chore: merge remote-tracking branch 'refs/remotes/origin/master'

2025-12-04 15:00:13 +01:00 · 2025-05-25 03:57:54 +02:00 · 2025-05-25 03:57:54 +02:00 · e5f317be86
commit e5f317be86
parent 23e4113ed9 093108b2c2
9 changed files with 96 additions and 43 deletions
--- a/hosts/lily/default.nix
+++ b/hosts/lily/default.nix
@ -74,14 +74,93 @@ in
        };
      };
    };
+
+    # <100 is trusted; =>100 is untrusted.
+    vlans = {
+      lan = {
+        id = 1;
+        interface = "lan1";
+      };
+      servers = {
+        id = 10;
+        interface = "lan1";
+      };
+      management = {
+        id = 21;
+        interface = "lan1";
+      };
+      iot = {
+        id = 100;
+        interface = "lan1";
+      };
+      guest = {
+        id = 110;
+        interface = "lan1";
+      };
+    };
  };

-  services.udev.extraRules = ''
+  services = {
+    udev.extraRules = ''
      SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0"
      SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0"
      SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1"
      SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2"
    '';
+    dhcpd4 = {
+      enable = true;
+      interfaces = [
+        "lan"
+        "servers"
+        "management"
+        "iot"
+        "guest"
+      ];
+      extraConfig = ''
+        option domain-name-servers 9.9.9.9, 149.112.112.112;
+        option subnet-mask 255.255.255.0;
+
+        subnet 172.16.1.0 netmask 255.255.255.0 {
+          option broadcast-address 172.16.1.255;
+          option routers 172.16.1.1;
+          interface lan;
+          range 172.16.1.50 172.16.1.254;
+        }
+        subnet 172.16.10.0 netmask 255.255.255.0 {
+          option broadcast-address 172.16.10.255;
+          option routers 172.16.10.1;
+          interface servers;
+          range 172.16.10.50 172.16.10.254;
+        }
+        subnet 172.16.21.0 netmask 255.255.255.0 {
+          option broadcast-address 172.16.21.255;
+          option routers 172.16.21.1;
+          interface management;
+          range 172.16.21.50 172.16.21.254;
+        }
+        subnet 172.16.100.0 netmask 255.255.255.0 {
+          option broadcast-address 172.16.100.255;
+          option routers 172.16.100.1;
+          interface iot;
+          range 172.16.100.50 172.16.100.254;
+        }
+        subnet 172.16.110.0 netmask 255.255.255.0 {
+          option broadcast-address 172.16.110.255;
+          option routers 172.16.110.1;
+          interface guest;
+          range 172.16.110.50 172.16.110.254;
+        }
+      '';
+    };
+    avahi = {
+      enable = true;
+      reflector = true;
+      interfaces = [
+        "lan"
+        "iot"
+      ];
+    };
+  };

  networking.hostName = "lily";

@ -91,5 +170,7 @@ in
    kitty.terminfo
    tcpdump
    dnsutils
+    bind
+    ethtool
  ];
 }
--- a/modules/core/sshd.nix
+++ b/modules/core/sshd.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, config, ... }:
 {
  services.openssh = {
    enable = true;
@ -11,6 +11,8 @@
    };
  };

+  networking.firewall.allowedTCPPorts = [ config.services.openssh.ports ];
+
  users.users.liv.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXi00z/rxVrWLKgYr+tWIsbHsSQO75hUMSTThNm5wUw liv@sakura" # main laptop
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2nsQHyWnrmuQway0ehoMUcYYfhD8Ph/vpD0Tzip1b1 liv@meow" # main phone
--- a/modules/home/hyprland/config.nix
+++ b/modules/home/hyprland/config.nix
@ -214,6 +214,7 @@
      bind = [
        # keybindings
        "$mainMod, Return, exec, kitty"
+        "$mainMod, Backspace, exec, [float; center; size 950 650] kitty"
        "$mainMod, Q, killactive,"
        "$mainMod, F, fullscreen, 0" # set 1 to 0 to set full screen without waybar
        "$mainMod, Space, togglefloating,"
--- a/modules/home/hyprland/hyprland.nix
+++ b/modules/home/hyprland/hyprland.nix
@ -1,8 +1,7 @@
 { inputs, pkgs, ... }:
 {
  home.packages = with pkgs; [
-    # swww
-    swaybg
+    swww
    inputs.hypr-contrib.packages.${pkgs.system}.grimblast
    hyprpicker
    grim
--- a/modules/home/scripts/scripts/lofi.sh
+++ b/modules/home/scripts/scripts/lofi.sh
@ -1,7 +0,0 @@
-#!/usr/bin/env bash
-
-if (ps aux | grep mpv | grep -v grep > /dev/null) then
-    pkill mpv
-else
-    runbg mpv --no-video https://www.youtube.com/live/jfKfPfyJRdk?si=OF0HKrYFFj33BzMo
-fi
--- a/modules/home/scripts/scripts/notes.sh
+++ b/modules/home/scripts/scripts/notes.sh
@ -1,7 +1,7 @@
 #!/bin/sh

 # MIT license
-# Ahwx <ahwx at ahwx dot org> https://ahwx.org - 2024
+# liv < liv at liv dot town > https://liv.town - 2024
 #
 # Dependencies: find/grep/bemenu/ping/git/

--- a/modules/home/scripts/scripts/wall-change.sh
+++ b/modules/home/scripts/scripts/wall-change.sh
@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-
-PIDS=$(pgrep -f "swaybg")
-
-swaybg -m fill -i $1 &
-
-if [ -n "$PIDS" ]; then
-  echo "$PIDS" | xargs kill
-fi
--- a/modules/home/scripts/scripts/wallpaper-picker.sh
+++ b/modules/home/scripts/scripts/wallpaper-picker.sh
@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-wallpaper_path=$HOME/Pictures/wallpapers
-wallpapers_folder=$HOME/Pictures/wallpapers/others
-wallpaper_name="$(ls $wallpapers_folder | bemenu -l 15)"
-if [[ -f $wallpapers_folder/$wallpaper_name ]]; then
-    find ~/Pictures/wallpapers -maxdepth 1 -type f -delete
-    cp $wallpapers_folder/$wallpaper_name $wallpaper_path/$wallpaper_name
-    wall-change $wallpaper_path/$wallpaper_name
-else
-    exit 1
-fi
--- a/modules/services/monitoring.nix
+++ b/modules/services/monitoring.nix
@ -26,8 +26,6 @@
  networking.firewall = {
    allowedTCPPorts = [
      9001
-      22
-      9123 # always also allow ssh :screaming:
    ];
  };
 }