asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:62e54fdadf4f80739c0c59c0a2f1bd467aa0b50e
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2
..
compare: asmir:f7246dc6619c0127e81be7ee2dc276e50cb427ed
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2

No commits in common. "62e54fdadf4f80739c0c59c0a2f1bd467aa0b50e" and "f7246dc6619c0127e81be7ee2dc276e50cb427ed" have entirely different histories.
62e54fdadf ... f7246dc661

3 changed files with 38 additions and 51 deletions
Show Stats Expand all files Collapse all files

24
flake.lock generated
View File

@ -89,11 +89,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1739757849, "lastModified": 1736373539,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -126,11 +126,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741445498, "lastModified": 1738574474,
"narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=", "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634", "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -243,11 +243,11 @@
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-24_11": "nixpkgs-24_11"
}, },
"locked": { "locked": {
"lastModified": 1740437053, "lastModified": 1737736848,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=", "narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec", "rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -263,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741043164, "lastModified": 1738291974,
"narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=", "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3f2412536eeece783f0d0ad3861417f347219f4d", "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github" "type": "github"
}, },
"original": { "original": {

44
magpie/configuration.nix
View File

@ -333,28 +333,24 @@
}; };
networking.hostName = "magpie"; networking.hostName = "magpie";
networking.firewall = {
nftables.enable = true;
enable = true;
allowedTCPPorts = [
80
443
587
2049
]; # http, mail, mail, nfs
allowedUDPPorts = [
443
51820
]; # mail, wireguard
allowPing = true;
logRefusedConnections = lib.mkDefault false;
};
networking.nat = { networking.firewall.enable = true;
enable = true; networking.firewall.allowedTCPPorts = [
externalInterface = "enp1s0"; 80
internalInterfaces = [ "wg0" ]; 443
}; 587
2049
]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [
443
51820
]; # mail, wireguard
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.nat.enable = true;
networking.nat.externalInterface = "enp1s0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.wireless.enable = false; networking.wireless.enable = false;
@ -367,11 +363,11 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = '' postSetup = ''
${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
''; '';
# This undoes the above command, TODO fix command below to be more specific # This undoes the above command
postShutdown = '' postShutdown = ''
${pkgs.nftables}/bin/nft flush table ip nat ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
''; '';
privateKeyFile = config.sops.secrets."wg_privkey".path; privateKeyFile = config.sops.secrets."wg_privkey".path;

21
nixy/configuration.nix
View File

@ -88,7 +88,7 @@ in
"psmouse.synaptics_intertouch=0" "psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep" "mem_sleep_default=deep"
]; ];
#kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = { kernel.sysctl = {
"net.core.default_qdisc" = "fq"; "net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
@ -236,13 +236,6 @@ in
enable = true; enable = true;
binfmt = true; binfmt = true;
}; };
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
zsh.enable = true; zsh.enable = true;
firejail.enable = true; firejail.enable = true;
adb.enable = true; adb.enable = true;
@ -379,7 +372,6 @@ in
acpid.enable = true; acpid.enable = true;
dbus.enable = true; dbus.enable = true;
dbus.implementation = "broker"; dbus.implementation = "broker";
envfs.enable = true;
fstrim.enable = true; fstrim.enable = true;
fwupd.enable = true; fwupd.enable = true;
ntp.enable = true; ntp.enable = true;
@ -446,9 +438,9 @@ in
enable = true; enable = true;
bindings = [ bindings = [
{ {
keys = [ 115 ]; keys = [ 113 ];
events = [ "key" ]; events = [ "key" ];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'";
} }
{ {
@ -457,16 +449,16 @@ in
"key" "key"
"rep" "rep"
]; ];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'";
} }
{ {
keys = [ 113 ]; keys = [ 115 ];
events = [ events = [
"key" "key"
"rep" "rep"
]; ];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'";
} }
{ {
@ -599,7 +591,6 @@ in
}; };
virtualisation = { virtualisation = {
waydroid.enable = false;
libvirtd = { libvirtd = {
enable = true; enable = true;
allowedBridges = [ allowedBridges = [