diff --git a/flake.lock b/flake.lock index 38758123..222406db 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,5 @@ { "nodes": { - "android": { - "locked": { - "lastModified": 1744517047, - "narHash": "sha256-o7HeWj7P8xSIYuN2pdAF6Hlb4rINYe1ZN3oIbHxAZXQ=", - "owner": "nix-community", - "repo": "nixos-avf", - "rev": "968a3e4d14fd4158b3cb7a4894753160cc944c04", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-avf", - "type": "github" - } - }, "blender": { "inputs": { "nixpkgs": "nixpkgs" @@ -457,7 +442,6 @@ }, "root": { "inputs": { - "android": "android", "blender": "blender", "disko": "disko", "hm": "hm", diff --git a/flake.nix b/flake.nix index 5cd71881..70115fc0 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,6 @@ impermanence.url = "github:nix-community/impermanence"; - android.url = "github:nix-community/nixos-avf"; - mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs.nixpkgs.follows = "stable"; @@ -44,7 +42,6 @@ lanzaboote, disko, impermanence, - android, mailserver, minecraft, hm, @@ -66,7 +63,6 @@ # nh os switch /path --hostname=host nixosConfigurations = { tower = mkNix [ ./hosts/tower ]; # Main Desktop - qemu = mkNix [ ./hosts/qemu ]; # Virtualization Testing envy = mkNix [ ./hosts/envy ]; # HP Convertable pear = mkNix [ ./hosts/pear ]; # MacBook Pro @@ -76,8 +72,6 @@ midas = mkNix [ ./hosts/midas ]; # Dell Optiplex 5040 kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1 - - droid = mkNix [ ./hosts/droid ]; # Android Virtualization Framework }; # nh home switch /path -c arch diff --git a/hosts/droid/default.nix b/hosts/droid/default.nix deleted file mode 100644 index 1539d1fc..00000000 --- a/hosts/droid/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, android, ... }: -{ - imports = [ - ./users - ../../modules/system - android.nixosModules.avf - ]; - - networking.hostName = "droid"; - - avf.defaultUser = config.sysusers.main; - - system = { - desktop.enable = true; - stateVersion = "24.11"; - }; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/droid/users/default.nix b/hosts/droid/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/droid/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/droid/users/main/default.nix b/hosts/droid/users/main/default.nix deleted file mode 100644 index 9c6469d4..00000000 --- a/hosts/droid/users/main/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - desktop.enable = true; - gaming.enable = true; - production.enable = true; - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/envy/default.nix b/hosts/envy/default.nix index 2634ffd0..8d51adcf 100644 --- a/hosts/envy/default.nix +++ b/hosts/envy/default.nix @@ -13,7 +13,6 @@ networking = { hostName = "envy"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.25/24" ]; }; system = { diff --git a/hosts/envy/filesystems/default.nix b/hosts/envy/filesystems/default.nix index 6fbd2d35..9bc9c66b 100644 --- a/hosts/envy/filesystems/default.nix +++ b/hosts/envy/filesystems/default.nix @@ -12,12 +12,5 @@ fsType = "btrfs"; options = [ "subvol=Steam" "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; - - # Network mounts - "/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; }; } diff --git a/hosts/envy/services/default.nix b/hosts/envy/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/envy/services/default.nix +++ b/hosts/envy/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/intuos/default.nix b/hosts/intuos/default.nix index 9ee1f094..73445bcd 100644 --- a/hosts/intuos/default.nix +++ b/hosts/intuos/default.nix @@ -12,14 +12,6 @@ networking = { hostName = "intuos"; wireless.enable = true; - vlans.internal = { - id=100; - interface="wlp1s0"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.102"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/intuos/filesystems/default.nix b/hosts/intuos/filesystems/default.nix index 37b9e0a1..7634dc52 100644 --- a/hosts/intuos/filesystems/default.nix +++ b/hosts/intuos/filesystems/default.nix @@ -6,7 +6,7 @@ options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; fileSystems."/home/${config.sysusers.main}/Network/Kitty" = { - device = "11.0.0.2:/"; + device = "10.2.0.1:/"; fsType = "nfs4"; options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index 82b244b8..8afe152c 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system (modulesPath + "/profiles/headless.nix") @@ -13,14 +14,6 @@ networking = { hostName = "kitty"; hostId = "8745e22e"; - vlans.internal = { - id=100; - interface="eno1"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.2"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/kitty/network/default.nix b/hosts/kitty/network/default.nix new file mode 100644 index 00000000..203fe0d6 --- /dev/null +++ b/hosts/kitty/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + vlans.internal = { + id=100; + interface="eno1"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.2"; + prefixLength = 8; + }]; + }; +} diff --git a/hosts/midas/network/default.nix b/hosts/midas/network/default.nix index 06685c47..17b47f4f 100644 --- a/hosts/midas/network/default.nix +++ b/hosts/midas/network/default.nix @@ -9,6 +9,16 @@ address = "10.1.0.1"; interface = "enp0s31f6"; }; + + vlans.internal = { + id=100; + interface="enp0s31f6"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.1"; + prefixLength = 8; + }]; + nftables.tables.forwarding = { family = "inet"; content = '' @@ -16,8 +26,6 @@ type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat ip to 11.0.0.100:22 comment "Tower SSH" tcp dport 2222 dnat ip to 11.0.0.2:22 comment "Kitty SSH" - tcp dport 2233 dnat ip to 11.0.0.101:22 comment "Envy SSH" - tcp dport 2244 dnat ip to 11.0.0.102:22 comment "Intuos SSH" udp dport { 27005, 27015 } dnat ip to 11.0.0.100 comment "PC Hosted Games" diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index 0ccaab19..62d64889 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -17,7 +17,6 @@ trilium-server.enable = true; vaultwarden.enable = true; webserver.enable = true; - wg.server.enable = true; minecraft-servers = { enable = true; diff --git a/hosts/pear/default.nix b/hosts/pear/default.nix index 94fe1974..faf196c0 100644 --- a/hosts/pear/default.nix +++ b/hosts/pear/default.nix @@ -3,8 +3,8 @@ imports = [ ./boot ./disko - ./filesystems ./hardware + ./network ./services ./users ../../modules/system @@ -13,7 +13,6 @@ networking = { hostName = "pear"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.18/24" ]; }; system = { diff --git a/hosts/pear/filesystems/default.nix b/hosts/pear/filesystems/default.nix deleted file mode 100644 index 39ad5cc4..00000000 --- a/hosts/pear/filesystems/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: -{ - fileSystems."/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; -} diff --git a/hosts/pear/services/default.nix b/hosts/pear/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/pear/services/default.nix +++ b/hosts/pear/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index 92c958f1..9303b80f 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -14,7 +14,6 @@ networking = { hostName = "prophet"; hostId = "97a21a38"; - wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ]; }; system = { diff --git a/hosts/prophet/services/default.nix b/hosts/prophet/services/default.nix index 9499a7ac..7de2570c 100644 --- a/hosts/prophet/services/default.nix +++ b/hosts/prophet/services/default.nix @@ -5,6 +5,5 @@ mailserver.enable = true; mysql.enable = true; nginx.enable = true; - wireguard.client.enable = true; }; } diff --git a/hosts/qemu/boot/default.nix b/hosts/qemu/boot/default.nix deleted file mode 100644 index 9ff2e3b3..00000000 --- a/hosts/qemu/boot/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - loader.grub.enable = true; - }; -} diff --git a/hosts/qemu/default.nix b/hosts/qemu/default.nix deleted file mode 100644 index 4dac575d..00000000 --- a/hosts/qemu/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - ./boot - ./disko - ./hardware - ./users - ../../modules/system - (modulesPath + "/profiles/headless.nix") - ]; - - networking.hostName = "qemu"; - system.stateVersion = "24.11"; -} diff --git a/hosts/qemu/disko/default.nix b/hosts/qemu/disko/default.nix deleted file mode 100644 index 74f43547..00000000 --- a/hosts/qemu/disko/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, disko, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - main = { - size = "100%"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" "noexec" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/persist/.snapshots" = { }; - "/persist/home" = { }; - "/persist/home/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems."/persist".neededForBoot = true; -} diff --git a/hosts/qemu/hardware/default.nix b/hosts/qemu/hardware/default.nix deleted file mode 100644 index dded8092..00000000 --- a/hosts/qemu/hardware/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ "kvm-amd" "dm-snapshot" ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/qemu/users/default.nix b/hosts/qemu/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/qemu/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/qemu/users/main/default.nix b/hosts/qemu/users/main/default.nix deleted file mode 100644 index 9366cadc..00000000 --- a/hosts/qemu/users/main/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/redmond/default.nix b/hosts/redmond/default.nix index be47776f..4d3236e6 100644 --- a/hosts/redmond/default.nix +++ b/hosts/redmond/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system ]; @@ -12,15 +13,6 @@ networking = { hostName = "redmond"; wireless.enable = true; - interfaces."wlp1s0".ipv4.addresses = [{ - address = "192.168.2.200"; - prefixLength = 24; - }]; - defaultGateway = { - address = "192.168.2.1"; - interface = "wlp1s0"; - }; - wg-quick.interfaces.wgc.address = [ "10.100.0.23/24" ]; }; system = { @@ -28,7 +20,5 @@ stateVersion = "24.05"; }; - services.wireguard.client.enable = true; - environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2"; } diff --git a/hosts/redmond/filesystems/default.nix b/hosts/redmond/filesystems/default.nix index 119e3997..c6bb7542 100644 --- a/hosts/redmond/filesystems/default.nix +++ b/hosts/redmond/filesystems/default.nix @@ -1,15 +1,8 @@ { config, ... }: { - fileSystems = { - "/mnt/Windrive" = { - device = "/dev/disk/by-uuid/582C6B802C6B57D0"; - fsType = "ntfs"; - options = [ "nosuid" "nodev" ]; - }; - "/home/${config.sysusers.main}/Network/Midas" = { - device = "10.100.0.1:/storage"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; + fileSystems."/mnt/Windrive" = { + device = "/dev/disk/by-uuid/582C6B802C6B57D0"; + fsType = "ntfs"; + options = [ "nosuid" "nodev" ]; }; } diff --git a/hosts/redmond/network/default.nix b/hosts/redmond/network/default.nix new file mode 100644 index 00000000..f87dee8a --- /dev/null +++ b/hosts/redmond/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + interfaces."wlp1s0".ipv4.addresses = [{ + address = "192.168.2.200"; + prefixLength = 24; + }]; + defaultGateway = { + address = "192.168.2.1"; + interface = "wlp1s0"; + }; + }; +} diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index bf95d667..2f15c2c3 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -18,7 +18,5 @@ stateVersion = "24.05"; }; - services.wg.client.enable = true; - virtualisation.libvirtd.enable = true; } diff --git a/hosts/tower/network/default.nix b/hosts/tower/network/default.nix index 623f0f19..74bbcda4 100644 --- a/hosts/tower/network/default.nix +++ b/hosts/tower/network/default.nix @@ -1,15 +1,14 @@ { ... }: { - networking.firewall.allowedUDPPorts = [ 27015 ]; - - systemd.network = { - netdevs."10-wg0".wireguardPeers = [ - { # Local server - PublicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; - AllowedIPs = [ "11.0.0.0/8" ]; - Endpoint = "10.2.0.1:51820"; - } - ]; - networks."wg0".address = [ "11.0.0.100/8" ]; + networking = { + firewall.allowedUDPPorts = [ 27015 ]; + vlans.internal = { + id=100; + interface="enp42s0"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.100"; + prefixLength = 8; + }]; }; } diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 08d97784..476566e0 100644 Binary files a/modules/system/secrets/default.nix and b/modules/system/secrets/default.nix differ diff --git a/modules/system/services/general/default.nix b/modules/system/services/general/default.nix index ccf19ea6..22685c57 100644 --- a/modules/system/services/general/default.nix +++ b/modules/system/services/general/default.nix @@ -12,6 +12,5 @@ ./sunshine ./tlp ./userborn - ./wireguard ]; } diff --git a/modules/system/services/general/wireguard/default.nix b/modules/system/services/general/wireguard/default.nix deleted file mode 100644 index a9d209c8..00000000 --- a/modules/system/services/general/wireguard/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - options.services.wg.client.enable = lib.mkEnableOption "Enable Wireguard client"; - - config = lib.mkIf config.services.wg.client.enable { - boot.kernelModules = [ "wireguard" ]; - - systemd.network = { - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1300"; - }; - wireguardConfig = { - PrivateKeyFile = pkgs.writeText "wgclientsecret" config.secrets.wg.clientKey; - ListenPort = 9918; - }; - }; - }; - networks."wg0" = { - matchConfig.Name = "wg0"; - DHCP = "no"; - }; - }; - }; -} diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 2085a3b4..ec51d8b1 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -18,6 +18,5 @@ ./transmission ./trilium ./vaultwarden - ./wireguard ]; } diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index 6a01d8cb..ab8dc4fa 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -19,7 +19,7 @@ # Passwords made with 'mkpasswd -sm bcrypt' loginAccounts = { "jimbo@nixfox.ca" = { - hashedPassword = config.secrets.mailHash.jimbo; + hashedPassword = config.secrets.mailHash.bun; aliases = [ "james@nixfox.ca" "jimbo@bloxelcom.net" diff --git a/modules/system/services/server/wireguard/default.nix b/modules/system/services/server/wireguard/default.nix deleted file mode 100644 index 9b018b25..00000000 --- a/modules/system/services/server/wireguard/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - options.services.wg.server.enable = lib.mkEnableOption "Enable Wireguard server"; - - config = lib.mkIf config.services.wg.server.enable { - systemd.network = { - netdevs = { - "50-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1300"; - }; - wireguardConfig = { - PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey; - ListenPort = 51820; - RouteTable = "main"; - }; - wireguardPeers = [ - { # NixOS Config Key - PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; - AllowedIPs = [ "11.0.0.0/8" ]; - } - { # Pixel 9 - PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; - AllowedIPs = [ "11.1.0.1/32" ]; - } - ]; - }; - }; - networks."wg0" = { - matchConfig.Name = "wg0"; - address = [ "11.0.0.1/8" ]; - networkConfig = { - IPMasquerade = "both"; - IPv4Forwarding = true; - IPv6Forwarding = true; - }; - }; - }; - - networking.firewall.allowedUDPPorts = [ 51820 ]; - }; -}