liv/nixos-config
1
0
Fork 0
mirror of https://github.com/Ahwxorg/nixos-config.git synced 2025-12-04 06:50:14 +01:00
Code Issues 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: liv:d578167e42ba4da58511f687c8633059668ec503
Branches Tags
liv:master
...
compare: liv:3fa1cfe04373b58996db92655d658cfd89c973ba
Branches Tags
liv:master

3 commits
d578167e42 ... 3fa1cfe043

Author SHA1 Message Date
Ahwx
3fa1cfe043 clean: remove unused things 2025-11-20 22:02:46 +01:00
Ahwx
21f93302cc clean: delete backups script since these are all in different places now 2025-11-20 22:02:06 +01:00
Ahwx
439fee719e chore: delete lily host because it is no longer running nixos 2025-11-20 22:01:32 +01:00
7 changed files with 0 additions and 426 deletions
Download patch file Download diff file Expand all files Collapse all files

17
hosts/dandelion/variables.nix
View file

@ -1,17 +0,0 @@
{
lib,
config,
...
}: let
inherit (lib) mkOption types;
inherit (config.liv) variables;
in {
options.liv.variables.dandelion = {
thisMachine = mkOption {
default = "dandelion.srv.${variables.primaryDomain}";
type = types.str;
readOnly = true;
description = "Domain of this specific machine";
};
};
}

265
hosts/lily/default.nix
View file

@ -1,265 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
externalInterface = "wan0";
# networks = config.homelab.networks.local;
# internalInterfaces = lib.mapAttrsToList (_: val: val.interface) networks;
# internalIPs = lib.mapAttrsToList (
# _: val: lib.strings.removeSuffix ".1" val.cidr + ".0/24"
# ) networks;
commonDhcpOptions = [
{
name = "domain-name-servers";
data = "9.9.9.9";
}
{
name = "time-servers";
data = "172.16.1.1";
}
{
name = "domain-name";
data = "beeping.local";
}
{
name = "domain-search";
data = "beeping.local";
}
];
in
{
imports = [
./hardware-configuration.nix
./variables.nix
./dns.nix
./wireguard.nix
./../../modules/core/default.router.nix
./../../modules/services/lily.nix
];
liv = {
server.enable = true;
router.enable = true;
};
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
kernel = {
sysctl = {
# Forward both IPv4 and IPv6 on all interfaces
"net.ipv4.conf.all.forwarding" = true;
"net.ipv6.conf.all.forwarding" = false;
# By default, do not automatically configure any IPv6 addresses.
# "net.ipv6.conf.all.accept_ra" = 0;
# "net.ipv6.conf.all.autoconf" = 0;
# "net.ipv6.conf.all.use_tempaddr" = 0;
# Allow IPv6 autoconfiguration and tempory address use on WAN.
"net.ipv6.conf.${externalInterface}.accept_ra" = 2;
"net.ipv6.conf.${externalInterface}.autoconf" = 1;
};
};
};
# label network interfaces
services.udev.extraRules = ''
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6e", ATTR{type}=="1", NAME="wan0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:47:67:6f", ATTR{type}=="1", NAME="lan0"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:80", ATTR{type}=="1", NAME="lan1"
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:25:90:63:0f:81", ATTR{type}=="1", NAME="lan2"
'';
networking = {
nameservers = [
"9.9.9.9"
"149.112.112.112"
];
interfaces = {
wan0.useDHCP = true;
lan0.useDHCP = false;
lan1.useDHCP = false;
lan2.useDHCP = false;
};
firewall = {
enable = false;
allowPing = true;
# allow ssh on *all* interfaces, even wan.
allowedTCPPorts = lib.mkForce [ 22 ];
allowedUDPPorts = lib.mkForce [ 22 ];
# interface-specific rules
interfaces = {
"lan0" = {
allowedTCPPorts = [
22
53
];
allowedUDPPorts = [
22
53
];
};
};
};
# <100 is trusted; =>100 is untrusted.
vlans = {
lan = {
id = 1;
interface = "lan1";
};
servers = {
id = 10;
interface = "lan1";
};
management = {
id = 21;
interface = "lan1";
};
iot = {
id = 100;
interface = "lan1";
};
guest = {
id = 110;
interface = "lan1";
};
};
};
services = {
kea.dhcp4 = {
enable = true;
settings = {
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
interfaces-config = {
interfaces = [
"lan"
"servers"
"management"
"iot"
"guest"
];
};
option-data = [
{
name = "domain-name-servers";
data = "";
always-send = true;
}
{
name = "routers";
data = "";
}
{
name = "domain-name";
data = "beeping.local";
}
];
rebind-timer = 2000;
renew-timer = 1000;
valid-lifetime = 43200;
# option domain-name-servers 9.9.9.9, 149.112.112.112;
# TODO: these should be dynamically generated based on ${config.networking.vlans}
subnet4 = [
({
id = 1;
interface = "lan";
subnet = "172.16.1.0/24";
pools = [ { pool = "172.16.1.50 - 172.16.1.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.1.1";
}
] ++ commonDhcpOptions;
})
({
id = 10;
interface = "servers";
subnet = "172.16.10.0/24";
pools = [ { pool = "172.16.10.50 - 172.16.10.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.10.1";
}
] ++ commonDhcpOptions;
})
({
id = 21;
interface = "management";
subnet = "172.16.21.0/24";
pools = [ { pool = "172.16.21.50 - 172.16.21.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.21.1";
}
] ++ commonDhcpOptions;
})
({
id = 100;
interface = "iot";
subnet = "172.16.100.0/24";
pools = [ { pool = "172.16.100.50 - 172.16.100.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.100.1";
}
] ++ commonDhcpOptions;
})
({
id = 110;
interface = "guest";
subnet = "172.16.110.0/24";
pools = [ { pool = "172.16.110.50 - 172.16.110.254"; } ];
option-data = [
{
name = "routers";
data = "172.16.110.1";
}
] ++ commonDhcpOptions;
})
];
};
};
avahi = {
enable = true;
reflector = true;
interfaces = [
"lan"
"iot"
];
};
};
networking.hostName = "lily";
time.timeZone = "Europe/Amsterdam";
environment.systemPackages = with pkgs; [
kitty.terminfo
tcpdump
dnsutils
bind
ethtool
];
}

31
hosts/lily/dns.nix
View file

@ -1,31 +0,0 @@
{ lib, config, ... }:
{
services = {
dnsmasq = {
enable = false; # try some other options first
settings = {
cache-size = 10000; # Specifies the size of the DNS query cache. It will store up to n cached DNS queries to improve response times for frequently accessed domains.
server = [
"9.9.9.9"
"149.112.112.112"
];
domain-needed = true; # Ensures that DNS queries are only forwarded for domains that are not found in the local configuration.
bogus-priv = true; # Blocks DNS queries for private IP address ranges to prevent accidental exposure of private resources.
no-resolv = true; # Prevents dnsmasq from using /etc/resolv.conf for DNS server configuration.
# configure DHCP server; get leases by running: `cat /var/lib/dnsmasq/dnsmasq.leases`
dhcp-range = [ "br-lan,172.16.10.50,172.16.10.254,24h" ];
interface = "br-lan";
dhcp-host = "172.16.10.1";
# local sets the local domain name to "n". Combinded with expand-hosts = true, it will add a .local suffix to any local defined name when trying to resolve it.
local = "/local/";
domain = "local";
expand-hosts = true;
no-hosts = true; # Prevents the use of /etc/hosts. This ensures that the local hosts file is not used to override DNS resolution.
address = "/booping.local/172.16.10.1";
};
};
};
}

37
hosts/lily/hardware-configuration.nix
View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/75447a73-848e-4b34-a1b3-d5b7a8e804ee";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d4552527-c7c6-4047-929b-aeb3500299e3"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/lily/variables.nix
View file

@ -1,19 +0,0 @@
{
lib,
config,
...
}:
let
inherit (lib) mkOption types;
inherit (config.liv) variables;
in
{
options.liv.variables.lily = {
thisMachine = mkOption {
default = "lily.srv.${variables.primaryDomain}";
type = types.str;
readOnly = true;
description = "Domain of this specific machine";
};
};
}

3
hosts/lily/wireguard.nix
View file

@ -1,3 +0,0 @@
{
}

54
hosts/violet/backups.nix
View file

@ -1,54 +0,0 @@
let
borgbackupMonitor =
{
config,
pkgs,
lib,
...
}:
with lib;
{
key = "borgbackupMonitor";
_file = "borgbackupMonitor";
config.systemd.services =
{
"notify-problems@" = {
enable = true;
serviceConfig.User = "liv";
environment.SERVICE = "%i";
script = ''
${pkgs.curl}/bin/curl -d "$SERVICE FAILED! - service $SERVICE on host $(hostname) failed, run journalctl -u $SERVICE for details."
'';
};
}
// flip mapAttrs' config.services.borgbackup.jobs (
name: value:
nameValuePair "borgbackup-job-${name}" {
unitConfig.OnFailure = "notify-problems@%i.service";
}
);
# optional, but this actually forces backup after boot in case laptop was powered off during scheduled event
# for example, if you scheduled backups daily, your laptop should be powered on at 00:00
config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs (
name: value:
nameValuePair "borgbackup-job-${name}" {
timerConfig.Persistent = true;
}
);
};
in
{
imports = [ borgbackupMonitor ];
services = {
borgbackup.jobs.liv-violet = {
paths = "/home/liv";
encryption.mode = "none";
environment.BORG_RSH = "ssh -i /home/liv/.ssh/id_ed25519";
repo = "ssh://liv@100.115.178.50:9123/spinners/rootvol/backups/hosts/violet";
compression = "auto,zstd";
startAt = "daily";
};
};
}