summaryrefslogtreecommitdiff
path: root/Omni/Dev
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2024-11-15 14:55:37 -0500
committerBen Sima <ben@bsima.me>2024-12-21 10:06:49 -0500
commit6513755670892983db88a6633b8c1ea6019c03d1 (patch)
tree44e9eccdb7a3a74ab7e96a8fee7572dd6a78dc73 /Omni/Dev
parentae7b7e0186b5f2e0dcd4d5fac0a71fa264caedc2 (diff)
Re-namespace some stuff to Omni
I was getting confused about what is a product and what is internal infrastructure; I think it is good to keep those things separate. So I moved a bunch of stuff to an Omni namespace, actually most stuff went there. Only things that are explicitly external products are still in the Biz namespace.
Diffstat (limited to 'Omni/Dev')
-rw-r--r--Omni/Dev/Beryllium.nix14
-rw-r--r--Omni/Dev/Beryllium/Configuration.nix115
-rw-r--r--Omni/Dev/Beryllium/Hardware.nix38
-rw-r--r--Omni/Dev/Beryllium/Ollama.nix48
-rw-r--r--Omni/Dev/Dns.nix19
-rw-r--r--Omni/Dev/Guix.nix43
-rw-r--r--Omni/Dev/Hoogle.nix81
-rw-r--r--Omni/Dev/Lithium.nix27
-rw-r--r--Omni/Dev/Lithium/Configuration.nix217
-rw-r--r--Omni/Dev/Lithium/Hardware.nix32
-rw-r--r--Omni/Dev/Networking.nix44
-rw-r--r--Omni/Dev/Vpn.nix33
12 files changed, 711 insertions, 0 deletions
diff --git a/Omni/Dev/Beryllium.nix b/Omni/Dev/Beryllium.nix
new file mode 100644
index 0000000..82374c3
--- /dev/null
+++ b/Omni/Dev/Beryllium.nix
@@ -0,0 +1,14 @@
+{ bild }:
+bild.os {
+ imports = [
+ ../OsBase.nix
+ ../Packages.nix
+ ../Users.nix
+ ./Beryllium/Configuration.nix
+ ./Beryllium/Hardware.nix
+ ./Beryllium/Ollama.nix
+ ./Vpn.nix
+ ];
+ networking.hostName = "beryllium";
+ networking.domain = "beryl.simatime.com";
+}
diff --git a/Omni/Dev/Beryllium/Configuration.nix b/Omni/Dev/Beryllium/Configuration.nix
new file mode 100644
index 0000000..16f4bca
--- /dev/null
+++ b/Omni/Dev/Beryllium/Configuration.nix
@@ -0,0 +1,115 @@
+{ pkgs, ... }:
+
+let ports = import ../../Cloud/Ports.nix;
+in {
+ imports = [ # Include the results of the hardware scan.
+ ./Hardware.nix
+ ];
+
+ # Bootloader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ boot.kernelModules = [ "v4l2loopback" ];
+ boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
+
+ # Enable networking
+ networking.networkmanager.enable = true;
+
+ # Set your time zone.
+ time.timeZone = "America/New_York";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "en_US.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "en_US.UTF-8";
+ LC_IDENTIFICATION = "en_US.UTF-8";
+ LC_MEASUREMENT = "en_US.UTF-8";
+ LC_MONETARY = "en_US.UTF-8";
+ LC_NAME = "en_US.UTF-8";
+ LC_NUMERIC = "en_US.UTF-8";
+ LC_PAPER = "en_US.UTF-8";
+ LC_TELEPHONE = "en_US.UTF-8";
+ LC_TIME = "en_US.UTF-8";
+ };
+
+ # don't auto suspend-to-RAM
+ powerManagement.enable = true;
+
+ # Enable the X11 windowing system.
+ services.xserver.enable = true;
+
+ # Enable the KDE Plasma Desktop Environment.
+ services.xserver.displayManager.gdm.enable = true;
+ services.xserver.desktopManager.gnome.enable = true;
+
+ # Configure keymap in X11
+ services.xserver = {
+ layout = "us";
+ xkbVariant = "";
+ };
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+
+ # Enable sound with pipewire.
+ hardware.pulseaudio.enable = false;
+ security.rtkit.enable = true;
+ services.pipewire = {
+ enable = true;
+ alsa.enable = true;
+ alsa.support32Bit = true;
+ pulse.enable = true;
+ # If you want to use JACK applications, uncomment this
+ jack.enable = true;
+ wireplumber.enable = true;
+ };
+
+ hardware.opengl.enable = true;
+ hardware.opengl.driSupport32Bit = true;
+ services.xserver.videoDrivers = [ "nvidia" ];
+ hardware.nvidia.nvidiaPersistenced = true;
+ hardware.nvidia.modesetting.enable = true;
+ hardware.nvidia.powerManagement.enable = false;
+ hardware.nvidia.powerManagement.finegrained = false;
+ hardware.nvidia.open = true;
+ hardware.nvidia.nvidiaSettings = true;
+
+ hardware.keyboard.zsa.enable = true;
+
+ services.xserver.displayManager.autoLogin.enable = false;
+ services.xserver.displayManager.autoLogin.user = "ben";
+
+ services.clight.enable = true;
+ services.clight.temperature.day = 6500;
+ services.clight.temperature.night = 1800;
+ services.clight.settings.sunrise = "7:00";
+ services.clight.settings.sunset = "17:00";
+ location.latitude = 40.8;
+ location.longitude = -81.52;
+
+ services.eternal-terminal.enable = true;
+
+ environment.systemPackages = with pkgs; [
+ v4l-utils
+ linuxPackages.v4l2loopback
+ nvtop
+ keymapp
+ wally-cli
+ # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+ # wget
+ ];
+
+ systemd.services.NetworkManager-wait-online.enable = false;
+
+ networking.firewall.allowedTCPPorts = [ ports.barrier ];
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "23.05"; # Did you read the comment?
+
+}
diff --git a/Omni/Dev/Beryllium/Hardware.nix b/Omni/Dev/Beryllium/Hardware.nix
new file mode 100644
index 0000000..ecf425c
--- /dev/null
+++ b/Omni/Dev/Beryllium/Hardware.nix
@@ -0,0 +1,38 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+ boot.initrd.availableKernelModules =
+ [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/f96eaa16-d0e2-4230-aece-131ce7b630da";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/A34A-6527";
+ fsType = "vfat";
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp97s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp99s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode =
+ lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/Omni/Dev/Beryllium/Ollama.nix b/Omni/Dev/Beryllium/Ollama.nix
new file mode 100644
index 0000000..35b4fe1
--- /dev/null
+++ b/Omni/Dev/Beryllium/Ollama.nix
@@ -0,0 +1,48 @@
+{ pkgs, ... }:
+/* Ollama API service
+
+ Don't put too much work into this, there's a much better and more complete
+ ollama service (with webui!) being built here:
+ https://github.com/NixOS/nixpkgs/pull/275448
+
+ If you want to spend time on it, spend time over there.
+*/
+let pkg = pkgs.unstable.ollama;
+in {
+
+ systemd.services.ollama = {
+ description = "ollama";
+ after = [ "network.target" ];
+ wantedBy = [ "multi-user.target" ];
+
+ environment = {
+ OLLAMA_HOST = "localhost:11434";
+ # Where to store LLM model files.
+ HOME = "%S/ollama";
+ OLLAMA_MODELS = "%S/ollama/models";
+ OLLAMA_DEBUG = "1";
+ };
+
+ serviceConfig = {
+ ExecStart = "${pkg}/bin/ollama serve";
+ User = "ollama";
+ Group = "ollama";
+ Type = "simple";
+ Restart = "on-failure";
+ RestartSec = 3;
+ # Persistent storage for model files, i.e. /var/lib/<StateDirectory>
+ StateDirectory = [ "ollama" ];
+ };
+ };
+
+ # for administration, make this available to users' PATH
+ environment.systemPackages = [ pkg ];
+
+ users.groups.ollama = { };
+
+ users.users.ollama = {
+ group = "ollama";
+ isSystemUser = true;
+ extraGroups = [ "render" "video" ];
+ };
+}
diff --git a/Omni/Dev/Dns.nix b/Omni/Dev/Dns.nix
new file mode 100644
index 0000000..baf79aa
--- /dev/null
+++ b/Omni/Dev/Dns.nix
@@ -0,0 +1,19 @@
+{ ... }:
+
+{
+ services.bind = {
+ enable = true;
+ forwarders = [ "8.8.8.8" "1.1.1.1" ];
+ cacheNetworks = [ "127.0.0.0/8" "192.168.0.0/24" ];
+ extraConfig = "";
+ extraOptions = ''
+ dnssec-validation auto;
+ '';
+ };
+
+ #networking.extraHosts = ''
+ # 192.168.0.1 router.home
+ # 192.168.0.196 lithium.home
+ #'';
+
+}
diff --git a/Omni/Dev/Guix.nix b/Omni/Dev/Guix.nix
new file mode 100644
index 0000000..0b261fb
--- /dev/null
+++ b/Omni/Dev/Guix.nix
@@ -0,0 +1,43 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.services.guix;
+
+in {
+
+ options.services.guix = {
+ enable = mkEnableOption "GNU Guix package manager";
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.guix-daemon = {
+ description = "Build daemon for GNU Guix";
+
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart =
+ "${pkgs.guix}/bin/guix-daemon --build-users-group=guixbuild";
+ Environment = null;
+ RemainAfterExit = "yes";
+ StandardOutput = "syslog";
+ StandardError = "syslog";
+ TaskMax = "8192";
+ };
+ };
+ users = {
+ extraUsers = lib.attrs.genAttrs (lib.lists.range 1 10) (n: {
+ name = "guixbuilder${n}";
+ isSystemUser = true;
+ extraGroups = [ "guixbuild" ];
+ group = "guixbuild";
+ description = "Guix build user ${n}";
+ });
+ extraGroups = { "guixbuild" = { }; };
+ };
+ };
+}
diff --git a/Omni/Dev/Hoogle.nix b/Omni/Dev/Hoogle.nix
new file mode 100644
index 0000000..213a31c
--- /dev/null
+++ b/Omni/Dev/Hoogle.nix
@@ -0,0 +1,81 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+ cfg = config.services.my-hoogle;
+
+ hoogleEnv = pkgs.buildEnv {
+ name = "hoogle";
+ paths = [ (cfg.haskellPackages.ghcWithHoogle cfg.packages) ];
+ };
+
+in {
+
+ options.services.my-hoogle = {
+ enable = mkEnableOption "Haskell documentation server";
+
+ port = mkOption {
+ type = types.int;
+ default = 8080;
+ description = ''
+ Port number Hoogle will be listening to.
+ '';
+ };
+
+ packages = mkOption {
+ default = _hp: [ ];
+ defaultText = "hp: []";
+ example = "hp: with hp; [ text lens ]";
+ description = ''
+ The Haskell packages to generate documentation for.
+
+ The option value is a function that takes the package set specified in
+ the <varname>haskellPackages</varname> option as its sole parameter and
+ returns a list of packages.
+ '';
+ };
+
+ haskellPackages = mkOption {
+ description = "Which haskell package set to use.";
+ default = pkgs.haskellPackages;
+ defaultText = "pkgs.haskellPackages";
+ };
+
+ home = mkOption {
+ type = types.str;
+ description = "Url for hoogle logo";
+ default = "https://hoogle.haskell.org";
+ };
+
+ host = mkOption {
+ type = types.str;
+ description = "Set the host to bind on.";
+ default = "127.0.0.1";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.services.hoogle = {
+ description = "Haskell documentation server";
+
+ wantedBy = [ "multi-user.target" ];
+
+ serviceConfig = {
+ Restart = "always";
+ ExecStart = "${hoogleEnv}/bin/hoogle server --local --port ${
+ toString cfg.port
+ } --home ${cfg.home} --host ${cfg.host}";
+
+ DynamicUser = true;
+
+ ProtectHome = true;
+
+ RuntimeDirectory = "hoogle";
+ WorkingDirectory = "%t/hoogle";
+ };
+ };
+ };
+
+}
diff --git a/Omni/Dev/Lithium.nix b/Omni/Dev/Lithium.nix
new file mode 100644
index 0000000..567f6e0
--- /dev/null
+++ b/Omni/Dev/Lithium.nix
@@ -0,0 +1,27 @@
+{ bild }:
+# Dev machine for work and building stuff.
+
+bild.os {
+ imports = [
+ ../OsBase.nix
+ ../Packages.nix
+ ../Users.nix
+ ./Lithium/Configuration.nix
+ ./Lithium/Hardware.nix
+ ./Hoogle.nix
+ ./Networking.nix
+ ./Dns.nix
+ ../../Biz/Dragons.nix
+ #./Guix.nix # I need to package a bunch of guile libs first
+ ./Vpn.nix
+ ];
+ networking.hostName = "lithium";
+ networking.domain = "dev.simatime.com";
+ services.dragons = {
+ enable = true;
+ port = 8095;
+ package = bild.run ../../Biz/Dragons.hs;
+ keep = "/var/dragons/keep";
+ depo = "/var/dragons/depo";
+ };
+}
diff --git a/Omni/Dev/Lithium/Configuration.nix b/Omni/Dev/Lithium/Configuration.nix
new file mode 100644
index 0000000..97b00c8
--- /dev/null
+++ b/Omni/Dev/Lithium/Configuration.nix
@@ -0,0 +1,217 @@
+{ lib, pkgs, ... }:
+
+let
+ ghcCompiler = (import ../../Bild/Constants.nix).ghcCompiler;
+ ports = import ../../Cloud/Ports.nix;
+in {
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+ boot.enableContainers = true;
+
+ powerManagement.enable = false;
+
+ time.timeZone = "America/New_York";
+
+ fonts.fonts = with pkgs; [
+ google-fonts
+ mononoki
+ source-code-pro
+ fantasque-sans-mono
+ hack-font
+ fira
+ fira-code
+ fira-code-symbols
+ ];
+
+ environment.systemPackages =
+ [ pkgs.nvtop pkgs.k3s pkgs.wemux pkgs.tmux pkgs.wireguard-tools ];
+
+ hardware = {
+ opengl.enable = true;
+ pulseaudio = {
+ enable = true;
+ extraConfig = ''
+ load-module module-loopback
+ '';
+ };
+ };
+
+ #hardware.nvidia.nvidiaPersistenced = true;
+
+ programs.bash.enableCompletion = true;
+ programs.command-not-found.enable = true;
+ programs.gnupg.agent.enable = true;
+ programs.gnupg.agent.enableSSHSupport = true;
+ programs.mosh.enable = true;
+
+ virtualisation.docker.enable = true;
+ virtualisation.docker.liveRestore = false;
+ virtualisation.libvirtd.enable = false;
+ virtualisation.virtualbox.host.enable = false;
+ virtualisation.virtualbox.host.headless = false;
+ virtualisation.virtualbox.host.addNetworkInterface = false;
+ virtualisation.virtualbox.guest.enable = false;
+
+ services.my-hoogle.enable = true;
+ services.my-hoogle.port = ports.hoogle;
+ services.my-hoogle.home = "//hoogle.simatime.com";
+ services.my-hoogle.packages = pkgset:
+ lib.attrsets.attrVals (import ../../Bild/Deps/Haskell.nix) pkgset;
+ services.my-hoogle.haskellPackages = pkgs.haskell.packages.${ghcCompiler};
+ services.my-hoogle.host = "0.0.0.0";
+
+ services.eternal-terminal.enable = true;
+
+ services.k3s.enable = false;
+ services.k3s.role = "server";
+
+ services.syncthing.enable = true;
+ services.syncthing.guiAddress = "127.0.0.1:${toString ports.syncthing-gui}";
+ services.syncthing.openDefaultPorts = true;
+ services.syncthing.systemService = true;
+
+ services.tor.enable = true;
+ services.tor.client.enable = true;
+ services.tor.relay.role = "bridge";
+ services.tor.settings.ORPort = ports.tor;
+ services.tor.settings.Nickname = "ydeee3q1cjo83tsuqcz";
+ services.tor.settings.AccountingMax = "10 GBytes";
+ services.tor.settings.AccountingStart = "month 1 1:00";
+ services.tor.settings.ContactInfo =
+ "ContactInfo pgp:66A6AD150399D970DCA4C4E6C8218B7D0BFDECCD ciissversion:2";
+
+ services.bitcoind.mainnet.enable = true;
+ services.bitcoind.mainnet.dataDir = "/mnt/campbell/bitcoind-mainnet/data";
+ services.bitcoind.mainnet.configFile =
+ "/mnt/campbell/bitcoind-mainnet/bitcoin.conf";
+ services.bitcoind.mainnet.prune = 10000;
+
+ services.pcscd.enable = true;
+ services.logind.lidSwitch = "ignore";
+ services.logind.extraConfig = "IdleAction=ignore";
+
+ services.deluge.enable = true;
+ services.deluge.openFilesLimit = 10240;
+ services.deluge.web.enable = true;
+
+ services.printing.enable = true;
+
+ services.murmur.enable = true;
+ services.murmur.registerName = "simatime";
+ services.murmur.password = "simatime";
+ services.murmur.port = ports.murmur;
+
+ services.xserver.enable = true;
+ services.xserver.autorun = true;
+ services.xserver.layout = "us";
+ services.xserver.xkbOptions = "caps:ctrl_modifier";
+ services.xserver.videoDrivers = [ "nvidia" ];
+ services.xserver.serverFlagsSection = ''
+ Option "BlankTime" "0"
+ Option "StandbyTime" "0"
+ Option "SuspendTime" "0"
+ Option "OffTime" "0"
+ '';
+ services.xserver.displayManager.sddm.enable = true;
+ services.xserver.displayManager.sddm.enableHidpi = true;
+ # Some of these have conflicting definitions, which might be the source of my
+ # problems with the display. Start here for debugging.
+ #services.xserver.displayManager.session.manage = "desktop";
+ #services.xserver.displayManager.session.name = "home-manager";
+ #services.xserver.displayManager.session.start = ''
+ # ${pkgs.runtimeShell} $HOME/.hm-xsession &
+ # waitPID=$!
+ #'';
+ #services.xserver.desktopManager.kodi.enable = false;
+ #services.xserver.desktopManager.plasma5.enable = false;
+ services.xserver.desktopManager.xterm.enable = true;
+ services.xserver.windowManager.xmonad.enable = true;
+ services.xserver.libinput.enable = true;
+ services.xserver.libinput.touchpad.tapping = true;
+ services.xserver.modules = [ pkgs.xf86_input_wacom ];
+ services.xserver.wacom.enable = true;
+
+ services.jupyter.enable = true;
+ services.jupyter.port = ports.jupyter;
+ services.jupyter.ip = "*";
+ users.users.jupyter.group = "jupyter";
+ users.groups.jupyter = { };
+ services.jupyter.password =
+ "'argon2:$argon2id$v=19$m=10240,t=10,p=8$nvQhgk+htbIYi961YYAf1w$ekpwiTT5L4+OAods0K7EDw'";
+ services.jupyter.kernels.python3 = let
+ env = (pkgs.python3.withPackages (p:
+ with p; [
+ ipykernel
+ pandas
+ scikitlearn
+ numpy
+ matplotlib
+ sympy
+ ipywidgets
+ ]));
+ in {
+ displayName = "py3";
+ argv = [
+ "${env.interpreter}"
+ "-m"
+ "ipykernel_launcher"
+ "-f"
+ "{connection_file}"
+ ];
+ language = "python";
+ # error: must be of type 'null or path'
+ #logo32 = "${env.sitePackages}/ipykernel/resources/logo-32x32.png";
+ #logo64 = "${env.sitePackages}/ipykernel/resources/logo-64x64.png";
+ };
+
+ # previously emby
+ services.jellyfin.enable = true;
+ services.jellyfin.user = "jellyfin";
+ services.jellyfin.group = "jellyfin";
+
+ services.minidlna.enable = true;
+ services.minidlna.settings.notify_interval = 60;
+ services.minidlna.settings.friendly_name = "Sima Media";
+ services.minidlna.settings.media_dir = [
+ "V,/mnt/campbell/ben/youtube"
+ "A,/mnt/campbell/ben/music"
+ "V,/mnt/campbell/ben/torrents/done"
+ ];
+
+ services.vnstat.enable = true;
+
+ documentation.enable = true;
+ documentation.dev.enable = true;
+ documentation.doc.enable = true;
+ documentation.info.enable = true;
+ documentation.man.enable = true;
+ documentation.nixos.enable = true;
+
+ nix.settings.auto-optimise-store = true;
+ nix.settings.cores = 0; # use all available cores
+ # Since this is the dev machine, we can turn these on at the expense
+ # of extra disk space.
+ nix.extraOptions = ''
+ keep-outputs = true
+ keep-derivations = true
+ '';
+ # 1 job * 2 cores = 2 maximum cores used at any one time
+ nix.settings.max-jobs = 1;
+ nix.sshServe.enable = true;
+ nix.sshServe.keys = lib.trivial.pipe ../../Keys/Ben.pub [
+ builtins.readFile
+ (lib.strings.splitString "\n")
+ (lib.filter (s: s != ""))
+ ];
+ nix.settings.trusted-users = [ "root" "ben" ];
+
+ # This value determines the NixOS release with which your system is to be
+ # compatible, in order to avoid breaking some software such as database
+ # servers. You should change this only after NixOS release notes say you
+ # should.
+ system.stateVersion = "20.09"; # Did you read the comment?
+
+ # TODO: is this still necessary? Check nixpkgs upstream
+ users.users.jupyter.isSystemUser = true;
+}
diff --git a/Omni/Dev/Lithium/Hardware.nix b/Omni/Dev/Lithium/Hardware.nix
new file mode 100644
index 0000000..54c07f5
--- /dev/null
+++ b/Omni/Dev/Lithium/Hardware.nix
@@ -0,0 +1,32 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ lib, modulesPath, ... }:
+
+{
+ imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+
+ boot.initrd.availableKernelModules =
+ [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/f08dd8f9-787c-4e2a-a0cc-7019edc2ce2b";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/C67C-D7B5";
+ fsType = "vfat";
+ };
+
+ fileSystems."/mnt/campbell" = {
+ device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7";
+ fsType = "ext4";
+ };
+
+ swapDevices = [ ];
+
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}
diff --git a/Omni/Dev/Networking.nix b/Omni/Dev/Networking.nix
new file mode 100644
index 0000000..c89add7
--- /dev/null
+++ b/Omni/Dev/Networking.nix
@@ -0,0 +1,44 @@
+{ ... }:
+
+let ports = import ../Cloud/Ports.nix;
+in {
+ networking = {
+ nameservers = [ "1.1.1.1" ];
+ hostName = "lithium";
+ hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; };
+
+ firewall = {
+ allowedTCPPorts = [
+ ports.bitcoind
+ ports.bitcoind-rpc
+ ports.delugeWeb
+ ports.et
+ ports.gemini
+ ports.git
+ ports.http
+ ports.https
+ ports.jellyfin
+ ports.jupyter
+ ports.k3s
+ ports.mpd
+ ports.mpd-stream
+ ports.murmur
+ ports.radicale
+ ports.sabten
+ ports.ssh
+ ports.stableDiffusion
+ ports.tor
+ ];
+ allowedTCPPortRanges = [ ports.torrents ports.httpdev ];
+ allowedUDPPorts = [ ports.dns ports.et ports.murmur ];
+ allowedUDPPortRanges = [ ports.torrents ];
+ };
+
+ # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+ # Per-interface useDHCP will be mandatory in the future, so this generated config
+ # replicates the default behaviour.
+ useDHCP = false;
+ interfaces.enp2s0.useDHCP = true;
+ };
+
+}
diff --git a/Omni/Dev/Vpn.nix b/Omni/Dev/Vpn.nix
new file mode 100644
index 0000000..9b791b7
--- /dev/null
+++ b/Omni/Dev/Vpn.nix
@@ -0,0 +1,33 @@
+{ config, ... }:
+
+let
+ ports = import ../Cloud/Ports.nix;
+ domain = "headscale.simatime.com";
+in {
+ services.headscale = {
+ enable = true;
+ address = "0.0.0.0";
+ port = ports.headscale;
+ settings = { dns.base_domain = "simatime.com"; };
+ };
+
+ services.nginx.virtualHosts.${domain} = {
+ forceSSL = true;
+ enableAcme = true;
+ locations."/" = {
+ proxyPass = "http://localhost:${toString ports.headscale}";
+ proxyWebsockets = true;
+ };
+ };
+
+ environment.systemPackages = [ config.services.headscale.package ];
+
+ services.tailscale.enable = true;
+
+ networking.firewall = {
+ checkReversePath = "loose";
+ trustedInterfaces = [ "tailscale0" ];
+ allowedUDPPorts = [ config.services.tailscale.port ];
+ };
+
+}