erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Add sunshine

Browse source
This commit is contained in:
Erwin Boskma 2022-09-27 20:38:45 +02:00
parent a89f08266e
commit a8a6b216b0
Signed by: erwin
GPG key ID: 270B20D17394F7E5
3 changed files with 80 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
flake.lock
View file

@ -10,11 +10,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1663761340, "lastModified": 1663959086,
"narHash": "sha256-a4thCod5O+IDcomBUVlU/TR4qJystthnnUEong6aJKU=", "narHash": "sha256-gXaUIhI24AtKh2m7HqFPottWWv15JZXeISGfV69d8Tw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "c6938da6e6dec21d3e366adafab24a396d8b7914", "rev": "cae16c54e59af727e2df6e6d3d273cb07ca5eb79",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -76,11 +76,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1663629861, "lastModified": 1663932797,
"narHash": "sha256-CjfQUyPfG/hkE4jnMcTvVJ0ubc84u8ySruZL+emXMjw=", "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "41790ba656bafc023f48ccdbbe7816d30fd52d76", "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -162,11 +162,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1663494472, "lastModified": 1663850217,
"narHash": "sha256-fSowlaoXXWcAM8m9wA6u+eTJJtvruYHMA+Lb/tFi/qM=", "narHash": "sha256-tp9nXo1/IdN/xN9m06ryy0QUAEfoN6K56ObM/1QTAjc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f677051b8dc0b5e2a9348941c99eea8c4b0ff28f", "rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,7 +231,8 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pamedia": "pamedia", "pamedia": "pamedia",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"sops": "sops" "sops": "sops",
"sunshine": "sunshine"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -244,11 +245,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1663729386, "lastModified": 1663902145,
"narHash": "sha256-aKdxkiYUGuvgy+eKq4jubf/gZN7TBoF6huE4w0chhDE=", "narHash": "sha256-wuDqTDcD+VtGOFyzrvsALZRw5MkCNPj7rPX6DKt6Pzo=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0300688a98e053712108d4e22d5bdcf9c9106d8c", "rev": "9e319dd18f7beadab4daaf2426466d4023c1d26f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -278,6 +279,30 @@
"type": "github" "type": "github"
} }
}, },
"sunshine": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1664210128,
"narHash": "sha256-Ve7h8RN+48n4YJzRNkQTcpmPBENM2GMmpXlcVx14vnQ=",
"ref": "main",
"rev": "d43f5ce6761e609de875eeb2f36a12ef339f98d6",
"revCount": 11,
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/sunshine.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/sunshine.git"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,

7
flake.nix
View file

@ -54,6 +54,12 @@
inputs.utils.follows = "flake-utils"; inputs.utils.follows = "flake-utils";
inputs.naersk.follows = "naersk"; inputs.naersk.follows = "naersk";
}; };
sunshine = {
url = "git+ssh://git@git.datarift.nl/erwin/sunshine.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
}; };
outputs = outputs =
@ -93,6 +99,7 @@
nix.registry.nixpkgs.flake = nixpkgs; nix.registry.nixpkgs.flake = nixpkgs;
}) })
sops.nixosModules.sops sops.nixosModules.sops
inputs.sunshine.nixosModules.sunshine
]; ];
}; };
in in

83
machines/loki/configuration.nix
View file

@ -72,16 +72,36 @@ in
firewall = { firewall = {
trustedInterfaces = [ "lo" ]; trustedInterfaces = [ "lo" ];
interfaces."enp4s0" = { # interfaces."enp4s0" = {
allowedTCPPorts = [ allowedTCPPorts = [
# Horus System V2 # NFS
12345 111 2049 4000 4001 4002 20048
5555
5556 # Horus System V2
# Elixir/Phoenix dev environment 12345 5555 5556
4000
]; # Elixir/Phoenix dev environment
}; 4000
# Sunshine
48010
];
allowedUDPPorts = [
# NFS
111 2049 4000 4001 4002 20048
];
allowedTCPPortRanges = [
# Sunshine
{ from = 47984; to = 47990; }
];
allowedUDPPortRanges = [
# Sunshine
{ from = 47998; to = 48000; }
];
# };
}; };
}; };
@ -103,39 +123,11 @@ in
services.openssh.enable = true; services.openssh.enable = true;
# TODO: Add to LXD module services.sunshine = {
# virtualisation.lxd = { enable = true;
# enable = true; user = "erwin";
# recommendedSysctlSettings = true; openFirewall = true;
# }; };
# virtualisation.lxc.lxcfs.enable = true;
# networking.bridges = {
# lxdbr0.interfaces = [ ];
# };
# networking.localCommands = ''
# ip address add 10.2.0.1/24 dev lxdbr0
# '';
# networking.firewall.extraCommands = ''
# iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy,
# # but just to be explicit I'll add them anyway
# iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE
# '';
# boot.kernel.sysctl = {
# "net.ipv4.conf.all.forwarding" = true;
# "net.ipv4.conf.default.forwarding" = true;
# };
# users.users.erwin.extraGroups = [ "lxd" ];
# End TODO: Add to LXD module
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
@ -147,11 +139,6 @@ in
statdPort = 4000; statdPort = 4000;
}; };
networking.firewall = {
allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
};
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { sops.secrets = {
ha_now_playing_token = { ha_now_playing_token = {