From 966ed75d858434928401fe75957097352a976319 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 15 May 2025 21:32:38 +0200 Subject: [PATCH 01/22] feat: adds lily to hosts --- hosts/lily/default.nix | 41 ++++++++++++++++++++++++++++++++++++++++ hosts/lily/variables.nix | 19 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 hosts/lily/default.nix create mode 100644 hosts/lily/variables.nix diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix new file mode 100644 index 0000000..b7772a7 --- /dev/null +++ b/hosts/lily/default.nix @@ -0,0 +1,41 @@ +{ pkgs, config, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./variables.nix + ./../../modules/core/default.server.nix + ]; + + networking.hostName = "lily"; + + liv.server.enable = true; + + time.timeZone = "Europe/Amsterdam"; + + environment.systemPackages = with pkgs; [ + kitty.terminfo + zfs + ]; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + supportedFilesystems = [ "zfs" ]; + }; + + networking.hostId = "8wfk1d8a"; + + services.zfs = { + autoScrub.enable = true; + trim.enable = true; + }; + + # boot.zfs.extraPools = [ "terrabite" ]; + + # fileSystems."/terrabite/main" = { + # device = "terrabite/main"; + # fsType = "zfs"; + # }; +} diff --git a/hosts/lily/variables.nix b/hosts/lily/variables.nix new file mode 100644 index 0000000..00f986e --- /dev/null +++ b/hosts/lily/variables.nix @@ -0,0 +1,19 @@ +{ + lib, + config, + ... +}: +let + inherit (lib) mkOption types; + inherit (config.liv) variables; +in +{ + options.liv.variables.lily = { + thisMachine = mkOption { + default = "lily.srv.${variables.primaryDomain}"; + type = types.str; + readOnly = true; + description = "Domain of this specific machine"; + }; + }; +} From e17ee3f1fe3edf92e0b8bc417b3d4dc4d790695f Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 15 May 2025 21:33:47 +0200 Subject: [PATCH 02/22] feat: adds back w3m because of html emails grr --- modules/home/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/packages.nix b/modules/home/packages.nix index ce2d3de..73b9fa8 100644 --- a/modules/home/packages.nix +++ b/modules/home/packages.nix @@ -81,6 +81,7 @@ # Email/calendar/etc neomutt + w3m khard khal vdirsyncer From c2a9740c77adefa361e07ac9325e28dce069fd4d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Thu, 15 May 2025 21:33:57 +0200 Subject: [PATCH 03/22] fix: set correct update date for screenshot --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 63e92f8..0ce532e 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@


- Screenshots last updated 2024-09-04 + Screenshot last updated 2025-05-11

# Overview From 68c1a1f808e8c0adf421226a4cb9c05a8b58e8f8 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 16 May 2025 01:24:40 +0200 Subject: [PATCH 04/22] feat: adds lily to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0ce532e..c42c555 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ - [ichiyo](hosts/ichiyo/): Laptop (ichiyo) specific configuration - [violet](hosts/violet/): Server (violet) specific configuration - [dandelion](hosts/dandelion/): Server (dandelion) specific configuration + - [lily](hosts/lily/): Router (lily) specific configuration - [modules](modules): modularized NixOS configurations - [core](modules/core/): core NixOS configuration - [homes](modules/home/): my [Home-Manager](https://github.com/nix-community/home-manager) config From 1d91a363dfc8acd5f06bc1000c2c650042e11a62 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 16 May 2025 01:35:44 +0200 Subject: [PATCH 05/22] feat: adds lily to flake --- flake.nix | 171 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 105 insertions(+), 66 deletions(-) diff --git a/flake.nix b/flake.nix index 8db7ef7..2e189ed 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - + hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; inputs.nixpkgs.follows = "nixpkgs"; @@ -32,74 +32,113 @@ nix-gaming.url = "github:fufexan/nix-gaming"; }; - outputs = { self, nixpkgs, catppuccin, agenix, ...} @ inputs: - let - overlays = import ./overlays/default.nix; - username = "liv"; - system = "x86_64-linux"; - pkgs = import nixpkgs { - inherit system; - }; - lib = nixpkgs.lib; - in - { - overlays.default = overlays.addition; - nixosConfigurations = { - desktop = nixpkgs.lib.nixosSystem { + outputs = + { + self, + nixpkgs, + catppuccin, + agenix, + ... + }@inputs: + let + overlays = import ./overlays/default.nix; + username = "liv"; + system = "x86_64-linux"; + pkgs = import nixpkgs { inherit system; - modules = [( - import ./hosts/desktop - )]; - specialArgs = { host="desktop"; inherit self inputs username ; }; - }; - sakura = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/sakura) - agenix.nixosModules.default - ]; - specialArgs = { host="sakura"; inherit self inputs username ; }; - }; - yoshino = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/yoshino) - agenix.nixosModules.default - ]; - specialArgs = { host="yoshino"; inherit self inputs username ; }; - }; - ichiyo = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/ichiyo) - agenix.nixosModules.default - ]; - specialArgs = { host="ichiyo"; inherit self inputs username ; }; - }; - violet = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/violet) - agenix.nixosModules.default - ]; - specialArgs = { host="violet"; inherit self inputs username; }; - }; - dandelion = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - (import ./hosts/dandelion) - agenix.nixosModules.default - ]; - specialArgs = { host="dandelion"; inherit self inputs username; }; }; + lib = nixpkgs.lib; + in + { + overlays.default = overlays.addition; + nixosConfigurations = { + desktop = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/desktop) + ]; + specialArgs = { + host = "desktop"; + inherit self inputs username; + }; + }; + sakura = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/sakura) + agenix.nixosModules.default + ]; + specialArgs = { + host = "sakura"; + inherit self inputs username; + }; + }; + yoshino = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/yoshino) + agenix.nixosModules.default + ]; + specialArgs = { + host = "yoshino"; + inherit self inputs username; + }; + }; + ichiyo = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/ichiyo) + agenix.nixosModules.default + ]; + specialArgs = { + host = "ichiyo"; + inherit self inputs username; + }; + }; + violet = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/violet) + agenix.nixosModules.default + ]; + specialArgs = { + host = "violet"; + inherit self inputs username; + }; + }; + dandelion = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/dandelion) + agenix.nixosModules.default + ]; + specialArgs = { + host = "dandelion"; + inherit self inputs username; + }; + }; + lily = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/lily) + agenix.nixosModules.default + ]; + specialArgs = { + host = "lily"; + inherit self inputs username; + }; + }; - vm = nixpkgs.lib.nixosSystem { - inherit system; - modules = [( - import ./hosts/vm - )]; - specialArgs = { host="vm"; inherit self inputs username ; }; + vm = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + (import ./hosts/vm) + ]; + specialArgs = { + host = "vm"; + inherit self inputs username; + }; + }; }; }; - }; } From 71d816fe804925da5d3c4fbdf8a885346040c16e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Fri, 16 May 2025 11:28:56 +0200 Subject: [PATCH 06/22] feat: adds correct files for `lily` --- hosts/lily/default.nix | 10 ++++---- hosts/lily/hardware-configuration.nix | 37 +++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 hosts/lily/hardware-configuration.nix diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix index b7772a7..21b6992 100644 --- a/hosts/lily/default.nix +++ b/hosts/lily/default.nix @@ -18,20 +18,20 @@ ]; boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; supportedFilesystems = [ "zfs" ]; }; - networking.hostId = "8wfk1d8a"; + networking.hostId = "8ddb2a9b"; services.zfs = { autoScrub.enable = true; trim.enable = true; }; + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.useOSProber = true; + # boot.zfs.extraPools = [ "terrabite" ]; # fileSystems."/terrabite/main" = { diff --git a/hosts/lily/hardware-configuration.nix b/hosts/lily/hardware-configuration.nix new file mode 100644 index 0000000..b0c372b --- /dev/null +++ b/hosts/lily/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.eno2.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 1b8b3f607d0c342e7169c43dec68bdefeb1b2d3d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 17:30:47 +0200 Subject: [PATCH 07/22] feat: create router role --- roles/default.nix | 1 + roles/router.nix | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) create mode 100644 roles/router.nix diff --git a/roles/default.nix b/roles/default.nix index 0d11aa1..8f3d3c2 100644 --- a/roles/default.nix +++ b/roles/default.nix @@ -5,6 +5,7 @@ ++ [ (import ./amdgpu.nix) ] ++ [ (import ./nvidia.nix) ] ++ [ (import ./server.nix) ] + ++ [ (import ./router.nix) ] ++ [ (import ./desktop.nix) ] ++ [ (import ./wine.nix) ] ++ [ (import ./creative.nix) ] diff --git a/roles/router.nix b/roles/router.nix new file mode 100644 index 0000000..a762d7d --- /dev/null +++ b/roles/router.nix @@ -0,0 +1,46 @@ +{ + lib, + pkgs, + config, + username, + home-manager, + ... +}: +with lib; +let + cfg = config.liv.router; +in +{ + options.liv.router = { + enable = mkEnableOption "Enable router"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + pkgs.kitty.terminfo + powertop + bind + ]; + + services = { + thermald.enable = true; + vnstat.enable = true; + # cpupower-gui.enable = true; + # power-profiles-daemon.enable = true; + + # auto-cpufreq = { + # enable = true; + # settings = { + # battery = { + # governor = "powersave"; + # turbo = "auto"; + # }; + # charger = { + # governor = "performance"; + # turbo = "auto"; + # }; + # }; + # }; + }; + }; +} From 87338c456882475cdc2a41e4e94dcb7920ee66ca Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 17:32:21 +0200 Subject: [PATCH 08/22] feat: also use server home config for host lily --- modules/core/user.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/core/user.nix b/modules/core/user.nix index b96dbee..ee3ecce 100644 --- a/modules/core/user.nix +++ b/modules/core/user.nix @@ -23,6 +23,8 @@ [ ./../home/default.server.nix ] else if (host == "dandelion") then [ ./../home/default.server.nix ] + else if (host == "lily") then + [ ./../home/default.server.nix ] # else if (host == "yoshino") then # [ ./../home/default.nix ] else From 27d6950542aa9813dd5fb00598ae3ca8d503308d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 17:32:31 +0200 Subject: [PATCH 09/22] feat: add router core config --- modules/core/default.router.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 modules/core/default.router.nix diff --git a/modules/core/default.router.nix b/modules/core/default.router.nix new file mode 100644 index 0000000..c0f7c80 --- /dev/null +++ b/modules/core/default.router.nix @@ -0,0 +1,11 @@ +{ ... }: +{ + imports = + [ (import ./hardware.nix) ] + ++ [ (import ./program.nix) ] + ++ [ (import ./sshd.nix) ] + ++ [ (import ./security.nix) ] + ++ [ (import ./services.nix) ] + ++ [ (import ./system.nix) ] + ++ [ (import ./user.nix) ]; +} From c6601da4e073364aeb4c0ab6c22c20939b024259 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 17:33:57 +0200 Subject: [PATCH 10/22] feat: import correct files, set some kernel options, get started on firewall, rename network interfaces --- hosts/lily/default.nix | 89 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 77 insertions(+), 12 deletions(-) diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix index 21b6992..acc1a6c 100644 --- a/hosts/lily/default.nix +++ b/hosts/lily/default.nix @@ -1,14 +1,87 @@ -{ pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: +let + externalInterface = "wan0"; + # networks = config.homelab.networks.local; + # internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks; + # internalIPs = lib.mapAttrsToList ( + # _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24" + # ) networks; +in { imports = [ ./hardware-configuration.nix ./variables.nix - ./../../modules/core/default.server.nix + ./../../modules/core/default.router.nix ]; - networking.hostName = "lily"; + liv = { + server.enable = true; + router.enable = true; + }; - liv.server.enable = true; + boot = { + supportedFilesystems = [ "zfs" ]; + loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + kernel = { + sysctl = { + # Forward both IPv4 and IPv6 on all interfaces + "net.ipv4.conf.all.forwarding" = true; + "net.ipv6.conf.all.forwarding" = false; + + # By default, do not automatically configure any IPv6 addresses. + # "net.ipv6.conf.all.accept_ra" = 0; + # "net.ipv6.conf.all.autoconf" = 0; + # "net.ipv6.conf.all.use_tempaddr" = 0; + + # Allow IPv6 autoconfiguration and tempory address use on WAN. + "net.ipv6.conf.${externalInterface}.accept_ra" = 2; + "net.ipv6.conf.${externalInterface}.autoconf" = 1; + }; + }; + }; + + networking = { + firewall = { + enable = true; + allowPing = true; + + # allow ssh on *all* interfaces, even wan. + allowedTCPPorts = lib.mkForce [ 22 ]; + allowedUDPPorts = lib.mkForce [ 22 ]; + + # interface-specific rules + interfaces = { + "lan0" = { + allowedTCPPorts = [ + 22 + 53 + ]; + allowedUDPPorts = [ + 22 + 53 + ]; + }; + }; + }; + }; + + services.udev.extraRules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1" + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2" + ''; + + networking.hostName = "lily"; time.timeZone = "Europe/Amsterdam"; @@ -17,10 +90,6 @@ zfs ]; - boot = { - supportedFilesystems = [ "zfs" ]; - }; - networking.hostId = "8ddb2a9b"; services.zfs = { @@ -28,10 +97,6 @@ trim.enable = true; }; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.useOSProber = true; - # boot.zfs.extraPools = [ "terrabite" ]; # fileSystems."/terrabite/main" = { From c4a99482cfc538616b740d59175e28fa18820235 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 18:20:19 +0200 Subject: [PATCH 11/22] feat: adds packages, import dns file; chore: cleanup some zfs stuff --- hosts/lily/default.nix | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix index acc1a6c..8d47c90 100644 --- a/hosts/lily/default.nix +++ b/hosts/lily/default.nix @@ -16,6 +16,7 @@ in imports = [ ./hardware-configuration.nix ./variables.nix + ./dns.nix ./../../modules/core/default.router.nix ]; @@ -87,20 +88,7 @@ in environment.systemPackages = with pkgs; [ kitty.terminfo - zfs + tcpdump + dnsutils ]; - - networking.hostId = "8ddb2a9b"; - - services.zfs = { - autoScrub.enable = true; - trim.enable = true; - }; - - # boot.zfs.extraPools = [ "terrabite" ]; - - # fileSystems."/terrabite/main" = { - # device = "terrabite/main"; - # fsType = "zfs"; - # }; } From 232e57415a12ff5f1495af80ac1f8a2ff5c5dd20 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sat, 17 May 2025 18:20:32 +0200 Subject: [PATCH 12/22] feat: enable dnsmasq --- hosts/lily/dns.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 hosts/lily/dns.nix diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix new file mode 100644 index 0000000..32263f0 --- /dev/null +++ b/hosts/lily/dns.nix @@ -0,0 +1,12 @@ +{ lib, config, ... }: +{ + services = { + dnsmasq = { + enable = true; + settings = { + cache-size = 10000; + server = [ "127.0.0.1#53" ]; + }; + }; + }; +} From 02dea23351a671fe967c70bea8018fcbc159e07e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 14:07:34 +0200 Subject: [PATCH 13/22] refactor: prettier --- hosts/dandelion/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/hosts/dandelion/default.nix b/hosts/dandelion/default.nix index 6ecda6d..98e0a49 100644 --- a/hosts/dandelion/default.nix +++ b/hosts/dandelion/default.nix @@ -1,4 +1,9 @@ -{ pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: { imports = [ ./hardware-configuration.nix From eb6151b1ac5066964b93e82506b39706ac9d4b0b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 14:08:48 +0200 Subject: [PATCH 14/22] feat: import wireguard to lily, import lily's services, disable firewall temporarily; chore: remove an old zfs line --- hosts/lily/default.nix | 5 +++-- hosts/lily/wireguard.nix | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 hosts/lily/wireguard.nix diff --git a/hosts/lily/default.nix b/hosts/lily/default.nix index 8d47c90..2d36d14 100644 --- a/hosts/lily/default.nix +++ b/hosts/lily/default.nix @@ -17,7 +17,9 @@ in ./hardware-configuration.nix ./variables.nix ./dns.nix + ./wireguard.nix ./../../modules/core/default.router.nix + ./../../modules/services/lily.nix ]; liv = { @@ -26,7 +28,6 @@ in }; boot = { - supportedFilesystems = [ "zfs" ]; loader.grub = { enable = true; device = "/dev/sda"; @@ -52,7 +53,7 @@ in networking = { firewall = { - enable = true; + enable = false; allowPing = true; # allow ssh on *all* interfaces, even wan. diff --git a/hosts/lily/wireguard.nix b/hosts/lily/wireguard.nix new file mode 100644 index 0000000..0db3279 --- /dev/null +++ b/hosts/lily/wireguard.nix @@ -0,0 +1,3 @@ +{ + +} From 88177be9a7ce93e3d80520e5a3422267e0f8e35e Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 14:09:08 +0200 Subject: [PATCH 15/22] feat: adds unifi service so that lily can host that --- modules/services/unifi.nix | 66 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 modules/services/unifi.nix diff --git a/modules/services/unifi.nix b/modules/services/unifi.nix new file mode 100644 index 0000000..c206c3d --- /dev/null +++ b/modules/services/unifi.nix @@ -0,0 +1,66 @@ +{ pkgs, lib, ... }: + +{ + services.unifi = { + enable = true; + unifiPackage = pkgs.unifi8; + mongodbPackage = pkgs.mongodb-7_0; + }; + # services.nginx = { + # enable = true; + # recommendedProxySettings = true; + + # virtualHosts."unifi.local" = { + # forceSSL = true; + # useACMEHost = "unifi.local"; + # locations."/" = { + # proxyPass = "https://127.0.0.1:8443"; + # proxyWebsockets = true; + # }; + # }; + # }; + # virtualisation.oci-containers.containers."unifi" = { + # image = "lscr.io/linuxserver/unifi-network-application:latest"; + # autoStart = true; + # environmentFiles = [ /run/unifi/container-vars.env ]; + # volumes = [ + # "/etc/localtime:/etc/localtime:ro" + # "/run/unifi/data:/config" + # ]; + # ports = [ + # "8443:8443" # web admin UI + # "3478:3478/udp" # STUN + # "10001:10001/udp" # AP discovery + # "8080:8080" # device communication + # "6789:6789/udp" # mobile throughput test (assumption: wifiman) + # "5514:5514/udp" # remote syslog (optional) + # ]; + # dependsOn = [ + # "unifi-mongo" + # ]; + # log-driver = "journald"; + # }; + # virtualisation.oci-containers.containers."unifi-mongo" = { + # image = "mongo:latest"; + # autoStart = true; + # volumes = [ + # "/etc/localtime:/etc/localtime:ro" + # "/run/unifi/mongo/db:/data/db" + # "/run/unifi/mongo/init-mongo.js:/docker-entrypoint-initdb.d/init-mongo.js:ro" + # ]; + # log-driver = "journald"; + # }; + + networking.firewall.interfaces."lan0" = { + allowedTCPPorts = [ + 8443 # web admin UI + 8080 # device communication + ]; + allowedUDPPorts = [ + 6789 # mobile throughput test (assumption: wifiman) + 5514 # remote syslog (optional) + 3478 # STUN + 10001 # AP discovery + ]; + }; +} From f11ba8c63c7ee8c854334daed01b90e2d7624b0d Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 14:09:33 +0200 Subject: [PATCH 16/22] feat: adds services for lily to run --- modules/services/lily.nix | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 modules/services/lily.nix diff --git a/modules/services/lily.nix b/modules/services/lily.nix new file mode 100644 index 0000000..2e33b08 --- /dev/null +++ b/modules/services/lily.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + imports = + [ (import ./docker.nix) ] + ++ [ (import ./monitoring.nix) ] + ++ [ (import ./smart-monitoring.nix) ] + ++ [ (import ./unifi.nix) ] + ++ [ (import ./grafana.nix) ]; +} From 9d40b2a439f0816865d1cffd316b8286c9a89d49 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 14:09:40 +0200 Subject: [PATCH 17/22] feat: adds tailscale --- modules/services/tailscale.nix | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 modules/services/tailscale.nix diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix new file mode 100644 index 0000000..d886410 --- /dev/null +++ b/modules/services/tailscale.nix @@ -0,0 +1,3 @@ +{ + services.tailscale.enable = true; +} From 7c9ab547e08323374f298909ef8c822fedd1b113 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 20:44:36 +0200 Subject: [PATCH 18/22] feat: adds dnsmasq and settings --- hosts/lily/dns.nix | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/hosts/lily/dns.nix b/hosts/lily/dns.nix index 32263f0..b754a51 100644 --- a/hosts/lily/dns.nix +++ b/hosts/lily/dns.nix @@ -4,8 +4,27 @@ dnsmasq = { enable = true; settings = { - cache-size = 10000; - server = [ "127.0.0.1#53" ]; + cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains. + server = [ + "9.9.9.9" + "149.112.112.112" + ]; + domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration. + bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources. + no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration. + + # configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases` + dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ]; + interface = "br-lan"; + dhcp-host = "172.16.10.1"; + + # local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it. + local = "/local/"; + domain = "local"; + expand-hosts = true; + + no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution. + address = "/booping.local/172.16.10.1"; }; }; }; From 0f2e67f35595a2a2fbc0e494ac18c16e7a3e225b Mon Sep 17 00:00:00 2001 From: Ahwx Date: Sun, 18 May 2025 20:47:41 +0200 Subject: [PATCH 19/22] feat: enables tailscale for lily --- modules/services/lily.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/services/lily.nix b/modules/services/lily.nix index 2e33b08..2774318 100644 --- a/modules/services/lily.nix +++ b/modules/services/lily.nix @@ -5,5 +5,6 @@ ++ [ (import ./monitoring.nix) ] ++ [ (import ./smart-monitoring.nix) ] ++ [ (import ./unifi.nix) ] + ++ [ (import ./tailscale.nix) ] ++ [ (import ./grafana.nix) ]; } From cf62a257c86fb028dd5cb3fbf6a6977fb4b34884 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 20 May 2025 16:45:11 +0200 Subject: [PATCH 20/22] flake: update --- flake.lock | 146 ++++++++++++++++++++++++++--------------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/flake.lock b/flake.lock index 2113071..ee6aeec 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1742767019, - "narHash": "sha256-FdyHDbf31jl5rIU7IQtBVTbZ1ojGrrp5aFaRrE2819s=", + "lastModified": 1747531250, + "narHash": "sha256-uDhXNURTJgQSpiaCgzqAizbblpcEWEB1WGWEqtCnLLM=", "owner": "KZDKM", "repo": "Hyprspace", - "rev": "5b62529c2011ede6069445de9b5b3f8a1f10ecfe", + "rev": "511d399120bdcafb43e57ca5ff35167c2bba6db8", "type": "github" }, "original": { @@ -50,11 +50,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -104,11 +104,11 @@ ] }, "locked": { - "lastModified": 1744289235, - "narHash": "sha256-ZFkHLdimtFzQACsVVyZkZlfYdj4iNy3PkzXfrwmlse8=", + "lastModified": 1745357003, + "narHash": "sha256-jYwzQkv1r7HN/4qrAuKp+NR4YYNp2xDrOX5O9YVqkWo=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "c8282f4982b56dfa5e9b9f659809da93f8d37e7a", + "rev": "a19cf76ee1a15c1c12083fa372747ce46387289f", "type": "github" }, "original": { @@ -122,11 +122,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1745352209, - "narHash": "sha256-u3vJEzi6zxgG59KXjMR5koERsdKT5nd1OEKCpr6zgn8=", + "lastModified": 1747519437, + "narHash": "sha256-uv9Wv59d+mckS2CkorOF484wp2G5TNGijdoBZ5RkAk0=", "owner": "catppuccin", "repo": "nix", - "rev": "6268e50dbb0ac9375e110560395b5dc199e4dfb8", + "rev": "3ba714046ee32373e88166e6e9474d6ae6a5b734", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "type": "github" }, "original": { @@ -358,11 +358,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1747688838, + "narHash": "sha256-FZq4/3OtGV/cti9Vccsy2tGSUrxTO4hkDF9oeGRTen4=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "45c2985644b60ab64de2a2d93a4d132ecb87cf66", "type": "github" }, "original": { @@ -376,11 +376,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1743417258, - "narHash": "sha256-YItzk1pj8Kz+b7VlC9zN1pSZ6CuX35asYy3HuMQ3lBQ=", + "lastModified": 1747572947, + "narHash": "sha256-PMQoXbfmWPuXnF8EaWqRmvTvl7+WFUrDVgufFRPgOM4=", "owner": "hyprwm", "repo": "contrib", - "rev": "bc2ad24e0b2e66c3e164994c4897cd94a933fd10", + "rev": "910dad4c5755c1735d30da10c96d9086aa2a608d", "type": "github" }, "original": { @@ -405,11 +405,11 @@ ] }, "locked": { - "lastModified": 1742215578, - "narHash": "sha256-zfs71PXVVPEe56WEyNi2TJQPs0wabU4WAlq0XV7GcdE=", + "lastModified": 1745948457, + "narHash": "sha256-lzTV10FJTCGNtMdgW5YAhCAqezeAzKOd/97HbQK8GTU=", "owner": "hyprwm", "repo": "hyprcursor", - "rev": "2fd36421c21aa87e2fe3bee11067540ae612f719", + "rev": "ac903e80b33ba6a88df83d02232483d99f327573", "type": "github" }, "original": { @@ -465,11 +465,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1745443874, - "narHash": "sha256-sEI5r1IjmJEgNn/al7zd5lUsjWpeGAY0uOoCab5Pqcc=", + "lastModified": 1747610850, + "narHash": "sha256-eGOtDlq3h+r/X/j4oSNo6cmQlt67TVolgUJMnGKTRt4=", "ref": "refs/heads/main", - "rev": "b06fbdb7431aa2b6653d788ad9fb758478c72d4c", - "revCount": 6021, + "rev": "eb3b38d40baca5c05ddbc1507b3d3f02a0ccb164", + "revCount": 6127, "submodules": true, "type": "git", "url": "https://github.com/hyprwm/Hyprland" @@ -585,11 +585,11 @@ ] }, "locked": { - "lastModified": 1739048983, - "narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=", + "lastModified": 1745951494, + "narHash": "sha256-2dModE32doiyQMmd6EDAQeZnz+5LOs6KXyE0qX76WIg=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8", + "rev": "4be1d324faf8d6e82c2be9f8510d299984dfdd2e", "type": "github" }, "original": { @@ -614,11 +614,11 @@ ] }, "locked": { - "lastModified": 1744468525, - "narHash": "sha256-9HySx+EtsbbKlZDlY+naqqOV679VdxP6x6fP3wxDXJk=", + "lastModified": 1746655412, + "narHash": "sha256-kVQ0bHVtX6baYxRWWIh4u3LNJZb9Zcm2xBeDPOGz5BY=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "f1000c54d266e6e4e9d646df0774fac5b8a652df", + "rev": "557241780c179cf7ef224df392f8e67dab6cef83", "type": "github" }, "original": { @@ -635,11 +635,11 @@ "systems": "systems_5" }, "locked": { - "lastModified": 1745357051, - "narHash": "sha256-iA+aN9HYnqukhD1nHWuS903NHE90J+KFiGGL4wXZHgM=", + "lastModified": 1747584204, + "narHash": "sha256-F3hXDTk28yyFzkDpsWbhrU+QbUzjMsVX9/jO/aTLJwc=", "owner": "hyprwm", "repo": "hyprpicker", - "rev": "5dcb341c13be994e954eb6d0b3a59c20f7db93f9", + "rev": "500c46185dd4f2b5e16cd1a4edfe9ed1e126452e", "type": "github" }, "original": { @@ -657,11 +657,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1742816163, - "narHash": "sha256-EIJka3UtSEtmkDBjYiGeR/hO6s6R4x3K+rbUlc9KPBE=", + "lastModified": 1746481417, + "narHash": "sha256-mal2vIpRz5BU/0ll6gP/N2FqjFtgFNDgMBgoI6tLWag=", "owner": "hyprwm", "repo": "hyprsunset", - "rev": "7b7339f0deef23ec23a723651528cb8ae56c11d9", + "rev": "2a8ef76c6a77ca249e4613fefcd96bad74b5f9b2", "type": "github" }, "original": { @@ -682,11 +682,11 @@ ] }, "locked": { - "lastModified": 1743950287, - "narHash": "sha256-/6IAEWyb8gC/NKZElxiHChkouiUOrVYNq9YqG0Pzm4Y=", + "lastModified": 1746635225, + "narHash": "sha256-W9G9bb0zRYDBRseHbVez0J8qVpD5QbizX67H/vsudhM=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "f2dc70e448b994cef627a157ee340135bd68fbc6", + "rev": "674ea57373f08b7609ce93baff131117a0dfe70d", "type": "github" }, "original": { @@ -856,11 +856,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1745373052, - "narHash": "sha256-YoxUn3PXwLN7GxtzRLNAWBAgE728FwLy2oy9roiz/Xg=", + "lastModified": 1747620037, + "narHash": "sha256-M5yyl1Cp5rolwGBuCEKXG6qJj9lao16lshqPF83z0qs=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "8582d6d908005589e1e0818da7558d63edbbbaf2", + "rev": "5d7985a2d5c877f6a276a2b024fff6bb2995ff24", "type": "github" }, "original": { @@ -871,11 +871,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1745503349, - "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=", + "lastModified": 1747684167, + "narHash": "sha256-l6jbonaboCBlB8lCjBkrqgh2zEnvt6F3f4dOU/8CLd4=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1", + "rev": "e8f38b2c19c0647e39021c3d47172ff5469af8a9", "type": "github" }, "original": { @@ -886,11 +886,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1703013332, - "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", "type": "github" }, "original": { @@ -948,11 +948,11 @@ }, "nixpkgs_11": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { @@ -1044,11 +1044,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "lastModified": 1747426788, + "narHash": "sha256-N4cp0asTsJCnRMFZ/k19V9akkxb7J/opG+K+jU57JGc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "rev": "12a55407652e04dcf2309436eb06fef0d3713ef3", "type": "github" }, "original": { @@ -1060,11 +1060,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1745391562, - "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "lastModified": 1747542820, + "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", "type": "github" }, "original": { @@ -1137,11 +1137,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1745506616, - "narHash": "sha256-m8M88SUdaKeB2+l+tvyh7I4L7NLWsF/E5Td0y7UGIPo=", + "lastModified": 1747683907, + "narHash": "sha256-dgEK4d1QPNFhv0s5s9lpvEWOVBlRZENp7TVh8V8qYDU=", "owner": "nix-community", "repo": "NUR", - "rev": "d900870bec8e29aae928c868ecea88f220ae87fa", + "rev": "64046fedb710701f87e5e86390b4dbe77f1d733b", "type": "github" }, "original": { @@ -1184,11 +1184,11 @@ ] }, "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", + "lastModified": 1747372754, + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "type": "github" }, "original": { @@ -1387,11 +1387,11 @@ ] }, "locked": { - "lastModified": 1744644585, - "narHash": "sha256-p0D/e4J6Sv6GSb+9u8OQcVHSE2gPNYB5ygIfGDyEiXQ=", + "lastModified": 1745871725, + "narHash": "sha256-M24SNc2flblWGXFkGQfqSlEOzAGZnMc9QG3GH4K/KbE=", "owner": "hyprwm", "repo": "xdg-desktop-portal-hyprland", - "rev": "be6771e754345f18244fb00aae5c9e5ab21ccc26", + "rev": "76bbf1a6b1378e4ab5230bad00ad04bc287c969e", "type": "github" }, "original": { From 5f519133d9018efc8cc666366708ce77755861cb Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 20 May 2025 16:46:07 +0200 Subject: [PATCH 21/22] feat: adds more functionality [`C-x {s,r,e}`] to `nsxiv` --- modules/home/hyprland/scripts.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/home/hyprland/scripts.nix b/modules/home/hyprland/scripts.nix index 00e6896..6aca500 100644 --- a/modules/home/hyprland/scripts.nix +++ b/modules/home/hyprland/scripts.nix @@ -12,6 +12,9 @@ case "$1" in "w") setbg "$file" ;; "d") mv "$file" "$HOME/.trash/";; + "s") mkdir -p "$HOME/temp" && cp "$file" "$HOME/temp" ;; + "r") mkdir -p "$HOME/temp" && cp "$(basename "$file" ".JPG").RAF" "$HOME/temp" ;; + "e") echo -e "'$(pwd)"/"$(basename "$file" ".JPG").RAF'\n'$(pwd)/""$file""'" ;; esac done ''; From 96ff21e516695327c6ed3349f4b24f269912f012 Mon Sep 17 00:00:00 2001 From: Ahwx Date: Tue, 20 May 2025 16:46:19 +0200 Subject: [PATCH 22/22] feat: enable tailscale for sakura --- hosts/sakura/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/sakura/default.nix b/hosts/sakura/default.nix index 68d3e51..882e5af 100644 --- a/hosts/sakura/default.nix +++ b/hosts/sakura/default.nix @@ -10,6 +10,7 @@ ./hardware-configuration.nix ./../../modules/core ./../../modules/core/virtualization.nix + ./../../modules/services/tailscale.nix inputs.nixos-hardware.nixosModules.framework-13-7040-amd ];