diff --git a/README.md b/README.md
index 63e92f8..c42c555 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@
- Screenshots last updated 2024-09-04
+ Screenshot last updated 2025-05-11
# Overview
@@ -48,6 +48,7 @@
- [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration
- [violet](hosts/violet/): Server (violet) specific configuration
- [dandelion](hosts/dandelion/): Server (dandelion) specific configuration
+ - [lily](hosts/lily/): Router (lily) specific configuration
- [modules](modules): modularized NixOS configurations
- [core](modules/core/): core NixOS configuration
- [homes](modules/home/): my [Home-Manager](https://github.com/nix-community/home-manager) config
diff --git a/flake.lock b/flake.lock
index 2113071..ee6aeec 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1742767019,
- "narHash": "sha256-FdyHDbf31jl5rIU7IQtBVTbZ1ojGrrp5aFaRrE2819s=",
+ "lastModified": 1747531250,
+ "narHash": "sha256-uDhXNURTJgQSpiaCgzqAizbblpcEWEB1WGWEqtCnLLM=",
"owner": "KZDKM",
"repo": "Hyprspace",
- "rev": "5b62529c2011ede6069445de9b5b3f8a1f10ecfe",
+ "rev": "511d399120bdcafb43e57ca5ff35167c2bba6db8",
"type": "github"
},
"original": {
@@ -50,11 +50,11 @@
"systems": "systems_3"
},
"locked": {
- "lastModified": 1736955230,
- "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
+ "lastModified": 1747575206,
+ "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
+ "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
@@ -104,11 +104,11 @@
]
},
"locked": {
- "lastModified": 1744289235,
- "narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=",
+ "lastModified": 1745357003,
+ "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=",
"owner": "hyprwm",
"repo": "aquamarine",
- "rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a",
+ "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f",
"type": "github"
},
"original": {
@@ -122,11 +122,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
- "lastModified": 1745352209,
- "narHash": "sha256-u3vJEzi6zxgG59KXjMR5koERsdKT5nd1OEKCpr6zgn8=",
+ "lastModified": 1747519437,
+ "narHash": "sha256-uv9Wv59d+mckS2CkorOF484wp2G5TNGijdoBZ5RkAk0=",
"owner": "catppuccin",
"repo": "nix",
- "rev": "6268e50dbb0ac9375e110560395b5dc199e4dfb8",
+ "rev": "3ba714046ee32373e88166e6e9474d6ae6a5b734",
"type": "github"
},
"original": {
@@ -143,11 +143,11 @@
]
},
"locked": {
- "lastModified": 1700795494,
- "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
+ "lastModified": 1744478979,
+ "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
+ "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@@ -338,11 +338,11 @@
]
},
"locked": {
- "lastModified": 1703113217,
- "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+ "lastModified": 1745494811,
+ "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+ "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@@ -358,11 +358,11 @@
]
},
"locked": {
- "lastModified": 1745494811,
- "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
+ "lastModified": 1747688838,
+ "narHash": "sha256-FZq4/3OtGV/cti9Vccsy2tGSUrxTO4hkDF9oeGRTen4=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
+ "rev": "45c2985644b60ab64de2a2d93a4d132ecb87cf66",
"type": "github"
},
"original": {
@@ -376,11 +376,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
- "lastModified": 1743417258,
- "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=",
+ "lastModified": 1747572947,
+ "narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=",
"owner": "hyprwm",
"repo": "contrib",
- "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10",
+ "rev": "910dad4c5755c1735d30da10c96d9086aa2a608d",
"type": "github"
},
"original": {
@@ -405,11 +405,11 @@
]
},
"locked": {
- "lastModified": 1742215578,
- "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=",
+ "lastModified": 1745948457,
+ "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=",
"owner": "hyprwm",
"repo": "hyprcursor",
- "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719",
+ "rev": "ac903e80b33ba6a88df83d02232483d99f327573",
"type": "github"
},
"original": {
@@ -465,11 +465,11 @@
"xdph": "xdph"
},
"locked": {
- "lastModified": 1745443874,
- "narHash": "sha256-sEI5r1IjmJEgNn/al7zd5lUsjWpeGAY0uOoCab5Pqcc=",
+ "lastModified": 1747610850,
+ "narHash": "sha256-eGOtDlq3h+r/X/j4oSNo6cmQlt67TVolgUJMnGKTRt4=",
"ref": "refs/heads/main",
- "rev": "b06fbdb7431aa2b6653d788ad9fb758478c72d4c",
- "revCount": 6021,
+ "rev": "eb3b38d40baca5c05ddbc1507b3d3f02a0ccb164",
+ "revCount": 6127,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -585,11 +585,11 @@
]
},
"locked": {
- "lastModified": 1739048983,
- "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=",
+ "lastModified": 1745951494,
+ "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
- "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8",
+ "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e",
"type": "github"
},
"original": {
@@ -614,11 +614,11 @@
]
},
"locked": {
- "lastModified": 1744468525,
- "narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=",
+ "lastModified": 1746655412,
+ "narHash": "sha256-kVQ0bHVtX6baYxRWWIh4u3LNJZb9Zcm2xBeDPOGz5BY=",
"owner": "hyprwm",
"repo": "hyprlang",
- "rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df",
+ "rev": "557241780c179cf7ef224df392f8e67dab6cef83",
"type": "github"
},
"original": {
@@ -635,11 +635,11 @@
"systems": "systems_5"
},
"locked": {
- "lastModified": 1745357051,
- "narHash": "sha256-iA+aN9HYnqukhD1nHWuS903NHE90J+KFiGGL4wXZHgM=",
+ "lastModified": 1747584204,
+ "narHash": "sha256-F3hXDTk28yyFzkDpsWbhrU+QbUzjMsVX9/jO/aTLJwc=",
"owner": "hyprwm",
"repo": "hyprpicker",
- "rev": "5dcb341c13be994e954eb6d0b3a59c20f7db93f9",
+ "rev": "500c46185dd4f2b5e16cd1a4edfe9ed1e126452e",
"type": "github"
},
"original": {
@@ -657,11 +657,11 @@
"systems": "systems_6"
},
"locked": {
- "lastModified": 1742816163,
- "narHash": "sha256-EIJka3UtSEtmkDBjYiGeR/hO6s6R4x3K+rbUlc9KPBE=",
+ "lastModified": 1746481417,
+ "narHash": "sha256-mal2vIpRz5BU/0ll6gP/N2FqjFtgFNDgMBgoI6tLWag=",
"owner": "hyprwm",
"repo": "hyprsunset",
- "rev": "7b7339f0deef23ec23a723651528cb8ae56c11d9",
+ "rev": "2a8ef76c6a77ca249e4613fefcd96bad74b5f9b2",
"type": "github"
},
"original": {
@@ -682,11 +682,11 @@
]
},
"locked": {
- "lastModified": 1743950287,
- "narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=",
+ "lastModified": 1746635225,
+ "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=",
"owner": "hyprwm",
"repo": "hyprutils",
- "rev": "f2dc70e448b994cef627a157ee340135bd68fbc6",
+ "rev": "674ea57373f08b7609ce93baff131117a0dfe70d",
"type": "github"
},
"original": {
@@ -856,11 +856,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
- "lastModified": 1745373052,
- "narHash": "sha256-YoxUn3PXwLN7GxtzRLNAWBAgE728FwLy2oy9roiz/Xg=",
+ "lastModified": 1747620037,
+ "narHash": "sha256-M5yyl1Cp5rolwGBuCEKXG6qJj9lao16lshqPF83z0qs=",
"owner": "fufexan",
"repo": "nix-gaming",
- "rev": "8582d6d908005589e1e0818da7558d63edbbbaf2",
+ "rev": "5d7985a2d5c877f6a276a2b024fff6bb2995ff24",
"type": "github"
},
"original": {
@@ -871,11 +871,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1745503349,
- "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
+ "lastModified": 1747684167,
+ "narHash": "sha256-l6jbonaboCBlB8lCjBkrqgh2zEnvt6F3f4dOU/8CLd4=",
"owner": "nixos",
"repo": "nixos-hardware",
- "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
+ "rev": "e8f38b2c19c0647e39021c3d47172ff5469af8a9",
"type": "github"
},
"original": {
@@ -886,11 +886,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1703013332,
- "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
+ "lastModified": 1745391562,
+ "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
+ "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github"
},
"original": {
@@ -948,11 +948,11 @@
},
"nixpkgs_11": {
"locked": {
- "lastModified": 1745391562,
- "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+ "lastModified": 1747542820,
+ "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+ "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"type": "github"
},
"original": {
@@ -1044,11 +1044,11 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1744868846,
- "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
+ "lastModified": 1747426788,
+ "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c",
+ "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3",
"type": "github"
},
"original": {
@@ -1060,11 +1060,11 @@
},
"nixpkgs_8": {
"locked": {
- "lastModified": 1745391562,
- "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+ "lastModified": 1747542820,
+ "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+ "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
"type": "github"
},
"original": {
@@ -1137,11 +1137,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
- "lastModified": 1745506616,
- "narHash": "sha256-m8M88SUdaKeB2+l+tvyh7I4L7NLWsF/E5Td0y7UGIPo=",
+ "lastModified": 1747683907,
+ "narHash": "sha256-dgEK4d1QPNFhv0s5s9lpvEWOVBlRZENp7TVh8V8qYDU=",
"owner": "nix-community",
"repo": "NUR",
- "rev": "d900870bec8e29aae928c868ecea88f220ae87fa",
+ "rev": "64046fedb710701f87e5e86390b4dbe77f1d733b",
"type": "github"
},
"original": {
@@ -1184,11 +1184,11 @@
]
},
"locked": {
- "lastModified": 1742649964,
- "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
+ "lastModified": 1747372754,
+ "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"owner": "cachix",
"repo": "git-hooks.nix",
- "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
+ "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"type": "github"
},
"original": {
@@ -1387,11 +1387,11 @@
]
},
"locked": {
- "lastModified": 1744644585,
- "narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=",
+ "lastModified": 1745871725,
+ "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
- "rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26",
+ "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 8db7ef7..2e189ed 100644
--- a/flake.nix
+++ b/flake.nix
@@ -9,7 +9,7 @@
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
-
+
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
@@ -32,74 +32,113 @@
nix-gaming.url = "github:fufexan/nix-gaming";
};
- outputs = { self, nixpkgs, catppuccin, agenix, ...} @ inputs:
- let
- overlays = import ./overlays/default.nix;
- username = "liv";
- system = "x86_64-linux";
- pkgs = import nixpkgs {
- inherit system;
- };
- lib = nixpkgs.lib;
- in
- {
- overlays.default = overlays.addition;
- nixosConfigurations = {
- desktop = nixpkgs.lib.nixosSystem {
+ outputs =
+ {
+ self,
+ nixpkgs,
+ catppuccin,
+ agenix,
+ ...
+ }@inputs:
+ let
+ overlays = import ./overlays/default.nix;
+ username = "liv";
+ system = "x86_64-linux";
+ pkgs = import nixpkgs {
inherit system;
- modules = [(
- import ./hosts/desktop
- )];
- specialArgs = { host="desktop"; inherit self inputs username ; };
- };
- sakura = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [
- (import ./hosts/sakura)
- agenix.nixosModules.default
- ];
- specialArgs = { host="sakura"; inherit self inputs username ; };
- };
- yoshino = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [
- (import ./hosts/yoshino)
- agenix.nixosModules.default
- ];
- specialArgs = { host="yoshino"; inherit self inputs username ; };
- };
- ichiyo = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [
- (import ./hosts/ichiyo)
- agenix.nixosModules.default
- ];
- specialArgs = { host="ichiyo"; inherit self inputs username ; };
- };
- violet = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [
- (import ./hosts/violet)
- agenix.nixosModules.default
- ];
- specialArgs = { host="violet"; inherit self inputs username; };
- };
- dandelion = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [
- (import ./hosts/dandelion)
- agenix.nixosModules.default
- ];
- specialArgs = { host="dandelion"; inherit self inputs username; };
};
+ lib = nixpkgs.lib;
+ in
+ {
+ overlays.default = overlays.addition;
+ nixosConfigurations = {
+ desktop = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/desktop)
+ ];
+ specialArgs = {
+ host = "desktop";
+ inherit self inputs username;
+ };
+ };
+ sakura = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/sakura)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "sakura";
+ inherit self inputs username;
+ };
+ };
+ yoshino = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/yoshino)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "yoshino";
+ inherit self inputs username;
+ };
+ };
+ ichiyo = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/ichiyo)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "ichiyo";
+ inherit self inputs username;
+ };
+ };
+ violet = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/violet)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "violet";
+ inherit self inputs username;
+ };
+ };
+ dandelion = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/dandelion)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "dandelion";
+ inherit self inputs username;
+ };
+ };
+ lily = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/lily)
+ agenix.nixosModules.default
+ ];
+ specialArgs = {
+ host = "lily";
+ inherit self inputs username;
+ };
+ };
- vm = nixpkgs.lib.nixosSystem {
- inherit system;
- modules = [(
- import ./hosts/vm
- )];
- specialArgs = { host="vm"; inherit self inputs username ; };
+ vm = nixpkgs.lib.nixosSystem {
+ inherit system;
+ modules = [
+ (import ./hosts/vm)
+ ];
+ specialArgs = {
+ host = "vm";
+ inherit self inputs username;
+ };
+ };
};
};
- };
}
diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix
index 6ecda6d..98e0a49 100644
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
{
imports = [
./hardware-configuration.nix
diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix
new file mode 100644
index 0000000..2d36d14
--- /dev/null
+++ b/hosts/lily/default.nix
@@ -0,0 +1,95 @@
+{
+ lib,
+ pkgs,
+ config,
+ ...
+}:
+let
+ externalInterface = "wan0";
+ # networks = config.homelab.networks.local;
+ # internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks;
+ # internalIPs = lib.mapAttrsToList (
+ # _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24"
+ # ) networks;
+in
+{
+ imports = [
+ ./hardware-configuration.nix
+ ./variables.nix
+ ./dns.nix
+ ./wireguard.nix
+ ./../../modules/core/default.router.nix
+ ./../../modules/services/lily.nix
+ ];
+
+ liv = {
+ server.enable = true;
+ router.enable = true;
+ };
+
+ boot = {
+ loader.grub = {
+ enable = true;
+ device = "/dev/sda";
+ useOSProber = true;
+ };
+ kernel = {
+ sysctl = {
+ # Forward both IPv4 and IPv6 on all interfaces
+ "net.ipv4.conf.all.forwarding" = true;
+ "net.ipv6.conf.all.forwarding" = false;
+
+ # By default, do not automatically configure any IPv6 addresses.
+ # "net.ipv6.conf.all.accept_ra" = 0;
+ # "net.ipv6.conf.all.autoconf" = 0;
+ # "net.ipv6.conf.all.use_tempaddr" = 0;
+
+ # Allow IPv6 autoconfiguration and tempory address use on WAN.
+ "net.ipv6.conf.${externalInterface}.accept_ra" = 2;
+ "net.ipv6.conf.${externalInterface}.autoconf" = 1;
+ };
+ };
+ };
+
+ networking = {
+ firewall = {
+ enable = false;
+ allowPing = true;
+
+ # allow ssh on *all* interfaces, even wan.
+ allowedTCPPorts = lib.mkForce [ 22 ];
+ allowedUDPPorts = lib.mkForce [ 22 ];
+
+ # interface-specific rules
+ interfaces = {
+ "lan0" = {
+ allowedTCPPorts = [
+ 22
+ 53
+ ];
+ allowedUDPPorts = [
+ 22
+ 53
+ ];
+ };
+ };
+ };
+ };
+
+ services.udev.extraRules = ''
+ SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0"
+ SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0"
+ SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1"
+ SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2"
+ '';
+
+ networking.hostName = "lily";
+
+ time.timeZone = "Europe/Amsterdam";
+
+ environment.systemPackages = with pkgs; [
+ kitty.terminfo
+ tcpdump
+ dnsutils
+ ];
+}
diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix
new file mode 100644
index 0000000..b754a51
--- /dev/null
+++ b/hosts/lily/dns.nix
@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+{
+ services = {
+ dnsmasq = {
+ enable = true;
+ settings = {
+ cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
+ server = [
+ "9.9.9.9"
+ "149.112.112.112"
+ ];
+ domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
+ bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
+ no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
+
+ # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
+ dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
+ interface = "br-lan";
+ dhcp-host = "172.16.10.1";
+
+ # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
+ local = "/local/";
+ domain = "local";
+ expand-hosts = true;
+
+ no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
+ address = "/booping.local/172.16.10.1";
+ };
+ };
+ };
+}
diff --git a/hosts/lily/hardware-configuration.nix b/hosts/lily/hardware-configuration.nix
new file mode 100644
index 0000000..b0c372b
--- /dev/null
+++ b/hosts/lily/hardware-configuration.nix
@@ -0,0 +1,37 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee";
+ fsType = "ext4";
+ };
+
+ swapDevices =
+ [ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; }
+ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces..useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+ # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/lily/variables.nix b/hosts/lily/variables.nix
new file mode 100644
index 0000000..00f986e
--- /dev/null
+++ b/hosts/lily/variables.nix
@@ -0,0 +1,19 @@
+{
+ lib,
+ config,
+ ...
+}:
+let
+ inherit (lib) mkOption types;
+ inherit (config.liv) variables;
+in
+{
+ options.liv.variables.lily = {
+ thisMachine = mkOption {
+ default = "lily.srv.${variables.primaryDomain}";
+ type = types.str;
+ readOnly = true;
+ description = "Domain of this specific machine";
+ };
+ };
+}
diff --git a/hosts/lily/wireguard.nix b/hosts/lily/wireguard.nix
new file mode 100644
index 0000000..0db3279
--- /dev/null
+++ b/hosts/lily/wireguard.nix
@@ -0,0 +1,3 @@
+{
+
+}
diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix
index 68d3e51..882e5af 100644
--- a/hosts/sakura/default.nix
+++ b/hosts/sakura/default.nix
@@ -10,6 +10,7 @@
./hardware-configuration.nix
./../../modules/core
./../../modules/core/virtualization.nix
+ ./../../modules/services/tailscale.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];
diff --git a/modules/core/default.router.nix b/modules/core/default.router.nix
new file mode 100644
index 0000000..c0f7c80
--- /dev/null
+++ b/modules/core/default.router.nix
@@ -0,0 +1,11 @@
+{ ... }:
+{
+ imports =
+ [ (import ./hardware.nix) ]
+ ++ [ (import ./program.nix) ]
+ ++ [ (import ./sshd.nix) ]
+ ++ [ (import ./security.nix) ]
+ ++ [ (import ./services.nix) ]
+ ++ [ (import ./system.nix) ]
+ ++ [ (import ./user.nix) ];
+}
diff --git a/modules/core/user.nix b/modules/core/user.nix
index b96dbee..ee3ecce 100644
--- a/modules/core/user.nix
+++ b/modules/core/user.nix
@@ -23,6 +23,8 @@
[ ./../home/default.server.nix ]
else if (host == "dandelion") then
[ ./../home/default.server.nix ]
+ else if (host == "lily") then
+ [ ./../home/default.server.nix ]
# else if (host == "yoshino") then
# [ ./../home/default.nix ]
else
diff --git a/modules/home/hyprland/scripts.nix b/modules/home/hyprland/scripts.nix
index 00e6896..6aca500 100644
--- a/modules/home/hyprland/scripts.nix
+++ b/modules/home/hyprland/scripts.nix
@@ -12,6 +12,9 @@
case "$1" in
"w") setbg "$file" ;;
"d") mv "$file" "$HOME/.trash/";;
+ "s") mkdir -p "$HOME/temp" && cp "$file" "$HOME/temp" ;;
+ "r") mkdir -p "$HOME/temp" && cp "$(basename "$file" ".JPG").RAF" "$HOME/temp" ;;
+ "e") echo -e "'$(pwd)"/"$(basename "$file" ".JPG").RAF'\n'$(pwd)/""$file""'" ;;
esac
done
'';
diff --git a/modules/home/packages.nix b/modules/home/packages.nix
index ce2d3de..73b9fa8 100644
--- a/modules/home/packages.nix
+++ b/modules/home/packages.nix
@@ -81,6 +81,7 @@
# Email/calendar/etc
neomutt
+ w3m
khard
khal
vdirsyncer
diff --git a/modules/services/lily.nix b/modules/services/lily.nix
new file mode 100644
index 0000000..2774318
--- /dev/null
+++ b/modules/services/lily.nix
@@ -0,0 +1,10 @@
+{ ... }:
+{
+ imports =
+ [ (import ./docker.nix) ]
+ ++ [ (import ./monitoring.nix) ]
+ ++ [ (import ./smart-monitoring.nix) ]
+ ++ [ (import ./unifi.nix) ]
+ ++ [ (import ./tailscale.nix) ]
+ ++ [ (import ./grafana.nix) ];
+}
diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix
new file mode 100644
index 0000000..d886410
--- /dev/null
+++ b/modules/services/tailscale.nix
@@ -0,0 +1,3 @@
+{
+ services.tailscale.enable = true;
+}
diff --git a/modules/services/unifi.nix b/modules/services/unifi.nix
new file mode 100644
index 0000000..c206c3d
--- /dev/null
+++ b/modules/services/unifi.nix
@@ -0,0 +1,66 @@
+{ pkgs, lib, ... }:
+
+{
+ services.unifi = {
+ enable = true;
+ unifiPackage = pkgs.unifi8;
+ mongodbPackage = pkgs.mongodb-7_0;
+ };
+ # services.nginx = {
+ # enable = true;
+ # recommendedProxySettings = true;
+
+ # virtualHosts."unifi.local" = {
+ # forceSSL = true;
+ # useACMEHost = "unifi.local";
+ # locations."/" = {
+ # proxyPass = "https://127.0.0.1:8443";
+ # proxyWebsockets = true;
+ # };
+ # };
+ # };
+ # virtualisation.oci-containers.containers."unifi" = {
+ # image = "lscr.io/linuxserver/unifi-network-application:latest";
+ # autoStart = true;
+ # environmentFiles = [ /run/unifi/container-vars.env ];
+ # volumes = [
+ # "/etc/localtime:/etc/localtime:ro"
+ # "/run/unifi/data:/config"
+ # ];
+ # ports = [
+ # "8443:8443" # web admin UI
+ # "3478:3478/udp" # STUN
+ # "10001:10001/udp" # AP discovery
+ # "8080:8080" # device communication
+ # "6789:6789/udp" # mobile throughput test (assumption: wifiman)
+ # "5514:5514/udp" # remote syslog (optional)
+ # ];
+ # dependsOn = [
+ # "unifi-mongo"
+ # ];
+ # log-driver = "journald";
+ # };
+ # virtualisation.oci-containers.containers."unifi-mongo" = {
+ # image = "mongo:latest";
+ # autoStart = true;
+ # volumes = [
+ # "/etc/localtime:/etc/localtime:ro"
+ # "/run/unifi/mongo/db:/data/db"
+ # "/run/unifi/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro"
+ # ];
+ # log-driver = "journald";
+ # };
+
+ networking.firewall.interfaces."lan0" = {
+ allowedTCPPorts = [
+ 8443 # web admin UI
+ 8080 # device communication
+ ];
+ allowedUDPPorts = [
+ 6789 # mobile throughput test (assumption: wifiman)
+ 5514 # remote syslog (optional)
+ 3478 # STUN
+ 10001 # AP discovery
+ ];
+ };
+}
diff --git a/roles/default.nix b/roles/default.nix
index 0d11aa1..8f3d3c2 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -5,6 +5,7 @@
++ [ (import ./amdgpu.nix) ]
++ [ (import ./nvidia.nix) ]
++ [ (import ./server.nix) ]
+ ++ [ (import ./router.nix) ]
++ [ (import ./desktop.nix) ]
++ [ (import ./wine.nix) ]
++ [ (import ./creative.nix) ]
diff --git a/roles/router.nix b/roles/router.nix
new file mode 100644
index 0000000..a762d7d
--- /dev/null
+++ b/roles/router.nix
@@ -0,0 +1,46 @@
+{
+ lib,
+ pkgs,
+ config,
+ username,
+ home-manager,
+ ...
+}:
+with lib;
+let
+ cfg = config.liv.router;
+in
+{
+ options.liv.router = {
+ enable = mkEnableOption "Enable router";
+ };
+
+ config = mkIf cfg.enable {
+ environment.systemPackages = with pkgs; [
+ pkgs.kitty.terminfo
+ powertop
+ bind
+ ];
+
+ services = {
+ thermald.enable = true;
+ vnstat.enable = true;
+ # cpupower-gui.enable = true;
+ # power-profiles-daemon.enable = true;
+
+ # auto-cpufreq = {
+ # enable = true;
+ # settings = {
+ # battery = {
+ # governor = "powersave";
+ # turbo = "auto";
+ # };
+ # charger = {
+ # governor = "performance";
+ # turbo = "auto";
+ # };
+ # };
+ # };
+ };
+ };
+}