nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

LoutreOS: update to 24.11

Browse Source 
flake.lock: Update

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d' (2024-12-14)
  → 'github:NixOS/nixpkgs/b47fd6fa00c6afca88b8ee46cfdb00e104f50bca' (2024-12-19)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/3566ab7246670a43abd2ffa913cc62dad9cdf7d5' (2024-12-13)
  → 'github:NixOS/nixpkgs/d3c42f187194c26d9f0309a8ecc469d6c878ce33' (2024-12-17)
• Updated input 'simple-nixos-mailserver':
    'gitlab:simple-nixos-mailserver/nixos-mailserver/29916981e7b3b5782dc5085ad18490113f8ff63b' (2024-06-11)
  → 'gitlab:simple-nixos-mailserver/nixos-mailserver/35fa7dc495aa89bd224f08c43dfd9119b81f0fa7' (2024-12-16)
• Removed input 'simple-nixos-mailserver/nixpkgs-24_05'
• Added input 'simple-nixos-mailserver/nixpkgs-24_11':
    follows 'nixpkgs'
• Removed input 'simple-nixos-mailserver/utils'
• Removed input 'simple-nixos-mailserver/utils/systems'
This commit is contained in:
nyanloutre 2024-12-20 16:54:36 +01:00
parent 1a414771ba
commit 17ff809406
5 changed files with 57 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
flake.lock generated
View File

@ -76,16 +76,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1734202038, "lastModified": 1734600368,
"narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=", "narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d", "rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"type": "indirect" "type": "indirect"
} }
}, },
@ -107,11 +107,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1734119587, "lastModified": 1734424634,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,58 +137,24 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"nixpkgs-24_05": [ "nixpkgs-24_11": [
"nixpkgs" "nixpkgs"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1718084203, "lastModified": 1734371264,
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-24.05", "ref": "nixos-24.11",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
flake.nix
View File

@ -1,14 +1,14 @@
{ {
inputs = { inputs = {
nixpkgs.url = "flake:nixpkgs/nixos-24.05"; nixpkgs.url = "flake:nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
# transmission 4.0.5 downgrade to fix tracker bug # transmission 4.0.5 downgrade to fix tracker bug
nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4";
simple-nixos-mailserver = { simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs-unstable"; nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-24_05.follows = "nixpkgs"; nixpkgs-24_11.follows = "nixpkgs";
}; };
}; };
dogetipbot-telegram = { dogetipbot-telegram = {

1
systems/LoutreOS/configuration.nix
View File

@ -2,7 +2,6 @@
{ {
imports = [ imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"
../common-cli.nix ../common-cli.nix
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix ./network.nix

108
systems/LoutreOS/network.nix
View File

@ -134,7 +134,7 @@
############################################# #############################################
# Redirect local network request from server external IP to internal IP # Redirect local network request from server external IP to internal IP
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
''; '';
@ -190,22 +190,16 @@
MTUBytes = "1450"; MTUBytes = "1450";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0"; PrivateKey = "@network.wireguard.private.wg0";
# Wait for 24.11
# PrivateKey = "@network.wireguard.private.wg0";
RouteTable = routeTables.vpn; RouteTable = routeTables.vpn;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
wireguardPeerConfig = { Endpoint = "89.234.141.83:8095";
Endpoint = "89.234.141.83:8095"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; PresharedKey = "@network.wireguard.preshared.wg0";
PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0"; AllowedIPs = ["0.0.0.0/0" "::/0"];
# Wait for 24.11 PersistentKeepalive = 15;
# PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = ["0.0.0.0/0" "::/0"];
PersistentKeepalive = 15;
};
} }
]; ];
}; };
@ -243,19 +237,15 @@
# Route everything to fiber link with a priority of 40000 # Route everything to fiber link with a priority of 40000
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { FirewallMark = 1;
FirewallMark = 1; Table = routeTables.fiber;
Table = routeTables.fiber; Priority = 41000;
Priority = 41000; Family = "both";
Family = "both";
};
} }
{ {
routingPolicyRuleConfig = { Table = routeTables.fiber;
Table = routeTables.fiber; Priority = 51000;
Priority = 51000; Family = "both";
Family = "both";
};
} }
]; ];
}; };
@ -274,19 +264,15 @@
# Route all to lte link with a priority of 50000 # Route all to lte link with a priority of 50000
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { FirewallMark = 2;
FirewallMark = 2; Table = routeTables.lte;
Table = routeTables.lte; Priority = 42000;
Priority = 42000; Family = "both";
Family = "both";
};
} }
{ {
routingPolicyRuleConfig = { Table = routeTables.lte;
Table = routeTables.lte; Priority = 52000;
Priority = 52000; Family = "both";
Family = "both";
};
} }
]; ];
}; };
@ -305,23 +291,19 @@
routingPolicyRules = [ routingPolicyRules = [
# Route outgoing emails to VPN table # Route outgoing emails to VPN table
{ {
routingPolicyRuleConfig = { IncomingInterface = "lo";
IncomingInterface = "lo"; DestinationPort = "25";
DestinationPort = "25"; Table = routeTables.vpn;
Table = routeTables.vpn; Priority = 60;
Priority = 60; Family = "both";
Family = "both";
};
} }
# Route packets originating from wg0 device to VPN table # Route packets originating from wg0 device to VPN table
# Allow server to respond on the wg0 interface requests # Allow server to respond on the wg0 interface requests
{ {
routingPolicyRuleConfig = { FirewallMark = 3;
FirewallMark = 3; Table = routeTables.vpn;
Table = routeTables.vpn; Priority = 43000;
Priority = 43000; Family = "both";
Family = "both";
};
} }
]; ];
}; };
@ -349,38 +331,28 @@
dhcpServerStaticLeases = [ dhcpServerStaticLeases = [
# IPMI # IPMI
{ {
dhcpServerStaticLeaseConfig = { Address = "10.30.1.1";
Address = "10.30.1.1"; MACAddress = "ac:1f:6b:4b:01:15";
MACAddress = "ac:1f:6b:4b:01:15";
};
} }
# paul-fixe # paul-fixe
{ {
dhcpServerStaticLeaseConfig = { Address = "10.30.50.1";
Address = "10.30.50.1"; MACAddress = "b4:2e:99:ed:24:26";
MACAddress = "b4:2e:99:ed:24:26";
};
} }
# salonled # salonled
{ {
dhcpServerStaticLeaseConfig = { Address = "10.30.40.1";
Address = "10.30.40.1"; MACAddress = "e0:98:06:85:e9:ce";
MACAddress = "e0:98:06:85:e9:ce";
};
} }
# miroir-bleu # miroir-bleu
{ {
dhcpServerStaticLeaseConfig = { Address = "10.30.40.2";
Address = "10.30.40.2"; MACAddress = "e0:98:06:86:38:fc";
MACAddress = "e0:98:06:86:38:fc";
};
} }
# miroir-orange # miroir-orange
{ {
dhcpServerStaticLeaseConfig = { Address = "10.30.40.3";
Address = "10.30.40.3"; MACAddress = "50:02:91:78:be:be";
MACAddress = "50:02:91:78:be:be";
};
} }
]; ];
ipv6SendRAConfig = { ipv6SendRAConfig = {

2
systems/LoutreOS/web.nix
View File

@ -392,7 +392,7 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud30;
hostName = "cloud.nyanlout.re"; hostName = "cloud.nyanlout.re";
database.createLocally = true; database.createLocally = true;
https = true; https = true;