erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Compare commits

base: erwin:f555f543441576b1aff402563f9dd40bd8a61c1e
Branches Tags
erwin:main
...
compare: erwin:36d0dc1fe0fc92da4862744eb797bc136faf6acf
Branches Tags
erwin:main

11 commits
f555f54344 ... 36d0dc1fe0

Author SHA1 Message Date
Erwin Boskma
36d0dc1fe0
kea: Add routers DHCP option 2024-03-17 09:28:22 +01:00
Erwin Boskma
51672c186b
valkyrie: Open DNS and DHCP ports 2024-03-16 23:12:30 +01:00
Erwin Boskma
f2ebda369a
grafana: Add plugins, disable HTML sanitization 2024-03-16 23:06:01 +01:00
Erwin Boskma
c757e6cfb0
unbound: Fix typo 2024-03-16 22:55:00 +01:00
Erwin Boskma
20f61bf863
saga: Add kea and blocky to prometheus jobs 2024-03-16 22:49:45 +01:00
Erwin Boskma
4d3767356e
kea: Disable Ubiquiti option for now 2024-03-16 22:46:16 +01:00
Erwin Boskma
7f862cefb5
blocky: Fix typo 2024-03-16 22:46:09 +01:00
Erwin Boskma
8ef0734696
gpg: Update gpg-agent config 2024-03-16 22:38:43 +01:00
Erwin Boskma
e35c4573e6
Get colmena from flake 2024-03-16 22:38:29 +01:00
Erwin Boskma
e232bd8d9f
flake.lock: Update 
Flake lock file updates:

• Added input 'colmena':
    'github:zhaofengli/colmena/c84ccd0a7a712475e861c2b111574472b1a8d0cd?narHash=sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP%2BJTnOctDALErOw%3D' (2024-01-29)
• Added input 'colmena/flake-compat':
    'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8?narHash=sha256-Z%2Bs0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh%2BE%3D' (2022-04-19)
• Added input 'colmena/flake-utils':
    'github:numtide/flake-utils/c0e246b9b83f637f4681389ecabcb2681b4f3af0?narHash=sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc%3D' (2022-08-07)
• Added input 'colmena/nixpkgs':
    follows 'nixpkgs'
• Added input 'colmena/stable':
    'github:NixOS/nixpkgs/32dcb45f66c0487e92db8303a798ebc548cadedc?narHash=sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE%3D' (2023-09-30)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/ee3a92b17a377d2ac2bb8293638f7e87f74953ee?narHash=sha256-mqWEpPqxeHYslfmevxx/KwuoZ9uIWjiD%2BCsdQFW7xsM%3D' (2024-03-15)
  → 'github:nix-community/emacs-overlay/895a56e7294c2e5be4f84aa8e1cbc9e53e91307e?narHash=sha256-7to4df2dUDd2LhPSp/XeH9rpONb2MtYDn1uFeVMolVc%3D' (2024-03-16)
• Updated input 'eww':
    'github:elkowar/eww/7bfd47eb8130f02f2a8f695c255df2f5302636b4?narHash=sha256-CCwOEyCtn/y9IxhY64OTr1iDyPl2XjrF2u93Z2ex56E%3D' (2024-02-24)
  → 'github:elkowar/eww/4ce42455a4744b0dc00dd356ba9b32c1ca558a0e?narHash=sha256-M1MCbKXTI/Z7eWRi9jweloyUTIOMpqN33h5X6hOgeKU%3D' (2024-03-16)
• Updated input 'home-manager':
    'github:nix-community/home-manager/ca922258e1682b435e632a5ca1910bbbed835345?narHash=sha256-FsPpFFw59MFU%2BE1PD6t9K9it17DaV5nU/%2BmWEkfS2YE%3D' (2024-03-15)
  → 'github:nix-community/home-manager/206f457fffdb9a73596a4cb2211a471bd305243d?narHash=sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY%3D' (2024-03-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ad2fd7b978d5e462048729a6c635c45d3d33c9ba?narHash=sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY%3D' (2024-03-11)
  → 'github:NixOS/nixos-hardware/968952f950a59dee9ed1e8799dda38c6dfa1bad3?narHash=sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0%3D' (2024-03-16)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/7ff8e9a04ac7777a3446788cb4018b452157ab8a?narHash=sha256-YGN6R0nLfB2L57J8T/DX%2BLcB06QipyYzHSz7AD8B0n0%3D' (2024-03-15)
  → 'github:oxalica/rust-overlay/42baa9e2e4713572d7481f917243b07dffdf54b8?narHash=sha256-Lbdq3/TH4VrrR7A6FxIYwu5tFOcprYh8Q49Nc9s/i6c%3D' (2024-03-16)
 2024-03-16 22:37:38 +01:00
Erwin Boskma
c6f9bd3de1
valkyrie: Switch from AdGuard Home to blocky (DNS) + kea (DHCP) 2024-03-16 22:36:09 +01:00
9 changed files with 368 additions and 35 deletions
Show stats Expand all files Collapse all files

121
flake.lock generated
View file

@ -66,6 +66,29 @@
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"stable": "stable"
},
"locked": {
"lastModified": 1706509311,
"narHash": "sha256-QQKQ6r3CID8aXn2ZXZ79ZJxdCOeVP+JTnOctDALErOw=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "c84ccd0a7a712475e861c2b111574472b1a8d0cd",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "colmena",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
@ -89,7 +112,7 @@
},
"crane_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-utils": [
"ha-now-playing",
"flake-utils"
@ -148,11 +171,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1710493512,
"narHash": "sha256-mqWEpPqxeHYslfmevxx/KwuoZ9uIWjiD+CsdQFW7xsM=",
"lastModified": 1710608587,
"narHash": "sha256-7to4df2dUDd2LhPSp/XeH9rpONb2MtYDn1uFeVMolVc=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "ee3a92b17a377d2ac2bb8293638f7e87f74953ee",
"rev": "895a56e7294c2e5be4f84aa8e1cbc9e53e91307e",
"type": "github"
},
"original": {
@ -163,7 +186,7 @@
},
"eww": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
@ -172,11 +195,11 @@
]
},
"locked": {
"lastModified": 1708778800,
"narHash": "sha256-CCwOEyCtn/y9IxhY64OTr1iDyPl2XjrF2u93Z2ex56E=",
"lastModified": 1710592392,
"narHash": "sha256-M1MCbKXTI/Z7eWRi9jweloyUTIOMpqN33h5X6hOgeKU=",
"owner": "elkowar",
"repo": "eww",
"rev": "7bfd47eb8130f02f2a8f695c255df2f5302636b4",
"rev": "4ce42455a4744b0dc00dd356ba9b32c1ca558a0e",
"type": "github"
},
"original": {
@ -202,6 +225,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -217,7 +256,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696267196,
@ -233,7 +272,7 @@
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -249,7 +288,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -320,6 +359,21 @@
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems"
},
@ -337,7 +391,7 @@
"type": "github"
}
},
"flake-utils_3": {
"flake-utils_4": {
"inputs": {
"systems": "systems_2"
},
@ -414,11 +468,11 @@
]
},
"locked": {
"lastModified": 1710499337,
"narHash": "sha256-FsPpFFw59MFU+E1PD6t9K9it17DaV5nU/+mWEkfS2YE=",
"lastModified": 1710532761,
"narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ca922258e1682b435e632a5ca1910bbbed835345",
"rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
"type": "github"
},
"original": {
@ -499,8 +553,8 @@
},
"nix-ld-rs": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3",
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
@ -521,11 +575,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1710123225,
"narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=",
"lastModified": 1710622004,
"narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba",
"rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3",
"type": "github"
},
"original": {
@ -678,7 +732,7 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"flake-utils": [
"flake-utils"
],
@ -707,11 +761,12 @@
"anyrun": "anyrun",
"attic": "attic",
"caddy-with-plugins": "caddy-with-plugins",
"colmena": "colmena",
"disko": "disko",
"emacs-overlay": "emacs-overlay",
"eww": "eww",
"flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"ha-now-playing": "ha-now-playing",
"home-manager": "home-manager",
"microvm": "microvm",
@ -762,11 +817,11 @@
]
},
"locked": {
"lastModified": 1710468700,
"narHash": "sha256-YGN6R0nLfB2L57J8T/DX+LcB06QipyYzHSz7AD8B0n0=",
"lastModified": 1710555016,
"narHash": "sha256-Lbdq3/TH4VrrR7A6FxIYwu5tFOcprYh8Q49Nc9s/i6c=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7ff8e9a04ac7777a3446788cb4018b452157ab8a",
"rev": "42baa9e2e4713572d7481f917243b07dffdf54b8",
"type": "github"
},
"original": {
@ -812,6 +867,22 @@
"url": "https://spectrum-os.org/git/spectrum"
}
},
"stable": {
"locked": {
"lastModified": 1696039360,
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"sunshine": {
"inputs": {
"flake-parts": [

7
flake.nix
View file

@ -96,6 +96,11 @@
# inputs.nixpkgs.follows = "nixpkgs";
};
colmena = {
url = "github:zhaofengli/colmena";
inputs.nixpkgs.follows = "nixpkgs";
};
caddy-with-plugins = {
url = "github:eboskma/caddy-with-plugins";
inputs = {
@ -240,7 +245,7 @@
name = "dotfiles";
packages = [
age
colmena
inputs'.colmena.packages.colmena
just
nodejs
nodePackages.typescript-language-server

4
home-manager/modules/gpg/default.nix
View file

@ -14,7 +14,7 @@ in
};
config = mkIf cfg.enable {
home.packages = with pkgs; [ pinentry-gnome ];
home.packages = with pkgs; [ pinentry-gnome3 ];
programs.gpg = {
enable = true;
@ -22,7 +22,7 @@ in
services.gpg-agent = {
enable = true;
pinentryFlavor = "gnome3";
pinentryPackage = pkgs.pinentry-gnome3;
# enableSshSupport = true;
# defaultCacheTtlSsh = 14400;
# maxCacheTtlSsh = 14400;

13
machines/saga/grafana/default.nix
View file

@ -1,17 +1,28 @@
{ config, ... }:
{ pkgs, config, ... }:
{
services.grafana = {
enable = true;
declarativePlugins = with pkgs.grafanaPlugins; [
grafana-piechart-panel
grafana-polystat-panel
grafana-clock-panel
];
settings = {
log = {
level = "info";
};
panels = {
disable_sanitize_html = true;
};
server = {
domain = "saga.datarift.nl";
enforce_domain = true;
http_addr = "0.0.0.0";
root_url = "https://saga.datarift.nl";
};
"auth.generic_oauth" = {
enabled = true;
name = "Keycloak";

2
machines/saga/prometheus/default.nix
View file

@ -27,6 +27,8 @@
targets = [
"valkyrie:${toString config.services.prometheus.exporters.node.port}" # node
"valkyrie:${toString config.services.prometheus.exporters.unbound.port}" # unbound
"valkyrie:${toString config.services.prometheus.exporters.kea.port}" # kea
"valkyrie:4000" # blocky
];
}
];

59
machines/valkyrie/blocky/default.nix Normal file
View file

@ -0,0 +1,59 @@
{
services = {
blocky = {
enable = true;
settings = {
ports = {
dns = 53;
http = 4000;
};
upstreams = {
groups = {
default = [ "127.0.0.1:5335" ];
};
};
blocking = {
blackLists = {
ads = [
"https://big.oisd.nl/domainswild"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts"
];
};
clientGroupsBlock = {
default = [ "ads" ];
};
};
customDNS = {
mapping = {
"ci.datarift.nl" = "10.0.0.251";
"home.datarift.nl" = "10.0.0.251";
"frigate.datarift.nl" = "10.0.0.251";
"git.datarift.nl" = "10.0.0.203";
"loki.datarift.nl" = "10.0.0.4";
"minio.datarift.nl" = "10.0.0.251";
"minio-admin.datarift.nl" = "10.0.0.251";
"mqtt.datarift.nl" = "10.0.0.254";
"nix-cache.datarift.nl" = "10.0.0.209";
"saga.datarift.nl" = "10.0.0.251";
"track.datarift.nl" = "10.0.0.254";
"vaultserver.horus.nu" = "192.168.4.32";
"vidz.datarift.nl" = "10.0.0.211";
};
};
prometheus = {
enable = true;
};
queryLog = {
type = "csv";
target = "/var/lib/blocky/querylog";
logRetentionDays = 7;
};
};
};
};
}

17
machines/valkyrie/configuration.nix
View file

@ -7,7 +7,8 @@
../../users/root
../../users/erwin
./adguard
./kea
./blocky
./unbound
];
@ -16,9 +17,9 @@
enable = true;
server = true;
};
adguard = {
upstreams = [ "127.0.0.1:5335" ];
};
# adguard = {
# upstreams = [ "127.0.0.1:5335" ];
# };
nix-common = {
enable = true;
remote-builders = true;
@ -42,7 +43,13 @@
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [
53
67
];
};
};
systemd.network = {

178
machines/valkyrie/kea/default.nix Normal file
View file

@ -0,0 +1,178 @@
{ config, ... }:
{
services = {
kea = {
dhcp4 = {
enable = true;
settings = {
# rebind-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.875;
# renew-timer = config.services.kea.dhcp4.settings.valid-lifetime * 0.5;
calculate-tee-times = true; # This makes kea do the same calculation as above
valid-lifetime = 3600;
control-socket = {
socket-type = "unix";
socket-name = "/run/kea/kea-dhcp4.socket";
};
# option-def = [
# {
# space = "ubnt";
# name = "unifi-address";
# code = 1;
# type = "ipv4-address";
# }
# ];
# client-classes = [
# {
# name = "ubnt";
# test = "substring(option[60].hex,0,4) == 'ubnt'";
# option-data = [
# {
# space = "ubnt";
# name = "vendor-class-identifier";
# code = 60;
# data = "ubnt";
# }
# {
# name = "vendor-encapsulated-options";
# code = 43;
# }
# ];
# option-def = [
# {
# name = "vendor-encapsulated-options";
# code = 43;
# type = "empty";
# encapsulate = "ubnt";
# }
# ];
# }
# ];
interfaces-config = {
interfaces = [ "eth0" ];
};
lease-database = {
name = "/var/lib/kea/dhcp4.leases";
persist = true;
type = "memfile";
};
subnet4 = [
{
pools = [ { pool = "10.0.0.150 - 10.0.0.200"; } ];
subnet = "10.0.0.0/24";
option-data = [
{
name = "routers";
data = "10.0.0.1";
}
{
name = "domain-name-servers";
data = "10.0.0.206";
}
# {
# space = "ubnt";
# name = "unifi-address";
# code = 1;
# data = "10.0.0.207";
# }
];
reservations = [
{
hostname = "loki";
hw-address = "04:d9:f5:f9:c2:c5";
ip-address = "10.0.0.4";
}
{
hostname = "usw-mini-woonkamer";
hw-address = "d0:21:f9:e7:fd:c8";
ip-address = "10.0.0.20";
}
{
hostname = "reolink-deurbel";
hw-address = "ec:71:db:5a:e3:21";
ip-address = "10.0.0.31";
}
{
hostname = "shelly-schuur";
hw-address = "dc:4f:22:76:4e:3e";
ip-address = "10.0.0.40";
}
{
hostname = "shelly-oven";
hw-address = "c4:5b:be:49:fb:e7";
ip-address = "10.0.0.41";
}
{
hostname = "shelly-voordeur";
hw-address = "dc:4f:22:76:9d:ee";
ip-address = "10.0.0.42";
}
{
hostname = "iphone-erwin";
hw-address = "60:57:c8:0b:6b:ac";
ip-address = "10.0.0.70";
}
{
hostname = "ipad-erwin";
hw-address = "14:99:e2:cb:38:78";
ip-address = "10.0.0.71";
}
{
hostname = "appletv-woonkamer";
hw-address = "f0:b3:ec:52:23:51";
ip-address = "10.0.0.80";
}
{
hostname = "sonos-woonkamer";
hw-address = "34:7e:5c:dc:f4:34";
ip-address = "10.0.0.81";
}
{
hostname = "smile033188";
hw-address = "c4:93:00:03:31:89";
ip-address = "10.0.0.82";
}
{
hostname = "sonos-hobbykamer";
hw-address = "00:0e:58:5f:a9:06";
ip-address = "10.0.0.83";
}
{
hostname = "3dprinter-wlan";
hw-address = "b8:27:eb:51:ec:4e";
ip-address = "10.0.0.120";
}
{
hostname = "3dprinter";
hw-address = "b8:27:eb:04:b9:1b";
ip-address = "10.0.0.121";
}
{
hostname = "thor";
hw-address = "d8:3a:dd:17:9b:d0";
ip-address = "10.0.0.122";
}
{
hostname = "thor-wlan";
hw-address = "d8:3a:dd:17:9b:d1";
ip-address = "10.0.0.123";
}
];
}
];
};
};
};
prometheus.exporters.kea = {
enable = true;
controlSocketPaths = [ config.services.kea.dhcp4.settings.control-socket.socket-name ];
};
};
}

2
machines/valkyrie/unbound/default.nix
View file

@ -60,7 +60,7 @@
# Leave sections that are not requested out of the response message
# Reduces response message significantly and may prevent TCP fallback
# for some responses
minimal-response = true;
minimal-responses = true;
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
so-rcvbuf = "8m";