diff options
Diffstat (limited to '')
| -rw-r--r-- | flake.lock | 96 | ||||
| -rw-r--r-- | hm/packages/default.nix | 4 | ||||
| -rw-r--r-- | modules/nixos/sils/default.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/sils/networking.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/sils/roles.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/sils/steam.nix | 19 | ||||
| -rw-r--r-- | modules/nixos/sils/tailscale.nix | 52 | ||||
| -rw-r--r-- | modules/nixos/sils/tor.nix | 23 | ||||
| -rw-r--r-- | secrets/default.nix | 3 | ||||
| -rw-r--r-- | secrets/secrets.nix | 1 | ||||
| -rw-r--r-- | secrets/tailscale.age | 14 | ||||
| -rw-r--r-- | sys/systemd/default.nix | 6 |
12 files changed, 180 insertions, 53 deletions
diff --git a/flake.lock b/flake.lock index 21c9dca..4e3067f 100644 --- a/flake.lock +++ b/flake.lock @@ -16,11 +16,11 @@ ] }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -115,11 +115,11 @@ }, "crane": { "locked": { - "lastModified": 1769737823, - "narHash": "sha256-DrBaNpZ+sJ4stXm+0nBX7zqZT9t9P22zbk6m5YhQxS4=", + "lastModified": 1773857772, + "narHash": "sha256-5xsK26KRHf0WytBtsBnQYC/lTWDhQuT57HJ7SzuqZcM=", "owner": "ipetkov", "repo": "crane", - "rev": "b2f45c3830aa96b7456a4c4bc327d04d7a43e1ba", + "rev": "b556d7bbae5ff86e378451511873dfd07e4504cd", "type": "github" }, "original": { @@ -135,11 +135,11 @@ ] }, "locked": { - "lastModified": 1769524058, - "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", + "lastModified": 1773889306, + "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", "owner": "nix-community", "repo": "disko", - "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", + "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", "type": "github" }, "original": { @@ -187,11 +187,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -270,11 +270,11 @@ ] }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1769952507, - "narHash": "sha256-eNTfxT3v8b7s1dqswgposi5Y1CUMoOUhQKiy29QY25U=", + "lastModified": 1774007980, + "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=", "owner": "nix-community", "repo": "home-manager", - "rev": "b59376563943ce163b2553aeb63d0c170967d74e", + "rev": "9670de2921812bc4e0452f6e3efd8c859696c183", "type": "github" }, "original": { @@ -421,11 +421,11 @@ "libnbtplusplus": { "flake": false, "locked": { - "lastModified": 1744811532, - "narHash": "sha256-qhmjaRkt+O7A+gu6HjUkl7QzOEb4r8y8vWZMG2R/C6o=", + "lastModified": 1772016279, + "narHash": "sha256-7itkptyjoRcXfGLwg1/jxajetZ3a4mDc66+w4X6yW8s=", "owner": "PrismLauncher", "repo": "libnbtplusplus", - "rev": "531449ba1c930c98e0bcf5d332b237a8566f9d78", + "rev": "687e43031df0dc641984b4256bcca50d5b3f7de3", "type": "github" }, "original": { @@ -441,11 +441,11 @@ ] }, "locked": { - "lastModified": 1768764703, - "narHash": "sha256-5ulSDyOG1U+1sJhkJHYsUOWEsmtLl97O0NTVMvgIVyc=", + "lastModified": 1773000227, + "narHash": "sha256-zm3ftUQw0MPumYi91HovoGhgyZBlM4o3Zy0LhPNwzXE=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "0fc4e7ac670a0ed874abacf73c4b072a6a58064b", + "rev": "da529ac9e46f25ed5616fd634079a5f3c579135f", "type": "github" }, "original": { @@ -493,11 +493,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1769789167, - "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOs", "repo": "nixpkgs", - "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -542,11 +542,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1769789167, - "narHash": "sha256-kKB3bqYJU5nzYeIROI82Ef9VtTbu4uA3YydSk/Bioa8=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOs", "repo": "nixpkgs", - "rev": "62c8382960464ceb98ea593cb8321a2cf8f9e3e5", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -567,11 +567,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1769956774, - "narHash": "sha256-BlcRyXZv8f5Fq/INoL7sYiCxdN12/ebXpp/553pXLss=", + "lastModified": 1772402258, + "narHash": "sha256-3DmCFOdmbkFML1/G9gj8Wb+rCCZFPOQtNoMCpqOF8SA=", "owner": "nix-community", "repo": "nixvim", - "rev": "9fd62cece22beaccf8a86171613023ca549be9ac", + "rev": "21ae25e13b01d3b4cdc750b5f9e7bad68b150c10", "type": "github" }, "original": { @@ -615,11 +615,11 @@ ] }, "locked": { - "lastModified": 1769936361, - "narHash": "sha256-DM5PvdjXPbdIbIoWLAZhXGo63INmqyIsNYrZSmAC+zc=", + "lastModified": 1774049389, + "narHash": "sha256-kbS6cNHNhsEv7ZxXaVDGFKip0x8GBFkXYLp0gDDxk8s=", "owner": "PrismLauncher", "repo": "PrismLauncher", - "rev": "2338455076e7b0112d409472f998cdca43199cac", + "rev": "731866c5773d9ce079f6e9fd8f7ed10b71826689", "type": "github" }, "original": { @@ -698,11 +698,11 @@ ] }, "locked": { - "lastModified": 1769915446, - "narHash": "sha256-f1F/umtX3ZD7fF9DHSloVHc0mnAT0ry0YK2jI/6E0aI=", + "lastModified": 1773975983, + "narHash": "sha256-zrRVwdfhDdohANqEhzY/ydeza6EXEi8AG6cyMRNYT9Q=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "bc00300f010275e46feb3c3974df6587ff7b7808", + "rev": "cc80954a95f6f356c303ed9f08d0b63ca86216ac", "type": "github" }, "original": { @@ -718,11 +718,11 @@ ] }, "locked": { - "lastModified": 1769921679, - "narHash": "sha256-twBMKGQvaztZQxFxbZnkg7y/50BW9yjtCBWwdjtOZew=", + "lastModified": 1773889674, + "narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1e89149dcfc229e7e2ae24a8030f124a31e4f24f", + "rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5", "type": "github" }, "original": { @@ -752,11 +752,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769888473, - "narHash": "sha256-4KWbaJwaYnZ60bFyTudZYAKskjr7Sa17R3/yh+oXS7w=", + "lastModified": 1773792048, + "narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=", "owner": "danth", "repo": "stylix", - "rev": "ae5c0239ae4f82a8c7e33ad8a456535d5a9ba813", + "rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1", "type": "github" }, "original": { @@ -898,11 +898,11 @@ ] }, "locked": { - "lastModified": 1769691507, - "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "lastModified": 1773297127, + "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", "type": "github" }, "original": { diff --git a/hm/packages/default.nix b/hm/packages/default.nix index 363df37..9b5c4c1 100644 --- a/hm/packages/default.nix +++ b/hm/packages/default.nix @@ -11,7 +11,6 @@ in { [ godot_4 # gameengine # core tools - neofetch # a must-have lsd # ls in good ripgrep # amazing grep lf # file manager @@ -26,6 +25,7 @@ in { wl-clipboard # clipboard cli for wayland htop # resource usage exiftool # edit (photo) metadata + ente-desktop # client for ente photos gimp # image manipulation @@ -125,7 +125,7 @@ in { cmatrix # hacker tool lutris-free # another wine manager - wineWowPackages.waylandFull # wine + wineWow64Packages.waylandFull # wine # windowmanager nwg-panel diff --git a/modules/nixos/sils/default.nix b/modules/nixos/sils/default.nix index 24de0b9..db27868 100644 --- a/modules/nixos/sils/default.nix +++ b/modules/nixos/sils/default.nix @@ -23,8 +23,11 @@ ./printing.nix ./roles.nix ./sound.nix + ./steam.nix ./sudo.nix ./sway.nix ./theming + ./tailscale.nix + ./tor.nix ]; } diff --git a/modules/nixos/sils/networking.nix b/modules/nixos/sils/networking.nix index 4f55f49..9ec34ab 100644 --- a/modules/nixos/sils/networking.nix +++ b/modules/nixos/sils/networking.nix @@ -8,8 +8,10 @@ in { options.sils.networking.enable = lib.mkEnableOption "networking"; config = lib.mkIf cfg.enable { + services.resolved.enable = true; networking = { enableIPv6 = false; + useNetworkd = false; #useDHCP = true; networkmanager = { enable = true; @@ -17,6 +19,10 @@ in { networkmanager-openvpn ]; }; + nftables.enable = true; + firewall = { + enable = true; + }; #nameservers = ["2620:fe::fe" "2620:fe::9" "9.9.9.9" "149.112.112.112"]; #wireless = { # enable = false; # TODO: Reenable diff --git a/modules/nixos/sils/roles.nix b/modules/nixos/sils/roles.nix index e4a2c82..186b090 100644 --- a/modules/nixos/sils/roles.nix +++ b/modules/nixos/sils/roles.nix @@ -27,8 +27,14 @@ in { plymouth.enable = lib.mkDefault true; printing.enable = lib.mkDefault true; sound.enable = lib.mkDefault true; + steam.enable = lib.mkDefault true; sway.enable = lib.mkDefault false; theming.enable = lib.mkDefault true; + tailscale = { + enable = lib.mkDefault true; + role = "client"; + }; + tor.enable = lib.mkDefault true; } else if roleCmp "laptop-light" then { diff --git a/modules/nixos/sils/steam.nix b/modules/nixos/sils/steam.nix new file mode 100644 index 0000000..3c834a6 --- /dev/null +++ b/modules/nixos/sils/steam.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.steam; +in { + options.sils.steam.enable = lib.mkEnableOption "Steam"; + config = lib.mkIf cfg.enable { + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "steam" + "steam-unwrapped" + ]; + programs.steam = { + enable = true; + }; + }; +} diff --git a/modules/nixos/sils/tailscale.nix b/modules/nixos/sils/tailscale.nix new file mode 100644 index 0000000..e1f49a4 --- /dev/null +++ b/modules/nixos/sils/tailscale.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + ... +}: let + cfg = config.sils.tailscale; +in { + options.sils.tailscale = { + enable = lib.mkEnableOption "Tailscale"; + openFirewall = true; + role = lib.mkOption { + type = lib.types.enum [ + "client" + "server" + ]; + }; + }; + config = lib.mkIf cfg.enable { + services.tailscale = { + enable = true; + authKeyFile = config.age.secrets.tailscale.path; + useRoutingFeatures = cfg.role; + extraDaemonFlags = [ + "--no-logs-no-support" + ]; + extraSetFlags = [ + "--accept-routes" + ]; + }; + networking.firewall = { + trustedInterfaces = ["tailscale0"]; + allowedUDPPorts = [config.services.tailscale.port]; + checkReversePath = "loose"; + }; + systemd = { + services.tailscaled.serviceConfig.Environment = [ + "TS_DEBUG_FIREWALL_MODE=nftables" + ]; + network.wait-online.enable = false; + }; + boot.initrd.systemd.network.wait-online.enable = false; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/tailscale"; + user = "root"; + group = "root"; + mode = "0700"; + } + ]; + }; +} diff --git a/modules/nixos/sils/tor.nix b/modules/nixos/sils/tor.nix new file mode 100644 index 0000000..01fdc1f --- /dev/null +++ b/modules/nixos/sils/tor.nix @@ -0,0 +1,23 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.sils.tor; +in { + options.sils.tor.enable = lib.mkEnableOption "tor"; + config = lib.mkIf cfg.enable { + services = { + tor = { + enable = true; + torsocks.enable = true; + client.enable = true; + }; + snowflake-proxy = { + enable = true; + capacity = 5; + }; + }; + }; +} diff --git a/secrets/default.nix b/secrets/default.nix index a8d410a..21d5a28 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -15,5 +15,8 @@ pamu2f-mappings = { file = ./pamu2f-mappings.age; }; + tailscale = { + file = ./tailscale.age; + }; }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 760ef5d..86c7324 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,4 +13,5 @@ in { "resticssh.age".publicKeys = allSecrets; "resticpass.age".publicKeys = allSecrets; "pamu2f-mappings.age".publicKeys = allSecrets; + "tailscale.age".publicKeys = allSecrets; } diff --git a/secrets/tailscale.age b/secrets/tailscale.age new file mode 100644 index 0000000..06c8da1 --- /dev/null +++ b/secrets/tailscale.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFVlo2RzZQVG5XaVRHRGpa +OUg2ZHV2Wlg4L0xRd3hFN093bC9wT2RaQm5BCmtIR2dSeVBPMTAvS20zU3gwQjZJ +SDZVWUU3VEJ6a0xrdEN4V28xWlRtN00KLT4gc3NoLWVkMjU1MTkgL1BReS9BIEdn +RW5ET1J3Q3pweDRtOTZUYkVJOUdzU0Jmcy9CNVlkeWdFT1R3T1JaUzAKYVpIbjZu +TmtkNHVFNzlIS2w4NUVQbWxtZlhjWFpTTFNMaS9JY3J0M1NqOAotPiBzc2gtZWQy +NTUxOSBqY2E2SVEgVm9QeDgwOFAwNjZJNFdBajRiM1VoMURzN0Y5YVdvSzRFK0R2 +M1VBT0NrMAp4VUU2MlF3WkRLbm4zQnN2T3NUb21YN2NiVFFCNGRVZ041OEJTdkRZ +QW9jCi0+IGYtZ3JlYXNlIHk8dVFyWm0gSSE2CnRrYk1MMFdaNExTM0MyMmduU1gz +YWZXVkVpV1NIdwotLS0gZ0V1cXV4NzBKYXVmRG9EaWV6aU9FRlhSSUwwdVNqbVY3 +RkFTN05IdTYrZwoh+p+Fg7kPB6IEhwNjzldB9K2gQT6w+0iFcYah6S45NJKMcxqV +2f2+R6B9s3KQmP9PQc5AB0eqgwBWScE62DVVXat4dtPX8O6ywsUSvDBSDzSvcK2V +unKytDoKdkGVCQ== +-----END AGE ENCRYPTED FILE----- diff --git a/sys/systemd/default.nix b/sys/systemd/default.nix index b7bdbfb..b206d9c 100644 --- a/sys/systemd/default.nix +++ b/sys/systemd/default.nix @@ -1,5 +1,5 @@ {...}: { - systemd.sleep.extraConfig = '' - HibernateDelaySec=10m - ''; + systemd.sleep.settings.Sleep = { + HibernateDelaySec = "10m"; + }; } |