eliribble
/
nixos-systems
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: eliribble:46dbe52b16fad77aab0a4ce003e8df81a8f1aa32
Branches Tags
eliribble:main
..
compare: eliribble:0a9f1c579903660cc2e366a8ba9b137fcc4269e8
Branches Tags
eliribble:main

No commits in common. "46dbe52b16fad77aab0a4ce003e8df81a8f1aa32" and "0a9f1c579903660cc2e366a8ba9b137fcc4269e8" have entirely different histories.
46dbe52b16 ... 0a9f1c5799

1 changed files with 47 additions and 57 deletions
Show Stats Expand all files Collapse all files

104
quinn/etc/nixos/configuration.nix
View File

@ -10,12 +10,6 @@
./hardware-configuration.nix
];
# Enable forwarding for containers
# I have not yet confirmed that this is necessary.
boot.kernel.sysctl = {
"net.ipv6.conf.all.forwarding" = 1;
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -64,7 +58,6 @@
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
users.groups.podman-service = {};
users.groups.scanner = {};
users.groups.step = {};
@ -78,12 +71,6 @@
# tree
# ];
};
users.users.podman-service = {
group = "podman-service";
isNormalUser = false;
isSystemUser = true;
description = "User for podman daemon";
};
users.users.scanner = {
group = "scanner";
isNormalUser = false;
@ -106,7 +93,7 @@
git
htop
lsof
ndisc6
#mongodb
neovim
nginx
poetry
@ -114,9 +101,11 @@
step-ca
step-cli
tmux
#unifi8
wget
];
networking.hostName = "quinn";
# Allow specific unfree packages
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
@ -124,19 +113,6 @@
"unifi-controller"
];
# Enable the helpful "command-not-found" that tells which packages may have the command in question.
# This makes system configuration troubleshooting much faster since I can attempt a basic command 'foo'
# and if 'foo' isn't installed it suggests an installation target.
# If you run 'command-not-found' and it complains about
# DBI connect('dbname=/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite','',...) failed: unable to open database file at /run/current-system/sw/bin/command-not-found line 13.
# cannot open database `/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite' at /run/current-system/sw/bin/command-not-found line 13.
#
# Then you can recreate the SQLite DB with 'sudo nix-channel --list' and making sure a channel like 'nixos https://nixos.org/channels/nixos-24.05' is present.
# Anything that ends in 'nixos-...' should work.
# Then run 'sudo nix-channel --update'
# See https://discourse.nixos.org/t/command-not-found-unable-to-open-database/3807/7
programs.command-not-found.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
@ -207,7 +183,7 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Disable the resolved stub listener, let Pihole bind port 53 on all interfaces.
# Disable the resolved stub listener, let Pihole do it
services.resolved = {
extraConfig = ''
DNSStubListener=no
@ -246,10 +222,10 @@
'';
# Open ports in the firewall.
networking.firewall = {
enable = false;
enable = true;
allowPing = true;
allowedTCPPorts = [ 80 443 5353 ];
allowedUDPPortRanges = [ 5353
allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [
#{ from = 4000; to = 4007; }
#{ from = 8000; to = 8010; }
];
@ -287,49 +263,28 @@
systemd.network.enable = true;
systemd.network.networks."10-wan" = {
matchConfig.Name = "enp2s0";
dhcpV6Config = {
PrefixDelegationHint = "::/60";
};
networkConfig = {
# start a DHCP Client for IPv4 Addressing/Routing
DHCP = "ipv4";
# accept Router Advertisements for Stateless IPv6 Autoconfiguraton (SLAAC)
IPv6AcceptRA = true;
# Allow mDNS .local address resolution
MulticastDNS = true;
};
addresses = [{
addressConfig = {
Address="fd00::2/64";
};
} {
addressConfig = {
Address="::/0";
Scope="global";
};
}];
ipv6PrefixDelegationConfig = {
Managed = true;
};
ipv6AcceptRAConfig = {
DHCPv6Client="always";
Token="prefixstable";
};
# make routing on this interface a dependency for network-online.target
linkConfig.RequiredForOnline = "routable";
};
# Useful for debugging systemd networkd
systemd.services.systemd-networkd.environment.SYSTEMD_LOG_LEVEL = "debug";
systemd.services.podman-api = {
enable = true;
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "Daemon for handling podman requests from Tealok";
serviceConfig = {
User = "root";
WorkingDirectory = "/tmp";
ExecStart = "${pkgs.podman}/bin/podman system service -t 0";
};
};
systemd.services.scan-uploader = {
enable = true;
wantedBy = [ "multi-user.target" ];
@ -348,6 +303,41 @@
];
# Enable podman since we are on NixOS 21.05
virtualisation.docker.enable = false;
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers = {
pihole = {
autoStart = true;
environment = {
TZ = "America/Phoenix";
DNSMASQ_LISTENING = "all";
};
extraOptions = ["--network=bridge"];
image = "docker.io/pihole/pihole:2024.07.0";
ports = [
"53:53/tcp"
"53:53/udp"
"67:67"
"127.0.0.1:10000:80"
];
volumes = [
"/etc/pihole/config:/etc/pihole"
"/etc/pihole/dnsmasq.d:/etc/dnsmasq.d"
];
};
};
virtualisation.podman.enable = true;
virtualisation.podman.dockerSocket.enable = true;
virtualisation.podman.defaultNetwork.settings = {
dns_enabled = false;
ipv6_enabled = true;
subnets = [{
gateway = "10.88.0.1";
subnet = "10.88.0.0/16";
}
{
gateway = "fd00::1:8:1";
subnet = "fd00::1:8:0/122";
}];
};
}