caspervk/nixos
1
0
Fork 0
Code Activity Actions

Compare commits

base: caspervk:1018649c9fbe4aa61a71628194d8c59fbf9cf825
Branches Tags
caspervk:master
caspervk:dev
...
compare: caspervk:3007e31d45d316b1274a971ae5aa0ad96c060968
Branches Tags
caspervk:master
caspervk:dev

5 commits
1018649c9f ... 3007e31d45

Author SHA1 Message Date
Casper V. Kristensen
3007e31d45 ssh: remove old known hosts 2024-11-13 02:15:59 +01:00
Casper V. Kristensen
5c120d545d programs: move from base to desktop 
This reduces disk-usage for servers.
 2024-11-13 02:15:59 +01:00
Casper V. Kristensen
2ae1e8fca8 docker: move module from base to desktop 
This reduces disk-usage for servers.
 2024-11-13 02:15:59 +01:00
Casper V. Kristensen
a9566be65a flake.lock: Update 
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/184687ae1a3139faa4746168baf071f60d0310c8' (2024-11-11)
  → 'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
• Updated input 'secrets':
    'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=f2d6367a7320e3c597122869f073dc839e56abe9' (2024-11-10)
  → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=a250fcf99ece2ae6e92713d9cf8b24c98a579320' (2024-11-12)
 2024-11-13 02:15:59 +01:00
Casper V. Kristensen
5fd0c01ed3 tor: new server 2024-11-13 02:15:59 +01:00
11 changed files with 27 additions and 42 deletions
Show stats Expand all files Collapse all files

12
flake.lock
View file

@ -136,11 +136,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1731332224, "lastModified": 1731403644,
"narHash": "sha256-0ctfVp27ingWtY7dbP5+QpSQ98HaOZleU0teyHQUAw0=", "narHash": "sha256-T9V7CTucjRZ4Qc6pUEV/kpgNGzQbHWfGcfK6JJLfUeI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "184687ae1a3139faa4746168baf071f60d0310c8", "rev": "f6581f1c3b137086e42a08a906bdada63045f991",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -214,10 +214,10 @@
}, },
"secrets": { "secrets": {
"locked": { "locked": {
"lastModified": 1731269025, "lastModified": 1731452589,
"narHash": "sha256-Vq3nNbn2mAO3Ma50leb+LIiFmdUZ1P73CfrT3Znr94g=", "narHash": "sha256-GpAaJ+WcJd1BMmQmO4QoCnvXz4s2WWl8AOyRMRRKa24=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "f2d6367a7320e3c597122869f073dc839e56abe9", "rev": "a250fcf99ece2ae6e92713d9cf8b24c98a579320",
"revCount": 47, "revCount": 47,
"type": "git", "type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git" "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"

6
hosts/tor/default.nix
View file

@ -12,10 +12,8 @@
boot = { boot = {
loader = { loader = {
grub = { efi.canTouchEfiVariables = true;
enable = true; systemd-boot.enable = true;
device = "/dev/vda";
};
}; };
initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted"; initrd.luks.devices.crypted.device = "/dev/disk/by-label/crypted";
}; };

2
hosts/tor/hardware.nix
View file

@ -9,7 +9,7 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = ["dm-snapshot"]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];

22
hosts/tor/network.nix
View file

@ -8,21 +8,19 @@
systemd.network = { systemd.network = {
networks."10-lan" = { networks."10-lan" = {
# IPv4 settings are from `sudo dhcpcd --test`. matchConfig.Name = "enp0s18";
# IPv6 settings are from https://www.ssdvps.dk/knowledgebase/18/IPv6-Gateway.html.
matchConfig.Name = "ens3";
address = [ address = [
"91.210.59.57/25" "185.231.102.51/24"
"2a12:bec4:11d3:de9f::1/64" "2a0c:5700:3133:650:b0ea:eeff:fedb:1f7b/64"
]; ];
routes = [ routes = [
{routeConfig = {Gateway = "91.210.59.1";};} {routeConfig = {Gateway = "185.231.102.1";};}
{ # {
routeConfig = { # routeConfig = {
Gateway = "2a12:bec4:11d3::1"; # Gateway = "fe80::200:5eff:fe00:20c";
GatewayOnLink = true; # GatewayOnLink = true;
}; # };
} # }
]; ];
}; };
}; };

10
hosts/tor/tor.nix
View file

@ -1,8 +1,4 @@
{ {pkgs, ...}: {
config,
pkgs,
...
}: {
services.tor = { services.tor = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
@ -15,11 +11,11 @@
ContactInfo = "admin@caspervk.net"; ContactInfo = "admin@caspervk.net";
ORPort = [ ORPort = [
{ {
addr = "91.210.59.57"; addr = "185.231.102.51";
port = 443; port = 443;
} }
{ {
addr = "[2a12:bec4:11d3:de9f::1]"; addr = "[2a0c:5700:3133:650:b0ea:eeff:fedb:1f7b]";
port = 443; port = 443;
} }
]; ];

1
modules/base/default.nix
View file

@ -1,7 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./agenix.nix ./agenix.nix
./docker.nix
./fish.nix ./fish.nix
./git.nix ./git.nix
./hardware.nix ./hardware.nix

9
modules/base/programs.nix
View file

@ -2,34 +2,25 @@
# NixOS default packages: # NixOS default packages:
# https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/system-path.nix # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/system-path.nix
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ascii
bandwhich bandwhich
bat bat
binutils binutils
black
clang
dnsutils dnsutils
fd fd
file file
fzf fzf
gcc
git git
gnumake
htop htop
iputils iputils
jq jq
lsof lsof
magic-wormhole-rs
mtr mtr
ncdu ncdu
ntp ntp
openssl openssl
pciutils pciutils
postgresql
progress progress
pwgen
python3 python3
python310
python311 python311
python312 python312
socat socat

2
modules/base/ssh.nix
View file

@ -19,9 +19,7 @@
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc"; "alpha".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc";
"delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT"; "delta".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe9RpnO1/QRU81kjtEsWN66xfP5Y/qf5EQZ6wdM/XCT";
"delta-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0x9oImZjIhoPEwLlHVixIh7y1Kwn+SX17xffrdRzvv";
"sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c"; "sigma".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
"sigma-old".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Qrh0tpR5YawiYvcPGC4OSnu4//ge1eVdiBDLrTbCx";
"tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk"; "tor".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk";
"git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c"; "git.caspervk.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4Kvx/lcFRvl7KlxqqhrJ32h3FzuzyLA5BNB42+p92c";
}; };

1
modules/desktop/default.nix
View file

@ -1,6 +1,7 @@
{...}: { {...}: {
imports = [ imports = [
./clipman.nix ./clipman.nix
./docker.nix
./flatpak.nix ./flatpak.nix
./foot.nix ./foot.nix
./gammastep.nix ./gammastep.nix

0
modules/base/docker.nix → modules/desktop/docker.nix
View file

4
modules/desktop/programs.nix
View file

@ -8,11 +8,13 @@
# Packages useful on a desktop computer which don't require their own module # Packages useful on a desktop computer which don't require their own module
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ascii
aspell aspell
aspellDicts.da aspellDicts.da
aspellDicts.en aspellDicts.en
aspellDicts.en-computers aspellDicts.en-computers
aspellDicts.en-science aspellDicts.en-science
black
element-desktop element-desktop
firefox-wayland firefox-wayland
gimp gimp
@ -30,6 +32,8 @@
libreoffice libreoffice
mpv mpv
mumble mumble
postgresql
pwgen
spotify spotify
thunderbird thunderbird
tor-browser-bundle-bin tor-browser-bundle-bin