upgrade
This commit is contained in:
parent
21f1a37b57
commit
5014ecf02a
1424
flake.lock
generated
1424
flake.lock
generated
File diff suppressed because it is too large
Load Diff
@ -121,7 +121,7 @@
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.lix-module.nixosModules.default
|
||||
];
|
||||
specialArgs = { inherit self inputs self-nixpkgs; secrets = ./secrets; };
|
||||
specialArgs = { inherit self inputs self-nixpkgs; secretsDir = ./secrets; };
|
||||
};
|
||||
|
||||
patchesPath = map (x: ./patches + "/${x}");
|
||||
@ -172,7 +172,7 @@
|
||||
|
||||
shared-patches = patchesPath [ ];
|
||||
unstable-patches = shared-patches ++ patchesPath [
|
||||
"netbird-24.11.patch"
|
||||
# "netbird-24.11.patch"
|
||||
"onlyoffice.patch"
|
||||
# "zen-kernels.patch"
|
||||
];
|
||||
|
@ -171,21 +171,21 @@
|
||||
home.stateVersion = "24.05";
|
||||
};
|
||||
|
||||
services.netbird.clients.priv = {
|
||||
interface = "wt0";
|
||||
port = 58467;
|
||||
hardened = false;
|
||||
ui.enable = true;
|
||||
autoStart = false;
|
||||
config = {
|
||||
AdminURL.Host = "net.ataraxiadev.com:443";
|
||||
AdminURL.Scheme = "https";
|
||||
ManagementURL.Host = "net.ataraxiadev.com:443";
|
||||
ManagementURL.Scheme = "https";
|
||||
RosenpassEnabled = true;
|
||||
RosenpassPermissive = true;
|
||||
};
|
||||
};
|
||||
# services.netbird.clients.priv = {
|
||||
# interface = "wt0";
|
||||
# port = 58467;
|
||||
# hardened = false;
|
||||
# ui.enable = true;
|
||||
# autoStart = false;
|
||||
# config = {
|
||||
# AdminURL.Host = "net.ataraxiadev.com:443";
|
||||
# AdminURL.Scheme = "https";
|
||||
# ManagementURL.Host = "net.ataraxiadev.com:443";
|
||||
# ManagementURL.Scheme = "https";
|
||||
# RosenpassEnabled = true;
|
||||
# RosenpassPermissive = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
persist.state = {
|
||||
directories = [ "/var/lib/netbird-priv" ];
|
||||
|
@ -11,11 +11,9 @@ in {
|
||||
supportedFilesystems = [ "zfs" ];
|
||||
luks.devices = {
|
||||
"cryptroot" = {
|
||||
preLVM = true;
|
||||
keyFile = "/keyfile0.bin";
|
||||
allowDiscards = true;
|
||||
bypassWorkqueues = true;
|
||||
fallbackToPassword = true;
|
||||
};
|
||||
};
|
||||
secrets = {
|
||||
@ -54,8 +52,19 @@ in {
|
||||
|
||||
fileSystems."/home".neededForBoot = true;
|
||||
fileSystems."/persist".neededForBoot = true;
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
zfs rollback -r rpool/nixos/root@empty
|
||||
zfs rollback -r rpool/user/home@empty
|
||||
'';
|
||||
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot.initrd.systemd.services.rollback = {
|
||||
description = "Rollback zfs to a pristine state on boot";
|
||||
wantedBy = [ "initrd.target" ];
|
||||
after = [ "zfs-import-rpool.service" ];
|
||||
before = [ "sysroot.mount" ];
|
||||
path = [ config.boot.zfs.package ];
|
||||
unitConfig.DefaultDependencies = "no";
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = ''
|
||||
zfs rollback -r rpool/nixos/root@empty && echo " >>> rollback root <<<"
|
||||
zfs rollback -r rpool/user/home@empty && echo " >>> rollback home <<<"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
@ -3,16 +3,14 @@ let
|
||||
bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
|
||||
tailscalePort = config.services.tailscale.port;
|
||||
tailscaleIfname = config.services.tailscale.interfaceName;
|
||||
netbirdPort = config.services.netbird.clients.priv.port;
|
||||
netbirdIfname = config.services.netbird.clients.priv.interface;
|
||||
ssPort1 = 2234;
|
||||
ssPort2 = 2235;
|
||||
in {
|
||||
imports = [ inputs.ataraxiasjel-nur.nixosModules.rinetd ];
|
||||
|
||||
networking.firewall.trustedInterfaces = [ tailscaleIfname netbirdIfname ];
|
||||
networking.firewall.trustedInterfaces = [ tailscaleIfname ];
|
||||
networking.firewall.interfaces.${bridgeName} = {
|
||||
allowedUDPPorts = [ tailscalePort netbirdPort ];
|
||||
allowedUDPPorts = [ tailscalePort ];
|
||||
allowedTCPPorts = [ ssPort1 ssPort2 ];
|
||||
};
|
||||
|
||||
@ -28,24 +26,7 @@ in {
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
|
||||
services.netbird.clients.priv = {
|
||||
interface = "wt0";
|
||||
port = 52674;
|
||||
hardened = false;
|
||||
ui.enable = false;
|
||||
config = {
|
||||
AdminURL.Host = "net.ataraxiadev.com:443";
|
||||
AdminURL.Scheme = "https";
|
||||
ManagementURL.Host = "net.ataraxiadev.com:443";
|
||||
ManagementURL.Scheme = "https";
|
||||
DisableAutoConnect = false;
|
||||
RosenpassEnabled = true;
|
||||
RosenpassPermissive = true;
|
||||
};
|
||||
};
|
||||
users.users.${config.mainuser}.extraGroups = [ "netbird-priv" ];
|
||||
|
||||
persist.state.directories = [ "/var/lib/tailscale" "/var/lib/netbird-priv" ];
|
||||
persist.state.directories = [ "/var/lib/tailscale" ];
|
||||
|
||||
services.rinetd = {
|
||||
enable = true;
|
||||
|
@ -19,7 +19,7 @@
|
||||
flake-registry = ${inputs.flake-registry}/flake-registry.json
|
||||
'';
|
||||
settings = {
|
||||
auto-optimise-store = false;
|
||||
auto-optimise-store = true;
|
||||
require-sigs = true;
|
||||
substituters = [
|
||||
"https://cache.nixos.org"
|
||||
|
@ -24,7 +24,6 @@ with lib; {
|
||||
nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
|
||||
nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
|
||||
nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
|
||||
open-webui = master.open-webui;
|
||||
prismlauncher = inputs.prismlauncher.packages.${system}.prismlauncher.override {
|
||||
jdks = [ pkgs.temurin-bin ];
|
||||
};
|
||||
|
@ -13,7 +13,7 @@ with config.deviceSpecific; {
|
||||
|
||||
services.journald.extraConfig = "Compress=false";
|
||||
services.gvfs.enable = !isServer;
|
||||
services.upower.enable = isLaptop;
|
||||
services.upower.enable = lib.mkDefault isLaptop;
|
||||
xdg.portal.enable = true;
|
||||
xdg.portal.config.common.default = "*";
|
||||
# xdg.portal.xdgOpenUsePortal = true;
|
||||
|
Loading…
x
Reference in New Issue
Block a user