peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: peperunas:b7272fa1d20d72f7bf87d18dc3138d3afe7fc00e
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit
...
compare: peperunas:e3ccb127e4d5ecf63cf331d413a2b3a37df6fd91
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit

7 Commits
b7272fa1d2 ... e3ccb127e4

Author SHA1 Message Date
Giulio De Pasquale
e3ccb127e4 use wan_if 2021-07-01 15:18:37 +02:00
Giulio De Pasquale
3f220fd069 use network file 2021-07-01 15:15:16 +02:00
Giulio De Pasquale
363e1efe85 created network file 2021-07-01 15:15:01 +02:00
Giulio De Pasquale
902a25fb0c alignment 2021-07-01 12:28:28 +02:00
Giulio De Pasquale
4135c9a67e mount Downloads on tmpfs for giulio 2021-07-01 12:27:04 +02:00
Giulio De Pasquale
4ab8f76e9b mount Downloads on tmpfs for giulio 2021-07-01 12:26:48 +02:00
Giulio De Pasquale
8a464250e7 moved common packages to common; nftables on giupi 2021-07-01 12:26:21 +02:00
6 changed files with 113 additions and 45 deletions
Show Stats Expand all files Collapse all files

18
common.nix
View File

@ -12,11 +12,13 @@
nix = { nix = {
autoOptimiseStore = true; autoOptimiseStore = true;
nixPath = [ nixPath = [
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix" "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix"
"/nix/var/nix/profiles/per-user/root/channels" "/nix/var/nix/profiles/per-user/root/channels"
]; ];
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
@ -29,4 +31,20 @@
allowUnfree = true; allowUnfree = true;
}; };
}; };
environment.systemPackages = with pkgs; [
file
pciutils
bind
wget
git
curl
htop
glances
tcpdump
restic
binutils
neovim
home-manager
];
} }

6
hosts/gAluminum/default.nix
View File

@ -99,11 +99,5 @@ in {
fsType = "tmpfs"; fsType = "tmpfs";
options = ["size=2G"]; options = ["size=2G"];
}; };
fileSystems."/home/giulio/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
} }

60
hosts/giupi/default.nix
View File

@ -4,8 +4,8 @@
{ config, pkgs, variables, ... }: { config, pkgs, variables, ... }:
with import ./network.nix;
let let
lan_address = "10.0.0.8";
pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
hostname = "giupi"; hostname = "giupi";
in { in {
@ -15,6 +15,7 @@ in {
../../variables.nix ../../variables.nix
../../common.nix ../../common.nix
../../users.nix ../../users.nix
./firewall.nix
]; ];
variables.hostname = hostname; variables.hostname = hostname;
@ -23,7 +24,7 @@ in {
users.users.giulio.openssh.authorizedKeys.keys = pubkeys; users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
boot = { boot = {
kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"]; kernelParams = ["ip=${giupi_lan_ip}::10.0.0.1:255.255.255.0::${wan_if}:off"];
initrd = { initrd = {
availableKernelModules = ["igc" "r8169"]; availableKernelModules = ["igc" "r8169"];
@ -31,8 +32,8 @@ in {
enable = true; enable = true;
ssh = { ssh = {
enable = true; enable = true;
port = 2222; port = 22;
hostKeys = [/boot/host_ecdsa_key]; hostKeys = [/boot/ssh_host_rsa_key];
authorizedKeys = pubkeys; authorizedKeys = pubkeys;
}; };
@ -58,7 +59,7 @@ in {
useDHCP = false; useDHCP = false;
defaultGateway = "10.0.0.1"; defaultGateway = "10.0.0.1";
interfaces = { interfaces = {
enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }]; enp5s0.ipv4.addresses = [{ address = giupi_lan_ip; prefixLength = 24; }];
enp6s0.useDHCP = false; enp6s0.useDHCP = false;
wlp4s0.useDHCP = false; wlp4s0.useDHCP = false;
}; };
@ -66,31 +67,31 @@ in {
# 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost # 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost
# #
## LAN ## LAN
#${lan_address} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io #${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
# #
# 10.0.0.1 router.devs.giugl.io # 10.0.0.1 router.devs.giugl.io
# 10.0.0.2 dvr.devs.giugl.io # ${dvr_ip} dvr.devs.giugl.io
# 10.0.0.3 nas.devs.giugl.io # ${nas_ip} nas.devs.giugl.io
# #
## Wireguard hosts ## Wireguard hosts
# 10.3.0.1 ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io # ${giupi_wg_ip} ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
# 10.3.0.2 galuminum.devs.giugl.io # ${galuminum-wg} galuminum.devs.giugl.io
# 10.3.0.3 oneplus.devs.giugl.io # ${oneplus-wg} oneplus.devs.giugl.io
# 10.3.0.4 ipad.devs.giugl.io # ${ipad-wg} ipad.devs.giugl.io
# 10.3.0.5 manduria.devs.giugl.io # ${manduria-wg} manduria.devs.giugl.io
# 10.3.0.6 antonio.devs.giugl.io # ${antonio-wg} antonio.devs.giugl.io
# 10.3.0.7 gbeast.devs.giugl.io # ${gbeast-wg} gbeast.devs.giugl.io
# 10.3.0.8 parisa-phone.devs.giugl.io # ${parisaphone-wg} parisa-phone.devs.giugl.io
# 10.3.0.9 parisa-pc.devs.giugl.io # ${parisapc-wg} parisa-pc.devs.giugl.io
# 10.3.0.10 peppiniell.devs.giugl.io # ${peppiniell-wg} peppiniell.devs.giugl.io
# 10.3.0.11 padulino.devs.giugl.io # ${padulino-wg} padulino.devs.giugl.io
# 10.3.0.12 shield.devs.giugl.io # ${shield-wg} shield.devs.giugl.io
# 10.3.0.13 angelino.devs.giugl.io # ${angelino-wg} angelino.devs.giugl.io
# 10.3.0.14 peposone.devs.giugl.io # ${pepos_one-wg} peposone.devs.giugl.io
# 10.3.0.15 pepostwo.devs.giugl.io # ${pepos_two-wg} pepostwo.devs.giugl.io
# 10.3.0.100 eleonora.devs.giugl.io # ${eleonora-wg} eleonora.devs.giugl.io
# 10.3.0.200 broccolino.devs.giugl.io # ${broccolino-wg} broccolino.devs.giugl.io
# 10.3.0.201 hotpottino.devs.giugl.io # ${hotpottino-wg} hotpottino.devs.giugl.io
# #
## Blacklist ## Blacklist
# 0.0.0.0 metrics.plex.tv # 0.0.0.0 metrics.plex.tv
@ -119,16 +120,9 @@ in {
environment.systemPackages = with pkgs; environment.systemPackages = with pkgs;
[ [
neovim
docker docker
htop
glances
git
home-manager
openiscsi openiscsi
wireguard wireguard
dnscrypt-proxy2
restic
]; ];
hardware = { hardware = {

16
hosts/giupi/firewall.nix Normal file
View File

@ -0,0 +1,16 @@
{config, ...} :
{
networking = {
# needed to use nftables
firewall.enable = false;
nat.enable = false;
nftables = {
enable = true;
ruleset = ''
'';
};
};
}

40
hosts/giupi/network.nix Normal file
View File

@ -0,0 +1,40 @@
rec {
# interfaces
wan_if = "enp5s0";
wg_if = "wg0";
# nets
lan_net = "10.0.0.0/24";
wg_net = "10.3.0.0/24";
external_lan_net = "192.168.1.0/24";
# ips
giupi_lan_ip = "10.0.0.8";
dvr_ip = "10.0.0.2";
nas_ip = "10.0.0.3";
giupi_wg_ip = "10.3.0.1";
galuminum-wg = "10.3.0.2";
oneplus-wg = "10.3.0.3";
ipad-wg = "10.3.0.4";
manduria-wg = "10.3.0.5";
antonio-wg = "10.3.0.6";
gbeast-wg = "10.3.0.7";
parisaphone-wg = "10.3.0.8";
parisapc-wg = "10.3.0.9";
peppiniell-wg = "10.3.0.10";
padulino-wg = "10.3.0.11";
shield-wg = "10.3.0.12";
angelino-wg = "10.3.0.13";
pepos_one-wg = "10.3.0.14";
pepos_two-wg = "10.3.0.15";
eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201";
# groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];
routers-wg = [ hotpottino-wg broccolino-wg ];
c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
}

6
users.nix
View File

@ -28,4 +28,10 @@
home-manager.users.giulio = { home-manager.users.giulio = {
imports = [ ./home ]; imports = [ ./home ];
}; };
fileSystems."/home/giulio/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
} }