var/lib/nginx/error_pages"; root = "/var/lib/nginx/error_pages";
# extraConfig = "error_page 404 /index.htm;"; extraConfig = "error_page 404 /index.htm;";
#
# locations = { locations = {
# "/" = { "/" = {
# return = "404"; return = "404";
# }; };
#
# "/index.htm" = { "/index.htm" = {
# }; };
#
# "/style.css" = { "/style.css" = {
# }; };
#
# "/wat.jpg" = { "/wat.jpg" = {
# }; };
# }; };
# }; };
}; };
users.groups.acme.members = [ "nginx" ]; users.groups.acme.members = [ "nginx" ];

13
hosts/architect/overseerr.nix
View File

@ -1,13 +0,0 @@
{...}:
{
virtualisation.oci-containers.containers."overseerr" = {
image = "sctx/overseerr:latest";
volumes = [ "/var/lib/overseerr:/app/config" ];
environment = {
"LOG_LEVEL" = "debug";
"TZ" = "Europe/Rome";
};
#ports = [ "5055:5055" ];
};
}

4
hosts/architect/plex.nix
View File

@ -16,10 +16,6 @@ with import ./network.nix;
enableACME = true; enableACME = true;
http2 = true; http2 = true;
extraConfig = '' extraConfig = ''
allow 10.3.0.0/24;
allow 10.0.0.0/24;
deny all;
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m; send_timeout 100m;

2
hosts/architect/prowlarr.nix
View File

@ -1,5 +1,3 @@
{ pkgs, ...}:
with import ./network.nix; with import ./network.nix;
{ {
services = { services = {

41
hosts/architect/transmission.nix
View File

@ -1,41 +0,0 @@
with import ./network.nix;
let
domain = "httra.giugl.io";
in {
services = {
transmission = {
enable = true;
settings = {
download-dir = "/media/transmission";
incomplete-dir = "/media/transmission/.incomplete";
rpc-host-whitelist = "${domain}";
encryption = 2;
speed-limit-up = 10;
speed-limit-up-enabled = true;
peer-port = 51413;
};
performanceNetParameters = true;
};
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:9091";
extraConfig = ''
allow 10.0.0.0/24;
allow 10.3.0.0/24;
deny all;
'';
};
};
};
networking.extraHosts = ''
${architect-lan} ${domain}
${architect-wg} ${domain}
'';
users.groups.media.members = ["transmission"];
}

111
hosts/architect/wireguard.nix
View File

@ -1,40 +1,7 @@
with import ./network.nix; with import ./network.nix;
{ {
networking = { networking.wireguard = {
extraHosts = '' interfaces.${proxy-if} = {
${architect-wg} architect.devs.giugl.io
${galuminum-wg} galuminum.devs.giugl.io
${oneplus-wg} oneplus.devs.giugl.io
${ipad-wg} ipad.devs.giugl.io
${manduria-wg} manduria.devs.giugl.io
${antonio-wg} antonio.devs.giugl.io
${gbeast-wg} gbeast.devs.giugl.io
${parisaphone-wg} parisa-phone.devs.giugl.io
${parisapc-wg} parisa-pc.devs.giugl.io
${peppiniell-wg} peppiniell.devs.giugl.io
${padulino-wg} padulino.devs.giugl.io
${shield-wg} shield.devs.giugl.io
${pepos-wg} pepos.devs.giugl.io
${eleonora-wg} eleonora.devs.giugl.io
${angellane-wg} angellane.devs.giugl.io
${hotpottino-wg} hotpottino.devs.giugl.io
${salvatore-wg} salvatore.devs.giugl.io
${papa-wg} papa.devs.giugl.io
${defy-wg} defy.devs.giugl.io
${germano-wg} germano.devs.giugl.io
${dodino-wg} dodino.devs.giugl.io
${tommy-wg} tommy.devs.giugl.io
${alain-wg} alain.devs.giugl.io
${dima-wg} dima.devs.giugl.io
${mikey-wg} mikey.devs.giugl.io
${andrew-wg} andrew.devs.giugl.io
${mikeylaptop-wg} mikeylaptop.devs.giugl.io
${wolfsonhouse-wg} wolfsonhouse.devs.giugl.io
${frznn-wg} frznn.devs.giugl.io
'';
wireguard = {
interfaces.${proxy-if} = {
ips = ["10.4.0.2/32"]; ips = ["10.4.0.2/32"];
privateKeyFile = "/secrets/wireguard/proxy.key"; privateKeyFile = "/secrets/wireguard/proxy.key";
peers = [ peers = [
@ -45,26 +12,29 @@ with import ./network.nix;
persistentKeepalive = 21; persistentKeepalive = 21;
} }
]; ];
}; };
interfaces.${vpn-if} = { interfaces.${vpn-if} = {
listenPort = 1194; listenPort = 1194;
ips = ["10.3.0.1/24"]; ips = ["10.3.0.1/24"];
privateKeyFile = "/secrets/wireguard/server.key"; privateKeyFile = "/secrets/wireguard/server.key";
peers = [ peers = [
{ {
# gAluminum # gAluminum
allowedIPs = [galuminum-wg]; allowedIPs = [galuminum-wg];
publicKey = "pEEgSs7xmO0cfyvoQlU8lfwqdYM1ISgmPAunPtF+0xw="; publicKey = "pEEgSs7xmO0cfyvoQlU8lfwqdYM1ISgmPAunPtF+0xw=";
} }
{ {
# OnePlus # OnePlus
allowedIPs = [oneplus-wg]; allowedIPs = [oneplus-wg];
# publicKey = "uOQUJo+AfhTAFq50Pt80rdX4PmO28WUARngE2AtwdXU=";
publicKey = "zynSERy6VhxN5zBf1ih3BOAHxvigDixHB9YKnSBgYFs="; publicKey = "zynSERy6VhxN5zBf1ih3BOAHxvigDixHB9YKnSBgYFs=";
} }
{ {
# iPad # iPad
allowedIPs = [ipad-wg]; allowedIPs = [ipad-wg];
@ -148,12 +118,26 @@ with import ./network.nix;
publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs="; publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
} }
{ {
# pepos # angelino
allowedIPs = [pepos-wg]; allowedIPs = [angelino-wg];
publicKey = "mb1VaMLML5J24oCMBuhqvBrT6S4tAqWERn30z+h/LwM="; publicKey = "MhY4d824LuKPltQHfaUbtWGiQz4XsfqCRAx0n1FDaiY=";
} }
{
# pepos_one
allowedIPs = [pepos_one-wg];
publicKey = "HcIqulGahsHJeuq6zAt5EJieWhDSKX4tFlUOEr2U1gA=";
}
{
# pepos_two
allowedIPs = [pepos_two-wg];
publicKey = "mb1VaMLML5J24oCMBuhqvBrT6S4tAqWERn30z+h/LwM=";
}
{ {
# salvatore # salvatore
allowedIPs = [salvatore-wg]; allowedIPs = [salvatore-wg];
@ -209,9 +193,9 @@ with import ./network.nix;
} }
{ {
# wolfsonhouse # boogino
allowedIPs = [wolfsonhouse-wg]; allowedIPs = [boogino-wg];
publicKey = "UJRJcAOcnEjEB3o4K2I7gEM97SrhENEesZNf28z+EBQ="; publicKey = "p21tD9S04+b+TC27a1CvkJL7V6fcfjOpVU7Ke1FzV3A=";
} }
{ {
@ -219,38 +203,7 @@ with import ./network.nix;
allowedIPs = [mikey-wg]; allowedIPs = [mikey-wg];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
} }
{
# andrew
allowedIPs = [andrew-wg];
publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
}
{
# mikey laptop
allowedIPs = [mikeylaptop-wg];
publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
}
{
# andrew desktop
allowedIPs = [andrewdesktop-wg];
publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
}
{
# laptop desktop
allowedIPs = [jacopo-wg];
publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
}
{
# frznn
allowedIPs = [frznn-wg];
publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
}
]; ];
}; };
}; };
};
} }

8
lib/host.nix
View File

@ -14,13 +14,9 @@
modules = [ modules = [
{ {
imports = users_mod ++ roles_mod ++ [(nixos-unstable + "/nixos/modules/services/misc/prowlarr.nix")]; imports = users_mod ++ roles_mod;
nixpkgs = {
pkgs = pkgs;
overlays = [ (self: super: {prowlarr = pkgs.unstable.prowlarr;}) ];
};
nixpkgs.pkgs = pkgs;
nix.nixPath = [ nix.nixPath = [
"nixpkgs=${nixpkgs}" "nixpkgs=${nixpkgs}"
"unstable=${nixos-unstable}" "unstable=${nixos-unstable}"

2
roles/common.nix
View File

@ -41,7 +41,9 @@
glances glances
tcpdump tcpdump
restic restic
binutils
neovim neovim
ripgrep
tmux tmux
parted parted
unzip unzip

35
roles/home/common.nix
View File

@ -4,18 +4,23 @@
imports = [ ./zsh.nix ./git.nix ]; imports = [ ./zsh.nix ./git.nix ];
home = { home = {
stateVersion = "21.05"; stateVersion = "21.05";
sessionVariables = { sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
}; };
packages = with pkgs; [ rizin sshfs nixfmt ]; packages = with pkgs; [
rizin
sshfs
nixfmt
];
}; };
programs.neovim = { programs.neovim = {
enable = true; enable = true;
extraPackages = with pkgs; [ nodePackages.prettier cmake-format clang-tools rustfmt ]; #package = pkgs.unstable.neovim-unwrapped;
extraConfig = '' extraConfig = ''
" syntax " syntax
syntax enable syntax enable
@ -72,32 +77,28 @@
set cindent cinkeys-=0# set cindent cinkeys-=0#
set expandtab shiftwidth=2 tabstop=2 softtabstop=2 set expandtab shiftwidth=2 tabstop=2 softtabstop=2
" Enable alignment set statusline+=%#warningmsg#
let g:neoformat_basic_format_align = 1 set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
" Enable tab to spaces conversion
let g:neoformat_basic_format_retab = 1
" Enable trimmming of trailing whitespace
let g:neoformat_basic_format_trim = 1
''; '';
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
vim-nix vim-nix
molokai molokai
YouCompleteMe YouCompleteMe
vim-airline vim-airline
vim-airline-themes vim-airline-themes
vim-lsp vim-lsp
vim-indent-guides vim-indent-guides
vim-signify vim-signify
nerdtree nerdtree
vim-easy-align vim-easy-align
vim-fugitive vim-fugitive
vim-yaml
vim-autoformat
vimtex vimtex
neoformat
]; ];
}; };
} }

1
roles/home/git.nix
View File

@ -3,6 +3,5 @@
enable = true; enable = true;
userName = "Giulio De Pasquale"; userName = "Giulio De Pasquale";
userEmail = "depasquale+git@giugl.io"; userEmail = "depasquale+git@giugl.io";
delta.enable = true;
}; };
} }

6
roles/home/zsh.nix
View File

@ -1,4 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
home.packages = with pkgs; [ zsh any-nix-shell ];
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -7,5 +9,9 @@
plugins = [ "git" "sudo" "docker" "docker-compose" "adb" "systemd" ]; plugins = [ "git" "sudo" "docker" "docker-compose" "adb" "systemd" ];
theme = "bira"; theme = "bira";
}; };
initExtra = ''
any-nix-shell zsh --info-right | source /dev/stdin
'';
}; };
} }