reconfigure sternchen
This commit is contained in:
Ingolf Wagner
parent
0c756f7749
commit
b8af70ffc7
8 changed files with 34 additions and 118 deletions
|
|
@ -281,6 +281,15 @@
|
|||
|
||||
nixosConfigurations =
|
||||
{
|
||||
sternchen = nixosConfigurationSetup {
|
||||
name = "sternchen";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
||||
#retiolum.nixosModules.retiolum
|
||||
#private_assets.nixosModules.jobrad
|
||||
homeManagerModules
|
||||
];
|
||||
};
|
||||
sterni = nixosConfigurationSetup {
|
||||
name = "sterni";
|
||||
modules = [
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ in
|
|||
};
|
||||
cream = {
|
||||
subnets = [{ address = hosts.cream; }];
|
||||
settings.Ed25519PublicKey = "";
|
||||
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
||||
};
|
||||
sterni = {
|
||||
subnets = [{ address = hosts.sterni; }];
|
||||
|
|
@ -65,6 +65,10 @@ in
|
|||
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
"cream.${network}" = {
|
||||
hostNames = [ "cream.${network}" hosts.cream ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
||||
};
|
||||
"sternchen.${network}" = {
|
||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
||||
|
|
|
|||
|
|
@ -11,15 +11,19 @@
|
|||
|
||||
];
|
||||
|
||||
|
||||
home-manager.users.mainUser.home.git-pull.enable = false;
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/sternchen.yaml;
|
||||
networking.hostName = "sternchen";
|
||||
|
||||
components.gui.enable = true;
|
||||
components.terminal.enable = true;
|
||||
components.network.enable = true;
|
||||
components.network.wifi.enable = true;
|
||||
components.mainUser.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "video" ];
|
||||
home-manager.users.mainUser.home.git-pull.enable = false;
|
||||
system.custom.mainUser.userName = "tina";
|
||||
|
||||
system.custom.wifi.interfaces = [ "wlp3s0" ];
|
||||
#system.custom.wifi.interfaces = [ "wlp3s0" ];
|
||||
|
||||
security.wrappers = {
|
||||
pmount = {
|
||||
|
|
@ -37,7 +41,7 @@
|
|||
};
|
||||
|
||||
programs.custom.steam.enable = false;
|
||||
programs.custom.video.enable = true;
|
||||
programs.custom.video.enable = false;
|
||||
|
||||
# keyboard fiddling
|
||||
i18n.defaultLocale = "de_DE.UTF-8";
|
||||
|
|
@ -45,7 +49,7 @@
|
|||
services.xserver.layout = "de,us";
|
||||
|
||||
system.custom.suspend.enable = false;
|
||||
services.printing.enable = true;
|
||||
services.printing.enable = false;
|
||||
|
||||
# fonts
|
||||
# -----
|
||||
|
|
@ -62,13 +66,13 @@
|
|||
# for congress and streaming
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
extraPackages = [ pkgs.vaapiIntel ];
|
||||
#extraPackages = [ pkgs.vaapiIntel ];
|
||||
driSupport = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
};
|
||||
#nixpkgs.config.packageOverrides = pkgs: {
|
||||
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
#};
|
||||
|
||||
services.xserver.displayManager.defaultSession = "plasma";
|
||||
|
||||
|
|
@ -76,7 +80,6 @@
|
|||
services.xserver.desktopManager.xfce.enable = false;
|
||||
services.xserver.desktopManager.gnome.enable = false;
|
||||
|
||||
|
||||
services.xserver.desktopManager.cinnamon.enable = true;
|
||||
services.xserver.desktopManager.lxqt.enable = true;
|
||||
services.xserver.desktopManager.mate.enable = true;
|
||||
|
|
@ -93,13 +96,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
# enable this to use sidequest
|
||||
programs.adb.enable = false;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "video" ];
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = false;
|
||||
|
||||
virtualbox = {
|
||||
host.enable = false;
|
||||
guest.x11 = false;
|
||||
|
|
|
|||
|
|
@ -40,6 +40,8 @@
|
|||
#synfigstudio
|
||||
valentina
|
||||
|
||||
vscode
|
||||
|
||||
# kde programs
|
||||
okular
|
||||
ark
|
||||
|
|
|
|||
|
|
@ -1,18 +1,7 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{ config, ... }:
|
||||
{
|
||||
|
||||
module.cluster.services.tinc = {
|
||||
"secret" = {
|
||||
enable = true;
|
||||
openPort = true;
|
||||
connectTo = [ "robi" ];
|
||||
};
|
||||
};
|
||||
|
||||
users.users."tinc.secret".group = "tinc.secret";
|
||||
users.groups."tinc.secret" = { };
|
||||
tinc.secret.enable = true;
|
||||
tinc.secret.ipv4 = "10.123.42.25";
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,85 +0,0 @@
|
|||
{ lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
wifi = "wlp0s29u1u2";
|
||||
ipAddress = "10.123.145.1";
|
||||
prefixLength = 24;
|
||||
servedAddressRange = "10.123.145.2,10.123.145.150,12h";
|
||||
ssid = "bumbumbum";
|
||||
wifiPassword = lib.fileContents <secrets/wifi-access-point>;
|
||||
|
||||
in
|
||||
{
|
||||
# todo only open needed ports
|
||||
networking.firewall.trustedInterfaces = [ wifi ];
|
||||
|
||||
networking.networkmanager.unmanaged = [ wifi ];
|
||||
networking.dhcpcd.denyInterfaces = [ wifi ];
|
||||
|
||||
networking.interfaces."${wifi}".ipv4.addresses = [{
|
||||
address = ipAddress;
|
||||
prefixLength = prefixLength;
|
||||
}];
|
||||
|
||||
# forward traffic coming in trough the access point => provide internet and vpn network access
|
||||
# todo : forward to own servers
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.${wifi}.forwarding" = true;
|
||||
"net.ipv6.conf.${wifi}.forwarding" = true;
|
||||
};
|
||||
|
||||
systemd.services.hostapd = {
|
||||
description = "hostapd wireless AP";
|
||||
path = [ pkgs.hostapd ];
|
||||
|
||||
# start manual
|
||||
# wantedBy = [ "network.target" ];
|
||||
|
||||
after = [
|
||||
"${wifi}-cfg.service"
|
||||
"nat.service"
|
||||
"bind.service"
|
||||
"dhcpd.service"
|
||||
"sys-subsystem-net-devices-${wifi}.device"
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
|
||||
pkgs.writeText "hostapd.conf" ''
|
||||
interface=${wifi}
|
||||
hw_mode=g
|
||||
channel=10
|
||||
ieee80211d=1
|
||||
country_code=DE
|
||||
ieee80211n=1
|
||||
wmm_enabled=1
|
||||
|
||||
ssid=${ssid}
|
||||
auth_algs=1
|
||||
wpa=2
|
||||
wpa_key_mgmt=WPA-PSK
|
||||
rsn_pairwise=CCMP
|
||||
wpa_passphrase=${wifiPassword}
|
||||
''
|
||||
}";
|
||||
Restart = "always";
|
||||
};
|
||||
};
|
||||
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
# Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to
|
||||
# localhost and udp port 67 to world:
|
||||
interface=${wifi}
|
||||
|
||||
# Explicitly specify the address to listen on
|
||||
listen-address=${ipAddress}
|
||||
|
||||
# Dynamic range of IPs to make available to LAN PC and the lease time.
|
||||
# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
|
||||
dhcp-range=${servedAddressRange}
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -26,7 +26,6 @@
|
|||
components.mainUser.enable = true;
|
||||
users.users.mainUser.extraGroups = [ "adbusers" "video" ];
|
||||
|
||||
# todo
|
||||
programs.custom.steam.enable = false;
|
||||
programs.custom.video.enable = false;
|
||||
services.printing.enable = false;
|
||||
|
|
@ -86,7 +85,7 @@
|
|||
};
|
||||
|
||||
# enable this to use sidequest
|
||||
programs.adb.enable = true;
|
||||
# programs.adb.enable = false;
|
||||
|
||||
# for congress and streaming
|
||||
hardware.opengl = {
|
||||
|
|
|
|||
Loading…
Reference in a new issue