peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: peperunas:e3ccb127e4d5ecf63cf331d413a2b3a37df6fd91
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit
..
compare: peperunas:b7272fa1d20d72f7bf87d18dc3138d3afe7fc00e
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit

No commits in common. "e3ccb127e4d5ecf63cf331d413a2b3a37df6fd91" and "b7272fa1d20d72f7bf87d18dc3138d3afe7fc00e" have entirely different histories.
e3ccb127e4 ... b7272fa1d2

6 changed files with 45 additions and 113 deletions
Show Stats Expand all files Collapse all files

18
common.nix
View File

@ -12,13 +12,11 @@
nix = { nix = {
autoOptimiseStore = true; autoOptimiseStore = true;
nixPath = [ nixPath = [
"nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos" "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos"
"nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix" "nixos-config=/etc/nixos/hosts/${variables.hostname}/default.nix"
"/nix/var/nix/profiles/per-user/root/channels" "/nix/var/nix/profiles/per-user/root/channels"
]; ];
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
@ -31,20 +29,4 @@
allowUnfree = true; allowUnfree = true;
}; };
}; };
environment.systemPackages = with pkgs; [
file
pciutils
bind
wget
git
curl
htop
glances
tcpdump
restic
binutils
neovim
home-manager
];
} }

6
hosts/gAluminum/default.nix
View File

@ -99,5 +99,11 @@ in {
fsType = "tmpfs"; fsType = "tmpfs";
options = ["size=2G"]; options = ["size=2G"];
}; };
fileSystems."/home/giulio/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
} }

72
hosts/giupi/default.nix
View File

@ -4,10 +4,10 @@
{ config, pkgs, variables, ... }: { config, pkgs, variables, ... }:
with import ./network.nix;
let let
pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"]; lan_address = "10.0.0.8";
hostname = "giupi"; pubkeys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1we38/N+t8Ah5yrLof8QUwhrob7/VXFKIddaJeOVBLuDVnW7ljiAtdtEiL69D/DV4Ohmt5wMvkAAjfuHmim6FD9A6lzPbSU4KH9W2dcckszKbbI636kuDwem/xui6BW3wJa6P+0xW5ksygEAkzcK2PXuC2b4B9uwhuUdKahiGMKDxISG/WianqAe72cGMfNkYvion3Y1VsMLUdm48d2ABnxNpr7NI9B5iJ8dziOft9gpgfz13CCQRlReo75gk/4xI+vSNrQp7eR+wzJy2/dZg/T8jtyA9Q6jVxrxBpqQ1LNXkAKaJkGo9OabF6Wgpzp+YTAurL4nwR2NaJxwFuyoKvACQy0ai4jrS3206gC6JXZv8ktZMZrwUN+jPqCwfgh5qObFkAqKCxbp52ioDek2MQLdOvzQBX//DBhGEp5rzHGLZ3vhRIiiQiaof5sF5zWiYDW5mqezSPNxJPX/BrTP/Wbs/jpwTLBh3wytiia0S1WXQmya89bqzTPFiDWvTRA62EVKB/JaQtPQQOFAxWwg799DMycPeZ81xttZOyMtI/MZSddyqx2S8fWGwvToZQvuZ38mSIpFseLM1IkgabRIrAmat5SBNGGy9Dqa0eMEa7bwIY/4CMB1y6HMTnaoMXA6cnQfHMoB/zyTZ6oTXIeqeOyiZsK+RN0Mvahj8mXi7dw== giulio@giulio-X230"];
hostname = "giupi";
in { in {
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
@ -15,7 +15,6 @@ in {
../../variables.nix ../../variables.nix
../../common.nix ../../common.nix
../../users.nix ../../users.nix
./firewall.nix
]; ];
variables.hostname = hostname; variables.hostname = hostname;
@ -24,7 +23,7 @@ in {
users.users.giulio.openssh.authorizedKeys.keys = pubkeys; users.users.giulio.openssh.authorizedKeys.keys = pubkeys;
boot = { boot = {
kernelParams = ["ip=${giupi_lan_ip}::10.0.0.1:255.255.255.0::${wan_if}:off"]; kernelParams = ["ip=${lan_address}::10.0.0.1:255.255.255.0::enp5s0:off"];
initrd = { initrd = {
availableKernelModules = ["igc" "r8169"]; availableKernelModules = ["igc" "r8169"];
@ -32,8 +31,8 @@ in {
enable = true; enable = true;
ssh = { ssh = {
enable = true; enable = true;
port = 22; port = 2222;
hostKeys = [/boot/ssh_host_rsa_key]; hostKeys = [/boot/host_ecdsa_key];
authorizedKeys = pubkeys; authorizedKeys = pubkeys;
}; };
@ -54,12 +53,12 @@ in {
networking = { networking = {
hostName = hostname; hostName = hostname;
hostId = "49350853"; hostId = "49350853";
useDHCP = false; useDHCP = false;
defaultGateway = "10.0.0.1"; defaultGateway = "10.0.0.1";
interfaces = { interfaces = {
enp5s0.ipv4.addresses = [{ address = giupi_lan_ip; prefixLength = 24; }]; enp5s0.ipv4.addresses = [{ address = lan_address; prefixLength = 24; }];
enp6s0.useDHCP = false; enp6s0.useDHCP = false;
wlp4s0.useDHCP = false; wlp4s0.useDHCP = false;
}; };
@ -67,31 +66,31 @@ in {
# 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost # 127.0.0.1 ${hostname}.devs.giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io giupyter.giugl.io irc.giugl.io localhost
# #
## LAN ## LAN
#${giupi_lan_ip} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io #${lan_address} ${hostname}.devs.giugl.io giugl.io jf.giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
# #
# 10.0.0.1 router.devs.giugl.io # 10.0.0.1 router.devs.giugl.io
# ${dvr_ip} dvr.devs.giugl.io # 10.0.0.2 dvr.devs.giugl.io
# ${nas_ip} nas.devs.giugl.io # 10.0.0.3 nas.devs.giugl.io
# #
## Wireguard hosts ## Wireguard hosts
# ${giupi_wg_ip} ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io # 10.3.0.1 ${hostname}.devs.giugl.io jf.giugl.io giugl.io yt.giugl.io s3.giugl.io synclounge.giugl.io htson.giugl.io htrad.giugl.io htnzb.giugl.io httra.giugl.io todo.giugl.io giupyter.giugl.io collabora.giugl.io htjak.giugl.io irc.giugl.io
# ${galuminum-wg} galuminum.devs.giugl.io # 10.3.0.2 galuminum.devs.giugl.io
# ${oneplus-wg} oneplus.devs.giugl.io # 10.3.0.3 oneplus.devs.giugl.io
# ${ipad-wg} ipad.devs.giugl.io # 10.3.0.4 ipad.devs.giugl.io
# ${manduria-wg} manduria.devs.giugl.io # 10.3.0.5 manduria.devs.giugl.io
# ${antonio-wg} antonio.devs.giugl.io # 10.3.0.6 antonio.devs.giugl.io
# ${gbeast-wg} gbeast.devs.giugl.io # 10.3.0.7 gbeast.devs.giugl.io
# ${parisaphone-wg} parisa-phone.devs.giugl.io # 10.3.0.8 parisa-phone.devs.giugl.io
# ${parisapc-wg} parisa-pc.devs.giugl.io # 10.3.0.9 parisa-pc.devs.giugl.io
# ${peppiniell-wg} peppiniell.devs.giugl.io # 10.3.0.10 peppiniell.devs.giugl.io
# ${padulino-wg} padulino.devs.giugl.io # 10.3.0.11 padulino.devs.giugl.io
# ${shield-wg} shield.devs.giugl.io # 10.3.0.12 shield.devs.giugl.io
# ${angelino-wg} angelino.devs.giugl.io # 10.3.0.13 angelino.devs.giugl.io
# ${pepos_one-wg} peposone.devs.giugl.io # 10.3.0.14 peposone.devs.giugl.io
# ${pepos_two-wg} pepostwo.devs.giugl.io # 10.3.0.15 pepostwo.devs.giugl.io
# ${eleonora-wg} eleonora.devs.giugl.io # 10.3.0.100 eleonora.devs.giugl.io
# ${broccolino-wg} broccolino.devs.giugl.io # 10.3.0.200 broccolino.devs.giugl.io
# ${hotpottino-wg} hotpottino.devs.giugl.io # 10.3.0.201 hotpottino.devs.giugl.io
# #
## Blacklist ## Blacklist
# 0.0.0.0 metrics.plex.tv # 0.0.0.0 metrics.plex.tv
@ -120,9 +119,16 @@ in {
environment.systemPackages = with pkgs; environment.systemPackages = with pkgs;
[ [
neovim
docker docker
htop
glances
git
home-manager
openiscsi openiscsi
wireguard wireguard
dnscrypt-proxy2
restic
]; ];
hardware = { hardware = {

16
hosts/giupi/firewall.nix
View File

@ -1,16 +0,0 @@
{config, ...} :
{
networking = {
# needed to use nftables
firewall.enable = false;
nat.enable = false;
nftables = {
enable = true;
ruleset = ''
'';
};
};
}

40
hosts/giupi/network.nix
View File

@ -1,40 +0,0 @@
rec {
# interfaces
wan_if = "enp5s0";
wg_if = "wg0";
# nets
lan_net = "10.0.0.0/24";
wg_net = "10.3.0.0/24";
external_lan_net = "192.168.1.0/24";
# ips
giupi_lan_ip = "10.0.0.8";
dvr_ip = "10.0.0.2";
nas_ip = "10.0.0.3";
giupi_wg_ip = "10.3.0.1";
galuminum-wg = "10.3.0.2";
oneplus-wg = "10.3.0.3";
ipad-wg = "10.3.0.4";
manduria-wg = "10.3.0.5";
antonio-wg = "10.3.0.6";
gbeast-wg = "10.3.0.7";
parisaphone-wg = "10.3.0.8";
parisapc-wg = "10.3.0.9";
peppiniell-wg = "10.3.0.10";
padulino-wg = "10.3.0.11";
shield-wg = "10.3.0.12";
angelino-wg = "10.3.0.13";
pepos_one-wg = "10.3.0.14";
pepos_two-wg = "10.3.0.15";
eleonora-wg = "10.3.0.100";
broccolino-wg = "10.3.0.200";
hotpottino-wg = "10.3.0.201";
# groups
gdevices-wg = [ galuminum-wg oneplus-wg ipad-wg gbeast-wg peppiniell-wg padulino-wg angelino-wg ];
routers-wg = [ hotpottino-wg broccolino-wg ];
c2c-wg = [ ] ++ gdevices-wg;
towan-wg = [ shield-wg parisaphone-wg parisapc-wg ] ++ gdevices-wg ++ routers-wg;
}

6
users.nix
View File

@ -28,10 +28,4 @@
home-manager.users.giulio = { home-manager.users.giulio = {
imports = [ ./home ]; imports = [ ./home ];
}; };
fileSystems."/home/giulio/Downloads" = {
device = "tmpfs";
fsType = "tmpfs";
options = ["size=3G"];
};
} }