summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--darwinConfigurations/mairon/default.nix25
-rw-r--r--flake.lock98
-rw-r--r--flake.nix30
-rw-r--r--modules/common/common/nix/default.nix1
-rw-r--r--modules/common/default.nix1
-rw-r--r--modules/common/emacs/default.nix5
-rw-r--r--modules/common/git.nix2
-rw-r--r--modules/common/openconnect.nix83
-rw-r--r--modules/nixos/beets.nix (renamed from modules/common/beets.nix)0
-rw-r--r--modules/nixos/default.nix3
-rw-r--r--modules/nixos/k3s.nix29
-rw-r--r--modules/nixos/murmur.nix28
-rw-r--r--modules/nixos/profiles/headful.nix22
-rw-r--r--nixosConfigurations/eonwe/default.nix18
-rw-r--r--nixosConfigurations/manwe/default.nix31
-rw-r--r--nixosConfigurations/varda/default.nix12
-rw-r--r--readme.org28
17 files changed, 178 insertions, 238 deletions
diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix
index 2fc9b39..9687120 100644
--- a/darwinConfigurations/mairon/default.nix
+++ b/darwinConfigurations/mairon/default.nix
@@ -1,26 +1,13 @@
-{
- lib,
- pkgs,
- this,
- ...
-}:
+{lib, ...}:
with lib; {
nixfiles.modules.vscode.enable = true;
# TODO Make this per-directory/per-remote.
- hm = {
- home.packages = with pkgs; [
- ansible
- ansible-lint
- logcli
- ];
-
- programs.git = {
- userName = mkForce "Firstname Lastname";
- userEmail = mkForce "username@work.com";
- signing.key = mkForce "@PGP_KEY@";
- extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:";
- };
+ hm.programs.git = {
+ userName = mkForce "Firstname Lastname";
+ userEmail = mkForce "username@work.com";
+ signing.key = mkForce "@PGP_KEY@";
+ extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:";
};
networking = {
diff --git a/flake.lock b/flake.lock
index b13d15f..3f35797 100644
--- a/flake.lock
+++ b/flake.lock
@@ -299,11 +299,11 @@
]
},
"locked": {
- "lastModified": 1676599101,
- "narHash": "sha256-CKS6UsOGhoNxGDBt9wyFiWHvtng/+BMAJ4G8ahhe1DE=",
+ "lastModified": 1677969766,
+ "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "de657061b13cf329c57a1a9730a5049a971b40b3",
+ "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
"type": "github"
},
"original": {
@@ -332,17 +332,18 @@
"97.0": "97.0",
"98.0": "98.0",
"99.0": "99.0",
+ "flake-compat": "flake-compat",
"master": "master",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1676708317,
- "narHash": "sha256-QqJqtLcDPFGhOg1v9EJzs2H7G/g3IKtewnhRgNpKy5U=",
+ "lastModified": 1676881905,
+ "narHash": "sha256-Im/KQhk3fJouLmIjUQnEU88mJTwqo9QBx9x2KHARyHo=",
"owner": "dwarfmaster",
"repo": "arkenfox-nixos",
- "rev": "fd696871bf40bb7c4c8b3994124d66a459850780",
+ "rev": "b44010831ee47f80327e4f17c3a21e86d3bea8fa",
"type": "github"
},
"original": {
@@ -430,31 +431,23 @@
"type": "github"
}
},
- "emacs-overlay": {
- "inputs": {
- "flake-utils": [
- "flake-utils"
- ],
- "nixpkgs": [
- "nixpkgs"
- ]
- },
+ "flake-compat": {
+ "flake": false,
"locked": {
- "lastModified": 1676830175,
- "narHash": "sha256-y3Z7+FRPPln6Ok3Grhp0puC8vMMvE7JrKRsZKixw7o4=",
- "owner": "nix-community",
- "repo": "emacs-overlay",
- "rev": "ea14c62958d96e0f7cfead9d09e097b1891bf7c4",
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
- "owner": "nix-community",
- "ref": "master",
- "repo": "emacs-overlay",
+ "owner": "edolstra",
+ "repo": "flake-compat",
"type": "github"
}
},
- "flake-compat": {
+ "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -535,11 +528,11 @@
]
},
"locked": {
- "lastModified": 1676367705,
- "narHash": "sha256-un5UbRat9TwruyImtwUGcKF823rCEp4fQxnsaLFL7CM=",
+ "lastModified": 1678271387,
+ "narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "da72e6fc6b7dc0c3f94edbd310aae7cd95c678b5",
+ "rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"type": "github"
},
"original": {
@@ -584,11 +577,11 @@
"master": {
"flake": false,
"locked": {
- "lastModified": 1674781645,
- "narHash": "sha256-NGp5BLOQmiXsUh9nrXP+PeVXyK1c8Ij5EnwtFXAkD9w=",
+ "lastModified": 1675728165,
+ "narHash": "sha256-ebSx6DaXoGKcCoK6UcDnWvdAW6J2X6pJRPD1Pw7UNOw=",
"owner": "arkenfox",
"repo": "user.js",
- "rev": "b99dd27de828be13530ce2f48c9178d34f5f82ab",
+ "rev": "73884850632ffe284f76881786f7d5903b917f58",
"type": "github"
},
"original": {
@@ -607,11 +600,11 @@
]
},
"locked": {
- "lastModified": 1676598621,
- "narHash": "sha256-635t9QFKNayo9QXamGBkvh3MbNPjkoRYrIYKz/mg720=",
+ "lastModified": 1678154054,
+ "narHash": "sha256-yFQwkmWZgQrcgHagP/7HP/Vg2/h6JfZuAs7AhbEsCMc=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
- "rev": "60301861c5ea5d33ab6d4d06fd4d013ddb245b0e",
+ "rev": "8118891606aa521d2c8f87da25d2a769c356eb4a",
"type": "github"
},
"original": {
@@ -623,11 +616,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1675933606,
- "narHash": "sha256-y427VhPQHOKkYvkc9MMsL/2R7M11rQxzsRdRLM3htx8=",
+ "lastModified": 1678095239,
+ "narHash": "sha256-4F6jovFJcwh6OkMsY94ZrHdrvVqZi1FX5pYv6V9LIQw=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "44ae00e02e8036a66c08f4decdece7e3bbbefee2",
+ "rev": "f6610997b0fc5ea5f9e142c348fca27497efe1c7",
"type": "github"
},
"original": {
@@ -639,11 +632,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1676549890,
- "narHash": "sha256-sq/WcOEAl7gWrrfGkWdnyYazRyTf+enEim/o6LOQzI8=",
+ "lastModified": 1678237502,
+ "narHash": "sha256-J4cAbmC9RK+Jus3U88WaxkTsnNlZSroE2xZ9A0rSxL4=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "8c66bd1b68f4708c90dcc97c6f7052a5a7b33257",
+ "rev": "1eeea1f1922fb79a36008ba744310ccbf96130e2",
"type": "github"
},
"original": {
@@ -655,11 +648,11 @@
},
"nixpkgs-master": {
"locked": {
- "lastModified": 1676662455,
- "narHash": "sha256-paR22nF+MrW/iPqtf3EvSsQLkzNh+hftvclG9qif8gA=",
+ "lastModified": 1678280833,
+ "narHash": "sha256-0SPxdBYly0eL+CY/z4HjGqAjAfh9evtvTLsqKnS2prk=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "505feabc489e0ddb074f444ac0b1fc792c8da4a8",
+ "rev": "e40b5250ab10f98a5343d78e2c6c83db6a6c4bec",
"type": "github"
},
"original": {
@@ -671,11 +664,11 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1676656495,
- "narHash": "sha256-ON7OvLv+U+hXPVfaQG4Ku1d1PWO+ffU7C8SvR8ByxYk=",
+ "lastModified": 1678266329,
+ "narHash": "sha256-rawge6yca5wvm+vcBB0pTp2q1Bf5Nc2Lk05dP7W+Q1E=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "8a3f39ad8c03aa91f7de41ea5d854d0a985e0e9b",
+ "rev": "1e56d76f106e626764ee91785fe32b2342cc836e",
"type": "github"
},
"original": {
@@ -721,11 +714,11 @@
},
"nur": {
"locked": {
- "lastModified": 1676658325,
- "narHash": "sha256-s+SFI821NUXxuQqnVeBmHq1tEH5Mg1pYmrlDnxJ8PAo=",
+ "lastModified": 1678286808,
+ "narHash": "sha256-jC/AwS4HmeV255+tYRFOTkC0+sLGUSQFgNV98HjQYvE=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "10c6c5d9b3df8177472b5243ed8d9760f5316174",
+ "rev": "fc66688b4a56184061191482536f1d8de3aea462",
"type": "github"
},
"original": {
@@ -777,11 +770,11 @@
]
},
"locked": {
- "lastModified": 1676513100,
- "narHash": "sha256-MK39nQV86L2ag4TmcK5/+r1ULpzRLPbbfvWbPvIoYJE=",
+ "lastModified": 1677832802,
+ "narHash": "sha256-XQf+k6mBYTiQUjWRf/0fozy5InAs03O1b30adCpWeXs=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
- "rev": "5f0cba88ac4d6dd8cad5c6f6f1540b3d6a21a798",
+ "rev": "382bee738397ca005206eefa36922cc10df8a21c",
"type": "github"
},
"original": {
@@ -798,8 +791,7 @@
"azahi-cc": "azahi-cc",
"darwin": "darwin",
"dns-nix": "dns-nix",
- "emacs-overlay": "emacs-overlay",
- "flake-compat": "flake-compat",
+ "flake-compat": "flake-compat_2",
"flake-registry": "flake-registry",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
diff --git a/flake.nix b/flake.nix
index e5bd0b9..a9e0c30 100644
--- a/flake.nix
+++ b/flake.nix
@@ -77,36 +77,6 @@
ref = "master";
};
- emacs-overlay = {
- type = "github";
- owner = "nix-community";
- repo = "emacs-overlay";
- ref = "master";
- inputs = {
- flake-utils.follows = "flake-utils";
- nixpkgs.follows = "nixpkgs";
- };
- };
-
- # Waiting for patches[1]. Currently, the new profile feature breaks
- # everything and I don't want to spend 12 hours debugging this shit.
- #
- # [1]: https://github.com/nix-community/nix-doom-emacs/pull/316
- # nix-doom-emacs = {
- # # type = "path";
- # # path = "/home/azahi/src/nix-doom-emacs";
- # type = "github";
- # owner = "nix-community";
- # repo = "nix-doom-emacs";
- # ref = "master";
- # inputs = {
- # flake-compat.follows = "flake-compat";
- # emacs-overlay.follows = "emacs-overlay";
- # flake-utils.follows = "flake-utils";
- # nixpkgs.follows = "nixpkgs";
- # };
- # };
-
arkenfox-nixos = {
type = "github";
owner = "dwarfmaster";
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index 378cd36..9f80838 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -130,7 +130,6 @@ with lib; {
tor-browser = tor-browser-bundle-bin;
}))
agenix.overlays.default
- emacs-overlay.overlay
nur.overlay
];
diff --git a/modules/common/default.nix b/modules/common/default.nix
index e6040cd..b722cae 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -3,7 +3,6 @@ _: {
./alacritty.nix
./aria2.nix
./bat.nix
- ./beets.nix
./chromium.nix
./common
./curl.nix
diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix
index 268d77d..2dbe53f 100644
--- a/modules/common/emacs/default.nix
+++ b/modules/common/emacs/default.nix
@@ -46,6 +46,7 @@ in {
asmfmt # :editor format
bash-language-server # :lang (sh +lsp)
clang-tools # :lang (cc +lsp) :editor format
+ cmake # :term vterm
cmake-format # :lang cc :editor format
cmigemo # :lang japanese
css-language-server # :lang (web +lsp)
@@ -53,6 +54,7 @@ in {
dockerfile-language-server # :tools (docker +lsp)
editorconfig # :tools editorconfig
fd # doom!
+ gcc # :tools magit :term vterm
gnuplot # :lang (org +gnuplot)
gnutls # doom!
go-language-server # :lang (go +lsp)
@@ -65,6 +67,7 @@ in {
html-tidy # :lang web
jre # :lang plantuml
json-language-server # :lang (json +lsp)
+ libtool # :term vterm
nix-language-server # :lang (nix +lsp)
nixfmt # :lang nix :editor format
nodePackages.eslint # :lang (json +lsp)
@@ -73,6 +76,7 @@ in {
nodePackages.stylelint # :lang web
nodejs # :tools debugger
pandoc # :lang org markdown latex
+ perl # term vterm
pinentry-emacs # doom!
pre-commit # :tools magit
ripgrep # doom!
@@ -175,7 +179,6 @@ in {
programs.emacs = {
enable = true;
package = pkgs.emacs28; # Pin to avoid surprises.
- extraPackages = p: with p; [vterm];
};
};
};
diff --git a/modules/common/git.nix b/modules/common/git.nix
index c3ebafc..ce4e505 100644
--- a/modules/common/git.nix
+++ b/modules/common/git.nix
@@ -68,6 +68,8 @@ in {
};
init.defaultBranch = "master";
status.submoduleSummary = true;
+ github.user = my.username;
+ gitlab.user = my.username;
}
// mapAttrs'
(n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) {
diff --git a/modules/common/openconnect.nix b/modules/common/openconnect.nix
deleted file mode 100644
index 936c9d1..0000000
--- a/modules/common/openconnect.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib; let
- cfg = config.nixfiles.modules.openconnect;
-in {
- options.nixfiles.modules.openconnect.enable =
- mkEnableOption "OpenConnect VPN";
-
- config = mkIf cfg.enable {
- assertions = [
- {
- assertion = config.networking.networkmanager.enable;
- message = "NetworkManager is required";
- }
- ];
-
- # Spent three days trying to make this work but still getting "No SSO
- # handler" even on the HEAD version that 100% has SSO support baked in.
- # It's all so tiresome[1]... aaand KDE is not supported[2].
- #
- # I fucking hate AnyConnect, truly an example of how shit is is non-free
- # software. SAML also sucks balls. I also hate my company for using this
- # shit, guess I have no other choice but to use the absolute dogshit laptop
- # they gave me.
- #
- # [1]: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect
- # [1]: https://gitlab.com/openconnect/openconnect/-/issues/424
- # [2]: https://groups.google.com/g/linux.debian.bugs.dist/c/lK8u-LMY7n4
- # [2]: https://bugs.kde.org/show_bug.cgi?id=448153
-
- networking.networkmanager.plugins = with pkgs; [
- ((networkmanager-openconnect.override {
- withGnome = false;
- openconnect = openconnect.overrideAttrs (_: _: {
- version = "unstable-2022-10-23";
- src = fetchFromGitLab {
- owner = "openconnect";
- repo = "openconnect";
- rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae";
- hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM=";
- };
- });
- })
- .overrideAttrs (_: super: {
- version = "unstable-2022-09-10";
- src = fetchFromGitLab {
- domain = "gitlab.gnome.org";
- owner = "GNOME";
- repo = "NetworkManager-openconnect";
- rev = "3c1590786518e9acca33c250660ad21cae565acd";
- hash = "sha256-YTUN46QHsHkXPAhImPG/MMLMqjlSRknapVO8u43nnWk=";
- };
- buildInputs =
- super.buildInputs
- ++ [
- (webkitgtk_4_1.override {
- inherit (gnome) libsoup;
- })
- ];
- nativeBuildInputs =
- super.nativeBuildInputs
- ++ [
- autoreconfHook
- ];
- postPatch = ''
- substituteInPlace configure.ac \
- --replace "PKG_CHECK_MODULES(LIBSECRET, libsecret-1 >= 0.18)" ""
- '';
- preAutoreconf = ''
- autoupdate
- '';
- preConfigure = ''
- NOCONFIGURE=x ./autogen.sh
- touch gtk4/nm-openconnect-dialog.ui
- '';
- }))
- ];
- };
-}
diff --git a/modules/common/beets.nix b/modules/nixos/beets.nix
index 83cbff1..83cbff1 100644
--- a/modules/common/beets.nix
+++ b/modules/nixos/beets.nix
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 850d93e..8ac9a29 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -3,6 +3,7 @@ _: {
./acme.nix
./alertmanager.nix
./android.nix
+ ./beets.nix
./bluetooth.nix
./common
./discord.nix
@@ -21,6 +22,7 @@ _: {
./grafana.nix
./hydra.nix
./ipfs.nix
+ ./k3s.nix
./kde.nix
./libvirtd.nix
./lidarr.nix
@@ -29,6 +31,7 @@ _: {
./matrix
./monitoring
./mpd.nix
+ ./murmur.nix
./nextcloud.nix
./nginx.nix
./node-exporter.nix
diff --git a/modules/nixos/k3s.nix b/modules/nixos/k3s.nix
new file mode 100644
index 0000000..dcbd052
--- /dev/null
+++ b/modules/nixos/k3s.nix
@@ -0,0 +1,29 @@
+{
+ config,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.k3s;
+in {
+ options.nixfiles.modules.k3s = {
+ enable = mkEnableOption "K3s";
+ };
+
+ config = mkIf cfg.enable {
+ ark.directories = [
+ "/etc/rancher/k3s"
+ "/var/lib/rancher/k3s"
+ ];
+
+ services.k3s = {
+ enable = true;
+ role = "server";
+ };
+
+ systemd.services.k3s.environment = {
+ K3S_KUBECONFIG_OUTPUT = "/etc/rancher/k3s/k3s.yaml";
+ K3S_KUBECONFIG_MODE = "600";
+ };
+ };
+}
diff --git a/modules/nixos/murmur.nix b/modules/nixos/murmur.nix
new file mode 100644
index 0000000..cbd90d4
--- /dev/null
+++ b/modules/nixos/murmur.nix
@@ -0,0 +1,28 @@
+{
+ config,
+ inputs,
+ lib,
+ ...
+}:
+with lib; let
+ cfg = config.nixfiles.modules.murmur;
+in {
+ options.nixfiles.modules.murmur.enable = mkEnableOption "Murmur";
+
+ config = mkIf cfg.enable {
+ secrets.murmur-environment = {
+ file = "${inputs.self}/secrets/murmur-environment";
+ owner = "murmur";
+ group = "murmur";
+ };
+
+ services.murmur = {
+ enable = true;
+ openFirewall = true;
+ logDays = -1;
+ registerName = mkDefault my.domain.shire;
+ password = "$MURMUR_PASSWORD";
+ environmentFile = config.secrets."murmur-environment".path;
+ };
+ };
+}
diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix
index d0ca777..67bec29 100644
--- a/modules/nixos/profiles/headful.nix
+++ b/modules/nixos/profiles/headful.nix
@@ -22,6 +22,7 @@ in {
home.packages = with pkgs; [
calibre
imv
+ mumble
neochat
tdesktop
tor-browser
@@ -33,18 +34,15 @@ in {
boot = {
kernelPackages = mkDefault pkgs.linuxPackages_latest;
- # There are (arguably) not a lot of reasons to keep mitigations enabled
- # for on machine that is not web-facing. First of all, to completely
- # mitigate any possible Spectre holes one would need to disable
- # Hyperthreading altogether which will essentially put one's computer into
- # the stone age by not being able to to effectively utilise multi-core its
- # multicore capabilities. Secondly, by enabling mitigations, we introduce
- # a plethora of performance overheads[1], which, albeit small, but still
- # contribute to the overall speed of things. This is however still poses a
- # security risk, which I am willing to take.
- #
- # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
- kernelParams = ["mitigations=off"];
+ kernelParams = [
+ # https://wiki.archlinux.org/title/improving_performance#Watchdogs
+ "nowatchdog"
+ "kernel.nmi_watchdog=0"
+ # A security risk I'm willing to take for a reason[1].
+ #
+ # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11
+ "mitigations=off"
+ ];
loader = {
efi.canTouchEfiVariables = true;
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index a5a07ab..f66478d 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -59,13 +59,17 @@ with lib; {
# some patching and whatnot.
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
- # Silence benign MCE errors:
- # ```
- # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
- # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
- # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
- # ```
- kernelParams = ["mce=nobootlog"];
+ kernelParams = [
+ # Silence benign MCE errors:
+ # ```
+ # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff
+ # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff
+ # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201
+ # ```
+ "mce=nobootlog"
+ # Required for Hogwats Legacy.
+ "clearcpuid=514"
+ ];
# The boot drive is Samsung SSD 980 PRO 2TB.
initrd.kernelModules = ["nvme"];
diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index 12d929e..a47cd88 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,5 +1,6 @@
{
config,
+ inputs,
lib,
...
}:
@@ -34,6 +35,7 @@ with lib; {
enable = true;
domain = my.domain.azahi;
};
+ murmur.enable = true;
radicale.enable = true;
rss-bridge.enable = true;
shadowsocks.enable = true;
@@ -44,6 +46,35 @@ with lib; {
vaultwarden.enable = true;
};
+ # To play old LAN games with the boys.
+ secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
+ networking = mkIf config.nixfiles.modules.wireguard.server.enable {
+ wireguard.interfaces.wg70 = {
+ ips = ["10.70.0.1/16"];
+ listenPort = 7070;
+ privateKeyFile = config.secrets."wireguard-private-key-70".path;
+ peers = [
+ {
+ publicKey = "@PUBLIC_KEY@";
+ allowedIPs = ["10.70.1.1/32"];
+ }
+ {
+ publicKey = "@PUBLIC_KEY@";
+ allowedIPs = ["10.70.1.2/32"];
+ }
+ {
+ publicKey = "@PUBLIC_KEY@";
+ allowedIPs = ["10.70.1.3/32"];
+ }
+ {
+ publicKey = "@PUBLIC_KEY@";
+ allowedIPs = ["10.70.1.4/32"];
+ }
+ ];
+ };
+ firewall.allowedUDPPorts = [7070];
+ };
+
boot = {
loader.grub = {
enable = true;
diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix
index ea1dc3c..340ea8b 100644
--- a/nixosConfigurations/varda/default.nix
+++ b/nixosConfigurations/varda/default.nix
@@ -5,10 +5,7 @@ with lib; {
acme.enable = true;
- games.minecraft.server = {
- enable = false; # Disabled because no one is playing now.
- memory = "6G";
- };
+ k3s.enable = true;
};
boot = {
@@ -47,13 +44,6 @@ with lib; {
}
];
- # TODO
- services.k3s = {
- enable = false;
- role = "server";
- extraFlags = "--disable traefik";
- };
-
zramSwap = {
enable = true;
memoryPercent = 25;
diff --git a/readme.org b/readme.org
index 01cd869..82127a6 100644
--- a/readme.org
+++ b/readme.org
@@ -1,34 +1,22 @@
-#+options: ':t *:t -:t ::t <:t H:3 \n:nil ^:t arch:headline author:t
-#+options: broken-links:nil c:nil creator:nil d:(not "LOGBOOK") date:t e:t
-#+options: email:nil f:t inline:t num:nil p:nil pri:nil prop:nil stat:t tags:t
-#+options: tasks:t tex:t timestamp:t title:t toc:t todo:t |:t
#+title: nixfiles
-#+date: <2022-03-08 Tue>
#+author: Azat Bahawi
#+email: azat@bahawi.net
#+language: en
-#+select_tags: export
-#+exclude_tags: noexport
-#+creator: Emacs 27.2 (Org mode 9.5)
-An [[https://en.wikipedia.org/wiki/Infrastructure_as_code][IaC]] recipe for my digital infrastructure. An evolution of the [[https://github.com/azahi/dotfiles][dotfiles]] thingy
+An [[https://en.wikipedia.org/wiki/Infrastructure_as_code][IaC]] recipe for my digital infrastructure. An evolution of the [[https://git.azahi.cc/dotfiles][dotfiles]] thingy
I had going for several years.
-If you stumbled across this repository on GitHub, GitLab and such, the version
-you are currently looking at is a /stripped/ down rendition of the actual
-*nixfiles* where IP addresses, domain names, secrets and other sensitive
-information was removed or replaced with gibberish. This is done so that you can
-get a general understanding of how stuff is made without me spilling the beans
-too much... pls no pwn.
+If you stumbled across this repository online, the version you are currently
+looking at is a /stripped/ down rendition of the /actual/ *nixfiles* where IP
+addresses, domain names, secrets and other sensitive information was removed or
+replaced with gibberish. This is done so that you can get a general
+understanding of how stuff is defined without me spilling the beans too much...
+pls no pwn.
If you are looking to get into declarative configuration management with [[https://nixos.org][NixOS]],
I /highly/ suggest to take this repository /only/ as a reference and not just
mindlessly copy-paste everything.
-For help, reach out directly to [[https://azahi.cc][me]], or come by /#nixos/ over at [[https://libera.chat][Libera.Chat]] or
-join the official NixOS Matrix [[https://matrix.to/#/#community:nixos.org][server]]. Для русскоязычной поддержки есть
-неофициальный Telegram [[https://t.me/ru_nixos][канал]].
-
* Inspiration and Credits
Big thanks to everyone involved with [[https://github.com/NixOS][Nix/NixOS/Nixpkgs]] and everything around
@@ -42,4 +30,4 @@ project:
- [[https://github.com/grahamc/nixos-config][grahamc]]
- [[https://github.com/gytis-ivaskevicius/nixfiles][gytis-ivaskevicius]]
- [[https://github.com/hlissner/dotfiles][hlissner]]
-- [[https://github.com/ncfavier/config][ncfavier]] (Also big thanks for shilling and helping out)
+- [[https://github.com/ncfavier/config][ncfavier]]
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 02:50:55 +0000