...

author: Gregor Kleen <gkleen@yggdrasil.li> 2024-08-08 10:45:09 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2024-08-08 10:45:09 +0200
commit: 63adb41f1a060c21a68143eb9e86c2790ef66f36 (patch)
tree: 3902b85e7659fd396ded1d2e42ea318153d08a13 /hosts
parent: 73b08cbd76d4471c9a6fddd05265d7d7fc4c45ff (diff)
download: nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.gz
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.bz2
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.xz
nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.zip
8 files changed, 80 insertions, 127 deletions
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 3525015d..5ed4e05e 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -16,6 +16,7 @@ in {
    tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines
    networkmanager
    flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
+    flakeInputs.impermanence.nixosModules.impermanence
  ];
  config = {
@@ -555,7 +556,10 @@ in {
    # sound.enable = true;
    nix = {
-      settings.auto-optimise-store = true;
+      settings = {
+        auto-optimise-store = true;
+        max-jobs = 4;
+      };
      daemonCPUSchedPolicy = "idle";
      daemonIOSchedClass = "idle";
@@ -569,6 +573,11 @@ in {
        speedFactor = 4;
      };
    };
+    systemd.services."nix-daemon" = {
+      serviceConfig = {
+        CPUQuota = "400%";
+      };
+    };
    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
@@ -661,6 +670,26 @@ in {
      in [ gtk-portal ];
    };
+    environment.persistence."/.bcachefs" = {
+      hideMounts = true;
+      directories = [
+        "/nix"
+        "/root"
+        "/var/log"
+        "/var/lib/sops-nix"
+        "/var/lib/nixos"
+        "/var/lib/systemd"
+        "/home"
+        "/var/lib/chrony"
+        "/var/lib/fprint"
+        "/var/lib/bluetooth"
+        "/etc/NetworkManager/system-connections"
+      ];
+      files = [
+        "/etc/localtime"
+      ];
+    };
    system.stateVersion = "24.11";
  };
 }
diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix
index 077d25a6..fc20ef7c 100644
--- a/hosts/sif/hw.nix
+++ b/hosts/sif/hw.nix
@@ -12,59 +12,11 @@
        fsType = "bcachefs";
        neededForBoot = true;
      };
-    "/nix" =
+    "/var/lib/sops-nix".neededForBoot = true;
-      { device = "/.bcachefs/nix";
+    "/var/lib/systemd".neededForBoot = true;
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/root" =
-      { device = "/.bcachefs/root";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/var/log" =
-      { device = "/.bcachefs/var/log";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/var/lib/sops-nix" =
-      { device = "/.bcachefs/var/lib/sops-nix";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-        neededForBoot = true;
-      };
-    "/var/lib/nixos" =
-      { device = "/.bcachefs/var/lib/nixos";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/var/lib/chrony" =
-      { device = "/.bcachefs/var/lib/chrony";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/var/lib/fprint" =
-      { device = "/.bcachefs/var/lib/fprint";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/var/lib/systemd" =
-      { device = "/.bcachefs/var/lib/systemd";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-        neededForBoot = true;
-      };
-    "/home" =
-      { device = "/.bcachefs/home";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
-    "/etc/NetworkManager/system-connections" =
-      { device = "/.bcachefs/etc/NetworkManager/system-connections";
-        fsType = "none";
-        options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
-      };
  };
+  system.etc.overlay.enable = false;
+  systemd.sysusers.enable = false;
  # boot.initrd.supportedFilesystems.bcachefs = true;
  # boot.initrd.systemd.units."dev-sif-nvm0:-dev-sif-nvm1.device".enable = false;
@@ -91,7 +43,6 @@
  #   };
  # };
-  nix.settings.max-jobs = 12;
  # High-DPI console
  console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix
index 20cd5892..fbfde757 100644
--- a/hosts/surtr/bifrost/default.nix
+++ b/hosts/surtr/bifrost/default.nix
@@ -18,10 +18,8 @@ in {
            ListenPort = 51822;
          };
          wireguardPeers = [
-            { wireguardPeerConfig = {
+            { AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];
-                AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];
+              PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
-                PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
-              };
            }
          ];
        };
@@ -34,9 +32,7 @@ in {
          };
          address = ["2a03:4000:52:ada:4::/96"];
          routes = [
-            { routeConfig = {
+            { Destination = "2a03:4000:52:ada:4::/80";
-                Destination = "2a03:4000:52:ada:4::/80";
-              };
            }
          ];
          linkConfig = {
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index e6ca0c64..ceb035cb 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -165,6 +165,7 @@ with lib;
      algorithm = "zstd";
    };
+    systemd.sysusers.enable = false;
    system.stateVersion = "20.09";
  };
 }
diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix
index 74a9fb22..61a9d544 100644
--- a/hosts/surtr/vpn/default.nix
+++ b/hosts/surtr/vpn/default.nix
@@ -63,10 +63,8 @@ in {
                ListenPort = 51820;
              };
              wireguardPeers = imap1 (i: { name, ip ? i }: {
-                wireguardPeerConfig = {
+                AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"];
-                  AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"];
+                PublicKey = trim (readFile (./. + "/${name}.pub"));
-                  PublicKey = trim (readFile (./. + "/${name}.pub"));
-                };
              }) [ { name = "geri"; } { name = "sif"; } ];
            };
          };
@@ -86,19 +84,13 @@ in {
                MulticastDNS = false;
              };
              routes = [
-                { routeConfig = {
+                { Destination = "202.61.240.1";
-                    Destination = "202.61.240.1";
-                  };
                }
-                { routeConfig = {
+                { Destination = "0.0.0.0/0";
-                    Destination = "0.0.0.0/0";
+                  Gateway = "202.61.240.1";
-                    Gateway = "202.61.240.1";
-                  };
                }
-                { routeConfig = {
+                { Destination = "::/0";
-                    Destination = "::/0";
+                  Gateway = "fe80::1";
-                    Gateway = "fe80::1";
-                  };
                }
              ];
              extraConfig = ''
@@ -114,13 +106,9 @@ in {
              };
              address = ["${prefix6}::/96" "${prefix4}.0/32"];
              routes = [
-                { routeConfig = {
+                { Destination = "${prefix6}::/80";
-                    Destination = "${prefix6}::/80";
-                  };
                }
-                { routeConfig = {
+                { Destination = "${prefix4}.0/24";
-                    Destination = "${prefix4}.0/24";
-                  };
                }
              ];
              linkConfig = {
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index ea200f5c..440829bb 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -377,6 +377,7 @@ with lib;
    environment.systemPackages = with pkgs; [iotop vmtouch];
+    systemd.sysusers.enable = false;
    system.stateVersion = "21.05";
  };
 }
diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix
index ec354f81..59550481 100644
--- a/hosts/vidhar/network/bifrost/default.nix
+++ b/hosts/vidhar/network/bifrost/default.nix
@@ -18,12 +18,10 @@ in {
            ListenPort = 51822;
          };
          wireguardPeers = [
-            { wireguardPeerConfig = {
+            { AllowedIPs = [ "::/0" ];
-                AllowedIPs = [ "::/0" ];
+              PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub);
-                PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub);
+              PersistentKeepalive = 5;
-                PersistentKeepalive = 5;
+              Endpoint = "2a03:4000:52:ada:::51822";
-                Endpoint = "2a03:4000:52:ada:::51822";
-              };
            }
          ];
        };
@@ -36,35 +34,25 @@ in {
          };
          address = ["2a03:4000:52:ada:4:1::/96"];
          routes = [
-            { routeConfig = {
+            { Destination = "2a03:4000:52:ada:4::/80";
-                Destination = "2a03:4000:52:ada:4::/80";
-              };
            }
-            { routeConfig = {
+            { Gateway = "2a03:4000:52:ada:4::";
-                Gateway = "2a03:4000:52:ada:4::";
+              GatewayOnLink = true;
-                GatewayOnLink = true;
+              Table = "bifrost";
-                Table = "bifrost";
-              };
            }
-            { routeConfig = {
+            { Destination = "2a03:4000:52:ada:4::/80";
-                Destination = "2a03:4000:52:ada:4::/80";
+              GatewayOnLink = true;
-                GatewayOnLink = true;
+              Table = "bifrost";
-                Table = "bifrost";
-              };
            }
-            { routeConfig = {
+            { Destination = "2a03:4000:52:ada:4:1::/96";
-                Destination = "2a03:4000:52:ada:4:1::/96";
+              GatewayOnLink = true;
-                GatewayOnLink = true;
+              Table = "bifrost";
-                Table = "bifrost";
-              };
            }
          ];
          routingPolicyRules = [
-            { routingPolicyRuleConfig = {
+            { Table = "bifrost";
-                Table = "bifrost";
+              From = "2a03:4000:52:ada:4:1::/96";
-                From = "2a03:4000:52:ada:4:1::/96";
+              Priority = 1;
-                Priority = 1;
-              };
            }
          ];
          linkConfig = {
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index e961c17e..4a792851 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -89,22 +89,21 @@ with lib;
      };
    };
-    services.nfs.server = {
+    services.nfs = {
-      enable = true;
+      server = {
-      createMountPoints = true;
+        enable = true;
+        createMountPoints = true;
-      statdPort = 4000;
-      lockdPort = 4001;
+        statdPort = 4000;
-      mountdPort = 4002;
+        lockdPort = 4001;
+        mountdPort = 4002;
-      extraNfsdConfig = ''
-        vers3=off
+        exports = ''
-      '';
+          /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0)
+          /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
-      exports = ''
+        '';
-        /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0)
+      };
-        /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
+      settings.nfsd.vers3 = false;
-      '';
    };
    fileSystems = {
author	Gregor Kleen <gkleen@yggdrasil.li>	2024-08-08 10:45:09 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2024-08-08 10:45:09 +0200
commit	63adb41f1a060c21a68143eb9e86c2790ef66f36 (patch)
tree	3902b85e7659fd396ded1d2e42ea318153d08a13 /hosts
parent	73b08cbd76d4471c9a6fddd05265d7d7fc4c45ff (diff)
download	nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.gz nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.bz2 nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.tar.xz nixos-63adb41f1a060c21a68143eb9e86c2790ef66f36.zip

diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 3525015d..5ed4e05e 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix
@@ -16,6 +16,7 @@ in {
16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines	16	tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines
17	networkmanager	17	networkmanager
18	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1	18	flakeInputs.nixos-hardware.nixosModules.lenovo-thinkpad-p1
		19	flakeInputs.impermanence.nixosModules.impermanence
19	];	20	];
20		21
21	config = {	22	config = {
@@ -555,7 +556,10 @@ in {
555	# sound.enable = true;	556	# sound.enable = true;
556		557
557	nix = {	558	nix = {
558	settings.auto-optimise-store = true;	559	settings = {
		560	auto-optimise-store = true;
		561	max-jobs = 4;
		562	};
559	daemonCPUSchedPolicy = "idle";	563	daemonCPUSchedPolicy = "idle";
560	daemonIOSchedClass = "idle";	564	daemonIOSchedClass = "idle";
561		565
@@ -569,6 +573,11 @@ in {
569	speedFactor = 4;	573	speedFactor = 4;
570	};	574	};
571	};	575	};
		576	systemd.services."nix-daemon" = {
		577	serviceConfig = {
		578	CPUQuota = "400%";
		579	};
		580	};
572		581
573	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;	582	environment.etc."X11/xorg.conf.d/50-wacom.conf".source = lib.mkForce ./wacom.conf;
574		583
@@ -661,6 +670,26 @@ in {
661	in [ gtk-portal ];	670	in [ gtk-portal ];
662	};	671	};
663		672
		673	environment.persistence."/.bcachefs" = {
		674	hideMounts = true;
		675	directories = [
		676	"/nix"
		677	"/root"
		678	"/var/log"
		679	"/var/lib/sops-nix"
		680	"/var/lib/nixos"
		681	"/var/lib/systemd"
		682	"/home"
		683	"/var/lib/chrony"
		684	"/var/lib/fprint"
		685	"/var/lib/bluetooth"
		686	"/etc/NetworkManager/system-connections"
		687	];
		688	files = [
		689	"/etc/localtime"
		690	];
		691	};
		692
664	system.stateVersion = "24.11";	693	system.stateVersion = "24.11";
665	};	694	};
666	}	695	}


diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix index 077d25a6..fc20ef7c 100644 --- a/hosts/sif/hw.nix +++ b/hosts/sif/hw.nix
@@ -12,59 +12,11 @@
12	fsType = "bcachefs";	12	fsType = "bcachefs";
13	neededForBoot = true;	13	neededForBoot = true;
14	};	14	};
15	"/nix" =	15	"/var/lib/sops-nix".neededForBoot = true;
16	{ device = "/.bcachefs/nix";	16	"/var/lib/systemd".neededForBoot = true;
17	fsType = "none";
18	options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
19	};
20	"/root" =
21	{ device = "/.bcachefs/root";
22	fsType = "none";
23	options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
24	};
25	"/var/log" =
26	{ device = "/.bcachefs/var/log";
27	fsType = "none";
28	options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
29	};
30	"/var/lib/sops-nix" =
31	{ device = "/.bcachefs/var/lib/sops-nix";
32	fsType = "none";
33	options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
34	neededForBoot = true;
35	};
36	"/var/lib/nixos" =
37	{ device = "/.bcachefs/var/lib/nixos";
38	fsType = "none";
39	options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
40	};
41	"/var/lib/chrony" =
42	{ device = "/.bcachefs/var/lib/chrony";
43	fsType = "none";
44	options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
45	};
46	"/var/lib/fprint" =
47	{ device = "/.bcachefs/var/lib/fprint";
48	fsType = "none";
49	options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
50	};
51	"/var/lib/systemd" =
52	{ device = "/.bcachefs/var/lib/systemd";
53	fsType = "none";
54	options = [ "bind" ]; # "x-systemd.after=bcachefs.service" "x-systemd.requires=bcachefs.service" "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
55	neededForBoot = true;
56	};
57	"/home" =
58	{ device = "/.bcachefs/home";
59	fsType = "none";
60	options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
61	};
62	"/etc/NetworkManager/system-connections" =
63	{ device = "/.bcachefs/etc/NetworkManager/system-connections";
64	fsType = "none";
65	options = [ "bind" ]; # "x-systemd.after=\\x2ebcachefs.mount" "x-systemd.requires=\\x2ebcachefs.mount" ];
66	};
67	};	17	};
		18	system.etc.overlay.enable = false;
		19	systemd.sysusers.enable = false;
68		20
69	# boot.initrd.supportedFilesystems.bcachefs = true;	21	# boot.initrd.supportedFilesystems.bcachefs = true;
70	# boot.initrd.systemd.units."dev-sif-nvm0:-dev-sif-nvm1.device".enable = false;	22	# boot.initrd.systemd.units."dev-sif-nvm0:-dev-sif-nvm1.device".enable = false;
@@ -91,7 +43,6 @@
91	# };	43	# };
92	# };	44	# };
93		45
94	nix.settings.max-jobs = 12;
95	# High-DPI console	46	# High-DPI console
96	console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";	47	console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
97		48


diff --git a/hosts/surtr/bifrost/default.nix b/hosts/surtr/bifrost/default.nix index 20cd5892..fbfde757 100644 --- a/hosts/surtr/bifrost/default.nix +++ b/hosts/surtr/bifrost/default.nix
@@ -18,10 +18,8 @@ in {
18	ListenPort = 51822;	18	ListenPort = 51822;
19	};	19	};
20	wireguardPeers = [	20	wireguardPeers = [
21	{ wireguardPeerConfig = {	21	{ AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];
22	AllowedIPs = [ "2a03:4000:52:ada:4:1::/96" ];	22	PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
23	PublicKey = trim (readFile ../../vidhar/network/bifrost/vidhar.pub);
24	};
25	}	23	}
26	];	24	];
27	};	25	};
@@ -34,9 +32,7 @@ in {
34	};	32	};
35	address = ["2a03:4000:52:ada:4::/96"];	33	address = ["2a03:4000:52:ada:4::/96"];
36	routes = [	34	routes = [
37	{ routeConfig = {	35	{ Destination = "2a03:4000:52:ada:4::/80";
38	Destination = "2a03:4000:52:ada:4::/80";
39	};
40	}	36	}
41	];	37	];
42	linkConfig = {	38	linkConfig = {


diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index e6ca0c64..ceb035cb 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix
@@ -165,6 +165,7 @@ with lib;
165	algorithm = "zstd";	165	algorithm = "zstd";
166	};	166	};
167		167
		168	systemd.sysusers.enable = false;
168	system.stateVersion = "20.09";	169	system.stateVersion = "20.09";
169	};	170	};
170	}	171	}


diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index 74a9fb22..61a9d544 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix
@@ -63,10 +63,8 @@ in {
63	ListenPort = 51820;	63	ListenPort = 51820;
64	};	64	};
65	wireguardPeers = imap1 (i: { name, ip ? i }: {	65	wireguardPeers = imap1 (i: { name, ip ? i }: {
66	wireguardPeerConfig = {	66	AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"];
67	AllowedIPs = ["${prefix6}:${toString ip}::/96" "${prefix4}.${toString ip}/32"];	67	PublicKey = trim (readFile (./. + "/${name}.pub"));
68	PublicKey = trim (readFile (./. + "/${name}.pub"));
69	};
70	}) [ { name = "geri"; } { name = "sif"; } ];	68	}) [ { name = "geri"; } { name = "sif"; } ];
71	};	69	};
72	};	70	};
@@ -86,19 +84,13 @@ in {
86	MulticastDNS = false;	84	MulticastDNS = false;
87	};	85	};
88	routes = [	86	routes = [
89	{ routeConfig = {	87	{ Destination = "202.61.240.1";
90	Destination = "202.61.240.1";
91	};
92	}	88	}
93	{ routeConfig = {	89	{ Destination = "0.0.0.0/0";
94	Destination = "0.0.0.0/0";	90	Gateway = "202.61.240.1";
95	Gateway = "202.61.240.1";
96	};
97	}	91	}
98	{ routeConfig = {	92	{ Destination = "::/0";
99	Destination = "::/0";	93	Gateway = "fe80::1";
100	Gateway = "fe80::1";
101	};
102	}	94	}
103	];	95	];
104	extraConfig = ''	96	extraConfig = ''
@@ -114,13 +106,9 @@ in {
114	};	106	};
115	address = ["${prefix6}::/96" "${prefix4}.0/32"];	107	address = ["${prefix6}::/96" "${prefix4}.0/32"];
116	routes = [	108	routes = [
117	{ routeConfig = {	109	{ Destination = "${prefix6}::/80";
118	Destination = "${prefix6}::/80";
119	};
120	}	110	}
121	{ routeConfig = {	111	{ Destination = "${prefix4}.0/24";
122	Destination = "${prefix4}.0/24";
123	};
124	}	112	}
125	];	113	];
126	linkConfig = {	114	linkConfig = {


diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index ea200f5c..440829bb 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -377,6 +377,7 @@ with lib;
377		377
378	environment.systemPackages = with pkgs; [iotop vmtouch];	378	environment.systemPackages = with pkgs; [iotop vmtouch];
379		379
		380	systemd.sysusers.enable = false;
380	system.stateVersion = "21.05";	381	system.stateVersion = "21.05";
381	};	382	};
382	}	383	}


diff --git a/hosts/vidhar/network/bifrost/default.nix b/hosts/vidhar/network/bifrost/default.nix index ec354f81..59550481 100644 --- a/hosts/vidhar/network/bifrost/default.nix +++ b/hosts/vidhar/network/bifrost/default.nix
@@ -18,12 +18,10 @@ in {
18	ListenPort = 51822;	18	ListenPort = 51822;
19	};	19	};
20	wireguardPeers = [	20	wireguardPeers = [
21	{ wireguardPeerConfig = {	21	{ AllowedIPs = [ "::/0" ];
22	AllowedIPs = [ "::/0" ];	22	PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub);
23	PublicKey = trim (readFile ../../../surtr/bifrost/surtr.pub);	23	PersistentKeepalive = 5;
24	PersistentKeepalive = 5;	24	Endpoint = "2a03:4000:52:ada:::51822";
25	Endpoint = "2a03:4000:52:ada:::51822";
26	};
27	}	25	}
28	];	26	];
29	};	27	};
@@ -36,35 +34,25 @@ in {
36	};	34	};
37	address = ["2a03:4000:52:ada:4:1::/96"];	35	address = ["2a03:4000:52:ada:4:1::/96"];
38	routes = [	36	routes = [
39	{ routeConfig = {	37	{ Destination = "2a03:4000:52:ada:4::/80";
40	Destination = "2a03:4000:52:ada:4::/80";
41	};
42	}	38	}
43	{ routeConfig = {	39	{ Gateway = "2a03:4000:52:ada:4::";
44	Gateway = "2a03:4000:52:ada:4::";	40	GatewayOnLink = true;
45	GatewayOnLink = true;	41	Table = "bifrost";
46	Table = "bifrost";
47	};
48	}	42	}
49	{ routeConfig = {	43	{ Destination = "2a03:4000:52:ada:4::/80";
50	Destination = "2a03:4000:52:ada:4::/80";	44	GatewayOnLink = true;
51	GatewayOnLink = true;	45	Table = "bifrost";
52	Table = "bifrost";
53	};
54	}	46	}
55	{ routeConfig = {	47	{ Destination = "2a03:4000:52:ada:4:1::/96";
56	Destination = "2a03:4000:52:ada:4:1::/96";	48	GatewayOnLink = true;
57	GatewayOnLink = true;	49	Table = "bifrost";
58	Table = "bifrost";
59	};
60	}	50	}
61	];	51	];
62	routingPolicyRules = [	52	routingPolicyRules = [
63	{ routingPolicyRuleConfig = {	53	{ Table = "bifrost";
64	Table = "bifrost";	54	From = "2a03:4000:52:ada:4:1::/96";
65	From = "2a03:4000:52:ada:4:1::/96";	55	Priority = 1;
66	Priority = 1;
67	};
68	}	56	}
69	];	57	];
70	linkConfig = {	58	linkConfig = {


diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index e961c17e..4a792851 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -89,22 +89,21 @@ with lib;
89	};	89	};
90	};	90	};
91		91
92	services.nfs.server = {	92	services.nfs = {
93	enable = true;	93	server = {
94	createMountPoints = true;	94	enable = true;
95		95	createMountPoints = true;
96	statdPort = 4000;	96
97	lockdPort = 4001;	97	statdPort = 4000;
98	mountdPort = 4002;	98	lockdPort = 4001;
99		99	mountdPort = 4002;
100	extraNfsdConfig = ''	100
101	vers3=off	101	exports = ''
102	'';	102	/srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0)
103		103	/srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)
104	exports = ''	104	'';
105	/srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0)	105	};
106	/srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash)	106	settings.nfsd.vers3 = false;
107	'';
108	};	107	};
109		108
110	fileSystems = {	109	fileSystems = {