Misc updates

2025-03-31 22:33:40 -07:00 · 2025-03-31 22:33:40 -07:00 · f51256c3ae
commit f51256c3ae
parent 0b5ca6d22c
5 changed files with 127 additions and 288 deletions
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ./zfs.nix
@ -62,7 +63,10 @@
    system.zfs.enable = true;
    system.monitoring.enable = true;

-    user.extraGroups = ["dialout" "libvirtd"];
+    user.extraGroups = [
+      "dialout"
+      "libvirtd"
+    ];
  };

  services.udev.packages = [
@ -110,12 +114,18 @@

  programs.virt-manager.enable = true;

-  boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
+  boot.binfmt.emulatedSystems = [
+    "aarch64-linux"
+    "armv6l-linux"
+  ];
  networking = {
    hostName = "gospel";
-    useDHCP = false;
    defaultGateway = "192.168.113.1";
-    nameservers = ["192.168.113.13" "1.1.1.1"];
+    networkmanager.enable = true;
+    nameservers = [
+      "192.168.113.1"
+      "1.1.1.1"
+    ];
    interfaces.eno1.ipv4.addresses = [
      {
        address = "192.168.113.69"; # nice
@ -123,6 +133,11 @@
      }
    ];
  };
+  programs.winbox = {
+    enable = true;
+    openFirewall = true;
+  };
+  programs.nm-applet.enable = true;

  time.timeZone = "America/Los_Angeles";

--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@ -3,7 +3,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ./zfs.nix
@ -24,10 +25,6 @@
      configureServerRouting = true;
    };
    services.openssh.enable = true;
-    services.adguardhome = {
-      enable = true;
-      acmeCertName = "kilonull.com";
-    };
    services.nextcloud = {
      enable = true;
      acmeCertName = "kilonull.com";
@ -75,32 +72,16 @@
    apps.yubikey.enable = true;
  };

-  # Rewrite specific to this machine (didn't want to put this in my adguardhome
-  # module incase I want to reuse it for something else later)
-  services.adguardhome.settings.filtering.rewrites = [
-    {
-      domain = "octoprint.kilonull.com";
-      answer = "192.168.113.42";
-    }
-    {
-      domain = "hydra.kilonull.com";
-      answer = "192.168.113.69";
-    }
-    {
-      domain = "cache.kilonull.com";
-      answer = "192.168.113.69";
-    }
-    {
-      domain = "*.kilonull.com";
-      answer = "192.168.113.13";
-    }
-  ];
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+  };

  security.pam.sshAgentAuth = {
    enable = true;
    # Addresses issue 31611
    # See: https://github.com/NixOS/nixpkgs/issues/31611
-    authorizedKeysFiles = lib.mkForce ["/etc/ssh/authorized_keys.d/%u"];
+    authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
  };
  security.pam.services.${config.aa.user.name}.sshAgentAuth = true;

@ -115,7 +96,10 @@
    hostName = "node";
    useDHCP = false;
    defaultGateway = "192.168.113.1";
-    nameservers = ["127.0.0.1" "1.1.1.1"];
+    nameservers = [
+      "192.168.113.1"
+      "1.1.1.1"
+    ];
    interfaces.enp7s0.ipv4.addresses = [
      {
        address = "192.168.113.13";
@ -124,20 +108,6 @@
    ];
  };

-  # Running own DNS resolver on same system. This prevents DNS issues with ACME
-  systemd.services = let
-    dependency = ["adguardhome.service"];
-  in
-    lib.mapAttrs'
-    (name: _:
-      lib.nameValuePair "acme-${name}" {
-        after = dependency;
-        preStart = ''
-          sleep 10
-        '';
-      })
-    config.security.acme.certs;
-
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [