Commit b7b78b566d51
Changed files (4)
machines/kerkouane.nix
@@ -1,3 +0,0 @@
-{
- imports = [ ./nixos-base.nix ];
-}
machines/kerkouane.nixos.nix
@@ -1,99 +0,0 @@
-{ config, pkgs, ... }:
-
-with import ../assets/machines.nix; {
- imports = [ ../networking.nix ];
- time.timeZone = "Europe/Paris";
- boot = {
- cleanTmpDir = true;
- loader.grub.enable = true;
- };
- profiles = {
- git.enable = true;
- nix-config.localCaches = [ ];
- nix-config.buildCores = 1;
- ssh.enable = true;
- syncthing.enable = true;
- wireguard.server.enable = true;
- };
- networking.firewall.allowPing = true;
- networking.firewall.allowedTCPPorts = [ 80 443 ];
- security = {
- acme = {
- acceptTerms = true;
- email = "vincent@sbr.pm";
- };
- #acme.certs = {
- # "sbr.pm".email = "vincent@sbr.pm";
- #};
- };
- security.pam.enableSSHAgentAuth = true;
- services = {
- govanityurl = {
- enable = true;
- user = "nginx";
- host = "go.sbr.pm";
- config = ''
- paths:
- /ape:
- repo: https://git.sr.ht/~vdemeester/ape
- /nr:
- repo: https://gitlab.com/vdemeester/nr
- /ram:
- repo: https://git.sr.ht/~vdemeester/ram
- /sec:
- repo: https://gitlab.com/vdemeester/sec
- '';
- };
- nginx = {
- enable = true;
- virtualHosts."dl.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/dl.sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."paste.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/paste.sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."go.sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
- };
- virtualHosts."sbr.pm" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/sbr.pm";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."sbr.systems" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/sbr.systems";
- locations."/" = {
- index = "index.html";
- };
- };
- virtualHosts."vincent.demeester.fr" = {
- enableACME = true;
- forceSSL = true;
- root = "/home/vincent/desktop/sites/vincent.demeester.fr";
- locations."/" = {
- index = "index.html";
- };
- };
- };
- openssh.ports = [ ssh.kerkouane.port ];
- openssh.permitRootLogin = "without-password";
- syncthing.guiAddress = "127.0.0.1:8384";
- };
-}
machines/wakasu.nix
@@ -1,55 +0,0 @@
-{ pkgs, ... }:
-
-{
- imports = [
- ./nixos-base.nix
- ];
- profiles.zsh = {
- enable = true;
- };
- profiles.audio = {
- enable = true;
- mpd = {
- enable = true;
- musicDir = "/net/sakhalin.home/export/gaia/music";
- };
- shairport-sync = true;
- };
- profiles.cloud.google.enable = true;
- profiles.dev = {
- go.enable = true;
- };
- profiles.emacs.withXwidgets = true;
- profiles.finances.enable = true;
- profiles.laptop.enable = true;
- profiles.media.enable = true;
- profiles.gpg.pinentry = "${pkgs.pinentry-gtk2}/bin/pinentry-gtk-2";
- profiles.mails = {
- enable = true;
- sync = true;
- };
- profiles.containers.kubernetes = {
- enable = true;
- krew = true;
- kind = true;
- nr = false;
- };
- profiles.containers.openshift = {
- enable = true;
- crc = true;
- };
- programs = {
- google-chrome.enable = true;
- podman.enable = true;
- };
- home.packages = with pkgs; [
- openvpn
- krb5
- libosinfo
- virtmanager
- thunderbird
- asciinema
- gnome3.zenity # use rofi instead
- oathToolkit
- ];
-}
machines/wakasu.nixos.nix
@@ -1,97 +0,0 @@
-with import ../assets/machines.nix; {
- imports = [ ../hardware/lenovo-p50.nix ./home.nixos.nix ];
- boot = {
- kernelModules = [ "kvm_intel" ];
- kernelParams = [ "kvm_intel.nested=1" ];
- kernel.sysctl = {
- "net.bridge.bridge-nf-call-arptables" = 0;
- "net.bridge.bridge-nf-call-iptables" = 0;
- "net.bridge.bridge-nf-call-ip6tables" = 0;
- };
- };
- environment.etc."NetworkManager/dnsmasq.d/crc.conf".text = ''
- server=/apps-crc.testing/192.168.130.11
- server=/crc.testing/192.168.130.11
- '';
- networking = {
- firewall.enable = false; # we are in safe territory :D
- hosts = {
- "${home.ips.honshu}" = [ "honshu.home" ];
- "${wireguard.ips.honshu}" = [ "honshu.vpn" ];
- "${home.ips.shikoku}" = [ "shikoku.home" ];
- "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ];
- "${home.ips.wakasu}" = [ "wakasu.home" ];
- "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ];
- "${home.ips.hokkaido}" = [ "hokkaido.home" ];
- "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ];
- "${home.ips.sakhalin}" = [ "sakhalin.home" ];
- "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ];
- "${wireguard.ips.massimo}" = [ "massimo.vpn" ];
- "${home.ips.synodine}" = [ "synodine.home" ];
- "${home.ips.okinawa}" = [ "okinawa.home" "cache.home" "svc.home" "nix.cache.home" "go.cache.home" ];
- "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ];
- "${wireguard.ips.carthage}" = [ "carthage.vpn" ];
- "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ];
- };
- networkmanager = {
- dns = "dnsmasq";
- };
- };
- profiles = {
- dev.enable = true;
- laptop.enable = true;
- desktop.autoLogin = true;
- docker.enable = true;
- nix-config.buildCores = 4;
- #qemu-user = { arm = true; aarch64 = true; };
- ssh = {
- enable = true;
- forwardX11 = true;
- };
- virtualization = {
- enable = true;
- nested = true;
- listenTCP = true;
- };
- yubikey.enable = true;
- };
- programs = {
- podman.enable = true;
- };
- security.sudo = {
- extraConfig = ''
- %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix
- '';
- };
- security.pam.u2f.enable = true;
- services = {
- logind.extraConfig = ''
- HandleLidSwitch=ignore
- HandleLidSwitchExternalPower=ignore
- HandleLidSwitchDocked=ignore
- '';
- #syncthing.guiAddress = "${wireguard.ips.wakasu}:8384";
- syncthing.guiAddress = "0.0.0.0:8384";
- smartd = {
- enable = true;
- devices = [{ device = "/dev/nvme0n1"; }];
- };
- wireguard = {
- enable = true;
- ips = [ "${wireguard.ips.wakasu}/24" ];
- endpoint = wg.endpointIP;
- endpointPort = wg.listenPort;
- endpointPublicKey = wireguard.kerkouane.publicKey;
- };
- xserver = {
- videoDrivers = [ "nvidia" ];
- dpi = 96;
- serverFlagsSection = ''
- Option "BlankTime" "0"
- Option "StandbyTime" "0"
- Option "SuspendTime" "0"
- Option "OffTime" "0"
- '';
- };
- };
-}