asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

all: format .nix filex with nixfmt-rfc

Browse Source
This commit is contained in:
Asmir A
2025-01-10 18:11:42 +01:00
parent e571ae07c0
commit 77e24e385a
22 changed files with 863 additions and 547 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
nixy/configuration.nix
View File

@@ -6,8 +6,9 @@
system,
zremap,
...
}: {
imports = [];
}:
{
imports = [ ];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
@@ -17,7 +18,7 @@
};
sops = {
age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
secrets = {
"peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
@@ -61,17 +62,29 @@
package = pkgs.nixVersions.latest;
settings = {
sandbox = true;
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
boot = {
extraModulePackages = with config.boot.kernelPackages; [usbip v4l2loopback];
extraModulePackages = with config.boot.kernelPackages; [
usbip
v4l2loopback
];
initrd.compressor = "zstd";
initrd.kernelModules = [];
initrd.kernelModules = [ ];
initrd.systemd.enable = true;
binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"];
kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"];
binfmt.emulatedSystems = [
"wasm32-wasi"
"x86_64-windows"
];
kernelParams = [
"psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep"
];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
@@ -83,7 +96,10 @@
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["f2fs" "xfs"];
supportedFilesystems = [
"f2fs"
"xfs"
];
tmp.useTmpfs = true;
};
@@ -94,7 +110,7 @@
doas.enable = true;
doas.extraRules = [
{
users = ["akill"];
users = [ "akill" ];
keepEnv = true;
persist = true;
}
@@ -109,11 +125,19 @@
nftables.enable = true;
firewall = {
enable = true;
allowedTCPPorts = [80 443 51820 8020];
allowedTCPPorts = [
80
443
51820
8020
];
};
hostName = "nixy";
nameservers = ["127.0.0.1" "::1"];
nameservers = [
"127.0.0.1"
"::1"
];
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
@@ -144,13 +168,13 @@
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.6/24"];
ips = [ "10.100.0.6/24" ];
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared/nixy".path;
allowedIPs = ["10.100.0.0/24"];
allowedIPs = [ "10.100.0.0/24" ];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;
}
@@ -158,12 +182,12 @@
};
neox_wg = {
ips = ["192.168.51.2/32"];
ips = [ "192.168.51.2/32" ];
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../nixy/wg_pubkey_nx;
allowedIPs = ["192.168.2.0/24"];
allowedIPs = [ "192.168.2.0/24" ];
endpoint = "185.194.64.26:51820";
persistentKeepalive = 25;
}
@@ -175,7 +199,10 @@
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nix-xilinx.overlay nvim.overlays.${system}.overlay];
nixpkgs.overlays = [
nix-xilinx.overlay
nvim.overlays.${system}.overlay
];
environment = {
etc = {
"firejail/qutebrowser.local".text = ''
@@ -234,7 +261,7 @@
"netns@" = {
description = "%I network namespace";
before = ["network.target"];
before = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@@ -245,11 +272,11 @@
"wg_proton" = {
description = "wg network interface";
bindsTo = ["netns@wg.service"];
requires = ["network-online.target"];
wants = ["dnscrypt-proxy2_proton.service"];
after = ["netns@wg.service"];
before = ["dnscrypt-proxy2_proton.service"];
bindsTo = [ "netns@wg.service" ];
requires = [ "network-online.target" ];
wants = [ "dnscrypt-proxy2_proton.service" ];
after = [ "netns@wg.service" ];
before = [ "dnscrypt-proxy2_proton.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@@ -260,7 +287,9 @@
${pkgs.iproute2}/bin/ip link set proton_wg netns wg
${pkgs.iproute2}/bin/ip -n wg address add 10.2.0.2/32 dev proton_wg
${pkgs.iproute2}/bin/ip netns exec wg \
${pkgs.wireguard-tools}/bin/wg set "proton_wg" private-key "${config.sops.secrets."wg_privkey_proton".path}"
${pkgs.wireguard-tools}/bin/wg set "proton_wg" private-key "${
config.sops.secrets."wg_privkey_proton".path
}"
${pkgs.iproute2}/bin/ip netns exec wg \
${pkgs.wireguard-tools}/bin/wg set "proton_wg" peer "g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=" \
endpoint "$ENDPOINT_IP:51820" \
@@ -283,9 +312,9 @@
"network-online.target"
"nss-lookup.target"
];
before = ["nss-lookup.target"];
after = ["wg_proton.service"];
partOf = ["wg_proton.service"];
before = [ "nss-lookup.target" ];
after = [ "wg_proton.service" ];
partOf = [ "wg_proton.service" ];
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
CacheDirectory = "dnscrypt-proxy";
@@ -372,7 +401,10 @@
};
udev = {
packages = [pkgs.openhantek6022 pkgs.openocd];
packages = [
pkgs.openhantek6022
pkgs.openocd
];
extraRules = ''
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
@@ -403,32 +435,38 @@
enable = true;
bindings = [
{
keys = [113];
events = ["key"];
keys = [ 113 ];
events = [ "key" ];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
}
{
keys = [114];
events = ["key" "rep"];
keys = [ 114 ];
events = [
"key"
"rep"
];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [115];
events = ["key" "rep"];
keys = [ 115 ];
events = [
"key"
"rep"
];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
}
{
keys = [224];
events = ["key"];
keys = [ 224 ];
events = [ "key" ];
command = "${pkgs.light}/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
keys = [ 225 ];
events = [ "key" ];
command = "${pkgs.light}/bin/light -A 5";
}
];
@@ -454,33 +492,35 @@
};
};
borgbackup.jobs."borgbase" = let
user = config.users.users.akill;
home = user.home;
in {
user = user.name;
paths = [
(home + "/pic/priv")
(home + "/pproj")
(home + "/videos/priv")
];
exclude = [
"**/.ccls_cache"
"**/*.d"
"**/*.map"
"**/*.o"
"**/zig-cache"
"**/zig-out"
];
repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
borgbackup.jobs."borgbase" =
let
user = config.users.users.akill;
home = user.home;
in
{
user = user.name;
paths = [
(home + "/pic/priv")
(home + "/pproj")
(home + "/videos/priv")
];
exclude = [
"**/.ccls_cache"
"**/*.d"
"**/*.map"
"**/*.o"
"**/zig-cache"
"**/zig-out"
];
repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
encryption = {
mode = "repokey-blake2";
passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
compression = "auto,zstd";
startAt = "daily";
};
nix-serve = {
enable = false;
@@ -519,7 +559,7 @@
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono"];
monospace = [ "JetBrainsMono" ];
};
};
@@ -548,7 +588,14 @@
};
virtualisation = {
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
allowedBridges = [
"virbr0"
"br0"
];
};
spiceUSBRedirection.enable = true;
containers.storage.settings = {
storage = {
graphroot = "/var/lib/containers/storage";
@@ -574,7 +621,7 @@
graphics = {
enable = true;
extraPackages = [];
extraPackages = [ ];
};
rtl-sdr.enable = true;
};
@@ -587,6 +634,15 @@
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"];
extraGroups = [
"wireshark"
"kvm"
"tty"
"audio"
"sound"
"adbusers"
"dialout"
"wheel"
];
};
}