This commit is contained in:
gwg313 2025-03-05 22:26:28 -05:00
parent 59b0c85d63
commit e09709c638
Signed by: gwg313
GPG key ID: 60FF63B4826B7400
22 changed files with 335 additions and 197 deletions

View file

@ -5,7 +5,6 @@
environment.systemPackages = with pkgs; [
adwaita-icon-theme
gnome-themes-extra
firefox-wayland
librewolf
discord
qt5.qtwayland

View file

@ -5,7 +5,8 @@
inputs,
outputs,
...
}: {
}:
{
options = {
firewall.enable = lib.mkEnableOption "Enable the Firewall";
};

View file

@ -5,6 +5,8 @@
}:
{
environment.systemPackages = with pkgs; [ linuxKernel.packages.linux_5_4.wireguard ];
sops.secrets."wireless.env" = { };
networking = {
networkmanager = {
@ -29,21 +31,50 @@
connection.type = "wifi";
wifi.ssid = "eduroam";
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
eap = "peap";
};
"802-1x" = {
eap = "peap;";
identity = "$eduroam_identity";
password = "$school_password";
phase2 = "mschapv2";
phase2-auth = "mschapv2";
};
connection.autoconnect = true;
connection.autoconnect-priority = 80;
wifi.powersave = 2;
wifi.mode = "infrastructure";
ipv4.method = "auto";
# ipv4.dns = "8.8.8.8,8.8.4.4.";
# ipv6.dns = "2001:4860:4860::8888";
# wifi.mac-address-randomization = "random";
ipv4.dhcp-send-hostname = false;
# ipv4.dhcp-hostname = "NoName";
# connection.metered = "yes";
};
school = {
connection.id = "School";
connection.type = "wifi";
wifi.ssid = "$school_uuid";
wifi-security = {
key-mgmt = "wpa-eap";
};
"802-1x" = {
eap = "peap;";
identity = "$school_identity";
password = "$school_password";
phase2-auth = "mschapv2";
};
connection.autoconnect = true;
connection.autoconnect-priority = 90;
wifi.powersave = 2;
ipv4.dns = "8.8.8.8,8.8.4.4.";
ipv6.dns = "2001:4860:4860::8888";
wifi.mac-address-randomization = "random";
wifi.mode = "infrastructure";
ipv4.method = "auto";
# ipv4.dns = "8.8.8.8,8.8.4.4.";
# ipv6.dns = "2001:4860:4860::8888";
# wifi.mac-address-randomization = "random";
ipv4.dhcp-send-hostname = false;
ipv4.dhcp-hostname = "NoName";
# ipv4.dhcp-hostname = "NoName";
# connection.metered = "yes";
};
};

View file

@ -5,7 +5,8 @@
inputs,
outputs,
...
}: {
}:
{
options = {
zerotier.enable = lib.mkEnableOption "Enables zerotier and joins my network";
};
@ -18,9 +19,9 @@
};
networking.extraHosts = ''
192.168.194.241 nothing.zt
192.168.191.213 candlekeep.zt
192.168.191.168 grymforge.zt
192.168.194.54 graphene.zt
192.168.191.218 candlekeep.zt
192.168.191.201 grymforge.zt
'';
};
}

View file

@ -1,10 +1,12 @@
{lib, ...}: {
{ lib, ... }:
{
imports = [
./common.nix
./laptop.nix
./nfs.nix
./restic.nix
./ssh/default.nix
./logrotate.nix
];
laptop.enable = lib.mkDefault false;

View file

@ -0,0 +1,14 @@
{
...
}:
{
services.logrotate = {
settings = {
"var/log/audit/audit.log" = {
frequency = "daily";
rotate = 3;
};
};
};
}

View file

@ -6,7 +6,8 @@
inputs,
outputs,
...
}: {
}:
{
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
programs.gnupg.agent = {
@ -20,7 +21,7 @@
alejandra
sops
just
vim
# vim
wget
home-manager
git

View file

@ -10,18 +10,51 @@
libvirt.enable = lib.mkEnableOption "Enables Libvirt";
};
config = lib.mkIf config.libvirt.enable {
networking.firewall.trustedInterfaces = [ "virbr0" ];
boot.kernelModules = [ "kvm-amd" ];
environment.systemPackages = with pkgs; [
virt-manager
virtiofsd
# vagrant
];
virtualisation.libvirtd.enable = true;
users.users.${user} = {
extraGroups = [
"libvirtd"
"qemu-libvirtd"
"kvm"
];
};
# Allow VM to run as non-root without ulimit
security.pam.loginLimits = [
{
domain = "${user}";
type = "soft";
item = "memlock";
value = "20000000";
}
{
domain = "${user}";
type = "hard";
item = "memlock";
value = "20000000";
}
];
virtualisation.libvirtd = {
enable = true;
qemu.ovmf.enable = true;
qemu.runAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
users.extraGroups.libvirtd.members = [ "${user}" ];
virtualisation.virtualbox.host.enable = true;
users.extraGroups.vboxusers.members = [ "glen" ];
virtualisation.virtualbox.host.enableExtensionPack = true;
virtualisation.virtualbox.guest.enable = true;
virtualisation.virtualbox.guest.dragAndDrop = true;
# virtualisation.virtualbox.host.enable = true;
# users.extraGroups.vboxusers.members = [ "${user}" ];
# virtualisation.virtualbox.host.enableExtensionPack = true;
# virtualisation.virtualbox.guest.enable = true;
# virtualisation.virtualbox.guest.dragAndDrop = true;
};
}