aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: aciceri:4161467d6698b3214656c0035cb9a28a08c6868c
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test
..
compare: aciceri:e6923afd011cc6855cee979207ff145f13e9c804
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test

13 commits
4161467d66 ... e6923afd01

Author SHA1 Message Date
Seven of Nine
e6923afd01 flake.lock: Update
Some checks failed
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 38m25s
Details 
Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/2a6d6d064e33d65dc660b65c28ce17195e539db6' (2025-04-28)
  → 'github:nix-community/emacs-overlay/841c18a6fe787b669ea362e3e14f54a5bd12a63c' (2025-04-29)
• Updated input 'emacs-overlay/nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/5461b7fa65f3ca74cef60be837fd559a8918eaa0' (2025-04-27)
• Updated input 'homeManager':
    'github:nix-community/home-manager/be7cf1709b469a2a2c62169172a167d1fed3509f' (2025-04-28)
  → 'github:nix-community/home-manager/1ad123239957d40e11ef66c203d0a7e272eb48aa' (2025-04-29)
• Updated input 'nixosHardware':
    'github:NixOS/nixos-hardware/f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1' (2025-04-24)
  → 'github:NixOS/nixos-hardware/f1e52a018166e1a324f832de913e12c0e55792d0' (2025-04-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24)
  → 'github:NixOS/nixpkgs/5461b7fa65f3ca74cef60be837fd559a8918eaa0' (2025-04-27)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/d1863f30d9ca67f679f9c2583d7adf674b5d9b8a' (2025-04-28)
  → 'github:numtide/treefmt-nix/82bf32e541b30080d94e46af13d46da0708609ea' (2025-04-29)
 2025-04-29 15:02:05 +00:00
Andrea Ciceri
60dce8e681
Use alloy on all the most used devices
All checks were successful
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 54s
Details
2025-04-29 12:21:31 +02:00
Andrea Ciceri
70b61a74ae
New alloy module 2025-04-29 12:21:20 +02:00
Andrea Ciceri
84e19cb236
Fix DNS 2025-04-29 12:21:12 +02:00
Andrea Ciceri
599690ede5
Fix DHCP server
All checks were successful
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 2m19s
Details
2025-04-29 11:06:59 +02:00
Andrea Ciceri
ddd85e4830
Disable promtail on sisko 2025-04-29 11:06:45 +02:00
Andrea Ciceri
350c745cf1
Enable adguard-home on sisko
Some checks failed
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 14m20s
Details
2025-04-28 22:22:17 +02:00
Andrea Ciceri
af7de46bf5
Fix adguard-home and use both for DNS and DHCP 2025-04-28 22:22:02 +02:00
Andrea Ciceri
2390d2fe82
Merge branch 'master' of git.aciceri.dev:aciceri/nixfleet
Some checks failed
/ test (push) Failing after 26m23s
Details
2025-04-28 21:09:59 +02:00
Andrea Ciceri
7792eead8d
Update ccr-ssh key 2025-04-28 21:06:40 +02:00
Andrea Ciceri
8609d63413
Enable power-profiles-daemon for pike
Some checks failed
/ test (push) Has been cancelled
Details
2025-04-28 20:52:22 +02:00
Andrea Ciceri
c745986ef4
amarr module WIP
Some checks failed
/ test (push) Failing after 14m23s
Details
2025-04-28 20:20:57 +02:00
Andrea Ciceri
29734b6bd7
Add amule and enable on sisko 2025-04-28 20:20:46 +02:00
11 changed files with 183 additions and 29 deletions
Show stats Expand all files Collapse all files

36
flake.lock generated
View file

@ -122,11 +122,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1745830889, "lastModified": 1745921824,
"narHash": "sha256-P51C3ennff9hNhHr6SsxowZKpbPsa2U4DjC+DIu4Lyg=", "narHash": "sha256-8FFSHBE0HgW0HGrTULbaUVH29aeVP31Clf2HDtDfqaE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "2a6d6d064e33d65dc660b65c28ce17195e539db6", "rev": "841c18a6fe787b669ea362e3e14f54a5bd12a63c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -387,11 +387,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745851658, "lastModified": 1745894335,
"narHash": "sha256-g0SwcRgKLNaSjobwfp9ucQJgxY7wPYxk9KZkmP/Kw0Y=", "narHash": "sha256-m47zhftaod/oHOwoVT25jstdcVLhkrVGyvEHKjbnFHI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "69c60b035e6bb51a4c5607f184bf64312c294139", "rev": "1ad123239957d40e11ef66c203d0a7e272eb48aa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -569,11 +569,11 @@
}, },
"nixosHardware": { "nixosHardware": {
"locked": { "locked": {
"lastModified": 1745503349, "lastModified": 1745907084,
"narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=", "narHash": "sha256-Q8SpDbTI95vtKXgNcVl1VdSUhhDOORE8R77wWS2rmg8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1", "rev": "f1e52a018166e1a324f832de913e12c0e55792d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -711,11 +711,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1745526057, "lastModified": 1745794561,
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -742,11 +742,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1745526057, "lastModified": 1745794561,
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1009,11 +1009,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745848521, "lastModified": 1745929750,
"narHash": "sha256-gNrTO3pEjmu3WiuYrUHJrTGCFw9v+qZXCFmX/Vjf5WI=", "narHash": "sha256-k5ELLpTwRP/OElcLpNaFWLNf8GRDq4/eHBmFy06gGko=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "763f1ce0dd12fe44ce6a5c6ea3f159d438571874", "rev": "82bf32e541b30080d94e46af13d46da0708609ea",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/kirk/default.nix
View file

@ -33,7 +33,7 @@
"adb" "adb"
"binfmt" "binfmt"
"prometheus-exporters" "prometheus-exporters"
"promtail" "alloy"
"syncthing" "syncthing"
"zerotier" "zerotier"
] ]

2
hosts/picard/default.nix
View file

@ -40,8 +40,8 @@
"mount-sisko" "mount-sisko"
"adb" "adb"
"prometheus-exporters" "prometheus-exporters"
# "promtail"
"zerotier" "zerotier"
"alloy"
] ]
++ [ ./disko.nix ]; ++ [ ./disko.nix ];

4
hosts/pike/default.nix
View file

@ -35,7 +35,7 @@
"mount-sisko" "mount-sisko"
"adb" "adb"
"prometheus-exporters" "prometheus-exporters"
# "promtail" "alloy"
"zerotier" "zerotier"
]; ];
@ -157,6 +157,8 @@
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.enableRedistributableFirmware = lib.mkDefault true; hardware.enableRedistributableFirmware = lib.mkDefault true;
services.power-profiles-daemon.enable = true;
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;

4
hosts/sisko/default.nix
View file

@ -21,7 +21,7 @@
"grafana" "grafana"
"prometheus-exporters" "prometheus-exporters"
"loki" "loki"
"promtail" "alloy"
"restic" "restic"
"atuin" "atuin"
"immich" "immich"
@ -33,6 +33,8 @@
"arr" "arr"
"zerotier" "zerotier"
"mosh" "mosh"
"amule"
"adguard-home"
] ]
++ [ ++ [
./disko.nix ./disko.nix

1
hosts/tpol/default.nix
View file

@ -24,6 +24,7 @@
"battery" "battery"
"printing" "printing"
"wireguard-client" "wireguard-client"
"alloy"
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [

2
lib/default.nix
View file

@ -1,7 +1,7 @@
{ {
keys = { keys = {
users = { users = {
ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org"; ccr-ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm9Sl/I+5G4g4f6iE4oCUJteP58v+wMIew9ZuLB+Gea";
oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t";
hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent";
}; };

51
modules/adguard-home/default.nix
View file

@ -1,18 +1,57 @@
{ config, ... }: { config, lib, ... }:
let
interface = "enP4p65s0";
in
{ {
services.adguardhome = { services.adguardhome = {
enable = true; enable = true;
port = 3000;
mutableSettings = true; mutableSettings = true;
settings = { settings = {
openFirewall = true; dhcp = {
enabled = true;
interface_name = interface;
dhcpv4 = {
gateway_ip = "10.1.1.1";
range_start = "10.1.1.2";
range_end = "10.1.1.255";
subnet_mask = "255.255.255.0";
};
};
dns = {
upstream_dns = [
"https://dns10.quad9.net/dns-query"
];
bind_hosts = [
"127.0.0.1"
"10.1.1.2"
];
};
}; };
}; };
networking.firewall.allowedTCPPorts = [
3000 # otherwise it creates a directory in /var/lib/private which can't be easily persisted
systemd.services.adguardhome.serviceConfig.DynamicUser = lib.mkForce false;
networking.firewall.allowedUDPPorts = [
53 53
67
]; ];
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [ 53 ];
networking.interfaces.${interface} = {
ipv4.addresses = [
{
address = "10.1.1.2";
prefixLength = 24;
}
];
useDHCP = false;
};
networking.defaultGateway = "10.1.1.1";
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [
"/var/lib/AdGuardHome" "/var/lib/AdGuardHome"
]; ];

53
modules/alloy/default.nix Normal file
View file

@ -0,0 +1,53 @@
{ config, ... }:
{
services.alloy = {
enable = true;
};
environment.etc."alloy/config.alloy".text = ''
local.file_match "local_files" {
path_targets = [{
__path__ = "/var/log/*.log",
}]
sync_period = "5s"
}
loki.source.journal "systemd" {
max_age = "24h"
forward_to = [loki.write.default.receiver]
}
loki.source.journal "kernel" {
max_age = "24h"
forward_to = [loki.write.default.receiver]
}
loki.relabel "nixfleet_journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "systemd_unit"
}
rule {
source_labels = ["__journal_syslog_identifier"]
target_label = "syslog_identifier"
}
}
loki.source.journal "nixfleet_journal" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.nixfleet_journal.rules
format_as_json = true
}
loki.write "default" {
endpoint {
url = "http://sisko.wg.aciceri.dev:${
builtins.toString config.services.loki.configuration.server.http_listen_port or 3100
}/loki/api/v1/push"
}
external_labels = {
host = "${config.networking.hostName}",
}
}
'';
}

23
modules/amarr/default.nix Normal file
View file

@ -0,0 +1,23 @@
args@{ lib, pkgs, ... }:
let
pkgs = builtins.getFlake "github:NixOS/nixpkgs/d278c7bfb89130ac167e80d2250f9abc0bede419";
amarr = pkgs.legacyPackages.${args.pkgs.system}.amarr;
in
{
systemd.services.amarr = {
description = "amarr";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
User = "root";
Type = "oneshot";
ExecStart = lib.getExe amarr;
};
environment = {
AMULE_HOST = "localhost";
AMULE_PORT = "4712";
AMULE_PASSWORD = "";
};
};
}

34
modules/amule/default.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, ... }:
{
users.users.amule = {
isSystemUser = true;
group = "amule";
extraGroups = [ "amule" ];
home = config.services.amule.dataDir;
};
users.groups.amule = { };
services.amule = {
dataDir = "/mnt/hd/amule";
enable = true;
user = "amule";
};
# sometimes the service crashes with a segfeault without any reason...
systemd.services.amuled.serviceConfig.Restart = lib.mkForce "always";
environment.persistence."/persist".directories = [
config.services.amule.dataDir
];
networking.firewall = {
allowedTCPPorts = [ 4662 ];
allowedUDPPortRanges = [
{
from = 4665;
to = 4672;
}
];
};
}