From 0df7936405dd7cfa1ed518441a154b03f1aa57bc Mon Sep 17 00:00:00 2001 From: azahi Date: Mon, 2 Dec 2024 01:13:53 +0300 Subject: 2024-12-02 --- configurations/default.nix | 9 ++++++ configurations/manwe/default.nix | 4 +-- configurations/tulkas/default.nix | 62 +++++++++++++++++++++++++++++++++++++++ flake.lock | 6 ++-- flake.nix | 2 +- lib/my.nix | 23 +++++++++++++++ modules/common/networking.nix | 11 +------ modules/games/lutris.nix | 4 ++- modules/monitoring/default.nix | 3 ++ modules/nsd.nix | 2 ++ modules/profiles/dev/default.nix | 2 ++ modules/wireguard.nix | 29 +++++++----------- 12 files changed, 122 insertions(+), 35 deletions(-) create mode 100644 configurations/tulkas/default.nix diff --git a/configurations/default.nix b/configurations/default.nix index cc160e9..312ca9f 100644 --- a/configurations/default.nix +++ b/configurations/default.nix @@ -90,6 +90,15 @@ mapAttrs' mkConfiguration ( srvos.nixosModules.server ]; + tulkas.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + disko.nixosModules.disko + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + srvos.nixosModules.server + ]; + yavanna.modules = with inputs; [ "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" nixos-hardware.nixosModules.common-cpu-intel diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix index 337a43e..f9cb2be 100644 --- a/configurations/manwe/default.nix +++ b/configurations/manwe/default.nix @@ -8,14 +8,14 @@ with lib; imports = attrValues (modulesIn ./.); nixfiles.modules = { + wireguard.server.enable = true; + nsd = { enable = true; fqdn = "ns1.${config.networking.domain}"; }; unbound.enable = true; - wireguard.server.enable = true; - acme.enable = true; monitoring.enable = true; diff --git a/configurations/tulkas/default.nix b/configurations/tulkas/default.nix new file mode 100644 index 0000000..c4ab860 --- /dev/null +++ b/configurations/tulkas/default.nix @@ -0,0 +1,62 @@ +{ lib, this, ... }: +with lib; +{ + imports = attrValues (modulesIn ./.); + + nixfiles.modules = { + wireguard.client.enable = true; + }; + + services.qemuGuest.enable = true; + + systemd.network.networks."40-eth0" = { + addresses = [ + { + Address = this.ipv4.address; + Broadcast = true; + } + ]; + routes = [ + { + Gateway = this.ipv4.gatewayAddress; + GatewayOnLink = true; + } + ]; + }; + + boot.loader.systemd-boot.enable = true; + + disko.devices.disk.vda = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + esp = { + name = "ESP"; + type = "EF00"; + size = "512M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "xfs"; + mountpoint = "/"; + mountOptions = [ "noatime" ]; + }; + }; + }; + }; + }; + + zramSwap = { + enable = true; + memoryPercent = 50; + }; +} diff --git a/flake.lock b/flake.lock index 68ca139..e2be2b8 100644 --- a/flake.lock +++ b/flake.lock @@ -826,11 +826,11 @@ }, "nixpkgs-amneziawg": { "locked": { - "lastModified": 1732098616, - "narHash": "sha256-AK/xeDhbE6OI51K6GHmd7jo6HjfkJmewM3w/gmYbVzM=", + "lastModified": 1733085004, + "narHash": "sha256-pskW7udXL6KssMYlBR7cxSLPzqLMrZWgel98dKEgKPs=", "owner": "azahi", "repo": "nixpkgs", - "rev": "747f9c0752aeeee883c5bd6e9b064fa64ced5fbd", + "rev": "ba3f8e26212ff64cc96a4c1932d91bd18eb87757", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 87ab0d0..27411e5 100644 --- a/flake.nix +++ b/flake.nix @@ -12,7 +12,7 @@ flake-parts.url = "github:hercules-ci/flake-parts"; - # TODO Upstream this? + # TODO https://github.com/NixOS/nixpkgs/pull/360866 nixpkgs-amneziawg.url = "github:azahi/nixpkgs/amneziawg"; nixos-hardware.url = "github:NixOS/nixos-hardware"; diff --git a/lib/my.nix b/lib/my.nix index c8f9d3d..b60d980 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -254,6 +254,29 @@ with lib; syncthing.id = "@SYNCTHING_ID@"; }; + # VPS in Russia. + tulkas = { + stateVersion = "24.05"; + deviceIcon = "devices.cloud-server"; + system = "x86_64-linux"; + isHeadless = true; + ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; + address = "@IPV4_ADDRESS@"; + prefixLength = 32; + }; + ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; + address = "@IPV6_ADDRESS@"; + prefixLength = 64; + }; + wireguard = { + ipv4.address = "10.69.0.4"; + ipv6.address = "fd69::0:4"; + publicKey = "@PUBLIC_KEY@"; + }; + }; + # A beefy desktop: 7950x/rx6750xt/128GB. eonwe = { stateVersion = "24.05"; diff --git a/modules/common/networking.nix b/modules/common/networking.nix index d7baa6c..468bd8b 100644 --- a/modules/common/networking.nix +++ b/modules/common/networking.nix @@ -97,17 +97,8 @@ in } ) (lib.mkIf this.isHeadful { - interfaces.eth0.useDHCP = lib.mkDefault true; - networkmanager = { - enable = lib.mkDefault true; - unmanaged = [ - "type:amneziawg" - "type:bridge" - "type:ethernet" - "type:loopback" - "type:wireguard" - ]; + enable = true; plugins = lib.mkForce [ ]; wifi.backend = "iwd"; }; diff --git a/modules/games/lutris.nix b/modules/games/lutris.nix index 62fe521..d926971 100644 --- a/modules/games/lutris.nix +++ b/modules/games/lutris.nix @@ -22,10 +22,12 @@ in (lutris.override { extraPkgs = _: [ vkBasalt - wine + wine-staging winetricks ]; }) + wine-staging + winetricks ]; }; } diff --git a/modules/monitoring/default.nix b/modules/monitoring/default.nix index 6e5b782..a3e57d3 100644 --- a/modules/monitoring/default.nix +++ b/modules/monitoring/default.nix @@ -166,6 +166,7 @@ in promtail = { hosts = [ manwe + tulkas varda yavanna ]; @@ -182,6 +183,7 @@ in endlessh-go = { hosts = [ manwe + tulkas varda yavanna ]; @@ -197,6 +199,7 @@ in node = { hosts = [ manwe + tulkas varda yavanna ]; diff --git a/modules/nsd.nix b/modules/nsd.nix index 1399b5d..acf7e27 100644 --- a/modules/nsd.nix +++ b/modules/nsd.nix @@ -134,6 +134,8 @@ in subdomains = rec { manwe = ips "manwe"; "*.manwe" = manwe; + tulkas = ips "tulkas"; + "*.tulkas" = tulkas; varda = ips "varda"; "*.varda" = varda; yavanna = ips "yavanna"; diff --git a/modules/profiles/dev/default.nix b/modules/profiles/dev/default.nix index bc761f5..4d85168 100644 --- a/modules/profiles/dev/default.nix +++ b/modules/profiles/dev/default.nix @@ -59,6 +59,7 @@ in packages = with pkgs; [ age + dbeaver-bin distrobox google-cloud-sdk htmlq @@ -71,6 +72,7 @@ in nixpkgs-review scaleway-cli sops + sqlitebrowser toolbox vultr-cli yq diff --git a/modules/wireguard.nix b/modules/wireguard.nix index dcd7858..5138946 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -20,6 +20,14 @@ let ${resolvectl} dnssec ${cfg.interface} no ${resolvectl} dnsovertls ${cfg.interface} no ''; + + extraOptions = { + jc = 228; + jmin = 42; + jmax = 420; + s1 = 69; + s2 = 96; + }; in { disabledModules = [ @@ -149,13 +157,7 @@ in "${ipv4.address}/16" "${ipv6.address}/16" ]; - extraInterfaceConfig = '' - jc = 228 - jmin = 42 - jmax = 420 - s1 = 69 - s2 = 96 - ''; + inherit extraOptions; }) (with cfg.server; { peers = [ @@ -221,17 +223,8 @@ in "${ipv4.address}/16" ]; listenPort = port; - inherit peers; - postSetup = - DNSSetup - + '' - awg set ${cfg.interface} \ - jc 228 \ - jmin 42 \ - jmax 420 \ - s1 69 \ - s2 96 - ''; + inherit peers extraOptions; + postSetup = DNSSetup; allowedIPsAsRoutes = false; }; }; -- cgit 1.4.1