updates
This commit is contained in:
parent
a1cec54ec8
commit
ccbbb7f26e
18 changed files with 441 additions and 248 deletions
|
|
@ -9,3 +9,4 @@
|
|||
|
||||
system.stateVersion = lib.mkDefault "24.05";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,42 +1,82 @@
|
|||
{ config, lib, inputs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
hostAddress = "10.42.99.1";
|
||||
hostAddress6 = "fc00::1";
|
||||
in {
|
||||
in
|
||||
{
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-+" ];
|
||||
externalInterface = "ens18";
|
||||
# Lazy IPv6 connectivity for the container
|
||||
enableIPv6 = true;
|
||||
|
||||
forwardPorts = [
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
8384
|
||||
22000
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
22000
|
||||
21027
|
||||
];
|
||||
|
||||
# Containers network is
|
||||
# * 10.42.99.0/24
|
||||
# * fc00:x
|
||||
|
||||
users.groups.backup = {
|
||||
gid = 10000;
|
||||
members = [ "vivian" ];
|
||||
};
|
||||
|
||||
containers = {
|
||||
dns = {
|
||||
syncthing = {
|
||||
autoStart = true;
|
||||
inherit hostAddress hostAddress6;
|
||||
localAddress = "10.42.99.2";
|
||||
localAddress6 = "fc00::2";
|
||||
|
||||
specialArgs = { inherit inputs; };
|
||||
forwardPorts = [
|
||||
{
|
||||
containerPort = 8384;
|
||||
hostPort = 8384;
|
||||
protocol = "tcp";
|
||||
}
|
||||
];
|
||||
|
||||
config = {pkgs, ...}: {
|
||||
imports = [
|
||||
./common.nix
|
||||
# ./dns.nix
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.gnome-autounlock-keyring.nixosModules.default
|
||||
inputs.catppuccin.nixosModules.catppuccin
|
||||
];
|
||||
bindMounts = {
|
||||
"/data" = {
|
||||
hostPath = "/mnt/backup";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs;
|
||||
};
|
||||
|
||||
config =
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
users.groups.backup = {
|
||||
gid = 10000;
|
||||
members = [ "syncthing" ];
|
||||
};
|
||||
|
||||
imports = [
|
||||
./common.nix
|
||||
./syncthing.nix
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.gnome-autounlock-keyring.nixosModules.default
|
||||
inputs.catppuccin.nixosModules.catppuccin
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
8
hosts/olympus/bastion/containers/syncthing.nix
Normal file
8
hosts/olympus/bastion/containers/syncthing.nix
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
openDefaultPorts = true;
|
||||
guiAddress = "0.0.0.0:8384";
|
||||
};
|
||||
}
|
||||
|
|
@ -19,6 +19,13 @@
|
|||
mac = "82:F0:7C:CB:BD:6D";
|
||||
};
|
||||
|
||||
services.scrutiny = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
influxdb.enable = true;
|
||||
collector.enable = false;
|
||||
};
|
||||
|
||||
# Use the GRUB 2 boot loader.
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
|
|
|||
|
|
@ -23,11 +23,10 @@
|
|||
|
||||
users.users.vivian.extraGroups = [ "adbusers" ];
|
||||
|
||||
security.pki.certificateFiles = [ ./domain.crt ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# (ollama.override {acceleration = "rocm"; })
|
||||
|
||||
];
|
||||
|
||||
services.flatpak.enable = true;
|
||||
|
||||
# Bootloader.
|
||||
|
|
@ -35,7 +34,7 @@
|
|||
bootspec.enable = true;
|
||||
initrd.kernelModules = [ "amdgpu" ];
|
||||
resumeDevice = "/dev/nvme0n1p2";
|
||||
loader.systemd-boot.enable = lib.mkForce false;
|
||||
loader.systemd-boot.enable = lib.mkForce false; # Using lanzaboote instead
|
||||
|
||||
kernel.sysctl = {
|
||||
"perf_event_paranoid" = 1;
|
||||
|
|
@ -59,11 +58,14 @@
|
|||
];
|
||||
|
||||
programs.hyprland.enable = true;
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
# services.gnome-autounlock-keyring = {
|
||||
# enable = true;
|
||||
# target = "hyprland-session.target";
|
||||
# };
|
||||
|
||||
services.ollama = {
|
||||
enable = true;
|
||||
acceleration = "rocm";
|
||||
rocmOverrideGfx = "10.3.4";
|
||||
};
|
||||
|
||||
services.interception-tools = {
|
||||
enable = true;
|
||||
|
|
|
|||
|
|
@ -1,21 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDZTCCAk2gAwIBAgIUcCV6T0NduGa58qOcAhe9n8oOcEIwDQYJKoZIhvcNAQEL
|
||||
BQAwWzELMAkGA1UEBhMCTkwxFTATBgNVBAgMDFp1aWQtSG9sbGFuZDEOMAwGA1UE
|
||||
BwwFRGVsZnQxETAPBgNVBAoMCFRVIERlbGZ0MRIwEAYDVQQDDAlsb2NhbGhvc3Qw
|
||||
HhcNMjQwNDA1MDgyMDQxWhcNMjUwNDA1MDgyMDQxWjBbMQswCQYDVQQGEwJOTDEV
|
||||
MBMGA1UECAwMWnVpZC1Ib2xsYW5kMQ4wDAYDVQQHDAVEZWxmdDERMA8GA1UECgwI
|
||||
VFUgRGVsZnQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
|
||||
ggEPADCCAQoCggEBAIcX6xGqorbXkIqtH0ek2L9YAc0ruKF7aTpY9q7n6EpD4OC1
|
||||
Q575fvnEqBsvKC74xh1AO58x7HLxAIWmy76UqUxJIQ7vtfCKxFDjBDhgitmnxWK1
|
||||
3QCrHwFS3MThqOq0zhK7AqnpzzdHsj9zfPWbrhP86m4uugIAund2YiSUPX7ZrSSO
|
||||
pY60bZiA2c3hJbqxg+NvNN1vZHEsPGaZHXMMrycw0bLOBoKPvbenl3ig23vsyRSO
|
||||
MwiJgLK/ztMI6r2KMJVZofjbu1Mz+WPzotKaCrSArSRF36BOzafyxqgO0h3Vqp4W
|
||||
Z6UpS1bFTpbJckz8LqNvlP/Z4mV5+1QyrwwN/iMCAwEAAaMhMB8wHQYDVR0OBBYE
|
||||
FOSRI3SKLWlk2RamJJwyyFlP9UnhMA0GCSqGSIb3DQEBCwUAA4IBAQARLh5z4Ius
|
||||
0kiejnMtzV5xAckbqbcultdEdGfjZciv3BM9C7DpEF5Nj8CbaK6TXrKh98bxQ6w+
|
||||
lPL/6LECkPhvHWRhTOsrhDV5h6eSPyV/TX4Jj127WnzA1LcjoEngUY97y6p/eBkE
|
||||
hZWepPPAhuEmu/ws1UmF8vrT4sc+nMKXrOTsqkdUKHh2JZuFby3+SHDkYX66ZxXK
|
||||
bQ3dEi6GyOkZIOuaNK+mS76yVanRU4k0A3dhIpW4pV6W12AAWioGaZv34uKVTp9E
|
||||
XgNhqDC39lU4rLp260NvuRywAKxvR7hKyWfmwak5lr0dZ9t4eufPI4jU5SD+aotq
|
||||
FVTMFwAKZO5v
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -39,6 +39,7 @@
|
|||
|
||||
# Video Driver
|
||||
xserver = {
|
||||
videoDrivers = [ "displaylink" ];
|
||||
dpi = 280;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -20,7 +20,6 @@
|
|||
jetbrains.idea-ultimate
|
||||
eduvpn-client
|
||||
localsend
|
||||
obsidian
|
||||
typst
|
||||
prismlauncher
|
||||
libraw
|
||||
|
|
@ -33,6 +32,9 @@
|
|||
"student-linux.tudelft.nl" = {
|
||||
user = "vroest";
|
||||
};
|
||||
"login.delftblue.tudelft.nl" = {
|
||||
user = "vroest";
|
||||
};
|
||||
"cese01" = {
|
||||
hostname = "cese01.ewi.tudelft.nl";
|
||||
user = "vroest";
|
||||
|
|
|
|||
|
|
@ -32,4 +32,38 @@
|
|||
|
||||
];
|
||||
};
|
||||
|
||||
# Vivado udev
|
||||
services.udev.packages = [
|
||||
(pkgs.writeTextFile {
|
||||
name = "xilinx-dilligent-usb-udev";
|
||||
destination = "/etc/udev/rules.d/52-xilinx-digilent-usb.rules";
|
||||
text = ''
|
||||
ATTR{idVendor}=="1443", MODE:="666"
|
||||
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
|
||||
'';
|
||||
})
|
||||
(pkgs.writeTextFile {
|
||||
name = "xilinx-pcusb-udev";
|
||||
destination = "/etc/udev/rules.d/52-xilinx-pcusb.rules";
|
||||
text = ''
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="0008", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="0007", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="0009", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="000d", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="000f", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="0013", MODE="666"
|
||||
ATTR{idVendor}=="03fd", ATTR{idProduct}=="0015", MODE="666"
|
||||
'';
|
||||
})
|
||||
(pkgs.writeTextFile {
|
||||
name = "xilinx-ftdi-usb-udev";
|
||||
destination = "/etc/udev/rules.d/52-xilinx-ftdi-usb.rules";
|
||||
text = ''
|
||||
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
|
||||
'';
|
||||
})
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue