lots
This commit is contained in:
parent
59b0c85d63
commit
e09709c638
22 changed files with 335 additions and 197 deletions
|
|
@ -5,7 +5,6 @@
|
|||
environment.systemPackages = with pkgs; [
|
||||
adwaita-icon-theme
|
||||
gnome-themes-extra
|
||||
firefox-wayland
|
||||
librewolf
|
||||
discord
|
||||
qt5.qtwayland
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@
|
|||
inputs,
|
||||
outputs,
|
||||
...
|
||||
}: {
|
||||
}:
|
||||
{
|
||||
options = {
|
||||
firewall.enable = lib.mkEnableOption "Enable the Firewall";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
}:
|
||||
{
|
||||
|
||||
environment.systemPackages = with pkgs; [ linuxKernel.packages.linux_5_4.wireguard ];
|
||||
|
||||
sops.secrets."wireless.env" = { };
|
||||
networking = {
|
||||
networkmanager = {
|
||||
|
|
@ -29,21 +31,50 @@
|
|||
connection.type = "wifi";
|
||||
wifi.ssid = "eduroam";
|
||||
wifi-security = {
|
||||
auth-alg = "open";
|
||||
key-mgmt = "wpa-eap";
|
||||
eap = "peap";
|
||||
};
|
||||
"802-1x" = {
|
||||
eap = "peap;";
|
||||
identity = "$eduroam_identity";
|
||||
password = "$school_password";
|
||||
phase2 = "mschapv2";
|
||||
phase2-auth = "mschapv2";
|
||||
};
|
||||
connection.autoconnect = true;
|
||||
connection.autoconnect-priority = 80;
|
||||
wifi.powersave = 2;
|
||||
wifi.mode = "infrastructure";
|
||||
ipv4.method = "auto";
|
||||
# ipv4.dns = "8.8.8.8,8.8.4.4.";
|
||||
# ipv6.dns = "2001:4860:4860::8888";
|
||||
# wifi.mac-address-randomization = "random";
|
||||
ipv4.dhcp-send-hostname = false;
|
||||
# ipv4.dhcp-hostname = "NoName";
|
||||
# connection.metered = "yes";
|
||||
};
|
||||
|
||||
school = {
|
||||
connection.id = "School";
|
||||
connection.type = "wifi";
|
||||
wifi.ssid = "$school_uuid";
|
||||
wifi-security = {
|
||||
key-mgmt = "wpa-eap";
|
||||
};
|
||||
"802-1x" = {
|
||||
eap = "peap;";
|
||||
identity = "$school_identity";
|
||||
password = "$school_password";
|
||||
phase2-auth = "mschapv2";
|
||||
};
|
||||
connection.autoconnect = true;
|
||||
connection.autoconnect-priority = 90;
|
||||
wifi.powersave = 2;
|
||||
ipv4.dns = "8.8.8.8,8.8.4.4.";
|
||||
ipv6.dns = "2001:4860:4860::8888";
|
||||
wifi.mac-address-randomization = "random";
|
||||
wifi.mode = "infrastructure";
|
||||
ipv4.method = "auto";
|
||||
# ipv4.dns = "8.8.8.8,8.8.4.4.";
|
||||
# ipv6.dns = "2001:4860:4860::8888";
|
||||
# wifi.mac-address-randomization = "random";
|
||||
ipv4.dhcp-send-hostname = false;
|
||||
ipv4.dhcp-hostname = "NoName";
|
||||
# ipv4.dhcp-hostname = "NoName";
|
||||
# connection.metered = "yes";
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -5,7 +5,8 @@
|
|||
inputs,
|
||||
outputs,
|
||||
...
|
||||
}: {
|
||||
}:
|
||||
{
|
||||
options = {
|
||||
zerotier.enable = lib.mkEnableOption "Enables zerotier and joins my network";
|
||||
};
|
||||
|
|
@ -18,9 +19,9 @@
|
|||
};
|
||||
|
||||
networking.extraHosts = ''
|
||||
192.168.194.241 nothing.zt
|
||||
192.168.191.213 candlekeep.zt
|
||||
192.168.191.168 grymforge.zt
|
||||
192.168.194.54 graphene.zt
|
||||
192.168.191.218 candlekeep.zt
|
||||
192.168.191.201 grymforge.zt
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,10 +1,12 @@
|
|||
{lib, ...}: {
|
||||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
./laptop.nix
|
||||
./nfs.nix
|
||||
./restic.nix
|
||||
./ssh/default.nix
|
||||
./logrotate.nix
|
||||
];
|
||||
|
||||
laptop.enable = lib.mkDefault false;
|
||||
|
|
|
|||
14
common/nixos/logrotate.nix
Normal file
14
common/nixos/logrotate.nix
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
services.logrotate = {
|
||||
settings = {
|
||||
"var/log/audit/audit.log" = {
|
||||
frequency = "daily";
|
||||
rotate = 3;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -6,7 +6,8 @@
|
|||
inputs,
|
||||
outputs,
|
||||
...
|
||||
}: {
|
||||
}:
|
||||
{
|
||||
# Some programs need SUID wrappers, can be configured further or are
|
||||
# started in user sessions.
|
||||
programs.gnupg.agent = {
|
||||
|
|
@ -20,7 +21,7 @@
|
|||
alejandra
|
||||
sops
|
||||
just
|
||||
vim
|
||||
# vim
|
||||
wget
|
||||
home-manager
|
||||
git
|
||||
|
|
|
|||
|
|
@ -10,18 +10,51 @@
|
|||
libvirt.enable = lib.mkEnableOption "Enables Libvirt";
|
||||
};
|
||||
config = lib.mkIf config.libvirt.enable {
|
||||
networking.firewall.trustedInterfaces = [ "virbr0" ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
virt-manager
|
||||
virtiofsd
|
||||
# vagrant
|
||||
];
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
users.users.${user} = {
|
||||
extraGroups = [
|
||||
"libvirtd"
|
||||
"qemu-libvirtd"
|
||||
"kvm"
|
||||
];
|
||||
};
|
||||
# Allow VM to run as non-root without ulimit
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
domain = "${user}";
|
||||
type = "soft";
|
||||
item = "memlock";
|
||||
value = "20000000";
|
||||
}
|
||||
{
|
||||
domain = "${user}";
|
||||
type = "hard";
|
||||
item = "memlock";
|
||||
value = "20000000";
|
||||
}
|
||||
];
|
||||
|
||||
virtualisation.libvirtd = {
|
||||
enable = true;
|
||||
qemu.ovmf.enable = true;
|
||||
qemu.runAsRoot = false;
|
||||
onBoot = "ignore";
|
||||
onShutdown = "shutdown";
|
||||
};
|
||||
|
||||
users.extraGroups.libvirtd.members = [ "${user}" ];
|
||||
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
users.extraGroups.vboxusers.members = [ "glen" ];
|
||||
virtualisation.virtualbox.host.enableExtensionPack = true;
|
||||
virtualisation.virtualbox.guest.enable = true;
|
||||
virtualisation.virtualbox.guest.dragAndDrop = true;
|
||||
# virtualisation.virtualbox.host.enable = true;
|
||||
# users.extraGroups.vboxusers.members = [ "${user}" ];
|
||||
# virtualisation.virtualbox.host.enableExtensionPack = true;
|
||||
# virtualisation.virtualbox.guest.enable = true;
|
||||
# virtualisation.virtualbox.guest.dragAndDrop = true;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue