Dandellion/dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

publish soryu config

Browse Source
This commit is contained in:
Daniel Olsen 2024-08-17 03:58:06 +02:00
parent a6f2ac0868
commit 3121abd968
10 changed files with 1155 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
flake.lock generated
View File

@ -20,6 +20,55 @@
"url": "https://git.dodsorf.as/Dandellion/NUR.git"
}
},
"dan_2": {
"inputs": {
"nixpkgs": [
"wack-server-conf",
"dandellion",
"unstable"
]
},
"locked": {
"lastModified": 1656687988,
"narHash": "sha256-2ywoy3wUvFAyxDTw7VPlz5TGh9mk/um2AWOjhJqJxNQ=",
"ref": "refs/heads/master",
"rev": "7e85f62e40cd585ce81fa1f3debd5385bb0cad03",
"revCount": 160,
"type": "git",
"url": "https://git.dodsorf.as/Dandellion/NUR.git"
},
"original": {
"type": "git",
"url": "https://git.dodsorf.as/Dandellion/NUR.git"
}
},
"dandellion": {
"inputs": {
"dan": "dan_2",
"home-manager": "home-manager_2",
"nixgl": "nixgl_2",
"nixpkgs": [
"wack-server-conf",
"nixpkgs"
],
"nur": "nur_2",
"unstable": "unstable_2"
},
"locked": {
"lastModified": 1699137267,
"narHash": "sha256-cBusl45B1nj9vpwYVLZamNYmSbHeama1IdWMlBl14Jo=",
"ref": "23.05",
"rev": "760228bcc60e27c94bb295106b7d470b0ebd9feb",
"revCount": 241,
"type": "git",
"url": "https://git.dodsorf.as/Dandellion/dotfiles.git"
},
"original": {
"ref": "23.05",
"type": "git",
"url": "https://git.dodsorf.as/Dandellion/dotfiles.git"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@ -35,6 +84,21 @@
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"greg-clients": {
"inputs": {
"nixpkgs": [
@ -76,6 +140,51 @@
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"wack-server-conf",
"dandellion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"wack-server-conf",
"nixpkgs"
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils",
@ -97,6 +206,29 @@
"type": "github"
}
},
"nixgl_2": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"wack-server-conf",
"dandellion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1685908677,
"narHash": "sha256-E4zUPEUFyVWjVm45zICaHRpfGepfkE9Z2OECV9HXfA4=",
"owner": "guibou",
"repo": "nixGL",
"rev": "489d6b095ab9d289fe11af0219a9ff00fe87c7c5",
"type": "github"
},
"original": {
"owner": "guibou",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1723688146,
@ -113,13 +245,44 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1698544399,
"narHash": "sha256-vhRmPyEyoPkrXF2iykBsWHA05MIaOSmMRLMF7Hul6+s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d87c5d8c41c9b3b39592563242f3a448b5cc4bc9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1723849682,
"narHash": "sha256-uu7U8afWM5+fpg3ox073GcrCHFXNE5mLg6IpfG2Vr3E=",
"lastModified": 1723859387,
"narHash": "sha256-1a4zDw0wIH/7Yg0tvIusrkBAZlcQkpQBkqZtPYnBsCw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "401628ec50d326030e81aa44a37adf8ca876b72a",
"rev": "b43ecc46a848d0107b17091e2cd74cb442e28885",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"nur_2": {
"locked": {
"lastModified": 1699131694,
"narHash": "sha256-dKWORPD0ODREKihqCZqEqc1zJ3wACmoMmuf2BGg3DbE=",
"owner": "nix-community",
"repo": "NUR",
"rev": "6226a48fb329802a63da2babbdd2d375713af333",
"type": "github"
},
"original": {
@ -136,7 +299,30 @@
"nixgl": "nixgl",
"nixpkgs": "nixpkgs",
"nur": "nur",
"unstable": "unstable"
"unstable": "unstable",
"wack-server-conf": "wack-server-conf"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"wack-server-conf",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1699021419,
"narHash": "sha256-oy2j2OHXYcckifASMeZzpmbDLSvobMGt0V/RvoDotF4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "275b28593ef3a1b9d05b6eeda3ddce2f45f5c06f",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"unstable": {
@ -154,6 +340,62 @@
"repo": "nixpkgs",
"type": "github"
}
},
"unstable_2": {
"locked": {
"lastModified": 1699094435,
"narHash": "sha256-YLZ5/KKZ1PyLrm2MO8UxRe4H3M0/oaYqNhSlq6FDeeA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9d5d25bbfe8c0297ebe85324addcb5020ed1a454",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"unstable_3": {
"locked": {
"lastModified": 1698924604,
"narHash": "sha256-GCFbkl2tj8fEZBZCw3Tc0AkGo0v+YrQlohhEGJ/X4s0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa804edfb7869c9fb230e174182a8a1a7e512c40",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"wack-server-conf": {
"inputs": {
"dandellion": "dandellion",
"home-manager": "home-manager_3",
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix",
"unstable": "unstable_3"
},
"locked": {
"lastModified": 1699656973,
"narHash": "sha256-csFw6I3dhPR9seG+mRnonlWCYm32mfLYb3Ga+vjS9Ak=",
"owner": "WackAttackCTF",
"repo": "wack-server-conf",
"rev": "77551a8f183a503653db3118a97f856af5301ec5",
"type": "github"
},
"original": {
"owner": "WackAttackCTF",
"repo": "wack-server-conf",
"type": "github"
}
}
},
"root": "root",

15
flake.nix
View File

@ -17,6 +17,9 @@
dan.url = "git+https://git.dodsorf.as/Dandellion/NUR.git"; #"git+https://git.dodsorf.as/Dandellion/NUR";
dan.inputs.nixpkgs.follows = "unstable";
wack-server-conf.url = "github:WackAttackCTF/wack-server-conf";
wack-server-conf.inputs.nixpkgs.follows = "nixpkgs";
greg-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients";
greg-clients.inputs.nixpkgs.follows = "unstable";
@ -63,6 +66,18 @@
// mkHomes [ "desktop" ] { username = "dan"; }
// mkHomes [ "pvv-terminal" ] { username = "danio"; homeDirectory = "/home/pvv/d/danio"; };
nixosConfigurations = {
soryu = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/soryu/configuration.nix
];
};
};
nixosModules = {
home-manager = nixlib.genAttrs allMachines (machine: import ./home/machines/${machine}.nix);
};

14
hosts/soryu/0001-gnunet-fs-log.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/src/fs/gnunet-service-fs.c b/src/fs/gnunet-service-fs.c
index 597e89e..aaade99 100644
--- a/src/fs/gnunet-service-fs.c
+++ b/src/fs/gnunet-service-fs.c
@@ -1234,7 +1234,8 @@ peer_init_handler (void *cls,
my_identity))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
- "Peer identity mismatch, refusing to start!\n");
+ "Peer identity mismatch, refusing to start! Core delivered %s.\n",
+ GNUNET_i2s (my_identity));
GNUNET_SCHEDULER_shutdown ();
}
}

40
hosts/soryu/ai.nix Normal file
View File

@ -0,0 +1,40 @@
{ config, lib, pkgs, ... }:
{
systemd.nspawn.ubuntu-ai = {
execConfig = {
Boot = true;
};
networkConfig = {
Private = false;
};
filesConfig = {
BindReadOnly = [
"/etc/resolv.conf:/etc/resolv.conf"
];
Bind = [
"/dev/dri:/dev/dri"
"/dev/kfd:/dev/kfd"
"/mnt/human/llama:/llama"
"/mnt/human/sd:/sd"
];
};
};
systemd.services."systemd-nspawn@ubuntu-ai" = {
environment = {
SYSTEMD_NSPAWN_TMPFS_TMP = "0";
};
serviceConfig = {
CPUQuota = "300%";
MemoryHigh = "14G";
MemoryMax = "15G";
MemorySwapMax = "25G";
ExecStart = "systemd-nspawn --quiet --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=%i -D /mnt/human/machines/ubuntu-ai";
};
# overrideStrategy = "asDropin";
};
}

231
hosts/soryu/configuration.nix Normal file
View File

@ -0,0 +1,231 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./tahoe.nix
./gnunet-module.nix
./wack.nix
./ai.nix
];
# programs.adb.enable = true;
systemd.enableEmergencyMode = false;
networking.hostName = "soryu";
networking.extraHosts = ''
127.0.0.1 modules-cdn.eac-prod.on.epicgames.com #Star Citizen EAC workaround
'';
# Star Citizen resource limits
boot.kernel.sysctl = {
"vm.max_map_count" = 16777216;
"fs.file-max" = 524288;
};
disabledModules = [
"services/network-filesystems/tahoe.nix"
"services/networking/gnunet.nix"
];
services.resolved.enable = true;
services.resolved.dnssec = "false";
services.gnome.gnome-keyring.enable = true;
# services.tahoe.nodes.pvv-danio-desktop = {
# settings = {
# storage.enabled = true;
# storage.storage_dir = "/mnt/human/tahoe-lafs/pvv";
# client."shares.total" = 10;
# client."shares.needed" = 4;
# client."shares.happy" = 1;
# };
# };
# services.gnunet = {
# enable = true;
# package = pkgs.callPackage ./gnunet.nix { };
# settings = {
# hostlist = {
# OPTIONS = "-b -e";
# SERVERS = "http://v15.gnunet.org/hostlist https://gnunet.io/hostlist";
# };
## nat = {
## BEHIND_NAT = "YES";
## ENABLE_UPNP = "NO";
## DISABLEV6 = "YES";
## };
# ats = {
# WAN_QUOTA_IN = "unlimited";
# WAN_QUOTA_OUT = "unlimited";
# };
# };
# };
ids.gids.gnunetdns = 327;
# services.gnunet = {
# enable = true;
# extraOptions = ''
# [hostlist]
# OPTIONS = -b -e
# SERVERS = http://v11.gnunet.org:58080/
# HTTPPORT = 8080
# HOSTLISTFILE = $SERVICEHOME/hostlists.file
# [arm]
# START_SYSTEM_SERVICES = YES
# START_USER_SERVICES = NO
# '';
# };
services.murmur = {
enable = true;
# registerName = "DODSORFAS";
welcometext = "Dans PC at singsaker smh backup mumble server";
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#boot.kernelParams = ["radeon.cik_support=0" "amdgpu.cik_support=1"];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelModules = [ "kvm-intel" ];
programs.steam = {
enable = true;
remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server
};
nixpkgs.config = {
allowUnfree = true;
};
services.tailscale.enable = true;
networking.firewall.interfaces."tailscale0" = let
all = { from = 0; to = 65535; };
in {
allowedUDPPortRanges = [ all ];
allowedTCPPortRanges = [ all ];
};
# Select internationalisation properties.
console.keyMap = "no-latin1";
time.timeZone = "Europe/Oslo";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget vim git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 8000 6007 5001 config.services.murmur.port ];
networking.firewall.allowedUDPPorts = [ 5001 21977 config.services.murmur.port ];
# Enable CUPS to print documents.
# services.printing.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
# systemd.tmpfiles.rules = [
# "L+ /opt/rocm/hip - - - - ${pkgs.hip}"
# ];
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
libva
rocmPackages.clr.icd
];
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "no";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.displayManager.lightdm.enable = true;
services.xserver.videoDrivers = ["amdgpu"];
programs.zsh.enable = true;
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
# networking.nameservers = lib.mkForce [ "192.168.0.25" ];
# services.ipfs.enable = true;
# services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002";
nix.trustedUsers = [ "dan" ];
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
users.users.dan = {
isNormalUser = true;
uid = 1001;
shell = pkgs.zsh;
extraGroups = [ "wheel" "networkmanager" "docker" "video" "gnunet" "libvirtd" ];
initialPassword = "Abc123";
};
programs.dconf.enable = true;
services.dbus.packages = with pkgs; [ dconf ];
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.03"; # Did you read the comment?
}

109
hosts/soryu/gnunet-module.nix Normal file
View File

@ -0,0 +1,109 @@
{config, lib, pkgs, ...}:
let
cfg = config.services.gnunet;
format = pkgs.formats.ini { };
configFile = format.generate "gnunet-config.conf" cfg.settings;
in
{
options = {
services.gnunet = {
enable = lib.mkEnableOption "GNUnet daemon";
package = lib.mkPackageOption pkgs "gnunet" { };
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = format.type;
options = {
transport-udp.PORT = lib.mkOption {
default = 2086;
type = lib.types.port;
description = "The UDP port for use by GNUnet.";
};
};
};
};
};
};
config = lib.mkIf cfg.enable {
users.users.gnunet = {
group = "gnunet";
description = "GNUnet User";
uid = config.ids.uids.gnunet;
};
users.groups.gnunet.gid = config.ids.gids.gnunet;
users.groups.gnunetdns.gid = config.ids.gids.gnunetdns;
# TODO: Avoid putting these in $PATH
security.wrappers = let
mkGnunetSuid = source: {
setuid = true;
owner = "root";
group = "gnunet";
permissions = "o+rx,o-w,g+rx,g-w,o-rwx";
inherit source;
};
helpers = b: "${cfg.package}/lib/gnunet/libexec/${b}";
in {
gnunet-helper-vpn = mkGnunetSuid (helpers "gnunet-helper-vpn");
# These don't exist
#gnunet-helper-transport-wlan = mkGnunetSuid (helpers "gnunet-helper-transport-wlan");
#gnunet-helper-transport-bluetooth = mkGnunetSuid (helpers "gnunet-helper-transport-bluetooth");
gnunet-helper-exit = mkGnunetSuid (helpers "gnunet-helper-exit");
gnunet-helper-nat-server = mkGnunetSuid (helpers "gnunet-helper-nat-server");
gnunet-helper-nat-client = mkGnunetSuid (helpers "gnunet-helper-nat-client");
# > The binary should then be owned by root and be in group "gnunetdns"
# > and be installed SUID and only be group-executable (2750).
# But logically it should be 4750
gnunet-helper-dns = {
setuid = true;
owner = "root";
group = "gnunetdns";
permissions = "o+rx,o-w,g+rx,g-w,o-rwx";
source = (helpers "gnunet-helper-dns");
};
gnunet-service-dns = {
setgid = true;
owner = "root";
group = "gnunetdns";
permissions = "o+rx,o-w,g-rwx,o-rwx";
source = (helpers "gnunet-service-dns");
};
};
services.gnunet.settings = {
arm = {
START_SYSTEM_SERVICES = lib.mkDefault "YES";
START_USER_SERVICES = lib.mkDefault "NO";
};
dns = {
BINARY = lib.mkDefault "/run/wrappers/bin/gnunet-service-dns";
};
PATHS = {
SUID_BINARY_PATH = lib.mkDefault "/run/wrappers/bin";
GNUNET_HOME = lib.mkDefault "/var/lib/gnunet";
GNUNET_RUNTIME_DIR = lib.mkDefault "/run/gnunet";
GNUNET_USER_RUNTIME_DIR = lib.mkDefault "/run/gnunet";
GNUNET_DATA_HOME = lib.mkDefault "/var/lib/gnunet/data";
};
};
systemd.services.gnunet = {
description = "GNUnet system deamon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ cfg.package pkgs.miniupnpc ];
serviceConfig = {
ExecStart = "${cfg.package}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
User = "gnunet";
Group = "gnunet";
StateDirectory = "gnunet";
StateDirectoryMode = "0700";
WorkingDirectory = "/var/lib/gnunet";
RuntimeDirectory = "gnunet";
};
};
environment.systemPackages = [ cfg.package ];
};
}

82
hosts/soryu/gnunet.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib, stdenv, fetchurl, adns, curlWithGnuTls, gettext, gmp, gnutls, libextractor
, libgcrypt, libgnurl, libidn, libmicrohttpd, libtool, libunistring
, makeWrapper, ncurses, pkg-config, libxml2, sqlite, zlib
, libpulseaudio, libopus, libogg, jansson, libsodium
, postgresqlSupport ? true, postgresql }:
stdenv.mkDerivation rec {
pname = "gnunet";
version = "0.19.4";
src = fetchurl {
url = "mirror://gnu/gnunet/${pname}-${version}.tar.gz";
sha256 = "sha256-AKY99AjVmH9bqaUEQfKncYK9n7MvHjAq5WOslOesAJs=";
};
patches = [
./0001-gnunet-fs-log.patch
];
enableParallelBuilding = true;
nativeBuildInputs = [ pkg-config libtool makeWrapper ];
buildInputs = [
adns curlWithGnuTls gmp gnutls libextractor libgcrypt libgnurl libidn
libmicrohttpd libunistring libxml2 ncurses gettext libsodium
sqlite zlib libpulseaudio libopus libogg jansson
] ++ lib.optional postgresqlSupport postgresql;
configureFlags = ["--enable-logging=verbose"];
preConfigure = ''
# Brute force: since nix-worker chroots don't provide
# /etc/{resolv.conf,hosts}, replace all references to `localhost'
# by their IPv4 equivalent.
find . \( -name \*.c -or -name \*.conf \) | \
xargs sed -ie 's|\<localhost\>|127.0.0.1|g'
# Make sure the tests don't rely on `/tmp', for the sake of chroot
# builds.
find . \( -iname \*test\*.c -or -name \*.conf \) | \
xargs sed -ie "s|/tmp|$TMPDIR|g"
sed -ie 's|@LDFLAGS@|@LDFLAGS@ $(Z_LIBS)|g' \
src/regex/Makefile.in \
src/fs/Makefile.in
'';
# unfortunately, there's still a few failures with impure tests
doCheck = false;
checkPhase = ''
export GNUNET_PREFIX="$out"
export PATH="$out/bin:$PATH"
make -k check
'';
meta = with lib; {
description = "GNU's decentralized anonymous and censorship-resistant P2P framework";
longDescription = ''
GNUnet is a framework for secure peer-to-peer networking that
does not use any centralized or otherwise trusted services. A
first service implemented on top of the networking layer
allows anonymous censorship-resistant file-sharing. Anonymity
is provided by making messages originating from a peer
indistinguishable from messages that the peer is routing. All
peers act as routers and use link-encrypted connections with
stable bandwidth utilization to communicate with each other.
GNUnet uses a simple, excess-based economic model to allocate
resources. Peers in GNUnet monitor each others behavior with
respect to resource usage; peers that contribute to the
network are rewarded with better service.
'';
homepage = "https://gnunet.org/";
license = licenses.agpl3Plus;
maintainers = with maintainers; [ pstn vrthra ];
platforms = platforms.gnu ++ platforms.linux;
changelog = "https://git.gnunet.org/gnunet.git/tree/ChangeLog?h=v${version}";
};
}

53
hosts/soryu/hardware-configuration.nix Normal file
View File

@ -0,0 +1,53 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ea6aa4dc-47bd-499c-8b51-c5d99a5a5a5e";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EE37-4B85";
fsType = "vfat";
};
fileSystems."/mnt/henning" =
{ device = "/dev/disk/by-uuid/0c16a107-fe7a-472e-881d-a28bc305988b";
fsType = "ext4";
};
fileSystems."/mnt/human" =
{ device = "/dev/disk/by-uuid/2d2b84b2-58b4-47a9-b328-cd4984927e48";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/9969ac13-32c6-4f44-a706-cc810fe8339b"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
}

293
hosts/soryu/tahoe.nix Normal file
View File

@ -0,0 +1,293 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.tahoe;
format = pkgs.formats.ini { };
in
{
options.services.tahoe = {
introducers = mkOption {
default = {};
type = with types; attrsOf (submodule {
options = {
settings = mkOption {
type = types.submodule {
freeformType = format.type;
options = {
node.nickname = mkOption {
type = types.str;
description = "The nickname of this Tahoe introducer.";
};
node."tub.port" = mkOption {
default = 3458;
type = types.port;
description = "The port on which the introducer will listen.";
};
node."tub.location" = mkOption {
type = types.nullOr types.str;
description = ''
The external location that the introducer should listen on.
If specified, the port should be included.
'';
};
};
};
description = "Freeform settings for the introducer";
};
package = mkOption {
default = pkgs.tahoe-lafs;
defaultText = literalExpression "pkgs.tahoe-lafs";
type = types.package;
description = "The package to use for the Tahoe LAFS daemon.";
};
};
});
description = lib.mdDoc "The Tahoe introducers.";
};
nodes = mkOption {
default = {};
type = with types; attrsOf (submodule ({name, config, ...}: {
options = {
settings = mkOption {
type = types.submodule {
freeformType = format.type;
options = {
node.nickname = mkOption {
type = types.str;
description = "Value to display in management tools.";
default = name;
};
node."tub.port" = mkOption {
type = types.oneOf [ types.str types.port (types.enum [ "disabled" null ]) ];
description = "A twisted server endpoint specification for receiving connections from other nodes.";
example = "tcp:12345:interface=127.0.0.1";
default = 3457;
};
node."tub.location" = mkOption {
type = types.either types.str (types.enum [ "disabled" null ]);
description = "comma separated connection strings that can be reached publically.";
example = "tcp:mynode.example.com:3457,AUTO";
default = "AUTO";
};
node."web.port" = mkOption {
type = types.nullOr (types.either types.str types.port);
description = "Twisted strport specification for webui and REST-api.";
example = "tcp:3456:interface=127.0.0.1";
default = 3456;
};
client."shares.needed" = mkOption {
type = types.ints.between 1 256;
description = "Default amount of shares needed to reconstruct an uploaded file.";
default = 3;
};
client."shares.total" = mkOption {
type = types.ints.between 1 256;
description = "Default amount of shares a file is split into.";
default = 10;
};
client."shares.happy" = mkOption {
type = types.ints.positive;
description = ''
How spread out should your shares be.
Can be smaller than needed, but not more than amount of servers available.";
'';
default = 7;
};
client."mutable.format" = mkOption {
type = types.enum [ "sdmf" "mdmf" ];
description = ''
What format to save mutable files in.
SDMF is useful when some nodes on your network run an older version of Tahoe-LAFS.
MDMF supports inplace modification and streaming downloads.
'';
default = "sdmf";
};
storage.enabled = mkEnableOption "storage service";
storage.anonymous = mkOption {
type = types.bool;
description = "Whether to expose storage with just the FURL and no other authentication.";
default = true;
};
storage.reserved_space = mkOption {
type = types.str;
description = "The minimum amount of free disk space to keep.";
default = "1G";
};
helper.enabled = mkEnableOption "helper service";
sftpd.enabled = mkEnableOption "sftpd service";
sftpd.port = mkOption {
type = types.nullOr types.str;
description = "A twisted connection string to listen on for the sftpd service.";
example = "tcp:8022:interface=127.0.0.1";
default = null;
};
sftpd.host_pubkey_file = mkOption {
type = types.nullOr types.path;
description = "Path to ssh public key to use for the service.";
default = null;
};
sftpd.host_privkey_file = mkOption {
type = types.nullOr types.path;
description = "Path to ssh private key to use for the service.";
default = null;
};
};
};
description = "freeform options for a normal tahoe-lafs node";
};
client.introducersFile = mkOption {
type = types.nullOr types.path;
description = "Path to a secret file containing introducers, will be placed in private/introducers.yaml";
default = null;
};
client.helperFile = mkOption {
type = types.nullOr types.path;
description = "Secret file containing a furl to use as a helper.";
default = null;
};
sftpd.accountsFile = mkOption {
type = types.nullOr types.path;
description = "Path to the accounts file. Will be copied to private/accounts";
default = null;
};
package = mkOption {
default = pkgs.tahoe-lafs;
defaultText = literalExpression "pkgs.tahoelafs";
type = types.package;
description = lib.mdDoc ''
The package to use for the Tahoe LAFS daemon.
'';
};
};
}));
description = "The Tahoe nodes.";
};
};
config = mkMerge [
(mkIf (cfg.introducers != {}) {
environment = {
etc = flip mapAttrs' cfg.introducers (node: settings:
nameValuePair "tahoe-lafs/introducer-${node}.cfg" {
mode = "0444";
source = format.generate "tahoe-lafs-introducer" settings.settings;
});
# Actually require Tahoe, so that we will have it installed.
systemPackages = flip mapAttrsToList cfg.introducers (node: settings:
settings.package
);
};
systemd.services = flip mapAttrs' cfg.introducers (node: settings:
let
pidfile = "/run/tahoe.introducer-${node}.pid";
# This is a directory, but it has no trailing slash. Tahoe commands
# get antsy when there's a trailing slash.
nodedir = "/var/db/tahoe-lafs/introducer-${node}";
in nameValuePair "tahoe.introducer-${node}" {
description = "Tahoe LAFS node ${node}";
wantedBy = [ "multi-user.target" ];
path = [ settings.package ];
restartTriggers = [
config.environment.etc."tahoe-lafs/introducer-${node}.cfg".source ];
serviceConfig = {
Type = "simple";
PIDFile = pidfile;
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe run). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
ExecStart = ''
${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
'';
};
preStart = ''
if [ ! -d ${lib.escapeShellArg nodedir} ]; then
mkdir -p /var/db/tahoe-lafs
# See https://github.com/NixOS/nixpkgs/issues/25273
tahoe create-introducer \
--hostname="${config.networking.hostName}" \
${lib.escapeShellArg nodedir}
fi
# Tahoe has created a predefined tahoe.cfg which we must now
# scribble over.
# XXX I thought that a symlink would work here, but it doesn't, so
# we must do this on every prestart. Fixes welcome.
# rm ${nodedir}/tahoe.cfg
# ln -s /etc/tahoe-lafs/introducer-${node}.cfg ${nodedir}/tahoe.cfg
cp /etc/tahoe-lafs/introducer-"${node}".cfg ${lib.escapeShellArg nodedir}/tahoe.cfg
'';
});
users.users = flip mapAttrs' cfg.introducers (node: _:
nameValuePair "tahoe.introducer-${node}" {
description = "Tahoe node user for introducer ${node}";
isSystemUser = true;
group = "tahoe.introducer-${node}";
});
users.groups = flip mapAttrs' cfg.nodes (node: _:
nameValuePair "tahoe.introducer-${node}" { });
})
(mkIf (cfg.nodes != {}) {
environment = {
etc = flip mapAttrs' cfg.nodes (node: settings:
nameValuePair "tahoe-lafs/${node}.cfg" {
mode = "0444";
source = let placeholderFile = lib.pipe settings.settings [
(s: lib.recursiveUpdate
(lib.optionalAttrs (settings.client.helperFile != null) { client."helper.furl" = "@CLIENT_HELPER_FURL@"; })
s)
];
in format.generate "tahoe-lafs-node" placeholderFile;
});
# Actually require Tahoe, so that we will have it installed.
# systemPackages = flip mapAttrsToList cfg.nodes (node: settings:
# settings.package
# );
};
systemd.services = flip mapAttrs' cfg.nodes (node: settings:
let
pidfile = "/run/tahoe.${node}.pid";
# This is a directory, but it has no trailing slash. Tahoe commands
# get antsy when there's a trailing slash.
nodedir = "/var/db/tahoe-lafs/${node}";
in nameValuePair "tahoe.${node}" {
description = "Tahoe LAFS node ${node}";
wantedBy = [ "multi-user.target" ];
path = [ settings.package ];
restartTriggers = [
config.environment.etc."tahoe-lafs/${node}.cfg".source ];
serviceConfig = {
Type = "simple";
PIDFile = pidfile;
# Believe it or not, Tahoe is very brittle about the order of
# arguments to $(tahoe run). The node directory must come first,
# and arguments which alter Twisted's behavior come afterwards.
ExecStart = ''
${settings.package}/bin/tahoe run ${lib.escapeShellArg nodedir} --pidfile=${lib.escapeShellArg pidfile}
'';
};
preStart = ''
if [ ! -d ${lib.escapeShellArg nodedir} ]; then
mkdir -p /var/db/tahoe-lafs
tahoe create-node --hostname=localhost ${lib.escapeShellArg nodedir}
fi
cp /etc/tahoe-lafs/${lib.escapeShellArg node}.cfg ${lib.escapeShellArg nodedir}/tahoe.cfg
'' + lib.optionalString (settings.client.helperFile != null) ''
${pkgs.replace-secret}/bin/replace-secret '@CLIENT_HELPER_FURL@' ${settings.client.helperFile} ${lib.escapeShellArg nodedir}/tahoe.cfg
'' + lib.optionalString (settings.client.introducersFile != null) ''
cp "${config.settings.client.introducersFile}" ${lib.escapeShellArg nodedir}/private/introducers.yaml
'' + lib.optionalString (settings.sftpd.accountsFile != null) ''
cp "${config.settings.client.introducersFile}" ${lib.escapeShellArg nodedir}/private/accounts
'';
});
users.users = flip mapAttrs' cfg.nodes (node: _:
nameValuePair "tahoe.${node}" {
description = "Tahoe node user for node ${node}";
isSystemUser = true;
group = "tahoe.${node}";
});
users.groups = flip mapAttrs' cfg.nodes (node: _:
nameValuePair "tahoe.${node}" { });
})
];
}

72
hosts/soryu/wack.nix Normal file
View File

@ -0,0 +1,72 @@
{ config, lib, pkgs, inputs, ... }:
{
networking.firewall.allowedTCPPorts = [ 1337 ];
networking.nat.forwardPorts = [
{
destination = "${config.containers.ireul.hostAddress}:1337";
proto = "tcp";
sourcePort = 1337;
}
];
containers.ireul = {
bindMounts."/wordlists" = {
hostPath = "/mnt/human/wordlists";
isReadOnly = false;
};
privateNetwork = true;
hostAddress = "192.168.10.1";
localAddress = "192.168.10.2";
forwardPorts = [
{ containerPort = 1337;
hostPort = 1337;
protocol = "tcp";
}
];
bindMounts."/dev/dri" = {
hostPath = "/dev/dri";
isReadOnly = false;
};
bindMounts."/dev/kfd" = {
hostPath = "/dev/kfd";
isReadOnly = false;
};
bindMounts."/run/opengl-driver" = {
hostPath = "/run/opengl-driver";
isReadOnly = false;
};
allowedDevices = [
{ node = "/dev/dri/card0"; modifier = "rw"; }
{ node = "/dev/dri/renderD128"; modifier = "rw"; }
{ node = "/dev/kfd"; modifier = "rw"; }
];
config = { config, pkgs, ... }: {
services.openssh.enable = true;
services.openssh.ports = [ 1337 ];
environment.systemPackages = with pkgs; [
hashcat
hashcat-utils
john
kitty.terminfo
];
users.groups.video.members = builtins.attrNames config.users.users;
programs.zsh.enable = true;
imports = [ (inputs.wack-server-conf + /users/default.nix) ];
system.stateVersion = "23.05";
};
};
}