faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

added stuff

Browse source
This commit is contained in:
vali 2024-04-09 23:11:33 +02:00
commit 236b8c2a6b
907 changed files with 70990 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

46
nyx/hosts/enyo/btrfs.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}: let
inherit (lib.modules) mkIf;
inherit (lib.attrsets) filterAttrs;
btrfsMounts = filterAttrs (_: mount: mount.fsType == "btrfs") config.fileSystems;
hasHomeSubvolume = (filterAttrs (_: mount: mount.mountPoint == "/home") btrfsMounts) != {};
in {
config = mkIf (btrfsMounts != {}) {
systemd = {
# create the snapshots directory
# it will linger for 30 days before it's dropped
# this serves as an easy way to persist the snapshots
# for a set amount of time
tmpfiles.settings."10-snapshots"."/var/lib/snapshots".d = {
user = "root";
group = "root";
age = "30d";
};
# run the snapshots on a weekly timer
timers.snapshot-home = {
enable = hasHomeSubvolume;
description = "snapshot home subvolume";
wantedBy = ["multi-user.target"];
timerConfig = {
OnCalendar = "weekly";
Persistent = true;
};
};
# create a snapshot of the /home subvolume
# it will be stored in /var/lib/snapshots with a timestamp
# %s - seconds since the Epoch (1970-01-01 00:00 UTC)
services.snapshot-home = {
enable = hasHomeSubvolume;
path = [pkgs.btrfs-progs];
script = "btrfs subvolume snapshot /home /var/lib/snapshots/$(date +%s)";
};
};
};
}

12
nyx/hosts/enyo/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
imports = [
./fs
./kernel
./modules
./btrfs.nix
./networking.nix
./system.nix
./wireguard.nix # TODO: abstract
];
}

44
nyx/hosts/enyo/fs/default.nix Normal file
View file

@ -0,0 +1,44 @@
{
imports = [./external.nix];
config = {
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/E20E-9940";
fsType = "vfat";
};
"/" = {
device = "/dev/disk/by-uuid/e1f1186b-2143-4bf7-8b99-8da1434520c6";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
"/nix" = {
device = "/dev/disk/by-uuid/e1f1186b-2143-4bf7-8b99-8da1434520c6";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
"/home" = {
device = "/dev/disk/by-uuid/e1f1186b-2143-4bf7-8b99-8da1434520c6";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
"/persist" = {
device = "/dev/disk/by-uuid/e1f1186b-2143-4bf7-8b99-8da1434520c6";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
};
"/var/log" = {
device = "/dev/disk/by-uuid/e1f1186b-2143-4bf7-8b99-8da1434520c6";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
};
};
# Swap Devices
swapDevices = [{device = "/dev/disk/by-uuid/62fc1f62-55ae-432d-8623-74ea6511410c";}];
};
}

42
nyx/hosts/enyo/fs/external.nix Normal file
View file

@ -0,0 +1,42 @@
let
homeDir = "/home/notashelf";
in {
fileSystems = {
# External Devices
"/mnt/SLib1" = {
label = "SteamLib1";
device = "/dev/disk/by-uuid/4345570b-2bd6-4cb8-8ca1-eb05bcf12c05";
fsType = "btrfs";
options = ["nofail" "rw" "compress=zstd"];
};
"/mnt/SLib2" = {
label = "SteamLib2";
device = "/dev/disk/by-uuid/080006fe-b012-4363-b596-c183b012c1de";
fsType = "btrfs";
options = ["nofail" "rw" "compress=zstd"];
};
"/mnt/Storage" = {
label = "Storage";
device = "/dev/disk/by-uuid/eb25f034-e5de-4c6c-89e9-f3dea10159a5";
fsType = "btrfs";
options = ["nofail" "rw" "compress=zstd"];
};
"/mnt/Expansion" = {
label = "Expansion";
device = "/dev/disk/by-uuid/9381fba0-e9b5-4574-9007-a0911cae4a08";
fsType = "btrfs";
options = ["nofail" "rw" "compress=zstd"];
};
"${homeDir}/Media/Music" = {
label = "Music";
device = "/dev/disk/by-uuid/68a2203f-5ecd-4ddb-b66a-76eb8dcf328c";
fsType = "btrfs";
options = ["nofail" "rw" "compress=zstd"];
noCheck = true;
};
};
}

33
nyx/hosts/enyo/kernel/config/amd.nix Normal file
View file

@ -0,0 +1,33 @@
{lib, ...}: let
inherit (lib.kernel) yes no;
inherit (lib.attrsets) mapAttrs;
inherit (lib.modules) mkForce;
in {
boot.kernelPatches = [
{
# recompile with AMD platform specific optimizations
name = "amd-platform-patches";
patch = null; # no patch is needed, just apply the options
extraStructuredConfig = mapAttrs (_: mkForce) {
# enable compiler optimizations for AMD
MNATIVE_AMD = yes;
X86_USE_PPRO_CHECKSUM = yes;
X86_AMD_PSTATE = yes;
X86_EXTENDED_PLATFORM = no; # disable support for other x86 platforms
X86_MCE_INTEL = no; # disable support for intel mce
# multigen LRU
LRU_GEN = yes;
LRU_GEN_ENABLED = yes;
# collect CPU frequency statistics
CPU_FREQ_STAT = yes;
# Optimized for performance
# this is already set on the Xanmod kernel
# CC_OPTIMIZE_FOR_PERFORMANCE_O3 = yes;
};
}
];
}

31
nyx/hosts/enyo/kernel/config/base.nix Normal file
View file

@ -0,0 +1,31 @@
{lib, ...}: let
inherit (lib.kernel) yes no module;
inherit (lib.attrsets) mapAttrs;
inherit (lib.modules) mkForce;
in {
boot.kernelPatches = [
{
# <https://www.phoronix.com/news/Google-BBRv3-Linux>
# <https://github.com/google/bbr/blob/v3/README.md>
name = "bbr-and-cake";
patch = null;
extraStructuredConfig = mapAttrs (_: mkForce) {
TCP_CONG_CUBIC = module;
NET_SCH_CAKE = module;
# xanmod defaults
TCP_CONG_BBR = yes;
DEFAULT_BBR = yes;
};
}
{
name = "zstd-module-compression";
patch = null;
extraStructuredConfig = mapAttrs (_: mkForce) {
KERNEL_ZSTD = yes;
MODULE_COMPRESS_ZSTD = yes;
MODULE_COMPRESS_XZ = no;
};
}
];
}

8
nyx/hosts/enyo/kernel/config/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
imports = [
./amd.nix
./base.nix
./security.nix
./unused.nix
];
}

26
nyx/hosts/enyo/kernel/config/security.nix Normal file
View file

@ -0,0 +1,26 @@
{lib, ...}: let
inherit (lib.kernel) yes;
inherit (lib.attrsets) mapAttrs;
inherit (lib.modules) mkForce;
in {
boot.kernelPatches = [
{
# enable lockdown LSM
name = "kernel-lockdown-lsm";
patch = null;
extraStructuredConfig = mapAttrs (_: mkForce) {
SECURITY_LOCKDOWN_LSM = yes;
LOCKDOWN_LSM_EARLY = yes;
LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY = yes;
MODULE_SIG = yes;
MODULE_SIG_SHA512 = yes;
MODULE_SIG_FORCE = yes;
# used to avoid a systemd error:
# systemd[1]: bpf-lsm: Failed to load BPF object: Invalid argument
BPF_LSM = yes;
};
}
];
}

239
nyx/hosts/enyo/kernel/config/unused.nix Normal file
View file

@ -0,0 +1,239 @@
{lib, ...}: let
inherit (lib.kernel) no;
inherit (lib.attrsets) mapAttrs;
inherit (lib.modules) mkForce;
in {
boot.kernelPatches = [
{
name = "disable-unused-features";
patch = null;
extraStructuredConfig = mapAttrs (_: mkForce) {
CRYPTO_842 = no;
DEBUG_MISC = no;
DEBUG_PREEMPT = no;
HIBERNATION = no;
KEXEC = no;
KEXEC_FILE = no;
"60XX_WDT" = no;
"6LOWPAN" = no;
"8139CP" = no;
"8139TOO" = no;
"8139TOO_8129" = no;
ALIENWARE_WMI = no;
ALIM1535_WDT = no;
ALIM7101_WDT = no;
ALTERA_MBOX = no;
ALTERA_MSGDMA = no;
ALTERA_TSE = no;
ALX = no;
CONFIG_GENERIC_ADC_BATTERY = no;
CONFIG_IP5XXX_POWER = no;
CONFIG_TEST_POWER = no;
CONFIG_CHARGER_ADP5061 = no;
CONFIG_BATTERY_CW2015 = no;
CONFIG_BATTERY_DS2760 = no;
CONFIG_BATTERY_DS2780 = no;
CONFIG_BATTERY_DS2781 = no;
CONFIG_BATTERY_DS2782 = no;
CONFIG_BATTERY_SAMSUNG_SDI = no;
CONFIG_BATTERY_SBS = no;
CONFIG_CHARGER_SBS = no;
CONFIG_MANAGER_SBS = no;
CONFIG_BATTERY_BQ27XXX = no;
CONFIG_BATTERY_BQ27XXX_I2C = no;
CONFIG_BATTERY_BQ27XXX_HDQ = no;
CONFIG_BATTERY_BQ27XXX_DT_UPDATES_NVM = no;
CONFIG_CHARGER_DA9150 = no;
CONFIG_BATTERY_AXP20X = no;
CONFIG_AXP20X_POWER = no;
CONFIG_AXP288_CHARGER = no;
CONFIG_AXP288_FUEL_GAUGE = no;
CONFIG_BATTERY_MAX17040 = no;
CONFIG_BATTERY_MAX17042 = no;
CONFIG_BATTERY_MAX1721X = no;
CONFIG_CHARGER_PCF50633 = no;
CONFIG_CHARGER_ISP1704 = no;
CONFIG_CHARGER_MAX8903 = no;
CONFIG_CHARGER_LP8727 = no;
CONFIG_CHARGER_GPIO = no;
CONFIG_CHARGER_MANAGER = no;
CONFIG_CHARGER_LT3651 = no;
CONFIG_CHARGER_LTC4162L = no;
CONFIG_CHARGER_MAX14577 = no;
CONFIG_CHARGER_MAX77693 = no;
CONFIG_CHARGER_MAX77976 = no;
CONFIG_CHARGER_MP2629 = no;
CONFIG_CHARGER_MT6360 = no;
CONFIG_CHARGER_MT6370 = no;
CONFIG_CHARGER_BQ2415X = no;
CONFIG_CHARGER_BQ24190 = no;
CONFIG_CHARGER_BQ24257 = no;
CONFIG_CHARGER_BQ24735 = no;
CONFIG_CHARGER_BQ2515X = no;
CONFIG_CHARGER_BQ25890 = no;
CONFIG_CHARGER_BQ25980 = no;
CONFIG_CHARGER_BQ256XX = no;
CONFIG_CHARGER_SMB347 = no;
CONFIG_BATTERY_GAUGE_LTC2941 = no;
CONFIG_BATTERY_GOLDFISH = no;
CONFIG_BATTERY_RT5033 = no;
CONFIG_CHARGER_RT5033 = no;
CONFIG_CHARGER_RT9455 = no;
CONFIG_CHARGER_RT9467 = no;
CONFIG_CHARGER_RT9471 = no;
CONFIG_CHARGER_CROS_USBPD = no;
CONFIG_CHARGER_CROS_PCHG = no;
CONFIG_CHARGER_BD99954 = no;
CONFIG_CHARGER_WILCO = no;
CONFIG_BATTERY_SURFACE = no;
CONFIG_CHARGER_SURFACE = no;
CONFIG_BATTERY_UG3105 = no;
CONFIG_FUEL_GAUGE_MM8013 = no;
CONFIG_GENERIC_IRQ_DEBUGFS = no;
# Remove samba support
CONFIG_CIFS = no;
CONFIG_CIFS_ROOT = no;
# Disable AMDGPU CIK support
CONFIG_DRM_AMDGPU_CIK = no;
# Disable radeon drivers
CONFIG_DRM_RADEON = no;
CONFIG_FB_RADEON = no;
CONFIG_FB_RADEON_I2C = no;
CONFIG_FB_RADEON_BACKLIGHT = no;
# Disable ngreedia drivers
CONFIG_NET_VENDOR_NVIDIA = no;
CONFIG_I2C_NVIDIA_GPU = no;
CONFIG_FB_NVIDIA = no;
CONFIG_FB_NVIDIA_I2C = no;
CONFIG_FB_NVIDIA_BACKLIGHT = no;
CONFIG_HID_NVIDIA_SHIELD = no;
CONFIG_TYPEC_NVIDIA_ALTMODE = no;
CONFIG_NVIDIA_WMI_EC_BACKLIGHT = no;
# Firewire
CONFIG_FIREWIRE = no;
CONFIG_FIREWIRE_OHCI = no;
CONFIG_FIREWIRE_SBP2 = no;
CONFIG_FIREWIRE_NET = no;
CONFIG_FIREWIRE_NOSY = no;
# MS surface HID
CONFIG_SURFACE_AGGREGATOR = no;
DELL_RBTN = no;
DELL_RBU = no;
DELL_SMBIOS = no;
DELL_WMI = no;
DELL_WMI_AIO = no;
DELL_WMI_DESCRIPTOR = no;
DELL_WMI_LED = no;
DELL_WMI_SYSMAN = no;
HID_A4TECH = no;
HID_ACRUX = no;
HID_ALPS = no;
HID_APPLEIR = no;
HID_ASUS = no;
HID_AUREAL = no;
HID_BETOP_FF = no;
HID_BIGBEN_FF = no;
HID_CMEDIA = no;
HID_COUGAR = no;
HID_CREATIVE_SB0540 = no;
HID_CYPRESS = no;
HID_DRAGONRISE = no;
HID_ELAN = no;
HID_ELECOM = no;
HID_ELO = no;
HID_EMS_FF = no;
HID_EZKEY = no;
HID_GEMBIRD = no;
HID_GFRM = no;
HID_GOOGLE_HAMMER = no;
HID_GREENASIA = no;
HID_GT683R = no;
HID_GYRATION = no;
HID_HOLTEK = no;
HID_HYPERV_MOUSE = no;
HID_ICADE = no;
HID_ITE = no;
HID_KEYTOUCH = no;
HID_KYE = no;
HID_LCPOWER = no;
HID_LED = no;
HID_MALTRON = no;
HID_MCP2221 = no;
HID_MONTEREY = no;
HID_MULTITOUCH = no;
HID_NTI = no;
HID_NTRIG = no;
HID_PANTHERLORD = no;
HID_PENMOUNT = no;
HID_PETALYNX = no;
HID_PICOLCD = no;
HID_PLAYSTATION = no;
HID_PRIMAX = no;
HID_REDRAGON = no;
HID_RETRODE = no;
HID_RMI = no;
HID_RMI4 = no;
HID_SAITEK = no;
HID_SAMSUNG = no;
HID_SEMITEK = no;
HID_SMARTJOYPLUS = no;
HID_SONY = no;
HID_SPEEDLINK = no;
HID_SUNPLUS = no;
HID_THINGM = no;
HID_THRUSTMASTER = no;
HID_TIVO = no;
HID_TOPSEED = no;
HID_TWINHAN = no;
HID_U2FZERO = no;
HID_UCLOGIC = no;
HID_UDRAW_PS3 = no;
HID_VIEWSONIC = no;
HID_VIVALDI = no;
HID_WALTOP = no;
HID_WIIMOTE = no;
HID_XINMO = no;
HID_ZEROPLUS = no;
HID_ZYDACRON = no;
# Disable unused SOC modules
SND_SOC_CHV3_I2S = no;
SND_SOC_ADI = no;
SND_SOC_APPLE_MCA = no;
SND_ATMEL_SOC = no;
SND_DESIGNWARE_I2S = no;
SND_SOC_FSL_ASRC = no;
SND_SOC_FSL_SAI = no;
SND_SOC_FSL_MQS = no;
SND_SOC_FSL_AUDMIX = no;
SND_SOC_FSL_SSI = no;
SND_SOC_FSL_SPDIF = no;
SND_SOC_FSL_ESAI = no;
SND_SOC_FSL_MICFIL = no;
SND_SOC_FSL_EASRC = no;
SND_SOC_FSL_XCVR = no;
SND_SOC_FSL_UTILS = no;
SND_SOC_FSL_RPMSG = no;
SND_I2S_HI6210_I2S = no;
SND_SOC_IMG = no;
SND_SOC_STI = no;
SND_SOC_XILINX_I2S = no;
SND_SOC_XILINX_AUDIO_FORMATTER = no;
SND_SOC_XILINX_SPDIF = no;
SND_XEN_FRONTEND = no;
};
}
];
}

13
nyx/hosts/enyo/kernel/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
pkgs,
...
}: let
inherit (config.networking) hostname;
inherit (pkgs.callPackage ./package.nix {inherit hostname;}) xanmod_custom;
in {
imports = [./config];
config = {
modules.system.boot.kernel = pkgs.linuxPackagesFor xanmod_custom;
};
}

48
nyx/hosts/enyo/kernel/package.nix Normal file
View file

@ -0,0 +1,48 @@
{
lib,
fetchFromGitHub,
linuxKernel,
hostname ? "",
...
}: let
inherit (lib.kernel) yes no freeform;
inherit (lib.attrsets) mapAttrs;
inherit (lib.modules) mkForce;
version = "6.8.4";
suffix = "xanmod1";
modDirVersion = "${version}-${suffix}";
xanmod_custom = linuxKernel.kernels.linux_xanmod_latest.override {
inherit version suffix modDirVersion;
# https://github.com/xanmod/linux
src = fetchFromGitHub {
owner = "xanmod";
repo = "linux";
rev = "refs/tags/${version}-xanmod1";
hash = "sha256-NQeUz50aBRvbHqhoOGv5CFQKKlKeCUEkCA8uf9W0f0k=";
};
extraMakeFlags = ["KCFLAGS=-DAMD_PRIVATE_COLOR"];
ignoreConfigErrors = true;
# after booting to the new kernel
# use zcat /proc/config.gz | grep -i "<value>"
# to check if the kernel options are set correctly
extraStructuredConfig = mapAttrs (_: mkForce) {
EXPERT = yes;
DEBUG_KERNEL = no;
WERROR = no;
GCC_PLUGINS = yes;
BUG_ON_DATA_CORRUPTION = yes;
CONFIG_LOCALVERSION = freeform "-${suffix}";
CONFIG_LOCALVERSION_AUTO = yes;
CONFIG_DEFAULT_HOSTNAME = freeform "${hostname}";
};
};
in {
inherit xanmod_custom;
}

9
nyx/hosts/enyo/modules/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./device.nix
./profiles.nix
./system.nix
./usrEnv.nix
./style.nix
];
}

11
nyx/hosts/enyo/modules/device.nix Normal file
View file

@ -0,0 +1,11 @@
{
config.modules.device = {
type = "desktop";
cpu.type = "amd";
gpu.type = "amd";
monitors = ["DP-1" "HDMI-A-1"];
hasBluetooth = true;
hasSound = true;
hasTPM = true;
};
}

6
nyx/hosts/enyo/modules/profiles.nix Normal file
View file

@ -0,0 +1,6 @@
{
config.modules.profiles = {
workstation.enable = true;
gaming.enable = true;
};
}

49
nyx/hosts/enyo/modules/style.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
...
}: {
config.modules.style = {
forceGtk = true;
useKvantum = true;
gtk = {
usePortal = true;
theme = {
name = "Catppuccin-Mocha-Standard-Blue-Dark";
package = pkgs.catppuccin-gtk.override {
size = "standard";
accents = ["blue"];
variant = "mocha";
tweaks = ["normal"];
};
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.catppuccin-papirus-folders.override {
accent = "blue";
flavor = "mocha";
};
};
font = {
name = "Lexend";
size = 14;
};
};
qt = {
theme = {
name = "Catppuccin-Mocha-Dark";
package = pkgs.catppuccin-kde.override {
flavour = ["mocha"];
accents = ["blue"];
winDecStyles = ["modern"];
};
};
kdeglobals.source = "${config.modules.style.qt.theme.package}" + "/share/color-schemes/CatppuccinMochaBlue.colors";
};
};
}

74
nyx/hosts/enyo/modules/system.nix Normal file
View file

@ -0,0 +1,74 @@
{pkgs, ...}: {
config.modules.system = {
mainUser = "notashelf";
fs = ["btrfs" "vfat" "ntfs" "exfat"];
autoLogin = true;
boot = {
loader = "systemd-boot";
secureBoot = false;
enableKernelTweaks = true;
initrd.enableTweaks = true;
loadRecommendedModules = true;
tmpOnTmpfs = false;
plymouth = {
enable = true;
withThemes = false;
};
};
containers = {
enabledContainers = ["alpha"];
};
yubikeySupport.enable = true;
video.enable = true;
sound.enable = true;
bluetooth.enable = false;
printing.enable = false;
emulation.enable = true;
virtualization = {
enable = true;
qemu.enable = true;
docker.enable = true;
};
networking = {
optimizeTcp = true;
nftables.enable = true;
tailscale = {
enable = true;
isClient = true;
isServer = false;
};
};
security = {
tor.enable = true;
fixWebcam = false;
lockModules = true;
auditd.enable = true;
};
programs = {
cli.enable = true;
gui.enable = true;
spotify.enable = true;
git.signingKey = "0x02D1DD3FA08B6B29";
gaming = {
enable = true;
};
default = {
terminal = "foot";
};
libreoffice.enable = true;
};
};
}

18
nyx/hosts/enyo/modules/usrEnv.nix Normal file
View file

@ -0,0 +1,18 @@
{
config.modules.usrEnv = {
desktop = "Hyprland";
desktops."i3".enable = true;
useHomeManager = true;
programs = {
media.mpv.enable = true;
launchers = {
anyrun.enable = true;
tofi.enable = true;
};
screenlock.swaylock.enable = true;
};
};
}

91
nyx/hosts/enyo/networking.nix Normal file
View file

@ -0,0 +1,91 @@
{
# we don't want the kernel setting up interfaces magically for us
boot.extraModprobeConfig = "options bonding max_bonds=0";
networking = {
useDHCP = false;
useNetworkd = false;
};
systemd.network = {
enable = true;
wait-online = {
enable = false;
anyInterface = true;
extraArgs = ["--ipv4"];
};
networks = {
# leave the kernel dummy devies unmanagaed
"10-dummy" = {
matchConfig.Name = "dummy*";
networkConfig = {};
# linkConfig.ActivationPolicy = "always-down";
linkConfig.Unmanaged = "yes";
};
# let me configure tailscale manually
"20-tailscale-ignore" = {
matchConfig.Name = "tailscale*";
linkConfig = {
Unmanaged = "yes";
RequiredForOnline = false;
};
};
# wired interfaces e.g. ethernet
"30-network-defaults-wired" = {
# matchConfig.Name = "en* | eth* | usb*";
matchConfig.Type = "ether";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPForward = "yes";
IPMasquerade = "no";
};
dhcpV4Config = {
ClientIdentifier = "duid"; # "mac"
Use6RD = "yes";
RouteMetric = 512;
UseDNS = false;
DUIDType = "link-layer";
};
dhcpV6Config = {
RouteMetric = 512;
PrefixDelegationHint = "::64";
UseDNS = false;
DUIDType = "link-layer";
};
};
# wireless interfaces e.g. network cards
"30-network-defaults-wireless" = {
# matchConfig.Name = "wl*";
matchConfig.Type = "wlan";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IPForward = "yes";
IPMasquerade = "no";
};
dhcpV4Config = {
ClientIdentifier = "mac";
RouteMetric = 1500;
UseDNS = true;
DUIDType = "link-layer";
Use6RD = "yes";
};
dhcpV6Config = {
RouteMetric = 1500;
UseDNS = true;
DUIDType = "link-layer";
PrefixDelegationHint = "::64";
};
};
};
};
}

6
nyx/hosts/enyo/system.nix Normal file
View file

@ -0,0 +1,6 @@
{self, ...}: {
system = {
stateVersion = "23.05";
configurationRevision = self.rev or "dirty";
};
}

29
nyx/hosts/enyo/wireguard.nix Normal file
View file

@ -0,0 +1,29 @@
{config, ...}: {
networking.firewall = {
allowedUDPPorts = [51820];
};
boot.kernelModules = ["wireguard"];
# Wireguard Client Peer Setup
networking.wireguard = {
enable = true;
interfaces = {
wg0 = {
# General Settings
privateKeyFile = config.age.secrets.wg-client.path;
allowedIPsAsRoutes = true;
listenPort = 51820;
ips = ["10.255.255.11/32" "2a01:4f9:c010:2cf9:f::11/128"];
peers = [
{
allowedIPs = ["10.255.255.0/24" "2a01:4f9:c010:2cf9:f::/80"];
endpoint = "128.140.91.216:51820";
publicKey = "v3ol3QsgLPudVEtbETByQ0ABAOrJE2WcFfQ/PQAD8FM=";
persistentKeepalive = 30;
}
];
};
};
};
}