diff --git a/flake.lock b/flake.lock index 704c538..76093df 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ ] }, "locked": { - "lastModified": 1663761340, - "narHash": "sha256-a4thCod5O+IDcomBUVlU/TR4qJystthnnUEong6aJKU=", + "lastModified": 1663959086, + "narHash": "sha256-gXaUIhI24AtKh2m7HqFPottWWv15JZXeISGfV69d8Tw=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "c6938da6e6dec21d3e366adafab24a396d8b7914", + "rev": "cae16c54e59af727e2df6e6d3d273cb07ca5eb79", "type": "github" }, "original": { @@ -76,11 +76,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1663629861, - "narHash": "sha256-CjfQUyPfG/hkE4jnMcTvVJ0ubc84u8ySruZL+emXMjw=", + "lastModified": 1663932797, + "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=", "owner": "nix-community", "repo": "home-manager", - "rev": "41790ba656bafc023f48ccdbbe7816d30fd52d76", + "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6", "type": "github" }, "original": { @@ -162,11 +162,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1663494472, - "narHash": "sha256-fSowlaoXXWcAM8m9wA6u+eTJJtvruYHMA+Lb/tFi/qM=", + "lastModified": 1663850217, + "narHash": "sha256-tp9nXo1/IdN/xN9m06ryy0QUAEfoN6K56ObM/1QTAjc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f677051b8dc0b5e2a9348941c99eea8c4b0ff28f", + "rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90", "type": "github" }, "original": { @@ -231,7 +231,8 @@ "nixpkgs": "nixpkgs", "pamedia": "pamedia", "rust-overlay": "rust-overlay", - "sops": "sops" + "sops": "sops", + "sunshine": "sunshine" } }, "rust-overlay": { @@ -244,11 +245,11 @@ ] }, "locked": { - "lastModified": 1663729386, - "narHash": "sha256-aKdxkiYUGuvgy+eKq4jubf/gZN7TBoF6huE4w0chhDE=", + "lastModified": 1663902145, + "narHash": "sha256-wuDqTDcD+VtGOFyzrvsALZRw5MkCNPj7rPX6DKt6Pzo=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "0300688a98e053712108d4e22d5bdcf9c9106d8c", + "rev": "9e319dd18f7beadab4daaf2426466d4023c1d26f", "type": "github" }, "original": { @@ -278,6 +279,30 @@ "type": "github" } }, + "sunshine": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1664210128, + "narHash": "sha256-Ve7h8RN+48n4YJzRNkQTcpmPBENM2GMmpXlcVx14vnQ=", + "ref": "main", + "rev": "d43f5ce6761e609de875eeb2f36a12ef339f98d6", + "revCount": 11, + "type": "git", + "url": "ssh://git@git.datarift.nl/erwin/sunshine.git" + }, + "original": { + "ref": "main", + "type": "git", + "url": "ssh://git@git.datarift.nl/erwin/sunshine.git" + } + }, "utils": { "locked": { "lastModified": 1659877975, diff --git a/flake.nix b/flake.nix index e997d0d..67cb3e6 100644 --- a/flake.nix +++ b/flake.nix @@ -54,6 +54,12 @@ inputs.utils.follows = "flake-utils"; inputs.naersk.follows = "naersk"; }; + + sunshine = { + url = "git+ssh://git@git.datarift.nl/erwin/sunshine.git?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.flake-utils.follows = "flake-utils"; + }; }; outputs = @@ -93,6 +99,7 @@ nix.registry.nixpkgs.flake = nixpkgs; }) sops.nixosModules.sops + inputs.sunshine.nixosModules.sunshine ]; }; in diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 95446fb..f3f198e 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -72,16 +72,36 @@ in firewall = { trustedInterfaces = [ "lo" ]; - interfaces."enp4s0" = { - allowedTCPPorts = [ - # Horus System V2 - 12345 - 5555 - 5556 - # Elixir/Phoenix dev environment - 4000 - ]; - }; + # interfaces."enp4s0" = { + allowedTCPPorts = [ + # NFS + 111 2049 4000 4001 4002 20048 + + # Horus System V2 + 12345 5555 5556 + + # Elixir/Phoenix dev environment + 4000 + + # Sunshine + 48010 + ]; + + allowedUDPPorts = [ + # NFS + 111 2049 4000 4001 4002 20048 + ]; + + allowedTCPPortRanges = [ + # Sunshine + { from = 47984; to = 47990; } + ]; + + allowedUDPPortRanges = [ + # Sunshine + { from = 47998; to = 48000; } + ]; + # }; }; }; @@ -103,39 +123,11 @@ in services.openssh.enable = true; - # TODO: Add to LXD module - # virtualisation.lxd = { - # enable = true; - # recommendedSysctlSettings = true; - # }; - # virtualisation.lxc.lxcfs.enable = true; - - # networking.bridges = { - # lxdbr0.interfaces = [ ]; - # }; - # networking.localCommands = '' - # ip address add 10.2.0.1/24 dev lxdbr0 - # ''; - - # networking.firewall.extraCommands = '' - # iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT - # # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy, - # # but just to be explicit I'll add them anyway - # iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT - # iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT - # iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT - - # iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE - # ''; - - # boot.kernel.sysctl = { - # "net.ipv4.conf.all.forwarding" = true; - # "net.ipv4.conf.default.forwarding" = true; - # }; - - # users.users.erwin.extraGroups = [ "lxd" ]; - - # End TODO: Add to LXD module + services.sunshine = { + enable = true; + user = "erwin"; + openFirewall = true; + }; services.nfs.server = { enable = true; @@ -147,11 +139,6 @@ in statdPort = 4000; }; - networking.firewall = { - allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; - allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; - }; - sops.defaultSopsFile = ./secrets.yaml; sops.secrets = { ha_now_playing_token = {