asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:f7246dc6619c0127e81be7ee2dc276e50cb427ed
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2
...
compare: asmir:62e54fdadf4f80739c0c59c0a2f1bd467aa0b50e
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2

3 Commits
f7246dc661 ... 62e54fdadf

Author SHA1 Message Date
Asmir A
62e54fdadf
flake: update 2025-03-10 14:59:29 +01:00
Asmir A
f5a1f5d396
nixy: add pw keybindings, disable waydroid 2025-03-10 14:32:12 +01:00
Asmir A
a624cbcfd1
magpie/networking: iptables -> nftables 2025-02-10 15:15:44 +01:00
3 changed files with 51 additions and 38 deletions
Show Stats Expand all files Collapse all files

24
flake.lock generated
View File

@ -89,11 +89,11 @@
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
@ -126,11 +126,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1738574474,
"narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
"lastModified": 1741445498,
"narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
"rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634",
"type": "github"
},
"original": {
@ -243,11 +243,11 @@
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1737736848,
"narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=",
"lastModified": 1740437053,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"type": "gitlab"
},
"original": {
@ -263,11 +263,11 @@
]
},
"locked": {
"lastModified": 1738291974,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"lastModified": 1741043164,
"narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
"type": "github"
},
"original": {

44
magpie/configuration.nix
View File

@ -333,24 +333,28 @@
};
networking.hostName = "magpie";
networking.firewall = {
nftables.enable = true;
enable = true;
allowedTCPPorts = [
80
443
587
2049
]; # http, mail, mail, nfs
allowedUDPPorts = [
443
51820
]; # mail, wireguard
allowPing = true;
logRefusedConnections = lib.mkDefault false;
};
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
80
443
587
2049
]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [
443
51820
]; # mail, wireguard
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.nat.enable = true;
networking.nat.externalInterface = "enp1s0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.nat = {
enable = true;
externalInterface = "enp1s0";
internalInterfaces = [ "wg0" ];
};
networking.networkmanager.enable = true;
networking.wireless.enable = false;
@ -363,11 +367,11 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
'';
# This undoes the above command
# This undoes the above command, TODO fix command below to be more specific
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
${pkgs.nftables}/bin/nft flush table ip nat
'';
privateKeyFile = config.sops.secrets."wg_privkey".path;

21
nixy/configuration.nix
View File

@ -88,7 +88,7 @@ in
"psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep"
];
kernelPackages = pkgs.linuxPackages_latest;
#kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
@ -236,6 +236,13 @@ in
enable = true;
binfmt = true;
};
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
@ -372,6 +379,7 @@ in
acpid.enable = true;
dbus.enable = true;
dbus.implementation = "broker";
envfs.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
@ -438,9 +446,9 @@ in
enable = true;
bindings = [
{
keys = [ 113 ];
keys = [ 115 ];
events = [ "key" ];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'";
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
}
{
@ -449,16 +457,16 @@ in
"key"
"rep"
];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'";
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
}
{
keys = [ 115 ];
keys = [ 113 ];
events = [
"key"
"rep"
];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'";
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
}
{
@ -591,6 +599,7 @@ in
};
virtualisation = {
waydroid.enable = false;
libvirtd = {
enable = true;
allowedBridges = [