nixos-config/decoysnail.nix

{ config, pkgs, ... }:

{
  imports =
    [
      ./common.nix
      ./large-sw.nix
      ./uefi.nix
      ./fstrim.nix
      ./atmega.nix
    ];

  environment.etc."lvm/lvm.conf".text = ''
    devices {
      issue_discards = 1
    }
  '';
  boot.initrd.luks.devices = {
    sda_crypt = {
      device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";
      preLVM = true;
      allowDiscards = true;
    };
  };

  networking = {
    hostName = "decoysnail";
    hostId = "cf04f682";
  };

  services.openssh.enable = true;

  hardware.cpu.intel.updateMicrocode = true;

  services.thermald.enable = true;

  virtualisation.docker = {
   enable = true;
   storageDriver = "overlay2";
  };
  users.extraUsers.gebner.extraGroups = [ "docker" ];

  hardware.opengl = {
    extraPackages = with pkgs; [ beignet ];
    driSupport32Bit = true;
  };

  #services.avahi.nssmdns = true;
  #services.nscd.enable = pkgs.lib.mkOverride 10 true;

  services.openssh.forwardX11 = true;

  system.stateVersion = "19.09";

  networking.wireguard.interfaces.wg0 = {
    ips = ["10.59.0.4/16"];
    privateKeyFile = "/etc/wgkeys/decoysnail";
    allowedIPsAsRoutes = true;
    postSetup = ''
      ${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
      ${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1
    '';
    peers = [{
      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
      # endpoint = "mtlaa-gw.gebner.org:35869";
      # endpoint = "84.112.114.160:35869";
      endpoint = "127.0.0.1:35869";
      persistentKeepalive = 25;
    }];
  };

  systemd.services.wstunnel = {
    path = [ pkgs.wstunnel ];
    wantedBy = [ "wireguard-wg0.service" ];
    after = [ "network.target" ];
    script = ''
      wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org
    '';
  };

  services.resolved = {
    domains = [];
    enable = true;
  };

  services.xserver = {
    videoDrivers = [ "intel" ];
  };

  fonts.fontconfig = {
    subpixel.rgba = "none";
  };
}
decoysnail 2017-08-24 14:18:58 +02:00			`{ config, pkgs, ... }:`

			`{`
			`imports =`
			`[`
			`./common.nix`
			`./large-sw.nix`
			`./uefi.nix`
decoysnail: enable fstrim 2018-11-05 18:06:19 +01:00			`./fstrim.nix`
decoysnail: add udev rules for keyboard 2019-02-27 11:16:49 +01:00			`./atmega.nix`
decoysnail 2017-08-24 14:18:58 +02:00			`];`

decoysnail: allow discards 2018-11-05 18:13:27 +01:00			`environment.etc."lvm/lvm.conf".text = ''`
			`devices {`
			`issue_discards = 1`
			`}`
			`'';`
decoysnail: use new luks.devices syntax 2020-06-15 09:23:25 +02:00			`boot.initrd.luks.devices = {`
			`sda_crypt = {`
New decoysnail. 2019-10-15 13:56:13 +02:00			`device = "/dev/disk/by-partuuid/00292928-0088-4887-9e5d-2f2eccb4816f";`
decoysnail: add ssd 2018-10-09 10:40:33 +02:00			`preLVM = true;`
decoysnail: allow discards 2018-11-05 18:13:27 +01:00			`allowDiscards = true;`
decoysnail: use new luks.devices syntax 2020-06-15 09:23:25 +02:00			`};`
			`};`
decoysnail 2017-08-24 14:18:58 +02:00
			`networking = {`
			`hostName = "decoysnail";`
			`hostId = "cf04f682";`
			`};`

			`services.openssh.enable = true;`

			`hardware.cpu.intel.updateMicrocode = true;`

			`services.thermald.enable = true;`

decoysnail: reenable docker 2020-06-15 09:21:53 +02:00			`virtualisation.docker = {`
			`enable = true;`
			`storageDriver = "overlay2";`
			`};`
			`users.extraUsers.gebner.extraGroups = [ "docker" ];`
decoysnail 2017-08-24 14:18:58 +02:00
decoysnail: add beignet 2018-12-18 11:07:01 +01:00			`hardware.opengl = {`
			`extraPackages = with pkgs; [ beignet ];`
			`driSupport32Bit = true;`
			`};`
decoysnail 2017-08-24 14:18:58 +02:00
New decoysnail. 2019-10-15 13:56:13 +02:00			`#services.avahi.nssmdns = true;`
			`#services.nscd.enable = pkgs.lib.mkOverride 10 true;`
decoysnail: enable avahi 2019-01-02 13:57:47 +01:00
decoysnail: enable ssh x11 forwarding 2018-02-19 10:31:12 +01:00			`services.openssh.forwardX11 = true;`

New decoysnail. 2019-10-15 13:56:13 +02:00			`system.stateVersion = "19.09";`
decoysnail: add wireguard tunnel 2018-10-08 11:50:19 +02:00
			`networking.wireguard.interfaces.wg0 = {`
			`ips = ["10.59.0.4/16"];`
			`privateKeyFile = "/etc/wgkeys/decoysnail";`
			`allowedIPsAsRoutes = true;`
			`postSetup = ''`
Move computers around europe. 2019-10-14 11:03:14 +02:00			`${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'`
decoysnail: use superior systemd-resolved 2019-02-19 13:12:08 +01:00			`${pkgs.systemd}/bin/resolvectl dns wg0 10.57.0.1`
decoysnail: add wireguard tunnel 2018-10-08 11:50:19 +02:00			`'';`
			`peers = [{`
			`publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";`
			`allowedIPs = ["10.56.0.0/14" "10.60.1.1"];`
decoysnail: use intel driver 2019-03-08 12:37:04 +01:00			`# endpoint = "mtlaa-gw.gebner.org:35869";`
decoysnail: use wstunnel 2019-10-16 10:37:16 +02:00			`# endpoint = "84.112.114.160:35869";`
			`endpoint = "127.0.0.1:35869";`
decoysnail: add keepalive for wireguard 2018-11-15 10:06:48 +01:00			`persistentKeepalive = 25;`
decoysnail: add wireguard tunnel 2018-10-08 11:50:19 +02:00			`}];`
			`};`
decoysnail: add stateVersion 2018-06-11 13:20:18 +02:00
decoysnail: use wstunnel 2019-10-16 10:37:16 +02:00			`systemd.services.wstunnel = {`
			`path = [ pkgs.wstunnel ];`
			`wantedBy = [ "wireguard-wg0.service" ];`
			`after = [ "network.target" ];`
			`script = ''`
			`wstunnel -L 35869:htdf-gw.gebner.org:35869 -u wss://gebner.org`
			`'';`
			`};`

decoysnail: use superior systemd-resolved 2019-02-19 13:12:08 +01:00			`services.resolved = {`
			`domains = [];`
			`enable = true;`
			`};`

decoysnail: use intel driver 2019-03-08 12:37:04 +01:00			`services.xserver = {`
			`videoDrivers = [ "intel" ];`
			`};`

decoysnail: disable subpixel hinting 2019-12-20 10:00:28 +01:00			`fonts.fontconfig = {`
			`subpixel.rgba = "none";`
			`};`
decoysnail 2017-08-24 14:18:58 +02:00			`}`