Update

averyanalex · Jul 5, 2024 · e524035 · e524035
1 parent 6e5b082
commit e524035
Show file tree

Hide file tree

Showing 29 changed files with 470 additions and 632 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -227,38 +227,38 @@
             modules = [
               "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64-new-kernel-no-zfs-installer.nix"
               ({
-                pkgs,
-                lib,
-                ...
-              }: let
+                  pkgs,
+                  lib,
+                  ...
+                }:
                 # pkgsCross = import nixpkgs {
                 #   system = "x86_64-linux";
                 #   # hostPlatform.system = "aarch64-linux";
                 #   # buildPlatform.system = "x86_64-linux";
                 #   crossSystem = "x86_64-linux";
                 # };
-              in {
-                config = {
-                  # nixpkgs.hostPlatform.system = "aarch64-linux";
-                  # nixpkgs.buildPlatform.system = "x86_64-linux";
-                  sdImage.compressImage = false;
-                  system.stateVersion = "23.05";
-                  boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor (pkgs.linux_6_1.override {
-                    argsOverride = {
-                      src = pkgs.fetchFromGitHub {
-                        owner = "orangepi-xunlong";
-                        repo = "linux-orangepi";
-                        rev = "3495b5ee0594566c9fed930b96b1cae90600412e";
-                        hash = "sha256-MKlhbqORiwzFe84VEbcHbz4ZfRwNYxK5bZD5AKyopGw=";
+                {
+                  config = {
+                    # nixpkgs.hostPlatform.system = "aarch64-linux";
+                    # nixpkgs.buildPlatform.system = "x86_64-linux";
+                    sdImage.compressImage = false;
+                    system.stateVersion = "23.05";
+                    boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor (pkgs.linux_6_1.override {
+                      argsOverride = {
+                        src = pkgs.fetchFromGitHub {
+                          owner = "orangepi-xunlong";
+                          repo = "linux-orangepi";
+                          rev = "3495b5ee0594566c9fed930b96b1cae90600412e";
+                          hash = "sha256-MKlhbqORiwzFe84VEbcHbz4ZfRwNYxK5bZD5AKyopGw=";
+                        };
+                        kernelPatches = [];
+                        version = "6.1.31";
+                        modDirVersion = "6.1.31";
                       };
-                      kernelPatches = [];
-                      version = "6.1.31";
-                      modDirVersion = "6.1.31";
-                    };
-                  }));
-                  # nixpkgs.config.allowBroken = true;
-                };
-              })
+                    }));
+                    # nixpkgs.config.allowBroken = true;
+                  };
+                })
             ];
           };
         };

diff --git a/hardware/gpu/amd.nix b/hardware/gpu/amd.nix
@@ -1,8 +1,6 @@
 {pkgs, ...}: {
-  hardware.opengl = {
+  hardware.graphics = {
     enable = true;
-    driSupport = true;
-
     extraPackages = with pkgs; [
       rocmPackages.clr
       rocmPackages.clr.icd

diff --git a/hardware/gpu/intel.nix b/hardware/gpu/intel.nix
@@ -1,7 +1,6 @@
 {pkgs, ...}: {
-  hardware.opengl = {
+  hardware.graphics = {
     enable = true;
-    driSupport = true;
     # driSupport32Bit = true;
 
     extraPackages = with pkgs; [

diff --git a/machines/alligator/default.nix b/machines/alligator/default.nix
@@ -31,19 +31,15 @@
     "40-wgav" = {
       routes = [
         {
-          routeConfig = {
-            Destination = "::/0";
-            Type = "unreachable";
-            Table = 700;
-          };
+          Destination = "::/0";
+          Type = "unreachable";
+          Table = 700;
         }
       ];
       routingPolicyRules = [
         {
-          routingPolicyRuleConfig = {
-            FirewallMark = 700;
-            Table = 700;
-          };
+          FirewallMark = 700;
+          Table = 700;
         }
         # {
         #   routingPolicyRuleConfig = {
@@ -64,7 +60,7 @@
         {
           publicKey = "h+76esMcmPLakUN/1vDlvGGf2Ovmw/IDKKxFtqXCdm8=";
           allowedIPs = ["0.0.0.0/0"];
-          endpoint = "hawk.averyan.ru:51820";
+          endpoint = "vpn.averyan.ru:51820";
           persistentKeepalive = 25;
         }
       ];

diff --git a/machines/falcon/default.nix b/machines/falcon/default.nix
@@ -4,14 +4,15 @@
   ...
 }: {
   imports = [
-    inputs.self.nixosModules.roles.server
+    inputs.self.nixosModules.roles.minimal
     inputs.self.nixosModules.hardware.aeza
 
     inputs.self.nixosModules.profiles.remote-builder-client
     inputs.self.nixosModules.profiles.server.aplusmuz
 
     ./mounts.nix
     ./tor.nix
+    ./proxy.nix
   ];
 
   system.stateVersion = "23.05";

diff --git a/machines/falcon/proxy.nix b/machines/falcon/proxy.nix
@@ -0,0 +1,8 @@
+{
+  services.microsocks = {
+    enable = true;
+    ip = "10.57.1.20";
+  };
+
+  networking.firewall.interfaces."nebula.averyan".allowedTCPPorts = [1080];
+}
diff --git a/machines/whale/default.nix b/machines/whale/default.nix
@@ -24,7 +24,7 @@ in {
     inputs.self.nixosModules.profiles.server.picsav
     inputs.self.nixosModules.profiles.server.acme
     inputs.self.nixosModules.profiles.server.blog
-    inputs.self.nixosModules.profiles.server.bvilove
+    # inputs.self.nixosModules.profiles.server.bvilove
     # inputs.self.nixosModules.profiles.server.gitea
     inputs.self.nixosModules.profiles.server.hass
     # inputs.self.nixosModules.profiles.server.hydra
@@ -180,19 +180,15 @@ in {
     "40-wgav" = {
       routes = [
         {
-          routeConfig = {
-            Destination = "::/0";
-            Type = "unreachable";
-            Table = 700;
-          };
+          Destination = "::/0";
+          Type = "unreachable";
+          Table = 700;
         }
       ];
       routingPolicyRules = [
         {
-          routingPolicyRuleConfig = {
-            FirewallMark = 700;
-            Table = 700;
-          };
+          FirewallMark = 700;
+          Table = 700;
         }
         # {
         #   routingPolicyRuleConfig = {
@@ -210,10 +206,8 @@ in {
       linkConfig.RequiredForOnline = false;
       routingPolicyRules = [
         {
-          routingPolicyRuleConfig = {
-            IncomingInterface = "wgavbr";
-            Table = 700;
-          };
+          IncomingInterface = "wgavbr";
+          Table = 700;
         }
       ];
     };
@@ -233,7 +227,7 @@ in {
         {
           publicKey = "h+76esMcmPLakUN/1vDlvGGf2Ovmw/IDKKxFtqXCdm8=";
           allowedIPs = ["0.0.0.0/0"];
-          endpoint = "hawk.averyan.ru:51820";
+          endpoint = "vpn.averyan.ru:51820";
           persistentKeepalive = 25;
         }
       ];

diff --git a/machines/whale/dns.nix b/machines/whale/dns.nix
@@ -20,10 +20,11 @@
         ${nullsProxy "clashofclans.com"}
         ${nullsProxy "brawlstars.com"}
         ${nullsProxy "brawlstarsgame.com"}
-        forward . tls://1.1.1.1 tls://1.0.0.1 {
-          tls_servername cloudflare-dns.com
-          health_check 15s
-        }
+        # forward . tls://1.1.1.1 tls://1.0.0.1 {
+        #   tls_servername cloudflare-dns.com
+        #   health_check 15s
+        # }
+        forward . tls://8.8.8.8
       '';
       certDir = config.security.acme.certs."neutrino.su".directory;
     in ''

diff --git a/machines/whale/firesquare.nix b/machines/whale/firesquare.nix
@@ -14,7 +14,7 @@ in {
         {
           publicKey = "h+76esMcmPLakUN/1vDlvGGf2Ovmw/IDKKxFtqXCdm8=";
           allowedIPs = ["0.0.0.0/0"];
-          endpoint = "hawk.averyan.ru:51820";
+          endpoint = "vpn.averyan.ru:51820";
           persistentKeepalive = 25;
         }
       ];

diff --git a/machines/whale/photoprism.nix b/machines/whale/photoprism.nix
@@ -6,8 +6,8 @@
   dockerImage = pkgs.dockerTools.pullImage {
     imageName = "photoprism/photoprism";
     finalImageTag = "latest";
-    imageDigest = "sha256:80b6bedef9dca00f4962c229cb7136df50d28d8ac51a4b7471fbde16b057ff8b";
-    sha256 = "nhMfI5jQjgYjZiadPbPSY4v6UhfbyKNTtoh2XfYNfok=";
+    imageDigest = "sha256:5db91badeec3f1e32a624f9e6c70541fe5d28ddfd5447d5d258046a5768c1c0b";
+    sha256 = "sha256-DgH5RWlYQSfSHHeRnRPFtzfFIW2CExMEk6Vu8tHJfBM=";
   };
 in {
   age.secrets.photoprism.file = ../../secrets/intpass/photoprism.age;

diff --git a/machines/whale/webtlo.nix b/machines/whale/webtlo.nix
@@ -2,8 +2,8 @@
   dockerImage = pkgs.dockerTools.pullImage {
     imageName = "berkut174/webtlo";
     finalImageTag = "latest";
-    imageDigest = "sha256:85b3fb3927072249b81ce0690247d1db0b7e8975ab06e8a2122a554c55c0de87";
-    sha256 = "cVglaqNAsNRNOPrwMRjfLUc0D5Dtf5jw6KrDaEjSUcc=";
+    imageDigest = "sha256:522ceaa41c39ff46825d5fcab9908c8b806d4b7bf5ce70c2f2a61305d8cff440";
+    sha256 = "sha256-UioNfJ1YfQMb12mQ5sRACxcZoNQ0CyxYtVzoM77Ikug=";
   };
 in {
   virtualisation.oci-containers = {

diff --git a/modules/nebula-averyan.nix b/modules/nebula-averyan.nix
@@ -79,12 +79,17 @@ in {
         "10.57.1.10" = [
           "95.165.105.90:4242"
         ];
+        "10.57.1.20" = [
+          # "5.42.84.150:4242"
+          "10.8.7.1:4242"
+        ];
       };
 
       settings = {
         lighthouse = {
           remote_allow_list = {
             "0200::/7" = false;
+            # "10.8.7.1/32" = true;
           };
         };
         punchy = {

diff --git a/profiles/apps/misc-a.nix b/profiles/apps/misc-a.nix
@@ -58,6 +58,7 @@
       kmplot
       helvum
       betaflight-configurator
+      brave
     ];
 
     xdg.mimeApps = {
@@ -67,6 +68,8 @@
         "image/jpeg" = "org.gnome.gThumb.desktop";
       };
     };
+
+    services.kdeconnect.enable = true;
   };
 
   nixpkgs.config.permittedInsecurePackages = [
@@ -93,5 +96,6 @@
 
     ".config/kicad"
     ".local/share/kicad"
+    ".config/BraveSoftware"
   ];
 }