diff --git a/flake.lock b/flake.lock index 690f465..7913186 100755 --- a/flake.lock +++ b/flake.lock @@ -103,11 +103,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1747576719, - "narHash": "sha256-a+QFKYlsgWZyuCdFqjRout85mZjrtkq1dmMEPuB50qA=", + "lastModified": 1748012392, + "narHash": "sha256-ySnLv8+Z91PxcYA0royImfqDNyN/oijxE94ftUCR/vc=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "a5137694fccd0a36dc0c578c3ce9b02278a8f198", + "rev": "cfddf4d048eb19f03009c626e5ef3f1913cd063d", "type": "github" }, "original": { @@ -124,11 +124,11 @@ ] }, "locked": { - "lastModified": 1747565775, - "narHash": "sha256-B6jmKHUEX1jxxcdoYHl7RVaeohtAVup8o3nuVkzkloA=", + "lastModified": 1747978958, + "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "97118a310eb8e13bc1b9b12d67267e55b7bee6c8", + "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "desktop-nixos-hardware": { "locked": { - "lastModified": 1747684167, - "narHash": "sha256-l6jbonaboCBlB8lCjBkrqgh2zEnvt6F3f4dOU/8CLd4=", + "lastModified": 1747900541, + "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e8f38b2c19c0647e39021c3d47172ff5469af8a9", + "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", "type": "github" }, "original": { @@ -196,11 +196,11 @@ }, "desktop-nixpkgs": { "locked": { - "lastModified": 1747542820, - "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { @@ -598,11 +598,11 @@ ] }, "locked": { - "lastModified": 1747439237, - "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", + "lastModified": 1747875884, + "narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=", "owner": "nix-community", "repo": "home-manager", - "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", + "rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b", "type": "github" }, "original": { @@ -641,11 +641,11 @@ ] }, "locked": { - "lastModified": 1747466853, - "narHash": "sha256-/evYltwuF8Kz1odgocWnguh/8VQV1i76VB4yMTU9m7k=", + "lastModified": 1747893327, + "narHash": "sha256-9MVhGXDVDG3+eqzNsxK4n2uriPGVvjOvlxUKEEnGiAs=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "0ba1a34fa6d995fe433109f0ad66de8d5613d46e", + "rev": "953023adda652e7ff9c64dacaa9f44da7c120191", "type": "github" }, "original": { @@ -1066,11 +1066,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747327360, - "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", + "lastModified": 1747744144, + "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", + "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", "type": "github" }, "original": { diff --git a/hosts/deck/configuration.nix b/hosts/deck/configuration.nix index 26a4c86..1e851ab 100755 --- a/hosts/deck/configuration.nix +++ b/hosts/deck/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: { imports = @@ -38,6 +38,35 @@ enable = true; wifi.powersave = lib.mkDefault false; settings.connectivity.uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; + ensureProfiles = { + environmentFiles = [ + config.sops.secrets.wifi.path + ]; + + profiles = { + "Joey's Jungle 6G" = { + connection = { + id = "Joey's Jungle 6G"; + type = "wifi"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + wifi = { + mode = "infrastructure"; + ssid = "Joey's Jungle 6G"; + }; + wifi-security = { + key-mgmt = "sae"; + psk = "$PSK"; + }; + }; + }; + }; }; }; @@ -60,6 +89,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.deck = { + hashedPasswordFile = config.sops.secrets."desktop/matt_password".path; isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ diff --git a/hosts/desktop/boot.nix b/hosts/desktop/boot.nix index 51e5c49..1a7633d 100755 --- a/hosts/desktop/boot.nix +++ b/hosts/desktop/boot.nix @@ -60,6 +60,8 @@ in bootspec.enable = true; }; + zramSwap.enable = true; + environment.systemPackages = with pkgsVersion; [ edk2-uefi-shell ]; diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 0f39a97..e0c433c 100755 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -125,6 +125,8 @@ in # ../../modules/desktop-environments/cosmic/specialisation.nix ]; + chaotic.mesa-git.enable = true; + # Environment configuration environment = { systemPackages = systemPackages; diff --git a/hosts/desktop/filesystems.nix b/hosts/desktop/filesystems.nix index ad95260..d8d7e2c 100755 --- a/hosts/desktop/filesystems.nix +++ b/hosts/desktop/filesystems.nix @@ -13,26 +13,26 @@ let ]; defaultLocalOptions = [ "compress=zstd" - "autodefrag" +# "autodefrag" "nofail" - "x-systemd.automount" - "auto" +# "x-systemd.automount" +# "auto" "rw" ]; in { fileSystems = { "/home/matt/Steam" = { - device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1"; options = [ - "subvol=Steam" + "subvol=steam" "noatime" ] ++ defaultLocalOptions; }; "/home/matt/Heroic" = { - device = "/dev/disk/by-uuid/EBEBAFB4-3CEB-4EB4-841B-693C94304751"; + device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S6B0NL0W232824B-part1"; options = [ - "subvol=Heroic" + "subvol=heroic" "noatime" ] ++ defaultLocalOptions; }; diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index 6ba77ed..9888ca8 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -18,6 +18,9 @@ let lubeloggerUrl = "http://10.0.1.18:6754"; immichUrl = "http://10.0.1.18:2283"; + # internal services + codeUrl = "http://10.0.1.18:4444"; + # Plugins traefikPlugins = { bouncer = { @@ -208,6 +211,15 @@ in }; }; }; + internal-ipallowlist = + { + ipAllowList = { + sourceRange = [ + "127.0.0.1/32" + "10.0.1.0/24" + ]; + }; + }; }; services = { @@ -281,6 +293,13 @@ in url = immichUrl; } ]; + + # internal services + code.loadBalancer.servers = [ + { + url = codeUrl; + } + ]; }; routers = { @@ -371,6 +390,15 @@ in middlewares = [ "crowdsec" "whitelist-geoblock" ]; tls.certResolver = "letsencrypt"; }; + + # internal services + code = { + entryPoints = [ "websecure" ]; + rule = "Host(`code.${domain}`)"; + service = "code"; + middlewares = [ "internal-ipallowlist" ]; + tls.certResolver = "letsencrypt"; + }; }; }; }; diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index dddebd1..14ffca6 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -18,6 +18,9 @@ in port = 4444; auth = "none"; hashedPassword = "$y$j9T$EkPXmsmIMFFZ.WRrBYCxS1$P0kwo6e4.WM5DsqUcEqWC3MrZp5KfCjxffraMFZWu06"; + extraEnvironment = { + PROXY_DOMAIN = "code.mjallen.dev"; + }; }; minecraft-server = {