From 5b006b278e8ebbcd08a089c28e754c8618d67f50 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Sat, 9 Dec 2023 13:53:08 -0500 Subject: reformat --- machines/dragon.nix | 215 ++++++++++++++++++++++++++-------------------------- modules/router.nix | 1 - 2 files changed, 109 insertions(+), 107 deletions(-) diff --git a/machines/dragon.nix b/machines/dragon.nix index 5ad2ada..409cf5f 100644 --- a/machines/dragon.nix +++ b/machines/dragon.nix @@ -35,124 +35,127 @@ in { orbekk.hledger-web.journalFile = "/var/lib/hledger-web/hledger/anniekj.journal"; - services.samba = { - enable = true; - extraConfig = '' - guest account = readonly - map to guest = bad user - ''; - shares = { - public = { - path = "/storage/upload"; - browseable = "yes"; - "read only" = "no"; - "guest ok" = "yes"; - "create mask" = "0666"; - "directory mask" = "0777"; - "force user" = "readonly"; - "force group" = "readonly"; + services.samba = { + enable = true; + extraConfig = '' + guest account = readonly + map to guest = bad user + ''; + shares = { + public = { + path = "/storage/upload"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0666"; + "directory mask" = "0777"; + "force user" = "readonly"; + "force group" = "readonly"; + }; }; }; - }; - services.transmission = { - enable = true; - home = "/storage/upload"; - settings.peer-port = 56732; - settings.rpc-bind-address = "0.0.0.0"; - settings.rpc-whitelist = "172.20.*.*"; - settings.alt-speed-time-enabled = true; - settings.alt-speed-time-begin = 6 * 60; # 06:00 - settings.alt-speed-time-end = 23 * 60 + 59; # 23:59 - settings.alt-speed-up = 0; - settings.alt-speed-down = 0; - }; - systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; - users.users.transmission.extraGroups = ["readonly"]; + services.transmission = { + enable = true; + home = "/storage/upload"; + settings.peer-port = 56732; + settings.rpc-bind-address = "0.0.0.0"; + settings.rpc-whitelist = "172.20.*.*"; + settings.alt-speed-time-enabled = true; + settings.alt-speed-time-begin = 6 * 60; # 06:00 + settings.alt-speed-time-end = 23 * 60 + 59; # 23:59 + settings.alt-speed-up = 0; + settings.alt-speed-down = 0; + }; + systemd.services.transmission.serviceConfig.NetworkNamespacePath = "/var/run/netns/vpn"; + users.users.transmission.extraGroups = ["readonly"]; - boot = { - kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; + boot = { + kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ]; - loader.grub.extraConfig = '' - GRUB_TERMINAL="serial" - GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" - serial --speed 115200 --unit=0 - terminal_input serial - terminal_output serial - ''; - loader.grub.enable = true; - loader.grub.device = "/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_5B751B9A49E4-0:0"; - }; + loader.grub.extraConfig = '' + GRUB_TERMINAL="serial" + GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" + serial --speed 115200 --unit=0 + terminal_input serial + terminal_output serial + ''; + loader.grub.enable = true; + loader.grub.device = "/dev/disk/by-id/usb-Kingston_DataTraveler_2.0_5B751B9A49E4-0:0"; + }; - networking = { hostName = lib.mkForce "dragon"; }; - networking.firewall.enable = false; - networking.interfaces.router-vport.useDHCP = true; - networking.interfaces.wg-vpn-vport = { - useDHCP = true; - ipv6.addresses = [{address = "2001:470:8e2e:1000::d"; prefixLength = 127; }]; - ipv6.routes = [ - {address = "${vpnPrefix}::"; prefixLength = 64; via = "${vpnPrefix}::c"; } - ]; - }; - networking.resolvconf.useLocalResolver = false; - networking.dhcpcd.enable = true; - networking.dhcpcd.extraConfig = '' - clientid dragon - ''; + networking = { hostName = lib.mkForce "dragon"; }; + networking.firewall.enable = false; + networking.interfaces.router-vport = { + useDHCP = true; + ipv4.addresses = [{address = "172.20.20.2"; prefixLength = 24;}]; + }; + networking.interfaces.wg-vpn-vport = { + useDHCP = true; + ipv6.addresses = [{address = "2001:470:8e2e:1000::d"; prefixLength = 127; }]; + ipv6.routes = [ + {address = "${vpnPrefix}::"; prefixLength = 64; via = "${vpnPrefix}::c"; } + ]; + }; + networking.resolvconf.useLocalResolver = false; + networking.dhcpcd.enable = true; + networking.dhcpcd.extraConfig = '' + clientid dragon + ''; - # Required to enable password authentication for one user. - security.pam.services.sshd.unixAuth = lib.mkForce true; - services.openssh = { - enable = lib.mkDefault true; - settings.PasswordAuthentication = false; - extraConfig = '' - Match User readonly + # Required to enable password authentication for one user. + security.pam.services.sshd.unixAuth = lib.mkForce true; + services.openssh = { + enable = lib.mkDefault true; + settings.PasswordAuthentication = false; + extraConfig = '' + Match User readonly PasswordAuthentication yes - ''; - }; + ''; + }; - users.users.breakds = { - uid = 1101; - shell = pkgs.bashInteractive; - home = "/home/breakds"; - createHome = false; - isNormalUser = true; - description = "Break Yang"; - openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ]; - }; + users.users.breakds = { + uid = 1101; + shell = pkgs.bashInteractive; + home = "/home/breakds"; + createHome = false; + isNormalUser = true; + description = "Break Yang"; + openssh.authorizedKeys.keyFiles = [ ../data/break_rsa.pub ]; + }; - system.stateVersion = lib.mkForce "17.09"; + system.stateVersion = lib.mkForce "17.09"; - # hardware-configuration.nix - boot.initrd.availableKernelModules = - [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - boot.tmp.useTmpfs = true; + # hardware-configuration.nix + boot.initrd.availableKernelModules = + [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usb_storage" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + boot.tmp.useTmpfs = true; - fileSystems."/" = { - device = "/dev/disk/by-label/nixos-ssd"; - fsType = "ext4"; - options = [ - "noatime,discard" - ]; - }; - # fileSystems."/mnt/storage-old" = { - # device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3"; - # fsType = "btrfs"; - # options = [ - # "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard" - # ]; - # }; - fileSystems."/storage" = { - device = "/dev/disk/by-label/storage-ssd"; - fsType = "btrfs"; - options = ["discard=async"]; - }; - swapDevices = [ { label = "swap"; } ]; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos-ssd"; + fsType = "ext4"; + options = [ + "noatime,discard" + ]; + }; + # fileSystems."/mnt/storage-old" = { + # device = "/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3"; + # fsType = "btrfs"; + # options = [ + # "subvol=storage,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKHV0LS-part3,device=/dev/disk/by-id/ata-HGST_HDN724040ALE640_PK1334PCKEXU9X-part3,noatime,discard" + # ]; + # }; + fileSystems."/storage" = { + device = "/dev/disk/by-label/storage-ssd"; + fsType = "btrfs"; + options = ["discard=async"]; + }; + swapDevices = [ { label = "swap"; } ]; - nix.settings.trusted-users = [ "builder" ]; - nix.settings.max-jobs = lib.mkDefault 8; - hardware.enableRedistributableFirmware = lib.mkDefault true; + nix.settings.trusted-users = [ "builder" ]; + nix.settings.max-jobs = lib.mkDefault 8; + hardware.enableRedistributableFirmware = lib.mkDefault true; } diff --git a/modules/router.nix b/modules/router.nix index 3197efa..4d1b045 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -153,7 +153,6 @@ let dhcp-option=tag:servers-vport,option:dns-server,172.20.20.1 dhcp-range=tag:servers-vport,::,static,constructor:servers-vport,5m dhcp-host=id:dragon,tag:servers-vport,172.20.20.2 - dhcp-host=e2:27:e6:d7:f2:25,tag:servers-vport,172.20.20.2 dhcp-host=id:00:01:00:01:21:a2:4e:a8:d0:bf:9c:45:a6:ec,tag:servers-vport,[::d] # dhcp-host=id:dragon,::d -- cgit v1.2.3