changes
This commit is contained in:
commit
e28e53b6db
@ -56,7 +56,8 @@
|
||||
};
|
||||
|
||||
users.users.usr.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr" # x230t
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2xUbQw9+RCPVw7qCFm4NNCP/MpS2BIArcwMv0KdKOI usr" # mlg
|
||||
];
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
@ -2,8 +2,9 @@
|
||||
|
||||
{
|
||||
imports = [
|
||||
# ./hardware-configuration.nix
|
||||
./hardware-configuration.nix
|
||||
./nvidia.nix
|
||||
../../modules/ssh-phone-home.nix
|
||||
../../modules/bootstrap.nix
|
||||
../../modules/common.nix
|
||||
../../modules/x11.nix
|
||||
@ -25,9 +26,20 @@
|
||||
libreoffice
|
||||
nomacs
|
||||
vscodium
|
||||
thunderbird
|
||||
minetest
|
||||
];
|
||||
|
||||
services.openssh.enable = true;
|
||||
services.ssh-phone-home = {
|
||||
enable = true;
|
||||
localUser = "usr";
|
||||
remoteHostname = "192.168.1.100";
|
||||
remotePort = 22;
|
||||
remoteUser = "usr";
|
||||
bindPort = 2222;
|
||||
};
|
||||
|
||||
boot.loader = {
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
@ -48,5 +60,9 @@
|
||||
services.avahi.nssmdns = true; # enables the mDNS NSS plug-in
|
||||
services.avahi.openFirewall = true; # opens the firewall for UDP port 5353
|
||||
|
||||
networking.hostName = "mlg";
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
networking = {
|
||||
hostName = "mlg";
|
||||
firewall.enable = true;
|
||||
};
|
||||
}
|
||||
|
41
boxes/mlg/hardware-configuration.nix
Normal file
41
boxes/mlg/hardware-configuration.nix
Normal file
@ -0,0 +1,41 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# testing
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/eada30c2-ffc5-4410-b1cf-fcea6a4040ff";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/5318-1A44";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp58s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
10
boxes/mlg/home.nix
Normal file
10
boxes/mlg/home.nix
Normal file
@ -0,0 +1,10 @@
|
||||
{ lib, inputs, config, pkgs, home, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../../home/x11.nix
|
||||
../../home/chromium
|
||||
];
|
||||
|
||||
home.stateVersion = "23.11";
|
||||
}
|
@ -249,7 +249,8 @@ in {
|
||||
|
||||
users.users.ryan = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbhM3wj0oqjR3pUaZgpfX4Xo4dlzvBTbQ48zHyg7Pwx usr" # x230t
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrpVDLQszFKoYbvYKRyVTTpehxR0BVU47SXkz39l2wK usr" # mainsail
|
||||
];
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "docker" ];
|
||||
@ -342,7 +343,7 @@ in {
|
||||
locations."~ \\.git" = {
|
||||
extraConfig = ''
|
||||
client_max_body_size 0;
|
||||
|
||||
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME ${pkgs.git}/bin/git-http-backend;
|
||||
fastcgi_param GIT_HTTP_EXPORT_ALL "";
|
||||
|
@ -18,6 +18,11 @@
|
||||
thunderbird
|
||||
hue-cli
|
||||
bluetuith
|
||||
brave
|
||||
vdirsyncer
|
||||
isync
|
||||
khal
|
||||
todoman
|
||||
];
|
||||
|
||||
hardware.bluetooth = {
|
||||
|
27
builds/flake.lock
generated
27
builds/flake.lock
generated
@ -1,27 +0,0 @@
|
||||
{
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1703467016,
|
||||
"narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d02d818f22c777aa4e854efc3242ec451e5d462a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
@ -1,28 +0,0 @@
|
||||
{
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
|
||||
outputs =
|
||||
{ nixpkgs, ... }:
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
withSystem =
|
||||
f:
|
||||
lib.fold lib.recursiveUpdate { } (
|
||||
map f [
|
||||
"x86_64-linux"
|
||||
]
|
||||
);
|
||||
mkPackages = pkgs: {
|
||||
st = pkgs.callPackage ./st.nix { };
|
||||
rebuild = pkgs.callPackage ./rebuild.nix { };
|
||||
utils = pkgs.callPackage ./utils.nix { };
|
||||
};
|
||||
in
|
||||
withSystem (
|
||||
system: {
|
||||
overlays.default = final: _: mkPackages final;
|
||||
|
||||
packages.${system} = mkPackages nixpkgs.legacyPackages.${system};
|
||||
}
|
||||
);
|
||||
}
|
@ -5,6 +5,7 @@
|
||||
, libxcb
|
||||
# shell scripts stuff
|
||||
, makeWrapper
|
||||
, sshuttle
|
||||
, sxhkd
|
||||
, bash
|
||||
, feh
|
||||
@ -24,7 +25,7 @@ stdenv.mkDerivation rec {
|
||||
src = ./utils;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper pkg-config libxcb ];
|
||||
buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg ];
|
||||
buildInputs = [ libxcb bash feh xrandr jq curl fzy ytfzf ffmpeg sshuttle ];
|
||||
|
||||
buildPhase = ''
|
||||
ls
|
||||
@ -37,7 +38,7 @@ stdenv.mkDerivation rec {
|
||||
for i in $(ls $src/sh); do
|
||||
cp $src/sh/$i $out/bin
|
||||
ln -sf $out/bin/tmenu_run $out/bin/regenerate
|
||||
wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg ]}
|
||||
wrapProgram $out/bin/$i --prefix PATH : ${lib.makeBinPath [ sxhkd bash feh xrandr jq figlet curl fzy ytfzf ffmpeg sshuttle ]}
|
||||
done
|
||||
|
||||
cp c/status/main $out/bin/statusbar
|
||||
|
@ -27,6 +27,12 @@ case "$(hostname)" in
|
||||
bspc monitor VGA-1 -d 1 3 5 7 9
|
||||
bspc monitor HDMI-1 -d 2 4 6 8 0
|
||||
;;
|
||||
"mlg")
|
||||
# holdover configuration for the time being
|
||||
xrandr --output eDP-1 --brightness 0
|
||||
xrandr --output DP-1 --primary
|
||||
bspc monitor DP-1 -d 1 2 3 4 5 6 7 8 9
|
||||
;;
|
||||
"x230t")
|
||||
echo "x230t"
|
||||
case "$1" in
|
||||
|
5
builds/utils/sh/vpn
Executable file
5
builds/utils/sh/vpn
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
# a poor man's vpn
|
||||
ip=$(dig +short beepboop.systems)
|
||||
sshuttle --dns -r ryan@$ip:443 0/0
|
32
flake.lock
generated
32
flake.lock
generated
@ -25,11 +25,11 @@
|
||||
},
|
||||
"locked": {
|
||||
"dir": "pkgs/firefox-addons",
|
||||
"lastModified": 1705709716,
|
||||
"narHash": "sha256-YJdWSN3ra0FsAQT5PXe7uXxMeAXxTR+SY/wVOO1c6Bs=",
|
||||
"lastModified": 1706081037,
|
||||
"narHash": "sha256-R2dkUMLZa6qvRl4mXOG7bLHaGvoOYf5vIXWeyRDqML0=",
|
||||
"owner": "rycee",
|
||||
"repo": "nur-expressions",
|
||||
"rev": "d7ad3362283fced58410547650be31e37f9d0f41",
|
||||
"rev": "5f23ef51cad74dbf30633366e52eb895c9c633d1",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
@ -93,11 +93,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1705641746,
|
||||
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
|
||||
"lastModified": 1705916986,
|
||||
"narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
|
||||
"rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -172,8 +172,7 @@
|
||||
"firefox-addons": "firefox-addons",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver",
|
||||
"utilpkg": "utilpkg"
|
||||
"simple-nixos-mailserver": "simple-nixos-mailserver"
|
||||
}
|
||||
},
|
||||
"simple-nixos-mailserver": {
|
||||
@ -201,23 +200,6 @@
|
||||
"type": "gitlab"
|
||||
}
|
||||
},
|
||||
"utilpkg": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1,
|
||||
"narHash": "sha256-iemuV19UU8TriqixcvwdRUTa8lIrxc3Krwt4bHpUUWE=",
|
||||
"path": "/nix/store/wazyj2lnn6ksl5v386m7f64v3zf64r80-source/builds",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"path": "/nix/store/wazyj2lnn6ksl5v386m7f64v3zf64r80-source/builds",
|
||||
"type": "path"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"locked": {
|
||||
"lastModified": 1605370193,
|
||||
|
20
flake.nix
20
flake.nix
@ -11,16 +11,12 @@
|
||||
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
utilpkg = {
|
||||
url = "./builds";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
simple-nixos-mailserver = {
|
||||
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.11";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, home-manager, firefox-addons, simple-nixos-mailserver, utilpkg, ... }@inputs: {
|
||||
outputs = { self, nixpkgs, home-manager, firefox-addons, simple-nixos-mailserver, ... }@inputs: {
|
||||
nixosConfigurations = {
|
||||
netbox = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
@ -49,6 +45,20 @@
|
||||
}
|
||||
];
|
||||
};
|
||||
mlg = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
modules = [
|
||||
./boxes/mlg
|
||||
|
||||
home-manager.nixosModules.home-manager {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.extraSpecialArgs = { inherit inputs; };
|
||||
home-manager.users.usr = import ./boxes/mlg/home.nix;
|
||||
}
|
||||
];
|
||||
};
|
||||
virtbox = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs; };
|
||||
|
@ -6,10 +6,9 @@
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
# is it this? this throws a similar error; no attr st, etc.
|
||||
inputs.utilpkg.packages.x86_64-linux.st
|
||||
inputs.utilpkg.packages.x86_64-linux.rebuild
|
||||
inputs.utilpkg.packages.x86_64-linux.utils
|
||||
(pkgs.callPackage ../builds/rebuild.nix {})
|
||||
(pkgs.callPackage ../builds/st.nix {})
|
||||
(pkgs.callPackage ../builds/utils.nix {})
|
||||
pkgs.man-pages
|
||||
];
|
||||
|
||||
|
105
modules/ssh-phone-home.nix
Normal file
105
modules/ssh-phone-home.nix
Normal file
@ -0,0 +1,105 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
# with thanks to
|
||||
# https://www.auntieneo.net/2014/12/14/reverse-ssh-tunnel-on-nixos-with-systemd/
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
inherit (pkgs) openssh;
|
||||
cfg = config.services.ssh-phone-home;
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
services.ssh-phone-home = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable a "phone home" reverse SSH proxy.
|
||||
'';
|
||||
};
|
||||
|
||||
persist = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
When this is set to true, the service will persistently attempt to
|
||||
reconnect at intervals whenever the port forwarding operation fails.
|
||||
This is the recommended behavior for reliable operation. If one finds
|
||||
oneself in an environment where this kind of behavior might draw the
|
||||
suspicion of a network administrator, it might be a good idea to
|
||||
set this option to false (or not use <literal>ssh-phone-home</literal>
|
||||
at all).
|
||||
'';
|
||||
};
|
||||
|
||||
localUser = mkOption {
|
||||
description = ''
|
||||
Local user to connect as (i.e. the user with password-less SSH keys).
|
||||
'';
|
||||
};
|
||||
|
||||
remoteHostname = mkOption {
|
||||
description = ''
|
||||
The remote host to connect to. This should be the host outside of the
|
||||
firewall or NAT.
|
||||
'';
|
||||
};
|
||||
|
||||
remotePort = mkOption {
|
||||
default = 22;
|
||||
description = ''
|
||||
The port on which to connect to the remote host via SSH protocol.
|
||||
'';
|
||||
};
|
||||
|
||||
remoteUser = mkOption {
|
||||
description = ''
|
||||
The username to connect to the remote host as.
|
||||
'';
|
||||
};
|
||||
|
||||
bindPort = mkOption {
|
||||
default = 2222;
|
||||
description = ''
|
||||
The port to bind and listen to on the remote host.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.ssh-phone-home =
|
||||
{
|
||||
description = ''
|
||||
Reverse SSH tunnel as a service
|
||||
'';
|
||||
|
||||
# FIXME: This isn't triggered until a reboot, and probably won't work between suspends.
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = with cfg; {
|
||||
User = cfg.localUser;
|
||||
} // (if cfg.persist then
|
||||
{
|
||||
# Restart every 10 seconds on failure
|
||||
RestartSec = 10;
|
||||
Restart = "on-failure";
|
||||
}
|
||||
else {}
|
||||
);
|
||||
|
||||
script = with cfg; ''
|
||||
${openssh}/bin/ssh -NTC -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -R ${toString bindPort}:localhost:22 -l ${remoteUser} -p ${toString remotePort} ${remoteHostname}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue
Block a user