diff --git a/configurations/default.nix b/configurations/default.nix
index cc160e9..312ca9f 100644
--- a/configurations/default.nix
+++ b/configurations/default.nix
@@ -90,6 +90,15 @@ mapAttrs' mkConfiguration (
srvos.nixosModules.server
];
+ tulkas.modules = with inputs; [
+ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
+ disko.nixosModules.disko
+ nixos-hardware.nixosModules.common-cpu-amd
+ nixos-hardware.nixosModules.common-pc-ssd
+ nixpkgs.nixosModules.notDetected
+ srvos.nixosModules.server
+ ];
+
yavanna.modules = with inputs; [
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
nixos-hardware.nixosModules.common-cpu-intel
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix
index 337a43e..f9cb2be 100644
--- a/configurations/manwe/default.nix
+++ b/configurations/manwe/default.nix
@@ -8,14 +8,14 @@ with lib;
imports = attrValues (modulesIn ./.);
nixfiles.modules = {
+ wireguard.server.enable = true;
+
nsd = {
enable = true;
fqdn = "ns1.${config.networking.domain}";
};
unbound.enable = true;
- wireguard.server.enable = true;
-
acme.enable = true;
monitoring.enable = true;
diff --git a/configurations/tulkas/default.nix b/configurations/tulkas/default.nix
new file mode 100644
index 0000000..c4ab860
--- /dev/null
+++ b/configurations/tulkas/default.nix
@@ -0,0 +1,62 @@
+{ lib, this, ... }:
+with lib;
+{
+ imports = attrValues (modulesIn ./.);
+
+ nixfiles.modules = {
+ wireguard.client.enable = true;
+ };
+
+ services.qemuGuest.enable = true;
+
+ systemd.network.networks."40-eth0" = {
+ addresses = [
+ {
+ Address = this.ipv4.address;
+ Broadcast = true;
+ }
+ ];
+ routes = [
+ {
+ Gateway = this.ipv4.gatewayAddress;
+ GatewayOnLink = true;
+ }
+ ];
+ };
+
+ boot.loader.systemd-boot.enable = true;
+
+ disko.devices.disk.vda = {
+ device = "/dev/vda";
+ type = "disk";
+ content = {
+ type = "gpt";
+ partitions = {
+ esp = {
+ name = "ESP";
+ type = "EF00";
+ size = "512M";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ };
+ };
+ root = {
+ size = "100%";
+ content = {
+ type = "filesystem";
+ format = "xfs";
+ mountpoint = "/";
+ mountOptions = [ "noatime" ];
+ };
+ };
+ };
+ };
+ };
+
+ zramSwap = {
+ enable = true;
+ memoryPercent = 50;
+ };
+}
diff --git a/flake.lock b/flake.lock
index 68ca139..e2be2b8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -826,11 +826,11 @@
},
"nixpkgs-amneziawg": {
"locked": {
- "lastModified": 1732098616,
- "narHash": "sha256-AK/xeDhbE6OI51K6GHmd7jo6HjfkJmewM3w/gmYbVzM=",
+ "lastModified": 1733085004,
+ "narHash": "sha256-pskW7udXL6KssMYlBR7cxSLPzqLMrZWgel98dKEgKPs=",
"owner": "azahi",
"repo": "nixpkgs",
- "rev": "747f9c0752aeeee883c5bd6e9b064fa64ced5fbd",
+ "rev": "ba3f8e26212ff64cc96a4c1932d91bd18eb87757",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 87ab0d0..27411e5 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,7 +12,7 @@
flake-parts.url = "github:hercules-ci/flake-parts";
- # TODO Upstream this?
+ # TODO https://github.com/NixOS/nixpkgs/pull/360866
nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg";
nixos-hardware.url = "github:NixOS/nixos-hardware";
diff --git a/lib/my.nix b/lib/my.nix
index c8f9d3d..b60d980 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -254,6 +254,29 @@ with lib;
syncthing.id = "@SYNCTHING_ID@";
};
+ # VPS in Russia.
+ tulkas = {
+ stateVersion = "24.05";
+ deviceIcon = "devices.cloud-server";
+ system = "x86_64-linux";
+ isHeadless = true;
+ ipv4 = {
+ gatewayAddress = "@IPV4_ADDRESS@";
+ address = "@IPV4_ADDRESS@";
+ prefixLength = 32;
+ };
+ ipv6 = {
+ gatewayAddress = "@IPV6_ADDRESS@";
+ address = "@IPV6_ADDRESS@";
+ prefixLength = 64;
+ };
+ wireguard = {
+ ipv4.address = "10.69.0.4";
+ ipv6.address = "fd69::0:4";
+ publicKey = "@PUBLIC_KEY@";
+ };
+ };
+
# A beefy desktop: 7950x/rx6750xt/128GB.
eonwe = {
stateVersion = "24.05";
diff --git a/modules/common/networking.nix b/modules/common/networking.nix
index d7baa6c..468bd8b 100644
--- a/modules/common/networking.nix
+++ b/modules/common/networking.nix
@@ -97,17 +97,8 @@ in
}
)
(lib.mkIf this.isHeadful {
- interfaces.eth0.useDHCP = lib.mkDefault true;
-
networkmanager = {
- enable = lib.mkDefault true;
- unmanaged = [
- "type:amneziawg"
- "type:bridge"
- "type:ethernet"
- "type:loopback"
- "type:wireguard"
- ];
+ enable = true;
plugins = lib.mkForce [ ];
wifi.backend = "iwd";
};
diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix
index 62fe521..d926971 100644
--- a/modules/games/lutris.nix
+++ b/modules/games/lutris.nix
@@ -22,10 +22,12 @@ in
(lutris.override {
extraPkgs = _: [
vkBasalt
- wine
+ wine-staging
winetricks
];
})
+ wine-staging
+ winetricks
];
};
}
diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix
index 6e5b782..a3e57d3 100644
--- a/modules/monitoring/default.nix
+++ b/modules/monitoring/default.nix
@@ -166,6 +166,7 @@ in
promtail = {
hosts = [
manwe
+ tulkas
varda
yavanna
];
@@ -182,6 +183,7 @@ in
endlessh-go = {
hosts = [
manwe
+ tulkas
varda
yavanna
];
@@ -197,6 +199,7 @@ in
node = {
hosts = [
manwe
+ tulkas
varda
yavanna
];
diff --git a/modules/nsd.nix b/modules/nsd.nix
index 1399b5d..acf7e27 100644
--- a/modules/nsd.nix
+++ b/modules/nsd.nix
@@ -134,6 +134,8 @@ in
subdomains = rec {
manwe = ips "manwe";
"*.manwe" = manwe;
+ tulkas = ips "tulkas";
+ "*.tulkas" = tulkas;
varda = ips "varda";
"*.varda" = varda;
yavanna = ips "yavanna";
diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix
index bc761f5..4d85168 100644
--- a/modules/profiles/dev/default.nix
+++ b/modules/profiles/dev/default.nix
@@ -59,6 +59,7 @@ in
packages = with pkgs; [
age
+ dbeaver-bin
distrobox
google-cloud-sdk
htmlq
@@ -71,6 +72,7 @@ in
nixpkgs-review
scaleway-cli
sops
+ sqlitebrowser
toolbox
vultr-cli
yq
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index dcd7858..5138946 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -20,6 +20,14 @@ let
${resolvectl} dnssec ${cfg.interface} no
${resolvectl} dnsovertls ${cfg.interface} no
'';
+
+ extraOptions = {
+ jc = 228;
+ jmin = 42;
+ jmax = 420;
+ s1 = 69;
+ s2 = 96;
+ };
in
{
disabledModules = [
@@ -149,13 +157,7 @@ in
"${ipv4.address}/16"
"${ipv6.address}/16"
];
- extraInterfaceConfig = ''
- jc = 228
- jmin = 42
- jmax = 420
- s1 = 69
- s2 = 96
- '';
+ inherit extraOptions;
})
(with cfg.server; {
peers = [
@@ -221,17 +223,8 @@ in
"${ipv4.address}/16"
];
listenPort = port;
- inherit peers;
- postSetup =
- DNSSetup
- + ''
- awg set ${cfg.interface} \
- jc 228 \
- jmin 42 \
- jmax 420 \
- s1 69 \
- s2 96
- '';
+ inherit peers extraOptions;
+ postSetup = DNSSetup;
allowedIPsAsRoutes = false;
};
};
|
