nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: nyanloutre:c9c0061ff7dce208cff8fb44e68aa1b5d03cd43d
Branches Tags
nyanloutre:master
..
compare: nyanloutre:1a414771ba91dbfe16285ca5e79288a72f3a88a0
Branches Tags
nyanloutre:master

No commits in common. "c9c0061ff7dce208cff8fb44e68aa1b5d03cd43d" and "1a414771ba91dbfe16285ca5e79288a72f3a88a0" have entirely different histories.
c9c0061ff7 ... 1a414771ba

5 changed files with 121 additions and 63 deletions
Show Stats Expand all files Collapse all files

60
flake.lock generated
View File

@ -76,16 +76,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1734600368, "lastModified": 1734202038,
"narHash": "sha256-nbG9TijTMcfr+au7ZVbKpAhMJzzE2nQBYmRvSdXUD8g=", "narHash": "sha256-LwcGIkORU8zfQ/8jAgptgPY8Zf9lGKB0vtNdQyEkaN8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b47fd6fa00c6afca88b8ee46cfdb00e104f50bca", "rev": "bcba2fbf6963bf6bed3a749f9f4cf5bff4adb96d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"type": "indirect" "type": "indirect"
} }
}, },
@ -107,11 +107,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1734424634, "lastModified": 1734119587,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,24 +137,58 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-unstable" "nixpkgs-unstable"
], ],
"nixpkgs-24_11": [ "nixpkgs-24_05": [
"nixpkgs" "nixpkgs"
] ],
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1734371264, "lastModified": 1718084203,
"narHash": "sha256-YzE0lCGNKDXeinkZ6knSM8jo1VS9CeNwBJvYMEYQaQM=", "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "35fa7dc495aa89bd224f08c43dfd9119b81f0fa7", "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-24.11", "ref": "nixos-24.05",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

6
flake.nix
View File

@ -1,14 +1,14 @@
{ {
inputs = { inputs = {
nixpkgs.url = "flake:nixpkgs/nixos-24.11"; nixpkgs.url = "flake:nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "flake:nixpkgs/nixos-unstable";
# transmission 4.0.5 downgrade to fix tracker bug # transmission 4.0.5 downgrade to fix tracker bug
nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4"; nixpkgs-4a3fc4cf7.url = "github:nixos/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4";
simple-nixos-mailserver = { simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
inputs = { inputs = {
nixpkgs.follows = "nixpkgs-unstable"; nixpkgs.follows = "nixpkgs-unstable";
nixpkgs-24_11.follows = "nixpkgs"; nixpkgs-24_05.follows = "nixpkgs";
}; };
}; };
dogetipbot-telegram = { dogetipbot-telegram = {

1
systems/LoutreOS/configuration.nix
View File

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/misc/flaresolverr.nix"
../common-cli.nix ../common-cli.nix
./hardware-configuration.nix ./hardware-configuration.nix
./network.nix ./network.nix

115
systems/LoutreOS/network.nix
View File

@ -134,7 +134,7 @@
############################################# #############################################
# Redirect local network request from server external IP to internal IP # Redirect local network request from server external IP to internal IP
iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 2>/dev/null || true iptables -t nat -D PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 || true
iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1 iptables -t nat -A PREROUTING -s 10.30.0.0/16 -d 176.180.172.105 -j DNAT --to 10.30.0.1
''; '';
@ -146,16 +146,11 @@
}; };
}; };
systemd.services.systemd-networkd = { systemd.services.systemd-networkd.serviceConfig = {
unitConfig = {
RequiresMountsFor = "/mnt/secrets/wireguard";
};
serviceConfig = {
LoadCredential = [ LoadCredential = [
"network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private" "network.wireguard.private.wg0:/mnt/secrets/wireguard/wireguard.private"
"network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared" "network.wireguard.preshared.wg0:/mnt/secrets/wireguard/wireguard.preshared"
]; ];
};
}; };
################# #################
@ -195,16 +190,22 @@
MTUBytes = "1450"; MTUBytes = "1450";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKey = "@network.wireguard.private.wg0"; PrivateKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.private.wg0";
# Wait for 24.11
# PrivateKey = "@network.wireguard.private.wg0";
RouteTable = routeTables.vpn; RouteTable = routeTables.vpn;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
Endpoint = "89.234.141.83:8095"; wireguardPeerConfig = {
PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; Endpoint = "89.234.141.83:8095";
PresharedKey = "@network.wireguard.preshared.wg0"; PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g=";
AllowedIPs = ["0.0.0.0/0" "::/0"]; PresharedKeyFile = "/run/credentials/systemd-networkd.service/network.wireguard.preshared.wg0";
PersistentKeepalive = 15; # Wait for 24.11
# PresharedKey = "@network.wireguard.preshared.wg0";
AllowedIPs = ["0.0.0.0/0" "::/0"];
PersistentKeepalive = 15;
};
} }
]; ];
}; };
@ -242,15 +243,19 @@
# Route everything to fiber link with a priority of 40000 # Route everything to fiber link with a priority of 40000
routingPolicyRules = [ routingPolicyRules = [
{ {
FirewallMark = 1; routingPolicyRuleConfig = {
Table = routeTables.fiber; FirewallMark = 1;
Priority = 41000; Table = routeTables.fiber;
Family = "both"; Priority = 41000;
Family = "both";
};
} }
{ {
Table = routeTables.fiber; routingPolicyRuleConfig = {
Priority = 51000; Table = routeTables.fiber;
Family = "both"; Priority = 51000;
Family = "both";
};
} }
]; ];
}; };
@ -269,15 +274,19 @@
# Route all to lte link with a priority of 50000 # Route all to lte link with a priority of 50000
routingPolicyRules = [ routingPolicyRules = [
{ {
FirewallMark = 2; routingPolicyRuleConfig = {
Table = routeTables.lte; FirewallMark = 2;
Priority = 42000; Table = routeTables.lte;
Family = "both"; Priority = 42000;
Family = "both";
};
} }
{ {
Table = routeTables.lte; routingPolicyRuleConfig = {
Priority = 52000; Table = routeTables.lte;
Family = "both"; Priority = 52000;
Family = "both";
};
} }
]; ];
}; };
@ -296,19 +305,23 @@
routingPolicyRules = [ routingPolicyRules = [
# Route outgoing emails to VPN table # Route outgoing emails to VPN table
{ {
IncomingInterface = "lo"; routingPolicyRuleConfig = {
DestinationPort = "25"; IncomingInterface = "lo";
Table = routeTables.vpn; DestinationPort = "25";
Priority = 60; Table = routeTables.vpn;
Family = "both"; Priority = 60;
Family = "both";
};
} }
# Route packets originating from wg0 device to VPN table # Route packets originating from wg0 device to VPN table
# Allow server to respond on the wg0 interface requests # Allow server to respond on the wg0 interface requests
{ {
FirewallMark = 3; routingPolicyRuleConfig = {
Table = routeTables.vpn; FirewallMark = 3;
Priority = 43000; Table = routeTables.vpn;
Family = "both"; Priority = 43000;
Family = "both";
};
} }
]; ];
}; };
@ -336,28 +349,38 @@
dhcpServerStaticLeases = [ dhcpServerStaticLeases = [
# IPMI # IPMI
{ {
Address = "10.30.1.1"; dhcpServerStaticLeaseConfig = {
MACAddress = "ac:1f:6b:4b:01:15"; Address = "10.30.1.1";
MACAddress = "ac:1f:6b:4b:01:15";
};
} }
# paul-fixe # paul-fixe
{ {
Address = "10.30.50.1"; dhcpServerStaticLeaseConfig = {
MACAddress = "b4:2e:99:ed:24:26"; Address = "10.30.50.1";
MACAddress = "b4:2e:99:ed:24:26";
};
} }
# salonled # salonled
{ {
Address = "10.30.40.1"; dhcpServerStaticLeaseConfig = {
MACAddress = "e0:98:06:85:e9:ce"; Address = "10.30.40.1";
MACAddress = "e0:98:06:85:e9:ce";
};
} }
# miroir-bleu # miroir-bleu
{ {
Address = "10.30.40.2"; dhcpServerStaticLeaseConfig = {
MACAddress = "e0:98:06:86:38:fc"; Address = "10.30.40.2";
MACAddress = "e0:98:06:86:38:fc";
};
} }
# miroir-orange # miroir-orange
{ {
Address = "10.30.40.3"; dhcpServerStaticLeaseConfig = {
MACAddress = "50:02:91:78:be:be"; Address = "10.30.40.3";
MACAddress = "50:02:91:78:be:be";
};
} }
]; ];
ipv6SendRAConfig = { ipv6SendRAConfig = {

2
systems/LoutreOS/web.nix
View File

@ -392,7 +392,7 @@ in
nextcloud = { nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud29;
hostName = "cloud.nyanlout.re"; hostName = "cloud.nyanlout.re";
database.createLocally = true; database.createLocally = true;
https = true; https = true;