asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:f7246dc6619c0127e81be7ee2dc276e50cb427ed
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2
..
compare: asmir:62e54fdadf4f80739c0c59c0a2f1bd467aa0b50e
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2

3 Commits
f7246dc661 ... 62e54fdadf

Author SHA1 Message Date
Asmir A
62e54fdadf
flake: update 2025-03-10 14:59:29 +01:00
Asmir A
f5a1f5d396
nixy: add pw keybindings, disable waydroid 2025-03-10 14:32:12 +01:00
Asmir A
a624cbcfd1
magpie/networking: iptables -> nftables 2025-02-10 15:15:44 +01:00
3 changed files with 51 additions and 38 deletions
Show Stats Expand all files Collapse all files

24
flake.lock generated
View File

@ -89,11 +89,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736373539, "lastModified": 1739757849,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -126,11 +126,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1738574474, "lastModified": 1741445498,
"narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=", "narHash": "sha256-F5Em0iv/CxkN5mZ9hRn3vPknpoWdcdCyR0e4WklHwiE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c", "rev": "52e3095f6d812b91b22fb7ad0bfc1ab416453634",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -243,11 +243,11 @@
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-24_11": "nixpkgs-24_11"
}, },
"locked": { "locked": {
"lastModified": 1737736848, "lastModified": 1740437053,
"narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=", "narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261", "rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -263,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738291974, "lastModified": 1741043164,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=", "narHash": "sha256-9lfmSZLz6eq9Ygr6cCmvQiiBEaPb54pUBcjvbEMPORc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7", "rev": "3f2412536eeece783f0d0ad3861417f347219f4d",
"type": "github" "type": "github"
}, },
"original": { "original": {

44
magpie/configuration.nix
View File

@ -333,24 +333,28 @@
}; };
networking.hostName = "magpie"; networking.hostName = "magpie";
networking.firewall = {
nftables.enable = true;
enable = true;
allowedTCPPorts = [
80
443
587
2049
]; # http, mail, mail, nfs
allowedUDPPorts = [
443
51820
]; # mail, wireguard
allowPing = true;
logRefusedConnections = lib.mkDefault false;
};
networking.firewall.enable = true; networking.nat = {
networking.firewall.allowedTCPPorts = [ enable = true;
80 externalInterface = "enp1s0";
443 internalInterfaces = [ "wg0" ];
587 };
2049
]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [
443
51820
]; # mail, wireguard
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.nat.enable = true;
networking.nat.externalInterface = "enp1s0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.wireless.enable = false; networking.wireless.enable = false;
@ -363,11 +367,11 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = '' postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
''; '';
# This undoes the above command # This undoes the above command, TODO fix command below to be more specific
postShutdown = '' postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.nftables}/bin/nft flush table ip nat
''; '';
privateKeyFile = config.sops.secrets."wg_privkey".path; privateKeyFile = config.sops.secrets."wg_privkey".path;

21
nixy/configuration.nix
View File

@ -88,7 +88,7 @@ in
"psmouse.synaptics_intertouch=0" "psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep" "mem_sleep_default=deep"
]; ];
kernelPackages = pkgs.linuxPackages_latest; #kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = { kernel.sysctl = {
"net.core.default_qdisc" = "fq"; "net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
@ -236,6 +236,13 @@ in
enable = true; enable = true;
binfmt = true; binfmt = true;
}; };
nix-ld = {
enable = true;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
zsh.enable = true; zsh.enable = true;
firejail.enable = true; firejail.enable = true;
adb.enable = true; adb.enable = true;
@ -372,6 +379,7 @@ in
acpid.enable = true; acpid.enable = true;
dbus.enable = true; dbus.enable = true;
dbus.implementation = "broker"; dbus.implementation = "broker";
envfs.enable = true;
fstrim.enable = true; fstrim.enable = true;
fwupd.enable = true; fwupd.enable = true;
ntp.enable = true; ntp.enable = true;
@ -438,9 +446,9 @@ in
enable = true; enable = true;
bindings = [ bindings = [
{ {
keys = [ 113 ]; keys = [ 115 ];
events = [ "key" ]; events = [ "key" ];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
} }
{ {
@ -449,16 +457,16 @@ in
"key" "key"
"rep" "rep"
]; ];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
} }
{ {
keys = [ 115 ]; keys = [ 113 ];
events = [ events = [
"key" "key"
"rep" "rep"
]; ];
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
} }
{ {
@ -591,6 +599,7 @@ in
}; };
virtualisation = { virtualisation = {
waydroid.enable = false;
libvirtd = { libvirtd = {
enable = true; enable = true;
allowedBridges = [ allowedBridges = [