erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Add sunshine

Browse source
This commit is contained in:
Erwin Boskma 2022-09-27 20:38:45 +02:00
parent a89f08266e
commit a8a6b216b0
Signed by: erwin
GPG key ID: 270B20D17394F7E5
3 changed files with 80 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
flake.lock
View file

@ -10,11 +10,11 @@
]
},
"locked": {
"lastModified": 1663761340,
"narHash": "sha256-a4thCod5O+IDcomBUVlU/TR4qJystthnnUEong6aJKU=",
"lastModified": 1663959086,
"narHash": "sha256-gXaUIhI24AtKh2m7HqFPottWWv15JZXeISGfV69d8Tw=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "c6938da6e6dec21d3e366adafab24a396d8b7914",
"rev": "cae16c54e59af727e2df6e6d3d273cb07ca5eb79",
"type": "github"
},
"original": {
@ -76,11 +76,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1663629861,
"narHash": "sha256-CjfQUyPfG/hkE4jnMcTvVJ0ubc84u8ySruZL+emXMjw=",
"lastModified": 1663932797,
"narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "41790ba656bafc023f48ccdbbe7816d30fd52d76",
"rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"type": "github"
},
"original": {
@ -162,11 +162,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1663494472,
"narHash": "sha256-fSowlaoXXWcAM8m9wA6u+eTJJtvruYHMA+Lb/tFi/qM=",
"lastModified": 1663850217,
"narHash": "sha256-tp9nXo1/IdN/xN9m06ryy0QUAEfoN6K56ObM/1QTAjc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f677051b8dc0b5e2a9348941c99eea8c4b0ff28f",
"rev": "ae1dc133ea5f1538d035af41e5ddbc2ebcb67b90",
"type": "github"
},
"original": {
@ -231,7 +231,8 @@
"nixpkgs": "nixpkgs",
"pamedia": "pamedia",
"rust-overlay": "rust-overlay",
"sops": "sops"
"sops": "sops",
"sunshine": "sunshine"
}
},
"rust-overlay": {
@ -244,11 +245,11 @@
]
},
"locked": {
"lastModified": 1663729386,
"narHash": "sha256-aKdxkiYUGuvgy+eKq4jubf/gZN7TBoF6huE4w0chhDE=",
"lastModified": 1663902145,
"narHash": "sha256-wuDqTDcD+VtGOFyzrvsALZRw5MkCNPj7rPX6DKt6Pzo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0300688a98e053712108d4e22d5bdcf9c9106d8c",
"rev": "9e319dd18f7beadab4daaf2426466d4023c1d26f",
"type": "github"
},
"original": {
@ -278,6 +279,30 @@
"type": "github"
}
},
"sunshine": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1664210128,
"narHash": "sha256-Ve7h8RN+48n4YJzRNkQTcpmPBENM2GMmpXlcVx14vnQ=",
"ref": "main",
"rev": "d43f5ce6761e609de875eeb2f36a12ef339f98d6",
"revCount": 11,
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/sunshine.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@git.datarift.nl/erwin/sunshine.git"
}
},
"utils": {
"locked": {
"lastModified": 1659877975,

7
flake.nix
View file

@ -54,6 +54,12 @@
inputs.utils.follows = "flake-utils";
inputs.naersk.follows = "naersk";
};
sunshine = {
url = "git+ssh://git@git.datarift.nl/erwin/sunshine.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
};
outputs =
@ -93,6 +99,7 @@
nix.registry.nixpkgs.flake = nixpkgs;
})
sops.nixosModules.sops
inputs.sunshine.nixosModules.sunshine
];
};
in

73
machines/loki/configuration.nix
View file

@ -72,16 +72,36 @@ in
firewall = {
trustedInterfaces = [ "lo" ];
interfaces."enp4s0" = {
# interfaces."enp4s0" = {
allowedTCPPorts = [
# NFS
111 2049 4000 4001 4002 20048
# Horus System V2
12345
5555
5556
12345 5555 5556
# Elixir/Phoenix dev environment
4000
# Sunshine
48010
];
};
allowedUDPPorts = [
# NFS
111 2049 4000 4001 4002 20048
];
allowedTCPPortRanges = [
# Sunshine
{ from = 47984; to = 47990; }
];
allowedUDPPortRanges = [
# Sunshine
{ from = 47998; to = 48000; }
];
# };
};
};
@ -103,39 +123,11 @@ in
services.openssh.enable = true;
# TODO: Add to LXD module
# virtualisation.lxd = {
# enable = true;
# recommendedSysctlSettings = true;
# };
# virtualisation.lxc.lxcfs.enable = true;
# networking.bridges = {
# lxdbr0.interfaces = [ ];
# };
# networking.localCommands = ''
# ip address add 10.2.0.1/24 dev lxdbr0
# '';
# networking.firewall.extraCommands = ''
# iptables -A INPUT -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# # Technically not necessary because FORWARD and OUTPUT by default have an ACCEPT policy,
# # but just to be explicit I'll add them anyway
# iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD rules for lxdbr0" -j ACCEPT
# iptables -t nat -A POSTROUTING -s 10.2.0.0/24 ! -d 10.2.0.0/24 -m comment --comment "LXD rules for lxdbr0" -j MASQUERADE
# '';
# boot.kernel.sysctl = {
# "net.ipv4.conf.all.forwarding" = true;
# "net.ipv4.conf.default.forwarding" = true;
# };
# users.users.erwin.extraGroups = [ "lxd" ];
# End TODO: Add to LXD module
services.sunshine = {
enable = true;
user = "erwin";
openFirewall = true;
};
services.nfs.server = {
enable = true;
@ -147,11 +139,6 @@ in
statdPort = 4000;
};
networking.firewall = {
allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ];
allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ];
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
ha_now_playing_token = {