diff --git a/flake.lock b/flake.lock index ecb892f..83b9d80 100644 --- a/flake.lock +++ b/flake.lock @@ -797,6 +797,22 @@ "type": "github" } }, + "nixpkgs-working-xrdp": { + "locked": { + "lastModified": 1748395176, + "narHash": "sha256-mkXRJlVaWUwRzWPiswA6gGnXno2wzDrHsTGLMknK8ck=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af3da081316501d9744dbb4d988fafcdda2bf6cb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "af3da081316501d9744dbb4d988fafcdda2bf6cb", + "type": "github" + } + }, "nixvim": { "inputs": { "flake-parts": "flake-parts", @@ -945,6 +961,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-working-xrdp": "nixpkgs-working-xrdp", "nixvim": "nixvim", "nur": "nur", "quickshell": "quickshell", diff --git a/flake.nix b/flake.nix index 924d201..ead48aa 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + nixpkgs-working-xrdp.url = "github:NixOS/nixpkgs/af3da081316501d9744dbb4d988fafcdda2bf6cb"; # cosmic testing #nixos-cosmic = { # url = "github:lilyinstarlight/nixos-cosmic"; @@ -160,6 +161,13 @@ "amd-server" = mkHost { modules = [ ./users/kopatz ./systems/amd-server/configuration.nix ]; }; + "amd-server-vpn-vm" = mkHost { + modules = [ + ./users/anon + ./systems/amd-server-vpn-vm/configuration.nix + disko.nixosModules.disko + ]; + }; # build vm -> nixos-rebuild build-vm --flake .#vm "vm" = mkHost { modules = [ ./users/vm ./systems/vm/configuration.nix ]; }; diff --git a/home-manager/nixvim/default.nix b/home-manager/nixvim/default.nix index 9179dba..98b8f48 100644 --- a/home-manager/nixvim/default.nix +++ b/home-manager/nixvim/default.nix @@ -1,12 +1,15 @@ -{ lib, pkgs, ... }: +{ lib, pkgs, osConfig, ... }: # https://nix-community.github.io/nixvim/NeovimOptions/index.html let + cfg = osConfig.custom.nixvimPlugins; args = { inherit lib pkgs; }; importFile = file: let config = import file; in if builtins.isFunction config then config args else config; configs = map importFile [ + ./config.nix + ] ++ lib.optionals cfg [ ./auto-pairs.nix ./autosave.nix ./blankline.nix @@ -26,7 +29,6 @@ let ./trouble.nix ./which_key.nix ./wilder.nix - ./config.nix ]; merged = builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs; diff --git a/modules/default.nix b/modules/default.nix index 36b72fc..8165959 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -13,6 +13,8 @@ # Set your time zone. time.timeZone = "Europe/Vienna"; + services.speechd.enable = false; + # Select internationalisation properties. i18n = { defaultLocale = "en_US.UTF-8"; diff --git a/modules/hardware/amd-gpu.nix b/modules/hardware/amd-gpu.nix index fc1ad84..50cee6d 100644 --- a/modules/hardware/amd-gpu.nix +++ b/modules/hardware/amd-gpu.nix @@ -3,12 +3,13 @@ let cfg = config.custom.hardware.amd-gpu; in { options.custom.hardware.amd-gpu = { enable = lib.mkEnableOption "Enables amd gpus"; + overdrive = lib.mkEnableOption "Enables overdrive"; rocm.enable = lib.mkEnableOption "Enables rocm"; }; config = lib.mkIf cfg.enable { - boot.kernelParams = + boot.kernelParams = lib.mkIf cfg.overdrive [ "amdgpu.ppfeaturemask=0xfff7ffff" "split_lock_detect=off" ]; hardware.graphics = { @@ -21,16 +22,17 @@ in { services.xserver.videoDrivers = [ "amdgpu" ]; # controller (overclock, undervolt, fan curves) environment.systemPackages = with pkgs; [ - lact nvtopPackages.amd amdgpu_top ] ++ lib.optionals cfg.rocm.enable [ clinfo rocmPackages.rocminfo + ] ++ lib.optionals cfg.overdrive [ + lact ]; systemd = { - packages = with pkgs; [ lact ]; - services.lactd.wantedBy = [ "multi-user.target" ]; + packages = lib.mkIf cfg.overdrive (with pkgs; [ lact ]); + services.lactd.wantedBy = lib.mkIf cfg.overdrive [ "multi-user.target" ]; #rocm tmpfiles.rules = let diff --git a/modules/misc/default.nix b/modules/misc/default.nix index 0c8cc3c..e12a008 100644 --- a/modules/misc/default.nix +++ b/modules/misc/default.nix @@ -13,5 +13,6 @@ ./virt-manager.nix ./wireshark.nix ./podman.nix + ./nixvim.nix ]; } diff --git a/modules/misc/nixvim.nix b/modules/misc/nixvim.nix new file mode 100644 index 0000000..abe0d78 --- /dev/null +++ b/modules/misc/nixvim.nix @@ -0,0 +1,6 @@ +{ lib, config, pkgs, inputs, ... }: +with lib; +let cfg = config.custom.nixvimPlugins; +in { + options.custom.nixvimPlugins = mkEnableOption "Enables nixvim plugins"; +} diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix index 4f8de8b..c657347 100644 --- a/modules/services/wireguard.nix +++ b/modules/services/wireguard.nix @@ -11,6 +11,16 @@ in type = types.str; description = "ipv4 address"; }; + secretFile = mkOption { + type = types.path; + default = ../../secrets/wireguard-private.age; + description = "agenix secret file for wireguard"; + }; + externalInterface = mkOption { + type = types.str; + default = "eth0"; + description = "external interface"; + }; }; config = let @@ -19,11 +29,11 @@ in lib.mkIf cfg.enable { age.secrets.wireguard-private = { - file = ../../secrets/wireguard-private.age; + file = cfg.secretFile; }; networking.nat.enable = true; - networking.nat.externalInterface = "eth0"; + networking.nat.externalInterface = cfg.externalInterface; networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall.allowedUDPPorts = [ 51820 ]; @@ -35,6 +45,7 @@ in "${wireguardIp}/24" ]; peers = [ + #pc { allowedIPs = [ "192.168.2.2/32" diff --git a/overlays.nix b/overlays.nix index 697f65a..4c8cee3 100644 --- a/overlays.nix +++ b/overlays.nix @@ -26,6 +26,10 @@ in hash = "sha256-a4lbeuXEHDMDko8wte7jUdJ0yUcjfq3UPQAuSiz1UQU="; }; }; + xrdp = (import inputs.nixpkgs-working-xrdp { + system = "x86_64-linux"; + config.allowUnfree = true; + }).xrdp; #hyprland = # inputs.hyprland.packages.${prev.stdenv.hostPlatform.system}.hyprland; diff --git a/secrets/adminarea.age b/secrets/adminarea.age index 783b949..3ee1b8b 100644 Binary files a/secrets/adminarea.age and b/secrets/adminarea.age differ diff --git a/secrets/binary-cache.age b/secrets/binary-cache.age index 3dd5448..28f1b8a 100644 --- a/secrets/binary-cache.age +++ b/secrets/binary-cache.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 DCzi1A LrkyZ8axOcdIB+uaATOmn785EzMzTvhujhcSxmBx8kE -E57IVdAOTIt1TWeyBYsHembim1YPKRxJYDQTNiPhIGI --> ssh-ed25519 lNJElA Y1jcFIXsCN0/s6xiLCLhQQhrc0N5Acpmv5K9xIYu42k -WrhmfkCpLL4e+QhFwFICeH5BZDUQOOk4WyFoYnGbcVU ---- LIVAI67ZG/+WLYki2A3HEmf6HMaLMZiAiDhgQYoWxdA ->cT{cR~\.k;$9m-s7>Z]ېI62 BԱ~0.-0}j݊0JeIaH(wƪjG4>FM.t bSÆ \ No newline at end of file +-> ssh-ed25519 DCzi1A J3I1vGqKxAesFi1z4us5N741PT1XQTHJId2ySEyLBRc +LpXNCN/Jwepmpb0vcX9wKpxuhZmaikAy2UVLa/DPLAg +-> ssh-ed25519 lNJElA KmftSH8+q5ACPz08PHATGlaXq8tJrxwWGuys092ZDGU +GeNEMWhfeP4Y/yd4WVpdCCnT7Qjv/jN6jPkcj1J2bdE +--- 0jeS9BIt6KHyJ7SEMFEfzUNxWtNg1MPmBb0TeHwq7e0 + ^Z]-kd\PF͟( 5nޅ$RȁݾszL[|a::ws1H + zI2,#~BUhdC "+a;֦ *1s \ No newline at end of file diff --git a/secrets/coturn-secret.age b/secrets/coturn-secret.age index bd6b5bd..8446314 100644 --- a/secrets/coturn-secret.age +++ b/secrets/coturn-secret.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ sJuIJWUfIT5Blk4mb6eSMo0eQly28Xy1wUnghEbhgnY -R7beBV5lp8WqOug91OkUUPEONA/89THrYX8IAci/LN4 --> ssh-ed25519 xfrWcQ +7wyNNot4A03raXTENup6dLuPWTv9uWYFrHekmRpbmc -VEYHYLyAOykmfGcaxhMNPZT/0b4DKnp9HH33T+5kc70 --> ssh-ed25519 IV3DkQ iNOpEU6PKUT9Rc8CH89OLEGsAqR+gbZYME49cBQTZ2o -UY2oK6ORI5nzu1QFuACDzfvIUsPNk0x59mhySZb5lqQ --> ssh-ed25519 DCzi1A +GPlCex3iBiQIMPlf9qpUSb+hXUKGcvA5SD53Q3dMnY -AnOOf6Vqnk89U1bY10xozm3fFUMSJQgrHvMr8sG/Mqc ---- W1Pl8uCqAnPrOkqJ4Az73IHOVMLIQpPTfpwC3gjnNNw - !X"u*/{m=+\vH x2RRtq) --f;Z[XhN5+ydiraJ׆D~)w \ No newline at end of file +-> ssh-ed25519 oDXHAQ md93qHF2tja6ZywqmNky9L67zAEgHtJ7B8ORE4A2hwc +nFzNBMDTU/6sGfrgJxEQZXwZ7r39zAfsIOC3kzCTrbs +-> ssh-ed25519 xfrWcQ bNmEQKiIazuRzGyYBhSZxR//s2T9uus7bDOHgLMhz34 +Dh7l40NTjUyNy8vqYM6twMO4a9erD1/o2gi7rcKkPqE +-> ssh-ed25519 IV3DkQ AGc3GOCIT0NmgRpxJ1iazDFMwfy0zzXNMK/ajJNDCAE +lzCuKkmz1gv77OONOCA1XRyHFdoYEH/xb8wTEXmD8AE +-> ssh-ed25519 DCzi1A jZ/V67RlWWrZeCw6SvRs3jdeRYKH+w7HUqc2xqK+J0M +L7kGvI3DWfl6pZUwT+CpdhZK42Bca+cvxI+VjSGEdf8 +--- 1R5/Fg644vbiofzkVU1WK3vlXxirCfIrBprZ9Kt+DrQ +{*@OɒbL20{)@9?M?kq4laPC}@_NF6˾ aBvw!Ab \ No newline at end of file diff --git a/secrets/duckdns.age b/secrets/duckdns.age index d6858ca..9a06a6e 100644 --- a/secrets/duckdns.age +++ b/secrets/duckdns.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ KTTFsKXQfHVY+ZhdsNfC6kUnuEdNSlz9Z+TiisCLFkY -UEpAdS9bPcPjsAYzfxbN6ir5BqV07RWuOupaPU+7IPY --> ssh-ed25519 xfrWcQ mC3yi/OAqQH0epKWQqXBJUDgu8hQ/bJtOyi0qz6dkB0 -SrIKQABaoCouhsix3smMayrhM/2OJppTKenazJlah+I --> ssh-ed25519 IV3DkQ 7wZ3eoFc7TqIyGG4GHqanEkwqTTWDNUubgxIGfYm2jE -O7Us7B146qYwxE1oFU6VqL6XJ3AclFnSvgr3wBPXG1k --> ssh-ed25519 DCzi1A CIIjo9BNl/H2ZCRRhgw0dT6tasW/shVi6w/g9DFOamY -bislSvJ2UN521HDg9U7yHIXbi8KpV61XHuVk4qhgeH0 ---- Lh5SYKYZcCOEq66jW3H3uawATD+aNewkGWR2ePo+BLI -KScm;ѽ9I\@hViXE9%nTG=YY,=uLu.Lιu \ No newline at end of file +-> ssh-ed25519 oDXHAQ gbqR6JNoGpLB9glCUAnEdLjXfUD45FMAthMkx37UUic +XZI8xpza74wuMsPeMQmkYCtwQaZ33PuXKBzEPgVoApU +-> ssh-ed25519 xfrWcQ ufWZtiUYMsPHXR5dGFBkUeXMlChDp2QzqXpYLmQthxs +yALEGpBLzsvKET0Y4qyIIhDa0Ru/sv9At/H8HYC78IU +-> ssh-ed25519 IV3DkQ 78Hnme9NIQK6jdw+C/K6w/oeFEVoPcMZzPGN+oBW9lQ +9sLV0jWl76tIRO5k3ouIleEGAGZSI+Rjtk4ycsnPQSk +-> ssh-ed25519 DCzi1A 6aZVuCw15F/iUBJVs8EubOz6X1ydLSJATUKKLTnJjS4 +muCrYVglDqseh4ovq3d+JbugQNfnZiD4lmpCN90HNbs +--- WAl554L+ne3tInpHkPqSUo0r3ltUjweNCWMnLNq8H+4 +0*p+y7{zԧ:e|b '!JJ? P>>_>J [,N*@Z~ \ No newline at end of file diff --git a/secrets/fileshelter-conf.age b/secrets/fileshelter-conf.age index 05c8cbc..df04737 100644 Binary files a/secrets/fileshelter-conf.age and b/secrets/fileshelter-conf.age differ diff --git a/secrets/github-runner-pw.age b/secrets/github-runner-pw.age index 58b8da3..fba1193 100644 Binary files a/secrets/github-runner-pw.age and b/secrets/github-runner-pw.age differ diff --git a/secrets/github-runner-token.age b/secrets/github-runner-token.age index bc4c9ca..b44054a 100644 Binary files a/secrets/github-runner-token.age and b/secrets/github-runner-token.age differ diff --git a/secrets/grafana-contact-points.age b/secrets/grafana-contact-points.age index db8f78e..ce7b268 100644 Binary files a/secrets/grafana-contact-points.age and b/secrets/grafana-contact-points.age differ diff --git a/secrets/kavita.age b/secrets/kavita.age index c27386f..e61b55d 100644 Binary files a/secrets/kavita.age and b/secrets/kavita.age differ diff --git a/secrets/matrix-registration.age b/secrets/matrix-registration.age index d353eff..56b6b71 100644 --- a/secrets/matrix-registration.age +++ b/secrets/matrix-registration.age @@ -1,12 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ LZnNv6OdgvEdrogYC1yQiFdu8OpI0RnX0F7esNimB30 -cWlVnYK4IxCQtA0FHeA4AmAY5EzdkshY3VV58zydFcQ --> ssh-ed25519 xfrWcQ hLs4PfX/g/hQaAeGlkQWxbWlk+Y6f+JzwsPFTpYYhHs -DdLSEuFxdAEX2hyM+DTKl7GxzJd6ZwlOZI7KD+lxcek --> ssh-ed25519 IV3DkQ PwXrK5LB0YzBDrSAo1SYtxUEslAnuPBncQbnaniE8i0 -6VZg/BTxiDACoFPy7uNIjydeauiktIAnvU2cHdMc+Yo --> ssh-ed25519 DCzi1A 4PRejuLL3Lk4GcV2Jxrp/7XYt3nJv9jwmVa+2pzVuFE -J4Nh0lPN8pELXQ0PHbM/uyfNhbm0JrcTc4IrsX/7lr8 ---- sNlrWTi0hCVj8woT52fTlj3fjl+RlVxfU12bg3dZ0co -O=?khCRM]SɿNCLTR/ :a1iyo즄0+U|"y:7bwH^jr:B i0B`[XN`ZB ޽q-e -T?*OWI.<>pZhD%ԖoJ.%tZ&baB\׉2zxU~sq&MAoi \ No newline at end of file +-> ssh-ed25519 oDXHAQ atKuhdRrHGOxTZMSyHCUr2DsrkYCbJSeKp4+WJgqOzs +eymYWsh3EzTrJjxf9hQj0uV4y5rm96kMOHpWYNrGpok +-> ssh-ed25519 xfrWcQ re158GOgNwc3TtwQqYRMIGFKIL3PH+nwbHa2VG4ltGU +0Twg+bQxg14FH1bZ5MeEQXl9NALNt9kxfnaW/UZ6BeI +-> ssh-ed25519 IV3DkQ 7an++FYt4n0VKJ5Ne454pKqoShyXu9mOcmT24Kpr2Rg +JufxZ0sWKZosVkaGn6WyvFDCPbKGqFhAVLkZN24I7iw +-> ssh-ed25519 DCzi1A lJxRwc28VmsdYFELukX4ud2bqryjJR9VD82CRZZR+VA +HlAmLsHaT3HcHAuuVnm2e13mVDoQig7hmrdarub48Ug +--- H/VWknmPK9GFkXYEmCSyHbW/sHD2KSnvzwovn7qAexY +h4gJ&S42dw&Ц҆~)>czIaeqx€Ihʊ?axB$]L! +5T]8KlX@(%qnU2kmU>6̏C sy obf +#?DߠMd:@hDpЦ4 @lζG# \ No newline at end of file diff --git a/secrets/nextcloud-admin.age b/secrets/nextcloud-admin.age index d06f85a..080a253 100644 Binary files a/secrets/nextcloud-admin.age and b/secrets/nextcloud-admin.age differ diff --git a/secrets/nextcloud-cert.age b/secrets/nextcloud-cert.age index 89a10d7..b1a9a24 100644 Binary files a/secrets/nextcloud-cert.age and b/secrets/nextcloud-cert.age differ diff --git a/secrets/nextcloud-key.age b/secrets/nextcloud-key.age index 9afba72..23c2d79 100644 Binary files a/secrets/nextcloud-key.age and b/secrets/nextcloud-key.age differ diff --git a/secrets/paperless.age b/secrets/paperless.age index f4a99bb..830afea 100644 Binary files a/secrets/paperless.age and b/secrets/paperless.age differ diff --git a/secrets/plausible-admin.age b/secrets/plausible-admin.age index 2d01cca..44d1df4 100644 Binary files a/secrets/plausible-admin.age and b/secrets/plausible-admin.age differ diff --git a/secrets/plausible-keybase.age b/secrets/plausible-keybase.age index 60fd598..fe1a697 100644 Binary files a/secrets/plausible-keybase.age and b/secrets/plausible-keybase.age differ diff --git a/secrets/radicale.age b/secrets/radicale.age index 218ca25..85f9771 100644 Binary files a/secrets/radicale.age and b/secrets/radicale.age differ diff --git a/secrets/restic-gdrive.age b/secrets/restic-gdrive.age index 0014d65..36e74e6 100644 Binary files a/secrets/restic-gdrive.age and b/secrets/restic-gdrive.age differ diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age index face242..cfabdaa 100644 --- a/secrets/restic-pw.age +++ b/secrets/restic-pw.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ MeblW5bvjNPWwGJfdZ8Miwrht79BUbHw0Jy0up1N4hw -4egfGFBxHU1FSk3LSNRR9A/pANR6nJ1CBLth/GzfwXQ --> ssh-ed25519 xfrWcQ ocBSkSDvN/RUnlnvJD4xB6C+a7RZUVWSpQzJDFL1WGc -n+90x0g0SJennwiFIthCpWeb9EFPmvopg16+tH1O98o --> ssh-ed25519 IV3DkQ CUmoMjOf+LwLQyi2yYiZUuMFjt6JhyGPVmICaZR+Ql0 -7DHpXnG7+f2SZDhI+7kLoDLMxPWPuyRKuvNrFyrjFhk --> ssh-ed25519 DCzi1A ZiGuuA3LOUyO7/7tWGczEfu633myZBQoZWqf5GySTh8 -qRZ/kc8o7dRW+vg2b1hl6rNouW6iObDKymglwePUkMk ---- s5II1ux/XZVfBGxBvKCsaD5jFiFrkzKIeQ+7fa57owA - X^7YR!jŋ3)2GڹZiօunb?t@zf!ڦՔ Hn \ No newline at end of file +-> ssh-ed25519 oDXHAQ 1ylRcikeS7eUVRpy/q5M+9+32zB5pt2GDLU6+3wHWyI +9VSg8kOE1g3IQvBnDwLvn0C8dOw4/xuPxxrqL+fDP3Q +-> ssh-ed25519 xfrWcQ cUWcTsQ+Y8NaxA73EBuh1+Dv2YeTJB112nlpbI9JkA0 +fp+vmBxZ5O/WxlXmKPqwMISGsgBKrAU9tUNpwUJWy8w +-> ssh-ed25519 IV3DkQ z7wy/ZXA1KvuYucY1EfDRWakBmcv7D+gwjENV7E5tlQ +9wovsEodoxREIHeTm7KT+OnbKxJnfrnZAdMrKu1Tf1I +-> ssh-ed25519 DCzi1A EGSWyT7CoUNR239LL9s0pumdWW/hWEAf9SwVKaVdODw +44DaSHhXr5UKDNtG7NIQjF2X1F708TNq9NAt2/fmnpg +--- qAqy+kI1hpPXgVB+qcNqsOD2BSBxLtWq9ovkhS0rlCU +~m5lֽzz.ncI{d%$AyC^Y.+YZZs(Ø;WFoTkrAS\9tS7 \ No newline at end of file diff --git a/secrets/restic-s3.age b/secrets/restic-s3.age index e69a089..d39af63 100644 --- a/secrets/restic-s3.age +++ b/secrets/restic-s3.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ XOzDNsdpRfXTbFAMh827HC8fpfbZlh3hLucRdC3BUkc -PpB9oNTwrMetQ0la8Jgamms2MB9jvu9026lsgmgMahk --> ssh-ed25519 xfrWcQ LEjVX7bulslggbRPYHZ9NSF8keYkftMCj9axmnAtWTY -Z/DVUfeHL8kc3RyK2wOxVL+KJ4Kl8k5w87aDcFq1IpQ --> ssh-ed25519 IV3DkQ TmMbexUGnFUk1bago4Jij9o8NSYnh1DH/V4bZTLmYV4 -nTh6jPMDNHa5ColIpaYEqrp6IwN5hbAhKz8R6zbLUZw --> ssh-ed25519 DCzi1A DlB+qSeuF/GbE+pjdLQv4cDxxf4ryihE0afur4qGWCw -JCiIrF0KsQ2LzbKGuBuEg9Exk2Uq3KJm5L2c6d2Aj7w ---- +CnD1rfpAvIzKfq1FBG4dUP9wmOWX/hG32Bco8xergg -KXHc,rJWdq/[FTOdGӋbJJe!2-\]{ZՒf[+s %k0r 39хn p 9z*!wT*([ \ No newline at end of file +-> ssh-ed25519 oDXHAQ lGy14/+xXt/TQPmXAsakWe19V7i4kI4fGQHQQIMpogc +8TuMI7xtWixvcHPpcH8y2kRkqpPnv22FlblEmstN4/A +-> ssh-ed25519 xfrWcQ 3WvjQXFU3bg2ygGS+E4mMoc9Ic/vQ4rvra8iGOWVTgc +VQPu9Mqm/HYxj8txWWCst4z9l2eRQ62XZ8avK+/dfn8 +-> ssh-ed25519 IV3DkQ oMYzLpfT7+j/P90OYV3/aNoQHW5L5yB7JKJV3HMyhgo +A3LUXmdGg0xJjmTASwtZiB0bNLZpxieh/MmVziHV7pQ +-> ssh-ed25519 DCzi1A R//TgPjbyySbrYIUkElsZWD2Lvk4jUHR5jVBPlRNO2s +yWavTPCdPwDrF75zH5cCqyqfFd3//558H8QpzIY5HFU +--- 8wCpCSaUTB4qXRoE4krnNy79SQTaKsxJolzw5kpCKoo +~ɼGHX509mob⦌k&5|kZq?,o𒃸 APR?VhV| !+&T(}%Ld=J偿E41Al.%/ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0293e48..f183ba3 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,6 +6,7 @@ let mini-pc-proxmox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP0kX32LfIOv8FDVvdp7lWesVvMGh5tj84nv7TkIR1cs root@mini-pc"; adam-site = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfaIaKoNStnbfjB9cSJ9+PW0BVO3Uhh1uIbZA2CszDE root@nixos"; amd-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/t25OaQF020DZdew53gMFqoeHX1+g3um02mopke2eX root@nixos"; + amd-server-vpn-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkTbNz36z1gGbKp+7NyyTpMslXcFLX0tOrfJ/GQFn+g root@amd-server-vpn-vm"; users = [ kop ]; systems = [ mini-pc mini-pc-proxmox server laptop ]; in @@ -36,4 +37,5 @@ in "adminarea.age".publicKeys = [ adam-site kop ]; "radicale.age".publicKeys = [ mini-pc mini-pc-proxmox kop ]; "binary-cache.age".publicKeys = [ kop amd-server ]; + "wireguard-evo-vpn.age".publicKeys = [ kop amd-server-vpn-vm ]; } diff --git a/secrets/stash-auth.age b/secrets/stash-auth.age index ad3e73a..60d07cb 100644 Binary files a/secrets/stash-auth.age and b/secrets/stash-auth.age differ diff --git a/secrets/step-ca-key.age b/secrets/step-ca-key.age index 4ee59f5..248e21e 100644 Binary files a/secrets/step-ca-key.age and b/secrets/step-ca-key.age differ diff --git a/secrets/step-ca-pw.age b/secrets/step-ca-pw.age index e593ea5..0ba53cb 100644 --- a/secrets/step-ca-pw.age +++ b/secrets/step-ca-pw.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ 2ymfFXvSKnGRgK3lYGpGjKSo2aHoc8pWRzyfr4wvAm0 -vr5pxY9w5wtzgv/UeQZLD7GWnrMtx/CYcdm9QKJqcBc --> ssh-ed25519 xfrWcQ fGCZ2z1IjkVbX7wvoHeXJdZ4BEnpSs+y7dirgWkWU0U -IhvYJJxfW7+v4rDZ7vCuNN/Wxihi3Q/svjnDkZqb/dQ --> ssh-ed25519 IV3DkQ 4oGxySHQjh8m0vUawi/wCTQXsvabLzV0z+KKLADkpDo -PydLpD7UwO6+r2JisXwSdJqIKcheRCBUGbeAhbrkKsc --> ssh-ed25519 DCzi1A dObjGBaWBiC8VFbFtKnicT9PB66fI69F2ZGpdyTl+20 -6yv8Jaee08k6KF2WJUPYYqtoe9JItZUvcjqEdYrxpDY ---- 5hzUeFAdm5Tag8G0OAtSCyE4d2uq0ZaBsLyF53oGuuo -[םK 쟵z[ -&C11V?˜Rjbj)H o"W3O \ No newline at end of file +-> ssh-ed25519 oDXHAQ p7LQlfq0mtdnmTJOvi6QQqAg/uCKAUWjdoVOgNcqn0g +Ka17+MWpb/MnZrV5HIwji54GffoeZC4ZFPzhCIxlrOw +-> ssh-ed25519 xfrWcQ Tc14rVFq5eAmbTtjNkIVdpOEBce4E8JChTznb8B6HCI +izYgC0YkqgUT/l82363MjBrDoQ0R+b5LHn7B3TglOK0 +-> ssh-ed25519 IV3DkQ qQ8DSh8+Gmy0hV8w76hR+GiABQv+OJkigA40QycPABg +tZnpWcEEVLqwpRpmHo/Skbc2/78dXM5Swwv6cSbitXs +-> ssh-ed25519 DCzi1A hTm67QVFyufZzbu7XZ2NxozPBVvOsN1UIi/8zBz+hiA +c0dCopDkZ0FgwHZ6b3H3uBJyVqvZGXtAU0TsZt/Zu8Y +--- Pp0HncaouK+xj2oF56aJ+UDanDokOEzeaZif9G4obT8 +d  *)ٮ7pjވ5ۭӗ?%*$xo@ YI@w ssh-ed25519 DCzi1A ik/pJSG40rFNR9Tde+Ud7RTuZwluC1za9SLrdnYyXDA +aBWqRH0pdPYolWVAovT2cdhZZlRCG5ZTQfBjgj5jW60 +-> ssh-ed25519 Jk07yA jOO5I3Om/NvHDCd28t5OFlxJK1UwZayRro7/0pXWGBQ +/LlY7KhwzkunIvrPJ7SqLvRDF6s3JM62SWqlczg+vHE +--- 9SY9UJ5hw7csiD+edUptxq/pPUQDuGv70mrDtVUURw4 +nc, \~9_^eD̼^٭k]A?`)a +WƼC#D \ No newline at end of file diff --git a/secrets/wireguard-private.age b/secrets/wireguard-private.age index 4d1bb71..776af79 100644 --- a/secrets/wireguard-private.age +++ b/secrets/wireguard-private.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 oDXHAQ UN2WuFkB+D68fbdzOC0g6x1qPQnVg++ab1zQpULSWjk -eCezJvnuZYERwVsl3r0nsEF43Y+Jm48NWJzhMjgxZ/I --> ssh-ed25519 xfrWcQ MjbZTZcj3ldyD7CwAvWkj0GuiL0HL3vx/wV0y9/IYy4 -u3RvnnYKHyAT6INoGcpT26sL+EhLe4rZ3/mOSpkXFTA --> ssh-ed25519 IV3DkQ ftYKp8MC6n26hGxiT3QjVXptmvBQTKyi6oX0UJrbfFI -lL/C4ufi2vD/B+uLyGr8OLBx6TuF/KVvnkjRVSzGtcw --> ssh-ed25519 DCzi1A 9jKX67gvYP89v3u7Ir37EMDDXrTQTBzZOuObHrXxhG0 -KjB0/6x/9XgXiRNfPi1YZ7KtrvwZP3QIKluj1D7VDJY ---- dECyVdvzWEG1gBOC4YHSq3dK94vaImUSI5M5dXThx44 -ڻwsqB_xI Q{1t{`CPNCqQk:?}1w]/UE08U \ No newline at end of file +-> ssh-ed25519 oDXHAQ Vy8CxigwUtQAdsWMYpomw3YbIPme6yXQsdo1fYoqXGw +L3NqcGFzO/bQKYrbmBmWOkDepJok8hRtd2K6dTYf9S4 +-> ssh-ed25519 xfrWcQ BqURQhwqLCydbVM3wuTrsOTZ0sAL3pg5X/v1f5fxRFM +xoRTOk43HJTzy5TF3BRR0OYYqlefQGkCAKeKynJU8VU +-> ssh-ed25519 IV3DkQ r7VVeIGEWNDfymE4e5me2NP5BPH7TLwc5dcnm+DoekA +4XVxP4MWvozeG0ntYHWV9UDehjcXJ4Bu1lhoApOkwrc +-> ssh-ed25519 DCzi1A 6oWBmJxJN62ObPtTep+jgclv+G5Zsc1Tra7gU2T7I2s +g5jPynpMYnajsvHSOmCRebiFe6jzBZe2xSLwn1nKPc4 +--- CASVzuHoTiCtoCBtbhvZAynEFdWFfX8DYe+Y8dpzfO4 +S6V1=iMGx|^$eDO>\u!E]NNFf8}@~ \ No newline at end of file diff --git a/systems/amd-server-vpn-vm/configuration.nix b/systems/amd-server-vpn-vm/configuration.nix new file mode 100644 index 0000000..d5e7c65 --- /dev/null +++ b/systems/amd-server-vpn-vm/configuration.nix @@ -0,0 +1,83 @@ +{ config, pkgs, modulesPath, lib, ... }: + +{ + imports = [ + # Include the results of the hardware scan. + #./hardware-configuration.nix + ../../modules/services/ssh.nix + ../../modules/misc/logging.nix + ../../modules/misc/motd.nix + ../../modules/misc/kernel.nix + ../../modules/work/vpn.nix + #./disk-config.nix + ./hardware.nix + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot = { + kernelParams = [ "console=tty0" "console=ttyS0" ]; + loader.timeout = lib.mkForce 1; + + loader.grub.enable = true; + loader.grub.device = "/dev/vda"; + #loader.grub = { + # efiSupport = true; + # efiInstallAsRemovable = true; + # device = "nodev"; + #}; + }; + + programs.firefox.enable = true; + services.spice-vdagentd.enable = true; + + networking.usePredictableInterfaceNames = false; + + mainUser.layout = "de"; + mainUser.variant = "us"; + custom = { + user = { + name = "anon"; + layout = "de"; + variant = "us"; + }; + hardware = { + firmware.enable = true; + ssd.enable = true; + }; + services = { + wireguard = { + enable = true; + ip = "192.168.2.1"; + secretFile = ../../secrets/wireguard-evo-vpn.age; + externalInterface = "tun0"; + }; + }; + nftables.enable = true; + cli-tools.enable = true; + nix = { + index.enable = true; + settings.enable = true; + }; + graphical = { + lxqt.enable = true; + }; + }; + + #fileSystems."/" = { + # device = "/dev/disk/by-label/nixos"; + # fsType = "ext4"; + # options = [ "defaults" "noatime" ]; + #}; + #fileSystems."/boot" = + #{ device = "/dev/disk/by-label/ESP"; + # fsType = "vfat"; + #}; + + networking.hostName = "amd-server-vpn-vm"; # Define your hostname. + + # Configure console keymap + console.keyMap = "us"; + + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/systems/amd-server-vpn-vm/disk-config.nix b/systems/amd-server-vpn-vm/disk-config.nix new file mode 100644 index 0000000..d075579 --- /dev/null +++ b/systems/amd-server-vpn-vm/disk-config.nix @@ -0,0 +1,38 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: { + disko.devices = { + disk.main = { + device = lib.mkDefault "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; # Override existing partition + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + }; + }; + }; + }; + }; +} diff --git a/systems/amd-server-vpn-vm/hardware.nix b/systems/amd-server-vpn-vm/hardware.nix new file mode 100644 index 0000000..47fb942 --- /dev/null +++ b/systems/amd-server-vpn-vm/hardware.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/systems/laptop/configuration.nix b/systems/laptop/configuration.nix index dfcaa6b..e2c054c 100644 --- a/systems/laptop/configuration.nix +++ b/systems/laptop/configuration.nix @@ -26,6 +26,7 @@ tmpfs.enable = true; wireshark.enable = true; virt-manager.enable = true; + nixvimPlugins = true; nix = { ld.enable = true; settings.enable = true; diff --git a/systems/pc/configuration.nix b/systems/pc/configuration.nix index b64216e..ef3bbee 100644 --- a/systems/pc/configuration.nix +++ b/systems/pc/configuration.nix @@ -26,6 +26,7 @@ virt-manager.enable = true; nftables.enable = true; cli-tools.enable = true; + nixvimPlugins = true; nix = { index.enable = true; ld.enable = true; @@ -43,8 +44,11 @@ services = { syncthing = { enable = true; }; }; hardware = { android.enable = true; - amd-gpu.enable = true; - amd-gpu.rocm.enable = true; + amd-gpu = { + enable = true; + rocm.enable = true; + overdrive = true; + }; nvidia = { enable = false; clock = {