motiejus/config
1
Fork 0
Code Packages Releases Activity

24.11

Browse Source 
did not test samba and headscale yet

https://github.com/juanfont/headscale/issues/2210#issuecomment-2480130747
This commit is contained in:
Motiejus Jakštys 2024-11-16 01:51:50 +02:00
parent 112e51dc25
commit e1b782a3c6
12 changed files with 53 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
flake.lock generated
View File

@ -111,16 +111,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1731880681,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-FmYTkIyPBUxSWgA7DPIVTsCCMvSSbs56yOtHpLNSnKg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "aecd341dfead1c3ef7a3c15468ecd71e8343b7c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -186,16 +186,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1731797254, "lastModified": 1731755305,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "rev": "057f63b6dc1a2c67301286152eb5af20747a9cb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -218,11 +218,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1731998533, "lastModified": 1732045661,
"narHash": "sha256-N1wSCSUEGyih79czO2cBw25WqgsgJztGQmYqSPQmynA=", "narHash": "sha256-SJW1HVIbav/8NlEFMqfiqrhaKcpbMqMFCTZ0cOikXgA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "35d1aaf81870bf5ed50644978c7a1e2c08c9027c", "rev": "8ee137273e4a24ac661b43a195848beac5b3bd04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -247,11 +247,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1731363552, "lastModified": 1732021966,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@ -2,14 +2,14 @@
description = "motiejus/config"; description = "motiejus/config";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
flake-compat.url = "github:nix-community/flake-compat"; flake-compat.url = "github:nix-community/flake-compat";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
agenix = { agenix = {

2
hosts/fwminex/configuration.nix
View File

@ -250,7 +250,7 @@ in
''; '';
"irc.jakstys.lt".extraConfig = "irc.jakstys.lt".extraConfig =
let let
gamja = pkgs.pkgs-unstable.compressDrvWeb (pkgs.gamja.override { gamja = pkgs.compressDrvWeb (pkgs.gamja.override {
gamjaConfig = { gamjaConfig = {
server = { server = {
url = "irc.jakstys.lt:6698"; url = "irc.jakstys.lt:6698";

8
hosts/mtworx/configuration.nix
View File

@ -34,9 +34,6 @@ in
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
# 6.10+ to fix audio. Thanks https://github.com/ilian/cfg/blob/4588b90e674827304cd8e0b9d1aecd75416d1cde/hosts/carbon/configuration.nix#L19
kernelPackages = pkgs.linuxPackages_6_11;
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"xhci_pci" "xhci_pci"
@ -45,10 +42,7 @@ in
"usbhid" "usbhid"
"tpm_tis" "tpm_tis"
]; ];
systemd = { systemd.emergencyAccess = true;
enableTpm2 = true;
emergencyAccess = true;
};
luks.devices = { luks.devices = {
luksroot = { luksroot = {
device = "${nvme}-part3"; device = "${nvme}-part3";

2
hosts/vm/configuration.nix
View File

@ -1,6 +1,5 @@
{ {
self, self,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -24,7 +23,6 @@
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages;
supportedFilesystems = [ supportedFilesystems = [
"zfs" "zfs"
"btrfs" "btrfs"

1
hosts/vno1-gdrx/configuration.nix
View File

@ -34,7 +34,6 @@ in
}; };
boot = { boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
initrd = { initrd = {

2
hosts/vno3-rp3b/configuration.nix
View File

@ -126,7 +126,7 @@
# shared printing # shared printing
services.avahi = { services.avahi = {
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
openFirewall = true; openFirewall = true;
publish = { publish = {
enable = true; enable = true;

9
modules/profiles/desktop/default.nix
View File

@ -145,6 +145,7 @@ in
ffmpeg ffmpeg
tinycc tinycc
scrcpy scrcpy
cheese
arandr arandr
pandoc pandoc
evince evince
@ -163,6 +164,7 @@ in
libheif libheif
mplayer mplayer
tcpflow tcpflow
nautilus
smplayer smplayer
inkscape inkscape
chromium chromium
@ -209,10 +211,12 @@ in
graphicsmagick graphicsmagick
magic-wormhole magic-wormhole
signal-desktop signal-desktop
gnome-calendar
element-desktop element-desktop
netsurf-browser netsurf-browser
man-pages-posix man-pages-posix
git-filter-repo git-filter-repo
gnome-calculator
age-plugin-yubikey age-plugin-yubikey
hunspellDicts.en_US hunspellDicts.en_US
python3Packages.ipython python3Packages.ipython
@ -225,11 +229,6 @@ in
gcc_latest gcc_latest
clang-tools clang-tools
gnome.cheese
gnome.nautilus
gnome.gnome-calculator
gnome.gnome-calendar
xorg.xev xorg.xev
xorg.xeyes xorg.xeyes
xorg.lndir xorg.lndir

2
modules/services/gitea/default.nix
View File

@ -81,7 +81,7 @@
route /static/assets/* { route /static/assets/* {
uri strip_prefix /static uri strip_prefix /static
file_server * { file_server * {
root ${pkgs.pkgs-unstable.compressDrvWeb pkgs.gitea.data { }}/public root ${pkgs.compressDrvWeb pkgs.gitea.data { }}/public
precompressed zstd br gzip precompressed zstd br gzip
} }
} }

4
modules/services/headscale/default.nix
View File

@ -28,8 +28,8 @@
server_url = "https://vpn.jakstys.lt"; server_url = "https://vpn.jakstys.lt";
ip_prefixes = [ config.mj.services.headscale.subnetCIDR ]; ip_prefixes = [ config.mj.services.headscale.subnetCIDR ];
log.level = "warn"; log.level = "warn";
dns_config = { dns = {
nameservers = [ nameservers.global = [
"1.1.1.1" "1.1.1.1"
"8.8.4.4" "8.8.4.4"
]; ];

7
modules/services/immich/default.nix
View File

@ -3,12 +3,10 @@
lib, lib,
pkgs, pkgs,
myData, myData,
nixpkgs-unstable,
... ...
}: }:
let let
cfg = config.mj.services.immich; cfg = config.mj.services.immich;
immich-package = pkgs.pkgs-unstable.immich;
immich-user = config.services.immich.user; immich-user = config.services.immich.user;
immich-group = config.services.immich.group; immich-group = config.services.immich.group;
startScript = pkgs.writeShellApplication { startScript = pkgs.writeShellApplication {
@ -28,7 +26,7 @@ let
exec setpriv \ exec setpriv \
--ruid ${immich-user} \ --ruid ${immich-user} \
--inh-caps -all \ --inh-caps -all \
${lib.getExe immich-package} ${lib.getExe pkgs.immich}
''; '';
}; };
in in
@ -38,12 +36,9 @@ in
bindPaths = lib.mkOption { type = attrsOf str; }; bindPaths = lib.mkOption { type = attrsOf str; };
}; };
imports = [ "${nixpkgs-unstable}/nixos/modules/services/web-apps/immich.nix" ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.immich = { services.immich = {
package = immich-package;
enable = true; enable = true;
port = myData.ports.immich-server; port = myData.ports.immich-server;

28
modules/services/jakstpub/default.nix
View File

@ -31,18 +31,7 @@ in
''; '';
}; };
samba = { samba =
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
enable = true;
securityType = "user";
enableNmbd = false;
enableWinbindd = false;
extraConfig = ''
map to guest = Bad User
guest account = jakstpub
server role = standalone server
'';
shares =
let let
defaults = { defaults = {
"public" = "yes"; "public" = "yes";
@ -53,6 +42,21 @@ in
}; };
in in
{ {
# https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
enable = true;
nmbd.enable = false;
winbindd.enable = false;
settings = {
global = {
security = "user";
"map to guest" = "Bad User";
"guest account" = "jakstpub";
"server role" = "standalone server";
};
public = defaults // { public = defaults // {
"path" = cfg.dataDir; "path" = cfg.dataDir;
"writeable" = "yes"; "writeable" = "yes";