Commit 8af5f394d5a4
Changed files (21)
systems/aix/extra.nix
@@ -7,6 +7,9 @@
networking.firewall.enable = false;
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
samba.settings."vincent" = {
path = "/data/share";
@@ -31,6 +34,4 @@
# TODO: could be enable by default for all ?
security.pam.enableSSHAgentAuth = true;
-
- security.apparmor.enable = true;
}
systems/aix/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/aomi/extra.nix
@@ -28,6 +28,9 @@
# networking.firewall.enable = false;
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
logind.extraConfig = ''
HandleLidSwitch=ignore
systems/aomi/home.nix
@@ -1,3 +1,4 @@
_: {
services.ssh-agent.enable = true;
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
}
systems/athena/extra.nix
@@ -8,6 +8,9 @@
networking.firewall.enable = false;
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
wireguard = {
enable = true;
@@ -19,6 +22,4 @@
# TODO: could be enable by default for all ?
security.pam.enableSSHAgentAuth = true;
-
- security.apparmor.enable = true;
}
systems/athena/home.nix
@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+ systemd.user.services.syncthing.Install.WantedBy = lib.mkForce [ "multi-user.target" ];
+}
systems/common/base/default.nix
@@ -12,6 +12,7 @@
./hardware.nix
./locale.nix
./nh.nix
+ ./network.nix
./tpm.nix
# All my machine have this running
systems/common/base/network.nix
@@ -0,0 +1,11 @@
+{ globals, ... }:
+{
+ # networking.extraHosts = ''
+ # 10.100.0.80 nagoya.vpn
+ # '';
+ networking.hosts = globals.fn.hostConfigs globals.machines;
+ # networking.hosts = {
+ # "192.168.1.80" = [ "nagoya.home" ];
+ # "10.100.0.80" = [ "nagoya.vpn" ];
+ # };
+}
systems/demeter/extra.nix
@@ -8,6 +8,8 @@
networking.firewall.enable = false;
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
services = {
wireguard = {
enable = true;
@@ -19,6 +21,4 @@
# TODO: could be enable by default for all ?
security.pam.enableSSHAgentAuth = true;
-
- security.apparmor.enable = true;
}
systems/demeter/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/kerkouane/extra.nix
@@ -56,6 +56,8 @@ in
# ../common/services/syncthing.nix
];
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
services.openssh = {
listenAddresses = [
{
systems/kerkouane/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/kobe/extra.nix
@@ -13,6 +13,9 @@
../common/services/libvirt.nix
];
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
# networking.firewall.enable = false;
nixpkgs.config.cudaSupport = true;
nixpkgs.config.rocmSupport = lib.mkForce false;
systems/kobe/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/nagoya/extra.nix
@@ -1,5 +1,15 @@
-{ globals, pkgs, ... }:
{
+ globals,
+ lib,
+ pkgs,
+ ...
+}:
+{
+ networking.firewall.enable = false;
+
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
wireguard = {
enable = true;
@@ -9,6 +19,22 @@
};
};
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedTlsSettings = true;
+ recommendedOptimisation = true;
+ virtualHosts."nagoya.sbr.pm" = {
+ locations = lib.attrsets.mapAttrs' (
+ name: value:
+ lib.attrsets.nameValuePair ("/syncthing/${name}/") ({
+ proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
+ recommendedProxySettings = true;
+ })
+ ) (lib.attrsets.filterAttrs (name: value: (globals.fn.hasVPNips value)) globals.machines);
+ };
+ };
+
environment.systemPackages = with pkgs; [
lm_sensors
];
systems/nagoya/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/sakhalin/extra.nix
@@ -12,6 +12,10 @@
../common/desktop/binfmt.nix # TODO: move to something else than desktop
../common/services/prometheus-exporters-node.nix
];
+
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
atuin = {
enable = true;
systems/sakhalin/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
systems/shikoku/extra.nix
@@ -23,6 +23,9 @@
"aspnetcore-runtime-6.0.36"
];
+ # TODO make it an option ? (otherwise I'll add it for all)
+ users.users.vincent.linger = true;
+
services = {
wireguard = {
enable = true;
systems/shikoku/home.nix
@@ -0,0 +1,3 @@
+_: {
+ systemd.user.services.syncthing.Install.WantedBy = [ "multi-user.target" ];
+}
globals.nix
@@ -45,6 +45,26 @@ let
++ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine;
+ hostConfig =
+ machine:
+ builtins.listToAttrs (
+ map
+ (x: {
+ name = x;
+ value =
+ if (lib.strings.hasPrefix "10.100" x) then
+ builtins.filter (n: lib.strings.hasSuffix ".vpn" n) machine.net.names
+ else if (lib.strings.hasPrefix "192.168" x) then
+ builtins.filter (n: lib.strings.hasSuffix ".home" n) machine.net.names
+ else
+ [ ];
+ })
+ (
+ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine
+ )
+ );
+
sshConfig =
machine:
builtins.listToAttrs (
@@ -575,6 +595,7 @@ in
hasSSHHostKeys
sshHostIdentifier
sshConfig
+ hostConfig
;
/**
Return a list of wireguard ips from a list of ips.
@@ -638,6 +659,9 @@ in
) (lib.attrsets.filterAttrs (_name: hasSSHHostKeys) machines)
);
+ hostConfigs =
+ machines: lib.attrsets.mergeAttrsList (lib.attrsets.mapAttrsToList (_name: hostConfig) (machines));
+
sshConfigs =
machines:
lib.attrsets.mergeAttrsList (