aboutsummaryrefslogtreecommitdiffstats
path: root/hosts
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--hosts/arrakis/default.nix8
-rw-r--r--hosts/common/optional/games.nix11
-rw-r--r--hosts/common/optional/pipewire.nix2
-rw-r--r--hosts/common/optional/services/nsd/bitgnome.net.zone8
-rw-r--r--hosts/common/optional/services/xorg.nix21
-rw-r--r--hosts/common/optional/sound.nix8
-rw-r--r--hosts/common/users/don/default.nix2
-rw-r--r--hosts/darkstar/default.nix7
-rw-r--r--hosts/fangorn/default.nix67
-rw-r--r--hosts/richese/default.nix2
-rw-r--r--hosts/secrets/arrakis.yaml12
-rw-r--r--hosts/secrets/fangorn.yaml25
12 files changed, 89 insertions, 84 deletions
diff --git a/hosts/arrakis/default.nix b/hosts/arrakis/default.nix
index 7385eaf..976cfe9 100644
--- a/hosts/arrakis/default.nix
+++ b/hosts/arrakis/default.nix
@@ -78,7 +78,7 @@
environment.systemPackages = with pkgs; [
angband
- assaultcube
+ #assaultcube
bsdgames
bzflag
extremetuxracer
@@ -195,6 +195,11 @@
presharedKeyFile = "${config.sops.secrets."wireguard/timetrad_psk".path}";
publicKey = "/lWCEMGRIr3Gl/3GQYuweAKylhH5H2KqamiXeocYFVM=";
}
+ { # fangorn
+ allowedIPs = [ "10.4.20.9/32" ];
+ presharedKeyFile = "${config.sops.secrets."wireguard/fangorn_psk".path}";
+ publicKey = "G4oahOfaCR+ecXLGM2ilPYzqX6x8v/6z8VIo2vP2RC4=";
+ }
{ # ginaz
allowedIPs = [ "10.4.20.254/32" ];
presharedKeyFile = "${config.sops.secrets."wireguard/ginaz_psk".path}";
@@ -243,6 +248,7 @@
"ssh_config".path = "/root/.ssh/config";
"wireguard/arrakis_key" = {};
"wireguard/black-sheep_psk" = {};
+ "wireguard/fangorn_psk" = {};
"wireguard/ginaz_psk" = {};
"wireguard/homer_psk" = {};
"wireguard/lilnasx_psk" = {};
diff --git a/hosts/common/optional/games.nix b/hosts/common/optional/games.nix
index 39a07cd..fa144f8 100644
--- a/hosts/common/optional/games.nix
+++ b/hosts/common/optional/games.nix
@@ -1,16 +1,7 @@
{ pkgs, ... }:
{
- #environment.systemPackages = builtins.attrValues {
- # inherit (pkgs)
- # godot_4
- # mame
- # mednafen
- # mednaffe
- # winetricks;
- #};
-
environment.systemPackages = with pkgs; [
- godot_4
+ #godot
mame
mame.tools
mednafen
diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix
index da69705..a2c9b1a 100644
--- a/hosts/common/optional/pipewire.nix
+++ b/hosts/common/optional/pipewire.nix
@@ -4,7 +4,7 @@
easyeffects
pamixer
pavucontrol
- master.pwvucontrol
+ pwvucontrol
qpwgraph
];
diff --git a/hosts/common/optional/services/nsd/bitgnome.net.zone b/hosts/common/optional/services/nsd/bitgnome.net.zone
index 038a860..f5ff137 100644
--- a/hosts/common/optional/services/nsd/bitgnome.net.zone
+++ b/hosts/common/optional/services/nsd/bitgnome.net.zone
@@ -3,7 +3,7 @@ $ORIGIN bitgnome.net.
$TTL 1h
@ in soa ns.bitgnome.net. nipsy.bitgnome.net. (
- 2025033101 ; serial
+ 2025040901 ; serial
1d ; refresh
2h ; retry
4w ; expire
@@ -29,7 +29,7 @@ $TTL 1h
; name servers
ns in a 5.161.149.85
ns in aaaa 2a01:4ff:f0:e164::1
-ns2 in a 67.5.119.0
+ns2 in a 67.5.118.253
; srv records
_xmpp-client._tcp 5m in srv 0 0 5222 bitgnome.net.
@@ -67,10 +67,10 @@ mta-sts 5m in cname @
;royder in cname @
; external machines
-arrakis 1m in a 67.5.119.0
+arrakis 1m in a 67.5.118.253
;darkstar 1m in a 66.69.213.114
;nb 1m in a 67.10.209.108
;terraria 1m in a 128.83.27.4
;caladan 1m in a 104.130.129.241
;caladan 1m in aaaa 2001:4800:7818:101:be76:4eff:fe03:db44
-darkstar 1m in a 67.5.119.0
+darkstar 1m in a 67.5.118.253
diff --git a/hosts/common/optional/services/xorg.nix b/hosts/common/optional/services/xorg.nix
index 712886f..a124998 100644
--- a/hosts/common/optional/services/xorg.nix
+++ b/hosts/common/optional/services/xorg.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
chafa
@@ -67,17 +67,24 @@
services = {
blueman.enable = true;
- displayManager.defaultSession = "xsession";
+ displayManager = lib.mkIf (config.networking.hostName != "fangorn") {
+ defaultSession = "xsession";
+ };
libinput.enable = true;
picom.enable = true;
printing.enable = true;
xserver = {
- displayManager.lightdm = {
- enable = true;
- extraSeatDefaults = ''greeter-hide-users=true'';
- };
+ displayManager.lightdm = lib.mkMerge [
+ (lib.mkIf (config.networking.hostName == "fangorn") {
+ enable = true;
+ })
+ (lib.mkIf (config.networking.hostName != "fangorn") {
+ enable = true;
+ extraSeatDefaults = ''greeter-hide-users=true'';
+ })
+ ];
- displayManager.session = [
+ displayManager.session = lib.mkIf (config.networking.hostName != "fangorn") [
{
manage = "desktop";
name = "xsession";
diff --git a/hosts/common/optional/sound.nix b/hosts/common/optional/sound.nix
index d409196..5cde16f 100644
--- a/hosts/common/optional/sound.nix
+++ b/hosts/common/optional/sound.nix
@@ -21,7 +21,7 @@
lsp-plugins
metersLv2
odin2
- oxefmsynth
+ master.oxefmsynth
polyphone
qsynth
reaper
@@ -41,11 +41,11 @@
wavpack
winetricks
wineWowPackages.stagingFull
- master.yabridge
- master.yabridgectl
+ #master.yabridge
+ #master.yabridgectl
yoshimi
zam-plugins
- master.zynaddsubfx
+ zynaddsubfx
];
};
}
diff --git a/hosts/common/users/don/default.nix b/hosts/common/users/don/default.nix
index 9b958c6..443c2db 100644
--- a/hosts/common/users/don/default.nix
+++ b/hosts/common/users/don/default.nix
@@ -26,7 +26,7 @@ in
#];
packages = [ pkgs.home-manager ];
- shell = pkgs.zsh;
+ #shell = pkgs.zsh;
uid = uid;
};
}
diff --git a/hosts/darkstar/default.nix b/hosts/darkstar/default.nix
index 910e077..4bb6c91 100644
--- a/hosts/darkstar/default.nix
+++ b/hosts/darkstar/default.nix
@@ -22,10 +22,9 @@
zfs.package = pkgs.master.zfs;
};
- #environment.systemPackages = with pkgs; [
- # wpa_supplicant
- # somethingelse
- #];
+ environment.systemPackages = with pkgs; [
+ speedtest-go
+ ];
imports = [
./disks.nix
diff --git a/hosts/fangorn/default.nix b/hosts/fangorn/default.nix
index 9194dae..9a41013 100644
--- a/hosts/fangorn/default.nix
+++ b/hosts/fangorn/default.nix
@@ -1,4 +1,4 @@
-{ config, inputs, outputs, pkgs, ... }: {
+{ config, inputs, lib, outputs, pkgs, ... }: {
boot = {
kernelPackages = pkgs.linuxPackages_6_12;
loader = {
@@ -15,7 +15,6 @@
environment.systemPackages = with pkgs; [
signal-desktop
- #master.wsmancli
wpa_supplicant
];
@@ -24,16 +23,17 @@
./hardware-configuration.nix
../common/core
#../common/optional/db.nix
- #../common/optional/dev.nix
- #../common/optional/ebooks.nix
+ ../common/optional/dev.nix
+ ../common/optional/ebooks.nix
#../common/optional/games.nix
- #../common/optional/misc.nix
- #../common/optional/multimedia.nix
+ ../common/optional/misc.nix
+ ../common/optional/multimedia.nix
../common/optional/pipewire.nix
+ ../common/optional/services/nolid.nix
../common/optional/services/openssh.nix
#../common/optional/services/tlp.nix
- #../common/optional/services/xorg.nix
- #../common/optional/sound.nix
+ ../common/optional/services/xorg.nix
+ ../common/optional/sound.nix
../common/optional/wdt.nix
../common/optional/zfs.nix
../common/users/don
@@ -42,6 +42,9 @@
];
networking = {
+ firewall.extraInputRules = ''
+ iifname "wg0" tcp dport ssh counter accept
+ '';
hostId = "6f1faddc";
hostName = "fangorn";
networkmanager.enable = true;
@@ -59,45 +62,23 @@
];
};
- services.openssh.settings.X11Forwarding = true;
+ services.openssh = {
+ openFirewall = false;
+ settings.X11Forwarding = true;
+ };
+ services.xserver.desktopManager.xfce.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
- #sops = {
- # age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
- # defaultSopsFile = ../secrets/fangorn.yaml;
+ sops = {
+ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+ defaultSopsFile = ../secrets/fangorn.yaml;
- # secrets = {
- # "nftables/ssh" = {};
- # "nix-access-token-github" = {};
- # "ssh_config".path = "/root/.ssh/config";
- # };
- #};
+ secrets = {
+ "nix-access-token-github" = {};
+ };
+ };
system.stateVersion = "23.11";
- #systemd.services."nftables-extra" = let rules_script = ''
- # ${pkgs.nftables}/bin/nft -f ${config.sops.secrets."nftables/ssh".path}
- # ''; in {
- # description = "nftables extra firewall rules";
- # reload = rules_script;
- # script = rules_script;
- # serviceConfig = {
- # RemainAfterExit = true;
- # Type = "oneshot";
- # };
- # unitConfig = {
- # ConditionPathExists = config.sops.secrets."nftables/ssh".path;
- # ReloadPropagatedFrom = "nftables.service";
- # };
- # wantedBy = [ "multi-user.target" ];
- # after = [ "nftables.service" ];
- # partOf = [ "nftables.service" ];
- #};
-
- #systemd.paths."nftables-extra" = {
- # pathConfig = {
- # PathExists = config.sops.secrets."nftables/ssh".path;
- # };
- # wantedBy = [ "multi-user.target" ];
- #};
+ time.timeZone = lib.mkForce "America/Chicago";
}
diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix
index 5d9e2fc..86737a9 100644
--- a/hosts/richese/default.nix
+++ b/hosts/richese/default.nix
@@ -12,7 +12,7 @@
environment.systemPackages = with pkgs; [
git-review
- master.openstackclient-full
+ openstackclient-full
];
imports = [
diff --git a/hosts/secrets/arrakis.yaml b/hosts/secrets/arrakis.yaml
index 5261c80..04c7bfd 100644
--- a/hosts/secrets/arrakis.yaml
+++ b/hosts/secrets/arrakis.yaml
@@ -5,6 +5,7 @@ ssh_config: ENC[AES256_GCM,data:OjZ79joE5H4vcPpgC8o7u65Z96kpc36k+wA76/+aedb1O0oA
wireguard:
arrakis_key: ENC[AES256_GCM,data:jJxltF+jMKMchavpXWKGFmFI3K/Qkgmroc68nUzYL71kKR+WFMPUzDjXW0Y=,iv:RESrP6zChCIMeDn65mu7ULvfeT5QRRX76TdyOAjE/fw=,tag:0QXp38YwTJZS8phv9ObrhQ==,type:str]
black-sheep_psk: ENC[AES256_GCM,data:ZBR7CQJLBltt9lTeN16SUte0xt90oVoJfvWrdF8gVAPQgvGIp/t3i5L2+eA=,iv:ilqCFzHhjgxU7FRcj0Ymi/t53NPt8QMJD56azsNQMe4=,tag:i4TIQryxzJpGaM8KGCVXQA==,type:str]
+ fangorn_psk: ENC[AES256_GCM,data:Ob994Cp+CDDfg4IEVGPnf265sDXe2zS9snehBvfr87x6kGq1YnKJQzkGXx4=,iv:mNDGwyRI0T3FHbPw9Z3NX+3/PmiIXiA+C1QUYYTdENc=,tag:Hz4qSjF7EmXA5ovnGLH3sQ==,type:str]
ginaz_psk: ENC[AES256_GCM,data:Iy/jyCcXl5VnSArA+Uazww/refw+Flopi2CnUgXyB/lnL6ykqawztK6KSBU=,iv:rB9eeMXqa+ZptLenJs/x9yffu4s10YwI11A1EPUHY54=,tag:1rw8SyfXyKA9IW3SUfYbTg==,type:str]
homer_psk: ENC[AES256_GCM,data:JaUJEWlcEhWeT+g5J+ysQ7rHFW8bxyDiciqrwL4JH493fQNCBnIkfJXtjfg=,iv:l95W7lVeBZhS2YwWN8biyFHBlAUwP7+DrSOVAhowC+I=,tag:q+wDpSGlT3nb+88yYMNzhQ==,type:str]
lilnasx_psk: ENC[AES256_GCM,data:wssUtPGQfs2Gt63Iq+QD7nQsAaua/OP0tcTmxlWFPTjPF3PzU2Y8m/76B3w=,iv:1jSwB0XkC+Gcn2JRNcaGd3hhJebmdfaF1N6PNDEdkSU=,tag:GVigw9hi66q2+q06g+WumA==,type:str]
@@ -15,10 +16,6 @@ wireguard:
wg1_conf: ENC[AES256_GCM,data:FeRx87Ynsku8RPJ34HX4WZbvrl0NMKQVUueYevXhZi/uxehsttjqdZyhKGG8ZZW2rYNT7PADp90NcOYRuS2bquFuU+XSK21xDC7myk9EMHtEh1t2nk8ILYV590eQVceyQCb9XNjlypI0QJEBItODg9DAGHf9WqV232zj2NcXmUEFwdQpWt3NnFo7Dku1KTmNWIQhfKL96casrHP5j7YHASlbLC5xmieZ8IPasfozPCDwQJMxdA5PH5rr7DEcjIrOgYSqa7G9VcPWlBfiuyEI0MZVYhF2pl4P57LVZNDRf8XamOcsphnRfgr6JYArxrHl3H5r4Nbcz3I09W8rrw==,iv:qAB6GAKDLg4P0g+5cRPcOWS2DvW7dcMJp7Fb4hDArfo=,tag:cacQeEAR7gjA/40Msuh/8g==,type:str]
wpa_supplicant: ENC[AES256_GCM,data:HHs6g3qaaeinVGgteExQvhE0CEC94WjJ0tV7pyI=,iv:6F+DYHieaWWo+V1F9yjwWT7PcdiIpH48nv1SUrFHePk=,tag:cpimCP+YNmCI+t+wpuXwHg==,type:str]
sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
age:
- recipient: age1mkqxkwse7hrnxtcgqe0wdzhhrxk55syx2wpcngemecz0d7hugsnqupw3de
enc: |
@@ -38,8 +35,7 @@ sops:
ejRLb2Vkd1B3QmxLSE1wUzgrazZJT0UKz1IQxYm7hagYtBsWTpk+f6/79ArRUgNL
MfhHMQAwuuXjBSmuFolyU3UoWnDYK6uGAv5nlTJxESqj5eQBafItSw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-03-18T20:40:33Z"
- mac: ENC[AES256_GCM,data:QTqow9+HbTDkMAfsVsiTIyac9xEU7kb+2z1u2oagUauCvtnCphCF0O+NzPwmOcFxhGn28AZ+K9EeKC5XGKcRI/bYY7wLhaz4DZVhYqTu2JSJ+2XweJOEA7JjgGa2rSEi8KTEe2adCHvf1zwyq1nmyFroJCqT5azvp91o11XwVZA=,iv:/WBKPz2TMw1S7+OVRpA5dPHNr7x18oi0NWXh3RcWOvM=,tag:bdfp9WF8X8FXFXjjaYpdKg==,type:str]
- pgp: []
+ lastmodified: "2025-04-14T20:34:45Z"
+ mac: ENC[AES256_GCM,data:kcnVhndV8yJRTA19VcNazNKc1K+cYgTCdX2HC5i92mGZOFSd923EgSodCI0Ykz1rBjtO2FRnFAMfYyL4ae0dG9LOxYchh4vEhUZuSCuqUqmr9fUKGe9AqJSFpFW3qRXaAzKEBseGn+r0fnPq06LE0859f444Oz4vjgEHSudT9cg=,iv:Z5v0j94n9QVS+xrwfgOJD3krP9L6phzeD6ZKNxdiZMw=,tag:9VKs+3zZm+dR//MZrQIqVg==,type:str]
unencrypted_suffix: _unencrypted
- version: 3.9.4
+ version: 3.10.1
diff --git a/hosts/secrets/fangorn.yaml b/hosts/secrets/fangorn.yaml
new file mode 100644
index 0000000..dd5ab96
--- /dev/null
+++ b/hosts/secrets/fangorn.yaml
@@ -0,0 +1,25 @@
+nix-access-token-github: ENC[AES256_GCM,data:5VERSDp1ROol58nG80J+84fBB7k8GyFd46U/D2+zW1iVV12Y+IbJf9SNuR0Wca1qOxR4v6qRZjkTOL/d72SwBCGfmkA=,iv:qn8u70EGF/2H7tQO86rLNQVPeoTuk9eyn0SFwrHpHRs=,tag:bPGqZUavVXzmZZGrMUkveQ==,type:str]
+sops:
+ age:
+ - recipient: age15yqlem4d5h4mz808j72ccd8mrdu4p8hyal2k988jdcmtqrns23xq80896d
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUcWdVV0hNMlJSTnRPV1lu
+ WnRNalM4cjA2bUdYclRxcmFGSTVjMEYrV1FJClB6NGsrcnlpWDJWK1M1ZmtDbE54
+ SmhwZk5VUTJGSWVEbkVXMkRydEJ2cWMKLS0tIGVBb3BBRnExd25FblNOR1FLWWF6
+ NUU0cjAzOW1nblJ6SEZjN3NpZFJpRDQKwIG60pc821BmWTymHeyY1SSLy6jpFowN
+ 2AuzBldfk9Tm3g/bfcXV8Af/YQMX53xrYawUQiDALOHNAj7smZWvRw==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzZjFkcUxxM0VsV2RFSjhv
+ d0FyKzBZTllGTnRLL1d5NmNBT0R3b2dhZ1M4CkVEOTJ5SUpDVUF3N0hJWEtOL2xP
+ eVFnNkJST2R0U1RDZ1pOdTlGUzF3UzAKLS0tIEUydVcyMmFlMEpXemNKcnJsYS9V
+ M3F3blQ1dGxoWml5WEc1R0ZjblN3bkUK0+9zLdJi4u9JE3ijbP/SVNPqe6tXBcqw
+ gS+N2V47O63fjGM/VSXMywrB5aatwU9xUW5+A68qwgHCXTcHYGiHvA==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2025-04-14T19:53:57Z"
+ mac: ENC[AES256_GCM,data:JlVFa18N4w+y4RIK5GG8XspsW6BL9U7IpU6IEpG3u4R+h/3UpLFvVqOE+sK4zdUaDNajHk0Hc3oE2RRsTaf0MUif2utqSpT1y7fqaVBj6LBrqH7pu3KNRnktfLb/VOyovAj6yT1Rmko1YtcKw6ZPu4r9t/Vi5FAZP1+3qLmWyv4=,iv:e9z7vP2W4AWACCEDto1eY2i0PwD4l6W3c6+KWcduwZw=,tag:LQoyet3sJKh4bpn+FE40Yw==,type:str]
+ unencrypted_suffix: _unencrypted
+ version: 3.10.1
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-19 07:56:58 +0000