diff --git a/flake.lock b/flake.lock index 4c86252..a9bc533 100644 --- a/flake.lock +++ b/flake.lock @@ -122,11 +122,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1745830889, - "narHash": "sha256-P51C3ennff9hNhHr6SsxowZKpbPsa2U4DjC+DIu4Lyg=", + "lastModified": 1745921824, + "narHash": "sha256-8FFSHBE0HgW0HGrTULbaUVH29aeVP31Clf2HDtDfqaE=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "2a6d6d064e33d65dc660b65c28ce17195e539db6", + "rev": "841c18a6fe787b669ea362e3e14f54a5bd12a63c", "type": "github" }, "original": { @@ -387,11 +387,11 @@ ] }, "locked": { - "lastModified": 1745810134, - "narHash": "sha256-WfnYH/i7DFzn4SESQfWviXiNUZjohZhzODqLwKYHIPI=", + "lastModified": 1745894335, + "narHash": "sha256-m47zhftaod/oHOwoVT25jstdcVLhkrVGyvEHKjbnFHI=", "owner": "nix-community", "repo": "home-manager", - "rev": "be7cf1709b469a2a2c62169172a167d1fed3509f", + "rev": "1ad123239957d40e11ef66c203d0a7e272eb48aa", "type": "github" }, "original": { @@ -569,11 +569,11 @@ }, "nixosHardware": { "locked": { - "lastModified": 1745503349, - "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=", + "lastModified": 1745907084, + "narHash": "sha256-Q8SpDbTI95vtKXgNcVl1VdSUhhDOORE8R77wWS2rmg8=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1", + "rev": "f1e52a018166e1a324f832de913e12c0e55792d0", "type": "github" }, "original": { @@ -711,11 +711,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1745794561, + "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", "type": "github" }, "original": { @@ -742,11 +742,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1745794561, + "narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0", "type": "github" }, "original": { @@ -1009,11 +1009,11 @@ ] }, "locked": { - "lastModified": 1745829891, - "narHash": "sha256-aRkV0ZpfT/ERgRlGrbgjHFRcEWdseltSO+wPnpdPYKg=", + "lastModified": 1745929750, + "narHash": "sha256-k5ELLpTwRP/OElcLpNaFWLNf8GRDq4/eHBmFy06gGko=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "d1863f30d9ca67f679f9c2583d7adf674b5d9b8a", + "rev": "82bf32e541b30080d94e46af13d46da0708609ea", "type": "github" }, "original": { diff --git a/hosts/kirk/default.nix b/hosts/kirk/default.nix index f08b669..72cebd5 100644 --- a/hosts/kirk/default.nix +++ b/hosts/kirk/default.nix @@ -33,7 +33,7 @@ "adb" "binfmt" "prometheus-exporters" - "promtail" + "alloy" "syncthing" "zerotier" ] diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 92783d6..3cbb5d2 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -40,8 +40,8 @@ "mount-sisko" "adb" "prometheus-exporters" - # "promtail" "zerotier" + "alloy" ] ++ [ ./disko.nix ]; diff --git a/hosts/pike/default.nix b/hosts/pike/default.nix index 1a7e3ab..e5e6ca6 100644 --- a/hosts/pike/default.nix +++ b/hosts/pike/default.nix @@ -35,7 +35,7 @@ "mount-sisko" "adb" "prometheus-exporters" - # "promtail" + "alloy" "zerotier" ]; @@ -157,6 +157,8 @@ hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.enableRedistributableFirmware = lib.mkDefault true; + services.power-profiles-daemon.enable = true; + hardware.graphics = { enable = true; enable32Bit = true; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 9542bc1..9faac29 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -21,7 +21,7 @@ "grafana" "prometheus-exporters" "loki" - "promtail" + "alloy" "restic" "atuin" "immich" @@ -33,6 +33,8 @@ "arr" "zerotier" "mosh" + "amule" + "adguard-home" ] ++ [ ./disko.nix diff --git a/hosts/tpol/default.nix b/hosts/tpol/default.nix index d73b62b..a586bc0 100644 --- a/hosts/tpol/default.nix +++ b/hosts/tpol/default.nix @@ -24,6 +24,7 @@ "battery" "printing" "wireguard-client" + "alloy" ]; boot.initrd.availableKernelModules = [ diff --git a/lib/default.nix b/lib/default.nix index 724e0cf..4330d49 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ { keys = { users = { - ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org"; + ccr-ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm9Sl/I+5G4g4f6iE4oCUJteP58v+wMIew9ZuLB+Gea"; oneplus8t = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8da1Mf11vXFF0kVDgxocVoGwpHHMEs9emS9T+v8hLb oneplus8t"; hercules-ci-agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPupm00BiveTIYF6CNwuMijF5VvEaPDMjvt+vMlAy+N hercules-ci-agent"; }; diff --git a/modules/adguard-home/default.nix b/modules/adguard-home/default.nix index 4020c07..cd9cec3 100644 --- a/modules/adguard-home/default.nix +++ b/modules/adguard-home/default.nix @@ -1,18 +1,57 @@ -{ config, ... }: +{ config, lib, ... }: +let + interface = "enP4p65s0"; +in { services.adguardhome = { enable = true; - port = 3000; mutableSettings = true; settings = { - openFirewall = true; + dhcp = { + enabled = true; + interface_name = interface; + + dhcpv4 = { + gateway_ip = "10.1.1.1"; + range_start = "10.1.1.2"; + range_end = "10.1.1.255"; + subnet_mask = "255.255.255.0"; + }; + }; + dns = { + upstream_dns = [ + "https://dns10.quad9.net/dns-query" + ]; + + bind_hosts = [ + "127.0.0.1" + "10.1.1.2" + ]; + }; }; }; - networking.firewall.allowedTCPPorts = [ - 3000 + + # otherwise it creates a directory in /var/lib/private which can't be easily persisted + systemd.services.adguardhome.serviceConfig.DynamicUser = lib.mkForce false; + + networking.firewall.allowedUDPPorts = [ 53 + 67 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 ]; + + networking.interfaces.${interface} = { + ipv4.addresses = [ + { + address = "10.1.1.2"; + prefixLength = 24; + } + ]; + useDHCP = false; + }; + + networking.defaultGateway = "10.1.1.1"; + environment.persistence."/persist".directories = [ "/var/lib/AdGuardHome" ]; diff --git a/modules/alloy/default.nix b/modules/alloy/default.nix new file mode 100644 index 0000000..728ca28 --- /dev/null +++ b/modules/alloy/default.nix @@ -0,0 +1,53 @@ +{ config, ... }: +{ + services.alloy = { + enable = true; + }; + environment.etc."alloy/config.alloy".text = '' + local.file_match "local_files" { + path_targets = [{ + __path__ = "/var/log/*.log", + }] + sync_period = "5s" + } + + loki.source.journal "systemd" { + max_age = "24h" + forward_to = [loki.write.default.receiver] + } + + loki.source.journal "kernel" { + max_age = "24h" + forward_to = [loki.write.default.receiver] + } + + loki.relabel "nixfleet_journal" { + forward_to = [] + rule { + source_labels = ["__journal__systemd_unit"] + target_label = "systemd_unit" + } + rule { + source_labels = ["__journal_syslog_identifier"] + target_label = "syslog_identifier" + } + } + + loki.source.journal "nixfleet_journal" { + forward_to = [loki.write.default.receiver] + relabel_rules = loki.relabel.nixfleet_journal.rules + format_as_json = true + } + + loki.write "default" { + endpoint { + url = "http://sisko.wg.aciceri.dev:${ + builtins.toString config.services.loki.configuration.server.http_listen_port or 3100 + }/loki/api/v1/push" + } + external_labels = { + host = "${config.networking.hostName}", + } + } + ''; +} diff --git a/modules/amarr/default.nix b/modules/amarr/default.nix new file mode 100644 index 0000000..0412243 --- /dev/null +++ b/modules/amarr/default.nix @@ -0,0 +1,23 @@ +args@{ lib, pkgs, ... }: +let + pkgs = builtins.getFlake "github:NixOS/nixpkgs/d278c7bfb89130ac167e80d2250f9abc0bede419"; + amarr = pkgs.legacyPackages.${args.pkgs.system}.amarr; +in +{ + systemd.services.amarr = { + description = "amarr"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + User = "root"; + Type = "oneshot"; + ExecStart = lib.getExe amarr; + }; + environment = { + AMULE_HOST = "localhost"; + AMULE_PORT = "4712"; + AMULE_PASSWORD = ""; + }; + }; + +} diff --git a/modules/amule/default.nix b/modules/amule/default.nix new file mode 100644 index 0000000..9752f8f --- /dev/null +++ b/modules/amule/default.nix @@ -0,0 +1,34 @@ +{ config, lib, ... }: +{ + users.users.amule = { + isSystemUser = true; + group = "amule"; + extraGroups = [ "amule" ]; + home = config.services.amule.dataDir; + }; + + users.groups.amule = { }; + services.amule = { + dataDir = "/mnt/hd/amule"; + enable = true; + user = "amule"; + }; + + # sometimes the service crashes with a segfeault without any reason... + systemd.services.amuled.serviceConfig.Restart = lib.mkForce "always"; + + environment.persistence."/persist".directories = [ + config.services.amule.dataDir + ]; + + networking.firewall = { + allowedTCPPorts = [ 4662 ]; + allowedUDPPortRanges = [ + { + from = 4665; + to = 4672; + } + ]; + }; + +}